merge r23302:23471 of trunk into gssextras

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/gssextras-no-cqa@23472 dc483132-0cff-0310-8789-dd5450dbe970
author: Luke Howard <lukeh@padl.com> 2009-12-15 19:42:52 +0000
committer: Luke Howard <lukeh@padl.com> 2009-12-15 19:42:52 +0000
commit: 11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75 (patch)
tree: 27aa0e9a0aa5e243db83011e79fc1d3b95cb5f29
parent: 85ac294e4d1b435790acdb73f4465e2999cce892 (diff)
download: krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.zip
krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.tar.gz
krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.tar.bz2
894 files changed, 43255 insertions, 115618 deletions
diff --git a/doc/Makefile b/doc/Makefile
index cfa02c5..8572ff5 100644
--- a/doc/Makefile
+++ b/doc/Makefile
@@ -21,7 +21,7 @@ INSTALL_INCLUDES=definitions.texinfo copyright.texinfo document-list.texinfo \
 	krb5conf.texinfo kdcconf.texinfo send-pr.texinfo
 INSTALL_DEPS=install.texinfo $(INSTALL_INCLUDES)
 
-MANPAGES=$(SRCDIR)/appl/gssftp/ftp/ftp.M $(SRCDIR)/clients/kdestroy/kdestroy.M $(SRCDIR)/clients/kinit/kinit.M $(SRCDIR)/clients/klist/klist.M $(SRCDIR)/clients/ksu/ksu.M $(SRCDIR)/appl/bsd/rcp.M $(SRCDIR)/appl/bsd/rlogin.M $(SRCDIR)/appl/bsd/rsh.M $(SRCDIR)/appl/telnet/telnet/telnet.1 $(SRCDIR)/clients/kpasswd/kpasswd.M
+MANPAGES=$(SRCDIR)/clients/kdestroy/kdestroy.M $(SRCDIR)/clients/kinit/kinit.M $(SRCDIR)/clients/klist/klist.M $(SRCDIR)/clients/ksu/ksu.M $(SRCDIR)/clients/kpasswd/kpasswd.M
 
 USER_GUIDE_INCLUDES=definitions.texinfo copyright.texinfo glossary.texinfo
 USER_GUIDE_DEPS=user-guide.texinfo $(USER_GUIDE_INCLUDES)
@@ -103,15 +103,10 @@ krb5-user.info: $(USER_GUIDE_DEPS)
 user-guide-html:: user-guide.html
 
 user-guide.html: $(USER_GUIDE_DEPS)
-	$(MANTXT) $(SRCDIR)/appl/gssftp/ftp/ftp.M | $(MANHTML) > ftp.html
 	$(MANTXT) $(SRCDIR)/clients/kdestroy/kdestroy.M | $(MANHTML) > kdestroy.html
 	$(MANTXT) $(SRCDIR)/clients/kinit/kinit.M | $(MANHTML) > kinit.html
 	$(MANTXT) $(SRCDIR)/clients/klist/klist.M | $(MANHTML) > klist.html
 	$(MANTXT) $(SRCDIR)/clients/ksu/ksu.M | $(MANHTML) > ksu.html
-	$(MANTXT) $(SRCDIR)/appl/bsd/rcp.M | $(MANHTML) > rcp.html
-	$(MANTXT) $(SRCDIR)/appl/bsd/rlogin.M | $(MANHTML) > rlogin.html
-	$(MANTXT) $(SRCDIR)/appl/bsd/rsh.M | $(MANHTML) > rsh.html
-	$(MANTXT) $(SRCDIR)/appl/telnet/telnet/telnet.1 | $(MANHTML) > telnet.html
 	$(MANTXT) $(SRCDIR)/clients/kpasswd/kpasswd.M | $(MANHTML) > kpasswd.html
 	$(HTML) user-guide.texinfo		
 
diff --git a/doc/build.texinfo b/doc/build.texinfo
index 8bf0815..2b23fca 100644
--- a/doc/build.texinfo
+++ b/doc/build.texinfo
@@ -73,15 +73,10 @@ source code for building @value{PRODUCT} on Windows (see windows/README)
 @node The appl Directory, The clients Directory, Organization of the Source Directory, Organization of the Source Directory
 @subsection The appl Directory
 
-The Kerberos release provides certain UNIX utilities, modified to use
-Kerberos authentication.  In the @i{appl/bsd} directory are the
-Berkeley utilities @i{login}, @i{rlogin}, @i{rsh}, and @i{rcp}, as well as
-the associated daemons @i{kshd} and @i{klogind}.  The @i{login} program
-obtains ticket-granting tickets for users upon login; the other utilities
-provide authenticated Unix network services.
-
-The @i{appl} directory also contains Kerberized telnet and ftp programs,
-as well as sample Kerberos application client and server programs.
+The @i{appl} directory contains sample Kerberos application client and
+server programs.  In previous releases, it contained Kerberized versions
+of remote access daemons, but those have now been moved to a separate
+project.
 
 @node The clients Directory, The gen-manpages Directory, The appl Directory, Organization of the Source Directory
 @subsection The clients Directory
@@ -397,12 +392,13 @@ tell it the location of the Tcl configuration script.  (See
 @xref{Options to Configure}.)
 
 @item
-You have to run @samp{make install} before running @samp{make check}, or
-the test suite will often pick up the installed version of Kerberos
-rather than the newly built one.  You can install into a prefix that
-isn't in the system library search path, though.  This theoretically
-could be fixed with the appropriate environment variable magic in the
-test suite, but hasn't been yet.
+On some operating systems, you have to run @samp{make install} before
+running @samp{make check}, or the test suite will pick up installed
+versions of Kerberos libraries rather than the newly built ones.  You
+can install into a prefix that isn't in the system library search path,
+though.  Alternatively, you can configure with @code{--disable-rpath},
+which renders the build tree less suitable for installation, but allows
+testing without interference from previously installed libraries.
 
 @item
 In order to test the RPC layer, the local system has to be running the
@@ -425,26 +421,6 @@ client/server activities.
 
 DejaGnu may be found wherever GNU software is archived.  
 
-Most of the tests are setup to run as a non-privileged user.  For some
-of the krb-root tests to work properly, either (a) the user running the
-tests must not have a .k5login file in the home directory or (b) the
-.k5login file must contain an entry for @code{<username>@@KRBTEST.COM}.
-There are two series of tests (@samp{rlogind} and @samp{telnetd}) which
-require the ability to @samp{rlogin} as root to the local
-machine. Admittedly, this does require the use of a @file{.rhosts} file
-or some authenticated means. @footnote{If you are fortunate enough to
-have a previous version of Kerberos V5 or V4 installed, and the Kerberos
-rlogin is first in your path, you can setup @file{.k5login} or
-@file{.klogin} respectively to allow you access.}
-
-If you cannot obtain root access to your machine, all the other tests
-will still run. Note however, with DejaGnu 1.2, the "untested testcases"
-will cause the testsuite to exit with a non-zero exit status which
-@samp{make} will consider a failure of the testing process. Do not worry
-about this, as these tests are the last run when @samp{make check} is
-executed from the top level of the build tree.  This problem does not
-exist with DejaGnu 1.3.
-
 @node The KADM5 Tests,  , The DejaGnu Tests, Testing the Build
 @subsection The KADM5 Tests
 
diff --git a/doc/install.texinfo b/doc/install.texinfo
index f9c682f..870f525 100644
--- a/doc/install.texinfo
+++ b/doc/install.texinfo
@@ -740,23 +740,15 @@ host/@value{KDCSLAVE2}.@value{PRIMARYDOMAIN}@@@value{PRIMARYREALM}
 @end smallexample
  
 @need 1000
-Then, add the following lines to @code{/etc/inetd.conf} file on each KDC
-(the line beginnng with @result{} is a continuation of the previous
-line):
+Then, add the following line to @code{/etc/inetd.conf} file on each KDC:
 
 @smallexample
 @group
 krb5_prop stream tcp nowait root @value{ROOTDIR}/sbin/kpropd kpropd
-eklogin   stream tcp nowait root @value{ROOTDIR}/sbin/klogind 
-@result{} klogind -k -c -e
 @end group
 @end smallexample
 
 @noindent
-The first line sets up the @code{kpropd} database propagation daemon.
-The second line sets up the @code{eklogin} daemon, allowing
-Kerberos-authenticated, encrypted rlogin to the KDC.
-
 You also need to add the following lines to @code{/etc/services} on each
 KDC:
 
@@ -767,7 +759,6 @@ kerberos        88/tcp      kdc       # Kerberos authentication (tcp)
 krb5_prop       754/tcp               # Kerberos slave propagation
 kerberos-adm    749/tcp               # Kerberos 5 admin/changepw (tcp)
 kerberos-adm    749/udp               # Kerberos 5 admin/changepw (udp)
-eklogin         2105/tcp              # Kerberos encrypted rlogin
 @end group
 @end smallexample
 
@@ -908,46 +899,6 @@ server, Web server, or even just a client machine, someone who obtained
 root access through a security hole in any of those areas could gain
 access to the Kerberos database.
 
-@need 4700
-@value{COMPANY} recommends that your KDCs use the following
-@code{/etc/inetd.conf} file.  (Note:  each line beginning with @result{}
-is a continuation of the previous line.):
-
-@smallexample
-@group
-#
-# Configuration file for inetd(1M).  See inetd.conf(4).
-#
-# To re-configure the running inetd process, edit this file, then
-# send the inetd process a SIGHUP.
-#
-# Syntax for socket-based Internet services:
-#  <service_name> <socket_type> <proto> <flags> <user> 
-@result{} <server_pathname> <args>
-#
-# Syntax for TLI-based Internet services:
-#
-#  <service_name> tli <proto> <flags> <user> <server_pathname> <args>
-#
-# Ftp and telnet are standard Internet services.
-#
-# This machine is a secure Kerberos Key Distribution Center (KDC).  
-# Services are limited.
-#
-#
-# Time service is used for clock synchronization.
-#
-time    stream  tcp     nowait  root    internal
-time    dgram   udp     wait    root    internal
-#
-# Limited Kerberos services
-#
-krb5_prop stream tcp nowait root @value{ROOTDIR}/sbin/kpropd  kpropd
-eklogin   stream tcp nowait root @value{ROOTDIR}/sbin/klogind 
-@result{} klogind -5 -c -e
-@end group
-@end smallexample
-
 @node Switching Master and Slave KDCs, Incremental Database Propagation, Limit Access to the KDCs, Installing KDCs
 @subsection Switching Master and Slave KDCs
 
@@ -1140,17 +1091,9 @@ installation of the KDCs.
 @node Client Programs, Client Machine Configuration Files, Installing and Configuring UNIX Client Machines, Installing and Configuring UNIX Client Machines
 @subsection Client Programs
 
-The Kerberized client programs are @code{login.krb5}, @code{rlogin},
-@code{telnet}, @code{ftp}, @code{rcp}, @code{rsh}, @code{kinit},
-@code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ksu}, and
-@code{krb524init}.  All of these programs are in the directory
-@code{@value{ROOTDIR}/bin}, except for @code{login.krb5} which is in
-@code{@value{ROOTDIR}/sbin}.
-
-You will probably want to have your users put @code{@value{ROOTDIR}/bin}
-ahead of @code{/bin} and @code{/usr/bin} in their paths, so they will by
-default get the @value{PRODUCT} versions of @code{rlogin},
-@code{telnet}, @code{ftp}, @code{rcp}, and @code{rsh}.
+The Kerberized client programs are @code{kinit}, @code{klist},
+@code{kdestroy}, @code{kpasswd}, and @code{ksu}.  All of these programs
+are in the directory @code{@value{ROOTDIR}/bin}.
 
 @value{COMPANY} recommends that you use @code{login.krb5} in place of
 @code{/bin/login} to give your users a single-sign-on system.  You will
@@ -1158,14 +1101,9 @@ need to make sure your users know to use their Kerberos passwords when
 they log in.
 
 You will also need to educate your users to use the ticket management
-programs @code{kinit},
-@c @code{krb524init}, 
-@code{klist}, @code{kdestroy}, and to use the Kerberos programs
-@c @code{pfrom},
-@code{ksu}, and @code{kpasswd} in place of their non-Kerberos
-counterparts
-@c @code{from}
-@code{su}, @code{passwd}, and @code{rdist}.
+programs @code{kinit}, @code{klist}, @code{kdestroy}, and to use the
+Kerberos programs @code{ksu} and @code{kpasswd} in place of their
+non-Kerberos counterparts @code{su} and @code{passwd}.
 
 @node Client Machine Configuration Files,  , Client Programs, Installing and Configuring UNIX Client Machines
 @subsection Client Machine Configuration Files
@@ -1183,13 +1121,9 @@ to just insert the following code:
 @group
 kerberos      @value{DefaultPort}/udp    kdc    # Kerberos V5 KDC
 kerberos      @value{DefaultPort}/tcp    kdc    # Kerberos V5 KDC
-klogin        @value{DefaultKloginPort}/tcp          # Kerberos authenticated rlogin
-kshell        @value{DefaultKshellPort}/tcp   cmd    # and remote shell
 kerberos-adm  @value{DefaultKadmindPort}/tcp          # Kerberos 5 admin/changepw
 kerberos-adm  @value{DefaultKadmindPort}/udp          # Kerberos 5 admin/changepw
 krb5_prop     @value{DefaultKrbPropPort}/tcp          # Kerberos slave propagation
-@c kpop          1109/tcp         # Pop with Kerberos
-eklogin       @value{DefaultEkloginPort}/tcp         # Kerberos auth. & encrypted rlogin
 krb524        @value{DefaultKrb524Port}/tcp         # Kerberos 5 to 4 ticket translator
 @end group
 @end smallexample
@@ -1299,77 +1233,11 @@ installed, you can run an insecure server, and still take advantage of
 @value{PRODUCT}'s single sign-on capability.
 
 @menu
-* Server Programs::             
-* Server Configuration Files::  
 * The Keytab File::             
 * Some Advice about Secure Hosts::  
 @end menu
 
-@node Server Programs, Server Configuration Files, UNIX Application Servers, UNIX Application Servers
-@subsection Server Programs
-
-Just as @value{PRODUCT} provided its own Kerberos-enhanced versions of
-client UNIX network programs, @value{PRODUCT} also provides
-Kerberos-enhanced versions of server UNIX network daemons.  These are
-@code{ftpd}, @code{klogind}, @code{kshd}, and @code{telnetd}.
-@c @code{popper}, 
-These programs are installed in the directory
-@code{@value{ROOTDIR}/sbin}.  You may want to add this directory to
-root's path.
-
-@node Server Configuration Files, The Keytab File, Server Programs, UNIX Application Servers
-@subsection Server Configuration Files
-
-For a @emph{secure} server, make the following changes to
-@code{/etc/inetd.conf}:
-
-Find and comment out any lines for the services @code{ftp},
-@code{telnet}, @code{shell}, @code{login}, and @code{exec}.
-
-@need 1800
-Add the following lines.  (Note:  each line beginning with @result{} is
-a continuation of the previous line.)
-
-@smallexample
-@group
-klogin  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/klogind
-@result{} klogind -k -c
-eklogin stream  tcp  nowait  root  @value{ROOTDIR}/sbin/klogind
-@result{} klogind -k -c -e
-kshell  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/kshd
-@result{} kshd -k -c -A
-ftp     stream  tcp  nowait  root  @value{ROOTDIR}/sbin/ftpd
-@result{} ftpd -a
-telnet  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/telnetd
-@result{} telnetd -a valid
-@end group
-@end smallexample
-
-For an @emph{insecure} server, make the following changes instead to
-@code{/etc/inetd.conf}:
-
-@need 1800
-Find and comment out any lines for the services @code{ftp} and
-@code{telnet}.
-
-Add the following lines.  (Note:  each line beginning with @result{} is
-a continuation of the previous line.)
-@smallexample
-@group
-klogin  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/klogind
-@result{} klogind -k -c
-eklogin stream  tcp  nowait  root  @value{ROOTDIR}/sbin/klogind
-@result{} klogind -k -c -e
-kshell  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/kshd
-@result{} kshd -k -c -A
-ftp     stream  tcp  nowait  root  @value{ROOTDIR}/sbin/ftpd
-@result{} ftpd
-telnet  stream  tcp  nowait  root  @value{ROOTDIR}/sbin/telnetd
-@result{} telnetd -a none
-@end group
-@end smallexample
-
-@node The Keytab File, Some Advice about Secure Hosts, Server Configuration Files, UNIX Application Servers
+@node The Keytab File, Some Advice about Secure Hosts, UNIX Application Servers, UNIX Application Servers
 @subsection The Keytab File
 
 All Kerberos server machines need a @dfn{keytab} file, called
@@ -1419,9 +1287,7 @@ kadmin5:} quit
 
 If you generate the keytab file on another host, you need to get a copy
 of the keytab file onto the destination host (@code{trillium}, in the
-above example) without sending it unencrypted over the network.  If you
-have installed the @value{PRODUCT} client programs, you can use
-encrypted @code{rcp}.
+above example) without sending it unencrypted over the network.
 
 @node Some Advice about Secure Hosts,  , The Keytab File, UNIX Application Servers
 @subsection Some Advice about Secure Hosts
@@ -1433,21 +1299,12 @@ to try to include an exhaustive list of countermeasures for every
 possible attack, but it is worth noting some of the larger holes and how
 to close them.
 
-As stated earlier in this section, @value{COMPANY} recommends that on a
-secure host, you disable the standard @code{ftp}, @code{login},
-@code{telnet}, @code{shell}, and @code{exec} services in
-@code{/etc/inetd.conf}.  We also recommend that secure hosts have an empty
-@code{/etc/hosts.equiv} file and that there not be a @code{.rhosts} file
-in @code{root}'s home directory.  You can grant Kerberos-authenticated
-root access to specific Kerberos principals by placing those principals
-in the file @code{.k5login} in root's home directory.
-
 We recommend that backups of secure machines exclude the keytab file
 (@code{/etc/krb5.keytab}).  If this is not possible, the backups should
 at least be done locally, rather than over a network, and the backup
 tapes should be physically secured.
 
-Finally, the keytab file and any programs run by root, including the
+The keytab file and any programs run by root, including the
 @value{PRODUCT} binaries, should be kept on local disk.  The keytab file
 should be readable only by root.
 
diff --git a/src/Makefile.in b/src/Makefile.in
index 639243e..5818aa8 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -1,7 +1,5 @@
 datadir=@datadir@
 
-thisconfigdir=.
-myfulldir=.
 mydir=.
 # Don't build sample by default, and definitely don't install them
 # for production use:
@@ -39,7 +37,7 @@ update-autoconf-h:
 
 ##DOS##!if 0
 # This makefile doesn't use lib.in, but we still need shlib.conf here.
-config.status: $(SRCTOP)/config/shlib.conf
+config.status: $(top_srcdir)/config/shlib.conf
 ##DOS##!endif
 
 all-windows:: maybe-awk Makefile-windows
@@ -616,8 +614,8 @@ install-unix::
 		$(DESTDIR)$(CLIENT_BINDIR)/krb5-config
 	$(INSTALL_DATA) $(srcdir)/krb5-config.M $(DESTDIR)$(CLIENT_MANDIR)/krb5-config.1
 
-krb5-config: $(srcdir)/krb5-config.in $(thisconfigdir)/config.status
-	cd $(thisconfigdir) && $(SHELL) config.status krb5-config
+krb5-config: $(srcdir)/krb5-config.in config.status
+	$(SHELL) config.status krb5-config
 
 # Test to ensure that krb5-config does not spit out things like
 # $(PURE) or $(LDFLAGS) in case someone changes config/shlib.conf
@@ -642,7 +640,7 @@ COV_ANALYSES=
 COV_TEMPDIR=	cov-temp
 # Sources modeling some functions or macros confusing Prevent.
 COV_MODELS=\
-	$(SRCTOP)/util/coverity-models/threads.c
+	$(top_srcdir)/util/coverity-models/threads.c
 
 # Depend on Makefiles to ensure that (in maintainer mode) the configure
 # scripts won't get rerun under cov-build.
@@ -661,20 +659,28 @@ EMACS = emacs
 PYTHON = python
 
 INDENTDIRS = \
+	appl \
 	clients \
 	include \
 	kadmin \
 	kdc \
+	lib/apputils \
+	lib/crypto \
+	lib/gssapi \
 	lib/kadm5 \
 	lib/kdb \
 	lib/krb5 \
+	plugins \
 	prototype \
-	slave
+	slave \
+	tests \
+	util
 
 BSDFILES = \
 	kadmin/cli/strftime.c \
 	kadmin/server/ipropd_svc.c \
 	kadmin/server/kadm_rpc_svc.c \
+	lib/apputils/daemon.c \
 	lib/kadm5/admin_xdr.h \
 	lib/kadm5/clnt/client_rpc.c \
 	lib/kadm5/kadm_rpc.h \
@@ -682,19 +688,54 @@ BSDFILES = \
 	lib/kadm5/srv/adb_xdr.c \
 	lib/krb5/krb/strftime.c \
 	lib/krb5/krb/strptime.c \
-	slave/kpropd_rpc.c
+	slave/kpropd_rpc.c \
+	util/support/mkstemp.c \
+	util/support/strlcpy.c \
+	util/windows/getopt.c \
+	util/windows/getopt.h \
+	util/windows/getopt_long.c
 
 OTHEREXCLUDES = \
 	include/iprop.h \
 	include/k5-platform.h \
 	include/gssrpc \
+	lib/apputils/dummy.c \
+	lib/crypto/builtin/aes \
+	lib/gssapi/generic/gssapiP_generic.h \
+	lib/gssapi/generic/gssapi_ext.h \
+	lib/gssapi/krb5/gssapiP_krb5.h \
+	lib/gssapi/mechglue \
+	lib/gssapi/spnego \
 	lib/krb5/krb/deltat.c \
-	lib/krb5/unicode
+	lib/krb5/unicode \
+	plugins/kdb/db2/libdb2 \
+	plugins/kdb/db2/pol_xdr.c \
+	plugins/kdb/hdb/hdb.h \
+	plugins/kdb/hdb/hdb_asn1.h \
+	plugins/kdb/hdb/hdb_err.h \
+	plugins/kdb/hdb/windc_plugin.h \
+	plugins/kdb/ldap/libkdb_ldap/princ_xdr.c \
+	plugins/kdb/ldap/libkdb_ldap/princ_xdr.h \
+	plugins/preauth/pkinit/pkcs11.h \
+	plugins/preauth/pkinit/pkinit_accessor.h \
+	plugins/preauth/pkinit/pkinit_crypto.h \
+	plugins/preauth/pkinit/pkinit.h \
+	plugins/preauth/pkinit/pkinit_crypto_openssl.h \
+	tests/asn.1/ktest.h \
+	tests/asn.1/ktest_equal.h \
+	tests/asn.1/utility.h \
+	tests/gss-threads/gss-misc.c \
+	tests/gss-threads/gss-misc.h \
+	tests/hammer/kdc5_hammer.c \
+	util/et/com_err.h \
+	util/profile/prof_int.h \
+	util/profile/profile.hin \
+	util/profile/profile_tcl.c
 
 EXCLUDES = `for i in $(BSDFILES) $(OTHEREXCLUDES); do echo $$i; done | $(AWK) '{ print "-path", $$1, "-o" }'` -path /dev/null
 
 reindent::
-	(cd $(SRCTOP) && \
+	(cd $(top_srcdir) && \
 	$(FIND) . \
 	\( -name '*.[ch]' -o -name '*.hin' -o -name '*.[ch].in' \) \
 	-print0 | $(XARGS) -0 $(EMACS) -q -batch \
@@ -704,12 +745,12 @@ reindent::
 mark-cstyle:: mark-cstyle-krb5 mark-cstyle-bsd
 
 mark-cstyle-krb5::
-	(cd $(SRCTOP) && \
+	(cd $(top_srcdir) && \
 	$(FIND) $(INDENTDIRS) \( $(EXCLUDES) \) -prune -o \
 	-name '*.[ch]' \
 	-print0 | $(XARGS) -0 $(PYTHON) util/krb5-mark-cstyle.py \
 	--cstyle=krb5)
 
 mark-cstyle-bsd::
-	(cd $(SRCTOP) && $(FIND) $(BSDFILES) -print0 | $(XARGS) -0 \
+	(cd $(top_srcdir) && $(FIND) $(BSDFILES) -print0 | $(XARGS) -0 \
 	$(PYTHON) util/krb5-mark-cstyle.py --cstyle=bsd)
diff --git a/src/aclocal.m4 b/src/aclocal.m4
index 27a5079..a9725fc 100644
--- a/src/aclocal.m4
+++ b/src/aclocal.m4
@@ -456,50 +456,6 @@ if test $krb5_cv_inet6 = yes || test "$krb5_cv_inet6_with_dinet6" = yes; then
 fi
 ])dnl
 dnl
-dnl Generic File existence tests
-dnl 
-dnl K5_AC_CHECK_FILE(FILE, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]])
-dnl
-AC_DEFUN(K5_AC_CHECK_FILE,
-[AC_REQUIRE([AC_PROG_CC])dnl
-dnl Do the transliteration at runtime so arg 1 can be a shell variable.
-ac_safe=`echo "$1" | sed 'y%./+-%__p_%'`
-AC_MSG_CHECKING([for $1])
-AC_CACHE_VAL(ac_cv_file_$ac_safe,
-[if test "$cross_compiling" = yes; then
-  errprint(__file__:__line__: warning: Cannot check for file existence when cross compiling
-)dnl
-  AC_MSG_ERROR(Cannot check for file existence when cross compiling)
-else
-  if test -r $1; then
-    eval "ac_cv_file_$ac_safe=yes"
-  else
-    eval "ac_cv_file_$ac_safe=no"
-  fi
-fi])dnl
-if eval "test \"`echo '$ac_cv_file_'$ac_safe`\" = yes"; then
-  AC_MSG_RESULT(yes)
-  ifelse([$2], , :, [$2])
-else
-  AC_MSG_RESULT(no)
-ifelse([$3], , , [$3
-np])dnl
-fi
-])
-dnl
-dnl K5_AC_CHECK_FILES(FILE... [, ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]])
-dnl
-AC_DEFUN(K5_AC_CHECK_FILES,
-[AC_REQUIRE([AC_PROG_CC])dnl
-for ac_file in $1
-do
-K5_AC_CHECK_FILE($ac_file,
-[changequote(, )dnl
-  ac_tr_file=HAVE`echo $ac_file | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'`
-changequote([, ])dnl
-  AC_DEFINE_UNQUOTED($ac_tr_file) $2], $3)dnl
-done
-])
 AC_DEFUN(KRB5_AC_CHECK_FOR_CFLAGS,[
 AC_BEFORE([$0],[AC_PROG_CC])
 AC_BEFORE([$0],[AC_PROG_CXX])
@@ -739,31 +695,6 @@ AC_CHECK_MEMBER(struct sockaddr.sa_len,
 ,,[#include <sys/types.h>
 #include <sys/socket.h>])])
 dnl
-dnl
-dnl CHECK_UTMP: check utmp structure and functions
-dnl
-AC_DEFUN(CHECK_UTMP,[
-AC_CHECK_MEMBERS([struct utmp.ut_pid, struct utmp.ut_type, struct utmp.ut_host, struct utmp.ut_exit],,,
-[#include <sys/types.h>
-#include <utmp.h>])
-
-# Define the names actually used in the krb5 code currently:
-if test $ac_cv_member_struct_utmp_ut_pid = no; then
-  AC_DEFINE(NO_UT_PID,1,[Define if ut_pid field not found])
-fi
-if test $ac_cv_member_struct_utmp_ut_type = no; then
-  AC_DEFINE(NO_UT_TYPE,1,[Define if ut_type field not found])
-fi
-if test $ac_cv_member_struct_utmp_ut_host = no; then
-  AC_DEFINE(NO_UT_HOST,1,[Define if ut_host field not found])
-fi
-if test $ac_cv_member_struct_utmp_ut_exit = no; then
-  AC_DEFINE(NO_UT_EXIT,1,[Define if ut_exit field not found])
-fi
-
-AC_CHECK_FUNCS(setutent setutxent updwtmp updwtmpx)
-])dnl
-dnl
 dnl WITH_NETLIB
 dnl 
 dnl
@@ -1725,18 +1656,6 @@ fi])
 dnl
 dnl
 m4_include(config/ac-archive/acx_pthread.m4)
-#
-# KRB5_AC_LIBUTIL
-#
-# Check for libutil, for NetBSD, et al.; needed for openpty() and
-# logwtmp() on some platforms.
-#
-AC_DEFUN([KRB5_AC_LIBUTIL],
-	[AC_CHECK_LIB(util, main,
-		[AC_DEFINE(HAVE_LIBUTIL,1,[Define if util library is available with openpty, logwtmp, etc])
-  UTIL_LIB=-lutil])dnl
-AC_SUBST(UTIL_LIB)
-])
 dnl
 dnl
 dnl
diff --git a/src/appl/Makefile.in b/src/appl/Makefile.in
index 02a1c73..57eafd2 100644
--- a/src/appl/Makefile.in
+++ b/src/appl/Makefile.in
@@ -1,8 +1,6 @@
-thisconfigdir=..
-myfulldir=appl
 mydir=appl
 BUILDTOP=$(REL)..
 
-SUBDIRS= sample simple user_user gss-sample \
-	libpty bsd gssftp telnet
+SUBDIRS= sample simple user_user gss-sample
+
 
diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in
deleted file mode 100644
index 5ec3c95..0000000
--- a/src/appl/bsd/Makefile.in
+++ /dev/null
@@ -1,84 +0,0 @@
-thisconfigdir=.
-myfulldir=appl/bsd
-mydir=.
-BUILDTOP=$(REL)..$(S)..
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-SETENVSRC=@SETENVSRC@
-SETENVOBJ=@SETENVOBJ@
-
-LOGINLIBS=@LOGINLIBS@
-LIBOBJS=@LIBOBJS@
-KRSHDLIBS=@KRSHDLIBS@
-
-SRCS= $(srcdir)/krcp.c $(srcdir)/krlogin.c $(srcdir)/krsh.c $(srcdir)/kcmd.c \
-	$(srcdir)/forward.c $(srcdir)/login.c $(srcdir)/krshd.c \
-	$(srcdir)/krlogind.c
-OBJS= krcp.o krlogin.o krsh.o kcmd.o forward.o $(SETENVOBJ) login.o krshd.o \
-	krlogind.o $(LIBOBJS)
-
-UCB_RLOGIN = @UCB_RLOGIN@
-UCB_RSH = @UCB_RSH@
-UCB_RCP = @UCB_RCP@
-
-RSH=	-DKRB5_PATH_RLOGIN=\"$(CLIENT_BINDIR)/rlogin\"
-BSD=	-DUCB_RLOGIN=\"$(UCB_RLOGIN)\" \
-	-DUCB_RSH=\"$(UCB_RSH)\" -DUCB_RCP=\"$(UCB_RCP)\"
-
-DEFINES = $(RSH) $(BSD) $(RPROGS) -DKERBEROS \
-	-DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb5\" -DKPROGDIR=\"$(CLIENT_BINDIR)\" \
-	-DHEIMDAL_FRIENDLY
-
-all:: rsh rcp rlogin kshd klogind login.krb5
-
-clean:: 
-	$(RM) rsh rcp rlogin kshd klogind login.krb5
-
-rsh: krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o rsh krsh.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS)
-
-rcp: krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o rcp krcp.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS)
-
-rlogin: krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o rlogin krlogin.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRB5_BASE_LIBS)
-
-install::
-	for f in rsh rcp rlogin; do \
-	 ($(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'` && \
-	  $(INSTALL_DATA) $(srcdir)/$$f.M \
-		${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1 \
-	  ) || exit 1; \
-	done
-
-kshd: krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB)
-	$(CC_LINK) -o kshd krshd.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(KRSHDLIBS) $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB)
-
-klogind: krlogind.o kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) $(APPUTILS_DEPLIB)
-	$(CC_LINK) -o klogind krlogind.o  kcmd.o forward.o $(SETENVOBJ) $(LIBOBJS) $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS) $(APPUTILS_LIB)
-
-install::
-	for f in kshd klogind; do \
-	 ($(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(SERVER_BINDIR)/`echo $$f|sed '$(transform)'` && \
-	  $(INSTALL_DATA) $(srcdir)/$$f.M \
-		${DESTDIR}$(SERVER_MANDIR)/`echo $$f|sed '$(transform)'`.8 \
-	 ) || exit 1 ; \
-	done
-
-# No program name transformation is done with login.krb5 since it is directly
-# referenced by klogind.
-#
-login.krb5: login.o  $(SETENVOBJ) $(LIBOBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o login.krb5 login.o $(SETENVOBJ) $(LIBOBJS) $(LOGINLIBS) $(PTY_LIB) $(KRB5_BASE_LIBS)
-
-install::
-	$(INSTALL_PROGRAM) login.krb5 $(DESTDIR)$(SERVER_BINDIR)/login.krb5
-	$(INSTALL_DATA) $(srcdir)/login.M \
-		${DESTDIR}$(SERVER_MANDIR)/login.krb5.8
-
-getdtablesize.o: $(srcdir)/getdtablesize.c
-
-kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o forward.o: defines.h
diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in
deleted file mode 100644
index 330c87d..0000000
--- a/src/appl/bsd/configure.in
+++ /dev/null
@@ -1,159 +0,0 @@
-K5_AC_INIT(krlogind.c)
-CONFIG_RULES
-KRB5_AC_INET6
-LOGINLIBS=
-AC_ARG_WITH([afs],
-[  --without-afs        don't have afs libraries to build against (default)
-  --with-afs=AFSDIR    use preinstalled AFS library tree],
-,with_afs=no)dnl
-if test $with_afs != no; then
-	AC_DEFINE(SETPAG,1,[Define if setpag should be used])
-	LOGINLIBS="$LOGINLIBS -L$with_afs/lib -L$with_afs/lib/afs -lauth -lsys -lrx -llwp"
-fi
-AC_PROG_INSTALL
-dnl dbm libs for use of an_to_ln
-save_LIBS="$LIBS"
- LIBS=
- AC_CHECK_LIB(crypt,crypt)
- LOGINLIBS="$LOGINLIBS $LIBS"
-LIBS="$save_LIBS"
-dnl
-dnl AIX has them all; SCO might too
-AC_CHECK_LIB(odm,main,
-  AC_CHECK_LIB(s,main,
-    AC_CHECK_LIB(cfg,main, 
-      LOGINLIBS="$LOGINLIBS -lodm -ls -lcfg" 
-      )))
-dnl
-dnl Make our operating system-specific security checks and definitions for
-dnl login.
-dnl
-case $krb5_cv_host in
-*-*-aix3*)
-	# AIX has streams include files but not streams TTY
-	# Moreover, strops.h trashes sys/ioctl.h
-	krb5_cv_has_streams=no
-	;;
-alpha*-dec-osf*)
-	AC_CHECK_LIB(security,setluid,
-		AC_DEFINE(HAVE_SETLUID,1,[Define if setluid is supplied by the OSF/1 security library])
-		LOGINLIBS="$LOGINLIBS -lsecurity"
-	)
-	;;
-esac
-dnl
-KRSHDLIBS="$LOGINLIBS"
-dnl
-AC_SUBST(KRSHDLIBS)
-AC_SUBST(LOGINLIBS)
-dnl
-AC_FUNC_VFORK
-AC_TYPE_MODE_T
-AC_CHECK_FUNCS(isatty inet_aton getenv gettosbyname killpg initgroups setpriority setreuid setresuid waitpid setsid ptsname setlogin tcgetpgrp tcsetpgrp setpgid strsave utimes rmufile rresvport_af)
-AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h utmp.h sys/time.h sys/ioctl_compat.h paths.h arpa/nameser.h)
-AC_HEADER_STDARG
-AC_REPLACE_FUNCS(getdtablesize)
-dnl
-KRB5_AC_NEED_DAEMON
-dnl
-KRB5_SIGTYPE
-CHECK_SIGNALS
-CHECK_SETJMP
-CHECK_DIRENT
-CHECK_WAIT_TYPE
-AC_CHECK_HEADER(termios.h,[AC_CHECK_FUNC(cfsetispeed,AC_DEFINE(POSIX_TERMIOS,1,[Define if POSIX-compatible termios interface is found]))])
-CHECK_UTMP
-KRB5_GETSOCKNAME_ARGS
-dnl
-dnl Check for where the BSD rlogin, rcp, and rsh programs live.
-dnl
-save_path=$PATH
-ifdef([_AC_PROG_ECHO], [_AC_PROG_ECHO])
-ifdef([AC_PROG_ECHO_N], [AC_PROG_ECHO_N])
-AC_ARG_ENABLE([athena],
-[  --enable-athena         build with MIT Project Athena configuration],
-[PATH=/usr/athena/bin:/bin:/usr/bin:/usr/bsd:/usr/ucb],
-[PATH=/bin:/usr/bin:/usr/bsd:/usr/ucb])
-AC_PATH_PROG(UCB_RLOGIN,rlogin,/usr/ucb/rlogin)
-AC_PATH_PROG(UCB_RSH,rsh,/usr/ucb/rsh)
-AC_PATH_PROG(UCB_RCP,rcp,/usr/ucb/rcp)
-PATH=$save_path
-ifdef([_AC_PROG_ECHO], [_AC_PROG_ECHO])
-ifdef([AC_PROG_ECHO_N], [AC_PROG_ECHO_N])
-dnl
-dnl
-AC_MSG_CHECKING([streams interface])
-AC_CACHE_VAL(krb5_cv_has_streams,
-[AC_TRY_COMPILE(
-[#include <sys/stream.h>
-#include <sys/stropts.h>], [],
-krb5_cv_has_streams=yes, krb5_cv_has_streams=no)])
-AC_MSG_RESULT($krb5_cv_has_streams)
-if test $krb5_cv_has_streams = yes; then
-AC_DEFINE(HAVE_STREAMS,1,[Define if the OS uses streams])
-fi
-dnl
-dnl
-AC_MSG_CHECKING([F_SETOWN])
-AC_CACHE_VAL(krb5_cv_f_setown,
-[AC_TRY_COMPILE(
-[#include <sys/types.h>
-#include <fcntl.h>], [1+F_SETOWN;],
-krb5_cv_f_setown=yes,krb5_cv_f_setown=no)])
-AC_MSG_RESULT($krb5_cv_f_setown)
-if test $krb5_cv_f_setown = yes; then
-AC_DEFINE(HAVE_SETOWN,1,[Define if F_SETOWN is available])
-fi
-dnl
-dnl
-AC_MSG_CHECKING([setenv])
-AC_CACHE_VAL(krb5_cv_setenv,
-[AC_TRY_LINK(
-[],[setenv("PATH","/bin",0);],
-krb5_cv_setenv=yes,krb5_cv_setenv=no)])
-AC_MSG_RESULT($krb5_cv_setenv)
-if test $krb5_cv_setenv = no; then
-SETENVSRC=setenv.c
-SETENVOBJ=setenv.o
-AC_SUBST([SETENVSRC])
-AC_SUBST([SETENVOBJ])
-AC_DEFINE([NEED_SETENV],1,[Define if setenv needs to be defined])
-fi
-dnl
-dnl
-AC_MSG_CHECKING([number of arguments to setpgrp])
-AC_CACHE_VAL(krb5_cv_setpgrp_args,
-[AC_TRY_COMPILE(
-[#ifndef __STDC__
-#define __STDC__ 1
-#endif
-#include <unistd.h>],[setpgrp(0,0)],
-krb5_cv_setpgrp_args=two, krb5_cv_setpgrp_args=void)])
-AC_MSG_RESULT($krb5_cv_setpgrp_args)
-if test $krb5_cv_setpgrp_args = two; then
-AC_DEFINE(SETPGRP_TWOARG,1,[Define if setpgrp takes two arguments])
-fi
-dnl
-dnl
-AC_MSG_CHECKING([shadow password support])
-AC_CACHE_VAL(krb5_cv_shadow_pwd,
-[AC_TRY_LINK(
-[#include <sys/types.h>
-#include <pwd.h>
-#include <shadow.h>],
-[struct spwd *sp = getspnam("root")],
-krb5_cv_shadow_pwd=yes, krb5_cv_shadow_pwd=no)])
-AC_MSG_RESULT($krb5_cv_shadow_pwd)
-if test $krb5_cv_shadow_pwd = yes; then
-AC_DEFINE(HAVE_SHADOW,1,[Define if shadow password interface is available])
-fi
-dnl
-dnl
-K5_AC_CHECK_FILES(/etc/environment /etc/TIMEZONE)
-dnl
-dnl
-AC_C_CONST
-
-KRB5_AC_LIBUTIL
-KRB5_BUILD_PROGRAM
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/appl/bsd/defines.h b/src/appl/bsd/defines.h
deleted file mode 100644
index b565cd8..0000000
--- a/src/appl/bsd/defines.h
+++ /dev/null
@@ -1,85 +0,0 @@
-#define OPTS_FORWARD_CREDS           0x00000020
-#define OPTS_FORWARDABLE_CREDS       0x00000010
-#define RCMD_BUFSIZ	5120
-
-enum kcmd_proto {
-  /* Old protocol: DES encryption only.  No subkeys.  No protection
-     for cleartext length.  No ivec supplied.  OOB hacks used for
-     rlogin.  Checksum may be omitted at connection startup.  */
-  KCMD_OLD_PROTOCOL = 1,
-  /* New protocol: Any encryption scheme.  Client-generated subkey
-     required.  Prepend cleartext-length to cleartext data (but don't
-     include it in count).  Starting ivec defined, chained.  In-band
-     signalling.  Checksum required.  */
-  KCMD_NEW_PROTOCOL,
-  /* Hack: Get credentials, and use the old protocol iff the session
-     key type is single-DES.  */
-  KCMD_PROTOCOL_COMPAT_HACK,
-  /* Using Kerberos version 4.  */
-  KCMD_V4_PROTOCOL,
-  /* ??? */
-  KCMD_UNKNOWN_PROTOCOL
-};
-
-extern int kcmd (int *sock, char **ahost, int /* u_short */ rport,
-		 char *locuser, char *remuser, char *cmd,
-		 int *fd2p, char *service, char *realm,
-		 krb5_creds **cred,
-		 krb5_int32 *seqno, krb5_int32 *server_seqno,
-		 struct sockaddr_in *laddr,
-		 struct sockaddr_in *faddr,
-		 krb5_auth_context *authconp,
-		 krb5_flags authopts,
-		 int anyport, int suppress_err,
-		 enum kcmd_proto *protonum /* input and output */
-		 );
-
-extern int rcmd_stream_read (int fd, char *buf, size_t len, int secondary);
-extern int rcmd_stream_write (int fd, char *buf, size_t len, int secondary);
-extern int getport (int * /* portnum */, int * /* addrfamily */);
-
-extern void rcmd_stream_init_krb5 (krb5_keyblock *in_keyblock,
-				   int encrypt_flag, int lencheck,
-				   int am_client, enum kcmd_proto protonum);
-
-extern void rcmd_stream_init_normal(void);
-
-#ifndef HAVE_STRSAVE
-extern char *strsave(const char *sp);
-#endif
-
-krb5_error_code rd_and_store_for_creds(krb5_context context,
-				       krb5_auth_context auth_context,
-				       krb5_data *inbuf, krb5_ticket *ticket,
-				       krb5_ccache *ccache);
-
-
-int princ_maps_to_lname(krb5_principal principal, char *luser);
-int default_realm(krb5_principal principal);
-
-#ifdef NEED_SETENV
-extern int setenv(char *, char *, int);
-#endif
-
-#include "fake-addrinfo.h"
-
-#ifdef KRB_DEFS
-krb5_error_code krb5_compat_recvauth(krb5_context, krb5_auth_context *,
-				     krb5_pointer, char *, krb5_principal,
-				     krb5_int32, krb5_keytab,
-				     krb5_int32, char *, char *,
-				     struct sockaddr_in *,
-				     struct sockaddr_in *, char *,
-				     krb5_ticket **, krb5_int32 *,
-				     AUTH_DAT **, Key_schedule, char *);
-
-krb5_error_code
-krb5_compat_recvauth_version(krb5_context, krb5_auth_context *,
-			     krb5_pointer, krb5_principal, krb5_int32,
-			     krb5_keytab, krb5_int32, char *, char *,
-			     struct sockaddr_in *, struct sockaddr_in *,
-			     char *, krb5_ticket **, krb5_int32*,
-			     AUTH_DAT **,  Key_schedule, krb5_data *);
-#endif
-
-#include "port-sockets.h"
diff --git a/src/appl/bsd/deps b/src/appl/bsd/deps
deleted file mode 100644
index f83d523..0000000
--- a/src/appl/bsd/deps
+++ /dev/null
@@ -1,82 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)krcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h defines.h krcp.c
-$(OUTPRE)krlogin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h defines.h krlogin.c \
-  rpaths.h
-$(OUTPRE)krsh.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h defines.h krsh.c
-$(OUTPRE)kcmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  defines.h kcmd.c
-$(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  defines.h forward.c
-$(OUTPRE)login.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  login.c loginpaths.h
-$(OUTPRE)krshd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  defines.h krshd.c loginpaths.h
-$(OUTPRE)krlogind.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  defines.h krlogind.c
diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c
deleted file mode 100644
index ad0680c..0000000
--- a/src/appl/bsd/forward.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * appl/bsd/forward.c
- */
-
-/*
- * Copyright (c) 1983 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#if defined(KERBEROS) || defined(KRB5)
-#include <stdio.h>
-#include <netdb.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "k5-int.h"
-
-#include "defines.h"
-
-/* Decode, decrypt and store the forwarded creds in the local ccache. */
-krb5_error_code
-rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache)
-    krb5_context context;
-    krb5_auth_context auth_context;
-    krb5_data *inbuf;
-    krb5_ticket *ticket;
-    krb5_ccache *ccache;
-{
-    krb5_creds ** creds;
-    krb5_error_code retval;
-    char ccname[35];
-
-    *ccache  = NULL;
-
-    retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL);
-    if (retval)
-	return(retval);
-
-    /* Set the KRB5CCNAME ENV variable to keep sessions
-     * seperate. Use the process id of this process which is
-     * the rlogind or rshd. Set the environment variable as well.
-     */
-
-    snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid());
-    setenv("KRB5CCNAME", ccname, 1);
-
-    retval = krb5_cc_resolve(context, ccname, ccache);
-    if (retval)
-	goto cleanup;
-
-    retval = krb5_cc_initialize(context, *ccache, ticket->enc_part2->client);
-    if (retval)
-	goto cleanup;
-
-    retval = krb5_cc_store_cred(context, *ccache, *creds);
-    if (retval)
-	goto cleanup;
-
-cleanup:
-    krb5_free_creds(context, *creds);
-    return retval;
-}
-
-#endif /* KERBEROS */
diff --git a/src/appl/bsd/getdtablesize.c b/src/appl/bsd/getdtablesize.c
deleted file mode 100644
index 244616c..0000000
--- a/src/appl/bsd/getdtablesize.c
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <limits.h>
-
-#ifdef _SC_OPEN_MAX
-int getdtablesize() {
-    return sysconf(_SC_OPEN_MAX);
-}
-#else
-#include <sys/resource.h>
-/* Placed in the Public Domain by Mark Eichin, Cygnus Support 1994 */
-
-int getdtablesize() {
-    struct rlimit rl;
-    getrlimit(RLIMIT_NOFILE, &rl);
-    return rl.rlim_cur;
-}
-#endif
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
deleted file mode 100644
index 276c703..0000000
--- a/src/appl/bsd/kcmd.c
+++ /dev/null
@@ -1,1035 +0,0 @@
-/*
- * appl/bsd/kcmd.c
- */
-
-/*
- * Copyright (c) 1983 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/* derived from @(#)rcmd.c	5.17 (Berkeley) 6/27/88 */
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <pwd.h>
-#include <sys/param.h>
-#ifndef _TYPES_
-#include <sys/types.h>
-#define _TYPES_
-#endif
-#include <fcntl.h>
-
-#ifndef MAXPATHLEN
-#define MAXPATHLEN 1024
-#endif
-#include <signal.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#ifdef _AIX
-#include <sys/select.h>
-#endif
-
-#ifndef POSIX_SIGNALS
-#ifndef sigmask
-#define sigmask(m)    (1 << ((m)-1))
-#endif
-#endif
-
-#ifndef roundup
-#define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
-#endif
-
-#include <netinet/in.h>
-#include <netdb.h>
-
-#include <errno.h>
-#include "k5-int.h"
-
-#include "defines.h"
-
-extern krb5_context bsd_context;
-
-
-#define START_PORT      5120     /* arbitrary */
-char *default_service = "host";
-
-#define KCMD_KEYUSAGE	1026 /* Key usage used   with 3des or any old-protocol enctype*/
-/* New protocol enctypes that use cipher state have keyusage defined later*/
-
-#ifndef GETSOCKNAME_ARG3_TYPE
-#define GETSOCKNAME_ARG3_TYPE int
-#endif
-
-/*
- * Note that the encrypted rlogin packets take the form of a four-byte
- * length followed by encrypted data.  On writing the data out, a significant
- * performance penalty is suffered (at least one RTT per character, two if we
- * are waiting for a shell to echo) by writing the data separately from the
- * length.  So, unlike the input buffer, which just contains the output
- * data, the output buffer represents the entire packet.
- */
-
-static char des_inbuf[2*RCMD_BUFSIZ];	 /* needs to be > largest read size */
-static char des_outpkt[2*RCMD_BUFSIZ+4]; /* needs to be > largest write size */
-static krb5_data desinbuf;
-static krb5_data desoutbuf;
-
-/* XXX Overloaded: use_ivecs!=0 -> new protocol, inband signalling, etc.  */
-static int use_ivecs;
-static krb5_keyusage enc_keyusage_i[2], enc_keyusage_o[2];
-static krb5_data encivec_i[2], encivec_o[2];
-
-static krb5_keyblock *keyblock;		 /* key for encrypt/decrypt */
-static int (*input)(int, char *, size_t, int);
-static int (*output)(int, char *, size_t, int);
-static char storage[2*RCMD_BUFSIZ];	 /* storage for the decryption */
-static size_t nstored = 0;
-static char *store_ptr = storage;
-static int twrite(int, char *, size_t, int);
-static int v5_des_read(int, char *, size_t, int),
-    v5_des_write(int, char *, size_t, int);
-static int do_lencheck;
-
-#ifdef POSIX_SIGNALS
-typedef sigset_t masktype;
-#else
-typedef sigmasktype masktype;
-#endif
-
-static void
-block_urgent (masktype *oldmask)
-{
-#ifdef POSIX_SIGNALS
-    sigset_t urgmask;
-
-    sigemptyset(&urgmask);
-    sigaddset(&urgmask, SIGURG);
-    sigprocmask(SIG_BLOCK, &urgmask, oldmask);
-#else
-    *oldmask = sigblock(sigmask(SIGURG));
-#endif /* POSIX_SIGNALS */
-}
-
-static void
-restore_sigs (masktype *oldmask)
-{
-#ifdef POSIX_SIGNALS
-    sigprocmask(SIG_SETMASK, oldmask, (sigset_t*)0);
-#else
-    sigsetmask(*oldmask);
-#endif /* POSIX_SIGNALS */
-}
-
-static int
-kcmd_connect (int *sp, int *addrfamilyp, struct sockaddr_in *sockinp,
-	      char *hname, char **host_save, unsigned int rport, int *lportp,
-	      struct sockaddr_in *laddrp)
-{
-    int s, aierr;
-    struct addrinfo *ap, *ap2, aihints;
-    char rport_buf[10];
-    GETSOCKNAME_ARG3_TYPE  sin_len;
-
-    if (rport == 0) {
-	fprintf(stderr, "can't connect to %s port 0\n", hname);
-	return -1;
-    }
-    snprintf(rport_buf, sizeof(rport_buf), "%d", ntohs(rport));
-    memset(&aihints, 0, sizeof(aihints));
-    aihints.ai_socktype = SOCK_STREAM;
-    aihints.ai_flags = AI_CANONNAME;
-    aihints.ai_family = *addrfamilyp;
-    aierr = getaddrinfo(hname, rport_buf, &aihints, &ap);
-    if (aierr) {
-	const char *msg;
-	/* We want to customize some messages.  */
-	switch (aierr) {
-	case EAI_NONAME:
-	    msg = "host unknown";
-	    break;
-	default:
-	    fprintf(stderr, "foo\n");
-	    msg = gai_strerror(aierr);
-	    break;
-	}
-	fprintf(stderr, "%s: %s\n", hname, msg);
-	return -1;
-    }
-    if (ap == 0) {
-	fprintf(stderr, "%s: no addresses?\n", hname);
-	return -1;
-    }
-
-    *host_save = strdup(ap->ai_canonname ? ap->ai_canonname : hname);
-
-    for (ap2 = ap; ap; ap = ap->ai_next) {
-	char hostbuf[NI_MAXHOST];
-	char portbuf[NI_MAXSERV];
-	int oerrno;
-	int af = ap->ai_family;
-
-	/* @@ Debugging.  Yuck.  */
-	switch (af) {
-	case AF_INET:
-	    if (((struct sockaddr_in *)ap->ai_addr)->sin_port == 0) {
-		fprintf(stderr, "internal error: got ipv4 address but port zero?\n");
-		continue;
-	    }
-	    break;
-#ifdef KRB5_USE_INET6
-	case AF_INET6:
-	    if (((struct sockaddr_in6 *)ap->ai_addr)->sin6_port == 0) {
-		fprintf(stderr, "internal error: got ipv6 address but port zero?\n");
-		continue;
-	    }
-	    break;
-#endif
-	}
-
-	for (;;) {
-	    s = getport(lportp, &af);
-	    if (s < 0) {
-		if (errno == EAGAIN)
-		    fprintf(stderr, "socket: All ports in use\n");
-		else
-		    perror("kcmd: socket");
-		return -1;
-	    }
-	    if (connect(s, ap->ai_addr, ap->ai_addrlen) >= 0)
-		goto connected;
-	    (void) close(s);
-	    if (errno != EADDRINUSE)
-		break;
-	    if (lportp)
-		(*lportp)--;
-	}
-
-	oerrno = errno;
-	aierr = getnameinfo(ap->ai_addr, ap->ai_addrlen,
-			    hostbuf, sizeof(hostbuf), portbuf, sizeof(portbuf),
-			    NI_NUMERICHOST | NI_NUMERICSERV);
-	if (aierr)
-	    fprintf(stderr, "connect to <error formatting address: %s>: ",
-		    gai_strerror (aierr));
-	else
-	    fprintf(stderr, "connect to address %s port %s: ", hostbuf,
-		    portbuf);
-	errno = oerrno;
-	perror(0);
-
-	if (ap->ai_next)
-	    fprintf(stderr, "Trying next address...\n");
-    }
-    freeaddrinfo(ap2);
-    return -1;
-
-connected:
-    sin_len = sizeof(struct sockaddr_in);
-    if (getsockname(s, (struct sockaddr *)laddrp, &sin_len) < 0) {
-	perror("getsockname");
-	close(s);
-	return -1;
-    }
-
-    *sp = s;
-    *sockinp = *(struct sockaddr_in *) ap->ai_addr;
-    *addrfamilyp = ap->ai_family;
-    freeaddrinfo(ap2);
-    return 0;
-}
-
-static int
-setup_secondary_channel (int s, int *fd2p, int *lportp, int *addrfamilyp,
-			 struct sockaddr_in *fromp, int anyport)
-{
-    if (fd2p == 0) {
-    	write(s, "", 1);
-    	*lportp = 0;
-    } else {
-    	char num[8];
-    	socklen_t len = sizeof (*fromp);
-	size_t slen;
-    	int s2 = getport(lportp, addrfamilyp), s3;
-	fd_set rfds, xfds;
-	struct timeval waitlen;
-	int n;
-
-	*fd2p = -1;
-	if (s2 < 0)
-	    return -1;
-	FD_ZERO(&rfds);
-	FD_ZERO(&xfds);
-	FD_SET(s, &rfds);
-	FD_SET(s, &xfds);
-	listen(s2, 1);
-	FD_SET(s2, &rfds);
-    	(void) snprintf(num, sizeof(num), "%d", *lportp);
-	slen = strlen(num)+1;
-    	if (write(s, num, slen) != slen) {
-	    perror("write: setting up stderr");
-	    (void) close(s2);
-	    return -1;
-    	}
-	waitlen.tv_sec = 600;	/* long, but better than infinite */
-	waitlen.tv_usec = 0;
-	n = (s < s2) ? s2 : s;
-	n = select(n+1, &rfds, 0, &xfds, &waitlen);
-	if (n <= 0) {
-	    /* timeout or error */
-	    fprintf(stderr, "timeout in circuit setup\n");
-	    close(s2);
-	    *fd2p = -1;
-	    return -1;
-	} else {
-	    if (FD_ISSET(s, &rfds) || FD_ISSET(s, &xfds)) {
-		fprintf(stderr, "socket: protocol error or closed connection in circuit setup\n");
-		close(s2);
-		*fd2p = -1;
-		return -1;
-	    }
-	    /* ready to accept a connection; yay! */
-	}
-    	s3 = accept(s2, (struct sockaddr *)fromp, &len);
-    	(void) close(s2);
-    	if (s3 < 0) {
-	    perror("accept");
-	    *lportp = 0;
-	    return -1;
-    	}
-    	*fd2p = s3;
-    	fromp->sin_port = ntohs(fromp->sin_port);
-	/* This check adds nothing when using Kerberos.  */
-    	if (! anyport &&
-	    (fromp->sin_family != AF_INET ||
-    	     fromp->sin_port >= IPPORT_RESERVED)) {
-	    fprintf(stderr, "socket: protocol failure in circuit setup.\n");
-	    close(s3);
-	    *fd2p = -1;
-	    return -1;
-    	}
-    }
-    return 0;
-}
-
-int
-kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
-     cred, seqno, server_seqno, laddr, faddr, authconp, authopts, anyport,
-     suppress_err, protonump)
-     int *sock;
-     char **ahost;
-     u_short rport;
-     char *locuser, *remuser, *cmd;
-     int *fd2p;
-     char *service;
-     char *realm;
-     krb5_creds **cred; /* output only */
-     krb5_int32 *seqno;
-     krb5_int32 *server_seqno;
-     struct sockaddr_in *laddr, *faddr;
-     krb5_auth_context *authconp;
-     krb5_flags authopts;
-     int anyport;
-     int suppress_err;		/* Don't print if authentication fails */
-     enum kcmd_proto *protonump;
-{
-    int s;
-    masktype oldmask;
-    struct sockaddr_in sockin, from, local_laddr;
-    krb5_creds *get_cred = 0, *ret_cred = 0;
-    char c;
-    int lport;
-    int rc;
-    char *host_save;
-    krb5_error_code status;
-    krb5_ap_rep_enc_part *rep_ret;
-    krb5_error	*error = 0;
-    krb5_ccache cc;
-    krb5_data outbuf;
-    krb5_flags options = authopts;
-    krb5_auth_context auth_context = NULL;
-    char *cksumbuf;
-    krb5_data cksumdat;
-    char *kcmd_version;
-    enum kcmd_proto protonum = *protonump;
-    int addrfamily = /* AF_INET */0;
-
-    if (asprintf(&cksumbuf, "%u:%s%s", ntohs(rport), cmd, remuser) < 0) {
-	fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
-	return(-1);
-    }
-    cksumdat.data = cksumbuf;
-    cksumdat.length = strlen(cksumbuf);
-
-    block_urgent(&oldmask);
-
-    if (!laddr) laddr = &local_laddr;
-    if (kcmd_connect(&s, &addrfamily, &sockin, *ahost, &host_save, rport, 0, laddr) == -1) {
-	restore_sigs(&oldmask);
-	return -1;
-    }
-    *ahost = host_save;
-    /* If no service is given set to the default service */
-    if (!service) service = default_service;
-
-    if (!(get_cred = (krb5_creds *)calloc(1, sizeof(krb5_creds)))) {
-        fprintf(stderr,"kcmd: no memory\n");
-        return(-1);
-    }
-    status = krb5_sname_to_principal(bsd_context, host_save, service,
-				     KRB5_NT_SRV_HST, &get_cred->server);
-    if (status) {
-	fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n",
-		error_message(status));
-	return(-1);
-    }
-
-    if (realm && *realm) {
-        status = krb5_set_principal_realm(bsd_context, get_cred->server,
-					  realm);
-	if (status) {
-	  fprintf(stderr, "kcmd: krb5_set_principal_realm failed %s\n",
-		  error_message(status));
-	  return(-1);
-	}
-    }
-    status = setup_secondary_channel(s, fd2p, &lport, &addrfamily, &from,
-				     anyport);
-    if (status)
-	goto bad;
-
-    if (faddr)
-	*faddr = sockin;
-
-    status = krb5_cc_default(bsd_context, &cc);
-    if (status)
-    	goto bad2;
-
-    status = krb5_cc_get_principal(bsd_context, cc, &get_cred->client);
-    if (status) {
-    	(void) krb5_cc_close(bsd_context, cc);
-    	goto bad2;
-    }
-
-    /* Get ticket from credentials cache or kdc */
-    status = krb5_get_credentials(bsd_context, 0, cc, get_cred, &ret_cred);
-    krb5_free_creds(bsd_context, get_cred);
-    (void) krb5_cc_close(bsd_context, cc);
-    if (status) {
-	fprintf (stderr, "error getting credentials: %s\n",
-		 error_message (status));
-	goto bad2;
-    }
-
-    /* Reset internal flags; these should not be sent. */
-    authopts &= (~OPTS_FORWARD_CREDS);
-    authopts &= (~OPTS_FORWARDABLE_CREDS);
-
-    if (krb5_auth_con_init(bsd_context, &auth_context))
-	goto bad2;
-
-    if (krb5_auth_con_set_req_cksumtype(bsd_context, auth_context, CKSUMTYPE_RSA_MD5) !=0 )
-	goto bad2;
-    if (krb5_auth_con_setflags(bsd_context, auth_context,
-			       KRB5_AUTH_CONTEXT_RET_TIME))
-	goto bad2;
-
-    /* Only need local address for mk_cred() to send to krlogind */
-    status = krb5_auth_con_genaddrs(bsd_context, auth_context, s,
-				   KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR);
-    if (status)
-	goto bad2;
-
-    if (protonum == KCMD_PROTOCOL_COMPAT_HACK) {
-	krb5_boolean is_des;
-	status = krb5_c_enctype_compare (bsd_context, ENCTYPE_DES_CBC_CRC,
-					 ret_cred->keyblock.enctype, &is_des);
-	if (status)
-	    goto bad2;
-	protonum = is_des ? KCMD_OLD_PROTOCOL : KCMD_NEW_PROTOCOL;
-    }
-
-    switch (protonum) {
-    case KCMD_NEW_PROTOCOL:
-	authopts |= AP_OPTS_USE_SUBKEY;
-	kcmd_version = "KCMDV0.2";
-	break;
-    case KCMD_OLD_PROTOCOL:
-	kcmd_version = "KCMDV0.1";
-	break;
-    default:
-	status = EINVAL;
-	goto bad2;
-    }
-
-    /* Call Kerberos library routine to obtain an authenticator,
-       pass it over the socket to the server, and obtain mutual
-       authentication.  */
-    status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s,
-			   kcmd_version, ret_cred->client, ret_cred->server,
-			   authopts, &cksumdat, ret_cred, 0,
-			   &error, &rep_ret, NULL);
-    free(cksumbuf);
-    if (status) {
-	if (!suppress_err)
-	    fprintf(stderr, "Couldn't authenticate to server: %s\n",
-		    error_message(status));
-	if (error) {
-	    if (!suppress_err) {
-		fprintf(stderr, "Server returned error code %d (%s)\n",
-			error->error,
-			error_message(ERROR_TABLE_BASE_krb5 +
-				      (int) error->error));
-		if (error->text.length) {
-		    fprintf(stderr, "Error text sent from server: %s\n",
-			    error->text.data);
-		}
-	    }
-	    krb5_free_error(bsd_context, error);
-	    error = 0;
-	}
-    }
-    if (status) goto bad2;
-    if (rep_ret && server_seqno) {
-	*server_seqno = rep_ret->seq_number;
-	krb5_free_ap_rep_enc_part(bsd_context, rep_ret);
-    }
-
-    (void) write(s, remuser, strlen(remuser)+1);
-    (void) write(s, cmd, strlen(cmd)+1);
-    (void) write(s, locuser, strlen(locuser)+1);
-
-    if (options & OPTS_FORWARD_CREDS) {   /* Forward credentials */
-	status = krb5_fwd_tgt_creds(bsd_context, auth_context,
-				    host_save,
-				    ret_cred->client, ret_cred->server,
-				    0, options & OPTS_FORWARDABLE_CREDS,
-				    &outbuf);
-	if (status) {
-	    fprintf(stderr, "kcmd: Error getting forwarded creds: %s\n",
-		    error_message(status));
-	    goto bad2;
-	}
-
-	/* Send forwarded credentials */
-	status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf);
-	if (status)
-	  goto bad2;
-    }
-    else { /* Dummy write to signal no forwarding */
-	outbuf.length = 0;
-	status = krb5_write_message(bsd_context, (krb5_pointer)&s, &outbuf);
-	if (status)
-	  goto bad2;
-    }
-
-    if ((rc=read(s, &c, 1)) != 1) {
-	if (rc==-1) {
-	    perror(*ahost);
-	} else {
-	    fprintf(stderr,"kcmd: bad connection with remote host\n");
-	}
-	status = -1;
-	goto bad2;
-    }
-    if (c != 0) {
-	while (read(s, &c, 1) == 1) {
-	    (void) write(2, &c, 1);
-	    if (c == '\n')
-	      break;
-	}
-	status = -1;
-	goto bad2;
-    }
-    restore_sigs(&oldmask);
-    *sock = s;
-    *protonump = protonum;
-
-    /* pass back credentials if wanted */
-    if (cred) krb5_copy_creds(bsd_context, ret_cred, cred);
-    krb5_free_creds(bsd_context, ret_cred);
-    if (authconp)
-	*authconp = auth_context;
-
-    return (0);
-  bad2:
-    if (lport)
-      (void) close(*fd2p);
-  bad:
-    (void) close(s);
-    restore_sigs(&oldmask);
-    if (ret_cred)
-      krb5_free_creds(bsd_context, ret_cred);
-    return (status);
-}
-
-
-static int
-setup_socket (struct sockaddr *sa, GETSOCKNAME_ARG3_TYPE len)
-{
-    int s;
-
-    s = socket(sa->sa_family, SOCK_STREAM, 0);
-    if (s < 0)
-	return -1;
-
-    if (bind(s, sa, len) < 0)
-	return -1;
-    if (getsockname(s, sa, &len) < 0) {
-	close(s);
-	return -1;
-    }
-    return s;
-}
-
-
-int
-getport(alport, family)
-    int *alport, *family;
-{
-    int s;
-
-    if (*family == 0) {
-#ifdef KRB5_USE_INET6
-	*family = AF_INET6;
-	s = getport (alport, family);
-	if (s >= 0)
-	    return s;
-#endif
-	*family = AF_INET;
-    }
-
-#ifdef KRB5_USE_INET6
-    if (*family == AF_INET6) {
-	struct sockaddr_in6 sockin6;
-
-	memset(&sockin6, 0, sizeof(sockin6));
-	sockin6.sin6_family = AF_INET6;
-	sockin6.sin6_addr = in6addr_any;
-
-	s = setup_socket((struct sockaddr *)&sockin6, sizeof (sockin6));
-	if (s >= 0 && alport)
-	    *alport = ntohs(sockin6.sin6_port);
-	return s;
-    }
-#endif
-
-    if (*family == AF_INET) {
-	struct sockaddr_in sockin;
-
-	memset(&sockin, 0, sizeof(sockin));
-	sockin.sin_family = AF_INET;
-	sockin.sin_addr.s_addr = INADDR_ANY;
-
-	s = setup_socket((struct sockaddr *)&sockin, sizeof (sockin));
-	if (s >= 0 && alport)
-	    *alport = ntohs(sockin.sin_port);
-	return s;
-    }
-
-    return -1;
-}
-
-static int
-normal_read (int fd, char *buf, size_t len, int secondary)
-{
-    return read (fd, buf, len);
-}
-
-void rcmd_stream_init_normal()
-{
-    input = normal_read;
-    output = twrite;
-}
-
-void rcmd_stream_init_krb5(in_keyblock, encrypt_flag, lencheck, am_client,
-			   protonum)
-     krb5_keyblock *in_keyblock;
-     int encrypt_flag;
-     int lencheck;
-     int am_client;
-     enum kcmd_proto protonum;
-{
-    krb5_error_code status;
-    size_t blocksize;
-    int i;
-    krb5_error_code ret;
-
-    if (!encrypt_flag) {
-	rcmd_stream_init_normal();
-	return;
-    }
-    desinbuf.data = des_inbuf;
-    desoutbuf.data = des_outpkt+4;	/* Set up des buffers */
-    keyblock = in_keyblock;
-
-    do_lencheck = lencheck;
-    input = v5_des_read;
-    output = v5_des_write;
-    enc_keyusage_i[0] = KCMD_KEYUSAGE;
-    enc_keyusage_i[1] = KCMD_KEYUSAGE;
-    enc_keyusage_o[0] = KCMD_KEYUSAGE;
-    enc_keyusage_o[1] = KCMD_KEYUSAGE;
-
-    if (protonum == KCMD_OLD_PROTOCOL) {
-	use_ivecs = 0;
-	return;
-    }
-
-    use_ivecs = 1;
-    switch (in_keyblock->enctype) {
-      /*
-       * For the DES-based enctypes and the 3DES enctype we  want to use
-       *  a non-zero  IV because that's what we did.  In the future we
-       * use different keyusage for each channel and direction and a fresh
-       * cipher state
-       */
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES3_CBC_SHA1:
-
-      status = krb5_c_block_size(bsd_context, keyblock->enctype,
-				 &blocksize);
-      if (status) {
-	/* XXX what do I do? */
-	abort();
-      }
-
-      encivec_i[0].length = encivec_i[1].length = encivec_o[0].length
-	= encivec_o[1].length = blocksize;
-
-      if ((encivec_i[0].data = malloc(encivec_i[0].length * 4)) == NULL) {
-	/* XXX what do I do? */
-	abort();
-      }
-      encivec_i[1].data = encivec_i[0].data + encivec_i[0].length;
-      encivec_o[0].data = encivec_i[1].data + encivec_i[0].length;
-      encivec_o[1].data = encivec_o[0].data + encivec_i[0].length;
-
-    /* is there a better way to initialize this? */
-      memset(encivec_i[0].data, am_client, blocksize);
-      memset(encivec_o[0].data, 1 - am_client, blocksize);
-      memset(encivec_i[1].data, 2 | am_client, blocksize);
-      memset(encivec_o[1].data, 2 | (1 - am_client), blocksize);
-      break;
-    default:
-      if (am_client) {
-	enc_keyusage_i[0] = 1028;
-	enc_keyusage_i[1] = 1030;
-	enc_keyusage_o[0] = 1032;
-	enc_keyusage_o[1] = 1034;
-      } else { /*am_client*/
-	enc_keyusage_i[0] = 1032;
-	enc_keyusage_i[1] = 1034;
-	enc_keyusage_o[0] = 1028;
-	enc_keyusage_o[1] = 1030;
-      }
-      for (i = 0; i < 2; i++) {
-	ret = krb5_c_init_state (bsd_context, in_keyblock, enc_keyusage_i[i],
-				 &encivec_i[i]);
-	if (ret)
-	  goto fail;
-	ret = krb5_c_init_state (bsd_context, in_keyblock, enc_keyusage_o[i],
-				 &encivec_o[i]);
-	if (ret)
-	  goto fail;
-      }
-      break;
-    }
-    return;
- fail:
-    com_err ("kcmd", ret, "Initializing cipher state");
-    abort();
-    }
-
-int rcmd_stream_read(fd, buf, len, sec)
-     int fd;
-     register char *buf;
-     size_t len;
-     int sec;
-{
-    return (*input)(fd, buf, len, sec);
-}
-
-int rcmd_stream_write(fd, buf, len, sec)
-     int fd;
-     register char *buf;
-     size_t len;
-     int sec;
-{
-    return (*output)(fd, buf, len, sec);
-}
-
-/* Because of rcp lossage, translate fd 0 to 1 when writing. */
-static int twrite(fd, buf, len, secondary)
-     int fd;
-     char *buf;
-     size_t len;
-     int secondary;
-{
-    return write((fd == 0) ? 1 : fd, buf, len);
-}
-
-static int v5_des_read(fd, buf, len, secondary)
-     int fd;
-     char *buf;
-     size_t len;
-     int secondary;
-{
-    int nreturned = 0;
-    size_t net_len,rd_len;
-    int cc;
-    unsigned char c;
-    krb5_error_code ret;
-    krb5_data plain;
-    krb5_enc_data cipher;
-
-    if (nstored >= len) {
-	memcpy(buf, store_ptr, len);
-	store_ptr += len;
-	nstored -= len;
-	return(len);
-    } else if (nstored) {
-	memcpy(buf, store_ptr, nstored);
-	nreturned += nstored;
-	buf += nstored;
-	len -= nstored;
-	nstored = 0;
-    }
-
-    while (1) {
-	cc = krb5_net_read(bsd_context, fd, &c, 1);
-	/* we should check for non-blocking here, but we'd have
-	   to make it save partial reads as well. */
-	if (cc <= 0) return cc; /* read error */
-	if (cc == 1) {
-	    if (c == 0 || !do_lencheck) break;
-	}
-    }
-
-    rd_len = c;
-    if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
-    rd_len = (rd_len << 8) | c;
-    if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
-    rd_len = (rd_len << 8) | c;
-    if ((cc = krb5_net_read(bsd_context, fd, &c, 1)) != 1) return 0;
-    rd_len = (rd_len << 8) | c;
-
-    ret = krb5_c_encrypt_length(bsd_context, keyblock->enctype,
-				use_ivecs ? rd_len + 4 : rd_len,
-				&net_len);
-    if (ret) {
-	errno = ret;
-	return(-1);
-    }
-
-    if ((net_len <= 0) || (net_len > sizeof(des_inbuf))) {
-	/* preposterous length, probably out of sync */
-	errno = EIO;
-	return(-1);
-    }
-    if ((cc = krb5_net_read(bsd_context, fd, desinbuf.data, net_len)) != net_len) {
-	/* probably out of sync */
-	errno = EIO;
-	return(-1);
-    }
-
-    cipher.enctype = ENCTYPE_UNKNOWN;
-    cipher.ciphertext.length = net_len;
-    cipher.ciphertext.data = desinbuf.data;
-    plain.length = sizeof(storage);
-    plain.data = storage;
-
-    /* decrypt info */
-    ret = krb5_c_decrypt(bsd_context, keyblock, enc_keyusage_i[secondary],
-			 use_ivecs ? encivec_i + secondary : 0,
-			 &cipher, &plain);
-    if (ret) {
-	/* probably out of sync */
-	errno = EIO;
-	return(-1);
-    }
-    store_ptr = storage;
-    nstored = rd_len;
-    if (use_ivecs) {
-	int rd_len2;
-	rd_len2 = storage[0] & 0xff;
-	rd_len2 <<= 8; rd_len2 |= storage[1] & 0xff;
-	rd_len2 <<= 8; rd_len2 |= storage[2] & 0xff;
-	rd_len2 <<= 8; rd_len2 |= storage[3] & 0xff;
-	if (rd_len2 != rd_len) {
-	    /* cleartext length trashed? */
-	    errno = EIO;
-	    return -1;
-	}
-	store_ptr += 4;
-    }
-    if (nstored > len) {
-	memcpy(buf, store_ptr, len);
-	nreturned += len;
-	store_ptr += len;
-	nstored -= len;
-    } else {
-	memcpy(buf, store_ptr, nstored);
-	nreturned += nstored;
-	nstored = 0;
-    }
-
-    return(nreturned);
-}
-
-
-
-static int v5_des_write(fd, buf, len, secondary)
-     int fd;
-     char *buf;
-     size_t len;
-     int secondary;
-{
-    krb5_data plain;
-    krb5_enc_data cipher;
-    char tmpbuf[2*RCMD_BUFSIZ+8];
-    unsigned char *len_buf = (unsigned char *) tmpbuf;
-
-    if (use_ivecs) {
-	unsigned char *lenbuf2 = (unsigned char *) tmpbuf;
-	if (len + 4 > sizeof(tmpbuf))
-	    abort ();
-	lenbuf2[0] = (len & 0xff000000) >> 24;
-	lenbuf2[1] = (len & 0xff0000) >> 16;
-	lenbuf2[2] = (len & 0xff00) >> 8;
-	lenbuf2[3] = (len & 0xff);
-	memcpy (tmpbuf + 4, buf, len);
-
-	plain.data = tmpbuf;
-	plain.length = len + 4;
-    } else {
-	plain.data = buf;
-	plain.length = len;
-    }
-
-    cipher.ciphertext.length = sizeof(des_outpkt)-4;
-    cipher.ciphertext.data = desoutbuf.data;
-
-    if (krb5_c_encrypt(bsd_context, keyblock, enc_keyusage_o[secondary],
-		       use_ivecs ? encivec_o + secondary : 0,
-		       &plain, &cipher)) {
-	errno = EIO;
-	return(-1);
-    }
-
-    desoutbuf.length = cipher.ciphertext.length;
-
-    len_buf = (unsigned char *) des_outpkt;
-    len_buf[0] = (len & 0xff000000) >> 24;
-    len_buf[1] = (len & 0xff0000) >> 16;
-    len_buf[2] = (len & 0xff00) >> 8;
-    len_buf[3] = (len & 0xff);
-
-    if (write(fd, des_outpkt,desoutbuf.length+4) != desoutbuf.length+4){
-	errno = EIO;
-	return(-1);
-    }
-
-    else return(len);
-}
-
-
-#ifndef HAVE_STRSAVE
-/* Strsave was a routine in the version 4 krb library: we put it here
-   for compatablilty with version 5 krb library, since kcmd.o is linked
-   into all programs. */
-
-char *
-strsave(sp)
-    const char *sp;
-{
-    register char *ret;
-
-    if((ret = strdup(sp)) == NULL) {
-	fprintf(stderr, "no memory for saving args\n");
-	exit(1);
-    }
-    return(ret);
-}
-#endif
-
-/* Server side authentication, etc */
-
-int princ_maps_to_lname(principal, luser)
-     krb5_principal principal;
-     char *luser;
-{
-    char kuser[10];
-    if (!(krb5_aname_to_localname(bsd_context, principal,
-				  sizeof(kuser), kuser))
-	&& (strcmp(kuser, luser) == 0)) {
-	return 1;
-    }
-    return 0;
-}
-
-int default_realm(principal)
-     krb5_principal principal;
-{
-    char *def_realm;
-    int retval;
-
-    if ((retval = krb5_get_default_realm(bsd_context, &def_realm))) {
-	return 0;
-    }
-
-    if (!data_eq_string(*krb5_princ_realm(bsd_context, principal),
-			def_realm)) {
-	free(def_realm);
-	return 0;
-    }
-    free(def_realm);
-    return 1;
-}
diff --git a/src/appl/bsd/klogind.M b/src/appl/bsd/klogind.M
deleted file mode 100644
index 574ae67..0000000
--- a/src/appl/bsd/klogind.M
+++ /dev/null
@@ -1,174 +0,0 @@
-.\" Copyright (c) 1983 Regents of the University of California.
-.\" All rights reserved.  The Berkeley software License Agreement
-.\" specifies the terms and conditions for redistribution.
-.\"
-.\"	@(#)rlogind.8	6.3 (Berkeley) 5/24/86
-.\"
-.TH KLOGIND 8
-.SH NAME
-klogind \- remote login server
-.SH SYNOPSIS
-.B klogind
-[
-.B \-rcpPef
-]
-[[ \fB\-w\fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP ]] ]
-[ \fB\-D\fP \fIport\fP ]
-.SH DESCRIPTION
-.I Klogind
-is the server for the 
-.IR rlogin (1)
-program.  The server is 
-based on rlogind(8) but uses Kerberos authentication.
-.PP
-The 
-.I klogind
-server is invoked by \fIinetd(8)\fP when it receives a connection on
-the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
-configuration line for \fIklogind\fP might be:
-
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
-
-When a service request is received, the following protocol is initiated:
-
-.IP 1)
-Check authentication.
-.IP 2)
-Check authorization via the access-control files \fI.k5login\fP and
-\fI.klogin\fP in the user's home directory.
-.IP 3)
-Prompt for password if any checks fail and the \fI-p\fP option was supplied.
-.PP
-If the authentication succeeds, login the user by calling the accompanying 
-login.krb5.
-.PP
-klogind allows Kerberos V5 authentication with the \fI.k5login\fP
-access control file to be trusted.  If this authorization check is
-passed, then the user is allowed to log in.  If the user has no
-\fI.k5login\fP file, the login will be authorized if the results of
-krb5_aname_to_localname conversion matches the account name.  Unless
-special rules are configured, this will be true if and only if the
-Kerberos principal of the connecting user is in the default local
-realm and the principal portion matches the account name.
-.PP 
-The configuration of \fIklogind\fP is done
-by command line arguments passed by inetd.  The options are:
-
-.IP \fB\-P\fP
-Prompt the user for a password.
-If the -P option is passed, then the password is verified in addition
-to all other checks.
-
-.IP \fB\-e\fP
-Create an encrypted session. 
-
-.IP \fB\-c\fP 
-Require Kerberos V5 clients to present a cryptographic checksum of
-initial connection information like the name of the user that the
-client is trying to access in the initial authenticator.  This
-checksum provides additionl security by preventing an attacker from
-changing the initial connection information.  If this option is
-specified, older Kerberos V5 clients that do not send a checksum in
-the authenticator will not be able to authenticate to this server.
-This option is mutually exclusive with the \fB-i\fP option.
-
-	If neither the \fB-c\fP or \fB-i\fP options are specified,then
-checksums are validated if presented.  Since it is difficult to remove
-a checksum from an authenticator without making the authenticator
-invalid, this default mode is almost as significant of a security
-improvement as \fB-c\fP if new clients are used.  It has the additional
-advantage of backwards compatability with some clients.
-Unfortunately, clients before Kerberos V5, Beta5, generate invalid
-checksums; if these clients are used, the \fB-i\fP option must be
-used.
-
-.IP \fB\-i\fP 
-Ignore authenticator checksums if provided.  This option
-ignore authenticator checksusm presented by current Kerberos clients
-to protect initial connection information; it is the opposite of
-\fB-c\fP.  This option is provided because some older
-clients--particularly clients predating the release of Kerberos V5
-Beta5 (May 1995)--present bogus checksums that prevent Kerberos
-authentication from succeeding in the default mode.
-
-.PP
-The parent of the login process manipulates the master side of the
-pseduo terminal, operating as an intermediary between the login
-process and the client instance of the
-.I rlogin(1)
-program.  In normal operation, the packet protocol described in
-.IR pty (4)
-is invoked to provide ^S/^Q type facilities and propagate interrupt
-signals to the remote programs.  The login process propagates the
-client terminal's baud rate and terminal type, as found in the
-environment variable, ``TERM''; see
-.IR environ (7).
-The screen or
-window size of the terminal is requested from the client, and window
-size changes from the client are propagated to the pseudo terminal.
-
-.PP
-.I Klogind
-supports the following options to control the form of the hostname
-passed to login(1):
-
-.TP
-\fB\-w \fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]
-Controls the form of the remote hostname passed to login(1).
-Specifying \fBip\fP results in the numeric IP address always being
-passed to login(1).  Specifying a number, \fImaxhostlen\fP, sets the
-maximum length of the hostname passed to login(1) before it will be
-passed as a numeric IP address.  If \fImaxhostlen\fP is 0, then the
-system default, as determined by the utmp or utmpx structures, is
-used.  The \fBnostriplocal\fP and \fBstriplocal\fP options, which must
-be preceded by a comma, control whether or not the local host domain
-is stripped from the remote hostname.  By default, the equivalent of
-\fBstriplocal\fP is in effect.
-
-.PP
-.I Klogind
-supports five options which are used for testing
-purposes:
-
-.IP \fB\-S\ keytab\fP 10
-Set the \fIkeytab\fP file to use.
-
-.IP \fB\-M\ realm\fP
-Set the Kerberos realm to use.
-
-.IP \fB\-L\ login\fP
-Set the login program to use.  This option only has an effect if
-DO_NOT_USE_K_LOGIN was not defined when
-.I klogind
-was compiled.
-
-.IP \fB\-D\ port\fP
-Run in standalone mode, listening on \fBport\fP.  The daemon will exit
-after one connection and will not background itself.
-
-.IP \fB\-f\fP
-Allows for standalone daemon operation.  A new child is started for
-each incoming connection and waits for it to finish before accepting
-the next connection.  This automagically figures out which port to bind
-to if no port is specified.
-
-.SH DIAGNOSTICS
-All diagnostic messages are returned on the connection
-associated with the
-.BR stderr ,
-after which any network connections are closed.
-An error is indicated by a leading byte with a value of 1.
-.PP
-.B ``Try again.''
-.br
-A
-.I fork
-by the server failed.
-.PP
-.B ``/bin/sh: ...''
-.br
-The user's login shell could not be started.
-.SH SEE ALSO
-rlogind(8), rlogin(1)
-.SH BUGS
-A more extensible protocol should be used.
diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c
deleted file mode 100644
index 0d9089a..0000000
--- a/src/appl/bsd/krcp.c
+++ /dev/null
@@ -1,1363 +0,0 @@
-/*
- *	appl/bsd/krcp.c
- */
-
-/*
- * Copyright (c) 1983 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-  "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)rcp.c	5.10 (Berkeley) 9/20/88 */
-
-     /*
-      * rcp
-      */
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <sys/param.h>
-#ifndef _TYPES_
-#include <sys/types.h>
-#define _TYPES_
-#endif
-#include <sys/file.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/ioctl.h>
-
-#include <netinet/in.h>
-
-#include <stdio.h>
-#include <signal.h>
-#include <pwd.h>
-#include <ctype.h>
-#include <netdb.h>
-#include <errno.h>
-#include <string.h>
-#ifdef HAVE_VFORK_H
-#include <vfork.h>
-#endif
-#include <stdarg.h>
-#include <sys/wait.h>
-
-#ifdef KERBEROS
-#include "k5-int.h"
-#include <k5-util.h>
-#include <com_err.h>
-
-#include "defines.h"
-
-#define RCP_BUFSIZ 4096
-
-int sock;
-char *krb_realm = NULL;
-char *krb_cache = NULL;
-char *krb_config = NULL;
-krb5_encrypt_block eblock;         /* eblock for encrypt/decrypt */
-krb5_context bsd_context;
-
-void	try_normal(char **);
-char	**save_argv(int, char **);
-#ifndef HAVE_STRSAVE
-char	*strsave();
-#endif
-int	rcmd_stream_write(), rcmd_stream_read();
-void 	usage(void), sink(int, char **),
-    source(int, char **), rsource(char *, struct stat *), verifydir(char *),
-    answer_auth(char *, char *);
-int	response(void), hosteq(char *, char *), okname(char *),
-    susystem(char *);
-int	encryptflag = 0;
-
-#ifndef UCB_RCP
-#define	UCB_RCP	"/bin/rcp"
-#endif
-
-#endif /* KERBEROS */
-
-int	rem;
-char	*colon(char *);
-int	errs;
-krb5_sigtype	lostconn(int);
-int	iamremote, targetshouldbedirectory;
-int	iamrecursive;
-int	pflag;
-int	forcenet;
-struct	passwd *pwd;
-int	userid;
-int	port = 0;
-
-struct buffer {
-    unsigned int cnt;
-    char	*buf;
-};
-
-struct buffer *allocbuf(struct buffer *, int, int);
-
-#define	NULLBUF	(struct buffer *) 0
-
-void 	error (char *fmt, ...)
-#if !defined (__cplusplus) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7))
-       __attribute__ ((__format__ (__printf__, 1, 2)))
-#endif
-     ;
-
-#define	ga()	 	(void) rcmd_stream_write(rem, "", 1, 0)
-
-int main(argc, argv)
-     int argc;
-     char **argv;
-{
-    char *targ, *host, *src;
-    char *suser, *tuser, *thost;
-    int i;
-    char buf[RCP_BUFSIZ], cmdbuf[30];
-    char *cmd = cmdbuf;
-    struct servent *sp;
-    static char curhost[256];
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-#ifdef KERBEROS
-    krb5_flags authopts;
-    krb5_error_code status;
-    int euid;
-    char **orig_argv = save_argv(argc, argv);
-    krb5_auth_context auth_context;
-    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
-
-    status = krb5_init_context(&bsd_context);
-    if (status) {
-	    com_err(argv[0], status, "while initializing krb5");
-	    exit(1);
-    }
-#endif
-
-    pwd = getpwuid(userid = getuid());
-    if (pwd == 0) {
-	fprintf(stderr, "who are you?\n");
-	exit(1);
-    }
-
-    for (argc--, argv++; argc > 0 && **argv == '-'; argc--, argv++) {
-	(*argv)++;
-	while (**argv) switch (*(*argv)++) {
-
-	  case 'r':
-	    iamrecursive++;
-	    break;
-
-	  case 'p':		/* preserve mtimes and atimes */
-	    pflag++;
-	    break;
-
-	  case 'D':
-	    argc--, argv++;
-	    if (argc == 0)
-	      usage();
-	    port = htons(atoi(*argv));
-	    goto next_arg;
-
-	  case 'N':
-	    forcenet++;
-	    break;
-
-#ifdef KERBEROS
-	  case 'x':
-	    encryptflag++;
-	    break;
-	  case 'k':		/* Change kerberos realm */
-	    argc--, argv++;
-	    if (argc == 0)
-	      usage();
-	    if(!(krb_realm = strdup(*argv))){
-		fprintf(stderr, "rcp: Cannot malloc.\n");
-		exit(1);
-	    }
-	    goto next_arg;
-	  case 'c':		/* Change default ccache file */
-	    argc--, argv++;
-	    if (argc == 0)
-	      usage();
-	    if(!(krb_cache = strdup(*argv))){
-		fprintf(stderr, "rcp: Cannot malloc.\n");
-		exit(1);
-	    }
-	    goto next_arg;
-	  case 'C':		/* Change default config file */
-	    argc--, argv++;
-	    if (argc == 0)
-	      usage();
-	    if(!(krb_config = strdup(*argv))){
-		fprintf(stderr, "rcp: Cannot malloc.\n");
-		exit(1);
-	    }
-	    goto next_arg;
-	  case 'P':
-	    if (!strcmp (*argv, "O"))
-		kcmd_proto = KCMD_OLD_PROTOCOL;
-	    else if (!strcmp (*argv, "N"))
-		kcmd_proto = KCMD_NEW_PROTOCOL;
-	    else
-		usage ();
-	    goto next_arg;
-#endif /* KERBEROS */
-	    /* The rest of these are not for users. */
-	  case 'd':
-	    targetshouldbedirectory = 1;
-	    break;
-
-	  case 'f':		/* "from" */
-	    iamremote = 1;
-	    rcmd_stream_init_normal();
-#if defined(KERBEROS)
-	    if (encryptflag)
-	      answer_auth(krb_config, krb_cache);
-#endif /* KERBEROS */
-
-	    (void) response();
-	    source(--argc, ++argv);
-	    exit(errs);
-
-	  case 't':		/* "to" */
-	    iamremote = 1;
-	    rcmd_stream_init_normal();
-#if defined(KERBEROS)
-	    if (encryptflag)
-	      answer_auth(krb_config, krb_cache);
-#endif /* KERBEROS */
-
-	    sink(--argc, ++argv);
-	    exit(errs);
-
-	  default:
-	    usage();
-	}
-      next_arg: ;
-    }
-
-    if (argc < 2)
-      usage();
-    if (argc > 2)
-      targetshouldbedirectory = 1;
-    rem = -1;
-
-
-    if (port == 0) {
-#ifdef KERBEROS
-      sp = getservbyname("kshell", "tcp");
-#else
-      sp = getservbyname("shell", "tcp");
-#endif /* KERBEROS */
-
-      if (sp == NULL) {
-#ifdef KERBEROS
-	fprintf(stderr, "rcp: kshell/tcp: unknown service\n");
-	try_normal(orig_argv);
-#else
-	fprintf(stderr, "rcp: shell/tcp: unknown service\n");
-	exit(1);
-#endif /* KERBEROS */
-      }
-      port = sp->s_port;
-    }
-
-#ifdef KERBEROS
-    if (asprintf(&cmd, "%srcp %s%s%s%s%s%s%s%s%s",
-		 encryptflag ? "-x " : "",
-
-		 iamrecursive ? " -r" : "", pflag ? " -p" : "",
-		 targetshouldbedirectory ? " -d" : "",
-		 krb_realm != NULL ? " -k " : "",
-		 krb_realm != NULL ? krb_realm : "",
-		 krb_cache != NULL ? " -c " : "",
-		 krb_cache != NULL ? krb_cache : "",
-		 krb_config != NULL ? " -C " : "",
-		 krb_config != NULL ? krb_config : "") < 0) {
-	fprintf(stderr, "rcp: Cannot malloc.\n");
-	exit(1);
-    }
-
-#else /* !KERBEROS */
-    (void) snprintf(cmd, sizeof(cmdbuf), "rcp%s%s%s",
-		    iamrecursive ? " -r" : "", pflag ? " -p" : "",
-		    targetshouldbedirectory ? " -d" : "");
-#endif /* KERBEROS */
-
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = lostconn;
-    (void) sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGPIPE, lostconn);
-#endif
-    targ = colon(argv[argc - 1]);
-
-    /* Check if target machine is the current machine. */
-
-    gethostname(curhost, sizeof(curhost));
-    if (targ) {				/* ... to remote */
-	*targ++ = 0;
-	if (hosteq(argv[argc - 1], curhost)) {
-
-	    /* If so, pretend there wasn't even one given
-	     * check for an argument of just "host:", it
-	     * should become "."
-	     */
-
-	    if (*targ == 0) {
-		targ = ".";
-		argv[argc - 1] = targ;
-	    }
-	    else
-	      argv[argc - 1] = targ;
-	    targ = 0;
-	}
-    }
-    if (targ) {
-	/* Target machine is some remote machine */
-	if (*targ == 0)
-	  targ = ".";
-	thost = strchr(argv[argc - 1], '@');
-	if (thost) {
-	    *thost++ = 0;
-	    tuser = argv[argc - 1];
-	    if (*tuser == '\0')
-	      tuser = NULL;
-	    else if (!okname(tuser))
-	      exit(1);
-	} else {
-	    thost = argv[argc - 1];
-	    tuser = NULL;
-	}
-	for (i = 0; i < argc - 1; i++) {
-	    src = colon(argv[i]);
-	    if (src) {		/* remote to remote */
-		*src++ = 0;
-		if (*src == 0)
-		  src = ".";
-		host = strchr(argv[i], '@');
-		if (host) {
-		    *host++ = 0;
-		    suser = argv[i];
-		    if (*suser == '\0')
-		      suser = pwd->pw_name;
-		    else if (!okname(suser))
-		      continue;
-		    (void) snprintf(buf, sizeof(buf),
-#if defined(hpux) || defined(__hpux)
-				    "remsh %s -l %s -n %s %s '%s%s%s:%s'",
-#else
-				    "rsh %s -l %s -n %s %s '%s%s%s:%s'",
-#endif
-				    host, suser, cmd, src,
-				    tuser ? tuser : "",
-				    tuser ? "@" : "",
-				   thost, targ);
-	       } else
-		   (void) snprintf(buf, sizeof(buf),
-#if defined(hpux) || defined(__hpux)
-				   "remsh %s -n %s %s '%s%s%s:%s'",
-#else
-				   "rsh %s -n %s %s '%s%s%s:%s'",
-#endif
-				   argv[i], cmd, src,
-				   tuser ? tuser : "",
-				   tuser ? "@" : "",
-				   thost, targ);
-		(void) susystem(buf);
-	    } else {		/* local to remote */
-		krb5_creds *cred;
-		if (rem == -1) {
-		    (void) snprintf(buf, sizeof(buf), "%s -t %s",
-				    cmd, targ);
-		    host = thost;
-#ifdef KERBEROS
-		    authopts = AP_OPTS_MUTUAL_REQUIRED;
-		    status = kcmd(&sock, &host,
-				  port,
-				  pwd->pw_name,
-				  tuser ? tuser :
-				  pwd->pw_name,
-				  buf,
-				  0,
-				  "host",
-				  krb_realm,
-				  &cred,
-				  0,  /* No seq # */
-				  0,  /* No server seq # */
-				  (struct sockaddr_in *) 0,
-				  (struct sockaddr_in *) 0,
-				  &auth_context, authopts,
-				  0, /* Not any port # */
-				  0,
-				  &kcmd_proto);
-		    if (status) {
-			if (kcmd_proto == KCMD_NEW_PROTOCOL)
-			    /* Don't fall back to less safe methods.  */
-			    exit (1);
-			try_normal(orig_argv);
-		    }
-		    else {
-			krb5_boolean similar;
-			krb5_keyblock *key = &cred->keyblock;
-
-			status = krb5_c_enctype_compare(bsd_context,
-							ENCTYPE_DES_CBC_CRC,
-							cred->keyblock.enctype,
-							&similar);
-			if (status)
-			    try_normal(orig_argv); /* doesn't return */
-
-			if (!similar) {
-			    status = krb5_auth_con_getsendsubkey (bsd_context,
-								  auth_context,
-								  &key);
-			    if ((status || !key) && encryptflag)
-				try_normal(orig_argv);
-			}
-			if (key == 0)
-			    key = &cred->keyblock;
-
-			rcmd_stream_init_krb5(key, encryptflag, 0, 1,
-					      kcmd_proto);
-		    }
-		    rem = sock;
-#else
-		    rem = rcmd(&host, port, pwd->pw_name,
-			       tuser ? tuser : pwd->pw_name,
-			       buf, 0);
-		    if (rem < 0)
-		      exit(1);
-#endif /* KERBEROS */
-		    if (response() < 0)
-		      exit(1);
-		}
-		source(1, argv+i);
-	    }
-	}
-    } else {				/* ... to local */
-	if (targetshouldbedirectory)
-	  verifydir(argv[argc - 1]);
-	for (i = 0; i < argc - 1; i++) {
-	    src = colon(argv[i]);
-	    /* Check if source machine is current machine */
-	    if (src) {
-		*src++ = 0;
-		if (hosteq(argv[i], curhost)) {
-
-		    /* If so, pretend src machine never given */
-
-		    if (*src == 0) {
-			error("rcp: no path given in arg: %s:\n",
-			      argv[i]);
-			errs++;
-			continue;
-		    }
-		    argv[i] = src;
-		    src = 0;
-		} else {
-		    /* not equiv, return colon */
-		    *(--src) = ':';
-		}
-	    }
-	    if (src == 0) {		/* local to local */
-		(void) snprintf(buf, sizeof(buf), "/bin/cp%s%s %s %s",
-				iamrecursive ? " -r" : "",
-				pflag ? " -p" : "",
-				argv[i], argv[argc - 1]);
-		(void) susystem(buf);
-	    } else {		/* remote to local */
-		krb5_creds *cred;
-		*src++ = 0;
-		if (*src == 0)
-		  src = ".";
-		host = strchr(argv[i], '@');
-		if (host) {
-		    *host++ = 0;
-		    suser = argv[i];
-		    if (*suser == '\0')
-		      suser = pwd->pw_name;
-		    else if (!okname(suser))
-		      continue;
-		} else {
-		    host = argv[i];
-		    suser = pwd->pw_name;
-		}
-		(void) snprintf(buf, sizeof(buf), "%s -f %s", cmd, src);
-#ifdef KERBEROS
-		authopts = AP_OPTS_MUTUAL_REQUIRED;
-		status = kcmd(&sock, &host,
-			      port,
-			      pwd->pw_name,  suser,
-			      buf,
-			      0,
-			      "host",
-			      krb_realm,
-			      &cred,
-			      0,  /* No seq # */
-			      0,  /* No server seq # */
-			      (struct sockaddr_in *) 0,
-			      (struct sockaddr_in *) 0,
-			      &auth_context, authopts,
-			      0, /* Not any port # */
-			      0,
-			      &kcmd_proto);
-		if (status) {
-			if (kcmd_proto == KCMD_NEW_PROTOCOL)
-			    /* Don't fall back to less safe methods.  */
-			    exit (1);
-			try_normal(orig_argv);
-		} else {
-		    krb5_keyblock *key = &cred->keyblock;
-
-		    if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-			status = krb5_auth_con_getsendsubkey (bsd_context,
-							      auth_context,
-							      &key);
-			if (status) {
-			    com_err (argv[0], status,
-				     "determining subkey for session");
-			    exit (1);
-			}
-			if (!key) {
-			    com_err (argv[0], 0,
-				     "no subkey negotiated for connection");
-			    exit (1);
-			}
-		    }
-
-		    rcmd_stream_init_krb5(key, encryptflag, 0, 1, kcmd_proto);
-		}
-		rem = sock;
-
-		euid = geteuid();
-		if (euid == 0) {
-		    if (setuid(0)) {
-			perror("rcp setuid 0"); errs++; exit(errs);
-		    }
-		    if(krb5_seteuid(userid)) {
-			perror("rcp seteuid user"); errs++; exit(errs);
-		    }
-		}
-		sink(1, argv+argc-1);
-		if (euid == 0) {
-		    if(krb5_seteuid(0)) {
-			perror("rcp seteuid 0"); errs++; exit(errs);
-		    }
-		}
-#else
-		rem = rcmd(&host, port, pwd->pw_name, suser,
-			   buf, 0);
-		if (rem < 0)
-		  continue;
-		rcmd_stream_init_normal();
-#ifdef HAVE_SETREUID
-		if (setreuid(0, userid)) {
-		    perror("rcp setreuid 0,user"); errs++; exit(errs);
-		}
-		sink(1, argv+argc-1);
-		if (setreuid(userid, 0)) {
-		    perror("rcp setreuid user,0"); errs++; exit(errs);
-		}
-#else
-		if (setuid(0)) {
-		  perror("rcp setuid 0"); errs++; exit(errs);
-		}
-		if(seteuid(userid)) {
-		  perror("rcp seteuid user"); errs++; exit(errs);
-		}
-		sink(1, argv+argc-1);
-		if(seteuid(0)) {
-		  perror("rcp seteuid 0"); errs++; exit(errs);
-		}
-#endif
-#endif /* KERBEROS */
-		(void) close(rem);
-		rem = -1;
-	    }
-	}
-    }
-    exit(errs);
-}
-
-
-
-void verifydir(cp)
-     char *cp;
-{
-    struct stat stb;
-
-    if (stat(cp, &stb) >= 0) {
-	if ((stb.st_mode & S_IFMT) == S_IFDIR)
-	  return;
-	errno = ENOTDIR;
-    }
-    error("rcp: %s: %s.\n", cp, error_message(errno));
-    exit(1);
-}
-
-
-
-char *colon(cp)
-     char *cp;
-{
-
-    while (*cp) {
-	if (*cp == ':')
-	  return (cp);
-	if (*cp == '/')
-	  return (0);
-	cp++;
-    }
-    return (0);
-}
-
-
-
-int okname(cp0)
-     char *cp0;
-{
-    register char *cp = cp0;
-    register int c;
-
-    do {
-	c = *cp;
-	if (c & 0200)
-	  goto bad;
-	if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
-	  goto bad;
-	cp++;
-    } while (*cp);
-    return (1);
-  bad:
-    fprintf(stderr, "rcp: invalid user name %s\n", cp0);
-    return (0);
-}
-
-
-
-int susystem(s)
-     char *s;
-{
-    int status;
-    pid_t pid, w;
-#ifdef POSIX_SIGNALS
-    struct sigaction sa, isa, qsa;
-#else
-    register krb5_sigtype (bsd_context, *istat)(), (*qstat)();
-#endif
-
-    if ((pid = vfork()) == 0) {
-	execl("/bin/sh", "sh", "-c", s, (char *)0);
-	_exit(127);
-    }
-
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGINT, &sa, &isa);
-    (void) sigaction(SIGQUIT, &sa, &qsa);
-#else
-    istat = signal(SIGINT, SIG_IGN);
-    qstat = signal(SIGQUIT, SIG_IGN);
-#endif
-
-#ifdef HAVE_WAITPID
-    w = waitpid(pid, &status, 0);
-#else
-    while ((w = wait(&status)) != pid && w != -1) /*void*/ ;
-#endif
-    if (w == (pid_t)-1)
-      status = -1;
-
-#ifdef POSIX_SIGNALS
-    (void) sigaction(SIGINT, &isa, (struct sigaction *)0);
-    (void) sigaction(SIGQUIT, &qsa, (struct sigaction *)0);
-#else
-    (void) signal(SIGINT, istat);
-    (void) signal(SIGQUIT, qstat);
-#endif
-
-    return (status);
-}
-
-void source(argc, argv)
-     int argc;
-     char **argv;
-{
-    char *last, *name;
-    struct stat stb;
-    static struct buffer buffer;
-    struct buffer *bp;
-    int x, readerr, f;
-    unsigned int amt;
-    off_t i;
-    char buf[RCP_BUFSIZ];
-
-    for (x = 0; x < argc; x++) {
-	name = argv[x];
-	if ((f = open(name, 0)) < 0) {
-	    error("rcp: %s: %s\n", name, error_message(errno));
-	    continue;
-	}
-	if (fstat(f, &stb) < 0)
-	  goto notreg;
-	switch (stb.st_mode&S_IFMT) {
-
-	  case S_IFREG:
-	    break;
-
-	  case S_IFDIR:
-	    if (iamrecursive) {
-		(void) close(f);
-		rsource(name, &stb);
-		continue;
-	    }
-	    /* fall into ... */
-	  default:
-	  notreg:
-	    (void) close(f);
-	    error("rcp: %s: not a plain file\n", name);
-	    continue;
-	}
-	last = strrchr(name, '/');
-	if (last == 0)
-	  last = name;
-	else
-	  last++;
-	if (pflag) {
-	    /*
-	     * Make it compatible with possible future
-	     * versions expecting microseconds.
-	     */
-	    (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
-			    stb.st_mtime, stb.st_atime);
-	    (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
-	    if (response() < 0) {
-		(void) close(f);
-		continue;
-	    }
-	}
-	(void) snprintf(buf, sizeof(buf), "C%04o %ld %s\n",
-			(int) stb.st_mode&07777, (long ) stb.st_size, last);
-	(void) rcmd_stream_write(rem, buf, strlen(buf), 0);
-	if (response() < 0) {
-	    (void) close(f);
-	    continue;
-	}
-	if ((bp = allocbuf(&buffer, f, RCP_BUFSIZ)) == NULLBUF) {
-	    (void) close(f);
-	    continue;
-	}
-	readerr = 0;
-	for (i = 0; i < stb.st_size; i += bp->cnt) {
-	    amt = bp->cnt;
-	    if (i + amt > stb.st_size)
-	      amt = stb.st_size - i;
-	    if (readerr == 0 && read(f, bp->buf, amt) != amt)
-	      readerr = errno;
-	    (void) rcmd_stream_write(rem, bp->buf, amt, 0);
-	}
-	(void) close(f);
-	if (readerr == 0)
-	  ga();
-	else
-	  error("rcp: %s: %s\n", name, error_message(readerr));
-	(void) response();
-    }
-}
-
-
-
-#ifndef USE_DIRENT_H
-#include <sys/dir.h>
-#else
-#include <dirent.h>
-#endif
-
-void rsource(name, statp)
-     char *name;
-     struct stat *statp;
-{
-    DIR *d = opendir(name);
-    char *last;
-#ifdef USE_DIRENT_H
-    struct dirent *dp;
-#else
-    struct direct *dp;
-#endif
-    char buf[RCP_BUFSIZ];
-    char *bufv[1];
-
-    if (d == 0) {
-	error("rcp: %s: %s\n", name, error_message(errno));
-	return;
-    }
-    last = strrchr(name, '/');
-    if (last == 0)
-      last = name;
-    else
-      last++;
-    if (pflag) {
-	(void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n",
-			statp->st_mtime, statp->st_atime);
-	(void) rcmd_stream_write(rem, buf, strlen(buf), 0);
-	if (response() < 0) {
-	    closedir(d);
-	    return;
-	}
-    }
-    (void) snprintf(buf, sizeof(buf), "D%04lo %d %s\n",
-		    (long) statp->st_mode&07777, 0, last);
-    (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
-    if (response() < 0) {
-	closedir(d);
-	return;
-    }
-    while ((dp = readdir(d)) != NULL) {
-	if (dp->d_ino == 0)
-	  continue;
-	if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, ".."))
-	  continue;
-	if (strlen(name) + 1 + strlen(dp->d_name) >= RCP_BUFSIZ - 1) {
-	    error("%s/%s: Name too long.\n", name, dp->d_name);
-	    continue;
-	}
-	(void) snprintf(buf, sizeof(buf), "%s/%s", name, dp->d_name);
-	bufv[0] = buf;
-	source(1, bufv);
-    }
-    closedir(d);
-    (void) rcmd_stream_write(rem, "E\n", 2, 0);
-    (void) response();
-}
-
-
-
-int response()
-{
-    char resp, c, rbuf[RCP_BUFSIZ], *cp = rbuf;
-    if (rcmd_stream_read(rem, &resp, 1, 0) != 1)
-      lostconn(0);
-    switch (resp) {
-
-      case 0:				/* ok */
-	return (0);
-
-      default:
-	*cp++ = resp;
-	/* fall into... */
-      case 1:				/* error, followed by err msg */
-      case 2:				/* fatal error, "" */
-	do {
-	    if (rcmd_stream_read(rem, &c, 1, 0) != 1)
-	      lostconn(0);
-	    *cp++ = c;
-	} while (cp < &rbuf[RCP_BUFSIZ] && c != '\n');
-	if (iamremote == 0)
-	  (void) write(2, rbuf, (unsigned) (cp - rbuf));
-	errs++;
-	if (resp == 1)
-	  return (-1);
-	exit(1);
-    }
-    /*NOTREACHED*/
-}
-
-
-
-krb5_sigtype
-  lostconn(signumber)
-    int signumber;
-{
-    if (iamremote == 0)
-      fprintf(stderr, "rcp: lost connection\n");
-    exit(1);
-}
-
-
-#if !defined(HAVE_UTIMES)
-#include <utime.h>
-#include <sys/time.h>
-
-/*
- * We emulate utimes() instead of utime() as necessary because
- * utimes() is more powerful than utime(), and rcp actually tries to
- * set the microsecond values; we don't want to take away
- * functionality unnecessarily.
- */
-int utimes(file, tvp)
-const char *file;
-struct timeval *tvp;
-{
-	struct utimbuf times;
-
-	times.actime = tvp[0].tv_sec;
-	times.modtime = tvp[1].tv_sec;
-	return(utime(file, &times));
-}
-#endif
-
-
-void sink(argc, argv)
-     int argc;
-     char **argv;
-{
-    mode_t mode;
-    mode_t mask = umask(0);
-    off_t i, j;
-    char *targ, *whopp, *cp;
-    int of, wrerr, exists, first;
-    off_t size;
-    unsigned int amt, count;
-    struct buffer *bp;
-    static struct buffer buffer;
-    struct stat stb;
-    int targisdir = 0;
-    char *myargv[1];
-    char cmdbuf[RCP_BUFSIZ], nambuf[RCP_BUFSIZ];
-    int setimes = 0;
-    struct timeval tv[2];
-#define atime	tv[0]
-#define mtime	tv[1]
-#define	SCREWUP(str)	{ whopp = str; goto screwup; }
-
-    if (!pflag)
-      (void) umask(mask);
-    if (argc != 1) {
-	error("rcp: ambiguous target\n");
-	exit(1);
-    }
-    targ = *argv;
-    if (targetshouldbedirectory)
-      verifydir(targ);
-    ga();
-    if (stat(targ, &stb) == 0 && (stb.st_mode & S_IFMT) == S_IFDIR)
-      targisdir = 1;
-    for (first = 1; ; first = 0) {
-	cp = cmdbuf;
-	if (rcmd_stream_read(rem, cp, 1, 0) <= 0)
-	  return;
-	if (*cp++ == '\n')
-	  SCREWUP("unexpected '\\n'");
-	do {
-	    if (rcmd_stream_read(rem, cp, 1, 0) != 1)
-	      SCREWUP("lost connection");
-	} while (*cp++ != '\n');
-	*cp = 0;
-	if (cmdbuf[0] == '\01' || cmdbuf[0] == '\02') {
-	    if (iamremote == 0)
-	      (void) write(2, cmdbuf+1, strlen(cmdbuf+1));
-	    if (cmdbuf[0] == '\02')
-	      exit(1);
-	    errs++;
-	    continue;
-	}
-	*--cp = 0;
-	cp = cmdbuf;
-	if (*cp == 'E') {
-	    ga();
-	    return;
-	}
-
-#define getnum(t) (t) = 0; while (isdigit((int) *cp)) (t) = (t) * 10 + (*cp++ - '0');
-	if (*cp == 'T') {
-	    setimes++;
-	    cp++;
-	    getnum(mtime.tv_sec);
-	    if (*cp++ != ' ')
-	      SCREWUP("mtime.sec not delimited");
-	    getnum(mtime.tv_usec);
-	    if (*cp++ != ' ')
-	      SCREWUP("mtime.usec not delimited");
-	    getnum(atime.tv_sec);
-	    if (*cp++ != ' ')
-	      SCREWUP("atime.sec not delimited");
-	    getnum(atime.tv_usec);
-	    if (*cp++ != '\0')
-	      SCREWUP("atime.usec not delimited");
-	    ga();
-	    continue;
-	}
-	if (*cp != 'C' && *cp != 'D') {
-	    /*
-	     * Check for the case "rcp remote:foo\* local:bar".
-	     * In this case, the line "No match." can be returned
-	     * by the shell before the rcp command on the remote is
-	     * executed so the ^Aerror_message convention isn't
-	     * followed.
-	     */
-	    if (first) {
-		error("%s\n", cp);
-		exit(1);
-	    }
-	    SCREWUP("expected control record");
-	}
-	cp++;
-	mode = 0;
-	for (; cp < cmdbuf+5; cp++) {
-	    if (*cp < '0' || *cp > '7')
-	      SCREWUP("bad mode");
-	    mode = (mode << 3) | (*cp - '0');
-	}
-	if (*cp++ != ' ')
-	  SCREWUP("mode not delimited");
-	size = 0;
-	while (isdigit((int) *cp))
-	  size = size * 10 + (*cp++ - '0');
-	if (*cp++ != ' ')
-	  SCREWUP("size not delimited");
-	if (targisdir) {
-          if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf))
-	    SCREWUP("target name too long");
-	  (void) snprintf(nambuf, sizeof(nambuf), "%s%s%s", targ,
-			  *targ ? "/" : "", cp);
-	} else {
-	  if (strlen(targ) + 1 >= sizeof (nambuf))
-	    SCREWUP("target name too long");
-	  (void) strncpy(nambuf, targ, sizeof(nambuf) - 1);
-	}
-	nambuf[sizeof(nambuf) - 1] = '\0';
-	exists = stat(nambuf, &stb) == 0;
-	if (cmdbuf[0] == 'D') {
-	    if (exists) {
-		if ((stb.st_mode&S_IFMT) != S_IFDIR) {
-		    errno = ENOTDIR;
-		    goto bad;
-		}
-		if (pflag)
-		  (void) chmod(nambuf, mode);
-	    } else if (mkdir(nambuf, mode) < 0)
-	      goto bad;
-	    myargv[0] = nambuf;
-	    sink(1, myargv);
-	    if (setimes) {
-		setimes = 0;
-		if (utimes(nambuf, tv) < 0)
-		  error("rcp: can't set times on %s: %s\n",
-			nambuf, error_message(errno));
-	    }
-	    continue;
-	}
-	if ((of = open(nambuf, O_WRONLY|O_CREAT, mode)) < 0) {
-	  bad:
-	    error("rcp: %s: %s\n", nambuf, error_message(errno));
-	    continue;
-	}
-	if (exists && pflag) {
-#ifdef NOFCHMOD
-	    (void) chmod(nambuf, mode);
-#else
-	    (void) fchmod(of, mode);
-#endif
-	}
-	ga();
-	if ((bp = allocbuf(&buffer, of, RCP_BUFSIZ)) == NULLBUF) {
-	    (void) close(of);
-	    continue;
-	}
-	cp = bp->buf;
-	count = 0;
-	wrerr = 0;
-	for (i = 0; i < size; i += RCP_BUFSIZ) {
-	    amt = RCP_BUFSIZ;
-	    if (i + amt > size)
-	      amt = size - i;
-	    count += amt;
-	    do {
-		j = rcmd_stream_read(rem, cp, amt, 0);
-		if (j <= 0) {
-		    if (j == 0)
-		      error("rcp: dropped connection");
-		    else
-		      error("rcp: %s\n", error_message(errno));
-		    exit(1);
-		}
-		amt -= j;
-		cp += j;
-	    } while (amt > 0);
-	    if (count == bp->cnt) {
-		if (wrerr == 0 &&
-		    write(of, bp->buf, count) != count)
-		  wrerr++;
-		count = 0;
-		cp = bp->buf;
-	    }
-	}
-	if (count != 0 && wrerr == 0 &&
-	    write(of, bp->buf, count) != count)
-	  wrerr++;
-	if (ftruncate(of, size))
-	  error("rcp: can't truncate %s: %s\n", nambuf, error_message(errno));
-	if (close(of) != 0)
-	    error("rcp: error closing %s: %s\n", nambuf, error_message(errno));
-	(void) response();
-	if (setimes) {
-	    setimes = 0;
-	    if (utimes(nambuf, tv) < 0)
-	      error("rcp: can't set times on %s: %s\n",
-		    nambuf, error_message(errno));
-	}
-	if (wrerr)
-	  error("rcp: %s: %s\n", nambuf, error_message(errno));
-	else
-	  ga();
-    }
-  screwup:
-    error("rcp: protocol screwup: %s\n", whopp);
-    exit(1);
-}
-
-
-
-struct buffer *allocbuf(bp, fd, blksize)
-     struct buffer *bp;
-     int fd, blksize;
-{
-    struct stat stb;
-    int size;
-
-    if (fstat(fd, &stb) < 0) {
-	error("rcp: fstat: %s\n", error_message(errno));
-	return (NULLBUF);
-    }
-
-    size = blksize;
-    if (bp->cnt < size) {
-	if (bp->buf != 0)
-	  free(bp->buf);
-	bp->buf = (char *)malloc((unsigned) size);
-	if (bp->buf == 0) {
-	    error("rcp: malloc: out of memory\n");
-	    return (NULLBUF);
-	}
-    }
-    bp->cnt = size;
-    return (bp);
-}
-
-void
-#ifdef HAVE_STDARG_H
-error(char *fmt, ...)
-#else
-/*VARARGS1*/
-error(fmt, va_alist)
-     char *fmt;
-     va_dcl
-#endif
-{
-    va_list ap;
-    char buf[RCP_BUFSIZ], *cp = buf;
-
-#ifdef HAVE_STDARG_H
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-
-    errs++;
-    *cp++ = 1;
-    (void) vsnprintf(cp, sizeof(buf) - (cp - buf), fmt, ap);
-    va_end(ap);
-
-    if (iamremote)
-      (void) rcmd_stream_write(rem, buf, strlen(buf), 0);
-    else
-      (void) write(2, buf+1, strlen(buf+1));
-}
-
-
-
-void usage()
-{
-#ifdef KERBEROS
-    fprintf(stderr,
-	    "Usage: \trcp [-PN | -PO] [-p] [-x] [-k realm] f1 f2; or:\n\trcp [-PN | -PO] [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
-#else
-    fputs("usage: rcp [-p] f1 f2; or: rcp [-rp] f1 ... fn d2\n", stderr);
-#endif
-    exit(1);
-}
-
-
-
-int hosteq(h1, h2)
-     char *h1, *h2;
-{
-    struct hostent *h_ptr;
-    char hname1[256];
-
-    if (forcenet)
-      return(0);
-
-    /* get the official names for the two hosts */
-
-    if ((h_ptr = gethostbyname(h1)) == NULL)
-      return(0);
-    strncpy(hname1, h_ptr->h_name, sizeof (hname1));
-    hname1[sizeof (hname1) - 1] = '\0';
-    if ((h_ptr = gethostbyname(h2)) == NULL)
-      return(0);
-
-    /*return if they are equal (strcmp returns 0 for equal - I return 1) */
-
-    return(!strcmp(hname1, h_ptr->h_name));
-}
-
-
-
-#ifdef KERBEROS
-void try_normal(argv)
-     char **argv;
-{
-    register int i;
-#ifndef     KRB5_ATHENA_COMPAT
-    if (!encryptflag)
-#endif
-	{
-	fprintf(stderr,"trying normal rcp (%s)\n", UCB_RCP);
-	fflush(stderr);
-	/* close all but stdin, stdout, stderr */
-	for (i = getdtablesize(); i > 2; i--)
-	  (void) close(i);
-	execv(UCB_RCP, argv);
-	perror("exec");
-    }
-    exit(1);
-}
-
-
-
-char **save_argv(argc, argv)
-     int argc;
-     char **argv;
-{
-    register int i;
-
-    char **local_argv = (char **)calloc((unsigned) argc+1,
-					(unsigned) sizeof(char *));
-    /* allocate an extra pointer, so that it is initialized to NULL
-       and execv() will work */
-    for (i = 0; i < argc; i++)
-      local_argv[i] = strsave(argv[i]);
-    return(local_argv);
-}
-
-
-
-#ifdef unicos61
-#define SIZEOF_INADDR  SIZEOF_in_addr
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-
-/* This function is mostly vestigial, since under normal operation
- * the -x flag doesn't get set for the server process for encrypted
- * rcp.  It only gets called by beta clients attempting user-to-user
- * authentication. */
-void
-  answer_auth(config_file, ccache_file)
-    char *config_file;
-    char *ccache_file;
-{
-    krb5_data pname_data, msg;
-    krb5_creds creds, *new_creds;
-    krb5_ccache cc;
-    krb5_error_code status;
-    krb5_auth_context auth_context = NULL;
-
-    if (config_file) {
-    	const char * filenames[2];
-    	filenames[1] = NULL;
-    	filenames[0] = config_file;
-    	if ((status = krb5_set_config_files(bsd_context, filenames)))
-	    exit(1);
-    }
-
-    memset (&creds, 0, sizeof(creds));
-
-    if ((status = krb5_read_message(bsd_context, (krb5_pointer)&rem,
-				    &pname_data)))
-	exit(1);
-
-    if ((status = krb5_read_message(bsd_context, (krb5_pointer) &rem,
-				    &creds.second_ticket)))
-	exit(1);
-
-    if (ccache_file == NULL) {
-    	if ((status = krb5_cc_default(bsd_context, &cc)))
-	    exit(1);
-    } else {
-	if ((status = krb5_cc_resolve(bsd_context, ccache_file, &cc)))
-	    exit(1);
-    }
-
-    if ((status = krb5_cc_get_principal(bsd_context, cc, &creds.client)))
-	exit(1);
-
-    if ((status = krb5_parse_name(bsd_context, pname_data.data,
-				  &creds.server)) )
-	exit(1);
-
-    krb5_free_data_contents(bsd_context, &pname_data);
-
-    if ((status = krb5_get_credentials(bsd_context, KRB5_GC_USER_USER, cc,
-				       &creds, &new_creds)))
-	exit(1);
-
-    if ((status = krb5_mk_req_extended(bsd_context, &auth_context,
-				       AP_OPTS_USE_SESSION_KEY,
-				       NULL, new_creds, &msg)))
-	exit(1);
-
-    if ((status = krb5_write_message(bsd_context, (krb5_pointer) &rem,
-				     &msg))) {
-    	krb5_free_data_contents(bsd_context, &msg);
-	exit(1);
-    }
-
-    rcmd_stream_init_krb5(&new_creds->keyblock, encryptflag, 0, 0,
-			  KCMD_OLD_PROTOCOL);
-
-    /* cleanup */
-    krb5_free_cred_contents(bsd_context, &creds);
-    krb5_free_creds(bsd_context, new_creds);
-    krb5_free_data_contents(bsd_context, &msg);
-
-    return;
-}
-
-
-
-char storage[2*RCP_BUFSIZ];		/* storage for the decryption */
-int nstored = 0;
-char *store_ptr = storage;
-
-#endif /* KERBEROS */
diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
deleted file mode 100644
index 0a00e37..0000000
--- a/src/appl/bsd/krlogin.c
+++ /dev/null
@@ -1,1807 +0,0 @@
-/*
- *    appl/bsd/krlogin.c
- */
-
-/*
- * Copyright (c) 1983 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-  "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)rlogin.c	5.12 (Berkeley) 9/19/88 */
-
-
-     /*
-      * rlogin - remote login
-      */
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/errno.h>
-#include <sys/file.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <sys/wait.h>
-#include <fcntl.h>
-
-#include <netinet/in.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <pwd.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <netdb.h>
-
-#ifdef HAVE_SYS_FILIO_H
-/* Solaris needs <sys/filio.h> for FIONREAD */
-#include <sys/filio.h>
-#endif
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#if HAVE_SYS_TIME_H
-#include <sys/time.h>
-#endif
-
-#ifdef POSIX_TERMIOS
-#include <termios.h>
-#ifndef CNUL
-#define CNUL (char) 0
-#endif
-
-#else /* POSIX_TERMIOS */
-#include <sgtty.h>
-#endif /* POSIX_TERMIOS */
-
-#ifdef HAVE_SYS_SOCKIO_H
-/* for SIOCATMARK */
-#include <sys/sockio.h>
-#endif
-
-#ifdef HAVE_STREAMS
-#include <sys/stream.h>
-#include <sys/stropts.h>
-#endif
-
-#ifdef __SCO__
-/* for TIOCPKT_* */
-#include <sys/spt.h>
-/* for struct winsize */
-#include <sys/ptem.h>
-#endif
-
-#ifdef HAVE_STREAMS
-#ifdef HAVE_SYS_PTYVAR_H
-#include <sys/tty.h>
-#include <sys/ttold.h>
-/* solaris actually uses packet mode, so the real macros are needed too */
-#include <sys/ptyvar.h>
-#endif
-#endif
-
-#ifndef TIOCPKT_NOSTOP
-/* These values are over-the-wire protocol, *not* local values */
-#define TIOCPKT_NOSTOP          0x10
-#define TIOCPKT_DOSTOP          0x20
-#define TIOCPKT_FLUSHWRITE      0x02
-#endif
-
-#ifdef HAVE_SYS_IOCTL_COMPAT_H
-#include <sys/ioctl_compat.h>
-#endif
-
-#ifdef CRAY
-#include <sys/ttold.h>
-#endif
-
-
-#ifdef KERBEROS
-#include <krb5.h>
-#include <com_err.h>
-#include "defines.h"
-
-#define RLOGIN_BUFSIZ 5120
-
-void try_normal();
-char *krb_realm = (char *)0;
-int encrypt_flag = 0;
-int fflag = 0, Fflag = 0;
-krb5_creds *cred;
-struct sockaddr_in local, foreign;
-krb5_context bsd_context;
-krb5_auth_context auth_context;
-
-#ifndef UCB_RLOGIN
-#define UCB_RLOGIN      "/usr/ucb/rlogin"
-#endif
-
-#include "rpaths.h"
-#endif /* KERBEROS */
-
-# ifndef TIOCPKT_WINDOW
-# define TIOCPKT_WINDOW 0x80
-# endif /* TIOCPKT_WINDOW */
-
-#ifndef ONOCR
-#define ONOCR 0
-#endif
-
-#ifdef POSIX_TERMIOS
-struct termios deftty;
-#endif
-
-char	*getenv();
-
-char	*name;
-int 	rem = -1;		/* Remote socket fd */
-int	do_inband = 0;
-char	cmdchar = '~';
-int	eight = 1;		/* Default to 8 bit transmission */
-int	no_local_escape = 0;
-int	null_local_username = 0;
-int	flow = 1;			/* Default is to allow flow
-					   control at the local terminal */
-int	flowcontrol;			/* Since emacs can alter the
-					   flow control characteristics
-					   of a session we need a
-					   variable to keep track of
-					   the original characteristics */
-int	confirm = 0;			/* ask if ~. is given before dying. */
-int	litout;
-#if defined(hpux) || defined(__hpux)
-char	*speeds[] =
-{ "0", "50", "75", "110", "134", "150", "200", "300", "600",
-    "900", "1200", "1800", "2400", "3600", "4800", "7200", "9600",
-    "19200", "38400", "EXTA", "EXTB" };
-#else
-/* Solaris note: There are higher values we could use.  But Casper Dik
-   <Casper.Dik@Holland.Sun.Com> mentions in article
-   <casper.938167062@uk-usenet.uk.sun.com> in comp.protocols.kerberos
-   on 1999-09-24 some problems in sending higher values to remote
-   systems (for non-Kerberos rlogind?).  So let's stick with this
-   list.  Even if our current klogind doesn't have the problems, older
-   versions are likely to.
-
-   Daniel S. Riley <dsr@mail.lns.cornell.edu> gives 57600, 76800,
-   115200, 153600, 230400, 307200, 460800 as the higher values.
-   (article <sh6711s713.fsf@lnscu4.lns.cornell.edu> in
-   comp.protocols.kerberos, 1999-09-23) */
-char    *speeds[] =
-{ "0", "50", "75", "110", "134", "150", "200", "300",
-    "600", "1200", "1800", "2400", "4800", "9600", "19200", "38400" };
-#endif
-char	term[256] = "network";
-
-#ifndef POSIX_SIGNALS
-#ifndef sigmask
-#define sigmask(m)    (1 << ((m)-1))
-#endif
-#endif /* POSIX_SIGNALS */
-
-#ifdef NO_WINSIZE
-struct winsize {
-    unsigned short ws_row, ws_col;
-    unsigned short ws_xpixel, ws_ypixel;
-};
-#endif /* NO_WINSIZE */
-int	dosigwinch = 0;
-struct	winsize winsize;
-
-char	*host=0;			/* external, so it can be
-					   reached from confirm_death() */
-
-krb5_sigtype	sigwinch (int);
-int server_message (int);
-void oob (void);
-krb5_sigtype	lostpeer (int);
-void setsignal (int sig, krb5_sigtype (*act)());
-static int read_wrapper(int fd, char *buf, int size, int *got_esc);
-static void prf(char *f);
-void try_normal(char **);
-static void mode(int);
-#ifdef POSIX_SIGNALS
-static int reader(sigset_t *);
-static void doit(sigset_t *);
-#else
-static int reader(int);
-static void doit(int);
-#endif
-static int control(char *, unsigned int);
-static void sendwindow(void);
-static void stop(int), echo(int);
-static void writer(void), done(int);
-static int confirm_death (void);
-
-
-/* to allow exits from signal handlers, without conflicting declarations */
-static krb5_sigtype exit_handler() {
-  exit(1);
-}
-
-
-/*
- * The following routine provides compatibility (such as it is)
- * between 4.2BSD Suns and others.  Suns have only a `ttysize',
- * so we convert it to a winsize.
- */
-#ifdef TIOCGWINSZ
-#define get_window_size(fd, wp)       ioctl(fd, TIOCGWINSZ, wp)
-#else
-#ifdef SYSV
-#ifndef SIGWINCH
-#define SIGWINCH SIGWINDOW
-#endif
-struct ttysize {
-    int ts_lines;
-    int ts_cols;
-};
-#define DEFAULT_LINES 24
-#define DEFAULT_COLS 80
-#endif
-
-
-
-int
-  get_window_size(fd, wp)
-int fd;
-struct winsize *wp;
-{
-    struct ttysize ts;
-    int error;
-#ifdef SYSV
-    char *envbuf;
-    ts.ts_lines = DEFAULT_LINES;
-    ts.ts_cols = DEFAULT_COLS;
-    if (( envbuf = getenv("LINES")) != (char *) 0)
-      ts.ts_lines = atoi(envbuf);
-    if (( envbuf = getenv("COLUMNS")) != (char *) 0)
-      ts.ts_cols = atoi(envbuf);
-#else
-    if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0)
-      return (error);
-#endif
-
-    wp->ws_row = ts.ts_lines;
-    wp->ws_col = ts.ts_cols;
-    wp->ws_xpixel = 0;
-    wp->ws_ypixel = 0;
-    return (0);
-}
-#endif /* TIOCGWINSZ */
-
-
-#ifdef POSIX_TERMIOS
-/* Globals for terminal modes and flow control */
-struct  termios defmodes;
-struct  termios ixon_state;
-#else
-#ifdef USE_TERMIO
-/* Globals for terminal modes and flow control */
-struct  termio defmodes;
-struct  termio ixon_state;
-#endif
-#endif
-
-
-int
-main(argc, argv)
-     int argc;
-     char **argv;
-{
-    char *cp = (char *) NULL;
-#ifdef POSIX_TERMIOS
-    struct termios ttyb;
-#else
-#ifdef USE_TERMIO
-    struct termio ttyb;
-#else
-    struct sgttyb ttyb;
-#endif
-#endif
-    struct passwd *pwd;
-    struct servent *sp;
-    struct servent defaultservent;
-    int uid, options = 0;
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-    sigset_t *oldmask, omask, urgmask;
-#else
-    int oldmask;
-#endif
-    int on = 1;
-#ifdef KERBEROS
-    char **orig_argv = argv;
-    int sock;
-    krb5_flags authopts;
-    krb5_error_code status;
-#endif
-    int port, debug_port = 0;
-    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
-
-    memset(&defaultservent, 0, sizeof(struct servent));
-    if (strrchr(argv[0], '/'))
-      argv[0] = strrchr(argv[0], '/')+1;
-
-    if ( argc < 2 ) goto usage;
-    argc--;
-    argv++;
-
-  another:
-    if (argc > 0 && host == 0 && strncmp(*argv, "-", 1)) {
-	host = *argv;
-	argv++, argc--;
-	goto another;
-    }
-
-    if (argc > 0 && !strcmp(*argv, "-D")) {
-	argv++; argc--;
-	if (*argv == NULL) {
-	    fprintf (stderr,
-		     "rlogin: -D flag must be followed by the debug port.\n");
-	    exit (1);
-	}
-	debug_port = htons(atoi(*argv));
-	argv++; argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-d")) {
-	argv++, argc--;
-	options |= SO_DEBUG;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-c")) {
-	confirm = 1;
-	argv++; argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-a")) {	   /* ask -- make remote */
-	argv++; argc--;			/* machine ask for password */
-	null_local_username = 1;	/* by giving null local user */
-	goto another;			/* id */
-    }
-    if (argc > 0 && !strcmp(*argv, "-t")) {
-	argv++; argc--;
-	if (argc == 0) goto usage;
-	cp = *argv++; argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-n")) {
-	no_local_escape = 1;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-7")) {  /* Pass only 7 bits */
-	eight = 0;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-noflow")) {
-	flow = 0;		/* Turn off local flow control so
-				   that ^S can be passed to emacs. */
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-l")) {
-	argv++, argc--;
-	if (argc == 0)
-	  goto usage;
-	name = *argv++; argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-e", 2)) {
-	cmdchar = argv[0][2];
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-8")) {
-	eight = 1;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-L")) {
-	litout = 1;
-	argv++, argc--;
-	goto another;
-    }
-#ifdef KERBEROS
-    if (argc > 0 && !strcmp(*argv, "-k")) {
-	argv++, argc--;
-	if (argc == 0) {
-	    fprintf(stderr,
-		    "rlogin: -k flag must be followed with a realm name.\n");
-	    exit (1);
-	}
-	if(!(krb_realm = strdup(*argv))){
-	    fprintf(stderr, "rlogin: Cannot malloc.\n");
-	    exit(1);
-	}
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-x")) {
-	encrypt_flag++;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-f")) {
-	if (Fflag) {
-	    fprintf(stderr, "rlogin: Only one of -f and -F allowed\n");
-	    goto usage;
-	}
-	fflag++;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-F")) {
-	if (fflag) {
-	    fprintf(stderr, "rlogin: Only one of -f and -F allowed\n");
-	    goto usage;
-	}
-	Fflag++;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-PO")) {
-	kcmd_proto = KCMD_OLD_PROTOCOL;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-PN")) {
-	kcmd_proto = KCMD_NEW_PROTOCOL;
-	argv++, argc--;
-	goto another;
-    }
-#endif /* KERBEROS */
-    if (host == 0)
-      goto usage;
-    if (argc > 0)
-      goto usage;
-    pwd = getpwuid(getuid());
-    if (pwd == 0) {
-	fprintf(stderr, "Who are you?\n");
-	exit(1);
-    }
-#ifdef KERBEROS
-    status = krb5_init_context(&bsd_context);
-    if (status) {
-	    com_err(argv[0], status, "while initializing krb5");
-	    exit(1);
-    }
-#endif
-
-
-    if (debug_port)
-      port = debug_port;
-    else {
-#ifdef KERBEROS
-    /*
-     * if there is an entry in /etc/services for Kerberos login,
-     * attempt to login with Kerberos.
-     * If we fail at any step,  use the standard rlogin
-     */
-      if (encrypt_flag)
-	sp = getservbyname("eklogin","tcp");
-      else
-	sp = getservbyname("klogin","tcp");
-      if (sp == 0) {
-		sp = &defaultservent;   /* ANL */
-		sp->s_port = encrypt_flag ? htons(2105) : htons(543);
-      }
-#else
-      sp = getservbyname("login", "tcp");
-      if (sp == 0) {
-	fprintf(stderr, "rlogin: login/tcp: unknown service\n");
-	exit(2);
-      }
-#endif /* KERBEROS */
-
-      port = sp->s_port;
-    }
-
-
-    if (cp == (char *) NULL) cp = getenv("TERM");
-    if (cp) {
-      (void) strncpy(term, cp, sizeof (term));
-      term[sizeof (term) - 1] = '\0';
-    }
-#ifdef POSIX_TERMIOS
-	if (tcgetattr(0, &ttyb) == 0) {
-		int ospeed = cfgetospeed (&ttyb);
-
-                term[sizeof(term) - 1] = '\0';
-		(void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
-		if (ospeed >= 50)
-			/* On some systems, ospeed is the baud rate itself,
-			   not a table index.  */
-			snprintf (term + strlen (term),
-				  sizeof(term) - strlen(term), "%d", ospeed);
-		else if (ospeed >= sizeof(speeds)/sizeof(char*))
-			/* Past end of table, but not high enough to
-			   look like a real speed.  */
-			(void) strncat (term, speeds[sizeof(speeds)/sizeof(char*) - 1], sizeof(term) - 1 - strlen(term));
-		else {
-			(void) strncat(term, speeds[ospeed], sizeof(term) - 1 - strlen(term));
-		}
-                term[sizeof (term) - 1] = '\0';
-	}
-#else
-    if (ioctl(0, TIOCGETP, &ttyb) == 0) {
-	(void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
-	(void) strncat(term, speeds[ttyb.sg_ospeed], sizeof(term) - 1 - strlen(term));
-    }
-#endif
-    (void) get_window_size(0, &winsize);
-
-#ifdef POSIX_TERMIOS
-    tcgetattr(0, &defmodes);
-    tcgetattr(0, &ixon_state);
-#else
-#ifdef USE_TERMIO
-    /**** moved before rcmd call so that if get a SIGPIPE in rcmd **/
-    /**** we will have the defmodes set already. ***/
-    (void)ioctl(fileno(stdin), TIOCGETP, &defmodes);
-    (void)ioctl(fileno(stdin), TIOCGETP, &ixon_state);
-#endif
-#endif
-
-    /* Catch SIGPIPE, as that means we lost the connection */
-    /* will use SIGUSR1 for window size hack, so hold it off */
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = lostpeer;
-    (void) sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-
-    (void) sigemptyset(&urgmask);
-    (void) sigaddset(&urgmask, SIGUSR1);
-    oldmask = &omask;
-    (void) sigprocmask(SIG_BLOCK, &urgmask, oldmask);
-#else
-    (void) signal(SIGPIPE, lostpeer);
-#ifdef sgi
-    oldmask = sigignore( sigmask(SIGUSR1));
-#else
-    oldmask = sigblock( sigmask(SIGUSR1));
-#endif
-#endif /* POSIX_SIGNALS */
-
-#ifdef KERBEROS
-    authopts = AP_OPTS_MUTUAL_REQUIRED;
-
-    /* Piggy-back forwarding flags on top of authopts; */
-    /* they will be reset in kcmd */
-    if (fflag || Fflag)
-      authopts |= OPTS_FORWARD_CREDS;
-    if (Fflag)
-      authopts |= OPTS_FORWARDABLE_CREDS;
-
-    status = kcmd(&sock, &host, port,
-		  null_local_username ? "" : pwd->pw_name,
-		  name ? name : pwd->pw_name, term,
-		  0, "host", krb_realm,
-		  &cred,
-		  0,		/* No need for sequence number */
-		  0,		/* No need for server seq # */
-		  &local, &foreign,
-		  &auth_context, authopts,
-		  0,		/* Not any port # */
-		  0,
-		  &kcmd_proto);
-    if (status) {
-	if (kcmd_proto == KCMD_NEW_PROTOCOL && encrypt_flag)
-	    /* Don't fall back to something less secure.  */
-	    exit (1);
-	try_normal(orig_argv);
-    } else {
-	krb5_keyblock *key = 0;
-
-	if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-	    do_inband = 1;
-
-	    status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
-						  &key);
-	    if ((status || !key) && encrypt_flag)
-		try_normal(orig_argv);
-	}
-	if (key == 0)
-	    key = &cred->keyblock;
-
-	rcmd_stream_init_krb5(key, encrypt_flag, 1, 1, kcmd_proto);
-    }
-
-    rem = sock;
-
-#else
-    rem = rcmd(&host, port,
-	       null_local_username ? "" : pwd->pw_name,
-	       name ? name : pwd->pw_name, term, 0);
-#endif /* KERBEROS */
-
-    if (rem < 0)
-      exit(1);
-
-    if (options & SO_DEBUG &&
-	setsockopt(rem, SOL_SOCKET, SO_DEBUG, (char*)&on, sizeof (on)) < 0)
-      perror("rlogin: setsockopt (SO_DEBUG)");
-    uid = getuid();
-    if (setuid(uid) < 0) {
-	perror("rlogin: setuid");
-	exit(1);
-    }
-    flowcontrol = flow;  /* Set up really correct non-volatile variable */
-    doit(oldmask);
-    /*NOTREACHED*/
-  usage:
-#ifdef KERBEROS
-    fprintf (stderr,
-	     "usage: rlogin host [-option] [-option...] [-k realm ] [-t ttytype] [-l username]\n");
-    fprintf (stderr, "     where option is e, 7, 8, noflow, n, a, x, f, F, c, PO, or PN\n");
-#else /* !KERBEROS */
-    fprintf (stderr,
-	     "usage: rlogin host [-option] [-option...] [-t ttytype] [-l username]\n");
-    fprintf (stderr, "     where option is e, 7, 8, noflow, n, a, or c\n");
-#endif /* KERBEROS */
-    exit(1);
-}
-
-
-
-static int confirm_death ()
-{
-    char hostname[33];
-    char input;
-    int answer;
-    if (!confirm) return (1);	/* no confirm, just die */
-
-    if (gethostname (hostname, sizeof(hostname)-1) != 0)
-      strlcpy (hostname, "???", sizeof(hostname));
-    else
-      hostname[sizeof(hostname)-1] = '\0';
-
-    fprintf (stderr, "\r\nKill session on %s from %s (y/n)?  ",
-	     host, hostname);
-    fflush (stderr);
-    if (read(0, &input, 1) != 1)
-      answer = EOF;	/* read from stdin */
-    else
-      answer = (int) input;
-    fprintf (stderr, "%c\r\n", answer);
-    fflush (stderr);
-    return (answer == 'y' || answer == 'Y' || answer == EOF ||
-	    answer == 4);	/* control-D */
-}
-
-
-
-#define CRLF "\r\n"
-
-int	child;
-krb5_sigtype	catchild (int);
-krb5_sigtype	writeroob (int);
-
-int	defflags, tabflag;
-int	deflflags;
-char	deferase, defkill;
-
-#ifdef USE_TERMIO
-char defvtim, defvmin;
-#if defined(hpux) || defined(__hpux)
-#include <sys/bsdtty.h>
-#include <sys/ptyio.h>
-#endif
-struct tchars {
-    char    t_intrc;        /* interrupt */
-    char    t_quitc;        /* quit */
-    char    t_startc;       /* start output */
-    char    t_stopc;        /* stop output */
-    char    t_eofc;         /* end-of-file */
-    char    t_brkc;         /* input delimiter (like nl) */
-};
-#endif
-
-
-#ifndef POSIX_TERMIOS
-#ifdef TIOCGLTC
-/*
- * POSIX 1003.1-1988 does not define a 'suspend' character.
- * POSIX 1003.1-1990 does define an optional VSUSP but not a VDSUSP character.
- * Some termio implementations (A/UX, Ultrix 4.2) include both.
- *
- * However, since this is all derived from the BSD ioctl() and ltchars
- * concept, all these implementations generally also allow for the BSD-style
- * ioctl().  So we'll simplify the problem by only testing for the ioctl().
- */
-struct	ltchars defltc;
-struct	ltchars noltc =	{ -1, -1, -1, -1, -1, -1 };
-#endif
-struct	tchars deftc;
-struct	tchars notc =	{ -1, -1, -1, -1, -1, -1 };
-#endif
-
-static void doit(oldmask)
-#ifdef POSIX_SIGNALS
-    sigset_t *oldmask;
-#else
-    int oldmask;
-#endif
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-
-#ifdef POSIX_TERMIOS
-    (void) tcgetattr(0, &deftty);
-#ifdef VLNEXT
-    /* there's a POSIX way of doing this, but do we need it general? */
-    deftty.c_cc[VLNEXT] = 0;
-#endif
-#else
-#ifdef USE_TERMIO
-    struct termio sb;
-#else
-    struct sgttyb sb;
-#endif
-
-    (void) ioctl(0, TIOCGETP, (char *)&sb);
-    defflags = sb.sg_flags;
-#ifdef USE_TERMIO
-    tabflag = sb.c_oflag & TABDLY;
-    defflags |= ECHO;
-    deferase = sb.c_cc[VERASE];
-    defkill = sb.c_cc[VKILL];
-    sb.c_cc[VMIN] = 1;
-    sb.c_cc[VTIME] = 1;
-    defvtim = sb.c_cc[VTIME];
-    defvmin = sb.c_cc[VMIN];
-    deftc.t_quitc = CQUIT;
-    deftc.t_startc = CSTART;
-    deftc.t_stopc = CSTOP ;
-    deftc.t_eofc = CEOF;
-    deftc.t_brkc =  '\n';
-#else
-    tabflag = defflags & TBDELAY;
-    defflags &= ECHO | CRMOD;
-    deferase = sb.sg_erase;
-    defkill = sb.sg_kill;
-    (void) ioctl(0, TIOCLGET, (char *)&deflflags);
-    (void) ioctl(0, TIOCGETC, (char *)&deftc);
-#endif
-
-    notc.t_startc = deftc.t_startc;
-    notc.t_stopc = deftc.t_stopc;
-    (void) ioctl(0, TIOCGLTC, (char *)&defltc);
-#endif
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGINT, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGINT, SIG_IGN);
-#endif
-
-    setsignal(SIGHUP, exit_handler);
-    setsignal(SIGQUIT, exit_handler);
-
-    child = fork();
-    if (child == -1) {
-	perror("rlogin: fork");
-	done(1);
-    }
-    if (child == 0) {
-	mode(1);
-	if (reader(oldmask) == 0) {
-	    prf("Connection closed.");
-	    exit(0);
-	}
-	sleep(1);
-	prf("\007Connection closed.");
-	exit(3);
-    }
-
-#ifdef POSIX_SIGNALS
-    /* "sa" has already been initialized above. */
-
-    sa.sa_handler = writeroob;
-    (void) sigaction(SIGUSR1, &sa, (struct sigaction *)0);
-
-    sigprocmask(SIG_SETMASK, oldmask, (sigset_t*)0);
-
-    sa.sa_handler = catchild;
-    (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGUSR1, writeroob);
-#ifndef sgi
-    (void) sigsetmask(oldmask);
-#endif
-    (void) signal(SIGCHLD, catchild);
-#endif /* POSIX_SIGNALS */
-    writer();
-    prf("Closed connection.");
-    done(0);
-}
-
-
-
-/*
- * Trap a signal, unless it is being ignored.
- */
-void
-setsignal(sig, act)
-     int sig;
-     krb5_sigtype (*act)();
-{
-#ifdef POSIX_SIGNALS
-    sigset_t omask, igmask;
-    struct sigaction sa;
-
-    sigemptyset(&igmask);
-    sigaddset(&igmask, sig);
-    sigprocmask(SIG_BLOCK, &igmask, &omask);
-#else
-#ifdef sgi
-    int omask = sigignore(sigmask(sig));
-#else
-    int omask = sigblock(sigmask(sig));
-#endif
-#endif /* POSIX_SIGNALS */
-
-#ifdef POSIX_SIGNALS
-    (void) sigaction(sig, (struct sigaction *)0, &sa);
-    if (sa.sa_handler != SIG_IGN) {
-	(void) sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;
-	sa.sa_handler = act;
-	(void) sigaction(sig, &sa, (struct sigaction *)0);
-    }
-    sigprocmask(SIG_SETMASK, &omask, (sigset_t*)0);
-#else
-    if (signal(sig, act) == SIG_IGN)
-	(void) signal(sig, SIG_IGN);
-#ifndef sgi
-    (void) sigsetmask(omask);
-#endif
-#endif
-}
-
-
-
-static void
-done(status)
-     int status;
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-#ifndef HAVE_WAITPID
-    pid_t w;
-#endif
-
-    mode(0);
-    if (child > 0) {
-	/* make sure catchild does not snap it up */
-#ifdef POSIX_SIGNALS
-	(void) sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;
-	sa.sa_handler = SIG_DFL;
-	(void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-	(void) signal(SIGCHLD, SIG_DFL);
-#endif
-
-	if (kill(child, SIGKILL) >= 0) {
-#ifdef HAVE_WAITPID
-	    (void) waitpid(child, 0, 0);
-#else
-	    while ((w = wait(0)) > 0 && w != child)
-		/*void*/;
-#endif
-	}
-    }
-    exit(status);
-}
-
-
-
-
-
-
-/*
- * This is called when the reader process gets the out-of-band (urgent)
- * request to turn on the window-changing protocol.
- */
-krb5_sigtype
-  writeroob(signo)
-int signo;
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-
-    if (dosigwinch == 0) {
-	sendwindow();
-#ifdef POSIX_SIGNALS
-	(void) sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;
-	sa.sa_handler = sigwinch;
-	(void) sigaction(SIGWINCH, &sa, (struct sigaction *)0);
-#else
-	(void) signal(SIGWINCH, sigwinch);
-#endif
-    }
-    dosigwinch = 1;
-}
-
-
-
-krb5_sigtype
-  catchild(signo)
-int signo;
-{
-#ifdef WAIT_USES_INT
-    int status;
-#else
-    union wait status;
-#endif
-    int pid;
-
-  again:
-#ifdef HAVE_WAITPID
-    pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
-#else
-    pid = wait3(&status, WNOHANG|WUNTRACED, (struct rusage *)0);
-#endif
-    if (pid == 0)
-      return;
-    /*
-     * if the child (reader) dies, just quit
-     */
-#ifdef WAIT_USES_INT
-    if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
-      done(status);
-#else
-    if ((pid < 0) || ((pid == child) && (!WIFSTOPPED(status))))
-	done((int)(status.w_termsig | status.w_retcode));
-#endif
-    goto again;
-}
-
-
-
-/*
- * writer: write to remote: 0 -> line.
- * ~.	terminate
- * ~^Z	suspend rlogin process.
- * ~^Y  suspend rlogin process, but leave reader alone.
- */
-static void writer()
-{
-    int n_read;
-    char buf[1024];
-    int got_esc; /* set to true by read_wrapper if an escape char
-		    was encountered */
-    char c;
-
-#ifdef ultrix
-    fd_set waitread;
-    register n;
-
-    /* we need to wait until the reader() has set up the terminal, else
-       the read() below may block and not unblock when the terminal
-       state is reset.
-       */
-    for (;;) {
-	FD_ZERO(&waitread);
-	FD_SET(0, &waitread);
-	n = select(1, &waitread, 0, 0, 0, 0);
-	if (n < 0 && errno == EINTR)
-	  continue;
-	if (n > 0)
-	  break;
-	else
-	  if (n < 0) {
-	      perror("select");
-	      break;
-	  }
-    }
-#endif /* ultrix */
-
-    /* This loop works as follows.  Call read_wrapper to get data until
-       we would block or until we read a cmdchar at the beginning of a line.
-       If got_esc is false, we just send everything we got back.  If got_esc
-       is true, we send everything except the cmdchar at the end and look at
-       the next char.  If its a "." we break out of the loop and terminate.
-       If its ^Z or ^Y we call stop with the value of the char and continue.
-       If its none of those, we send the cmdchar and then send the char we
-       just read, unless that char is also the cmdchar (in which case we are
-       only supposed to send one of them).  When this loop ends, so does the
-       program.
-    */
-
-    for (;;) {
-
-      /* read until we would block or we get a cmdchar */
-      n_read = read_wrapper(0,buf,sizeof(buf),&got_esc);
-
-      /* if read returns an error or 0 bytes, just quit */
-      if (n_read <= 0) {
-	break;
-      }
-
-      if (!got_esc) {
-	if (rcmd_stream_write(rem, buf, (unsigned) n_read, 0) == 0) {
-	  prf("line gone");
-	  break;
-	}
-	continue;
-      }
-      else {
-	/* This next test is necessary to avoid sending 0 bytes of data
-	   in the event that we got just a cmdchar */
-	if (n_read > 1) {
-	  if (rcmd_stream_write(rem, buf, (unsigned) (n_read-1), 0) == 0) {
-	    prf("line gone");
-	    break;
-	  }
-	}
-	if (read_wrapper(0,&c,1,&got_esc) <= 0) {
-	  break;
-	}
-
-#ifdef POSIX_TERMIOS
-	if (c == '.' || c == deftty.c_cc[VEOF])
-#else
-	  if (c == '.' || c == deftc.t_eofc)
-#endif
-	    {
-	      if (confirm_death()) {
-		echo(c);
-		break;
-	      }
-	    }
-
-#ifdef POSIX_TERMIOS
-	if ( (
-	      (c == deftty.c_cc[VSUSP])
-#ifdef VDSUSP
-	      || (c == deftty.c_cc[VDSUSP])
-#endif
-	      )
-	     && !no_local_escape) {
-	  echo(c);
-	  stop(c);
-	  continue;
-	}
-#else /*POSIX_TERMIOS*/
-#ifdef TIOCGLTC
-	if ((c == defltc.t_suspc || c == defltc.t_dsuspc)
-	    && !no_local_escape) {
-	  echo(c);
-	  stop(c);
-	  continue;
-	}
-#endif /*TIOCGLTC*/
-#endif
-
-
-	if (c != cmdchar) {
-	  rcmd_stream_write(rem, &cmdchar, 1, 0);
-	}
-
-	if (rcmd_stream_write(rem,&c,1,0) == 0) {
-	  prf("line gone");
-	  break;
-	}
-      }
-    }
-}
-
-/* This function reads up to size bytes from file desciptor fd into buf.
-   It will copy as much data as it can without blocking, but will never
-   copy more than size bytes.  In addition, if it encounters a cmdchar
-   at the beginning of a line, it will copy everything up to and including
-   the cmdchar, but nothing after that.  In this instance *esc_char is set
-   to true and any remaining data is buffered and copied on a subsequent
-   call.  Otherwise, *esc_char will be set to false and the minimum of size,
-   1024, and the number of bytes that can be read without blocking will
-   be copied.  In all cases, a non-negative return value indicates the number
-   of bytes actually copied and a return value of -1 indicates that there
-   was a read error (other than EINTR) and errno is set appropriately.
-*/
-
-static int read_wrapper(fd,buf,size,got_esc)
-     int fd;
-     char *buf;
-     int size;
-     int *got_esc;
-{
-  static char tbuf[1024];
-  static char *data_start = tbuf;
-  static char *data_end = tbuf;
-  static int bol = 1;
-  unsigned int return_length = 0;
-  char c;
-
-  /* if we have no data buffered, get more */
-  if (data_start == data_end) {
-    int n_read;
-    while ((n_read = read(fd, tbuf, sizeof(tbuf))) <= 0) {
-      if (n_read < 0 && errno == EINTR)
-	continue;
-      return n_read;
-    }
-    data_start = tbuf;
-    data_end = tbuf+n_read;
-  }
-
-  *got_esc = 0;
-
-  /* We stop when we've fully checked the buffer or have checked size
-     bytes.  We break out and set *got_esc if we encounter a cmdchar
-     at the beginning of a line.
-  */
-
-  while (data_start+return_length < data_end && return_length < size) {
-
-    c = *(data_start+return_length);
-    return_length++;
-
-    if (bol == 1 && c == cmdchar) {
-      bol = 0;
-      *got_esc = 1;
-      break;
-    }
-
-#ifdef POSIX_TERMIOS
-    bol = (c == deftty.c_cc[VKILL] ||
-	   c == deftty.c_cc[VINTR] ||
-	   c == '\r' || c == '\n');
-
-#else /* !POSIX_TERMIOS */
-    bol = c == defkill || c == deftc.t_eofc ||
-      c == deftc.t_intrc || c == defltc.t_suspc ||
-      c == '\r' || c == '\n';
-#endif
-  }
-
-  memcpy(buf, data_start, return_length);
-  data_start = data_start + return_length;
-  return return_length;
-}
-
-static void echo(c)
-     register char c;
-{
-    char buf[8];
-    register char *p = buf;
-
-    c &= 0177;
-    *p++ = cmdchar;
-    if (c < ' ') {
-	*p++ = '^';
-	*p++ = c + '@';
-    } else if (c == 0177) {
-	*p++ = '^';
-	*p++ = '?';
-    } else
-      *p++ = c;
-    *p++ = '\r';
-    *p++ = '\n';
-    (void) write(1, buf, (unsigned) (p - buf));
-}
-
-
-
-static void stop(cmdc)
-     char cmdc;
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-
-    mode(0);
-
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGCHLD, SIG_IGN);
-#endif
-
-#ifdef POSIX_TERMIOS
-    (void) kill(cmdc == deftty.c_cc[VSUSP] ? 0 : getpid(), SIGTSTP);
-#else
-#ifdef TIOCGLTC
-    (void) kill(cmdc == defltc.t_suspc ? 0 : getpid(), SIGTSTP);
-#endif
-#endif
-#ifdef POSIX_SIGNALS
-    sa.sa_handler = catchild;
-    (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGCHLD, catchild);
-#endif
-
-    mode(1);
-    sigwinch(SIGWINCH);		/* check for size changes */
-}
-
-
-
-krb5_sigtype
-  sigwinch(signo)
-int signo;
-{
-    struct winsize ws;
-
-    if (dosigwinch && get_window_size(0, &ws) == 0 &&
-	memcmp(&winsize, &ws, sizeof (ws))) {
-	winsize = ws;
-	sendwindow();
-    }
-}
-
-
-
-/*
- * Send the window size to the server via the magic escape
- */
-static void sendwindow()
-{
-    char obuf[4 + sizeof (struct winsize)];
-    struct winsize *wp = (struct winsize *)(void *)(obuf+4);
-
-    obuf[0] = 0377;
-    obuf[1] = 0377;
-    obuf[2] = 's';
-    obuf[3] = 's';
-    wp->ws_row = htons(winsize.ws_row);
-    wp->ws_col = htons(winsize.ws_col);
-    wp->ws_xpixel = htons(winsize.ws_xpixel);
-    wp->ws_ypixel = htons(winsize.ws_ypixel);
-    (void) rcmd_stream_write(rem, obuf, sizeof(obuf), 0);
-}
-
-
-
-/*
- * reader: read from remote: line -> 1
- */
-#define	READING	1
-#define	WRITING	2
-
-char	rcvbuf[8 * 1024];
-int	rcvcnt;
-int	rcvstate;
-int	ppid;
-
-/* returns 1 if flush, 0 otherwise */
-
-int server_message(mark)
-     int mark;
-{
-#ifndef POSIX_TERMIOS
-    int out = FWRITE;
-#endif
-#ifdef POSIX_TERMIOS
-    struct termios tty;
-#else
-#ifdef USE_TERMIO
-    struct termio sb;
-#else
-    struct sgttyb sb;
-#endif
-#endif
-
-    if (mark & TIOCPKT_WINDOW) {
-	/*
-	 * Let server know about window size changes
-	 */
-	(void) kill(ppid, SIGUSR1);
-    }
-#ifdef POSIX_TERMIOS
-    if (!eight && (mark & TIOCPKT_NOSTOP)) {
-      (void) tcgetattr(0, &tty);
-      tty.c_iflag &= ~IXON;
-      (void) tcsetattr(0, TCSADRAIN, &tty);
-    }
-    if (!eight && (mark & TIOCPKT_DOSTOP)) {
-      (void) tcgetattr(0, &tty);
-      tty.c_iflag |= IXON;
-      (void) tcsetattr(0, TCSADRAIN, &tty);
-    }
-#else
-    if (!eight && (mark & TIOCPKT_NOSTOP)) {
-	(void) ioctl(0, TIOCGETP, (char *)&sb);
-#ifdef USE_TERMIO
-	sb.c_iflag |= IXOFF;
-	sb.sg_flags &= ~ICANON;
-#else
-	sb.sg_flags &= ~CBREAK;
-	sb.sg_flags |= RAW;
-	notc.t_stopc = -1;
-	notc.t_startc = -1;
-	(void) ioctl(0, TIOCSETC, (char *)&notc);
-#endif
-	(void) ioctl(0, TIOCSETN, (char *)&sb);
-    }
-    if (!eight && (mark & TIOCPKT_DOSTOP)) {
-	(void) ioctl(0, TIOCGETP, (char *)&sb);
-#ifdef USE_TERMIO
-	sb.sg_flags  |= ICANON;
-	sb.c_iflag |= IXON;
-#else
-	sb.sg_flags &= ~RAW;
-	sb.sg_flags |= CBREAK;
-	notc.t_stopc = deftc.t_stopc;
-	notc.t_startc = deftc.t_startc;
-	(void) ioctl(0, TIOCSETC, (char *)&notc);
-#endif
-	(void) ioctl(0, TIOCSETN, (char *)&sb);
-    }
-#endif
-    if (mark & TIOCPKT_FLUSHWRITE) {
-#ifdef POSIX_TERMIOS
-        (void) tcflush(1, TCOFLUSH);
-#else
-#ifdef  TIOCFLUSH
-	(void) ioctl(1, TIOCFLUSH, (char *)&out);
-#else
-	(void) ioctl(1, TCFLSH, 1);
-#endif
-#endif
-	return(1);
-    }
-
-    return(0);
-}
-
-void oob()
-{
-    char mark;
-    static char waste[RLOGIN_BUFSIZ];
-    int atmark, n;
-
-    mark = 0;
-
-    recv(rem, &mark, 1, MSG_OOB);
-
-    if (server_message(mark)) {
-	for (;;) {
-	    if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
-		perror("ioctl");
-		return;
-	    }
-	    if (atmark)
-		break;
-	    n = read(rem, waste, sizeof (waste));
-	    if (n <= 0)
-		break;
-	}
-    }
-}
-
-/* two control messages are defined:
-
-   a double flag byte of 'o' indicates a one-byte message which is
-   identical to what was once carried out of band.
-
-   a double flag byte of 'q' indicates a zero-byte message.  This
-   message is interpreted as two \377 data bytes.  This is just a
-   quote rule so that binary data from the server does not confuse the
-   client.  */
-
-static int control(cp, n)
-     char *cp;
-     unsigned int n;
-{
-    if ((n >= 5) && (cp[2] == 'o') && (cp[3] == 'o')) {
-	if (server_message(cp[4]))
-	    return(-5);
-	return(5);
-    } else if ((n >= 4) && (cp[2] == 'q') && (cp[3] == 'q')) {
-	/* this is somewhat of a hack */
-	cp[2] = '\377';
-	cp[3] = '\377';
-	return(2);
-    }
-
-    return(0);
-}
-
-/*
- * reader: read from remote: line -> 1
- */
-static int
-reader(oldmask)
-#ifdef POSIX_SIGNALS
-    sigset_t *oldmask;
-#else
-     int oldmask;
-#endif
-{
-    fd_set readset, excset, writeset;
-    int n, remaining;
-    unsigned int left;
-    char *bufp = rcvbuf;
-    char *cp;
-
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0);
-
-#else
-    (void) signal(SIGTTOU, SIG_IGN);
-#endif
-
-    ppid = getppid();
-    FD_ZERO(&readset);
-    FD_ZERO(&excset);
-    FD_ZERO(&writeset);
-#ifdef POSIX_SIGNALS
-    sigprocmask(SIG_SETMASK, oldmask, (sigset_t*)0);
-#else
-#ifndef sgi
-    (void) sigsetmask(oldmask);
-#endif
-#endif /* POSIX_SIGNALS */
-
-    for (;;) {
-	if ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
-	    FD_SET(1,&writeset);
-	    rcvstate = WRITING;
-	    FD_CLR(rem, &readset);
-	} else {
-	    bufp = rcvbuf;
-	    rcvcnt = 0;
-	    rcvstate = READING;
-	    FD_SET(rem,&readset);
-	    FD_CLR(1,&writeset);
-	}
-	if (!do_inband)
-	    FD_SET(rem,&excset);
-	if (select(rem+1, &readset, &writeset, &excset, 0) > 0 ) {
-	    if (!do_inband)
-		if (FD_ISSET(rem, &excset))
-		    oob();
-	    if (FD_ISSET(1,&writeset)) {
-		n = write(1, bufp, remaining);
-		if (n < 0) {
-		    if (errno != EINTR)
-			return (-1);
-		    continue;
-		}
-		bufp += n;
-	    }
-	    if (FD_ISSET(rem, &readset)) {
-	  	rcvcnt = rcmd_stream_read(rem, rcvbuf, sizeof (rcvbuf), 0);
-		if (rcvcnt == 0)
-		    return (0);
-		if (rcvcnt < 0)
-		    goto error;
-
-		if (do_inband) {
-		    for (cp = rcvbuf; cp < rcvbuf+rcvcnt-1; cp++) {
-			if (cp[0] == '\377' &&
-			    cp[1] == '\377') {
-			    left = (rcvbuf+rcvcnt) - cp;
-			    n = control(cp, left);
-			    /* |n| <= left */
-			    if (n < 0) {
-				left -= (-n);
-				rcvcnt = 0;
-				/* flush before, and (-n) bytes */
-				if (left > 0)
-				    memmove(rcvbuf, cp+(-n), left);
-				cp = rcvbuf-1;
-			    } else if (n) {
-				left -= n;
-				rcvcnt -= n;
-				if (left > 0)
-				    memmove(cp, cp+n, left);
-				cp--;
-			    }
-			}
-		    }
-		}
-	    }
-	} else
-error:
-	{
-	    if (errno == EINTR)
-	      continue;
-	    perror("read");
-	    return (-1);
-	}
-    }
-}
-
-
-
-static void mode(f)
-int f;
-{
-#ifdef POSIX_TERMIOS
-    struct termios newtty;
-#ifndef IEXTEN
-#define IEXTEN 0 /* No effect*/
-#endif
-#ifndef _POSIX_VDISABLE
-#define _POSIX_VDISABLE 0 /*A good guess at the disable-this-character character*/
-#endif
-
-    switch(f) {
-    case 0:
-	(void) tcsetattr(0, TCSADRAIN, &deftty);
-	break;
-    case 1:
-	(void) tcgetattr(0, &newtty);
-	/* was __svr4__ */
-#ifdef VLNEXT
-	/* there's a POSIX way of doing this, but do we need it general? */
-	newtty.c_cc[VLNEXT] = _POSIX_VDISABLE;
-#endif
-
-	newtty.c_lflag &= ~(ICANON|ISIG|ECHO|IEXTEN);
-	newtty.c_iflag &= ~(ISTRIP|INLCR|ICRNL);
-
-	if (!flow) {
-	    newtty.c_iflag &= ~(BRKINT|IXON|IXANY);
-	    newtty.c_oflag &= ~(OPOST);
-	} else {
-	    /* XXX - should we set ixon ? */
-	    newtty.c_iflag &= ~(IXON|IXANY);
-	    newtty.c_iflag |=  (BRKINT);
-	    newtty.c_oflag &= ~(ONLCR|ONOCR);
-	    newtty.c_oflag |=  (OPOST);
-	}
-#ifdef TABDLY
-	/* preserve tab delays, but turn off XTABS */
-	if ((newtty.c_oflag & TABDLY) == TAB3)
-	    newtty.c_oflag &= ~TABDLY;
-#endif
-	if (!eight)
-	    newtty.c_iflag |= ISTRIP;
-	if (litout)
-	    newtty.c_oflag &= ~OPOST;
-
-	newtty.c_cc[VMIN] = 1;
-	newtty.c_cc[VTIME] = 0;
-	(void) tcsetattr(0, TCSADRAIN, &newtty);
-	break;
-    default:
-	return;
-	/* NOTREACHED */
-    }
-#else
-    struct ltchars *ltc;
-#ifdef USE_TERMIO
-    struct termio sb;
-#else
-    struct tchars *tc;
-    struct sgttyb sb;
-    int	lflags;
-    (void) ioctl(0, TIOCLGET, (char *)&lflags);
-#endif
-
-    (void) ioctl(0, TIOCGETP, (char *)&sb);
-    switch (f) {
-
-    case 0:
-#ifdef USE_TERMIO
-	/*
-	**      remember whether IXON was set, so it can be restored
-	**      when mode(1) is next done
-	*/
-	(void) ioctl(fileno(stdin), TIOCGETP, &ixon_state);
-	/*
-	**      copy the initial modes we saved into sb; this is
-	**      for restoring to the initial state
-	*/
-	sb = defmodes;
-#else
-	sb.sg_flags &= ~(CBREAK|RAW|TBDELAY);
-	sb.sg_flags |= defflags|tabflag;
-	sb.sg_kill = defkill;
-	sb.sg_erase = deferase;
-	lflags = deflflags;
-	tc = &deftc;
-#endif
-	ltc = &defltc;
-	break;
-
-    case 1:
-#ifdef USE_TERMIO
-	/*
-	**      turn off output mappings
-	*/
-	sb.c_oflag &= ~(ONLCR|OCRNL);
-	/*
-	**      turn off canonical processing and character echo;
-	**      also turn off signal checking -- ICANON might be
-	**      enough to do this, but we're being careful
-	*/
-	sb.c_lflag &= ~(ECHO|ICANON|ISIG);
-	sb.c_cc[VTIME] = 1;
-	sb.c_cc[VMIN] = 1;
-	if (eight)
-	    sb.c_iflag &= ~(ISTRIP);
-#ifdef TABDLY
-	/* preserve tab delays, but turn off tab-to-space expansion */
-	if ((sb.c_oflag & TABDLY) == TAB3)
-	    sb.c_oflag &= ~TAB3;
-#endif
-	/*
-	**  restore current flow control state
-	*/
-	if ((ixon_state.c_iflag & IXON) && flow ) {
-	    sb.c_iflag |= IXON;
-	} else {
-	    sb.c_iflag &= ~IXON;
-	}
-#else /* ! USE_TERMIO */
-	sb.sg_flags &= ~(CBREAK|RAW);
-	sb.sg_flags |= (!flow ? RAW : CBREAK);
-	/* preserve tab delays, but turn off XTABS */
-	if ((sb.sg_flags & TBDELAY) == XTABS)
-	    sb.sg_flags &= ~TBDELAY;
-	sb.sg_kill = sb.sg_erase = -1;
-#ifdef LLITOUT
-	if (litout)
-	    lflags |= LLITOUT;
-#endif
-#ifdef LPASS8
-	if (eight)
-	    lflags |= LPASS8;
-#endif /* LPASS8 */
-	tc = &notc;
-	sb.sg_flags &= ~defflags;
-#endif /* USE_TERMIO */
-
-	ltc = &noltc;
-	break;
-
-    default:
-	return;
-    }
-    (void) ioctl(0, TIOCSLTC, (char *)ltc);
-#ifndef USE_TERMIO
-    (void) ioctl(0, TIOCSETC, (char *)tc);
-    (void) ioctl(0, TIOCLSET, (char *)&lflags);
-#endif
-    (void) ioctl(0, TIOCSETN, (char *)&sb);
-#endif /* !POSIX_TERMIOS */
-}
-
-
-
-static void
-prf(f)
-     char *f;
-{
-    fprintf(stderr, "%s", f);
-    fprintf(stderr, CRLF);
-}
-
-
-
-#ifdef KERBEROS
-void try_normal(argv)
-     char **argv;
-{
-    register char *nhost;
-#ifdef POSIX_SIGNALS
-    sigset_t mask;
-#endif
-
-#ifndef KRB5_ATHENA_COMPAT
-    if (encrypt_flag)
-      exit(1);
-#endif
-    fprintf(stderr,"trying normal rlogin (%s)\n",
-	    UCB_RLOGIN);
-    fflush(stderr);
-
-    nhost = strrchr(argv[0], '/');
-    if (nhost)
-      nhost++;
-    else
-      nhost = argv[0];
-    if (!strcmp(nhost, "rlogin") || !strcmp(nhost, "rsh"))
-      argv[0] = UCB_RLOGIN;
-
-#ifdef POSIX_SIGNALS
-    sigemptyset(&mask);
-    sigprocmask(SIG_SETMASK, &mask, NULL);
-#endif
-
-    execv(UCB_RLOGIN, argv);
-    perror("exec");
-    exit(1);
-}
-#endif
-
-
-
-krb5_sigtype lostpeer(signo)
-    int signo;
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-#else
-    (void) signal(SIGPIPE, SIG_IGN);
-#endif
-
-    prf("\007Connection closed.");
-    done(1);
-}
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
deleted file mode 100644
index cc7acad..0000000
--- a/src/appl/bsd/krlogind.c
+++ /dev/null
@@ -1,1430 +0,0 @@
-/*
- *	appl/bsd/krlogind.c
- */
-
-/*
- * Copyright (c) 1983 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-  "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)rlogind.c	5.17 (Berkeley) 8/31/88 */
-
-     /*
-      * remote login server:
-      *	remuser\0
-      *	locuser\0
-      *	terminal info\0
-      *	data
-      */
-
-/*
- * This is the rlogin daemon. The very basic protocol for checking
- * authentication and authorization is:
- * 1) Check authentication.
- * 2) Check authorization via the access-control files:
- *    ~/.k5login (using krb5_kuserok) and/or
- * 3) Prompt for password if any checks fail, or if so configured.
- * Allow login if all goes well either by calling the accompanying
- * login.krb5 or /bin/login, according to the definition of
- * DO_NOT_USE_K_LOGIN.l
- *
- * The configuration is done either by command-line arguments passed by
- * inetd, or by the name of the daemon. If command-line arguments are
- * present, they  take priority. The options are:
- * -k means trust krb5
- * -p and -P means prompt for password.
- *    If the -P option is passed, then the password is verified in
- * addition to all other checks. If -p is not passed with -k or -r,
- * and both checks fail, then login permission is denied.
- *    - -e means use encryption.
- *
- *    If no command-line arguments are present, then the presence of the
- * letters kKrRexpP in the program-name before "logind" determine the
- * behaviour of the program exactly as with the command-line arguments.
- *
- * If the ruserok check is to be used, then the client should connect
- * from a privileged port, else deny permission.
- */
-
-/* DEFINES:
- *   KERBEROS - Define this if application is to be kerberised.
- *   CRYPT    - Define this if encryption is to be an option.
- *   DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login
- *              instead  of the accompanying login.krb5.
- *   LOG_ALL_LOGINS - Define this if you want to log all logins.
- *   LOG_OTHER_USERS - Define this if you want to log all principals
- *              that do not map onto the local user.
- *   LOG_REMOTE_REALM - Define this if you want to log all principals from
- *              remote realms.
- *       Note:  Root logins are always logged.
- */
-
-/*
- * This is usually done in the Makefile.  Actually, these sources may
- * not work without the KERBEROS #defined.
- *
- * #define KERBEROS
- */
-#define LOG_REMOTE_REALM
-#define CRYPT
-#define USE_LOGIN_F
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef __SCO__
-#include <sys/unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#ifndef KERBEROS
-/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */
-#include <sys/socket.h>
-#endif
-#include <sys/ioctl.h>
-#include <sys/wait.h>
-#include <sys/file.h>
-#include <sys/time.h>
-#include <ctype.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <errno.h>
-#include <pwd.h>
-
-#ifdef HAVE_SYS_LABEL_H
-/* only SunOS 4? */
-#include <sys/label.h>
-#include <sys/audit.h>
-#include <pwdadj.h>
-#endif
-
-#include <signal.h>
-
-#if defined(hpux) || defined(__hpux)
-#include <sys/ptyio.h>
-#endif
-#ifdef sysvimp
-#include <compat.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifdef HAVE_STREAMS
-#include <sys/stream.h>
-#include <sys/stropts.h>
-#endif
-
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-#include <termios.h>
-#else
-#include <sgtty.h>
-#endif
-
-#ifndef KERBEROS
-/* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */
-#include <netdb.h>
-#endif
-#include <syslog.h>
-#include <string.h>
-#include <sys/param.h>
-
-#ifdef HAVE_STREAMS
-/* krlogin doesn't test sys/tty... */
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-
-#ifdef HAVE_SYS_PTYVAR_H
-/* Solaris actually uses packet mode, so the real macros are needed too */
-#include <sys/ptyvar.h>
-#endif
-#endif
-
-
-#ifndef TIOCPKT_NOSTOP
-/* These values are over-the-wire protocol, *not* local values */
-#define TIOCPKT_NOSTOP          0x10
-#define TIOCPKT_DOSTOP          0x20
-#define TIOCPKT_FLUSHWRITE      0x02
-#endif
-
-#ifdef HAVE_SYS_FILIO_H
-/* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
-#include <sys/filio.h>
-#endif
-
-#ifndef HAVE_KILLPG
-#define killpg(pid, sig) kill(-(pid), (sig))
-#endif
-
-#ifdef HAVE_PTSNAME
-/* HP/UX 9.04 has but does not declare ptsname.  */
-extern char *ptsname ();
-#endif
-
-#ifdef NO_WINSIZE
-struct winsize {
-    unsigned short ws_row, ws_col;
-    unsigned short ws_xpixel, ws_ypixel;
-};
-#endif /* NO_WINSIZE */
-
-#ifndef roundup
-#define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
-#endif
-
-#include "fake-addrinfo.h"
-
-#ifdef KERBEROS
-
-#include "k5-int.h"
-#include <libpty.h>
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#include <k5-util.h>
-#endif
-
-int non_privileged = 0; /* set when connection is seen to be from */
-			/* a non-privileged port */
-
-#include "com_err.h"
-#include "defines.h"
-
-#define SECURE_MESSAGE  "This rlogin session is encrypting all data transmissions.\r\n"
-
-krb5_authenticator      *kdata;
-krb5_ticket     *ticket = 0;
-krb5_context bsd_context;
-krb5_ccache ccache = NULL;
-
-krb5_keytab keytab = NULL;
-
-#define ARGSTR	"k5ciepPD:S:M:L:fw:?"
-#else /* !KERBEROS */
-#define ARGSTR	"rpPD:f?"
-#endif /* KERBEROS */
-
-#ifndef LOGIN_PROGRAM
-#ifdef DO_NOT_USE_K_LOGIN
-#ifdef sysvimp
-#define LOGIN_PROGRAM "/bin/remlogin"
-#else
-#define LOGIN_PROGRAM "/bin/login"
-#endif
-#else /* DO_NOT_USE_K_LOGIN */
-#define LOGIN_PROGRAM KRB5_PATH_LOGIN
-#endif /* DO_NOT_USE_K_LOGIN */
-#endif /* LOGIN_PROGRAM */
-
-char *login_program = LOGIN_PROGRAM;
-
-#define MAXRETRIES 4
-#define MAX_PROG_NAME 16
-
-#ifndef UT_NAMESIZE	/* linux defines it directly in <utmp.h> */
-#define	UT_NAMESIZE	sizeof(((struct utmp *)0)->ut_name)
-#endif
-
-#if HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-
-#ifndef MAXDNAME
-#define MAXDNAME 256 /*per the rfc*/
-#endif
-
-char		lusername[UT_NAMESIZE+1];
-char		rusername[UT_NAMESIZE+1];
-char            *krusername = 0;
-char		term[64];
-char            rhost_name[MAXDNAME];
-char		rhost_addra[16];
-krb5_principal  client;
-int		do_inband = 0;
-
-int	reapchild();
-char 	*progname;
-
-static	int Pfd;
-
-#if defined(NEED_DAEMON_PROTO)
-extern int daemon(int, int);
-#endif
-
-#if (defined(_AIX) && defined(i386)) || defined(ibm032) || (defined(vax) && !defined(ultrix)) || (defined(SunOS) && SunOS > 40) || defined(solaris20)
-#define VHANG_FIRST
-#endif
-
-#if defined(ultrix)
-#define VHANG_LAST		/* vhangup must occur on close, not open */
-#endif
-
-void	fatal(int, const char *), fatalperror(int, const char *), doit(int, struct sockaddr *), usage(void), do_krb_login(char *, char *), getstr(int, char *, int, char *);
-void	protocol(int, int);
-int	princ_maps_to_lname(krb5_principal, char *), default_realm(krb5_principal);
-krb5_sigtype	cleanup(int);
-krb5_error_code recvauth(int *);
-
-int do_encrypt = 0, passwd_req = 0;
-int checksum_required = 0, checksum_ignored = 0;
-
-int stripdomain = 1;
-int maxhostlen = 0;
-int always_ip = 0;
-
-int main(argc, argv)
-     int argc;
-     char **argv;
-{
-    extern int opterr, optind;
-    extern char * optarg;
-    int on = 1, ch;
-    socklen_t fromlen;
-    struct sockaddr_storage from;
-    int debug_port = 0;
-    int fd;
-    int do_fork = 0;
-#ifdef KERBEROS
-    krb5_error_code status;
-#endif
-
-    progname = *argv;
-
-    pty_init();
-
-#ifndef LOG_NDELAY
-#define LOG_NDELAY 0
-#endif
-
-#ifndef LOG_AUTH /* 4.2 syslog */
-    openlog(progname, LOG_PID | LOG_NDELAY);
-#else
-    openlog(progname, LOG_PID | LOG_NDELAY, LOG_AUTH);
-#endif /* 4.2 syslog */
-
-#ifdef KERBEROS
-    status = krb5_init_context(&bsd_context);
-    if (status) {
-	    syslog(LOG_ERR, "Error initializing krb5: %s",
-		   error_message(status));
-	    exit(1);
-    }
-#endif
-
-    /* Analyse parameters. */
-    opterr = 0;
-    while ((ch = getopt(argc, argv, ARGSTR)) != -1)
-      switch (ch) {
-#ifdef KERBEROS
-	case 'k':
-	break;
-
-      case '5':
-	break;
-      case 'c':
-	checksum_required = 1;
-	break;
-      case 'i':
-	checksum_ignored = 1;
-	break;
-
-#ifdef CRYPT
-	case 'x':         /* Use encryption. */
-	case 'X':
-	case 'e':
-	case 'E':
-	  do_encrypt = 1;
-	  break;
-#endif
-	case 'S':
-	  if ((status = krb5_kt_resolve(bsd_context, optarg, &keytab))) {
-		  com_err(progname, status, "while resolving srvtab file %s",
-			  optarg);
-		  exit(2);
-	  }
-	  break;
-	case 'M':
-	  krb5_set_default_realm(bsd_context, optarg);
-	  break;
-#endif
-	case 'p':
-	  break;
-	case 'P':         /* passwd is a must */
-	  passwd_req = 1;
-	  break;
-	case 'D':
-	  debug_port = atoi(optarg);
-	  break;
-	case 'L':
-	  login_program = optarg;
-	  break;
-        case 'f':
-	  do_fork = 1;
-	  break;
-	case 'w':
-	  if (!strcmp(optarg, "ip"))
-	    always_ip = 1;
-	  else {
-	    char *cp;
-	    cp = strchr(optarg, ',');
-	    if (cp == NULL)
-	      maxhostlen = atoi(optarg);
-	    else if (*(++cp)) {
-	      if (!strcmp(cp, "striplocal"))
-		stripdomain = 1;
-	      else if (!strcmp(cp, "nostriplocal"))
-		stripdomain = 0;
-	      else {
-		usage();
-		exit(1);
-	      }
-	      *(--cp) = '\0';
-	      maxhostlen = atoi(optarg);
-	    }
-	  }
-	  break;
-	case '?':
-	default:
-	  usage();
-	  exit(1);
-	  break;
-      }
-    argc -= optind;
-    argv += optind;
-
-    fromlen = sizeof (from);
-
-    if (debug_port || do_fork) {
-	int s;
-	struct servent *ent;
-	struct sockaddr_in sock_in;
-
-	if (!debug_port) {
-	    if (do_encrypt) {
-		ent = getservbyname("eklogin", "tcp");
-		if (ent == NULL)
-		    debug_port = 2105;
-		else
-		    debug_port = ent->s_port;
-	    } else {
-		ent = getservbyname("klogin", "tcp");
-		if (ent == NULL)
-		    debug_port = 543;
-		else
-		    debug_port = ent->s_port;
-	    }
-	}
-	if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) {
-	    fprintf(stderr, "Error in socket: %s\n", strerror(errno));
-	    exit(2);
-	}
-	memset(&sock_in, 0,sizeof(sock_in));
-	sock_in.sin_family = AF_INET;
-	sock_in.sin_port = htons(debug_port);
-	sock_in.sin_addr.s_addr = INADDR_ANY;
-
-	if (!do_fork)
-	    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-			      (char *)&on, sizeof(on));
-
-	if ((bind(s, (struct sockaddr *) &sock_in, sizeof(sock_in))) < 0) {
-	    fprintf(stderr, "Error in bind: %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	if ((listen(s, 5)) < 0) {
-	    fprintf(stderr, "Error in listen: %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	if (do_fork) {
-	    if (daemon(0, 0)) {
-		fprintf(stderr, "daemon() failed\n");
-		exit(2);
-	    }
-	    while (1) {
-		int child_pid;
-
-		fd = accept(s, (struct sockaddr *) &from, &fromlen);
-		if (fd < 0) {
-		    if (errno != EINTR)
-			syslog(LOG_ERR, "accept: %s", error_message(errno));
-		    continue;
-		}
-		child_pid = fork();
-		switch (child_pid) {
-		case -1:
-		    syslog(LOG_ERR, "fork: %s", error_message(errno));
-		case 0:
-		    (void) close(s);
-		    doit(fd, (struct sockaddr *) &from);
-		    close(fd);
-		    exit(0);
-		default:
-		    wait(0);
-		    close(fd);
-		}
-	    }
-	}
-
-	if ((fd = accept(s, (struct sockaddr *) &from, &fromlen)) < 0) {
-	    fprintf(stderr, "Error in accept: %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	close(s);
-    } else {			/* !do_fork && !debug_port */
-	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
-	    syslog(LOG_ERR,"Can't get peer name of remote host: %m");
-#ifdef STDERR_FILENO
-	    fatal(STDERR_FILENO, "Can't get peer name of remote host");
-#else
-	    fatal(2, "Can't get peer name of remote host");
-#endif
-	}
-	fd = 0;
-    }
-
-    doit(fd, (struct sockaddr *) &from);
-    return 0;
-}
-
-
-
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-
-int	child;
-int	netf;
-char	line[MAXPATHLEN];
-extern	char	*inet_ntoa();
-
-#ifdef TIOCSWINSZ
-struct winsize win = { 0, 0, 0, 0 };
-#endif
-
-int pid; /* child process id */
-
-void doit(f, fromp)
-  int f;
-  struct sockaddr *fromp;
-{
-    int p, t, on = 1;
-    char c;
-    char hname[NI_MAXHOST];
-    char buferror[255];
-    struct passwd *pwd;
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-    int retval;
-    char *rhost_sane;
-    int syncpipe[2];
-
-    netf = -1;
-    if (setsockopt(f, SOL_SOCKET, SO_KEEPALIVE,
-		   (const char *) &on, sizeof (on)) < 0)
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-
-    if (checksum_required&&checksum_ignored) {
-	syslog( LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation.");
-	fatal(f, "Configuration error: mutually exclusive options specified");
-    }
-
-    alarm(60);
-    read(f, &c, 1);
-
-    if (c != 0){
-	exit(1);
-    }
-
-    alarm(0);
-    /* Initialize syncpipe */
-    if (pipe( syncpipe ) < 0 )
-	fatalperror ( f , "");
-
-
-#ifdef POSIX_SIGNALS
-    /* Initialize "sa" structure. */
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-#endif
-
-    retval = getnameinfo(fromp, socklen(fromp), hname, sizeof(hname), 0, 0,
-			 NI_NUMERICHOST);
-    if (retval)
-	fatal(f, gai_strerror(retval));
-    strncpy(rhost_addra, hname, sizeof(rhost_addra));
-    rhost_addra[sizeof (rhost_addra) -1] = '\0';
-
-    retval = getnameinfo(fromp, socklen(fromp), hname, sizeof(hname), 0, 0, 0);
-    if (retval)
-	fatal(f, gai_strerror(retval));
-    strncpy(rhost_name, hname, sizeof(rhost_name));
-    rhost_name[sizeof (rhost_name) - 1] = '\0';
-
-#ifndef KERBEROS
-    if (fromp->sin_family != AF_INET)
-	/* Not a real problem, we just haven't bothered to update
-	   the port number checking code to handle ipv6.  */
-      fatal(f, "Permission denied - Malformed from address\n");
-
-    if (fromp->sin_port >= IPPORT_RESERVED ||
-	fromp->sin_port < IPPORT_RESERVED/2)
-      fatal(f, "Permission denied - Connection from bad port");
-#endif /* KERBEROS */
-
-    /* Set global netf to f now : we may need to drop everything
-       in do_krb_login. */
-    netf = f;
-
-#if defined(KERBEROS)
-    /* All validation, and authorization goes through do_krb_login() */
-    do_krb_login(rhost_addra, rhost_name);
-#else
-    getstr(f, rusername, sizeof(rusername), "remuser");
-    getstr(f, lusername, sizeof(lusername), "locuser");
-    getstr(f, term, sizeof(term), "Terminal type");
-    rcmd_stream_init_normal();
-#endif
-
-    write(f, "", 1);
-    if ((retval = pty_getpty(&p,line, sizeof(line)))) {
-	com_err(progname, retval, "while getting master pty");
-	exit(2);
-    }
-
-    Pfd = p;
-#ifdef TIOCSWINSZ
-    (void) ioctl(p, TIOCSWINSZ, &win);
-#endif
-
-#ifdef POSIX_SIGNALS
-    sa.sa_handler = cleanup;
-    (void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-    (void) sigaction(SIGTERM, &sa, (struct sigaction *)0);
-#else
-    signal(SIGCHLD, cleanup);
-    signal(SIGTERM, cleanup);
-#endif
-    pid = fork();
-    if (pid < 0)
-      fatalperror(f, "");
-    if (pid == 0) {
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-	struct termios new_termio;
-#else
-	struct sgttyb b;
-#endif /* POSIX_TERMIOS */
-	if ((retval = pty_open_slave(line, &t))) {
-	    fatal(f, error_message(retval));
-	    exit(1);
-	}
-
-
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-	tcgetattr(t,&new_termio);
-#if !defined(USE_LOGIN_F)
-	new_termio.c_lflag &= ~(ICANON|ECHO|ISIG|IEXTEN);
-	new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL);
-#else
-	new_termio.c_lflag |= (ICANON|ECHO|ISIG|IEXTEN);
-	new_termio.c_oflag |= (ONLCR|OPOST);
-	new_termio.c_iflag |= (IXON|IXANY|BRKINT|INLCR|ICRNL);
-#endif /*Do we need binary stream?*/
-	new_termio.c_iflag &= ~(ISTRIP);
-	/* new_termio.c_iflag = 0; */
-	/* new_termio.c_oflag = 0; */
-	new_termio.c_cc[VMIN] = 1;
-	new_termio.c_cc[VTIME] = 0;
-	tcsetattr(t,TCSANOW,&new_termio);
-#else
-	(void)ioctl(t, TIOCGETP, &b);
-	b.sg_flags = RAW|ANYP;
-	(void)ioctl(t, TIOCSETP, &b);
-#endif /* POSIX_TERMIOS */
-
-	pid = 0;			/*reset pid incase exec fails*/
-
-	/*
-	 **      signal the parent that we have turned off echo
-	 **      on the slave side of the pty ... he's waiting
-	 **      because otherwise the rlogin protocol junk gets
-	 **      echo'd to the user (locuser^@remuser^@term/baud)
-	 **      and we don't get the right tty affiliation, and
-	 **      other kinds of hell breaks loose ...
-	 */
-	(void) write(syncpipe[1], &c, 1);
-	(void) close(syncpipe[1]);
-	(void) close(syncpipe[0]);
-
-	close(f), close(p);
-	dup2(t, 0), dup2(t, 1), dup2(t, 2);
-	if (t > 2)
-	  close(t);
-
-#if defined(sysvimp)
-	setcompat (COMPAT_CLRPGROUP | (getcompat() & ~COMPAT_BSDTTY));
-#endif
-
-	/* Log access to account */
-	pwd = (struct passwd *) getpwnam(lusername);
-	if (pwd && (pwd->pw_uid == 0)) {
-	    if (passwd_req)
-	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s)) forcing password access",
-		     krusername ? krusername : "",
-		     rusername, rhost_addra, rhost_name);
-	    else
-	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))",
-		     krusername ? krusername : "",
-		     rusername, rhost_addra, rhost_name);
-	}
-#ifdef KERBEROS
-#if defined(LOG_REMOTE_REALM) && !defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
-	/* Log if principal is from a remote realm */
-        else if (client && !default_realm(client))
-#endif /* LOG_REMOTE_REALM */
-
-#if defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
-	/* Log if principal name does not map to local username */
-        else if (client && !princ_maps_to_lname(client, lusername))
-#endif /* LOG_OTHER_USERS */
-
-#if defined(LOG_ALL_LOGINS)
-        else
-#endif /* LOG_ALL_LOGINS */
-
-#if defined(LOG_REMOTE_REALM) || defined(LOG_OTHER_USERS) || defined(LOG_ALL_LOGINS)
-	{
-	    if (passwd_req)
-	      syslog(LOG_NOTICE,
-		     "login by %s (%s@%s (%s)) as %s forcing password access",
-		     krusername ? krusername : "", rusername,
-		     rhost_addra, rhost_name, lusername);
-	    else
-	      syslog(LOG_NOTICE,
-		     "login by %s (%s@%s (%s)) as %s",
-		     krusername ? krusername : "", rusername,
-		     rhost_addra, rhost_name, lusername);
-	}
-#endif /* LOG_REMOTE_REALM || LOG_OTHER_USERS || LOG_ALL_LOGINS */
-#endif /* KERBEROS */
-
-#ifndef NO_UT_PID
-	{
-
-	    pty_update_utmp(PTY_LOGIN_PROCESS, getpid(), "rlogin", line,
-			    ""/*host*/, PTY_TTYSLOT_USABLE);
-	}
-#endif
-
-#ifdef USE_LOGIN_F
-/* use the vendors login, which has -p and -f. Tested on
- * AIX 4.1.4 and HPUX 10
- */
-    {
-        char *cp;
-        if ((cp = strchr(term,'/')))
-            *cp = '\0';
-        setenv("TERM",term, 1);
-    }
-
-    retval = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen,
-				    stripdomain, always_ip,
-				    &rhost_sane);
-    if (retval)
-        fatalperror(f, "failed make_sane_hostname");
-    if (passwd_req)
-        execl(login_program, "login", "-p", "-h", rhost_sane,
-          lusername, (char *)NULL);
-    else
-        execl(login_program, "login", "-p", "-h", rhost_sane,
-             "-f", lusername, (char *)NULL);
-#else /* USE_LOGIN_F */
-	execl(login_program, "login", "-r", rhost_sane, (char *)NULL);
-#endif /* USE_LOGIN_F */
-	syslog(LOG_ERR, "failed exec of %s: %s",
-	       login_program, error_message(errno));
-	fatalperror(f, login_program);
-	/*NOTREACHED*/
-    } /* if (pid == 0) */
-
-    /*
-     **      wait for child to start ... read one byte
-     **      -- see the child, who writes one byte after
-     **      turning off echo on the slave side ...
-     **      The master blocks here until it reads a byte.
-     */
-
-(void) close(syncpipe[1]);
-    if (read(syncpipe[0], &c, 1) != 1) {
-	/*
-	 * Problems read failed ...
-	 */
-	snprintf(buferror, sizeof(buferror), "Cannot read slave pty %s ",line);
-	fatalperror(p,buferror);
-    }
-    close(syncpipe[0]);
-
-
-#if defined(KERBEROS)
-    if (do_encrypt) {
-	if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){
-	    snprintf(buferror, sizeof(buferror),
-		     "Cannot encrypt-write network.");
-	    fatal(p,buferror);
-	}
-    }
-    else
-      /*
-       * if encrypting, don't turn on NBIO, else the read/write routines
-       * will fail to work properly
-       */
-#endif /* KERBEROS */
-      ioctl(f, FIONBIO, &on);
-    ioctl(p, FIONBIO, &on);
-
-    /* FIONBIO doesn't always work on ptys, use fcntl to set O_NDELAY? */
-    (void) fcntl(p,F_SETFL,fcntl(p,F_GETFL,0) | O_NDELAY);
-
-#ifdef POSIX_SIGNALS
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGTSTP, &sa, (struct sigaction *)0);
-#else
-    signal(SIGTSTP, SIG_IGN);
-#endif
-
-
-#if !defined(USE_LOGIN_F)
-    /* Pass down rusername and lusername to login. */
-    (void) write(p, rusername, strlen(rusername) +1);
-    (void) write(p, lusername, strlen(lusername) +1);
-    /* stuff term info down to login */
-    if ((write(p, term, strlen(term)+1) != (int) strlen(term)+1)) {
-	/*
-	 * Problems write failed ...
-	 */
-	snprintf(buferror, sizeof(buferror), "Cannot write slave pty %s ",
-		 line);
-	fatalperror(f,buferror);
-    }
-
-#endif
-    protocol(f, p);
-    signal(SIGCHLD, SIG_IGN);
-    cleanup(0);
-}
-
-unsigned char	magic[2] = { 0377, 0377 };
-#ifdef TIOCSWINSZ
-#ifndef TIOCPKT_WINDOW
-#define TIOCPKT_WINDOW 0x80
-#endif
-unsigned char	oobdata[] = {TIOCPKT_WINDOW};
-#else
-char    oobdata[] = {0};
-#endif
-
-static
-void sendoob(fd, byte)
-     int fd;
-     char *byte;
-{
-    char message[5];
-    int cc;
-
-    if (do_inband) {
-	message[0] = '\377';
-	message[1] = '\377';
-	message[2] = 'o';
-	message[3] = 'o';
-	message[4] = *byte;
-
-	cc = rcmd_stream_write(fd, message, sizeof(message), 0);
-	while (cc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
-	    /* also shouldn't happen */
-	    sleep(5);
-	    cc = rcmd_stream_write(fd, message, sizeof(message), 0);
-	}
-    } else {
-	send(fd, byte, 1, MSG_OOB);
-    }
-}
-
-/*
- * Handle a "control" request (signaled by magic being present)
- * in the data stream.  For now, we are only willing to handle
- * window size changes.
- */
-static int control(pty, cp, n)
-     int pty;
-     unsigned char *cp;
-     int n;
-{
-    struct winsize w;
-    int pgrp, got_pgrp;
-
-    if (n < (int) 4+sizeof (w) || cp[2] != 's' || cp[3] != 's')
-      return (0);
-#ifdef TIOCSWINSZ
-    oobdata[0] &= ~TIOCPKT_WINDOW;	/* we know he heard */
-    memcpy(&w, cp+4, sizeof(w));
-    w.ws_row = ntohs(w.ws_row);
-    w.ws_col = ntohs(w.ws_col);
-    w.ws_xpixel = ntohs(w.ws_xpixel);
-    w.ws_ypixel = ntohs(w.ws_ypixel);
-    (void)ioctl(pty, TIOCSWINSZ, &w);
-#ifdef HAVE_TCGETPGRP
-    pgrp = tcgetpgrp (pty);
-    got_pgrp = pgrp != -1;
-#else
-    got_pgrp = ioctl(pty, TIOCGPGRP, &pgrp) >= 0;
-#endif
-    if (got_pgrp)
-      (void) killpg(pgrp, SIGWINCH);
-#endif
-    return (4+sizeof (w));
-}
-
-
-
-/*
- * rlogin "protocol" machine.
- */
-void protocol(f, p)
-     int f, p;
-{
-    unsigned char pibuf[BUFSIZ], qpibuf[BUFSIZ*2], fibuf[BUFSIZ], *pbp=0, *fbp=0;
-    register int pcc = 0, fcc = 0;
-    int cc;
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-#ifdef TIOCPKT
-    register int tiocpkt_on = 0;
-    int on = 1;
-#endif
-
-#if defined(TIOCPKT) && !(defined(__svr4__) || defined(HAVE_STREAMS)) \
-	|| defined(solaris20)
-    /* if system has TIOCPKT, try to turn it on. Some drivers
-     * may not support it. Save flag for later.
-     */
-   if ( ioctl(p, TIOCPKT, &on) < 0)
-	tiocpkt_on = 0;
-   else tiocpkt_on = 1;
-#endif
-
-    /*
-     * Must ignore SIGTTOU, otherwise we'll stop
-     * when we try and set slave pty's window shape
-     * (our controlling tty is the master pty).
-     */
-#ifdef POSIX_SIGNALS
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGTTOU, &sa, (struct sigaction *)0);
-#else
-    signal(SIGTTOU, SIG_IGN);
-#endif
-#ifdef TIOCSWINSZ
-    sendoob(f, oobdata);
-#endif
-    for (;;) {
-	fd_set ibits, obits, ebits;
-
-	FD_ZERO(&ibits);
-	FD_ZERO(&obits);
-	FD_ZERO(&ebits);
-
-	if (fcc)
-	    FD_SET(p, &obits);
-	else
-	    FD_SET(f, &ibits);
-	if (pcc >= 0) {
-	    if (pcc) {
-		FD_SET(f, &obits);
-	    } else {
-		FD_SET(p, &ibits);
-	    }
-	}
-
-	if (select(((p > f) ? p : f) + 1, &ibits, &obits, &ebits, 0) < 0) {
-	    if (errno == EINTR)
-	      continue;
-	    fatalperror(f, "select");
-	}
-#define	pkcontrol(c)	((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
-	if (FD_ISSET(f, &ibits)) {
-	    fcc = rcmd_stream_read(f, fibuf, sizeof (fibuf), 0);
-	    if (fcc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
-		fcc = 0;
-	    } else {
-		register unsigned char *cp;
-		int n;
-		size_t left;
-
-		if (fcc <= 0)
-		    break;
-		fbp = fibuf;
-
-		for (cp = fibuf; cp < fibuf+fcc-1; cp++) {
-		    if (cp[0] == magic[0] &&
-			cp[1] == magic[1]) {
-			left = (fibuf+fcc) - cp;
-			n = control(p, cp, left);
-			if (n) {
-			    left -= n;
-			    fcc -= n;
-			    if (left > 0)
-				memmove(cp, cp+n, left);
-			    cp--;
-			}
-		    }
-		}
-	    }
-	}
-
-	if (FD_ISSET(p, &obits) && fcc > 0) {
-	    cc = write(p, fbp, fcc);
-	    if (cc > 0) {
-		fcc -= cc;
-		fbp += cc;
-	    }
-	}
-
-	if (FD_ISSET(p, &ibits)) {
-	    pcc = read(p, pibuf, sizeof (pibuf));
-	    pbp = pibuf;
-	    if (pcc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
-		pcc = 0;
-	    } else if (pcc <= 0) {
-		break;
-	    }
-#ifdef TIOCPKT
-	    else if (tiocpkt_on) {
-		if (pibuf[0] == 0) {
-		    pbp++, pcc--;
-		} else {
-		    if (pkcontrol(pibuf[0])) {
-			pibuf[0] |= oobdata[0];
-			sendoob(f, pibuf);
-		    }
-		    pcc = 0;
-		}
-	    }
-#endif
-
-	    /* quote any double-\377's if necessary */
-
-	    if (do_inband) {
-		unsigned char *qpbp;
-		int qpcc, i;
-
-		qpbp = qpibuf;
-		qpcc = 0;
-
-		for (i=0; i<pcc;) {
-		    if (pbp[i] == 0377u && (i+1)<pcc && pbp[i+1] == 0377u) {
-			qpbp[qpcc] = '\377';
-			qpbp[qpcc+1] = '\377';
-			qpbp[qpcc+2] = 'q';
-			qpbp[qpcc+3] = 'q';
-			i += 2;
-			qpcc += 4;
-		    } else {
-			qpbp[qpcc] = pbp[i];
-			i++;
-			qpcc++;
-		    }
-		}
-
-		pbp = qpbp;
-		pcc = qpcc;
-	    }
-	}
-
-	if (FD_ISSET(f, &obits) && pcc > 0) {
-	    cc = rcmd_stream_write(f, pbp, pcc, 0);
-	    if (cc < 0 && ((errno == EWOULDBLOCK) || (errno == EAGAIN))) {
-		/* also shouldn't happen */
-		sleep(5);
-		continue;
-	    }
-	    if (cc > 0) {
-		pcc -= cc;
-		pbp += cc;
-	    }
-	}
-    }
-}
-
-
-
-krb5_sigtype cleanup(signumber)
-    int signumber;
-{
-    pty_cleanup (line, pid, 1);
-    shutdown(netf, 2);
-    if (ccache)
-	krb5_cc_destroy(bsd_context, ccache);
-    exit(1);
-}
-
-
-void fatal(f, msg)
-     int f;
-     const char *msg;
-{
-    char buf[512];
-    int out = 1 ;          /* Output queue of f */
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-
-    buf[0] = '\01';		/* error indicator */
-    (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n", progname, msg);
-    if ((f == netf) && (pid > 0))
-      (void) rcmd_stream_write(f, buf, strlen(buf), 0);
-    else
-      (void) write(f, buf, strlen(buf));
-    syslog(LOG_ERR,"%s\n",msg);
-    if (pid > 0) {
-#ifdef POSIX_SIGNALS
-	(void) sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;
-	sa.sa_handler = SIG_IGN;
-	(void) sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-	signal(SIGCHLD,SIG_IGN);
-#endif
-	kill(pid,SIGKILL);
-#ifdef  TIOCFLUSH
-	(void) ioctl(f, TIOCFLUSH, (char *)&out);
-#else
-	(void) ioctl(f, TCFLSH, out);
-#endif
-	cleanup(0);
-    }
-    exit(1);
-}
-
-
-
-void fatalperror(f, msg)
-     int f;
-     const char *msg;
-{
-    char buf[512];
-
-    (void) snprintf(buf, sizeof(buf), "%s: %s", msg, error_message(errno));
-    fatal(f, buf);
-}
-
-#ifdef KERBEROS
-
-void
-do_krb_login(host_addr, hostname)
-     char *host_addr, *hostname;
-{
-    krb5_error_code status;
-    char *msg_fail = NULL;
-    int valid_checksum;
-
-    if (getuid()) {
-	exit(1);
-    }
-
-    /* Check authentication. */
-    if ((status = recvauth(&valid_checksum))) {
-	if (ticket)
-	  krb5_free_ticket(bsd_context, ticket);
-	if (status != 255)
-	  syslog(LOG_ERR,
-		 "Authentication failed from %s (%s): %s\n",host_addr,
-		 hostname,error_message(status));
-	fatal(netf, "Kerberos authentication failed");
-	return;
-    }
-
-    /* OK we have authenticated this user - now check authorization. */
-    /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/
-
-    /* krb5_kuserok returns 1 if OK */
-    if (!client || !krb5_kuserok(bsd_context, client, lusername)) {
-	if (asprintf(&msg_fail,
-		      "User %s is not authorized to login to account %s",
-		      krusername, lusername) >= 0)
-	    fatal(netf, msg_fail);
-	else
-	    fatal(netf,
-		  "User is not authorized to login to specified account");
-    }
-
-    if (checksum_required && !valid_checksum) {
-	syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
-
-	fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
-    }
-}
-
-#endif /* KERBEROS */
-
-
-
-void getstr(fd, buf, cnt, err)
-     int fd;
-     char *buf;
-     int cnt;
-     char *err;
-{
-
-    char c;
-
-    do {
-	if (read(fd, &c, 1) != 1) {
-	    exit(1);
-	}
-	if (--cnt < 0) {
-	    printf("%s too long\r\n", err);
-	    exit(1);
-	}
-	*buf++ = c;
-    } while (c != 0);
-}
-
-
-
-void usage()
-{
-#ifdef KERBEROS
-    syslog(LOG_ERR,
-	   "usage: klogind [-ePf] [-D port] [-w[ip|maxhostlen[,[no]striplocal]]] or [r/R][k/K][x/e][p/P]logind");
-#else
-    syslog(LOG_ERR,
-	   "usage: rlogind [-rPf] [-D port] or [r/R][p/P]logind");
-#endif
-}
-
-
-
-#ifdef KERBEROS
-
-#ifndef KRB_SENDAUTH_VLEN
-#define	KRB_SENDAUTH_VLEN 8	    /* length for version strings */
-#endif
-
-#define	KRB_SENDAUTH_VERS	"AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
-					      chars */
-
-krb5_error_code
-recvauth(valid_checksum)
-    int *valid_checksum;
-{
-    krb5_auth_context auth_context = NULL;
-    krb5_error_code status;
-    struct sockaddr_storage peersin, laddr;
-    socklen_t len;
-    krb5_data inbuf;
-    krb5_data version;
-    krb5_authenticator *authenticator;
-    krb5_rcache rcache;
-    enum kcmd_proto kcmd_proto;
-    krb5_keyblock *key;
-
-    *valid_checksum = 0;
-    len = sizeof(laddr);
-    if (getsockname(netf, (struct sockaddr *)&laddr, &len)) {
-	    exit(1);
-    }
-
-    len = sizeof(peersin);
-    if (getpeername(netf, (struct sockaddr *)&peersin, &len)) {
-	syslog(LOG_ERR, "get peer name failed %d", netf);
-	exit(1);
-    }
-
-    if ((status = krb5_auth_con_init(bsd_context, &auth_context)))
-        return status;
-
-    /* Only need remote address for rd_cred() to verify client */
-    if ((status = krb5_auth_con_genaddrs(bsd_context, auth_context, netf,
-		 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)))
-	return status;
-
-    status = krb5_auth_con_getrcache(bsd_context, auth_context, &rcache);
-    if (status) return status;
-
-    if (! rcache) {
-	krb5_principal server;
-
-	status = krb5_sname_to_principal(bsd_context, 0, 0,
-					 KRB5_NT_SRV_HST, &server);
-	if (status) return status;
-
-	status = krb5_get_server_rcache(bsd_context,
-				krb5_princ_component(bsd_context, server, 0),
-				&rcache);
-	krb5_free_principal(bsd_context, server);
-	if (status) return status;
-
-	status = krb5_auth_con_setrcache(bsd_context, auth_context, rcache);
-	if (status) return status;
-    }
-
-    status = krb5_recvauth_version(bsd_context, &auth_context, &netf,
-				   NULL, 0, keytab, &ticket, &version);
-    if (status) {
-	/*
-	 * clean up before exiting
-	 */
-	getstr(netf, lusername, sizeof (lusername), "locuser");
-	getstr(netf, term, sizeof(term), "Terminal type");
-	getstr(netf, rusername, sizeof(rusername), "remuser");
-	return status;
-    }
-
-    getstr(netf, lusername, sizeof (lusername), "locuser");
-    getstr(netf, term, sizeof(term), "Terminal type");
-
-    kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
-    if (version.length != 9) {
-	fatal (netf, "bad application version length");
-    }
-    if (!memcmp (version.data, "KCMDV0.1", 9))
-	kcmd_proto = KCMD_OLD_PROTOCOL;
-    else if (!memcmp (version.data, "KCMDV0.2", 9))
-	kcmd_proto = KCMD_NEW_PROTOCOL;
-
-    if (!(checksum_ignored && kcmd_proto == KCMD_OLD_PROTOCOL)) {
-
-      if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context,
-						   &authenticator)))
-	return status;
-
-      if (authenticator->checksum) {
-	struct sockaddr_in adr;
-	socklen_t adr_length = sizeof(adr);
-	krb5_data chksumbuf;
-	krb5_boolean valid = 0;
-
-	chksumbuf.data = NULL;
-	if (getsockname(netf, (struct sockaddr *) &adr, &adr_length) != 0)
-	    goto error_cleanup;
-	if (asprintf(&chksumbuf.data, "%u:%s%s", ntohs(adr.sin_port), term, lusername) < 0)
-	    goto error_cleanup;
-
-	chksumbuf.length = strlen(chksumbuf.data);
-	status = krb5_c_verify_checksum(bsd_context,
-					ticket->enc_part2->session,
-					KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-					&chksumbuf, authenticator->checksum,
-					&valid);
-	if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-    error_cleanup:
-	if (chksumbuf.data)
-	    free(chksumbuf.data);
-	if (status) {
-	  krb5_free_authenticator(bsd_context, authenticator);
-	  return status;
-	}
-	*valid_checksum = 1;
-      }
-      krb5_free_authenticator(bsd_context, authenticator);
-    }
-
-    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
-				      &client)))
-	return status;
-
-    key = 0;
-    status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context, &key);
-    if (status)
-	fatal (netf, "Server can't get session subkey");
-    if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
-	fatal (netf, "No session subkey sent");
-    if (key && kcmd_proto == KCMD_OLD_PROTOCOL) {
-#ifdef HEIMDAL_FRIENDLY
-	key = 0;
-#else
-	fatal (netf, "Session subkey not permitted under old kcmd protocol");
-#endif
-    }
-    if (key == 0)
-	key = ticket->enc_part2->session;
-
-    rcmd_stream_init_krb5 (key, do_encrypt, 1, 0, kcmd_proto);
-
-    do_inband = (kcmd_proto == KCMD_NEW_PROTOCOL);
-
-    getstr(netf, rusername, sizeof(rusername), "remuser");
-
-    if ((status = krb5_unparse_name(bsd_context, client, &krusername)))
-	return status;
-
-    if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netf, &inbuf)))
-	fatal(netf, "Error reading message");
-
-    if ((inbuf.length) && /* Forwarding being done, read creds */
-	(status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
-					  ticket, &ccache))) {
-         fatal(netf, "Can't get forwarded credentials");
-    }
-    return 0;
-}
-
-#endif /* KERBEROS */
diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c
deleted file mode 100644
index 028d3dd..0000000
--- a/src/appl/bsd/krsh.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- *	appl/bsd/krsh.c
- */
-
-/*
- * Copyright (c) 1983 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-  "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)rsh.c	5.7 (Berkeley) 9/20/88 */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <sys/time.h>
-
-#include <netinet/in.h>
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <stdio.h>
-#include <errno.h>
-#include <signal.h>
-#include <pwd.h>
-#include <netdb.h>
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifdef HAVE_SYS_FILIO_H
-/* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
-#include <sys/filio.h>
-#endif
-
-#ifdef KERBEROS
-#include <krb5.h>
-#include <com_err.h>
-#include "defines.h"
-#endif /* KERBEROS */
-
-/*
- * rsh - remote shell
- */
-#define SECURE_MESSAGE "This rsh session is encrypting input/output data transmissions.\r\n"
-
-int	error();
-
-int	options;
-int	rfd2;
-int	nflag;
-krb5_sigtype  sendsig(int);
-
-#ifdef KERBEROS
-
-#ifndef UCB_RSH
-#define UCB_RSH "/usr/ucb/rsh"
-#endif
-
-krb5_context bsd_context;
-krb5_creds *cred;
-
-int	encrypt_flag = 0;
-char	*krb_realm = (char *)0;
-void	try_normal(char **);
-
-#endif /* KERBEROS */
-
-#ifndef RLOGIN_PROGRAM
-#ifdef KERBEROS
-#define RLOGIN_PROGRAM KRB5_PATH_RLOGIN
-#else /* KERBEROS */
-#ifndef UCB_RLOGIN
-#define UCB_RLOGIN "/usr/ucb/rlogin"
-#endif
-#define RLOGIN_PROGRAM UCB_RLOGIN
-#endif  /* KERBEROS */
-#endif /* !RLOGIN_PROGRAM */
-
-#ifndef POSIX_SIGNALS
-#define	mask(s)	(1 << ((s) - 1))
-#endif /* POSIX_SIGNALS */
-
-int
-main(argc, argv0)
-     int argc;
-     char **argv0;
-{
-    int rem, pid = 0;
-    char *host=0, **ap, buf[RCMD_BUFSIZ], *args, **argv = argv0, *user = 0;
-    register int cc;
-    struct passwd *pwd;
-    fd_set readfrom, ready;
-    int one = 1;
-    struct servent *sp;
-    struct servent defaultservent;
-    struct sockaddr_in local, foreign;
-    int suppress = 0;
-
-#ifdef POSIX_SIGNALS
-    sigset_t omask, igmask;
-    struct sigaction sa, osa;
-#else
-    int omask;
-#endif
-#ifdef KERBEROS
-    krb5_flags authopts;
-    krb5_error_code status;
-    krb5_auth_context auth_context;
-    int fflag = 0, Fflag = 0;
-#endif  /* KERBEROS */
-    int debug_port = 0;
-    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
-
-    memset(&defaultservent, 0, sizeof(struct servent));
-    if (strrchr(argv[0], '/'))
-      argv[0] = strrchr(argv[0], '/')+1;
-
-    if ( argc < 2 ) goto usage;
-    argc--;
-    argv++;
-
-  another:
-    if (argc > 0 && host == 0 && strncmp(*argv, "-", 1)) {
-	host = *argv;
-	argv++, argc--;
-	goto another;
-    }
-
-    if (argc > 0 && !strcmp(*argv, "-D")) {
-	argv++; argc--;
-	debug_port = htons(atoi(*argv));
-	argv++; argc--;
-	goto another;
-    }
-
-    if (argc > 0 && !strcmp(*argv, "-l")) {
-	argv++, argc--;
-	if (argc > 0)
-	  user = *argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-n")) {
-	argv++, argc--;
-	nflag++;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-d")) {
-	argv++, argc--;
-	options |= SO_DEBUG;
-	goto another;
-    }
-#ifdef KERBEROS
-    if (argc > 0 && !strcmp(*argv, "-k")) {
-	argv++, argc--;
-	if (argc == 0) {
-	    fprintf(stderr, "rsh(kerberos): -k flag must have a realm after it.\n");
-	    exit (1);
-	}
-	if(!(krb_realm = strdup(*argv))){
-	    fprintf(stderr, "rsh(kerberos): Cannot malloc.\n");
-	    exit(1);
-	}
-	argv++, argc--;
-	goto another;
-    }
-    /*
-     * Ignore -x from kerberos rlogin
-     */
-    if (argc > 0 && !strncmp(*argv, "-x", 2)) {
-	argv++, argc--;
-	encrypt_flag++;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-f", 2)) {
-	if (Fflag) {
-	    fprintf(stderr, "rsh: Only one of -f and -F allowed\n");
-	    goto usage;
-	}
-	fflag++;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-F", 2)) {
-	if (fflag) {
-	    fprintf(stderr, "rsh: Only one of -f and -F allowed\n");
-	    goto usage;
-	}
-	Fflag++;
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-A", 2)) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-PO")) {
-	argv++, argc--;
-	kcmd_proto = KCMD_OLD_PROTOCOL;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-PN")) {
-	argv++, argc--;
-	kcmd_proto = KCMD_NEW_PROTOCOL;
-	goto another;
-    }
-#endif  /* KERBEROS */
-    /*
-     * Ignore the -L, -w, -e and -8 flags to allow aliases with rlogin
-     * to work
-     *
-     * There must be a better way to do this! -jmb
-     */
-    if (argc > 0 && !strncmp(*argv, "-L", 2)) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-w", 2)) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-e", 2)) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strncmp(*argv, "-8", 2)) {
-	argv++, argc--;
-	goto another;
-    }
-#ifdef ATHENA
-    /* additional Athena flags to be ignored */
-    if (argc > 0 && !strcmp(*argv, "-noflow")) {	/* No local flow control option for rlogin */
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-7")) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-c")) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-a")) {
-	argv++, argc--;
-	goto another;
-    }
-    if (argc > 0 && !strcmp(*argv, "-n")) {
-	argv++, argc--;
-	goto another;
-    }
-    /*
-     ** Also ignore -t ttytype
-     */
-    if (argc > 0 && !strcmp(*argv, "-t")) {
-	argv++; argv++; argc--; argc--;
-	goto another;
-    }
-#endif /* ATHENA */
-    if (host == 0)
-      goto usage;
-    if (argv[0] == 0) {
-	execv(RLOGIN_PROGRAM, argv0);
-	perror(RLOGIN_PROGRAM);
-	exit(1);
-    }
-
-    pwd = getpwuid(getuid());
-    if (pwd == 0) {
-	fprintf(stderr, "who are you?\n");
-	exit(1);
-    }
-    cc = 0;
-    for (ap = argv; *ap; ap++)
-      cc += strlen(*ap) + 1;
-    if (encrypt_flag)
-      cc += 3;
-    args = (char *) malloc((unsigned) cc);
-    *args = '\0';
-    if (encrypt_flag)
-      strlcpy(args, "-x ", cc);
-    for (ap = argv; *ap; ap++) {
-      (void) strlcat(args, *ap, cc);
-	if (ap[1])
-	  strlcat(args, " ", cc);
-    }
-
-    if(debug_port == 0) {
-#ifdef KERBEROS
-      sp = getservbyname("kshell", "tcp");
-#else
-      sp = getservbyname("shell", "tcp");
-#endif  /* KERBEROS */
-      if (sp == 0) {
-#ifdef KERBEROS
-	sp = &defaultservent;
-	sp->s_port = htons(544);
-#else
-	fprintf(stderr, "rsh: shell/tcp: unknown service\n");
-	exit(1);
-#endif /* KERBEROS */
-      }
-
-      debug_port = sp->s_port;
-    }
-
-#ifdef KERBEROS
-    status = krb5_init_context(&bsd_context);
-    if (status) {
-	    com_err(argv[0], status, "while initializing krb5");
-	    exit(1);
-    }
-    authopts = AP_OPTS_MUTUAL_REQUIRED;
-
-    /* Piggy-back forwarding flags on top of authopts; */
-    /* they will be reset in kcmd */
-    if (fflag || Fflag)
-      authopts |= OPTS_FORWARD_CREDS;
-    if (Fflag)
-      authopts |= OPTS_FORWARDABLE_CREDS;
-#ifdef HAVE_ISATTY
-    suppress = !isatty(fileno(stderr));
-#endif
-    status = kcmd(&rem, &host, debug_port,
-		  pwd->pw_name,
-		  user ? user : pwd->pw_name,
-		  args, &rfd2, "host", krb_realm,
-		  &cred,
-		  0,           /* No need for sequence number */
-		  0,           /* No need for server seq # */
-		  &local, &foreign,
-		  &auth_context, authopts,
-		  1,	/* Always set anyport, there is no need not to. --proven */
-		  suppress,
-		  &kcmd_proto);
-    if (status) {
-	/* If new protocol requested, don't fall back to less secure
-	   ones.  */
-	if (kcmd_proto == KCMD_NEW_PROTOCOL)
-	    exit (1);
-	try_normal(argv0);
-    } else {
-	krb5_keyblock *key = &cred->keyblock;
-
-	if (kcmd_proto == KCMD_NEW_PROTOCOL) {
-	    status = krb5_auth_con_getsendsubkey (bsd_context, auth_context,
-						  &key);
-	    if (status) {
-		com_err (argv[0], status, "determining subkey for session");
-		exit (1);
-	    }
-	    if (!key) {
-		com_err (argv[0], 0, "no subkey negotiated for connection");
-		exit (1);
-	    }
-	}
-
-	rcmd_stream_init_krb5(key, encrypt_flag, 0, 1, kcmd_proto);
-    }
-
-#ifdef HAVE_ISATTY
-    if(encrypt_flag&&isatty(2)) {
-	write(2,SECURE_MESSAGE, strlen(SECURE_MESSAGE));
-    }
-#endif
-
-#else /* !KERBEROS */
-    rem = rcmd(&host, debug_port, pwd->pw_name,
-	       user ? user : pwd->pw_name, args, &rfd2);
-    if (rem < 0)
-      exit(1);
-#endif /* KERBEROS */
-    if (rfd2 < 0) {
-	fprintf(stderr, "rsh: can't establish stderr\n");
-	exit(2);
-    }
-    if (options & SO_DEBUG) {
-	if (setsockopt(rem, SOL_SOCKET, SO_DEBUG,
-		       (const char *) &one, sizeof (one)) < 0)
-	  perror("setsockopt (stdin)");
-	if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG,
-		       (const char *) &one, sizeof (one)) < 0)
-	  perror("setsockopt (stderr)");
-    }
-    (void) setuid(getuid());
-#ifdef POSIX_SIGNALS
-    sigemptyset(&igmask);
-    sigaddset(&igmask, SIGINT);
-    sigaddset(&igmask, SIGQUIT);
-    sigaddset(&igmask, SIGTERM);
-    sigprocmask(SIG_BLOCK, &igmask, &omask);
-
-    (void)sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = sendsig;
-
-    (void)sigaction(SIGINT, (struct sigaction *)0, &osa);
-    if (osa.sa_handler != SIG_IGN)
-	(void)sigaction(SIGINT, &sa, (struct sigaction *)0);
-
-    (void)sigaction(SIGQUIT, (struct sigaction *)0, &osa);
-    if (osa.sa_handler != SIG_IGN)
-	(void)sigaction(SIGQUIT, &sa, (struct sigaction *)0);
-
-    (void)sigaction(SIGTERM, (struct sigaction *)0, &osa);
-    if (osa.sa_handler != SIG_IGN)
-	(void)sigaction(SIGTERM, &sa, (struct sigaction *)0);
-#else
-#ifdef sgi
-    omask = sigignore(mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM));
-#else
-    omask = sigblock(mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM));
-#endif
-    if (signal(SIGINT, SIG_IGN) != SIG_IGN)
-      signal(SIGINT, sendsig);
-    if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
-      signal(SIGQUIT, sendsig);
-    if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
-      signal(SIGTERM, sendsig);
-#endif /* POSIX_SIGNALS */
-    if (nflag == 0) {
-	pid = fork();
-	if (pid < 0) {
-	    perror("fork");
-	    exit(1);
-	}
-    }
-    if (!encrypt_flag) {
-	ioctl(rfd2, FIONBIO, &one);
-	ioctl(rem, FIONBIO, &one);
-    }
-    if (nflag == 0 && pid == 0) {
-	char *bp;
-	int wc;
-	fd_set rembits;
-
-	(void) close(rfd2);
-      reread:
-	errno = 0;
-	cc = read(0, buf, sizeof buf);
-	if (cc <= 0)
-	  goto done;
-	bp = buf;
-      rewrite:
-	FD_ZERO(&rembits);
-	FD_SET(rem, &rembits);
-	if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
-	    if (errno != EINTR) {
-		perror("select");
-		exit(1);
-	    }
-	    goto rewrite;
-	}
-	if (FD_ISSET(rem, &rembits) == 0)
-	  goto rewrite;
-	wc = rcmd_stream_write(rem, bp, cc, 0);
-	if (wc < 0) {
-	    if ((errno == EWOULDBLOCK) || (errno == EAGAIN))
-	      goto rewrite;
-	    goto done;
-	}
-	cc -= wc; bp += wc;
-	if (cc == 0)
-	  goto reread;
-	goto rewrite;
-      done:
-	(void) shutdown(rem, 1);
-#ifdef KERBEROS
-	krb5_free_context(bsd_context);
-#endif
-	exit(0);
-    }
-#ifdef POSIX_SIGNALS
-    sigprocmask(SIG_SETMASK, &omask, (sigset_t*)0);
-#else
-#ifndef sgi
-    sigsetmask(omask);
-#endif
-#endif /* POSIX_SIGNALS */
-    FD_ZERO(&readfrom);
-    FD_SET(rfd2, &readfrom);
-    FD_SET(rem, &readfrom);
-    do {
-	ready = readfrom;
-	if (select(((rfd2 > rem) ? rfd2 : rem) + 1, &ready, 0, 0, 0) < 0) {
-	    if (errno != EINTR) {
-		perror("select");
-		exit(1);
-	    }
-	    continue;
-	}
-	if (FD_ISSET(rfd2, &ready)) {
-	    errno = 0;
-	    cc = rcmd_stream_read(rfd2, buf, sizeof buf, 1);
-	    if (cc <= 0) {
-		if ((errno != EWOULDBLOCK) && (errno != EAGAIN))
-		    FD_CLR(rfd2, &readfrom);
-	    } else
-	      (void) write(2, buf, (unsigned) cc);
-	}
-	if (FD_ISSET(rem, &ready)) {
-	    errno = 0;
-	    cc = rcmd_stream_read(rem, buf, sizeof buf, 0);
-	    if (cc <= 0) {
-		if ((errno != EWOULDBLOCK) && (errno != EAGAIN))
-		    FD_CLR(rem, &readfrom);
-	    } else
-	      (void) write(1, buf, (unsigned) cc);
-	}
-    } while (FD_ISSET(rem, &readfrom) || FD_ISSET(rfd2, &readfrom));
-    if (nflag == 0)
-      (void) kill(pid, SIGKILL);
-#ifdef KERBEROS
-    krb5_free_context(bsd_context);
-#endif
-    exit(0);
-  usage:
-    fprintf(stderr,
-	    "usage: \trsh host [ -PN / -PO ] [ -l login ] [ -n ] [ -x ] [ -f / -F] command\n");
-    fprintf(stderr,
-	    "OR \trsh [ -PN / -PO ] [ -l login ] [-n ] [ -x ] [ -f / -F ] host command\n");
-    exit(1);
-}
-
-
-
-krb5_sigtype sendsig(signo)
-     char signo;
-{
-    (void) rcmd_stream_write(rfd2, &signo, 1, 1);
-}
-
-
-
-#ifdef KERBEROS
-void try_normal(argv)
-     char **argv;
-{
-    char *host;
-
-#ifndef KRB5_ATHENA_COMPAT
-    if (encrypt_flag)
-	exit(1);
-#endif
-    /*
-     * if we were invoked as 'rsh host mumble', strip off the rsh
-     * from arglist.
-     *
-     * We always want to call the Berkeley rsh as 'host mumble'
-     */
-    host = strrchr(argv[0], '/');
-    if (host)
-      host++;
-    else
-      host = argv[0];
-
-    if (!strcmp(host, "rsh"))
-      argv++;
-
-    fprintf(stderr,"trying normal rsh (%s)\n",
-	    UCB_RSH);
-    fflush(stderr);
-    execv(UCB_RSH, argv);
-    perror("exec");
-    exit(1);
-}
-#endif /* KERBEROS */
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
deleted file mode 100644
index d491e6e..0000000
--- a/src/appl/bsd/krshd.c
+++ /dev/null
@@ -1,2047 +0,0 @@
-/*
- *	appl/bsd/krshd.c
- */
-
-/*
- * Copyright (c) 1983 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-  "@(#) Copyright (c) 1983 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)rshd.c	5.12 (Berkeley) 9/12/88 */
-
-     /*
-      * remote shell server:
-      *	remuser\0
-      *	locuser\0
-      *	command\0
-      *	data
-      */
-
-/*
- * This is the rshell daemon. The very basic protocol for checking
- * authentication and authorization is:
- * 1) Check authentication.
- * 2) Check authorization via the access-control files:
- *    ~/.k5login (using krb5_kuserok)
- * Execute command if configured authoriztion checks pass, else deny
- * permission.
- */
-
-/* DEFINES:
- *   KERBEROS - Define this if application is to be kerberised.
- *   LOG_ALL_LOGINS - Define this if you want to log all logins.
- *   LOG_OTHER_USERS - Define this if you want to log all principals that do
- *              not map onto the local user.
- *   LOG_REMOTE_REALM - Define this if you want to log all principals from
- *              remote realms.
- *   LOG_CMD - Define this if you want to log not only the user but also the
- *             command executed. This only decides the type of information
- *             logged. Whether or not to log is still decided by the above
- *             three DEFINES.
- *       Note:  Root account access is always logged.
- */
-
-#define SERVE_NON_KRB
-#define LOG_REMOTE_REALM
-#define LOG_CMD
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef __SCO__
-#include <sys/unistd.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-
-#include <fcntl.h>
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include <stdio.h>
-#include <grp.h>
-#include <errno.h>
-#include <pwd.h>
-#include <ctype.h>
-#include <string.h>
-#include <libpty.h>
-#include <sys/wait.h>
-
-#ifdef HAVE_SYS_LABEL_H
-/* only SunOS 4? */
-#include <sys/label.h>
-#include <sys/audit.h>
-#include <pwdadj.h>
-#endif
-#include <stdarg.h>
-
-#include <signal.h>
-#include <netdb.h>
-
-#ifdef CRAY
-#ifndef NO_UDB
-#include <udb.h>
-#endif  /* !NO_UDB */
-#include <sys/category.h>
-#include <netinet/ip.h>
-#include <sys/tfm.h>
-#include <sys/nal.h>
-#include <sys/secparm.h>
-#include <sys/usrv.h>
-#include <sys/utsname.h>
-#include <sys/sysv.h>
-#include <sys/slrec.h>
-#include <sys/unistd.h>
-#include <path.h>
-#endif /* CRAY */
-
-#include <syslog.h>
-
-#ifdef POSIX_TERMIOS
-#include <termios.h>
-#endif
-
-#ifdef HAVE_SYS_FILIO_H
-/* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
-#include <sys/filio.h>
-#endif
-
-#ifdef KERBEROS
-#include "k5-int.h"
-#include <com_err.h>
-#include "loginpaths.h"
-#include <k5-util.h>
-#include <k5-platform.h>
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#if defined(_PATH_NOLOGIN)
-#define NOLOGIN		_PATH_NOLOGIN
-#else
-#define NOLOGIN		"/etc/nologin"
-#endif
-
-#include "defines.h"
-
-#if HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-
-#ifndef MAXDNAME
-#define MAXDNAME 256 /*per the rfc*/
-#endif
-
-#define ARGSTR	"ek5ciD:S:M:AP:?L:w:"
-
-
-
-
-#define MAXRETRIES 4
-
-krb5_context bsd_context;
-char *srvtab = NULL;
-krb5_keytab keytab = NULL;
-krb5_ccache ccache = NULL;
-
-void fatal(int, const char *);
-
-int require_encrypt = 0;
-int do_encrypt = 0;
-int anyport = 0;
-char *kprogdir = KPROGDIR;
-int netf;
-int maxhostlen = 0;
-int stripdomain = 1;
-int always_ip = 0;
-
-static krb5_error_code recvauth(int netfd, struct sockaddr *peersin,
-				int *valid_checksum);
-
-#else /* !KERBEROS */
-
-#define ARGSTR	"RD:?"
-
-#endif /* KERBEROS */
-
-static int accept_a_connection (int debug_port, struct sockaddr *from,
-				socklen_t *fromlenp);
-
-#ifndef HAVE_KILLPG
-#define killpg(pid, sig) kill(-(pid), (sig))
-#endif
-
-int checksum_required = 0, checksum_ignored = 0;
-char *progname;
-
-#define MAX_PROG_NAME 10
-
-/* Leave room for 4 environment variables to be passed */
-#define MAXENV 4
-#define SAVEENVPAD 0,0,0,0 /* padding for envinit slots */
-char *save_env[MAXENV];
-int num_env = 0;
-
-#ifdef CRAY
-int     secflag;
-extern
-#endif /* CRAY */
-
-void 	error (char *fmt, ...)
-#if !defined (__cplusplus) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7))
-       __attribute__ ((__format__ (__printf__, 1, 2)))
-#endif
-     ;
-
-void usage(void), getstr(int, char *, int, char *),
-    doit(int, struct sockaddr *);
-
-#ifndef HAVE_INITGROUPS
-int initgroups(char* name, gid_t basegid) {
-  gid_t others[NGROUPS_MAX+1];
-  int ngrps;
-
-  others[0] = basegid;
-  ngrps = getgroups(NGROUPS_MAX, others+1);
-  return setgroups(ngrps+1, others);
-}
-#endif
-
-
-int main(argc, argv)
-     int argc;
-     char **argv;
-{
-#if defined(BSD) && BSD+0 >= 43
-    struct linger linger;
-#endif
-    int on = 1;
-    socklen_t fromlen;
-    struct sockaddr_storage from;
-    extern int opterr, optind;
-    extern char *optarg;
-    int ch;
-    int fd;
-    int debug_port = 0;
-#ifdef KERBEROS
-    krb5_error_code status;
-#endif
-
-#ifdef CRAY
-    secflag = sysconf(_SC_CRAY_SECURE_SYS);
-#endif
-
-    progname = strrchr (*argv, '/');
-    progname = progname ? progname + 1 : *argv;
-
-#ifndef LOG_ODELAY /* 4.2 syslog */
-    openlog(progname, LOG_PID);
-#else
-#ifndef LOG_AUTH
-#define LOG_AUTH 0
-#endif
-    openlog(progname, LOG_PID | LOG_ODELAY, LOG_AUTH);
-#endif /* 4.2 syslog */
-
-#ifdef KERBEROS
-    status = krb5_init_context(&bsd_context);
-    if (status) {
-	    syslog(LOG_ERR, "Error initializing krb5: %s",
-		   error_message(status));
-	    exit(1);
-    }
-#endif
-
-    /* Analyze parameters. */
-    opterr = 0;
-    while ((ch = getopt(argc, argv, ARGSTR)) != -1)
-      switch (ch) {
-#ifdef KERBEROS
-	case 'k':
-	break;
-
-      case '5':
-	break;
-      case 'c':
-	checksum_required = 1;
-	break;
-      case 'i':
-	checksum_ignored = 1;
-	break;
-
-        case 'e':
-	require_encrypt = 1;
-	  break;
-
-	case 'S':
-	  if ((status = krb5_kt_resolve(bsd_context, optarg, &keytab))) {
-	      com_err(progname, status, "while resolving srvtab file %s",
-		      optarg);
-	      exit(2);
-	  }
-	  break;
-
-	case 'M':
-	  krb5_set_default_realm(bsd_context, optarg);
-	  break;
-
-	case 'A':
-	  anyport = 1;
-	  break;
-
-	case 'P':
-	  kprogdir = optarg;
-	  break;
-
-        case 'L':
-	  if (num_env < MAXENV) {
-		  save_env[num_env] = strdup(optarg);
-		  if(!save_env[num_env++]) {
-			  com_err(progname, ENOMEM, "in saving environment");
-			  exit(2);
-		  }
-	  } else  {
-		  fprintf(stderr, "%s: Only %d -L arguments allowed\n",
-			  progname, MAXENV);
-		  exit(2);
-	  }
-	  break;
-#endif
-	case 'D':
-	  debug_port = atoi(optarg);
-	  break;
-      case 'w':
-	  if (!strcmp(optarg, "ip"))
-	      always_ip = 1;
-	  else {
-	      char *cp;
-	      cp = strchr(optarg, ',');
-	      if (cp == NULL)
-		  maxhostlen = atoi(optarg);
-	      else if (*(++cp)) {
-		  if (!strcmp(cp, "striplocal"))
-		      stripdomain = 1;
-		  else if (!strcmp(cp, "nostriplocal"))
-		      stripdomain = 0;
-		  else {
-		      usage();
-		      exit(1);
-		  }
-		  *(--cp) = '\0';
-		  maxhostlen = atoi(optarg);
-	      }
-	  }
-	  break;
-      case '?':
-      default:
-	  usage();
-	  exit(1);
-	  break;
-      }
-
-    if (optind == 0) {
-	usage();
-	exit(1);
-    }
-
-    argc -= optind;
-    argv += optind;
-
-    fromlen = sizeof (from);
-
-    if (debug_port)
-	fd = accept_a_connection(debug_port, (struct sockaddr *)&from,
-				 &fromlen);
-    else {
-	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
-	    fprintf(stderr, "%s: ", progname);
-	    perror("getpeername");
-	    _exit(1);
-	}
-
-	fd = 0;
-    }
-
-/*
- * AIX passes an IPv4-mapped IPv6 address back from getpeername, but if
- * that address is later used in connect(), it returns an error.  Convert
- * IPv4-mapped IPv6 addresses to simple IPv4 addresses on AIX (but don't
- * do this everywhere since it isn't always the right thing to do, just
- * the least wrong on AIX).
- */
-#if defined(_AIX) && defined(KRB5_USE_INET6)
-    if (((struct sockaddr*)&from)->sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa2sin6(&from)->sin6_addr)) {
-	sa2sin(&from)->sin_len = sizeof(struct sockaddr_in);
-	sa2sin(&from)->sin_family = AF_INET;
-	sa2sin(&from)->sin_port = sa2sin6(&from)->sin6_port;
-	memmove(&(sa2sin(&from)->sin_addr.s_addr), &(sa2sin6(&from)->sin6_addr.u6_addr.u6_addr8[12]), 4);
-    }
-#endif
-
-    if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
-		   sizeof (on)) < 0)
-	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-#if defined(BSD) && BSD+0 >= 43
-    linger.l_onoff = 1;
-    linger.l_linger = 60;			/* XXX */
-    if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&linger,
-		   sizeof (linger)) < 0)
-	syslog(LOG_WARNING , "setsockopt (SO_LINGER): %m");
-#endif
-
-    if (checksum_required&&checksum_ignored) {
-	syslog(LOG_CRIT, "Checksums are required and ignored; these options are mutually exclusive--check the documentation.");
-	fatal(fd, "Configuration error: mutually exclusive options specified");
-    }
-
-    doit(dup(fd), (struct sockaddr *) &from);
-    return 0;
-}
-
-#ifdef CRAY
-char    username[32] = "LOGNAME=";
-#include <tmpdir.h>
-char tmpdir[64] = "TMPDIR=";
-#else
-char	username[20] = "USER=";
-#endif
-
-char	homedir[64] = "HOME=";
-char	shell[64] = "SHELL=";
-char    term[64] = "TERM=network";
-char	path_rest[] = RPATH;
-
-char	remote_addr[64+NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */
-char	remote_port[64+NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */
-char	local_addr[64+NI_MAXHOST]; /* = "KRB5LOCALADDR=" */
-char	local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
-#define ADDRPAD 0,0,0,0
-#define KRBPAD 0		/* KRB5CCNAME, optional */
-
-/* The following include extra space for TZ and MAXENV pointers... */
-#define COMMONVARS homedir, shell, 0/*path*/, username, term
-#ifdef CRAY
-char    *envinit[] =
-{COMMONVARS, "TZ=GMT0", tmpdir, SAVEENVPAD, KRBPAD, ADDRPAD, 0};
-#define TMPDIRENV 6
-char    *getenv();
-#else /* CRAY */
-#ifdef KERBEROS
-char    *envinit[] =
-{COMMONVARS, 0/*tz*/, SAVEENVPAD, KRBPAD, ADDRPAD, 0};
-#else /* KERBEROS */
-char	*envinit[] =
-{COMMONVARS, 0/*tz*/, SAVEENVPAD, ADDRPAD, 0};
-#endif /* KERBEROS */
-#endif /* CRAY */
-
-#define TZENV 5
-#define PATHENV 2
-
-extern char	**environ;
-char ttyn[12];		/* Line string for wtmp entries */
-
-#ifdef CRAY
-#define SIZEOF_INADDR  SIZEOF_in_addr
-int maxlogs;
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-#ifndef NCARGS
-/* linux doesn't seem to have it... */
-#define NCARGS 1024
-#endif
-
-#define NMAX   16
-
-int pid;
-char locuser[NMAX+1];
-char remuser[NMAX +1];
-char cmdbuf[NCARGS+1];
-char *kremuser;
-krb5_principal client;
-krb5_authenticator *kdata;
-
-static void
-ignore_signals()
-{
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-
-    (void)sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_IGN;
-    (void)sigaction(SIGINT, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGQUIT, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGTERM, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGHUP, &sa, (struct sigaction *)0);
-
-    (void)kill(-pid, SIGTERM);
-#else
-    signal(SIGINT, SIG_IGN);
-    signal(SIGQUIT, SIG_IGN);
-    signal(SIGTERM, SIG_IGN);
-    signal(SIGPIPE, SIG_IGN);
-    signal(SIGHUP, SIG_IGN);
-
-    killpg(pid, SIGTERM);
-#endif
-}
-
-static krb5_sigtype
-cleanup(signumber)
-     int signumber;
-{
-    ignore_signals();
-    wait(0);
-
-    pty_logwtmp(ttyn,"","");
-    syslog(LOG_INFO ,"Daemon terminated via signal %d.", signumber);
-    if (ccache)
-	krb5_cc_destroy(bsd_context, ccache);
-    exit(0);
-}
-
-
-void doit(f, fromp)
-     int f;
-     struct sockaddr *fromp;
-{
-    char *cp;
-#ifdef KERBEROS
-    krb5_error_code status;
-#endif
-    int valid_checksum;
-    int cnt;
-    char *crypt();
-    struct passwd *pwd;
-    char *path;
-#ifdef CRAY
-#ifndef NO_UDB
-    struct udb    *ue;
-    struct udb ue_static;
-    extern struct udb *getudbnam();
-#endif
-    extern struct passwd *getpwnam(), *getpwuid();
-    static int      jid;
-    int error();
-    int paddr;
-    struct  nal nal;
-    int     nal_error;
-    struct usrv usrv;
-    struct  sysv sysv;
-    char    *makejtmp(), *jtmpnam = 0;
-    int packet_level;               /* Packet classification level */
-    long packet_compart;            /* Packet compartments */
-#endif  /* CRAY */
-
-    int s = -1;
-    char hostname[NI_MAXHOST];
-    char *sane_host;
-    char hostaddra[NI_MAXHOST];
-    int aierr;
-    short port;
-    int pv[2], pw[2], px[2], cc;
-    fd_set ready, readfrom;
-    char buf[RCMD_BUFSIZ], sig;
-    struct sockaddr_storage localaddr;
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-#endif
-
-#ifdef IP_TOS
-/* solaris has IP_TOS, but only IPTOS_* values */
-#ifdef HAVE_GETTOSBYNAME
-    struct tosent *tp;
-
-
-    if ((tp = gettosbyname("interactive", "tcp")) &&
-	(setsockopt(f, IPPROTO_IP, IP_TOS, &tp->t_tos, sizeof(int)) < 0))
-#ifdef  TOS_WARN
-      syslog(LOG_NOTICE, "setsockopt (IP_TOS): %m");
-#else
-    ;       /* silently ignore TOS errors in 6E */
-#endif
-#endif
-#endif /* IP_TOS */
-
-    {
-	socklen_t sin_len = sizeof (localaddr);
-	if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) {
-	    perror("getsockname");
-	    exit(1);
-	}
-    }
-
-#ifdef POSIX_SIGNALS
-    (void)sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-    sa.sa_handler = SIG_DFL;
-    (void)sigaction(SIGINT, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGQUIT, &sa, (struct sigaction *)0);
-    (void)sigaction(SIGTERM, &sa, (struct sigaction *)0);
-#else
-    signal(SIGINT, SIG_DFL);
-    signal(SIGQUIT, SIG_DFL);
-    signal(SIGTERM, SIG_DFL);
-#endif
-#ifdef DEBUG
-    { int t = open("/dev/tty", 2);
-      if (t >= 0) {
-	  ioctl(t, TIOCNOTTY, (char *)0);
-	  (void) close(t);
-      }
-  }
-#endif
-    if (fromp->sa_family != AF_INET
-#if defined(KRB5_USE_INET6) && defined(KERBEROS)
-	&& fromp->sa_family != AF_INET6
-#endif
-	) {
-	syslog(LOG_ERR , "malformed from address\n");
-	exit(1);
-    }
-#ifdef KERBEROS
-    netf = f;
-#else
-    {
-	struct sockaddr_in *frompin = sa2sin(fromp);
-	frompin->sin_port = ntohs((u_short)frompin->sin_port);
-	if (frompin->sin_port >= IPPORT_RESERVED ||
-	    frompin->sin_port < IPPORT_RESERVED/2) {
-	    syslog(LOG_ERR , "connection from bad port\n");
-	    exit(1);
-	}
-    }
-#endif /* KERBEROS */
-
-#ifdef CRAY
-
-    /* If this is a secure system then get the packet classification
-       of f.  ( Note IP_SECURITY is checked in get_packet_classification:
-       if it's not set then the user's (root) default
-       classification level and compartments are returned. )
-       Then set this process to that level/compart so that the stderr
-       connection will be labeled appropriately.
-       */
-    if (secflag) {
-	if (get_packet_classification(f,getuid(),
-				      &packet_level,&packet_compart) < 0) {
-	    syslog(LOG_ERR, "cannot get ip packet level\n");
-	    exit(1);
-	}
-	if(secflag == TFM_UDB_5) {
-	    if(setucmp(packet_compart, C_PROC) != 0) {
-		error("Unable to setucmp.\n");
-		exit(1);
-	    }
-	} else if(secflag == TFM_UDB_6) {
-	    if(setulvl(packet_level,C_PROC) != 0) {
-		error("Unable to setulvl.\n");
-		exit(1);
-	    }
-	    if(setucmp(packet_compart, C_PROC) != 0) {
-		error("Unable to setucmp.\n");
-		exit(1);
-	    }
-	}
-
-    }
-#endif /* CRAY */
-
-    (void) alarm(60);
-    port = 0;
-    for (;;) {
-	char c;
-	if ((cc = read(f, &c, 1)) != 1) {
-	    if (cc < 0)
-	      syslog(LOG_NOTICE , "read: %m");
-	    shutdown(f, 1+1);
-	    exit(1);
-	}
-	if (c == 0)
-	  break;
-	port = port * 10 + c - '0';
-    }
-    (void) alarm(0);
-    if (port != 0) {
-	if (anyport) {
-	    int addrfamily = fromp->sa_family;
-	    s = getport(0, &addrfamily);
-	} else {
-	    int lport = IPPORT_RESERVED - 1;
-#ifdef HAVE_RRESVPORT_AF
-	    s = rresvport_af(&lport, fromp->sa_family);
-#else
-	    s = rresvport(&lport);
-#endif
-	}
-	if (s < 0) {
-	    syslog(LOG_ERR ,
-		   "can't get stderr port: %m");
-	    exit(1);
-	}
-#ifndef KERBEROS
-	if (port >= IPPORT_RESERVED) {
-	    syslog(LOG_ERR , "2nd port not reserved\n");
-	    exit(1);
-	}
-#endif /* KERBEROS */
-	switch (fromp->sa_family) {
-	case AF_INET:
-	    sa2sin(fromp)->sin_port = htons((u_short)port);
-	    break;
-#ifdef KRB5_USE_INET6
-	case AF_INET6:
-	    sa2sin6(fromp)->sin6_port = htons((u_short)port);
-	    break;
-#endif
-	}
-	if (connect(s, (struct sockaddr *)fromp, socklen(fromp)) < 0) {
-	    syslog(LOG_INFO ,
-		   "connect second port: %m");
-	    exit(1);
-	}
-    }
-    dup2(f, 0);
-    dup2(f, 1);
-    dup2(f, 2);
-    aierr = getnameinfo(fromp, socklen(fromp), hostname, sizeof(hostname),
-			0, 0, 0);
-    if (aierr) {
-	error("failed to get remote host address: %s", gai_strerror(aierr));
-	exit(1);
-    }
-    aierr = getnameinfo(fromp, socklen(fromp), hostaddra, sizeof(hostaddra),
-			0, 0, NI_NUMERICHOST);
-    if (aierr) {
-	error("failed to get remote host address: %s", gai_strerror(aierr));
-	exit(1);
-    }
-
-#ifdef KERBEROS
-    status = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen,
-				    stripdomain, always_ip, &sane_host);
-    if (status) {
-	error("failed make_sane_hostname: %s\n", error_message(status));
-	exit(1);
-    }
-
-    if ((status = recvauth(f, fromp, &valid_checksum))) {
-	error("Authentication failed: %s\n", error_message(status));
-	exit(1);
-    }
-#else
-    getstr(f, remuser, sizeof(remuser), "remuser");
-    getstr(f, locuser, sizeof(locuser), "locuser");
-    getstr(f, cmdbuf, sizeof(cmdbuf), "command");
-    rcmd_stream_init_normal();
-#endif /* KERBEROS */
-
-#ifdef CRAY
-    paddr = inet_addr(inet_ntoa(fromp->sin_addr));
-    if(secflag){
-	/*
-	 *      check network authorization list
-	 */
-	if (fetchnal(paddr,&nal) < 0) {
-	    /*
-	     *      NAL file inaccessible, abort connection.
-	     */
-	    error("Permission denied.\n");
-	    exit(1);
-	}
-    }
-#endif /* CRAY */
-
-    pwd = getpwnam(locuser);
-    if (pwd == (struct passwd *) 0 ) {
-	syslog(LOG_ERR ,
-	       "Principal %s (%s@%s (%s)) for local user %s has no account.\n",
-	       kremuser, remuser, hostaddra, hostname,
-	       locuser); /* xxx sprintf buffer in syslog*/
-	error("Login incorrect.\n");
-	exit(1);
-    }
-
-#ifdef CRAY
-    /* Setup job entry, and validate udb entry.
-       ( against packet level also ) */
-    if ((jid = setjob(pwd->pw_uid, 0)) < 0) {
-	error("Unable to create new job.\n");
-	exit(1);
-    }
-    if ((jtmpnam = makejtmp(pwd->pw_uid, pwd->pw_gid, jid))) {
-	register int pid, tpid;
-	int status;
-	switch(pid = fork()) {
-	  case -1:
-	    cleanjtmp(locuser, jtmpnam);
-	    envinit[TMPDIRENV] = 0;
-	    break;
-	  case 0:
-	    break;
-	  default:
-	    close(0);
-	    close(1);
-	    close(2);
-	    close(f);
-	    if (port)
-	      close(s);
-	    while ((tpid = wait(&status)) != pid) {
-		if (tpid < 0)
-		  break;
-	    }
-	    cleanjtmp(locuser, jtmpnam);
-	    exit(status>>8);
-	    /* NOTREACHED */
-	}
-    } else {
-	envinit[TMPDIRENV] = 0;
-    }
-#ifndef NO_UDB
-    (void)getsysudb();
-
-    if ((ue = getudbnam(pwd->pw_name)) == (struct udb *)NULL) {
-	error("Unable to fetch account id.\n");
-	exit(1);
-    }
-    ue_static = *ue;                /* save from setlimits call */
-    endudb();
-    if (secflag) {
-	if(getsysv(&sysv, sizeof(struct sysv)) != 0) {
-	    loglogin(sane_host, SLG_LLERR, 0, ue);
-	    error("Permission denied.\n");
-	    exit(1);
-	}
-	if ((packet_level != ue->ue_deflvl) ||
-	    ((packet_compart & ue->ue_comparts) != packet_compart )){
-	    loglogin(sane_host, SLG_LLERR, 0, ue);
-	    error("Permission denied.\n");
-	    exit(1);
-	}
-	if (ue->ue_disabled != 0) {
-	    loglogin(sane_host,SLG_LOCK,ue->ue_logfails,ue);
-	    error("Permission denied.\n");
-	    exit(1);
-	}
-	maxlogs = sysv.sy_maxlogs;
-    }
-    if (acctid(getpid(), ue->ue_acids[0]) == -1) {
-	error("Unable to set account id.\n");
-	exit(1);
-    }
-    if (setshares(pwd->pw_uid, acctid(0, -1), error, 1, 0)) {
-	error("Unable to set shares.\n");
-	exit(1);
-    }
-    if (setlimits(pwd->pw_name, C_PROC, getpid(), UDBRC_INTER)) {
-	error("Unable to set limits.\n");
-	exit(1);
-    }
-    if (setlimits(pwd->pw_name, C_JOB, jid, UDBRC_INTER)) {
-	error("Unable to set limits.\n");
-	exit(1);
-    }
-    ue = &ue_static;                /* restore after setlimits call */
-    endudb();			/* setlimits opens udb and leaves it
-				   open so close it here. */
-#endif  /* !NO_UDB */
-#endif /*CRAY*/
-
-    /* Setup wtmp entry : we do it here so that if this is a CRAY
-       the Process Id is correct and we have not lost our trusted
-       privileges. */
-    if (port) {
-	/* Place entry into wtmp */
-	snprintf(ttyn,sizeof(ttyn),"krsh%ld",(long) (getpid() % 9999999));
-	pty_logwtmp(ttyn,locuser,sane_host);
-    }
-    /*      We are simply execing a program over rshd : log entry into wtmp,
-	    as kexe(pid), then finish out the session right after that.
-	    Syslog should have the information as to what was exec'd */
-    else {
-	pty_logwtmp(ttyn,locuser,sane_host);
-    }
-
-#ifdef CRAY
-
-    /* If  we are a secure system then we need to get rid of our
-       trusted facility, so that MAC on the chdir we work. Before we
-       do this make an entry into wtmp, and any other audit recording. */
-
-    if (secflag) {
-	if (getusrv(&usrv)){
-	    syslog(LOG_ERR,"Cannot getusrv");
-	    error("Permission denied.\n");
-	    loglogin(sane_host, SLG_LVERR, ue->ue_logfails,ue);
-	    goto signout_please;
-	}
-	/*
-	 *      6.0 no longer allows any form ofTRUSTED_PROCESS logins.
-	 */
-	if((ue->ue_valcat & TFM_TRUSTED) ||
-	   (sysv.sy_oldtfm &&
-	    ((ue->ue_comparts & TRUSTED_SUBJECT) == TRUSTED_SUBJECT))) {
-	    loglogin(sane_host, SLG_TRSUB, ue->ue_logfails,ue);
-	    error("Permission denied.\n");
-	    goto signout_please;
-	}
-
-	loglogin(sane_host, SLG_OKLOG, ue->ue_logfails,ue);
-
-	/*	Setup usrv structure with user udb info and
-		packet_level and packet_compart. */
-	usrv.sv_actlvl = packet_level;
-	usrv.sv_actcmp = packet_compart; /*Note get_packet_level sets
-					   compartment to users default
-					   compartments....*/
-	usrv.sv_permit = ue->ue_permits;
-	usrv.sv_intcls = ue->ue_intcls;
-	usrv.sv_maxcls = ue->ue_maxcls;
-	usrv.sv_intcat = ue->ue_intcat;
-	usrv.sv_valcat = ue->ue_valcat;
-	usrv.sv_savcmp = 0;
-	usrv.sv_savlvl = 0;
-
-	/*
-	 *      Set user values to workstation boundaries
-	 */
-#ifdef MIN
-#undef MIN
-#endif
-#ifdef MAX
-#undef MAX
-#endif
-
-#define MIN(a,b) ((a) < (b) ? (a) : (b))
-#define MAX(a,b) ((a) > (b) ? (a) : (b))
-
-	nal_error = 0;
-
-	if (nal.na_sort) {
-	    if ((ue->ue_minlvl > nal.na_smax) ||
-		(ue->ue_maxlvl < nal.na_smin))
-	      nal_error++;
-	    else {
-		usrv.sv_minlvl=MAX(ue->ue_minlvl, nal.na_smin);
-		usrv.sv_maxlvl=MIN(ue->ue_maxlvl, nal.na_smax);
-
-#ifndef IP_SECURITY
-
-		if (usrv.sv_actlvl < usrv.sv_minlvl)
-		    usrv.sv_actlvl = usrv.sv_minlvl;
-		if (usrv.sv_actlvl > usrv.sv_maxlvl)
-		  usrv.sv_actlvl = usrv.sv_maxlvl;
-
-#else /*IP_SECURITY*/
-		if (usrv.sv_actlvl < usrv.sv_minlvl)
-		  nal_error++;
-		if (usrv.sv_actlvl > usrv.sv_maxlvl)
-		  nal_error++;
-		if (usrv.sv_actlvl != ue->ue_deflvl)
-		  nal_error++;
-
-		usrv.sv_valcmp = ue->ue_comparts & nal.na_scmp;
-		usrv.sv_actcmp &= nal.na_scmp;
-#endif /*IP_SECURITY*/
-		usrv.sv_valcmp = ue->ue_comparts & nal.na_scmp;
-		usrv.sv_actcmp = (usrv.sv_valcmp &
-				  ue->ue_defcomps);
-	    }
-	} else {
-	    /*
-	     *      If the user's minimum level is greater than
-	     *      zero, they cannot log on from this (ie. an
-	     *      unclassified) host.
-	     */
-	    if (ue->ue_minlvl > 0)
-	      nal_error++;
-	    /*
-	     *      Address not in NAL, if EXEMPT_NAL is not
-	     *      true, then even an unclassified user is
-	     *      not allowed.
-	     */
-	    if (!EXEMPT_NAL)
-		nal_error++;
-	    else {
-		usrv.sv_minlvl = 0;
-		usrv.sv_maxlvl = 0;
-		usrv.sv_valcmp = 0;
-		usrv.sv_actcmp = 0;
-		usrv.sv_actlvl = 0;
-	    }
-	}
-	if (nal_error) {
-	    loglogin(sane_host, SLG_LVERR, ue->ue_logfails,ue);
-	    error("Permission denied.\n");
-	    goto signout_please;
-	}
-#undef  MIN
-#undef  MAX
-	/* Before the setusrv is done then do a sethost for paddr */
-	sethost(paddr);
-
-	if (setusrv(&usrv) == -1) {
-	    loglogin(sane_host, SLG_LVERR, ue->ue_logfails,ue);
-	    error("Permission denied.\n");
-	    goto signout_please;
-	}
-	if (getusrv(&usrv) == -1) {
-	    error("Getusrv Permission denied.\n");
-	    goto signout_please;
-	}
-
-    }
-#endif /*CRAY*/
-
-    if (chdir(pwd->pw_dir) < 0) {
-      if(chdir("/") < 0) {
-      	error("No remote directory.\n");
-	goto signout_please;
-      }
-	   pwd->pw_dir = "/";
-    }
-
-#ifdef KERBEROS
-    /* krb5_kuserok returns 1 if OK */
-    if (!krb5_kuserok(bsd_context, client, locuser)){
-	syslog(LOG_ERR ,
-	       "Principal %s (%s@%s (%s)) for local user %s failed krb5_kuserok.\n",
-	       kremuser, remuser, hostaddra, hostname, locuser);
-	error("Permission denied.\n");
-	goto signout_please;
-    }
-#else
-    if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
-	ruserok(hostname[0] ? hostname : hostaddra,
-		pwd->pw_uid == 0, remuser, locuser) < 0) {
-	error("Permission denied.\n");
-	goto signout_please;
-    }
-#endif /* KERBEROS */
-
-
-    if (checksum_required && !valid_checksum) {
-	syslog(LOG_WARNING, "Client did not supply required checksum--connection rejected.");
-	error( "You are using an old Kerberos5 client without checksum support; only newer clients are authorized.\n");
-	goto signout_please;
-    }
-    if (require_encrypt&&(!do_encrypt)) {
-	error("You must use encryption.\n");
-	goto signout_please;
-    }
-
-    if (pwd->pw_uid && !access(NOLOGIN, F_OK)) {
-	error("Logins currently disabled.\n");
-	goto signout_please;
-    }
-
-    /* Log access to account */
-    pwd = (struct passwd *) getpwnam(locuser);
-    if (pwd && (pwd->pw_uid == 0)) {
-#ifdef LOG_CMD
-	syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as ROOT",
-	       cmdbuf, kremuser, remuser, hostaddra, hostname);
-#else
-	syslog(LOG_NOTICE ,"Access as ROOT by principal %s (%s@%s (%s))",
-	       kremuser, remuser, hostaddra, hostname);
-#endif
-    }
-#if defined(KERBEROS) && defined(LOG_REMOTE_REALM) && !defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
-    /* Log if principal is from a remote realm */
-    else if (client && !default_realm(client))
-#endif
-
-#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
-    /* Log if principal name does not map to local username */
-    else if (client && !princ_maps_to_lname(client, locuser))
-#endif /* LOG_OTHER_USERS */
-
-#ifdef LOG_ALL_LOGINS /* Log everything */
-    else
-#endif
-
-#if defined(LOG_REMOTE_REALM) || defined(LOG_OTHER_USERS) || defined(LOG_ALL_LOGINS)
-      {
-#ifdef LOG_CMD
-	  syslog(LOG_NOTICE, "Executing %s for principal %s (%s@%s (%s)) as local user %s",
-		 cmdbuf, kremuser, remuser, hostaddra, hostname, locuser);
-#else
-	  syslog(LOG_NOTICE ,"Access as %s by principal %s (%s@%s (%s))",
-		 locuser, kremuser, remuser, hostaddra, hostname);
-#endif
-      }
-#endif
-
-    (void) write(2, "", 1);
-
-    if (port||do_encrypt) {
-	if (port&&(pipe(pv) < 0)) {
-	    error("Can't make pipe.\n");
-	    goto signout_please;
-	}
-	if (pipe(pw) < 0) {
-	    error("Can't make pipe 2.\n");
-	    goto signout_please;
-	}
-	if (pipe(px) < 0) {
-	    error("Can't make pipe 3.\n");
-	    goto signout_please;
-	}
-	pid = fork();
-	if (pid == -1)  {
-	    error("Fork failed.\n");
-	    goto signout_please;
-	}
-	if (pid) {
-	    int maxfd;
-#ifdef POSIX_SIGNALS
-	    sa.sa_handler = cleanup;
-	    (void)sigaction(SIGINT, &sa, (struct sigaction *)0);
-	    (void)sigaction(SIGQUIT, &sa, (struct sigaction *)0);
-	    (void)sigaction(SIGTERM, &sa, (struct sigaction *)0);
-	    (void)sigaction(SIGHUP, &sa, (struct sigaction *)0);
-
-	    sa.sa_handler = SIG_IGN;
-	    /* SIGPIPE is a crutch that we don't need if we check
-	       the exit status of write. */
-	    (void)sigaction(SIGPIPE, &sa, (struct sigaction *)0);
-	    (void)sigaction(SIGCHLD, &sa, (struct sigaction *)0);
-#else
-	    signal(SIGINT, cleanup);
-	    signal(SIGQUIT, cleanup);
-	    signal(SIGTERM, cleanup);
-	    signal(SIGHUP, cleanup);
-	    /* SIGPIPE is a crutch that we don't need if we check
-	       the exit status of write. */
-	    signal(SIGPIPE, SIG_IGN);
-	    signal(SIGCHLD,SIG_IGN);
-#endif
-
-	    (void) close(0); (void) close(1); (void) close(2);
-	    if(port)
-		(void) close(pv[1]);
-	    (void) close(pw[1]);
-	    (void) close(px[0]);
-
-
-
-	    FD_ZERO(&readfrom);
-	    FD_SET(f, &readfrom);
-	    maxfd = f;
-	    if(port) {
-		FD_SET(s, &readfrom);
-		if (s > maxfd)
-		    maxfd = s;
-		FD_SET(pv[0], &readfrom);
-		if (pv[0] > maxfd)
-		    maxfd = pv[0];
-	    }
-	    FD_SET(pw[0], &readfrom);
-	    if (pw[0] > maxfd)
-		maxfd = pw[0];
-
-	    /* read from f, write to px[1] -- child stdin */
-	    /* read from s, signal child */
-	    /* read from pv[0], write to s -- child stderr */
-	    /* read from pw[0], write to f -- child stdout */
-
-	    do {
-		ready = readfrom;
-		if (select(maxfd + 1, &ready, (fd_set *)0,
-			   (fd_set *)0, (struct timeval *)0) < 0) {
-		    if (errno == EINTR) {
-			continue;
-		    } else {
-			break;
-		}
-		}
-
-		if (port&&FD_ISSET(pv[0], &ready)) {
-		    /* read from the child stderr, write to the net */
-		    errno = 0;
-		    cc = read(pv[0], buf, sizeof (buf));
-		    if (cc <= 0) {
-			shutdown(s, 1+1);
-			FD_CLR(pv[0], &readfrom);
-		    } else {
-			(void) rcmd_stream_write(s, buf, (unsigned) cc, 1);
-		    }
-		}
-		if (FD_ISSET(pw[0], &ready)) {
-		    /* read from the child stdout, write to the net */
-		    errno = 0;
-		    cc = read(pw[0], buf, sizeof (buf));
-		    if (cc <= 0) {
-			shutdown(f, 1+1);
-			FD_CLR(pw[0], &readfrom);
-		    } else {
-			(void) rcmd_stream_write(f, buf, (unsigned) cc, 0);
-		    }
-		}
-		if (port&&FD_ISSET(s, &ready)) {
-		    /* read from the alternate channel, signal the child */
-		    if (rcmd_stream_read(s, &sig, 1, 1) <= 0) {
-			FD_CLR(s, &readfrom);
-		    } else {
-#ifdef POSIX_SIGNALS
-			sa.sa_handler = cleanup;
-			(void)sigaction(sig, &sa, (struct sigaction *)0);
-			kill(-pid, sig);
-#else
-			signal(sig, cleanup);
-			killpg(pid, sig);
-#endif
-		    }
-		}
-		if (FD_ISSET(f, &ready)) {
-		    /* read from the net, write to child stdin */
-		    errno = 0;
-		    cc = rcmd_stream_read(f, buf, sizeof(buf), 0);
-		    if (cc <= 0) {
-			(void) close(px[1]);
-			FD_CLR(f, &readfrom);
-		    } else {
-		        int wcc;
-		        wcc = write(px[1], buf, (unsigned) cc);
-			if (wcc == -1) {
-			  /* pipe closed, don't read any more */
-			  /* might check for EPIPE */
-			  (void) close(px[1]);
-			  FD_CLR(f, &readfrom);
-			} else if (wcc != cc) {
-			  syslog(LOG_INFO, "only wrote %d/%d to child",
-				 wcc, cc);
-			}
-		    }
-		}
-	    } while ((port&&FD_ISSET(s, &readfrom)) ||
-		     FD_ISSET(f, &readfrom) ||
-		     (port&&FD_ISSET(pv[0], &readfrom) )||
-		     FD_ISSET(pw[0], &readfrom));
-	    ignore_signals();
-#ifdef KERBEROS
-	    syslog(LOG_INFO ,
-		   "Shell process completed.");
-#endif
-	    /* Finish session in wmtp */
-	    pty_logwtmp(ttyn,"","");
-	    if (ccache)
-		krb5_cc_destroy(bsd_context, ccache);
-	    exit(0);
-	}
-#if defined(HAVE_SETSID)&&(!defined(ULTRIX))
-	setsid();
-#else
-#ifdef SETPGRP_TWOARG
-	setpgrp(0, getpid());
-#else
-	setpgrp();
-#endif /*setpgrp_twoarg*/
-#endif /*HAVE_SETSID*/
-	(void) close(s);
-	(void) close(f);
-	(void) close(pw[0]);
-	if (port)
-	    (void) close(pv[0]);
-	(void) close(px[1]);
-
-	(void) dup2(px[0], 0);
-	(void) dup2(pw[1], 1);
-	if(port)
-	    (void) dup2(pv[1], 2);
-	else dup2(pw[1], 2);
-
-	(void) close(px[0]);
-	(void) close(pw[1]);
-	if(port)
-	    (void) close(pv[1]);
-    }
-
-    /*      We are simply execing a program over rshd : log entry into wtmp,
-	    as kexe(pid), then finish out the session right after that.
-	    Syslog should have the information as to what was exec'd */
-    else {
-	pty_logwtmp(ttyn,"","");
-    }
-
-    if (*pwd->pw_shell == '\0')
-      pwd->pw_shell = "/bin/sh";
-    (void) close(f);
-    (void) setgid((gid_t)pwd->pw_gid);
-#ifndef sgi
-    if (getuid() == 0 || getuid() != pwd->pw_uid) {
-        /* For testing purposes, we don't call initgroups if we
-           already have the right uid, and it is not root.  This is
-           because on some systems initgroups outputs an error message
-           if not called by root.  */
-        initgroups(pwd->pw_name, pwd->pw_gid);
-    }
-#endif
-#ifdef	HAVE_SETLUID
-    /*
-     * If we're on a system which keeps track of login uids, then
-     * set the login uid.
-     */
-    if (setluid((uid_t) pwd->pw_uid) < 0) {
-	perror("setluid");
-	_exit(1);
-    }
-#endif	/* HAVE_SETLUID */
-    if (setuid((uid_t)pwd->pw_uid) < 0) {
-	perror("setuid");
-	_exit(1);
-    }
-    /* if TZ is set in the parent, drag it in */
-    {
-      char **findtz = environ;
-      while(*findtz) {
-	if(!strncmp(*findtz,"TZ=",3)) {
-	  envinit[TZENV] = *findtz;
-	  break;
-	}
-	findtz++;
-      }
-    }
-    strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
-    strncat(shell, pwd->pw_shell, sizeof(shell)-7);
-    strncat(username, pwd->pw_name, sizeof(username)-6);
-    if (asprintf(&path, "PATH=%s:%s", kprogdir, path_rest) < 0) {
-        perror("malloc");
-	_exit(1);
-    }
-    envinit[PATHENV] = path;
-
-    /* If we have KRB5CCNAME set, then copy into the
-     * child's environment.  This can't really have
-     * a fixed position because tz may or may not be set.
-     */
-    if (getenv("KRB5CCNAME")) {
-	int i;
-	char *buf2;
-	if (asprintf(&buf2, "KRB5CCNAME=%s",getenv("KRB5CCNAME")) >= 0) {
-
-	  for (i = 0; envinit[i]; i++);
-	  envinit[i] = buf2;
-	}
-    }
-
-    {
-      char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
-      int i;
-      /* these four are covered by ADDRPAD */
-
-      for (i = 0; envinit[i]; i++);
-
-      aierr = getnameinfo((struct sockaddr *)&localaddr,
-			  socklen((struct sockaddr *)&localaddr),
-			  hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
-			  NI_NUMERICHOST | NI_NUMERICSERV);
-      if (aierr)
-	  goto skip_localaddr_env;
-      snprintf(local_addr, sizeof(local_addr), "KRB5LOCALADDR=%s", hbuf);
-      envinit[i++] =local_addr;
-
-      snprintf(local_port, sizeof(local_port), "KRB5LOCALPORT=%s", sbuf);
-      envinit[i++] =local_port;
-    skip_localaddr_env:
-
-      aierr = getnameinfo(fromp, socklen(fromp),
-			  hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
-			  NI_NUMERICHOST | NI_NUMERICSERV);
-      if (aierr)
-	  goto skip_remoteaddr_env;
-      snprintf(remote_addr, sizeof(remote_addr), "KRB5REMOTEADDR=%s", hbuf);
-      envinit[i++] =remote_addr;
-
-      snprintf(remote_port, sizeof(remote_port), "KRB5REMOTEPORT=%s", sbuf);
-      envinit[i++] =remote_port;
-
-    skip_remoteaddr_env:
-      ;
-    }
-
-    /* If we do anything else, make sure there is space in the array. */
-
-    for(cnt=0; cnt < num_env; cnt++) {
-	    int i;
-	    char *buf2;
-
-	    if(getenv(save_env[cnt])) {
-		    if (asprintf(&buf2, "%s=%s", save_env[cnt],
-				 getenv(save_env[cnt])) >= 0) {
-			    for (i = 0; envinit[i]; i++);
-			    envinit[i] = buf2;
-		    }
-	    }
-    }
-
-    /* XXX - If we do anything else, make sure there is space in the array. */
-
-    environ = envinit;
-
-#ifdef KERBEROS
-    /* To make Kerberos rcp work correctly, we must ensure that we
-       invoke Kerberos rcp on this end, not normal rcp, even if the
-       shell startup files change PATH.  */
-    if (!strncmp(cmdbuf, "rcp ", 4) ||
-	(do_encrypt && !strncmp(cmdbuf, "-x rcp ", 7))) {
-        char *copy;
-	struct stat s2;
-	int offst = 0;
-
-	copy = strdup(cmdbuf);
-	if (copy == NULL) {
-	    perror("malloc");
-	    _exit(1);
-	}
-	if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) {
-		offst = 3;
-	}
-
-        strlcpy(cmdbuf + offst, kprogdir, sizeof(cmdbuf) - offst);
-	cp = copy + 3 + offst;
-
-	strlcat(cmdbuf, "/rcp", sizeof(cmdbuf));
-
-	if (stat((char *)cmdbuf + offst, &s2) >= 0)
-	  strlcat(cmdbuf, cp, sizeof(cmdbuf));
-	else
-	  strlcpy(cmdbuf, copy, sizeof(cmdbuf));
-	free(copy);
-    }
-#endif
-
-    cp = strrchr(pwd->pw_shell, '/');
-    if (cp)
-      cp++;
-    else
-      cp = pwd->pw_shell;
-
-    if (do_encrypt && !strncmp(cmdbuf, "-x ", 3)) {
-	execl(pwd->pw_shell, cp, "-c", (char *)cmdbuf + 3, (char *)NULL);
-    }
-    else {
-	execl(pwd->pw_shell, cp, "-c", cmdbuf, (char *)NULL);
-    }
-    perror(pwd->pw_shell);
-    perror(cp);
-    exit(1);
-
-  signout_please:
-    if (ccache)
-	krb5_cc_destroy(bsd_context, ccache);
-    ccache = NULL;
-    pty_logwtmp(ttyn,"","");
-    exit(1);
-}
-
-
-void
-#ifdef HAVE_STDARG_H
-error(char *fmt, ...)
-#else
-/*VARARGS1*/
-error(fmt, va_alist)
-     char *fmt;
-     va_dcl
-#endif
-{
-    va_list ap;
-    char buf[RCMD_BUFSIZ],  *cp = buf;
-
-#ifdef HAVE_STDARG_H
-    va_start(ap, fmt);
-#else
-    va_start(ap);
-#endif
-
-    *cp++ = 1;
-    (void) snprintf(cp, sizeof(buf) - (cp - buf), "%s: ", progname);
-    (void) vsnprintf(buf+strlen(buf), sizeof(buf) - strlen(buf), fmt, ap);
-    va_end(ap);
-    (void) write(2, buf, strlen(buf));
-    syslog(LOG_ERR ,"%s",buf+1);
-}
-
-
-void getstr(fd, buf, cnt, err)
-    int fd;
-    char *buf;
-    int cnt;
-    char *err;
-{
-    char c;
-
-    do {
-	if (read(fd, &c, 1) != 1)
-	  exit(1);
-	*buf++ = c;
-	if (--cnt == 0) {
-	    error("%s too long\n", err);
-	    exit(1);
-	}
-    } while (c != 0);
-}
-
-#ifdef	CRAY
-char *makejtmp(uid, gid, jid)
-     register int uid, gid, jid;
-{
-    register char *endc, *tdp = &tmpdir[strlen(tmpdir)];
-    register int i;
-
-    snprintf(tdp, sizeof(tmpdir) - (tdp - tmpdir), "%s/jtmp.%06d",
-	     JTMPDIR, jid);
-    endc = &tmpdir[strlen(tmpdir)];
-
-    endc[1] = '\0';
-    for (i = 0; i < 26; i++) {
-	endc[0] = 'a' + i;
-	if (mkdir(tdp, JTMPMODE) != -1) {
-	    chown(tdp, uid, gid);
-	    return (tdp);
-	} else if (errno != EEXIST)
-	  break;
-    }
-    return(NULL);
-}
-
-
-
-cleanjtmp(user, tpath)
-     register char *user, *tpath;
-{
-    switch(fork()) {
-      case -1:
-	break;
-      case 0:
-	if (secflag) {
-	    execl("/bin/rm", "rm", "-rf", tpath, 0);
-	    error("exec of %s failed; errno = %d\n",
-		  "/bin/rm", errno);
-	} else {
-	    execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0);
-	    error("exec of %s failed; errno = %d\n",
-		  CLEANTMPCMD, errno);
-	}
-	exit(1);
-	break;
-      default:
-	/*
-	 * Just forget about the child, let init will pick it
-	 * up after we exit.
-	 */
-	break;
-    }
-}
-
-
-
-/***get_packet_classification
- *
- *
- *      int get_packet_classification():
- *      Obtain packet level and compartments from passed fd...
- *
- *      Returns:
- *             -1: If could not get user defaults.
- *              0: success
- */
-#ifdef IP_SECURITY
-static int get_packet_classification(fd,useruid,level,comp)
-     int fd;
-     uid_t useruid;
-     int *level;
-     long *comp;
-{
-    struct socket_security pkt_sec;
-    struct udb *udb;
-    int retval;
-    int sockoptlen;
-
-    retval = 0;
-    getsysudb ();
-    udb = getudbuid ((int) useruid);
-    endudb ();
-    if (udb == (struct udb *) 0) return(-1);
-    /* Get packet IP packet label */
-    sockoptlen = SIZEOF_sec;
-    if ( getsockopt(fd,SOL_SOCKET,SO_SECURITY,
-		    (char *) &pkt_sec,&sockoptlen)){  /* Failed */
-	return(-2);
-    }
-    *level = pkt_sec.sec_level;
-    *comp = udb->ue_defcomps;
-    return(0);
-}
-
-#else  /* If no IP_SECURITY set level to users default */
-
-static int get_packet_classification(fd,useruid,level,comp)
-     int fd;
-     uid_t useruid;
-     int *level;
-     long *comp;
-{
-    struct udb    *udb;
-    getsysudb ();
-    udb = getudbuid ((int) useruid);
-    endudb ();
-    if (udb == (struct udb *) 0) return(-1);
-    *level = udb->ue_deflvl;
-    *comp = udb->ue_defcomps;
-    return(0);
-}
-
-#endif /* IP_SECURITY */
-
-
-
-/*
- * Make a security log entry for the login attempt.
- *     host = pointer to host id
- *     flag = status of login
- *     failures = current losing streak in login attempts
- */
-/* Make a security log entry for the login attempt.
- *  host = pointer to host id
- *  flag = status of login
- *  failures = current losing streak in login attempts
- */
-
-loglogin(host, flag, failures, ue)
-     char    *host;
-     int     flag;
-     int     failures;
-     struct udb * ue;
-{
-    char   urec[sizeof(struct slghdr) + sizeof(struct slglogin)];
-    struct slghdr   *uhdr = (struct slghdr *)urec;
-    struct slglogin *ulogin=(struct slglogin *)&urec[sizeof(struct slghdr)];
-
-    strncpy(ulogin->sl_line, ttyn, sizeof(ulogin->sl_line));
-    strncpy(ulogin->sl_host, host, sizeof(ulogin->sl_host));
-    ulogin->sl_failures = failures;
-    if ( maxlogs && (failures >= maxlogs))
-      flag |= SLG_DSABL;
-    ulogin->sl_result = flag;
-    uhdr->sl_uid = ue->ue_uid;
-    uhdr->sl_ruid = ue->ue_uid;
-    uhdr->sl_juid = ue->ue_uid;
-    uhdr->sl_gid = ue->ue_gids[0];
-    uhdr->sl_rgid = ue->ue_gids[0];
-    uhdr->sl_slvl = ue->ue_deflvl;
-    /*      uhdr->sl_scls = ue->ue_defcls;  enable for integrity policy */
-    uhdr->sl_olvl = 0;
-    uhdr->sl_len = sizeof(urec);
-
-#ifdef  CRAY2
-    slgentry(SLG_LOGN, (word *)urec);
-#else /*        ! CRAY2 */
-    slgentry(SLG_LOGN, (waddr_t)urec);
-#endif
-    return;
-}
-
-#endif /* CRAY */
-
-
-
-void usage()
-{
-#ifdef KERBEROS
-    syslog(LOG_ERR, "usage: kshd [-eciK]  ");
-#else
-    syslog(LOG_ERR, "usage: rshd");
-#endif
-}
-
-
-#ifdef KERBEROS
-
-#ifndef KRB_SENDAUTH_VLEN
-#define	KRB_SENDAUTH_VLEN 8	    /* length for version strings */
-#endif
-
-#define	KRB_SENDAUTH_VERS	"AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN
-					      chars */
-
-static krb5_error_code
-recvauth(netfd, peersin, valid_checksum)
-     int netfd;
-     struct sockaddr *peersin;
-     int *valid_checksum;
-{
-    krb5_auth_context auth_context = NULL;
-    krb5_error_code status;
-    struct sockaddr_in laddr;
-    socklen_t len;
-    krb5_data inbuf;
-    krb5_authenticator *authenticator;
-    krb5_ticket        *ticket;
-    krb5_rcache		rcache;
-    struct passwd *pwd;
-    uid_t uid;
-    gid_t gid;
-    enum kcmd_proto kcmd_proto;
-    krb5_data version;
-
-    *valid_checksum = 0;
-    len = sizeof(laddr);
-    if (getsockname(netfd, (struct sockaddr *)&laddr, &len)) {
-	    exit(1);
-    }
-
-#ifdef unicos61
-#define SIZEOF_INADDR  SIZEOF_in_addr
-#else
-#define SIZEOF_INADDR sizeof(struct in_addr)
-#endif
-
-    status = krb5_auth_con_init(bsd_context, &auth_context);
-    if (status)
-	return status;
-
-    status = krb5_auth_con_genaddrs(bsd_context, auth_context, netfd,
-			        KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
-    if (status)
-	return status;
-
-    status = krb5_auth_con_getrcache(bsd_context, auth_context, &rcache);
-    if (status) return status;
-
-    if (! rcache) {
-	krb5_principal server;
-
-	status = krb5_sname_to_principal(bsd_context, 0, 0,
-					 KRB5_NT_SRV_HST, &server);
-	if (status) return status;
-
-	status = krb5_get_server_rcache(bsd_context,
-				krb5_princ_component(bsd_context, server, 0),
-				&rcache);
-	krb5_free_principal(bsd_context, server);
-	if (status) return status;
-
-	status = krb5_auth_con_setrcache(bsd_context, auth_context, rcache);
-	if (status) return status;
-    }
-
-    status = krb5_recvauth_version(bsd_context, &auth_context, &netfd,
-				   NULL,        /* daemon principal */
-				   0,           /* no flags */
-				   keytab,      /* normally NULL to use v5srvtab */
-				   &ticket,    /* return ticket */
-				   &version); /* application version string */
-    if (status) {
-	/*
-	 * clean up before exiting
-	 */
-	getstr(netfd, locuser, sizeof(locuser), "locuser");
-	getstr(netfd, cmdbuf, sizeof(cmdbuf), "command");
-	getstr(netfd, remuser, sizeof(locuser), "remuser");
-	return status;
-    }
-
-    getstr(netfd, locuser, sizeof(locuser), "locuser");
-    getstr(netfd, cmdbuf, sizeof(cmdbuf), "command");
-
-    /* Must be V5  */
-
-    kcmd_proto = KCMD_UNKNOWN_PROTOCOL;
-    if (version.length != 9)
-	fatal (netfd, "bad application version length");
-    if (!memcmp (version.data, "KCMDV0.1", 9))
-	kcmd_proto = KCMD_OLD_PROTOCOL;
-    if (!memcmp (version.data, "KCMDV0.2", 9))
-	kcmd_proto = KCMD_NEW_PROTOCOL;
-
-    getstr(netfd, remuser, sizeof(locuser), "remuser");
-
-    if ((status = krb5_unparse_name(bsd_context, ticket->enc_part2->client,
-				    &kremuser)))
-	return status;
-
-    if ((status = krb5_copy_principal(bsd_context, ticket->enc_part2->client,
-				      &client)))
-	return status;
-    if ((status = krb5_auth_con_getauthenticator(bsd_context, auth_context,
-						 &authenticator)))
-      return status;
-
-    if (authenticator->checksum && !checksum_ignored) {
-	struct sockaddr_storage adr;
-	unsigned int adr_length = sizeof(adr);
-	int e;
-	char namebuf[32];
-	krb5_boolean valid = 0;
-	krb5_data chksumbuf;
-
-	chksumbuf.data = NULL;
-	if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0)
-	    goto error_cleanup;
-
-	e = getnameinfo((struct sockaddr *)&adr, adr_length, 0, 0,
-			namebuf, sizeof(namebuf), NI_NUMERICSERV);
-	if (e)
-	    fatal(netfd, "local error: can't examine port number");
-	if (asprintf(&chksumbuf.data, "%s:%s%s", namebuf, cmdbuf, locuser) < 0)
-	    goto error_cleanup;
-
-	chksumbuf.length = strlen(chksumbuf.data);
-	status = krb5_c_verify_checksum(bsd_context,
-					ticket->enc_part2->session,
-					KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-					&chksumbuf, authenticator->checksum,
-					&valid);
-	if (status == 0 && !valid) status = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-    error_cleanup:
-	if (chksumbuf.data)
-	    free(chksumbuf.data);
-	if (status) {
-	    krb5_free_authenticator(bsd_context, authenticator);
-	    return status;
-	}
-	*valid_checksum = 1;
-    }
-    krb5_free_authenticator(bsd_context, authenticator);
-
-
-    if (!strncmp(cmdbuf, "-x ", 3))
-	do_encrypt = 1;
-
-    {
-	krb5_keyblock *key;
-	status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context,
-					      &key);
-	if (status)
-	    fatal (netfd, "Server can't get session subkey");
-	if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL)
-	    fatal (netfd, "No session subkey sent");
-	if (key && kcmd_proto == KCMD_OLD_PROTOCOL) {
-#ifdef HEIMDAL_FRIENDLY
-	    key = 0;
-#else
-	    fatal (netfd, "Session subkey not allowed in old kcmd protocol");
-#endif
-	}
-	if (key == 0)
-	    key = ticket->enc_part2->session;
-	rcmd_stream_init_krb5 (key, do_encrypt, 0, 0, kcmd_proto);
-    }
-
-    /* Null out the "session" because kcmd.c references the session
-     * key here, and we do not want krb5_free_ticket() to destroy it. */
-    ticket->enc_part2->session = 0;
-
-    if ((status = krb5_read_message(bsd_context, (krb5_pointer)&netfd,
-				    &inbuf))) {
-	error("Error reading message: %s\n", error_message(status));
-	exit(1);
-    }
-
-    if (inbuf.length) { /* Forwarding being done, read creds */
-	pwd = getpwnam(locuser);
-	if (!pwd) {
-	    error("Login incorrect.\n");
-	    exit(1);
-	}
-	uid = pwd->pw_uid;
-	gid = pwd->pw_gid;
-	if ((status = rd_and_store_for_creds(bsd_context, auth_context, &inbuf,
-					     ticket, &ccache))) {
-	    error("Can't get forwarded credentials: %s\n",
-		  error_message(status));
-	    exit(1);
-	}
-	if (chown(krb5_cc_get_name(bsd_context, ccache), uid, gid) == -1) {
-	    error("Can't chown forwarded credentials: %s\n",
-		  error_message(errno));
-	    exit(1);
-	}
-    }
-    krb5_free_ticket(bsd_context, ticket);
-    return 0;
-}
-#endif /* KERBEROS */
-
-
-
-void fatal(f, msg)
-     int f;
-     const char *msg;
-{
-    char buf[512];
-#ifndef POSIX_TERMIOS
-    int out = 1 ;          /* Output queue of f */
-#endif
-
-    buf[0] = '\01';             /* error indicator */
-    (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n",progname, msg);
-    if ((f == netf) && (pid > 0))
-      (void) rcmd_stream_write(f, buf, strlen(buf), 0);
-    else
-      (void) write(f, buf, strlen(buf));
-    syslog(LOG_ERR,"%s\n",msg);
-    if (pid > 0) {
-        signal(SIGCHLD,SIG_IGN);
-        kill(pid,SIGKILL);
-#ifdef POSIX_TERMIOS
-        (void) tcflush(1, TCOFLUSH);
-#else
-        (void) ioctl(f, TIOCFLUSH, (char *)&out);
-#endif
-        cleanup(-1);
-    }
-    exit(1);
-}
-
-static int
-accept_a_connection (int debug_port, struct sockaddr *from,
-		     socklen_t *fromlenp)
-{
-    int n, s, fd, s4 = -1, s6 = -1, on = 1;
-    fd_set sockets;
-
-    FD_ZERO(&sockets);
-
-#ifdef KRB5_USE_INET6
-    {
-	struct sockaddr_in6 sock_in6;
-
-	if ((s = socket(AF_INET6, SOCK_STREAM, PF_UNSPEC)) < 0) {
-	    if ((errno == EPROTONOSUPPORT) || (errno == EAFNOSUPPORT))
-		goto skip_ipv6;
-	    fprintf(stderr, "Error in socket(INET6): %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	memset(&sock_in6, 0,sizeof(sock_in6));
-	sock_in6.sin6_family = AF_INET6;
-	sock_in6.sin6_port = htons(debug_port);
-	sock_in6.sin6_addr = in6addr_any;
-
-	(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-			  (char *)&on, sizeof(on));
-
-	if ((bind(s, (struct sockaddr *) &sock_in6, sizeof(sock_in6))) < 0) {
-	    fprintf(stderr, "Error in bind(INET6): %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	if ((listen(s, 5)) < 0) {
-	    fprintf(stderr, "Error in listen(INET6): %s\n", strerror(errno));
-	    exit(2);
-	}
-	s6 = s;
-	FD_SET(s, &sockets);
-    skip_ipv6:
-	;
-    }
-#endif
-
-    {
-	struct sockaddr_in sock_in;
-
-	if ((s = socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) < 0) {
-	    fprintf(stderr, "Error in socket: %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	memset(&sock_in, 0,sizeof(sock_in));
-	sock_in.sin_family = AF_INET;
-	sock_in.sin_port = htons(debug_port);
-	sock_in.sin_addr.s_addr = INADDR_ANY;
-
-	(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-			  (char *)&on, sizeof(on));
-
-	if ((bind(s, (struct sockaddr *) &sock_in, sizeof(sock_in))) < 0) {
-	    if (s6 >= 0 && errno == EADDRINUSE)
-		goto try_ipv6_only;
-	    fprintf(stderr, "Error in bind: %s\n", strerror(errno));
-	    exit(2);
-	}
-
-	if ((listen(s, 5)) < 0) {
-	    fprintf(stderr, "Error in listen: %s\n", strerror(errno));
-	    exit(2);
-	}
-	s4 = s;
-	FD_SET(s, &sockets);
-    try_ipv6_only:
-	;
-    }
-    if (s4 == -1 && s6 == -1) {
-	fprintf(stderr, "No valid sockets established, exiting\n");
-	exit(2);
-    }
-    n = select(((s4 < s6) ? s6 : s4) + 1, &sockets, 0, 0, 0);
-    if (n < 0) {
-	fprintf(stderr, "select error: %s\n", strerror(errno));
-	exit(2);
-    } else if (n == 0) {
-	fprintf(stderr, "internal error? select returns 0\n");
-	exit(2);
-    }
-    if (s6 != -1 && FD_ISSET(s6, &sockets)) {
-	if (s4 != -1)
-	    close(s4);
-	s = s6;
-    } else if (FD_ISSET(s4, &sockets)) {
-	if (s6 != -1)
-	    close(s6);
-	s = s4;
-    } else {
-	fprintf(stderr,
-		"internal error? select returns positive, "
-		"but neither fd available\n");
-	exit(2);
-    }
-
-    if ((fd = accept(s, from, fromlenp)) < 0) {
-	fprintf(stderr, "Error in accept: %s\n", strerror(errno));
-	exit(2);
-    }
-
-    close(s);
-    return fd;
-}
diff --git a/src/appl/bsd/kshd.M b/src/appl/bsd/kshd.M
deleted file mode 100644
index b6d5039..0000000
--- a/src/appl/bsd/kshd.M
+++ /dev/null
@@ -1,211 +0,0 @@
-.\" Copyright (c) 1983 Regents of the University of California.
-.\" All rights reserved.  The Berkeley software License Agreement
-.\" specifies the terms and conditions for redistribution.
-.\"
-.\"	@(#)rshd.8	6.3 (Berkeley) 5/24/86
-.\"
-.TH KRSHD 8
-.SH NAME
-kshd \- kerberized remote shell server
-.SH SYNOPSIS
-.B /usr/local/sbin/kshd 
-[
-.B \-kr45ec
-]
-[\fB\-D\fP \fIport\fP]
-[\fB\-L\fP \fIvariable\fP]
-.SH DESCRIPTION
-.I Krshd
-is the server for the 
-.IR rcmd (3)
-routine and, consequently, for the
-.IR rsh (1)
-program.  The server provides remote execution facilities
-with authentication based on privileged port numbers from trusted hosts or 
-the Kerberos authentication system.
-.PP
-The
-.I kshd
-server is invoked by \fIinetd(8c)\fP when it receives a connection
-on the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
-configuration line for \fIkrshd\fP might be:
-
-kshell	stream	tcp	nowait	root	/usr/local/sbin/kshd	kshd -5c
-
-When a service request is received, the following protocol is initiated:
-
-.IP 1) 
-Authentication is checked
-.IP 2)
-Check authorization via the access-control files \fI.k5login\fP and
-\fI.klogin\fP in the user's home directory.
-.IP 3)
-A null byte is returned on the initial socket
-and the command line is passed to the normal login
-shell of the user.  The
-shell inherits the network connections established
-by
-.IR krshd .
-
-\fIKrshd\fP can be configured  by command-line arguments passed
-by \fIinetd(8)\fP.
- The options are:
-
-.IP \fB\-5\fP 10
-Allow Kerberos5 authentication with the \fI.k5login\fP access control file
-to be trusted.  If this authentication system is used by the client and
-the authorization check is passed, then the user is allowed to log in.  If
-the user has no \fI.k5login\fP file, the login will be authorized if the
-results of krb5_aname_to_localname conversion matches the account name.
-Unless special rules are configured, this will be true if and only if the
-Kerberos principal of the connecting user is in the default local realm
-and the principal portion matches the account name.
-
-.IP \fB\-4\fP 
-Allow Kerberos4 authentication with the \fI.klogin\fP access control file
-to be trusted.  If this authentication system is used by the client and the
-authorization check is passed, then the user is allowed to log in.
-
-.IP \fB\-k\fP 
-Allow Kerberos5 and Kerberos4 as acceptable authentication
-mechanisms.  This is the same as including \fB\-4\fP and \fB\-5\fP.
-
-.IP \fB\-e\fP
-Require the client to encrypt the connection.  Only Kerberos5 clients
-support encryption.
-
-.IP \fB\-L\ variable\fP
-Carry through the current value of the specified variable into the
-environment of the child.  This option can be used to preserve up to
-four variables.
-
-
-.IP \fB\-c\fP 
-Require Kerberos5 clients to present a cryptographic
-checksum of initial connection information like the name of the user
-that the client is trying to access in the initial authenticator.
-This checksum provides additionl security by preventing an attacker
-from changing the initial connection information.  To benefit from
-this security, only Kerberos5 should be trusted; Kerberos4 and rhosts
-authentication do not include this checksum.  If this option is
-specified, older Kerberos5 clients that do not send a checksum in the
-authenticator will not be able to authenticate to this server.  This
-option is mutually exclusive with the \fB-i\fP option.
-
-	If neither the \fB-c\fP or \fB-i\fP options are specified,then
-checksums are validated if presented.  Since it is difficult to remove
-a checksum from an authenticator without making the authenticator
-invalid, this default mode is almost as significant of a security
-improvement as \fB-c\fP if new clients are used.  It has the additional
-advantage of backwards compatability with some clients.
-Unfortunately, clients before Kerberos V5, Beta5, generate invalid
-checksums; if these clients are used, the \fB-i\fP option must be
-used.
-
-.IP \fB\-i\fP 
-Ignore authenticator checksums if provided.  This option
-ignore authenticator checksusm presented by current Kerberos clients
-to protect initial connection information; it is the opposite of
-\fB-c\fP.  This option is provided because some older
-clients--particularly clients predating the release of Kerberos V5
-Beta5 (May 1995)--present bogus checksums that prevent Kerberos
-authentication from succeeding in the default mode.
-
-
-.PP
-\fIKrshd\fP supports six options which may be used for testing:
-
-.IP \fB\-S\ keytab\fP 10
-Set the \fIkeytab\fP file to use.
-
-.IP \fB\-M\ realm\fP
-Set the Kerberos realm to use.
-
-.IP \fB\-A\fP
-Don't allocate a reserved port for the stderr connection.
-
-.IP \fB\-P\ path\fP
-Use the argument to find the Kerberos binaries.  Normally a compiled
-in argument is used.
-
-.IP \fB\-D\ port\fP
-Run in standalone mode, listening on \fBport\fP.  The daemon will exit
-after one connection and will not background itself.
-
-.TP
-\fB\-w \fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]
-Controls the form of the remote hostname passed to login(1).
-Specifying \fBip\fP results in the numeric IP address always being
-passed to login(1).  Specifying a number, \fImaxhostlen\fP, sets the
-maximum length of the hostname passed to login(1) before it will be
-passed as a numeric IP address.  If \fImaxhostlen\fP is 0, then the
-system default, as determined by the utmp or utmpx structures, is
-used.  The \fBnostriplocal\fP and \fBstriplocal\fP options, which must
-be preceded by a comma, control whether or not the local host domain
-is stripped from the remote hostname.  By default, the equivalent of
-\fBstriplocal\fP is in effect.
-
-.SH DIAGNOSTICS
-Except for the last one listed below,
-all diagnostic messages
-are returned on the initial socket,
-after which any network connections are closed.
-An error is indicated by a leading byte with a value of
-1 (0 is returned in step 3 above upon successful completion
-of all the steps prior to the execution of the login shell).
-.PP
-.B ``locuser too long''
-.br
-The name of the user on the client's machine is
-longer than 16 characters.
-.PP
-.B ``remuser too long''
-.br
-The name of the user on the remote machine is
-longer than 16 characters.
-.PP
-.B ``command too long ''
-.br
-The command line passed exceeds the size of the argument
-list (as configured into the system).
-.PP
-.B ``Login incorrect.''
-.br
-No password file entry for the user name existed.
-.PP
-.B ``No remote directory.''
-.br
-The 
-.I chdir
-command to the home directory failed.
-.PP
-.B ``Permission denied.''
-.br
-The authentication procedure described above failed.
-.PP
-.B ``Can't make pipe.''
-.br
-The pipe needed for the 
-.BR stderr ,
-wasn't created.
-.PP
-.B ``Try again.''
-.br
-A
-.I fork
-by the server failed.
-.PP
-.B ``<shellname>: ...''
-.br
-The user's login shell could not be started.  This message is returned
-on the connection associated with the
-.BR stderr ,
-and is not preceded by a flag byte.
-.SH SEE ALSO
-rshd(8), rsh(1),
-rcmd(3)
-.SH BUGS
-A facility to allow all data exchanges to be encrypted should be
-present.
-.PP
-A more extensible protocol should be used.
diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M
deleted file mode 100644
index 3a1b05b..0000000
--- a/src/appl/bsd/login.M
+++ /dev/null
@@ -1,77 +0,0 @@
-.\"	login.1
-.\"
-.TH LOGIN 8
-.SH NAME
-login.krb5 \- kerberos enhanced login program
-.SH SYNOPSIS
-.B login.krb5
-[\fB\-p\fP] [\fB\-fFe\fP \fIusername\fP] 
-[\fB\-r | \-k | \-K | \-h \fP\fIhostname\fP]
-.SH DESCRIPTION
-.I login.krb5
-is a modification of the BSD login program which is used for two
-functions.  It is the sub-process used by krlogind and telnetd to
-initiate a user session and it is a replacement for the command-line
-login program which, when invoked with a password, acquires Kerberos
-tickets for the user.
-.PP
-.I login.krb5 
-will prompt for a username, or take one on the command line, as
-.I login.krb5 username
-and will then prompt for a password. This password will be used to
-acquire Kerberos Version 5 tickets (if possible.) It will also attempt
-to run
-.I aklog
-to get \fIAFS\fP tokens for the user. The version 5 tickets will be
-tested against a local 
-.I krb5.keytab
-if it is available, in order to verify the tickets, before letting the
-user in. However, if the password matches the entry in
-\fI/etc/passwd\fP the user will be unconditionally allowed (permitting
-use of the machine in case of network failure.)
-.SH OPTIONS
-.TP
-\fB\-p\fP
-preserve the current environment
-.TP
-\fB\-r\fP \fIhostname\fP
-pass hostname to rlogind.  Must be the last argument.
-.TP
-\fB\-h\fP \fIhostname\fP
-pass hostname to telnetd, etc.  Must be the last argument.
-.TP
-\fB\-f\fP \fIname\fP
-Perform pre-authenticated login, e.g., datakit, xterm, etc.; 
-allows preauthenticated login as root.
-.TP
-\fB\-F\fP \fIname\fP
-Perform pre-authenticated login, e.g., datakit, xterm, etc.; allows
-preauthenticated login as root.
-.TP
-\fB\-e\fP \fIname\fP
-Perform pre-authenticated, encrypted login.  Must do term negotiation.
-.SH CONFIGURATION
-.I login.krb5
-is also configured via 
-.I krb5.conf
-using the
-.I login
-stanza. A collection of options dealing with initial authentication are
-provided:
-.IP krb5_get_tickets
-Use password to get V5 tickets. Default value true.
-.IP krb_run_aklog
-Attempt to run aklog. Default value false.
-.IP aklog_path
-Where to find it [not yet implemented.] Default value 
-.I $(prefix)/bin/aklog.
-.IP accept_passwd
-Don't accept plaintext passwords [not yet implemented]. Default value false.
-
-.SH DIAGNOSTICS
-All diagnostic messages are returned on the connection or tty
-associated with
-.BR stderr.
-.PP
-.SH SEE ALSO
-rlogind(8), rlogin(1), telnetd(8)
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
deleted file mode 100644
index fc6198c..0000000
--- a/src/appl/bsd/login.c
+++ /dev/null
@@ -1,1930 +0,0 @@
-/*
- *	appl/bsd/login.c
- */
-
-/*
- * Copyright (c) 1980, 1987, 1988 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-char copyright[] =
-"@(#) Copyright (c) 1980, 1987, 1988 The Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)login.c	5.25 (Berkeley) 1/6/89 */
-
-/* The configuration, with defaults as listed, is of the form:
-   [login]
-   # login stanza
-   krb5_get_tickets = 1
-   # use password to get v5 tickets
-   krb_run_aklog = 0
-   # attempt to run aklog
-   aklog_path = $(prefix)/bin/aklog
-   # where to find it [not yet implemented]
-   accept_passwd = 0
-   # don't accept plaintext passwords [not yet implemented]
-*/
-#define KRB5_GET_TICKETS
-int login_krb5_get_tickets = 1;
-
-#define KRB_RUN_AKLOG
-int login_krb_run_aklog = 0;
-
-int login_accept_passwd = 0;
-
-/*
- * login [ name ]
- * login -r hostname	(for rlogind)
- * login -h hostname	(for telnetd, etc.)
- * login -f name	(for pre-authenticated login: datakit, xterm, etc.,
- *			 does allow preauthenticated login as root)
- * login -F name	(for pre-authenticated login: datakit, xterm, etc.,
- *			 allows preauthenticated login as root)
- * login -e name	(for pre-authenticated encrypted, must do term
- *			 negotiation)
- *
- * only one of: -r -f -e -k -K -F
- * only one of: -r -h -k -K
- */
-
-#include <libpty.h>
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <sys/types.h>
-#include <sys/param.h>
-#ifdef OQUOTA
-#include <sys/quota.h>
-#endif
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <sys/file.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
-
-#include <utmp.h>
-#include <signal.h>
-
-#include <assert.h>
-
-#ifdef HAVE_LASTLOG_H
-#include <lastlog.h>
-#endif
-
-#ifdef linux
-/* linux has V* but not C* in headers. Perhaps we shouldn't be
- * initializing these values anyway -- tcgetattr *should* give
- * them reasonable defaults... */
-#define NO_INIT_CC
-#endif
-
-#include <errno.h>
-#ifdef HAVE_TTYENT_H
-#include <ttyent.h>
-#endif
-#include <syslog.h>
-#include <stdio.h>
-#include <grp.h>
-#include <pwd.h>
-#include <string.h>
-
-#include <setjmp.h>
-#ifndef POSIX_SETJMP
-#undef sigjmp_buf
-#undef sigsetjmp
-#undef siglongjmp
-#define sigjmp_buf	jmp_buf
-#define sigsetjmp(j,s)	setjmp(j)
-#define siglongjmp	longjmp
-#endif
-
-#ifdef POSIX_SIGNALS
-typedef struct sigaction handler;
-#define handler_init(H,F)		(sigemptyset(&(H).sa_mask), \
-					 (H).sa_flags=0, \
-					 (H).sa_handler=(F))
-#define handler_swap(S,NEW,OLD)		sigaction(S, &NEW, &OLD)
-#define handler_set(S,OLD)		sigaction(S, &OLD, NULL)
-#else
-typedef sigtype (*handler)();
-#define handler_init(H,F)		((H) = (F))
-#define handler_swap(S,NEW,OLD)		((OLD) = signal ((S), (NEW)))
-#define handler_set(S,OLD)		(signal ((S), (OLD)))
-#endif
-
-
-#ifdef HAVE_SHADOW
-#include <shadow.h>
-#endif
-
-#ifdef KRB5_GET_TICKETS
-/* #include "krb5.h" */
-/* need k5-int.h to get ->profile from krb5_context */
-#include "k5-int.h"
-#include "com_err.h"
-#include "osconf.h"
-#endif /* KRB5_GET_TICKETS */
-
-#ifndef __STDC__
-#ifndef volatile
-#define volatile
-#endif
-#endif
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#include "loginpaths.h"
-
-#ifdef POSIX_TERMIOS
-#include <termios.h>
-#ifndef CNUL
-#define CNUL (char) 0
-#endif
-
-#endif
-
-#ifdef _IBMR2
-#include <usersec.h>
-#include <sys/id.h>
-#endif
-
-#if defined(_AIX)
-#define PRIO_OFFSET 20
-#else
-#define PRIO_OFFSET 0
-#endif
-
-#if !defined(TAB3)
-#define TAB3 0
-#endif
-
-#define	TTYGRPNAME	"tty"		/* name of group to own ttys */
-
-#if defined(_PATH_MAILDIR)
-#define MAILDIR		_PATH_MAILDIR
-#else
-#define MAILDIR		"/usr/spool/mail"
-#endif
-#if defined(_PATH_NOLOGIN)
-#define NOLOGIN		_PATH_NOLOGIN
-#else
-#define NOLOGIN		"/etc/nologin"
-#endif
-#if defined(_PATH_LASTLOG)
-#define LASTLOG		_PATH_LASTLOG
-#else
-#define LASTLOG		"/usr/adm/lastlog"
-#endif
-#if defined(_PATH_BSHELL)
-#define BSHELL		_PATH_BSHELL
-#else
-#define BSHELL		"/bin/sh"
-#endif
-
-#if (defined(BSD) && (BSD >= 199103))	/* no /usr/ucb */
-#define QUOTAWARN	"/usr/bin/quota"
-#endif
-
-#define	MOTDFILE	"/etc/motd"
-#define	HUSHLOGIN	".hushlogin"
-
-#if !defined(OQUOTA) && !defined(QUOTAWARN)
-#define QUOTAWARN	"/usr/ucb/quota" /* warn user about quotas */
-#endif
-
-#ifndef NO_UT_HOST
-#ifndef UT_HOSTSIZE
-/* linux defines it directly in <utmp.h> */
-#define	UT_HOSTSIZE	sizeof(((struct utmp *)0)->ut_host)
-#endif /* UT_HOSTSIZE */
-#endif
-#ifndef UT_NAMESIZE
-/* linux defines it directly in <utmp.h> */
-#define	UT_NAMESIZE	sizeof(((struct utmp *)0)->ut_name)
-#endif
-
-#ifndef HAVE_SETPRIORITY
-/* if we don't have it, punt it cleanly */
-#define setpriority(which,who,prio)
-#endif /* HAVE_SETPRIORITY */
-
-#define MAXENVIRON	32
-
-#ifdef NEED_SETENV
-extern int setenv(char *, char *, int);
-#endif
-
-/*
- * This bounds the time given to login.  Not a define so it can
- * be patched on machines where it's too small.
- */
-int	timeout = 300;
-
-#if 0
-char term[64], *hostname, *username;
-#else
-char term[64], *username;
-#endif
-
-
-
-#ifdef KRB5_GET_TICKETS
-#define MAXPWSIZE	128		/* Biggest string accepted for KRB5
-					   passsword */
-#endif
-
-#if defined(__SVR4) || defined(sgi)
-#define NO_MOTD
-#define NO_MAILCHECK
-#endif
-
-char *getenv();
-void dofork(void);
-
-char *stypeof(char *);
-void term_init(int);
-int doremotelogin(char *), do_krb_login(char *, int), rootterm(char *);
-void lgetstr(char *, int, char *), getloginname(void), checknologin(void);
-void dolastlog(char *, int, char *), motd(void), check_mail(void);
-void sleepexit(int);
-
-#ifndef HAVE_STRSAVE
-char * strsave(char *);
-#endif
-
-typedef krb5_sigtype sigtype;
-
-sigtype timedout(int);
-
-
-#ifndef HAVE_INITGROUPS
-static int initgroups(char* name, gid_t basegid) {
-    gid_t others[NGROUPS_MAX+1];
-    int ngrps;
-
-    others[0] = basegid;
-    ngrps = getgroups(NGROUPS_MAX, others+1);
-    return setgroups(ngrps+1, others);
-}
-#endif
-
-static struct login_confs {
-    char *flagname;
-    int *flag;
-} login_conf_set[] = {
-#ifdef KRB5_GET_TICKETS
-    {"krb5_get_tickets", &login_krb5_get_tickets},
-    {"krb_run_aklog", &login_krb_run_aklog},
-#endif
-};
-
-static char *conf_yes[] = {
-    "y", "yes", "true", "t", "1", "on",
-    0
-};
-
-static char *conf_no[] = {
-    "n", "no", "false", "nil", "0", "off",
-    0
-};
-
-/* 1 = true, 0 = false, -1 = ambiguous */
-static int conf_affirmative(s)
-     char *s;
-{
-    char **p;
-
-    for(p=conf_yes; *p; p++) {
-	if (!strcasecmp(*p,s))
-	    return 1;
-    }
-
-    for(p=conf_no; *p; p++) {
-	if (!strcasecmp(*p,s))
-	    return 0;
-    }
-
-    /* ambiguous */
-    return -1;
-}
-
-#ifdef KRB5_GET_TICKETS
-krb5_data tgtname = {
-    0,
-    KRB5_TGS_NAME_SIZE,
-    KRB5_TGS_NAME
-};
-#endif
-
-/* get flags (listed above) from the profile */
-static void login_get_kconf(k)
-     krb5_context k;
-{
-    int i, max_i;
-    const char* kconf_names[3];
-    char **kconf_val;
-    int retval;
-
-    max_i = sizeof(login_conf_set)/sizeof(struct login_confs);
-    for (i = 0; i<max_i; i++) {
-	kconf_names[0] = "login";
-	kconf_names[1] = login_conf_set[i].flagname;
-	kconf_names[2] = 0;
-	retval = profile_get_values(k->profile,
-				    kconf_names, &kconf_val);
-	if (retval) {
-	    /* ignore most (all?) errors */
-	} else if (kconf_val && *kconf_val) {
-	    switch(conf_affirmative(*kconf_val)) {
-	    case 1:
-		*login_conf_set[i].flag = 1;
-		break;
-	    case 0:
-		*login_conf_set[i].flag = 0;
-		break;
-	    default:
-	    case -1:
-		com_err("login/kconf", 0,
-			"invalid flag value %s for flag %s",
-			*kconf_val, kconf_names[1]);
-		break;
-	    }
-	}
-    }
-}
-
-/* UNIX password support */
-
-struct passwd *pwd;
-static char *salt;
-
-#ifdef HAVE_SHADOW
-struct spwd *spwd;
-#endif
-
-static void lookup_user (name)
-    char *name;
-{
-    pwd = getpwnam (name);
-    salt = pwd ? pwd->pw_passwd : "xx";
-#ifdef HAVE_SHADOW
-    spwd = getspnam (name);
-    if (spwd)
-	salt = spwd->sp_pwdp;
-#endif
-}
-
-static int unix_needs_passwd ()
-{
-#ifdef HAVE_SHADOW
-    if (spwd)
-	return spwd->sp_pwdp[0] != 0;
-#endif
-    if (pwd)
-	return pwd->pw_passwd[0] != 0;
-    return 1;
-}
-
-static int unix_passwd_okay (pass)
-    char *pass;
-{
-    char user_pwcopy[9], *namep;
-    char *crypt ();
-
-    assert (pwd != 0);
-
-    /* copy the first 8 chars of the password for unix crypt */
-    strncpy(user_pwcopy, pass, sizeof(user_pwcopy));
-    user_pwcopy[sizeof(user_pwcopy) - 1]='\0';
-    namep = crypt(user_pwcopy, salt);
-    memset (user_pwcopy, 0, sizeof(user_pwcopy));
-    /* ... and wipe the copy now that we have the string */
-
-    /* verify the local password string */
-#ifdef HAVE_SHADOW
-    if (spwd)
-	return !strcmp(namep, spwd->sp_pwdp);
-#endif
-    return !strcmp (namep, pwd->pw_passwd);
-}
-
-/* Kerberos support */
-#ifdef KRB5_GET_TICKETS
-krb5_context kcontext;
-krb5_ccache ccache;
-krb5_creds my_creds;
-static int got_v5_tickets, forwarded_v5_tickets;
-char ccfile[MAXPATHLEN+6];	/* FILE:path+\0 */
-int krbflag;			/* set if tickets have been obtained */
-#endif /* KRB5_GET_TICKETS */
-
-void k_init (ttyn)
-    char *ttyn;
-{
-#ifdef KRB5_GET_TICKETS
-    krb5_error_code retval;
-
-    retval = krb5_init_secure_context(&kcontext);
-    if (retval) {
-	com_err("login", retval, "while initializing krb5");
-	exit(1);
-    }
-
-    login_get_kconf(kcontext);
-
-    /* Set up the credential cache environment variable */
-    if (!getenv(KRB5_ENV_CCNAME)) {
-	snprintf(ccfile, sizeof(ccfile), "FILE:/tmp/krb5cc_p%ld",
-		 (long) getpid());
-	setenv(KRB5_ENV_CCNAME, ccfile, 1);
-	krb5_cc_set_default_name(kcontext, ccfile);
-	unlink(ccfile+strlen("FILE:"));
-    } else {
-	/* note it correctly */
-	strncpy(ccfile, getenv(KRB5_ENV_CCNAME), sizeof(ccfile));
-	ccfile[sizeof(ccfile) - 1] = '\0';
-    }
-#endif
-
-#ifdef BIND_HACK
-    /* Set name server timeout to be reasonable,
-       so that people don't take 5 minutes to
-       log in.  Can you say abstraction violation? */
-    _res.retrans = 1;
-#endif /* BIND_HACK */
-}
-
-#ifdef KRB5_GET_TICKETS
-static int k5_get_password (user_pwstring, pwsize)
-    char *user_pwstring;
-    unsigned int pwsize;
-{
-    krb5_error_code code;
-    char prompt[255];
-    snprintf(prompt, sizeof(prompt), "Password for %s", username);
-
-    /* reduce opportunities to be swapped out */
-    code = krb5_read_password(kcontext, prompt, 0, user_pwstring, &pwsize);
-    if (code || pwsize == 0) {
-	fprintf(stderr, "Error while reading password for '%s'\n", username);
-	/* reading password failed... */
-	return 0;
-    }
-    if (pwsize == 0) {
-	fprintf(stderr, "No password read\n");
-	/* reading password failed... */
-	return 0;
-    }
-    return 1;
-}
-
-static int try_krb5 (me_p, pass)
-    krb5_principal *me_p;
-    char *pass;
-{
-    krb5_error_code code;
-    krb5_principal me;
-
-    code = krb5_parse_name(kcontext, username, &me);
-    if (code) {
-	com_err ("login", code, "when parsing name %s",username);
-	return 0;
-    }
-
-    *me_p = me;
-
-    code = krb5_get_init_creds_password(kcontext, &my_creds, me, pass,
-					krb5_prompter_posix, NULL,
-					0, NULL, NULL);
-    if (code) {
-	if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
-	    fprintf (stderr,
-		     "%s: Kerberos password incorrect\n",
-		     username);
-	else
-	    com_err ("login", code,
-		     "while getting initial credentials");
-	return 0;
-    }
-
-    krbflag = got_v5_tickets = 1;
-
-    return 1;
-}
-
-static int have_v5_tickets (me)
-    krb5_principal *me;
-{
-    if (krb5_cc_default (kcontext, &ccache))
-	return 0;
-    if (krb5_cc_get_principal (kcontext, ccache, me)) {
-	krb5_cc_close (kcontext, ccache);
-	return 0;
-    }
-    krbflag = 1;
-    return 1;
-}
-#endif /* KRB5_GET_TICKETS */
-
-/* Kerberos ticket-handling routines */
-
-static void destroy_tickets()
-{
-#ifdef KRB5_GET_TICKETS
-    krb5_ccache cache;
-
-    if (login_krb5_get_tickets) {
-	if(!krb5_cc_default(kcontext, &cache))
-	  krb5_cc_destroy (kcontext, cache);
-    }
-#endif
-}
-
-/* AFS support routines */
-#ifdef SETPAG
-
-int pagflag = 0;			/* true if setpag() has been called */
-
-/* This doesn't seem to be declared in the AFS header files.  */
-extern ktc_ForgetAllTokens (), setpag ();
-
-#ifdef SIGSYS
-static sigjmp_buf setpag_buf;
-
-static sigtype sigsys ()
-{
-    siglongjmp(setpag_buf, 1);
-}
-
-static int try_afscall (scall)
-	int (*scall)();
-{
-    handler sa, osa;
-    volatile int retval = 0;
-
-    (void) &retval;
-    handler_init (sa, sigsys);
-    handler_swap (SIGSYS, sa, osa);
-    if (sigsetjmp(setpag_buf, 1) == 0) {
-	(*scall)();
-	retval = 1;
-    }
-    handler_set (SIGSYS, osa);
-    return retval;
-}
-
-#define try_setpag()	try_afscall(setpag)
-#define try_unlog()	try_afscall(ktc_ForgetAllTokens)
-#else
-#define try_setpag()	(setpag() == 0)
-#define try_unlog()	(ktc_ForgetAllTokens() == 0)
-#endif /* SIGSYS */
-#endif /* SETPAG */
-
-static void
-afs_login ()
-{
-#if defined(SETPAG)
-    if (login_krb5_get_tickets && pwd->pw_uid) {
-	/* Only reset the pag for non-root users. */
-	/* This allows root to become anything. */
-	pagflag = try_setpag ();
-    }
-#endif
-#ifdef KRB_RUN_AKLOG
-    if (got_v5_tickets && login_krb_run_aklog) {
-	/* KPROGDIR is $(prefix)/bin */
-	char aklog_path[MAXPATHLEN];
-	struct stat st;
-	/* construct the name */
-	/* get this from profile later */
-	aklog_path[sizeof(aklog_path) - 1] = '\0';
-	strncpy (aklog_path, KPROGDIR, sizeof(aklog_path) - 1);
-	strncat (aklog_path, "/aklog", sizeof(aklog_path) - 1 - strlen(aklog_path));
-	/* only run it if we can find it */
-	if (stat (aklog_path, &st) == 0) {
-	    system(aklog_path);
-	}
-    }
-#endif /* KRB_RUN_AKLOG */
-}
-
-static void
-afs_cleanup ()
-{
-#ifdef SETPAG
-    if (pagflag)
-      try_unlog ();
-#endif
-}
-
-/* Main routines */
-#define EXCL_AUTH_TEST if (rflag || kflag || Kflag || eflag || fflag ) { \
-    fprintf(stderr, \
-	    "login: only one of -r, -k, -K, -e, -F, and -f allowed.\n"); \
-    exit(1); \
-}
-
-#define EXCL_HOST_TEST if (rflag || kflag || Kflag || hflag) { \
-    fprintf(stderr, \
-	    "login: only one of -r, -k, -K, and -h allowed.\n"); \
-    exit(1); \
-}
-
-#if defined(HAVE_ETC_ENVIRONMENT) || defined(HAVE_ETC_TIMEZONE)
-static void
-read_env_vars_from_file (filename)
-    char *filename;
-{
-    FILE *fp;
-    char *p, *eq;
-    char tbuf[MAXPATHLEN+2];
-
-    if ((fp = fopen(filename, "r")) != NULL) {
-	while (fgets(tbuf, sizeof(tbuf), fp)) {
-	    if (tbuf[0] == '#')
-		continue;
-	    eq = strchr(tbuf, '=');
-	    if (eq == 0)
-		continue;
-	    p = strchr (tbuf, '\n');
-	    if (p)
-		*p = 0;
-	    *eq++ = 0;
-	    /* Don't override, in case -p was used.  */
-	    setenv (tbuf, eq, 0);
-	}
-	fclose(fp);
-    }
-}
-#endif
-
-static void
-log_repeated_failures (tty, hostname)
-    char *tty, *hostname;
-{
-    if (hostname) {
-#ifdef UT_HOSTSIZE
-	syslog(LOG_ERR,
-	       "REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
-	       tty, UT_HOSTSIZE, hostname, UT_NAMESIZE,
-	       username);
-#else
-	syslog(LOG_ERR,
-	       "REPEATED LOGIN FAILURES ON %s FROM %s, %.*s",
-	       tty, hostname, UT_NAMESIZE,
-	       username);
-#endif
-    } else {
-	syslog(LOG_ERR,
-	       "REPEATED LOGIN FAILURES ON %s, %.*s",
-	       tty, UT_NAMESIZE, username);
-    }
-}
-
-int main(argc, argv)
-     int argc;
-     char **argv;
-{
-    extern int optind;
-    extern char *optarg, **environ;
-    struct group *gr;
-    int ch;
-    char *p;
-    int fflag, hflag, pflag, rflag, cnt;
-    int kflag, Kflag, eflag;
-    int quietlog, passwd_req, ioctlval;
-    char *domain, **envinit, *ttyn, *tty;
-    char tbuf[MAXPATHLEN + 2];
-    char *ttyname(), *crypt(), *getpass();
-    time_t login_time;
-    int retval;
-    int rewrite_ccache = 1; /*try to write out ccache*/
-#ifdef KRB5_GET_TICKETS
-    krb5_principal me;
-    krb5_creds save_v5creds;
-    krb5_ccache xtra_creds = NULL;
-#endif
-    char *ccname = 0;   /* name of forwarded cache */
-    char *tz = 0;
-    char *hostname = 0;
-
-    off_t lseek();
-    handler sa;
-
-    handler_init (sa, timedout);
-    handler_set (SIGALRM, sa);
-    (void)alarm((u_int)timeout);
-
-    handler_init (sa, SIG_IGN);
-    handler_set (SIGQUIT, sa);
-    handler_set (SIGINT, sa);
-    setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
-#ifdef OQUOTA
-    (void)quota(Q_SETUID, 0, 0, 0);
-#endif
-
-    /*
-     * -p is used by getty to tell login not to destroy the environment
-     * -r is used by rlogind to cause the autologin protocol;
-     * -f is used to skip a second login authentication
-     * -F is used to skip a second login authentication, allows login as root
-     * -e is used to skip a second login authentication, but allows
-     * 	login as root.
-     * -h is used by other servers to pass the name of the
-     * remote host to login so that it may be placed in utmp and wtmp
-     */
-    (void)gethostname(tbuf, sizeof(tbuf));
-    domain = strchr(tbuf, '.');
-
-    fflag = hflag = pflag = rflag = kflag = Kflag = eflag = 0;
-    passwd_req = 1;
-    while ((ch = getopt(argc, argv, "Ffeh:pr:k:K:")) != -1)
-	switch (ch) {
-	case 'f':
-	    EXCL_AUTH_TEST;
-	    fflag = 1;
-	    break;
-	case 'F':
-	    EXCL_AUTH_TEST;
-	    fflag = 1;
-	    break;
-	case 'h':
-	    EXCL_HOST_TEST;
-	    if (getuid()) {
-		fprintf(stderr,
-			"login: -h for super-user only.\n");
-		exit(1);
-	    }
-	    hflag = 1;
-	    if (domain && (p = strchr(optarg, '.')) && strcmp(p, domain) == 0)
-		*p = 0;
-	    hostname = optarg;
-	    break;
-	case 'p':
-	    pflag = 1;
-	    break;
-	case 'r':
-	    EXCL_AUTH_TEST;
-	    EXCL_HOST_TEST;
-	    if (getuid()) {
-		fprintf(stderr,
-			"login: -r for super-user only.\n");
-		exit(1);
-	    }
-	    /* "-r hostname" must be last args */
-	    if (optind != argc) {
-		fprintf(stderr, "Syntax error.\n");
-		exit(1);
-	    }
-	    rflag = 1;
-	    passwd_req = (doremotelogin(optarg) == -1);
-	    if (domain && (p = strchr(optarg, '.')) && !strcmp(p, domain))
-		*p = '\0';
-	    hostname = optarg;
-	    break;
-	case 'e':
-	    EXCL_AUTH_TEST;
-	    if (getuid()) {
-		fprintf(stderr,
-			"login: -e for super-user only.\n");
-		exit(1);
-	    }
-	    eflag = 1;
-	    passwd_req = 0;
-	    break;
-	case '?':
-	default:
-	    fprintf(stderr, "usage: login [-fp] [username]\n");
-	    exit(1);
-	}
-    argc -= optind;
-    argv += optind;
-    /* Throw away too-long names, they can't be usernames.  */
-    if (*argv) {
-	if (strlen (*argv) <= UT_NAMESIZE)
-	    username = *argv;
-	else
-	    fprintf (stderr, "login name '%s' too long\n", *argv);
-    }
-
-#if !defined(POSIX_TERMIOS) && defined(TIOCLSET)
-    ioctlval = 0;
-    /* Only do this we we're not using POSIX_TERMIOS */
-    (void)ioctl(0, TIOCLSET, (char *)&ioctlval);
-#endif
-
-#ifdef TIOCNXCL
-    (void)ioctl(0, TIOCNXCL, (char *)0);
-#endif
-
-    ioctlval = fcntl(0, F_GETFL);
-#ifdef O_NONBLOCK
-    ioctlval &= ~O_NONBLOCK;
-#endif
-#ifdef O_NDELAY
-    ioctlval &= ~O_NDELAY;
-#endif
-    (void)fcntl(0, F_SETFL, ioctlval);
-
-	/*
-	 * If talking to an rlogin process, propagate the terminal type and
-	 * baud rate across the network.
-	 */
-    if (eflag) {
-	lgetstr(term, sizeof(term), "Terminal type");
-    } else if (!(kflag || Kflag)) {/* Preserve terminal if not read over net */
-	if (getenv("TERM")) {
-	    strncpy(term, getenv("TERM"), sizeof(term));
-	    term[sizeof(term) - 1] = '\0';
-	}
-    }
-
-    term_init (rflag || kflag || Kflag || eflag);
-
-    for (cnt = getdtablesize(); cnt > 2; cnt--)
-	(void) close(cnt);
-
-    ttyn = ttyname(0);
-    if (ttyn == NULL || *ttyn == '\0')
-	ttyn = "/dev/tty??";
-
-    /* This allows for tty names of the form /dev/pts/4 as well */
-    if ((tty = strchr(ttyn, '/')) && (tty = strchr(tty+1, '/')))
-	++tty;
-    else
-	tty = ttyn;
-
-#ifndef LOG_ODELAY /* 4.2 syslog ... */
-    openlog("login", 0);
-#else
-    openlog("login", LOG_ODELAY, LOG_AUTH);
-#endif /* 4.2 syslog */
-
-/******* begin askpw *******/
-    /* overall:
-       ask for username if we don't have it already
-       look it up in local pw or shadow file (to get crypt string)
-       ask for password
-       try and get v5 tickets with it
-       try and use the tickets against the local srvtab
-       if the password matches, always let them in
-       if the ticket decrypts, let them in.
-    */
-
-    k_init (ttyn);
-
-    for (cnt = 0;; username = NULL) {
-#ifdef KRB5_GET_TICKETS
-	int kpass_ok, lpass_ok;
-	char user_pwstring[MAXPWSIZE];
-#endif /* KRB5_GET_TICKETS */
-
-	if (username == NULL) {
-	    fflag = 0;
-	    getloginname();
-	}
-
-	lookup_user(username);	/* sets pwd */
-
-	/* if user not super-user, check for disabled logins */
-	if (pwd == NULL || pwd->pw_uid)
-	    checknologin();
-
-	/*
-	 * Allows automatic login by root.
-	 * If not invoked by root, disallow if the uid's differ.
-	 */
-
-	if (fflag && pwd) {
-	    int uid = (int) getuid();
-	    passwd_req = (uid && uid != pwd->pw_uid);
-	}
-
-	/*
-	 * If no remote login authentication and a password exists
-	 * for this user, prompt for one and verify it.
-	 */
-	if (!passwd_req)
-	    break;
-
-	if (!unix_needs_passwd())
-	    break;
-
-#ifdef KRB5_GET_TICKETS
-	if (login_krb5_get_tickets) {
-	    /* rename these to something more verbose */
-	    kpass_ok = 0;
-	    lpass_ok = 0;
-
-	    setpriority(PRIO_PROCESS, 0, -4 + PRIO_OFFSET);
-	    if (! k5_get_password(user_pwstring, sizeof (user_pwstring))) {
-		goto bad_login;
-	    }
-
-	    /* now that we have the password, we've obscured things
-	       sufficiently, and can avoid trying tickets */
-	    if (!pwd)
-		goto bad_login;
-
-	    lpass_ok = unix_passwd_okay(user_pwstring);
-
-	    if (pwd->pw_uid != 0) { /* Don't get tickets for root */
-		try_krb5(&me, user_pwstring);
-
-		krbflag = got_v5_tickets;
-		memset (user_pwstring, 0, sizeof(user_pwstring));
-		/* password wiped, so we can relax */
-		setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
-	    } else {
-		memset(user_pwstring, 0, sizeof(user_pwstring));
-		setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
-	    }
-
-	    /* Policy: If local password is good, user is good.
-	       We really can't trust the Kerberos password,
-	       because somebody on the net could spoof the
-	       Kerberos server (not easy, but possible).
-	       Some sites might want to use it anyways, in
-	       which case they should change this line
-	       to:
-	       if (kpass_ok)
-	    */
-
-	    if (lpass_ok)
-		break;
-
-	    if (got_v5_tickets) {
-		retval = krb5_verify_init_creds(kcontext, &my_creds, NULL,
-						NULL, &xtra_creds,
-						NULL);
-		if (retval) {
-		    com_err("login", retval, "while verifying initial ticket");
-#ifndef SYSLOG42
-		    syslog(LOG_NOTICE|LOG_AUTH,
-			   "can't verify v5 ticket: %s\n",
-			   error_message(retval));
-#endif
-		} else {
-		    break;	/* we're ok */
-		}
-	    }
-
-	bad_login:
-	    setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
-
-	    if (krbflag)
-		destroy_tickets(); /* clean up tickets if login fails */
-	}
-#endif /* KRB5_GET_TICKETS */
-
-#ifdef OLD_PASSWD
-	p = getpass ("Password:");
-	/* conventional password only */
-	if (unix_passwd_okay (p))
-	    break;
-#endif /* OLD_PASSWD */
-	printf("Login incorrect\n");
-	if (++cnt >= 5) {
-	    log_repeated_failures (tty, hostname);
-	    /* irix has no tichpcl */
-#ifdef TIOCHPCL
-	    (void)ioctl(0, TIOCHPCL, (char *)0);
-#endif
-	    sleepexit(1);
-	}
-    } /* end of password retry loop */
-
-    /* committed to login -- turn off timeout */
-    (void) alarm((u_int) 0);
-
-    /*
-     * If valid so far and root is logging in, see if root logins on
-     * this terminal are permitted.
-     *
-     * We allow authenticated remote root logins (except -r style)
-     */
-
-    if (pwd->pw_uid == 0 && !rootterm(tty) && (passwd_req || rflag)) {
-	if (hostname) {
-#ifdef UT_HOSTSIZE
-	    syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s FROM %.*s",
-		   tty, UT_HOSTSIZE, hostname);
-#else
-	    syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s FROM %s",
-		   tty, hostname);
-#endif
-	} else {
-	    syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s", tty);
-	}
-	printf("Login incorrect\n");
-	sleepexit(1);
-    }
-
-#ifdef OQUOTA
-    if (quota(Q_SETUID, pwd->pw_uid, 0, 0) < 0 && errno != EINVAL) {
-	switch(errno) {
-	case EUSERS:
-	    fprintf(stderr,
-		    "Too many users logged on already.\nTry again later.\n");
-	    break;
-	case EPROCLIM:
-	    fprintf(stderr,
-		    "You have too many processes running.\n");
-	    break;
-	default:
-	    perror("quota (Q_SETUID)");
-	}
-	sleepexit(0);
-    }
-#endif
-
-    if (chdir(pwd->pw_dir) < 0) {
-	printf("No directory %s!\n", pwd->pw_dir);
-	if (chdir("/"))
-	    exit(0);
-	pwd->pw_dir = "/";
-	printf("Logging in with home = \"/\".\n");
-    }
-
-    /* nothing else left to fail -- really log in */
-    {
-	struct utmp utmp;
-
-	login_time = time(&utmp.ut_time);
-	if ((retval = pty_update_utmp(PTY_USER_PROCESS, getpid(), username,
-				      ttyn, hostname,
-				      PTY_TTYSLOT_USABLE)) < 0)
-	    com_err (argv[0], retval, "while updating utmp");
-    }
-
-    quietlog = access(HUSHLOGIN, F_OK) == 0;
-    dolastlog(hostname, quietlog, tty);
-
-    (void)chown(ttyn, pwd->pw_uid,
-		(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
-
-    (void)chmod(ttyn, 0620);
-
-#ifdef KRB5_GET_TICKETS
-    /* Maybe telnetd got tickets for us?  */
-    if (!got_v5_tickets && have_v5_tickets (&me))
-	forwarded_v5_tickets = 1;
-#endif /* KRB5_GET_TICKETS */
-
-#ifdef KRB5_GET_TICKETS
-    if (login_krb5_get_tickets)
-	dofork();
-#endif
-
-/* If the user's shell does not do job control we should put it in a
-   different process group than than us, and set the tty process group
-   to match, otherwise stray signals may be delivered to login.krb5 or
-   telnetd or rlogind if they don't properly detach from their
-   controlling tty, which is the case (under SunOS at least.) */
-
-    {
-	int pid = getpid();
-	struct sigaction sa2, osa;
-
-	/* this will set the PGID to the PID. */
-#ifdef HAVE_SETPGID
-	if (setpgid(pid,pid) < 0)
-	    perror("login.krb5: setpgid");
-#elif defined(SETPGRP_TWOARG)
-	if (setpgrp(pid,pid) < 0)
-	    perror("login.krb5: setpgrp");
-#else
-	if (setpgrp() < 0)
-	    perror("login.krb5: setpgrp");
-#endif
-
-	/* This will cause SIGTTOU to be ignored for the duration
-	   of the TIOCSPGRP.  If this is not done, and the parent's
-	   process group is the foreground pgrp of the tty, then
-	   this will suspend the child, which is bad. */
-
-	sa2.sa_flags = 0;
-	sa2.sa_handler = SIG_IGN;
-	sigemptyset(&(sa2.sa_mask));
-
-	if (sigaction(SIGTTOU, &sa2, &osa))
-	    perror("login.krb5: sigaction(SIGTTOU, SIG_IGN)");
-
-	/* This will set the foreground process group of the
-	   controlling terminal to this process group (containing
-	   only this process). */
-#ifdef HAVE_TCSETPGRP
-	if (tcsetpgrp(0, pid) < 0)
-	    perror("login.krb5: tcsetpgrp");
-#else
-	if (ioctl(0, TIOCSPGRP, &pid) < 0)
-	    perror("login.krb5: tiocspgrp");
-#endif
-
-	/* This will reset the SIGTTOU handler */
-
-	if (sigaction(SIGTTOU, &osa, NULL))
-	    perror("login.krb5: sigaction(SIGTTOU, [old handler])");
-    }
-
-    (void) setgid((gid_t) pwd->pw_gid);
-    (void) initgroups(username, pwd->pw_gid);
-
-    /*
-     * The V5 ccache is created as root.  It needs to be owned by the
-     * user, and chown (a) assumes they are stored in a file and (b)
-     * allows a race condition in which a user can delete the file (if
-     * the directory sticky bit is not set) and make it a symlink to
-     * somewhere else; on some platforms, chown() on a symlink
-     * actually changes the owner of the pointed-to file.  This is
-     * Bad.
-     *
-     * So, we suck the V5 krbtgt into memory here, destroy the
-     * ccache/ticket file, and recreate them later after the setuid.
-     *
-     * With the new v5 api, v5 tickets are kept in memory until written
-     * out after the setuid.  However, forwarded tickets still
-     * need to be read in and recreated later
-     */
-#ifdef KRB5_GET_TICKETS
-    if (forwarded_v5_tickets) {
-	krb5_creds mcreds;
-
-	memset(&mcreds, 0, sizeof(mcreds));
-	memset(&save_v5creds, 0, sizeof(save_v5creds));
-
-	mcreds.client = me;
-	retval =
-	    krb5_build_principal_ext(kcontext, &mcreds.server,
-				     krb5_princ_realm(kcontext, me)->length,
-				     krb5_princ_realm(kcontext, me)->data,
-				     tgtname.length, tgtname.data,
-				     krb5_princ_realm(kcontext, me)->length,
-				     krb5_princ_realm(kcontext, me)->data,
-				     0);
-	if (retval) {
-	    syslog(LOG_ERR,
-		   "%s while creating V5 krbtgt principal",
-		   error_message(retval));
-	    rewrite_ccache = 0;
-	} else {
-	    mcreds.ticket_flags = 0;
-
-	    retval = krb5_cc_retrieve_cred(kcontext, ccache, 0,
-					   &mcreds, &save_v5creds);
-	    if (retval) {
-		syslog(LOG_ERR,
-		       "%s while retrieiving V5 initial ticket for copy",
-		       error_message(retval));
-		rewrite_ccache = 0;
-	    }
-	}
-
-	krb5_free_principal(kcontext, mcreds.server);
-    }
-#endif /* KRB5_GET_TICKETS */
-
-#ifdef KRB5_GET_TICKETS
-    if (forwarded_v5_tickets)
-	destroy_tickets();
-#endif
-
-#ifdef OQUOTA
-    quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
-#endif
-#ifdef HAVE_SETLOGIN
-    if (setlogin(pwd->pw_name) < 0)
-	syslog(LOG_ERR, "setlogin() failure %d",errno);
-#endif
-
-#ifdef	HAVE_SETLUID
-  	/*
-  	 * If we're on a system which keeps track of login uids, then
- 	 * set the login uid. If this fails this opens up a problem on DEC OSF
- 	 * with C2 enabled.
-	 */
- 	if (setluid((uid_t) pwd->pw_uid) < 0) {
-	    perror("setuid");
-	    sleepexit(1);
-	}
-#endif	/* HAVE_SETLUID */
-#ifdef _IBMR2
-    if (setuidx(ID_LOGIN, pwd->pw_uid) < 0) {
-	perror("setuidx");
-	sleepexit(1);
-    };
-#endif
-
-    /* This call MUST succeed */
-    if (setuid((uid_t) pwd->pw_uid) < 0) {
-	perror("setuid");
-	sleepexit(1);
-    }
-
-    /*
-     * We are the user now.  Re-create the destroyed ccache and
-     * ticket file.
-     */
-
-#ifdef KRB5_GET_TICKETS
-    if (got_v5_tickets) {
-	/* set up credential cache -- obeying KRB5_ENV_CCNAME
-	   set earlier */
-	/* (KRB5_ENV_CCNAME == "KRB5CCNAME" via osconf.h) */
-	if ((retval = krb5_cc_default(kcontext, &ccache))) {
-	    com_err(argv[0], retval, "while getting default ccache");
-	} else if ((retval = krb5_cc_initialize(kcontext, ccache, me))) {
-	    com_err(argv[0], retval, "when initializing cache");
-	} else if ((retval = krb5_cc_store_cred(kcontext, ccache,
-						&my_creds))) {
-	    com_err(argv[0], retval, "while storing credentials");
-	} else if (xtra_creds &&
-		   (retval = krb5_cc_copy_creds(kcontext, xtra_creds,
-						ccache))) {
-	    com_err(argv[0], retval, "while storing credentials");
-	}
-
-	if (xtra_creds)
-	    krb5_cc_destroy(kcontext, xtra_creds);
-    } else if (forwarded_v5_tickets && rewrite_ccache) {
-	if ((retval = krb5_cc_initialize (kcontext, ccache, me))) {
-	    syslog(LOG_ERR,
-		   "%s while re-initializing V5 ccache as user",
-		   error_message(retval));
-	} else if ((retval = krb5_cc_store_cred(kcontext, ccache,
-						&save_v5creds))) {
-	    syslog(LOG_ERR,
-		   "%s while re-storing V5 credentials as user",
-		   error_message(retval));
-
-	}
-	krb5_free_cred_contents(kcontext, &save_v5creds);
-    }
-#endif /* KRB5_GET_TICKETS */
-
-    if (*pwd->pw_shell == '\0')
-	pwd->pw_shell = BSHELL;
-
-#if defined(NTTYDISC) && defined(TIOCSETD)
-    /* turn on new line discipline for all shells */
-    ioctlval = NTTYDISC;
-    (void)ioctl(0, TIOCSETD, (char *)&ioctlval);
-#endif
-
-    ccname = getenv("KRB5CCNAME");  /* save cache */
-    tz = getenv("TZ");	/* and time zone */
-
-    /* destroy environment unless user has requested preservation */
-    if (!pflag) {
-	envinit = (char **) malloc(MAXENVIRON * sizeof(char *));
-	if (envinit == 0) {
-	    fprintf(stderr, "Can't malloc empty environment.\n");
-	    sleepexit(1);
-	}
-	envinit[0] = NULL;
-	environ = envinit;
-    }
-
-    setenv ("LOGNAME", pwd->pw_name, 1);
-    setenv ("LOGIN", pwd->pw_name, 1);
-
-    /* read the /etc/environment file on AIX */
-#ifdef HAVE_ETC_ENVIRONMENT
-    read_env_vars_from_file ("/etc/environment");
-#endif
-
-    /* Set login timezone for date information (sgi PDG) */
-#ifdef HAVE_ETC_TIMEZONE
-    read_env_vars_from_file ("/etc/TIMEZONE");
-#else
-    if (tz)
-	setenv ("TZ", tz, 1);
-#endif
-
-    if (ccname)
-	setenv("KRB5CCNAME", ccname, 1);
-
-    setenv("HOME", pwd->pw_dir, 1);
-    setenv("PATH", LPATH, 0);
-    setenv("USER", pwd->pw_name, 1);
-    setenv("SHELL", pwd->pw_shell, 1);
-
-    if (term[0] == '\0') {
-	(void) strncpy(term, stypeof(tty), sizeof(term));
-	term[sizeof(term) - 1] = '\0';
-    }
-    if (term[0])
-	(void)setenv("TERM", term, 0);
-
-#ifdef KRB5_GET_TICKETS
-    /* ccfile[0] is only set if we got tickets above */
-    if (login_krb5_get_tickets && ccfile[0]) {
-	(void) setenv(KRB5_ENV_CCNAME, ccfile, 1);
-	krb5_cc_set_default_name(kcontext, ccfile);
-    }
-#endif /* KRB5_GET_TICKETS */
-
-    if (tty[sizeof("tty")-1] == 'd')
-	syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name);
-    if (pwd->pw_uid == 0)
-	    {
-		if (hostname) {
-#ifdef UT_HOSTSIZE
-		    syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
-			   tty, UT_HOSTSIZE, hostname);
-#else
-		    syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %s",
-			   tty, hostname);
-#endif
-		} else {
-		    syslog(LOG_NOTICE, "ROOT LOGIN %s", tty);
-		}
-	    }
-
-    afs_login();
-
-    if (!quietlog) {
-	motd();
-	check_mail();
-    }
-
-#ifndef OQUOTA
-    if (! access( QUOTAWARN, X_OK))
-	(void) system(QUOTAWARN);
-#endif
-
-    handler_init (sa, SIG_DFL);
-    handler_set (SIGALRM, sa);
-    handler_set (SIGQUIT, sa);
-    handler_set (SIGINT, sa);
-    handler_init (sa, SIG_IGN);
-    handler_set (SIGTSTP, sa);
-
-    tbuf[0] = '-';
-    p = strrchr(pwd->pw_shell, '/');
-    (void) strncpy(tbuf+1, p?(p+1):pwd->pw_shell, sizeof(tbuf) - 1);
-    tbuf[sizeof(tbuf) - 1] = '\0';
-
-    execlp(pwd->pw_shell, tbuf, (char *)NULL);
-    fprintf(stderr, "login: no shell: ");
-    perror(pwd->pw_shell);
-    exit(0);
-}
-
-char *speeds[] = {
-	"0", "50", "75", "110", "134", "150", "200", "300", "600",
-	"1200", "1800", "2400", "4800", "9600", "19200", "38400",
-};
-#define	NSPEEDS	(sizeof(speeds) / sizeof(speeds[0]))
-
-#ifdef POSIX_TERMIOS
-/* this must be in sync with the list above */
-speed_t b_speeds[] = {
-	B0, B50, B75, B110, B134, B150, B200, B300, B600,
-	B1200, B1800, B2400, B4800, B9600, B19200, B38400,
-};
-#endif
-
-void
-term_init (do_rlogin)
-int do_rlogin;
-{
-    int line_speed = -1;
-
-    if (do_rlogin) {
-	register char *cp = strchr(term, '/'), **cpp;
-	char *speed;
-
-	if (cp) {
-	    *cp++ = '\0';
-	    speed = cp;
-	    cp = strchr(speed, '/');
-	    if (cp)
-		*cp++ = '\0';
-	    for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
-		if (strcmp(*cpp, speed) == 0) {
-		    line_speed = cpp-speeds;
-		    break;
-		}
-	}
-    }
-#ifdef POSIX_TERMIOS
-    {
-	struct termios tc;
-
-	(void)tcgetattr(0, &tc);
-	if (line_speed != -1) {
-	    cfsetispeed(&tc, b_speeds[line_speed]);
-	    cfsetospeed(&tc, b_speeds[line_speed]);
-	}
-	tc.c_cc[VMIN] = 1;
-	tc.c_cc[VTIME] = 0;
-#ifndef NO_INIT_CC
-	tc.c_cc[VERASE] = CERASE;
-	tc.c_cc[VKILL] = CKILL;
-	tc.c_cc[VEOF] = CEOF;
-	tc.c_cc[VINTR] = CINTR;
-	tc.c_cc[VQUIT] = CQUIT;
-	tc.c_cc[VSTART] = CSTART;
-	tc.c_cc[VSTOP] = CSTOP;
-#ifndef CNUL
-#define CNUL CEOL
-#endif
-	tc.c_cc[VEOL] = CNUL;
-	/* The following are common extensions to POSIX */
-#ifdef VEOL2
-	tc.c_cc[VEOL2] = CNUL;
-#endif
-#ifdef VSUSP
-#if !defined(CSUSP) && defined(CSWTCH)
-#define CSUSP CSWTCH
-#endif
-	tc.c_cc[VSUSP] = CSUSP;
-#endif
-#ifdef VDSUSP
-	tc.c_cc[VDSUSP] = CDSUSP;
-#endif
-#ifdef VLNEXT
-	tc.c_cc[VLNEXT] = CLNEXT;
-#endif
-#ifdef VREPRINT
-	tc.c_cc[VREPRINT] = CRPRNT;
-#endif
-#ifdef VDISCRD
-	tc.c_cc[VDISCRD] = CFLUSH;
-#endif
-#ifdef VDISCARD
-#ifndef CDISCARD
-#define CDISCARD CFLUSH
-#endif
-	tc.c_cc[VDISCARD] = CDISCARD;
-#endif
-#ifdef VWERSE
-	tc.c_cc[VWERSE] = CWERASE;
-#endif
-#ifdef VWERASE
-	tc.c_cc[VWERASE] = CWERASE;
-#endif
-#if defined (VSTATUS) && defined (CSTATUS)
-	tc.c_cc[VSTATUS] = CSTATUS;
-#endif /* VSTATUS && CSTATUS */
-#endif /* NO_INIT_CC */
-	/* set all standard echo, edit, and job control options */
-	/* but leave any extensions */
-	tc.c_lflag |= ECHO|ECHOE|ECHOK|ICANON|ISIG|IEXTEN;
-	tc.c_lflag &= ~(NOFLSH|TOSTOP);
-#ifdef ECHOCTL
-	/* Not POSIX, but if we have it, we probably want it */
-	tc.c_lflag |= ECHOCTL;
-#endif
-#ifdef ECHOKE
-	/* Not POSIX, but if we have it, we probably want it */
-	tc.c_lflag |= ECHOKE;
-#endif
-	tc.c_iflag |= ICRNL|BRKINT;
-	tc.c_oflag |= ONLCR|OPOST|TAB3;
-	tcsetattr(0, TCSANOW, &tc);
-    }
-
-#else /* not POSIX_TERMIOS */
-
-    {
-	struct sgttyb sgttyb;
-	static struct tchars tc = {
-	    CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
-	};
-	static struct ltchars ltc = {
-	    CSUSP, CDSUSP, CRPRNT, CFLUSH, CWERASE, CLNEXT
-	};
-
-	(void) ioctl(0, TIOCGETP, (char *)&sgttyb);
-	if (line_speed != -1)
-	    sgttyb.sg_ispeed = sgttyb.sg_ospeed = line_speed;
-	sgttyb.sg_flags = ECHO|CRMOD|ANYP|XTABS;
-	sgttyb.sg_erase = CERASE;
-	sgttyb.sg_kill = CKILL;
-	(void)ioctl(0, TIOCSLTC, (char *)&ltc);
-	(void)ioctl(0, TIOCSETC, (char *)&tc);
-	(void)ioctl(0, TIOCSETP, (char *)&sgttyb);
-#if defined(TIOCSETD)
-	{
-	    int ioctlval;
-	    ioctlval = 0;
-	    (void)ioctl(0, TIOCSETD, (char *)&ioctlval);
-	}
-#endif
-    }
-#endif
-}
-
-void getloginname()
-{
-    register int ch;
-    register char *p;
-    static char nbuf[UT_NAMESIZE + 1];
-
-    for (;;) {
-	printf("login: ");
-	for (p = nbuf; (ch = getchar()) != '\n'; ) {
-	    if (ch == EOF)
-		exit(0);
-	    if (p < nbuf + UT_NAMESIZE)
-		*p++ = ch;
-	}
-	if (p > nbuf) {
-	    if (nbuf[0] == '-')
-		fprintf(stderr,
-			"login names may not start with '-'.\n");
-	    else {
-		*p = '\0';
-		username = nbuf;
-		break;
-	    }
-	}
-    }
-}
-
-sigtype
-timedout(signumber)
-    int signumber;
-{
-    fprintf(stderr, "Login timed out after %d seconds\n", timeout);
-    exit(0);
-}
-
-#ifndef HAVE_TTYENT_H
-int root_tty_security = 1;
-#endif
-
-int rootterm(tty)
-	char *tty;
-{
-#ifndef HAVE_TTYENT_H
-    return(root_tty_security);
-#else
-    struct ttyent *t;
-
-    return((t = getttynam(tty)) && t->ty_status&TTY_SECURE);
-#endif /* HAVE_TTYENT_H */
-}
-
-#ifndef NO_MOTD
-sigjmp_buf motdinterrupt;
-
-static sigtype
-sigint(signum)
-    int signum;
-{
-    siglongjmp(motdinterrupt, 1);
-}
-
-void motd()
-{
-    register int fd, nchars;
-    char tbuf[8192];
-    handler sa, osa;
-
-    if ((fd = open(MOTDFILE, O_RDONLY, 0)) < 0)
-	return;
-    handler_init (sa, sigint);
-    handler_swap (SIGINT, sa, osa);
-    if (sigsetjmp(motdinterrupt, 1) == 0)
-	while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
-	    (void)write(fileno(stdout), tbuf, nchars);
-    handler_set (SIGINT, osa);
-    (void)close(fd);
-}
-#else
-void motd()
-{
-}
-#endif
-
-#ifndef NO_MAILCHECK
-void check_mail()
-{
-    char tbuf[MAXPATHLEN+2];
-    struct stat st;
-    (void)snprintf(tbuf, sizeof(tbuf), "%s/%s", MAILDIR, pwd->pw_name);
-    if (stat(tbuf, &st) == 0 && st.st_size != 0)
-	printf("You have %smail.\n",
-	       (st.st_mtime > st.st_atime) ? "new " : "");
-}
-#else
-void check_mail()
-{
-}
-#endif
-
-void checknologin()
-{
-    register int fd, nchars;
-    char tbuf[8192];
-
-    if ((fd = open(NOLOGIN, O_RDONLY, 0)) >= 0) {
-	while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
-	    (void)write(fileno(stdout), tbuf, (unsigned) nchars);
-	sleepexit(0);
-    }
-}
-
-void dolastlog(hostname, quiet, tty)
-     char *hostname;
-     int quiet;
-     char *tty;
-{
-#if defined(HAVE_LASTLOG_H) || (defined(BSD) && (BSD >= 199103))
-    struct lastlog ll;
-    time_t lltime;
-    int fd;
-
-    if ((fd = open(LASTLOG, O_RDWR, 0)) >= 0) {
-	(void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
-	if (!quiet) {
-	    if ((read(fd, (char *)&ll, sizeof(ll)) == sizeof(ll)) &&
-		(ll.ll_time != 0)) {
-
-		/* .ll_time may not be a time_t.  */
-		lltime = ll.ll_time;
-		printf("Last login: %.*s ", 24-5, (char *)ctime(&lltime));
-
-		if (*ll.ll_host != '\0')
-		    printf("from %.*s\n", (int) sizeof(ll.ll_host),
-			   ll.ll_host);
-		else
-		    printf("on %.*s\n", (int) sizeof(ll.ll_line), ll.ll_line);
-	    }
-	    (void)lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
-	}
-	(void) time(&lltime);
-	ll.ll_time = lltime;
-
-	(void) strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
-	ll.ll_line[sizeof(ll.ll_line) - 1] = '\0';
-
-	if (hostname) {
-	    (void) strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));
-	    ll.ll_host[sizeof(ll.ll_host) - 1] = '\0';
-	} else {
-	    (void) memset(ll.ll_host, 0, sizeof(ll.ll_host));
-	}
-
-	(void)write(fd, (char *)&ll, sizeof(ll));
-	(void)close(fd);
-    }
-#endif
-}
-
-#undef	UNKNOWN
-#ifdef __hpux
-#define UNKNOWN 0
-#else
-#define	UNKNOWN	"su"
-#endif
-
-char *
-stypeof(ttyid)
-     char *ttyid;
-{
-    char *cp = getenv("term");
-
-#ifndef HAVE_TTYENT_H
-    if (cp)
-	return cp;
-    else
-	return(UNKNOWN);
-#else
-    struct ttyent *t;
-    if (cp)
-	return cp;
-    else
-	return(ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
-#endif
-}
-
-int doremotelogin(host)
-     char *host;
-{
-    static char lusername[UT_NAMESIZE+1];
-    char rusername[UT_NAMESIZE+1];
-
-    lgetstr(rusername, sizeof(rusername), "Remote user");
-    lgetstr(lusername, sizeof(lusername), "Local user");
-    lgetstr(term, sizeof(term), "Terminal type");
-    username = lusername;
-    pwd = getpwnam(username);
-    if (pwd == NULL)
-	return(-1);
-    return(ruserok(host, (pwd->pw_uid == 0), rusername, username));
-}
-
-void lgetstr(buf, cnt, err)
-     char *buf, *err;
-     int cnt;
-{
-    int ocnt = cnt;
-    char *obuf = buf;
-    char ch;
-
-    do {
-	if (read(0, &ch, sizeof(ch)) != sizeof(ch))
-	    exit(1);
-	if (--cnt < 0) {
-	    fprintf(stderr,"%s '%.*s' too long, %d characters maximum.\r\n",
-		    err, ocnt, obuf, ocnt-1);
-	    sleepexit(1);
-	}
-	*buf++ = ch;
-    } while (ch);
-}
-
-void sleepexit(eval)
-     int eval;
-{
-    sleep((u_int)5);
-    exit(eval);
-}
-
-#ifdef KRB5_GET_TICKETS
-static int hungup = 0;
-
-static sigtype
-sighup() {
-    hungup = 1;
-}
-
-/* call already conditionalized on login_krb5_get_tickets */
-/*
- * This routine handles cleanup stuff, and the like.
- * It exits only in the child process.
- */
-#include <sys/wait.h>
-void
-dofork()
-{
-    int child,pid;
-    handler sa;
-    int syncpipe[2];
-    char c;
-    int n;
-
-#ifdef _IBMR2
-    update_ref_count(1);
-#endif
-    if (pipe(syncpipe) < 0) {
-	perror("login: dofork: setting up syncpipe");
-	exit(1);
-    }
-    if (!(child=fork())) {
-	close(syncpipe[1]);
-	while ((n = read(syncpipe[0], &c, 1)) < 0) {
-	    if (errno != EINTR) {
-		perror("login: dofork: waiting for sync from parent");
-		exit(1);
-	    }
-	}
-	if (n == 0) {
-	    fprintf(stderr, "login: dofork: unexpected EOF waiting for sync\n");
-	    exit(1);
-	}
-	close(syncpipe[0]);
-	return; /* Child process returns */
-    }
-
-    /* The parent continues here */
-
-    /* On receipt of SIGHUP, pass that along to child's process group. */
-    handler_init (sa, sighup);
-    handler_set (SIGHUP, sa);
-    /* Tell child we're ready. */
-    close(syncpipe[0]);
-    write(syncpipe[1], "", 1);
-    close(syncpipe[1]);
-
-    /* Setup stuff?  This would be things we could do in parallel with login */
-    (void) chdir("/");	/* Let's not keep the fs busy... */
-
-    /* If we're the parent, watch the child until it dies */
-
-    while (1) {
-#ifdef HAVE_WAITPID
-        pid = waitpid(child, 0, 0);
-#elif defined(WAIT_USES_INT)
-        pid = wait((int *)0);
-#else
-        pid = wait((union wait *)0);
-#endif
-
-	if (hungup) {
-#ifdef HAVE_KILLPG
-	    killpg(child, SIGHUP);
-#else
-	    kill(-child, SIGHUP);
-#endif
-	}
-
-	if (pid == child)
-	    break;
-    }
-
-    /* Cleanup stuff */
-    /* Run destroy_tickets to destroy tickets */
-    (void) destroy_tickets();		/* If this fails, we lose quietly */
-    afs_cleanup ();
-#ifdef _IBMR2
-    update_ref_count(-1);
-#endif
-
-    /* Leave */
-    exit(0);
-}
-#endif /* KRB5_GET_TICKETS */
-
-
-#ifndef HAVE_STRSAVE
-/* Strsave was a routine in the version 4 krb library: we put it here
-   for compatablilty with version 5 krb library, since kcmd.o is linked
-   into all programs. */
-
-char *strsave(sp)
-     char *sp;
-{
-    register char *ret;
-
-    if ((ret = strdup(sp)) == NULL) {
-	fprintf(stderr, "no memory for saving args\n");
-	exit(1);
-    }
-    return(ret);
-}
-#endif
-
-#ifdef _IBMR2
-update_ref_count(int adj)
-{
-    struct passwd *save_pwd;
-    static char *empty = "\0";
-    char *grp;
-    int i;
-
-    /* save pwd before calling getuserattr() */
-    save_pwd = (struct passwd *)malloc(sizeof(struct passwd));
-    save_pwd->pw_name = strdup(pwd->pw_name);
-    save_pwd->pw_passwd = strdup(pwd->pw_passwd);
-    save_pwd->pw_uid = pwd->pw_uid;
-    save_pwd->pw_gid = pwd->pw_gid;
-    save_pwd->pw_gecos = strdup(pwd->pw_gecos);
-    save_pwd->pw_dir = strdup(pwd->pw_dir);
-    save_pwd->pw_shell = strdup(pwd->pw_shell);
-    pwd = save_pwd;
-
-    /* Update reference count on all user's temporary groups */
-    setuserdb(S_READ|S_WRITE);
-    if (getuserattr(username, S_GROUPS, (void *)&grp, SEC_LIST) == 0) {
-	while (*grp) {
-	    if (getgroupattr(grp, "athena_temp", (void *)&i, SEC_INT) == 0) {
-		i += adj;
-		if (i > 0) {
-		    putgroupattr(grp, "athena_temp", (void *)i, SEC_INT);
-		    putgroupattr(grp, (char *)0, (void *)0, SEC_COMMIT);
-		} else {
-		    putgroupattr(grp, S_USERS, (void *)empty, SEC_LIST);
-#ifdef HAVE_RMUFILE /* pre-4.3.0 AIX */
-		    putgroupattr(grp, (char *)0, (void *)0, SEC_COMMIT);
-		    rmufile(grp, 0, GROUP_TABLE);
-#else
-		    putgroupattr(grp, (char *)0, (void *)0, SEC_DELETE);
-		    putgroupattr(grp, (char *)0, (void *)0, SEC_COMMIT);
-#endif
-		}
-	    }
-	    while (*grp) grp++;
-	    grp++;
-	}
-    }
-    enduserdb();
-}
-#endif
diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h
deleted file mode 100644
index 8124e1a..0000000
--- a/src/appl/bsd/loginpaths.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/* here are actual path values from each operating system supported. */
-/* LPATH is from rlogin, for login.c; RPATH is from rsh, for rshd.c */
-#ifdef sun
-#ifdef __SVR4
-#define RPATH "/usr/bin"
-#define LPATH "/usr/bin"
-#else
-/* sun3 and sun4 */
-#define LPATH "/usr/ucb:/bin:/usr/bin"
-#define RPATH "/usr/ucb:/bin:/usr/bin"
-#endif
-#endif
-
-#ifdef __ultrix
-#define LPATH "/usr/ucb:/bin:/usr/bin"
-#define RPATH "/usr/ucb:/bin:/usr/bin"
-#endif
-
-#ifdef hpux
-/* hpux 8, both hppa and s300 */
-#define LPATH "/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin"
-#define RPATH "/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin"
-#else
-#ifdef __hpux /* 9.04 */
-#define LPATH_root ":/bin:/usr/bin:/etc"
-#define LPATH "/bin:/usr/bin"
-#define RPATH "/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin"
-#endif
-#endif
-
-#ifdef NeXT
-#define LPATH "/usr/ucb:/bin:/usr/bin:/usr/local/bin"
-#define RPATH "/bin:/usr/ucb:/usr/bin"
-#endif
-
-#ifdef _IBMR2
-/* 3.2.0 */
-#define LPATH "/usr/bin:/usr/ucb:/usr/bin/X11"
-#define RPATH "/usr/bin:/usr/ucb:/usr/bin/X11"
-#endif
-
-#ifdef __SCO__
-#define LPATH "/bin:/usr/bin:/usr/dbin:/usr/ldbin"
-#define RPATH "/bin:/usr/bin:/usr/local/bin"
-#endif
-
-#ifdef sgi
-#define LPATH "/usr/sbin:/usr/bsd:/usr/bin:/bin:/usr/bin/X11"
-#define RPATH "/usr/sbin:/usr/bsd:/usr/bin:/bin:/usr/bin/X11"
-#endif
-
-#ifdef linux
-#define LPATH "/local/bin:/usr/bin:/bin:/usr/local/bin:/usr/bin/X11:."
-#define RPATH "/local/bin:/usr/bin:/bin:/usr/local/bin:/usr/bin/X11:."
-#endif
-
-#ifdef __386BSD__
-#define LPATH "/usr/bin:/bin"
-#define RPATH "/usr/bin:/bin"
-#endif
-
-#ifdef __alpha
-#ifdef __osf__
-#define LPATH "/usr/bin:."
-#define RPATH "/usr/bin:/bin"
-#endif
-#endif
-
-#ifdef __pyrsoft
-#ifdef MIPSEB
-#define RPATH "/bin:/usr/bin"
-#define LPATH "/usr/bin:/usr/ccs/bin:/usr/ucb:."
-#endif
-#endif
-
-#ifdef __DGUX
-#ifdef __m88k__
-#define RPATH "/usr/bin"
-#define LPATH "/usr/bin"
-#endif
-#endif
-
-#ifndef LPATH
-#ifdef __svr4__
-/* taken from unixware, sirius... */
-#define RPATH "/bin:/usr/bin:/usr/X/bin"
-#define LPATH "/usr/bin:/usr/dbin:/usr/dbin"
-#endif
-#endif
-
-#ifndef LPATH
-#ifdef __NetBSD__
-#define LPATH "/usr/bin:/bin"
-#define RPATH "/usr/bin:/bin"
-#endif
-#endif
-
-#ifdef _PATH_DEFPATH
-#undef LPATH
-#define LPATH _PATH_DEFPATH
-#undef RPATH
-#define RPATH _PATH_DEFPATH
-#endif
-
-/* catch-all entries for operating systems we haven't looked up
-   hardcoded paths for */
-#ifndef LPATH
-#define LPATH "/usr/bin:/bin"
-#endif
-
-#ifndef RPATH
-#define RPATH "/usr/bin:/bin"
-#endif
diff --git a/src/appl/bsd/rcp.M b/src/appl/bsd/rcp.M
deleted file mode 100644
index a388e80..0000000
--- a/src/appl/bsd/rcp.M
+++ /dev/null
@@ -1,160 +0,0 @@
-.\" appl/bsd/rcp.M
-.\"
-.\" Copyright (c) 1983 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley.  The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\"	@(#)rcp.1	6.6 (Berkeley) 9/20/88
-.\"
-.TH RCP 1
-.SH NAME
-rcp \- remote file copy
-.SH SYNOPSIS
-.B rcp
-[\fB\-p\fP] [\fB\-x\fP] [\fB\-k\fP \fIrealm\fP ] [\fB-c\fP \fIccachefile\fP] [\fB-C\fP \fIconfigfile\fP] [\fB\-D\fP \fIport\fP]
-[\fB\-N\fP]
-[\fB\-PN | \-PO\fP]
-.I file1 file2
-.sp
-.B rcp
-[\fB\-p\fB] [\fB\-x\fP] [\fP\-k\fP \fIrealm\fP] [\fB\-r\fP] [\fB\-D\fP
-\fIport\fP] [\fB\-N\fP]
-[\fB\-PN | \-PO\fP]
-.I file ... directory
-.sp
-.B rcp
-[\fB\-f | \-t\fP]
-.I ...
-.SH DESCRIPTION
-.B Rcp
-copies files between machines.  Each
-.I file
-or
-.I directory
-argument is either a remote file name of the form ``rhost:path'', or a
-local file name (containing no `:' characters, or a `/' before any
-`:'s).
-.PP
-By default, the mode and owner of
-.I file2
-are preserved if it already existed; otherwise the mode of the source
-file modified by the
-.IR umask (2)
-on the destination host is used.
-.PP
-If
-.I path
-is not a full path name, it is interpreted relative to your login
-directory on
-.IR rhost .
-A 
-.I path
-on a remote host may be quoted (using \e, ", or \(aa) so that the
-metacharacters are interpreted remotely.
-.PP
-.B Rcp
-does not prompt for passwords; it uses Kerberos authentication when
-connecting to
-.IR rhost .
-Each user may have a private authorization list in a file \&.k5login in
-his login directory.  Each line in this file should contain a Kerberos
-principal name of the form
-.IR principal/instance@realm .
-If there is a ~/.k5login file, then access is granted to the account if
-and only if the originater user is authenticated to one of the
-principals named in the ~/.k5login file.  Otherwise, the originating
-user will be granted access to the account if and only if the
-authenticated principal name of the user can be mapped to the local
-account name using the aname -> lname mapping rules (see
-.IR krb5_anadd (8)
-for more details).
-.SH OPTIONS
-.TP
-.B \-p
-attempt to preserve (duplicate) the modification times and modes of the
-source files in the copies, ignoring the
-.IR umask .
-.TP
-\fB\-x\fP
-encrypt all information transferring between hosts.
-.TP
-\fB\-k\fP \fIrealm\fP
-obtain tickets for the remote host in
-.I realm
-instead of the remote host's realm as determined by
-.IR krb_realmofhost (3).
-.TP
-\fB\-c\fP \fIccachefile\fP
-change the default credentials cache file to 
-.I ccachefile
-.TP
-\fB\-C\fP \fIconfigfile\fP
-change the default configuation file to
-.I configfile
-.TP
-.B \-r
-if any of the source files are directories, copy each subtree rooted at
-that name; in this case the destination must be a directory.
-.TP
-\fB-PN\fP
-.TP
-\fB-PO\fP
-Explicitly request new or old version of the Kerberos ``rcmd''
-protocol.  The new protocol avoids many security problems found in the
-old one, but is not interoperable with older servers.  (An
-"input/output error" and a closed connection is the most likely result
-of attempting this combination.)  If neither option is specified, some
-simple heuristics are used to guess which to try.
-.TP
-\fB\-D\fP \fIport\fP
-connect to port
-.I port
-on the remote machine.  
-.TP
-.B \-N
-use a network connection, even when copying files on the local machine
-(used for testing purposes).
-.TP
-.B \-f \-t
-These options are for internal use only.  They tell the
-remotely-running rcp process (started via the Kerberos remote shell
-daemon) which direction files are being sent.  These options should
-not be used by the user.  In particular, \fB-f\fP does \fBnot\fP mean
-that the user's Kerberos ticket should be forwarded!
-.PP
-.B Rcp
-handles third party copies, where neither source nor target files are on
-the current machine.  Hostnames may also take the form ``rname@rhost''
-to use
-.I rname
-rather than the current user name on the remote host.
-.SH FILES
-.TP "\w'~/.k5login\ \ 'u"
-~/.k5login
-(on remote host) - file containing Kerberos principals that are allowed
-access.
-.SH SEE ALSO
-cp(1), ftp(1), rsh(1), rlogin(1), kerberos(3), krb_getrealm(3), kshd(8), rcp(1) 
-[UCB version]
-.SH BUGS
-.B Rcp
-doesn't detect all cases where the target of a copy might be a file in
-cases where only a directory should be legal.
-.PP
-.B Rcp
-is confused by any output generated by commands in a \&.login,
-\&.profile, or \&.cshrc file on the remote host.
-.PP
-Kerberos is only used for the first connection of a third-party copy;
-the second connection uses the standard Berkeley rcp protocol.
diff --git a/src/appl/bsd/rlogin.M b/src/appl/bsd/rlogin.M
deleted file mode 100644
index 5958842..0000000
--- a/src/appl/bsd/rlogin.M
+++ /dev/null
@@ -1,157 +0,0 @@
-.\" appl/bsd/rlogin.M
-.\"
-.\" Copyright (c) 1983 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley.  The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\"	@(#)rlogin.1	6.9 (Berkeley) 9/19/88
-.\" "
-.TH RLOGIN 1
-.SH NAME
-rlogin \- remote login
-.SH SYNOPSIS
-.B rlogin
-.I rhost
-[\fB\-e\fP\fI\|c\fP] [\fB\-8\fP] [\fB\-c\fP] [ \fB\-a\fP] [\fB\-f\fP]
-[\fB\-F\fP] [\fB\-t\fP \fItermtype\fP] [\fB\-n\fP] [\fB\-7\fP]
-[\fB\-PN | \-PO\fP]
-[\fB\-d\fP] [\fB\-k\fP \fIrealm\fP] [\fB\-x\fP] [\fB\-L\fP] [\fB\-l\fP
-\fIusername\fP]
-.PP
-.SH DESCRIPTION
-.I Rlogin
-connects your terminal on the current local host system
-.I lhost
-to the remote host system
-.I rhost.
-.PP
-The version built to use Kerberos authentication is very similar to the
-standard Berkeley rlogin(1), except that instead of the \fIrhosts\fP
-mechanism, it uses Kerberos authentication to determine the
-authorization to use a remote account.
-.PP
-Each user may have a private authorization list in a file \&.k5login in
-his login directory.  Each line in this file should contain a Kerberos
-principal name of the form
-.IR principal/instance@realm .
-If the originating user is authenticated to one of the principals named
-in \&.k5login, access is granted to the account.  If there is no
-/.k5login file, the principal will be granted access to the account
-according to the aname\->lname mapping rules.  (See
-.IR krb5_anadd(8) 
-for more details.)  Otherwise a login and password will be prompted for
-on the remote machine as in
-.IR login (1).
-To avoid some security problems, the \&.k5login file must be owned by
-the remote user.
-.PP
-If there is some problem in marshaling the Kerberos authentication
-information, an error message is printed and the standard UCB rlogin is
-executed in place of the Kerberos rlogin.
-.PP
-A line of the form ``~.'' disconnects from the remote host, where ``~''
-is the escape character.  Similarly, the line ``~^Z'' (where ^Z,
-control-Z, is the suspend character) will suspend the rlogin session.
-Substitution of the delayed-suspend character (normally ^Y) for the
-suspend character suspends the send portion of the rlogin, but allows
-output from the remote system.
-.PP
-The remote terminal type is the same as your local terminal type (as
-given in your environment TERM variable), unless the
-.B \-t
-option is specified (see below).  The terminal or window size is also
-copied to the remote system if the server supports the option, and
-changes in size are reflected as well.
-.PP
-All echoing takes place at the remote site, so that (except for delays)
-the rlogin is transparent.  Flow control via ^S and ^Q and flushing of
-input and output on interrupts are handled properly.
-.SH OPTIONS
-.TP
-.B \-8
-allows an eight-bit input data path at all times; otherwise parity bits
-are stripped except when the remote side's stop and start characters are
-other than ^S/^Q.  Eight-bit mode is the default.
-.TP
-.B \-L
-allows the rlogin session to be run in litout mode.
-.TP
-\fB\-e\fP\fIc\fP
-sets the escape character to
-.IR c .
-There is no space separating this option flag and the new escape
-character.
-.TP
-.B \-c
-require confirmation before disconnecting via ``~.''
-.TP
-.B \-a
-force the remote machine to ask for a password by sending a null local
-username.  This option has no effect unless the standard UCB rlogin is
-executed in place of the Kerberos rlogin (see above).
-.TP
-\fB\-f\fP
-forward a copy of the local credentials to the remote system.
-.TP
-\fB\-F\fP
-forward a
-.I forwardable
-copy of the local credentials to the remote system.
-.TP
-\fB\-t\fP \fItermtype\fP
-replace the terminal type passed to the remote host with
-.IR termtype .
-.TP
-.B \-n
-prevent suspension of rlogin via ``~^Z'' or ``~^Y''.
-.TP
-.B \-7
-force seven-bit transmissions.
-.TP
-.B \-d
-turn on socket debugging (via
-.IR setsockopt (2))
-on the TCP sockets used for communication with the remote host.
-.TP
-.B \-k
-request rlogin to obtain tickets for the remote host in realm
-.I realm
-instead of the remote host's realm as determined by 
-.IR krb_realmofhost (3).
-.TP
-\fB\-x\fP
-turn on DES encryption for data passed via the rlogin session.  This
-applies only to input and output streams, so the username is sent
-unencrypted.  This significantly reduces response time and
-significantly increases CPU utilization.
-.TP
-\fB-PN\fP
-.TP
-\fB-PO\fP
-Explicitly request new or old version of the Kerberos ``rcmd''
-protocol.  The new protocol avoids many security problems found in the
-old one, but is not interoperable with older servers.  (An
-"input/output error" and a closed connection is the most likely result
-of attempting this combination.)  If neither option is specified, some
-simple heuristics are used to guess which to try.
-.SH SEE ALSO
-rsh(1), kerberos(1), krb_sendauth(3), krb_realmofhost(3), rlogin(1) [UCB
-version], klogind(8)
-.SH FILES
-.TP "\w'~/\&.k5login\ \ 'u"
-~/\&.k5login
-(on remote host) - file containing Kerberos principals that are allowed
-access.
-.SH BUGS
-More of the environment should be propagated.
diff --git a/src/appl/bsd/rpaths.h b/src/appl/bsd/rpaths.h
deleted file mode 100644
index b394677..0000000
--- a/src/appl/bsd/rpaths.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/* fallback pathnames */
-
-#ifdef RPROGS_IN_USR_UCB
-#define	UCB_RLOGIN	"/usr/ucb/rlogin"
-#define	UCB_RCP	"/usr/ucb/rcp"
-#define	UCB_RSH	"/usr/ucb/rsh"
-/* all in /usr/ucb/, don't look for /bin/rcp */
-#endif
-
-#ifdef RPROGS_IN_USR_BIN
-#define UCB_RLOGIN "/usr/bin/rlogin"
-#define UCB_RCP "/usr/bin/rcp"
-#define UCB_RSH "/usr/bin/rsh"
-#endif
-
-#ifdef RPROGS_IN_USR_BSD
-#define UCB_RLOGIN "/usr/bsd/rlogin"
-#define UCB_RCP "/usr/bsd/rcp"
-#define UCB_RSH "/usr/bsd/rsh"
-#endif
-
-#ifdef RSH_IS_RCMD
-#undef UCB_RSH
-#define UCB_RSH "/usr/bin/rcmd"
-#endif
-
-#ifdef RSH_IS_REMSH
-#undef UCB_RSH
-#define UCB_RSH "/usr/bin/remsh"
-#endif
diff --git a/src/appl/bsd/rsh.M b/src/appl/bsd/rsh.M
deleted file mode 100644
index ce0ebfb..0000000
--- a/src/appl/bsd/rsh.M
+++ /dev/null
@@ -1,173 +0,0 @@
-.\" appl/bsd/rsh.M
-.\"
-.\" Copyright (c) 1983 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms are permitted
-.\" provided that the above copyright notice and this paragraph are
-.\" duplicated in all such forms and that any documentation,
-.\" advertising materials, and other materials related to such
-.\" distribution and use acknowledge that the software was developed
-.\" by the University of California, Berkeley.  The name of the
-.\" University may not be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-.\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-.\"
-.\"	@(#)rsh.1	6.2 (Berkeley) 9/20/88
-.\" "
-.TH RSH 1
-.SH NAME
-rsh \- remote shell
-.SH SYNOPSIS
-.B rsh
-.I host
-[\fB\-l\fP \fIusername\fP] [\fB\-n\fP] [\fB\-d\fP] [\fB\-k\fP
-\fIrealm\fP] [\fB\-f\fP | \fB\-F\fP] [\fB\-x\fP]
-[\fB\-PN | \-PO\fP]
-.I command
-.SH DESCRIPTION
-.B Rsh
-connects to the specified
-.I host,
-and executes the specified \fIcommand\fR.
-.B Rsh
-copies its standard input to the remote command, the standard output of
-the remote command to its standard output, and the standard error of the
-remote command to its standard error.  This implementation of
-.B rsh
-will accept any port for the standard error stream.  Interrupt, quit and
-terminate signals are propagated to the remote command; \fIrsh\fP
-normally terminates when the remote command does.
-.PP
-Each user may have a private authorization list in a file \&.k5login in
-his login directory.  Each line in this file should contain a Kerberos
-principal name of the form
-.IR principal/instance@realm .
-If there is a ~/.k5login file, then access is granted to the account if
-and only if the originater user is authenticated to one of the
-princiapls named in the ~/.k5login file.  Otherwise, the originating
-user will be granted access to the account if and only if the
-authenticated principal name of the user can be mapped to the local
-account name using the aname -> lname mapping rules (see
-.IR krb5_anadd (8)
-for more details).
-.SH OPTIONS
-.TP
-\fB\-l\fP \fIusername\fP
-sets the remote username to
-.IR username .
-Otherwise, the remote username will be the same as the local username.
-.TP
-\fB\-x\fP
-causes the network session traffic to be encrypted.  This applies only
-to the input and output streams, and not the command line.
-.TP
-\fB\-f\fP
-cause nonforwardable Kerberos credentials to be forwarded to the remote
-machine for use by the specified
-.IR command .
-They will be removed when
-.I command
-finishes.  This option is mutually exclusive with the
-.B \-F
-option.
-.TP
-\fB\-F\fP
-cause
-.I forwardable
-Kerberos credentials to be forwarded to the remote machine for use by
-the specified
-.IR command .
-They will be removed when
-.I command
-finishes.  This option is mutually exclusive with the
-.B \-f
-option.
-.TP
-\fB\-k\fP \fIrealm\fP
-causes 
-.I rsh
-to obtain tickets for the remote host in
-.I realm
-instead of the remote host's realm as determined by
-.IR krb_realmofhost (3).
-.TP
-.B \-d
-turns on socket debugging (via
-.IR setsockopt (2))
-on the TCP sockets used for communication with the remote host.
-.TP
-.B \-n
-redirects input from the special device
-.I /dev/null
-(see the BUGS section below).
-.TP
-\fB-PN\fP
-.TP
-\fB-PO\fP
-Explicitly request new or old version of the Kerberos ``rcmd''
-protocol.  The new protocol avoids many security problems found in the
-old one, but is not interoperable with older servers.  (An
-"input/output error" and a closed connection is the most likely result
-of attempting this combination.)  If neither option is specified, some
-simple heuristics are used to guess which to try.
-.PP
-If you omit
-.IR command ,
-then instead of executing a single command, you will be logged in on the
-remote host using
-.IR rlogin (1).
-.PP
-Shell metacharacters which are not quoted are interpreted on the local
-machine, while quoted metacharacters are interpreted on the remote
-machine.  Thus the command
-.PP
-\ \ \ rsh otherhost cat remotefile >> localfile
-.PP
-appends the remote file
-.I remotefile
-to the local file
-.IR localfile ,
-while
-.PP
-\ \ \ rsh otherhost cat remotefile ">>" otherremotefile
-.PP
-appends
-.I remotefile
-to
-.IR otherremotefile .
-.SH FILES
-.TP "\w'~/.k5login\ \ 'u"
-/etc/hosts
-.sp -1v
-.TP
-~/\&.k5login
-(on remote host) - file containing Kerberos principals that are allowed
-access.
-.SH SEE ALSO
-rlogin(1), kerberos(3), krb_sendauth(3), krb_realmofhost(3), kshd(8)
-.SH BUGS
-If you are using
-.IR csh (1)
-and put a
-.IR rsh (1)
-in the background without redirecting its input away from the terminal,
-it will block even if no reads are posted by the remote command.  If no
-input is desired you should redirect the input of
-.I rsh
-to /dev/null using the
-.B \-n
-option.
-.PP
-You cannot run an interactive command (like
-.IR rogue (6)
-or
-.IR vi (1));
-use
-.IR rlogin (1).
-.PP
-Stop signals stop the local \fIrsh\fP process only; this is arguably
-wrong, but currently hard to fix for reasons too complicated to explain
-here.
diff --git a/src/appl/bsd/setenv.c b/src/appl/bsd/setenv.c
deleted file mode 100644
index 0191d9c..0000000
--- a/src/appl/bsd/setenv.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/* based on @(#)setenv.c	5.2 (Berkeley) 6/27/88 */
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef NEED_SETENV
-extern int setenv(char *, char *, int);
-extern void unsetenv(char *);
-#endif
-
-static char *_findenv(char *, int*);
-/*
- * setenv --
- *	Set the value of the environmental variable "name" to be
- *	"value".  If rewrite is set, replace any current value.
- */
-int
-setenv(name, value, rewrite)
-	register char *name, *value;
-	int rewrite;
-{
-	extern char **environ;
-	static int alloced;			/* if allocated space before */
-	register char *C;
-	int l_value, offset;
-
-	if (*value == '=')			/* no `=' in value */
-		++value;
-	l_value = strlen(value);
-	if ((C = _findenv(name, &offset))) {	/* find if already exists */
-		if (!rewrite)
-			return(0);
-		if (strlen(C) >= l_value) {	/* old larger; copy over */
-			while ((*C++ = *value++));
-			return(0);
-		}
-	}
-	else {					/* create new slot */
-		register int	cnt;
-		register char	**P;
-
-		for (P = environ, cnt = 0; *P; ++P, ++cnt);
-		if (alloced) {			/* just increase size */
-			environ = (char **)realloc((char *)environ,
-			    (u_int)(sizeof(char *) * (cnt + 2)));
-			if (!environ)
-				return(-1);
-		}
-		else {				/* get new space */
-			alloced = 1;		/* copy old entries into it */
-			P = (char **)malloc((u_int)(sizeof(char *) *
-			    (cnt + 2)));
-			if (!P)
-				return(-1);
-			memcpy(P, environ, cnt * sizeof(char *));
-			environ = P;
-		}
-		environ[cnt + 1] = NULL;
-		offset = cnt;
-	}
-	for (C = name; *C && *C != '='; ++C);	/* no `=' in name */
-	if (!(environ[offset] =			/* name + `=' + value */
-	    malloc((u_int)((int)(C - name) + l_value + 2))))
-		return(-1);
-	for (C = environ[offset]; (*C = *name++) &&( *C != '='); ++C);
-	for (*C++ = '='; (*C++ = *value++););
-	return(0);
-}
-
-/*
- * unsetenv(name) --
- *	Delete environmental variable "name".
- */
-void
-unsetenv(name)
-	char	*name;
-{
-	extern	char	**environ;
-	register char	**P;
-	int	offset;
-
-	while (_findenv(name, &offset))		/* if set multiple times */
-		for (P = &environ[offset];; ++P)
-			if (!(*P = *(P + 1)))
-				break;
-}
-/*
- * Copyright (c) 1987 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/* based on @(#)getenv.c	5.5 (Berkeley) 6/27/88 */
-
-#ifndef HAVE_GETENV
-/*
- * getenv --
- *	Returns ptr to value associated with name, if any, else NULL.
- */
-char *
-getenv(name)
-	char *name;
-{
-	int offset;
-
-	return(_findenv(name, &offset));
-}
-#endif
-
-/*
- * _findenv --
- *	Returns pointer to value associated with name, if any, else NULL.
- *	Sets offset to be the offset of the name/value combination in the
- *	environmental array, for use by setenv(3) and unsetenv(3).
- *	Explicitly removes '=' in argument name.
- *
- *	This routine *should* be a static; don't use it.
- */
-static char *
-_findenv(name, offset)
-	register char *name;
-	int *offset;
-{
-	extern char **environ;
-	register unsigned int len;
-	register char **P, *C;
-
-	for (C = name, len = 0; *C && *C != '='; ++C, ++len);
-	for (P = environ; *P; ++P)
-		if (!strncmp(*P, name, len))
-			if (*(C = *P + len) == '=') {
-				*offset = P - environ;
-				return(++C);
-			}
-	return(NULL);
-}
diff --git a/src/appl/gss-sample/Makefile.in b/src/appl/gss-sample/Makefile.in
index e64e487..ab0495a 100644
--- a/src/appl/gss-sample/Makefile.in
+++ b/src/appl/gss-sample/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=appl/gss-sample
 mydir=appl/gss-sample
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DUSE_AUTOCONF_H -DGSSAPI_V2
@@ -13,7 +11,7 @@ OBJS= gss-client.o gss-misc.o gss-server.o
 all-unix:: gss-server gss-client
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##GSSCLIENT=$(OUTPRE)gss-client.exe
 ##WIN32##GSSSERVER=$(OUTPRE)gss-server.exe
diff --git a/src/appl/gss-sample/deps b/src/appl/gss-sample/deps
index 34495ea..d2e1b71 100644
--- a/src/appl/gss-sample/deps
+++ b/src/appl/gss-sample/deps
@@ -9,4 +9,4 @@ $(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   gss-misc.c gss-misc.h
 $(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c
+  $(top_srcdir)/include/port-sockets.h gss-misc.h gss-server.c
diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c
index 3f86168..ad314c2 100644
--- a/src/appl/gss-sample/gss-client.c
+++ b/src/appl/gss-sample/gss-client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -88,8 +89,8 @@ usage()
  *
  * Arguments:
  *
- * 	host		(r) the target host name
- * 	port		(r) the target port, in host byte order
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
  *
  * Returns: the established socket file desciptor, or -1 on failure
  *
@@ -100,17 +101,15 @@ usage()
  * displayed and -1 is returned.
  */
 static int
-connect_to_server(host, port)
-    char   *host;
-    u_short port;
+connect_to_server(char *host, u_short port)
 {
     struct sockaddr_in saddr;
     struct hostent *hp;
     int     s;
 
     if ((hp = gethostbyname(host)) == NULL) {
-	fprintf(stderr, "Unknown host: %s\n", host);
-	return -1;
+        fprintf(stderr, "Unknown host: %s\n", host);
+        return -1;
     }
 
     saddr.sin_family = hp->h_addrtype;
@@ -118,13 +117,13 @@ connect_to_server(host, port)
     saddr.sin_port = htons(port);
 
     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-	perror("creating socket");
-	return -1;
+        perror("creating socket");
+        return -1;
     }
     if (connect(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
-	perror("connecting to server");
-	(void) close(s);
-	return -1;
+        perror("connecting to server");
+        (void) close(s);
+        return -1;
     }
     return s;
 }
@@ -137,14 +136,14 @@ connect_to_server(host, port)
  *
  * Arguments:
  *
- * 	s		    (r) an established TCP connection to the service
- * 	service_name(r) the ASCII service name of the service
- *	gss_flags	(r) GSS-API delegation flag (if any)
- *	auth_flag	(r) whether to actually do authentication
+ *      s                   (r) an established TCP connection to the service
+ *      service_name(r) the ASCII service name of the service
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to actually do authentication
  *  v1_format   (r) whether the v1 sample protocol should be used
- *	oid		    (r) OID of the mechanism to use
- * 	context		(w) the established GSS-API context
- *	ret_flags	(w) the returned flags from init_sec_context
+ *      oid                 (r) OID of the mechanism to use
+ *      context         (w) the established GSS-API context
+ *      ret_flags       (w) the returned flags from init_sec_context
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -161,113 +160,110 @@ connect_to_server(host, port)
  * and -1 is returned.
  */
 static int
-client_establish_context(s, service_name, gss_flags, auth_flag,
-			 v1_format, oid, gss_context, ret_flags)
-    int     s;
-    char   *service_name;
-    gss_OID oid;
-    OM_uint32 gss_flags;
-    int     auth_flag;
-    int     v1_format;
-    gss_ctx_id_t *gss_context;
-    OM_uint32 *ret_flags;
+client_establish_context(int s, char *service_name, OM_uint32 gss_flags,
+                         int auth_flag, int v1_format, gss_OID oid,
+                         gss_ctx_id_t *gss_context, OM_uint32 *ret_flags)
 {
     if (auth_flag) {
-	gss_buffer_desc send_tok, recv_tok, *token_ptr;
-	gss_name_t target_name;
-	OM_uint32 maj_stat, min_stat, init_sec_min_stat;
-	int     token_flags;
-
-	/*
-	 * Import the name into target_name.  Use send_tok to save
-	 * local variable space.
-	 */
-	send_tok.value = service_name;
-	send_tok.length = strlen(service_name);
-	maj_stat = gss_import_name(&min_stat, &send_tok,
-				   (gss_OID) gss_nt_service_name,
-				   &target_name);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("parsing name", maj_stat, min_stat);
-	    return -1;
-	}
-
-	if (!v1_format) {
-	    if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
-		0) {
-		(void) gss_release_name(&min_stat, &target_name);
-		return -1;
-	    }
-	}
-
-	/*
-	 * Perform the context-establishement loop.
-	 *
-	 * On each pass through the loop, token_ptr points to the token
-	 * to send to the server (or GSS_C_NO_BUFFER on the first pass).
-	 * Every generated token is stored in send_tok which is then
-	 * transmitted to the server; every received token is stored in
-	 * recv_tok, which token_ptr is then set to, to be processed by
-	 * the next call to gss_init_sec_context.
-	 *
-	 * GSS-API guarantees that send_tok's length will be non-zero
-	 * if and only if the server is expecting another token from us,
-	 * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
-	 * and only if the server has another token to send us.
-	 */
-
-	token_ptr = GSS_C_NO_BUFFER;
-	*gss_context = GSS_C_NO_CONTEXT;
-
-	do {
-	    maj_stat = gss_init_sec_context(&init_sec_min_stat, GSS_C_NO_CREDENTIAL, gss_context, target_name, oid, gss_flags, 0, NULL,	/* no channel bindings */
-					    token_ptr, NULL,	/* ignore mech type */
-					    &send_tok, ret_flags, NULL);	/* ignore time_rec */
-
-	    if (token_ptr != GSS_C_NO_BUFFER)
-		free(recv_tok.value);
-
-	    if (send_tok.length != 0) {
-		if (verbose)
-		    printf("Sending init_sec_context token (size=%d)...",
-			   (int) send_tok.length);
-		if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
-		    0) {
-		    (void) gss_release_buffer(&min_stat, &send_tok);
-		    (void) gss_release_name(&min_stat, &target_name);
-		    return -1;
-		}
-	    }
-	    (void) gss_release_buffer(&min_stat, &send_tok);
-
-	    if (maj_stat != GSS_S_COMPLETE
-		&& maj_stat != GSS_S_CONTINUE_NEEDED) {
-		display_status("initializing context", maj_stat,
-			       init_sec_min_stat);
-		(void) gss_release_name(&min_stat, &target_name);
-		if (*gss_context != GSS_C_NO_CONTEXT)
-		    gss_delete_sec_context(&min_stat, gss_context,
-					   GSS_C_NO_BUFFER);
-		return -1;
-	    }
-
-	    if (maj_stat == GSS_S_CONTINUE_NEEDED) {
-		if (verbose)
-		    printf("continue needed...");
-		if (recv_token(s, &token_flags, &recv_tok) < 0) {
-		    (void) gss_release_name(&min_stat, &target_name);
-		    return -1;
-		}
-		token_ptr = &recv_tok;
-	    }
-	    if (verbose)
-		printf("\n");
-	} while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
-	(void) gss_release_name(&min_stat, &target_name);
+        gss_buffer_desc send_tok, recv_tok, *token_ptr;
+        gss_name_t target_name;
+        OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+        int token_flags;
+
+        /*
+         * Import the name into target_name.  Use send_tok to save
+         * local variable space.
+         */
+        send_tok.value = service_name;
+        send_tok.length = strlen(service_name);
+        maj_stat = gss_import_name(&min_stat, &send_tok,
+                                   (gss_OID) gss_nt_service_name,
+                                   &target_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("parsing name", maj_stat, min_stat);
+            return -1;
+        }
+
+        if (!v1_format) {
+            if (send_token(s, TOKEN_NOOP | TOKEN_CONTEXT_NEXT, empty_token) <
+                0) {
+                (void) gss_release_name(&min_stat, &target_name);
+                return -1;
+            }
+        }
+
+        /*
+         * Perform the context-establishement loop.
+         *
+         * On each pass through the loop, token_ptr points to the token
+         * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+         * Every generated token is stored in send_tok which is then
+         * transmitted to the server; every received token is stored in
+         * recv_tok, which token_ptr is then set to, to be processed by
+         * the next call to gss_init_sec_context.
+         *
+         * GSS-API guarantees that send_tok's length will be non-zero
+         * if and only if the server is expecting another token from us,
+         * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+         * and only if the server has another token to send us.
+         */
+
+        token_ptr = GSS_C_NO_BUFFER;
+        *gss_context = GSS_C_NO_CONTEXT;
+
+        do {
+            maj_stat = gss_init_sec_context(&init_sec_min_stat,
+                                            GSS_C_NO_CREDENTIAL, gss_context,
+                                            target_name, oid, gss_flags, 0,
+                                            NULL, /* channel bindings */
+                                            token_ptr, NULL, /* mech type */
+                                            &send_tok, ret_flags,
+                                            NULL);  /* time_rec */
+
+            if (token_ptr != GSS_C_NO_BUFFER)
+                free(recv_tok.value);
+
+            if (send_tok.length != 0) {
+                if (verbose)
+                    printf("Sending init_sec_context token (size=%d)...",
+                           (int) send_tok.length);
+                if (send_token(s, v1_format ? 0 : TOKEN_CONTEXT, &send_tok) <
+                    0) {
+                    (void) gss_release_buffer(&min_stat, &send_tok);
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+            }
+            (void) gss_release_buffer(&min_stat, &send_tok);
+
+            if (maj_stat != GSS_S_COMPLETE
+                && maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("initializing context", maj_stat,
+                               init_sec_min_stat);
+                (void) gss_release_name(&min_stat, &target_name);
+                if (*gss_context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, gss_context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+                if (verbose)
+                    printf("continue needed...");
+                if (recv_token(s, &token_flags, &recv_tok) < 0) {
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+                token_ptr = &recv_tok;
+            }
+            if (verbose)
+                printf("\n");
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        (void) gss_release_name(&min_stat, &target_name);
     } else {
-	if (send_token(s, TOKEN_NOOP, empty_token) < 0)
-	    return -1;
+        if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+            return -1;
     }
 
     return 0;
@@ -282,25 +278,25 @@ read_file(file_name, in_buf)
     struct stat stat_buf;
 
     if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
-	perror("open");
-	fprintf(stderr, "Couldn't open file %s\n", file_name);
-	exit(1);
+        perror("open");
+        fprintf(stderr, "Couldn't open file %s\n", file_name);
+        exit(1);
     }
     if (fstat(fd, &stat_buf) < 0) {
-	perror("fstat");
-	exit(1);
+        perror("fstat");
+        exit(1);
     }
     in_buf->length = stat_buf.st_size;
 
     if (in_buf->length == 0) {
-	in_buf->value = NULL;
-	return;
+        in_buf->value = NULL;
+        return;
     }
 
     if ((in_buf->value = malloc(in_buf->length)) == 0) {
-	fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
-		(int) in_buf->length);
-	exit(1);
+        fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
+                (int) in_buf->length);
+        exit(1);
     }
 
     /* this code used to check for incomplete reads, but you can't get
@@ -308,12 +304,12 @@ read_file(file_name, in_buf)
 
     count = read(fd, in_buf->value, in_buf->length);
     if (count < 0) {
-	perror("read");
-	exit(1);
+        perror("read");
+        exit(1);
     }
     if (count < in_buf->length)
-	fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
-		count, (int) in_buf->length);
+        fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
+                count, (int) in_buf->length);
 }
 
 /*
@@ -323,17 +319,17 @@ read_file(file_name, in_buf)
  *
  * Arguments:
  *
- * 	host		(r) the host providing the service
- * 	port		(r) the port to connect to on host
- * 	service_name	(r) the GSS-API service name to authenticate to
- *	gss_flags	(r) GSS-API delegation flag (if any)
- *	auth_flag	(r) whether to do authentication
- *	wrap_flag	(r) whether to do message wrapping at all
- *	encrypt_flag	(r) whether to do encryption while wrapping
- *	mic_flag	(r) whether to request a MIC from the server
- * 	msg		(r) the message to have "signed"
- *	use_file	(r) whether to treat msg as an input file name
- *	mcount		(r) the number of times to send the message
+ *      host            (r) the host providing the service
+ *      port            (r) the port to connect to on host
+ *      service_name    (r) the GSS-API service name to authenticate to
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to do authentication
+ *      wrap_flag       (r) whether to do message wrapping at all
+ *      encrypt_flag    (r) whether to do encryption while wrapping
+ *      mic_flag        (r) whether to request a MIC from the server
+ *      msg             (r) the message to have "signed"
+ *      use_file        (r) whether to treat msg as an input file name
+ *      mcount          (r) the number of times to send the message
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -347,8 +343,8 @@ read_file(file_name, in_buf)
  * otherwise 0 is returned.  */
 static int
 call_server(host, port, oid, service_name, gss_flags, auth_flag,
-	    wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
-	    mcount)
+            wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
+            mcount)
     char   *host;
     u_short port;
     gss_OID oid;
@@ -380,184 +376,184 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag,
 
     /* Open connection */
     if ((s = connect_to_server(host, port)) < 0)
-	return -1;
+        return -1;
 
     /* Establish context */
     if (client_establish_context(s, service_name, gss_flags, auth_flag,
-				 v1_format, oid, &context, &ret_flags) < 0) {
-	(void) close(s);
-	return -1;
+                                 v1_format, oid, &context, &ret_flags) < 0) {
+        (void) close(s);
+        return -1;
     }
 
     if (auth_flag && verbose) {
-	/* display the flags */
-	display_ctx_flags(ret_flags);
-
-	/* Get context information */
-	maj_stat = gss_inquire_context(&min_stat, context,
-				       &src_name, &targ_name, &lifetime,
-				       &mechanism, &context_flags,
-				       &is_local, &is_open);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("inquiring context", maj_stat, min_stat);
-	    return -1;
-	}
-
-	maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("displaying source name", maj_stat, min_stat);
-	    return -1;
-	}
-	maj_stat = gss_display_name(&min_stat, targ_name, &tname,
-				    (gss_OID *) NULL);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("displaying target name", maj_stat, min_stat);
-	    return -1;
-	}
-	printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
-	       (int) sname.length, (char *) sname.value,
-	       (int) tname.length, (char *) tname.value, lifetime,
-	       context_flags,
-	       (is_local) ? "locally initiated" : "remotely initiated",
-	       (is_open) ? "open" : "closed");
-
-	(void) gss_release_name(&min_stat, &src_name);
-	(void) gss_release_name(&min_stat, &targ_name);
-	(void) gss_release_buffer(&min_stat, &sname);
-	(void) gss_release_buffer(&min_stat, &tname);
-
-	maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("converting oid->string", maj_stat, min_stat);
-	    return -1;
-	}
-	printf("Name type of source name is %.*s.\n",
-	       (int) oid_name.length, (char *) oid_name.value);
-	(void) gss_release_buffer(&min_stat, &oid_name);
-
-	/* Now get the names supported by the mechanism */
-	maj_stat = gss_inquire_names_for_mech(&min_stat,
-					      mechanism, &mech_names);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("inquiring mech names", maj_stat, min_stat);
-	    return -1;
-	}
-
-	maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("converting oid->string", maj_stat, min_stat);
-	    return -1;
-	}
-	printf("Mechanism %.*s supports %d names\n",
-	       (int) oid_name.length, (char *) oid_name.value,
-	       (int) mech_names->count);
-	(void) gss_release_buffer(&min_stat, &oid_name);
-
-	for (i = 0; i < mech_names->count; i++) {
-	    maj_stat = gss_oid_to_str(&min_stat,
-				      &mech_names->elements[i], &oid_name);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("converting oid->string", maj_stat, min_stat);
-		return -1;
-	    }
-	    printf("  %d: %.*s\n", (int) i,
-		   (int) oid_name.length, (char *) oid_name.value);
-
-	    (void) gss_release_buffer(&min_stat, &oid_name);
-	}
-	(void) gss_release_oid_set(&min_stat, &mech_names);
+        /* display the flags */
+        display_ctx_flags(ret_flags);
+
+        /* Get context information */
+        maj_stat = gss_inquire_context(&min_stat, context,
+                                       &src_name, &targ_name, &lifetime,
+                                       &mechanism, &context_flags,
+                                       &is_local, &is_open);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring context", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_display_name(&min_stat, src_name, &sname, &name_type);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying source name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+                                    (gss_OID *) NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying target name", maj_stat, min_stat);
+            return -1;
+        }
+        printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+               (int) sname.length, (char *) sname.value,
+               (int) tname.length, (char *) tname.value, lifetime,
+               context_flags,
+               (is_local) ? "locally initiated" : "remotely initiated",
+               (is_open) ? "open" : "closed");
+
+        (void) gss_release_name(&min_stat, &src_name);
+        (void) gss_release_name(&min_stat, &targ_name);
+        (void) gss_release_buffer(&min_stat, &sname);
+        (void) gss_release_buffer(&min_stat, &tname);
+
+        maj_stat = gss_oid_to_str(&min_stat, name_type, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Name type of source name is %.*s.\n",
+               (int) oid_name.length, (char *) oid_name.value);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        /* Now get the names supported by the mechanism */
+        maj_stat = gss_inquire_names_for_mech(&min_stat,
+                                              mechanism, &mech_names);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring mech names", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_oid_to_str(&min_stat, mechanism, &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Mechanism %.*s supports %d names\n",
+               (int) oid_name.length, (char *) oid_name.value,
+               (int) mech_names->count);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        for (i = 0; i < mech_names->count; i++) {
+            maj_stat = gss_oid_to_str(&min_stat,
+                                      &mech_names->elements[i], &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            printf("  %d: %.*s\n", (int) i,
+                   (int) oid_name.length, (char *) oid_name.value);
+
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+        (void) gss_release_oid_set(&min_stat, &mech_names);
     }
 
     if (use_file) {
-	read_file(msg, &in_buf);
+        read_file(msg, &in_buf);
     } else {
-	/* Seal the message */
-	in_buf.value = msg;
-	in_buf.length = strlen(msg);
+        /* Seal the message */
+        in_buf.value = msg;
+        in_buf.length = strlen(msg);
     }
 
     for (i = 0; i < mcount; i++) {
-	if (wrap_flag) {
-	    maj_stat =
-		gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
-			 &in_buf, &state, &out_buf);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("wrapping message", maj_stat, min_stat);
-		(void) close(s);
-		(void) gss_delete_sec_context(&min_stat, &context,
-					      GSS_C_NO_BUFFER);
-		return -1;
-	    } else if (encrypt_flag && !state) {
-		fprintf(stderr, "Warning!  Message not encrypted.\n");
-	    }
-	} else {
-	    out_buf = in_buf;
-	}
-
-	/* Send to server */
-	if (send_token(s, (v1_format ? 0
-			   : (TOKEN_DATA |
-			      (wrap_flag ? TOKEN_WRAPPED : 0) |
-			      (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
-			      (mic_flag ? TOKEN_SEND_MIC : 0))),
-		       &out_buf) < 0) {
-	    (void) close(s);
-	    (void) gss_delete_sec_context(&min_stat, &context,
-					  GSS_C_NO_BUFFER);
-	    return -1;
-	}
-	if (out_buf.value != in_buf.value)
-	    (void) gss_release_buffer(&min_stat, &out_buf);
-
-	/* Read signature block into out_buf */
-	if (recv_token(s, &token_flags, &out_buf) < 0) {
-	    (void) close(s);
-	    (void) gss_delete_sec_context(&min_stat, &context,
-					  GSS_C_NO_BUFFER);
-	    return -1;
-	}
-
-	if (mic_flag) {
-	    /* Verify signature block */
-	    maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
-				      &out_buf, &qop_state);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("verifying signature", maj_stat, min_stat);
-		(void) close(s);
-		(void) gss_delete_sec_context(&min_stat, &context,
-					      GSS_C_NO_BUFFER);
-		return -1;
-	    }
-
-	    if (verbose)
-		printf("Signature verified.\n");
-	} else {
-	    if (verbose)
-		printf("Response received.\n");
-	}
-
-	free(out_buf.value);
+        if (wrap_flag) {
+            maj_stat =
+                gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
+                         &in_buf, &state, &out_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("wrapping message", maj_stat, min_stat);
+                (void) close(s);
+                (void) gss_delete_sec_context(&min_stat, &context,
+                                              GSS_C_NO_BUFFER);
+                return -1;
+            } else if (encrypt_flag && !state) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+        } else {
+            out_buf = in_buf;
+        }
+
+        /* Send to server */
+        if (send_token(s, (v1_format ? 0
+                           : (TOKEN_DATA |
+                              (wrap_flag ? TOKEN_WRAPPED : 0) |
+                              (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+                              (mic_flag ? TOKEN_SEND_MIC : 0))),
+                       &out_buf) < 0) {
+            (void) close(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+        if (out_buf.value != in_buf.value)
+            (void) gss_release_buffer(&min_stat, &out_buf);
+
+        /* Read signature block into out_buf */
+        if (recv_token(s, &token_flags, &out_buf) < 0) {
+            (void) close(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        if (mic_flag) {
+            /* Verify signature block */
+            maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
+                                      &out_buf, &qop_state);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("verifying signature", maj_stat, min_stat);
+                (void) close(s);
+                (void) gss_delete_sec_context(&min_stat, &context,
+                                              GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose)
+                printf("Signature verified.\n");
+        } else {
+            if (verbose)
+                printf("Response received.\n");
+        }
+
+        free(out_buf.value);
     }
 
     if (use_file)
-	free(in_buf.value);
+        free(in_buf.value);
 
     /* Send NOOP */
     if (!v1_format)
-	(void) send_token(s, TOKEN_NOOP, empty_token);
+        (void) send_token(s, TOKEN_NOOP, empty_token);
 
     if (auth_flag) {
-	/* Delete context */
-	maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("deleting context", maj_stat, min_stat);
-	    (void) close(s);
-	    (void) gss_delete_sec_context(&min_stat, &context,
-					  GSS_C_NO_BUFFER);
-	    return -1;
-	}
-
-	(void) gss_release_buffer(&min_stat, &out_buf);
+        /* Delete context */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, &out_buf);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            (void) close(s);
+            (void) gss_delete_sec_context(&min_stat, &context,
+                                          GSS_C_NO_BUFFER);
+            return -1;
+        }
+
+        (void) gss_release_buffer(&min_stat, &out_buf);
     }
 
     (void) close(s);
@@ -573,29 +569,29 @@ parse_oid(char *mechanism, gss_OID * oid)
     size_t i, mechlen = strlen(mechanism);
 
     if (isdigit((int) mechanism[0])) {
-	mechstr = malloc(mechlen + 5);
-	if (!mechstr) {
-	    fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
-	    return;
-	}
-	mechstr[0] = '{';
-	mechstr[1] = ' ';
-	for (i = 0; i < mechlen; i++)
-	  mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i];
-	mechstr[mechlen + 2] = ' ';
-	mechstr[mechlen + 3] = ' ';
-	mechstr[mechlen + 4] = '\0';
-	tok.value = mechstr;
+        mechstr = malloc(mechlen + 5);
+        if (!mechstr) {
+            fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
+            return;
+        }
+        mechstr[0] = '{';
+        mechstr[1] = ' ';
+        for (i = 0; i < mechlen; i++)
+            mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i];
+        mechstr[mechlen + 2] = ' ';
+        mechstr[mechlen + 3] = ' ';
+        mechstr[mechlen + 4] = '\0';
+        tok.value = mechstr;
     } else
-	tok.value = mechanism;
+        tok.value = mechanism;
     tok.length = strlen(tok.value);
     maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("str_to_oid", maj_stat, min_stat);
-	return;
+        display_status("str_to_oid", maj_stat, min_stat);
+        return;
     }
     if (mechstr)
-	free(mechstr);
+        free(mechstr);
 }
 
 static int max_threads = 1;
@@ -623,23 +619,23 @@ BOOL
 WaitAndIncrementThreadCounter(void)
 {
     for (;;) {
-	if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
-	    if (thread_count < max_threads) {
-		thread_count++;
-		ReleaseMutex(hMutex);
-		return TRUE;
-	    } else {
-		ReleaseMutex(hMutex);
-
-		if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
-		    continue;
-		} else {
-		    return FALSE;
-		}
-	    }
-	} else {
-	    return FALSE;
-	}
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+                    continue;
+                } else {
+                    return FALSE;
+                }
+            }
+        } else {
+            return FALSE;
+        }
     }
 }
 
@@ -647,13 +643,13 @@ BOOL
 DecrementAndSignalThreadCounter(void)
 {
     if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
-	if (thread_count == max_threads)
-	    ResetEvent(hEvent);
-	thread_count--;
-	ReleaseMutex(hMutex);
-	return TRUE;
+        if (thread_count == max_threads)
+            ResetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
     } else {
-	return FALSE;
+        return FALSE;
     }
 }
 #endif
@@ -672,13 +668,13 @@ static void
 worker_bee(void *unused)
 {
     if (call_server(server_host, port, oid, service_name,
-		    gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
-		    v1_format, msg, use_file, mcount) < 0)
-	exit(1);
+                    gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag,
+                    v1_format, msg, use_file, mcount) < 0)
+        exit(1);
 
 #ifdef _WIN32
     if (max_threads > 1)
-	DecrementAndSignalThreadCounter();
+        DecrementAndSignalThreadCounter();
 #endif
 }
 
@@ -697,78 +693,78 @@ main(argc, argv)
     argc--;
     argv++;
     while (argc) {
-	if (strcmp(*argv, "-port") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    port = atoi(*argv);
-	} else if (strcmp(*argv, "-mech") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    mechanism = *argv;
-	}
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        } else if (strcmp(*argv, "-mech") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mechanism = *argv;
+        }
 #ifdef _WIN32
-	else if (strcmp(*argv, "-threads") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    max_threads = atoi(*argv);
-	}
+        else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+        }
 #endif
-	else if (strcmp(*argv, "-d") == 0) {
-	    gss_flags |= GSS_C_DELEG_FLAG;
-	} else if (strcmp(*argv, "-seq") == 0) {
-	    gss_flags |= GSS_C_SEQUENCE_FLAG;
-	} else if (strcmp(*argv, "-noreplay") == 0) {
-	    gss_flags &= ~GSS_C_REPLAY_FLAG;
-	} else if (strcmp(*argv, "-nomutual") == 0) {
-	    gss_flags &= ~GSS_C_MUTUAL_FLAG;
-	} else if (strcmp(*argv, "-f") == 0) {
-	    use_file = 1;
-	} else if (strcmp(*argv, "-q") == 0) {
-	    verbose = 0;
-	} else if (strcmp(*argv, "-ccount") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    ccount = atoi(*argv);
-	    if (ccount <= 0)
-		usage();
-	} else if (strcmp(*argv, "-mcount") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    mcount = atoi(*argv);
-	    if (mcount < 0)
-		usage();
-	} else if (strcmp(*argv, "-na") == 0) {
-	    auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
-	} else if (strcmp(*argv, "-nw") == 0) {
-	    wrap_flag = 0;
-	} else if (strcmp(*argv, "-nx") == 0) {
-	    encrypt_flag = 0;
-	} else if (strcmp(*argv, "-nm") == 0) {
-	    mic_flag = 0;
-	} else if (strcmp(*argv, "-v1") == 0) {
-	    v1_format = 1;
-	} else
-	    break;
-	argc--;
-	argv++;
+        else if (strcmp(*argv, "-d") == 0) {
+            gss_flags |= GSS_C_DELEG_FLAG;
+        } else if (strcmp(*argv, "-seq") == 0) {
+            gss_flags |= GSS_C_SEQUENCE_FLAG;
+        } else if (strcmp(*argv, "-noreplay") == 0) {
+            gss_flags &= ~GSS_C_REPLAY_FLAG;
+        } else if (strcmp(*argv, "-nomutual") == 0) {
+            gss_flags &= ~GSS_C_MUTUAL_FLAG;
+        } else if (strcmp(*argv, "-f") == 0) {
+            use_file = 1;
+        } else if (strcmp(*argv, "-q") == 0) {
+            verbose = 0;
+        } else if (strcmp(*argv, "-ccount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            ccount = atoi(*argv);
+            if (ccount <= 0)
+                usage();
+        } else if (strcmp(*argv, "-mcount") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            mcount = atoi(*argv);
+            if (mcount < 0)
+                usage();
+        } else if (strcmp(*argv, "-na") == 0) {
+            auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
+        } else if (strcmp(*argv, "-nw") == 0) {
+            wrap_flag = 0;
+        } else if (strcmp(*argv, "-nx") == 0) {
+            encrypt_flag = 0;
+        } else if (strcmp(*argv, "-nm") == 0) {
+            mic_flag = 0;
+        } else if (strcmp(*argv, "-v1") == 0) {
+            v1_format = 1;
+        } else
+            break;
+        argc--;
+        argv++;
     }
     if (argc != 3)
-	usage();
+        usage();
 
 #ifdef _WIN32
     if (max_threads < 1) {
-	fprintf(stderr, "warning: there must be at least one thread\n");
-	max_threads = 1;
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
     }
 #endif
 
@@ -777,32 +773,32 @@ main(argc, argv)
     msg = *argv++;
 
     if (mechanism)
-	parse_oid(mechanism, &oid);
+        parse_oid(mechanism, &oid);
 
     if (max_threads == 1) {
-	for (i = 0; i < ccount; i++) {
-	    worker_bee(0);
-	}
+        for (i = 0; i < ccount; i++) {
+            worker_bee(0);
+        }
     } else {
 #ifdef _WIN32
-	for (i = 0; i < ccount; i++) {
-	    if (WaitAndIncrementThreadCounter()) {
-		uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
-		if (handle == (uintptr_t) - 1) {
-		    exit(1);
-		}
-	    } else {
-		exit(1);
-	    }
-	}
+        for (i = 0; i < ccount; i++) {
+            if (WaitAndIncrementThreadCounter()) {
+                uintptr_t handle = _beginthread(worker_bee, 0, (void *) 0);
+                if (handle == (uintptr_t) - 1) {
+                    exit(1);
+                }
+            } else {
+                exit(1);
+            }
+        }
 #else
-	/* boom */
-	assert(max_threads == 1);
+        /* boom */
+        assert(max_threads == 1);
 #endif
     }
 
     if (oid != GSS_C_NULL_OID)
-	(void) gss_release_oid(&min_stat, &oid);
+        (void) gss_release_oid(&min_stat, &oid);
 
 #ifdef _WIN32
     CleanupHandles();
diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c
index 3abb0ce..77a0a61 100644
--- a/src/appl/gss-sample/gss-misc.c
+++ b/src/appl/gss-sample/gss-misc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -95,14 +96,14 @@ write_all(int fildes, char *buf, unsigned int nbyte)
     char   *ptr;
 
     for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
-	ret = send(fildes, ptr, nbyte, 0);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    return (ret);
-	} else if (ret == 0) {
-	    return (ptr - buf);
-	}
+        ret = send(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return (ret);
+        } else if (ret == 0) {
+            return (ptr - buf);
+        }
     }
 
     return (ptr - buf);
@@ -122,17 +123,17 @@ read_all(int fildes, char *buf, unsigned int nbyte)
     tv.tv_usec = 0;
 
     for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
-	if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
-	    || !FD_ISSET(fildes, &rfds))
-	    return (ptr - buf);
-	ret = recv(fildes, ptr, nbyte, 0);
-	if (ret < 0) {
-	    if (errno == EINTR)
-		continue;
-	    return (ret);
-	} else if (ret == 0) {
-	    return (ptr - buf);
-	}
+        if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0
+            || !FD_ISSET(fildes, &rfds))
+            return (ptr - buf);
+        ret = recv(fildes, ptr, nbyte, 0);
+        if (ret < 0) {
+            if (errno == EINTR)
+                continue;
+            return (ret);
+        } else if (ret == 0) {
+            return (ptr - buf);
+        }
     }
 
     return (ptr - buf);
@@ -145,9 +146,9 @@ read_all(int fildes, char *buf, unsigned int nbyte)
  *
  * Arguments:
  *
- * 	s		(r) an open file descriptor
- *	flags		(r) the flags to write
- * 	tok		(r) the token to write
+ *      s               (r) an open file descriptor
+ *      flags           (r) the flags to write
+ *      tok             (r) the token to write
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -170,14 +171,14 @@ send_token(s, flags, tok)
     unsigned char lenbuf[4];
 
     if (char_flags) {
-	ret = write_all(s, (char *) &char_flags, 1);
-	if (ret != 1) {
-	    perror("sending token flags");
-	    return -1;
-	}
+        ret = write_all(s, (char *) &char_flags, 1);
+        if (ret != 1) {
+            perror("sending token flags");
+            return -1;
+        }
     }
     if (tok->length > 0xffffffffUL)
-	abort();
+        abort();
     lenbuf[0] = (tok->length >> 24) & 0xff;
     lenbuf[1] = (tok->length >> 16) & 0xff;
     lenbuf[2] = (tok->length >> 8) & 0xff;
@@ -185,25 +186,25 @@ send_token(s, flags, tok)
 
     ret = write_all(s, lenbuf, 4);
     if (ret < 0) {
-	perror("sending token length");
-	return -1;
+        perror("sending token length");
+        return -1;
     } else if (ret != 4) {
-	if (display_file)
-	    fprintf(display_file,
-		    "sending token length: %d of %d bytes written\n", ret, 4);
-	return -1;
+        if (display_file)
+            fprintf(display_file,
+                    "sending token length: %d of %d bytes written\n", ret, 4);
+        return -1;
     }
 
     ret = write_all(s, tok->value, tok->length);
     if (ret < 0) {
-	perror("sending token data");
-	return -1;
+        perror("sending token data");
+        return -1;
     } else if (ret != tok->length) {
-	if (display_file)
-	    fprintf(display_file,
-		    "sending token data: %d of %d bytes written\n",
-		    ret, (int) tok->length);
-	return -1;
+        if (display_file)
+            fprintf(display_file,
+                    "sending token data: %d of %d bytes written\n",
+                    ret, (int) tok->length);
+        return -1;
     }
 
     return 0;
@@ -216,9 +217,9 @@ send_token(s, flags, tok)
  *
  * Arguments:
  *
- * 	s		(r) an open file descriptor
- *	flags		(w) the read flags
- * 	tok		(w) the read token
+ *      s               (r) an open file descriptor
+ *      flags           (w) the read flags
+ *      tok             (w) the read token
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -244,62 +245,62 @@ recv_token(s, flags, tok)
 
     ret = read_all(s, (char *) &char_flags, 1);
     if (ret < 0) {
-	perror("reading token flags");
-	return -1;
+        perror("reading token flags");
+        return -1;
     } else if (!ret) {
-	if (display_file)
-	    fputs("reading token flags: 0 bytes read\n", display_file);
-	return -1;
+        if (display_file)
+            fputs("reading token flags: 0 bytes read\n", display_file);
+        return -1;
     } else {
-	*flags = (int) char_flags;
+        *flags = (int) char_flags;
     }
 
     if (char_flags == 0) {
-	lenbuf[0] = 0;
-	ret = read_all(s, &lenbuf[1], 3);
-	if (ret < 0) {
-	    perror("reading token length");
-	    return -1;
-	} else if (ret != 3) {
-	    if (display_file)
-		fprintf(display_file,
-			"reading token length: %d of %d bytes read\n", ret, 3);
-	    return -1;
-	}
+        lenbuf[0] = 0;
+        ret = read_all(s, &lenbuf[1], 3);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 3) {
+            if (display_file)
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 3);
+            return -1;
+        }
     } else {
-	ret = read_all(s, lenbuf, 4);
-	if (ret < 0) {
-	    perror("reading token length");
-	    return -1;
-	} else if (ret != 4) {
-	    if (display_file)
-		fprintf(display_file,
-			"reading token length: %d of %d bytes read\n", ret, 4);
-	    return -1;
-	}
+        ret = read_all(s, lenbuf, 4);
+        if (ret < 0) {
+            perror("reading token length");
+            return -1;
+        } else if (ret != 4) {
+            if (display_file)
+                fprintf(display_file,
+                        "reading token length: %d of %d bytes read\n", ret, 4);
+            return -1;
+        }
     }
 
     tok->length = ((lenbuf[0] << 24)
-		   | (lenbuf[1] << 16)
-		   | (lenbuf[2] << 8)
-		   | lenbuf[3]);
+                   | (lenbuf[1] << 16)
+                   | (lenbuf[2] << 8)
+                   | lenbuf[3]);
     tok->value = (char *) malloc(tok->length ? tok->length : 1);
     if (tok->length && tok->value == NULL) {
-	if (display_file)
-	    fprintf(display_file, "Out of memory allocating token data\n");
-	return -1;
+        if (display_file)
+            fprintf(display_file, "Out of memory allocating token data\n");
+        return -1;
     }
 
     ret = read_all(s, (char *) tok->value, tok->length);
     if (ret < 0) {
-	perror("reading token data");
-	free(tok->value);
-	return -1;
+        perror("reading token data");
+        free(tok->value);
+        return -1;
     } else if (ret != tok->length) {
-	fprintf(stderr, "sending token data: %d of %d bytes written\n",
-		ret, (int) tok->length);
-	free(tok->value);
-	return -1;
+        fprintf(stderr, "sending token data: %d of %d bytes written\n",
+                ret, (int) tok->length);
+        free(tok->value);
+        return -1;
     }
 
     return 0;
@@ -317,15 +318,15 @@ display_status_1(m, code, type)
 
     msg_ctx = 0;
     while (1) {
-	maj_stat = gss_display_status(&min_stat, code,
-				      type, GSS_C_NULL_OID, &msg_ctx, &msg);
-	if (display_file)
-	    fprintf(display_file, "GSS-API error %s: %s\n", m,
-		    (char *) msg.value);
-	(void) gss_release_buffer(&min_stat, &msg);
-
-	if (!msg_ctx)
-	    break;
+        maj_stat = gss_display_status(&min_stat, code,
+                                      type, GSS_C_NULL_OID, &msg_ctx, &msg);
+        if (display_file)
+            fprintf(display_file, "GSS-API error %s: %s\n", m,
+                    (char *) msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
     }
 }
 
@@ -336,9 +337,9 @@ display_status_1(m, code, type)
  *
  * Arguments:
  *
- * 	msg		a string to be displayed with the message
- * 	maj_stat	the GSS-API major status code
- * 	min_stat	the GSS-API minor status code
+ *      msg             a string to be displayed with the message
+ *      maj_stat        the GSS-API major status code
+ *      min_stat        the GSS-API minor status code
  *
  * Effects:
  *
@@ -360,11 +361,11 @@ display_status(msg, maj_stat, min_stat)
  * Function: display_ctx_flags
  *
  * Purpose: displays the flags returned by context initation in
- *	    a human-readable form
+ *          a human-readable form
  *
  * Arguments:
  *
- * 	int		ret_flags
+ *      int             ret_flags
  *
  * Effects:
  *
@@ -377,17 +378,17 @@ display_ctx_flags(flags)
     OM_uint32 flags;
 {
     if (flags & GSS_C_DELEG_FLAG)
-	fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
+        fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n");
     if (flags & GSS_C_MUTUAL_FLAG)
-	fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
+        fprintf(display_file, "context flag: GSS_C_MUTUAL_FLAG\n");
     if (flags & GSS_C_REPLAY_FLAG)
-	fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
+        fprintf(display_file, "context flag: GSS_C_REPLAY_FLAG\n");
     if (flags & GSS_C_SEQUENCE_FLAG)
-	fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
+        fprintf(display_file, "context flag: GSS_C_SEQUENCE_FLAG\n");
     if (flags & GSS_C_CONF_FLAG)
-	fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
+        fprintf(display_file, "context flag: GSS_C_CONF_FLAG \n");
     if (flags & GSS_C_INTEG_FLAG)
-	fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
+        fprintf(display_file, "context flag: GSS_C_INTEG_FLAG \n");
 }
 
 void
@@ -398,12 +399,12 @@ print_token(tok)
     unsigned char *p = tok->value;
 
     if (!display_file)
-	return;
+        return;
     for (i = 0; i < tok->length; i++, p++) {
-	fprintf(display_file, "%02x ", *p);
-	if ((i % 16) == 15) {
-	    fprintf(display_file, "\n");
-	}
+        fprintf(display_file, "%02x ", *p);
+        if ((i % 16) == 15) {
+            fprintf(display_file, "\n");
+        }
     }
     fprintf(display_file, "\n");
     fflush(display_file);
@@ -420,8 +421,8 @@ gettimeofday(struct timeval *tv, void *ignore_tz)
     _tzset();
     _ftime(&tb);
     if (tv) {
-	tv->tv_sec = tb.time;
-	tv->tv_usec = tb.millitm * 1000;
+        tv->tv_sec = tb.time;
+        tv->tv_usec = tb.millitm * 1000;
     }
     return 0;
 }
diff --git a/src/appl/gss-sample/gss-misc.h b/src/appl/gss-sample/gss-misc.h
index 77d8190..98bcc22 100644
--- a/src/appl/gss-sample/gss-misc.h
+++ b/src/appl/gss-sample/gss-misc.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -32,28 +33,23 @@
 
 extern FILE *display_file;
 
-int send_token
-	(int s, int flags, gss_buffer_t tok);
-int recv_token
-	(int s, int *flags, gss_buffer_t tok);
-void display_status
-	(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
-void display_ctx_flags
-	(OM_uint32 flags);
-void print_token
-	(gss_buffer_t tok);
+int send_token(int s, int flags, gss_buffer_t tok);
+int recv_token(int s, int *flags, gss_buffer_t tok);
+void display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat);
+void display_ctx_flags(OM_uint32 flags);
+void print_token(gss_buffer_t tok);
 
 /* Token types */
-#define TOKEN_NOOP		(1<<0)
-#define TOKEN_CONTEXT		(1<<1)
-#define TOKEN_DATA		(1<<2)
-#define TOKEN_MIC		(1<<3)
+#define TOKEN_NOOP              (1<<0)
+#define TOKEN_CONTEXT           (1<<1)
+#define TOKEN_DATA              (1<<2)
+#define TOKEN_MIC               (1<<3)
 
 /* Token flags */
-#define TOKEN_CONTEXT_NEXT	(1<<4)
-#define TOKEN_WRAPPED		(1<<5)
-#define TOKEN_ENCRYPTED		(1<<6)
-#define TOKEN_SEND_MIC		(1<<7)
+#define TOKEN_CONTEXT_NEXT      (1<<4)
+#define TOKEN_WRAPPED           (1<<5)
+#define TOKEN_ENCRYPTED         (1<<6)
+#define TOKEN_SEND_MIC          (1<<7)
 
 extern gss_buffer_t empty_token;
 
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index 158414d..0e2a275 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -74,7 +75,7 @@ usage()
 #endif
     fprintf(stderr, "\n");
     fprintf(stderr,
-	    "       [-inetd] [-export] [-logfile file] service_name\n");
+            "       [-inetd] [-export] [-logfile file] service_name\n");
     exit(1);
 }
 
@@ -89,8 +90,8 @@ int     verbose = 0;
  *
  * Arguments:
  *
- * 	service_name	(r) the ASCII service name
- * 	server_creds	(w) the GSS-API service credentials
+ *      service_name    (r) the ASCII service name
+ *      server_creds    (w) the GSS-API service credentials
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -102,9 +103,7 @@ int     verbose = 0;
  * 0 is returned.
  */
 static int
-server_acquire_creds(service_name, server_creds)
-    char   *service_name;
-    gss_cred_id_t *server_creds;
+server_acquire_creds(char *service_name, gss_cred_id_t *server_creds)
 {
     gss_buffer_desc name_buf;
     gss_name_t server_name;
@@ -113,18 +112,18 @@ server_acquire_creds(service_name, server_creds)
     name_buf.value = service_name;
     name_buf.length = strlen(name_buf.value) + 1;
     maj_stat = gss_import_name(&min_stat, &name_buf,
-			       (gss_OID) gss_nt_service_name, &server_name);
+                               (gss_OID) gss_nt_service_name, &server_name);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("importing name", maj_stat, min_stat);
-	return -1;
+        display_status("importing name", maj_stat, min_stat);
+        return -1;
     }
 
     maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
-				GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
-				server_creds, NULL, NULL);
+                                GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+                                server_creds, NULL, NULL);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("acquiring credentials", maj_stat, min_stat);
-	return -1;
+        display_status("acquiring credentials", maj_stat, min_stat);
+        return -1;
     }
 
     (void) gss_release_name(&min_stat, &server_name);
@@ -141,10 +140,10 @@ server_acquire_creds(service_name, server_creds)
  *
  * Arguments:
  *
- * 	s		(r) an established TCP connection to the client
- * 	service_creds	(r) server credentials, from gss_acquire_cred
- * 	context		(w) the established GSS-API context
- * 	client_name	(w) the client's ASCII name
+ *      s               (r) an established TCP connection to the client
+ *      service_creds   (r) server credentials, from gss_acquire_cred
+ *      context         (w) the established GSS-API context
+ *      client_name     (w) the client's ASCII name
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -156,12 +155,9 @@ server_acquire_creds(service_name, server_creds)
  * message is displayed and -1 is returned.
  */
 static int
-server_establish_context(s, server_creds, context, client_name, ret_flags)
-    int     s;
-    gss_cred_id_t server_creds;
-    gss_ctx_id_t *context;
-    gss_buffer_t client_name;
-    OM_uint32 *ret_flags;
+server_establish_context(int s, gss_cred_id_t server_creds,
+                         gss_ctx_id_t *context, gss_buffer_t client_name,
+                         OM_uint32 *ret_flags)
 {
     gss_buffer_desc send_tok, recv_tok;
     gss_name_t client;
@@ -171,104 +167,109 @@ server_establish_context(s, server_creds, context, client_name, ret_flags)
     int     token_flags;
 
     if (recv_token(s, &token_flags, &recv_tok) < 0)
-	return -1;
+        return -1;
 
     if (recv_tok.value) {
-	free(recv_tok.value);
-	recv_tok.value = NULL;
+        free(recv_tok.value);
+        recv_tok.value = NULL;
     }
 
     if (!(token_flags & TOKEN_NOOP)) {
-	if (logfile)
-	    fprintf(logfile, "Expected NOOP token, got %d token instead\n",
-		    token_flags);
-	return -1;
+        if (logfile)
+            fprintf(logfile, "Expected NOOP token, got %d token instead\n",
+                    token_flags);
+        return -1;
     }
 
     *context = GSS_C_NO_CONTEXT;
 
     if (token_flags & TOKEN_CONTEXT_NEXT) {
-	do {
-	    if (recv_token(s, &token_flags, &recv_tok) < 0)
-		return -1;
-
-	    if (verbose && logfile) {
-		fprintf(logfile, "Received token (size=%d): \n",
-			(int) recv_tok.length);
-		print_token(&recv_tok);
-	    }
-
-	    maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context, server_creds, &recv_tok, GSS_C_NO_CHANNEL_BINDINGS, &client, &doid, &send_tok, ret_flags, NULL,	/* ignore time_rec */
-					      NULL);	/* ignore del_cred_handle */
-
-	    if (recv_tok.value) {
-		free(recv_tok.value);
-		recv_tok.value = NULL;
-	    }
-
-	    if (send_tok.length != 0) {
-		if (verbose && logfile) {
-		    fprintf(logfile,
-			    "Sending accept_sec_context token (size=%d):\n",
-			    (int) send_tok.length);
-		    print_token(&send_tok);
-		}
-		if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
-		    if (logfile)
-			fprintf(logfile, "failure sending token\n");
-		    return -1;
-		}
-
-		(void) gss_release_buffer(&min_stat, &send_tok);
-	    }
-	    if (maj_stat != GSS_S_COMPLETE
-		&& maj_stat != GSS_S_CONTINUE_NEEDED) {
-		display_status("accepting context", maj_stat,
-			       acc_sec_min_stat);
-		if (*context != GSS_C_NO_CONTEXT)
-		    gss_delete_sec_context(&min_stat, context,
-					   GSS_C_NO_BUFFER);
-		return -1;
-	    }
-
-	    if (verbose && logfile) {
-		if (maj_stat == GSS_S_CONTINUE_NEEDED)
-		    fprintf(logfile, "continue needed...\n");
-		else
-		    fprintf(logfile, "\n");
-		fflush(logfile);
-	    }
-	} while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
-	/* display the flags */
-	display_ctx_flags(*ret_flags);
-
-	if (verbose && logfile) {
-	    maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("converting oid->string", maj_stat, min_stat);
-		return -1;
-	    }
-	    fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
-		    (int) oid_name.length, (char *) oid_name.value);
-	    (void) gss_release_buffer(&min_stat, &oid_name);
-	}
-
-	maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("displaying name", maj_stat, min_stat);
-	    return -1;
-	}
-	maj_stat = gss_release_name(&min_stat, &client);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("releasing name", maj_stat, min_stat);
-	    return -1;
-	}
+        do {
+            if (recv_token(s, &token_flags, &recv_tok) < 0)
+                return -1;
+
+            if (verbose && logfile) {
+                fprintf(logfile, "Received token (size=%d): \n",
+                        (int) recv_tok.length);
+                print_token(&recv_tok);
+            }
+
+            maj_stat = gss_accept_sec_context(&acc_sec_min_stat, context,
+                                              server_creds, &recv_tok,
+                                              GSS_C_NO_CHANNEL_BINDINGS,
+                                              &client, &doid, &send_tok,
+                                              ret_flags,
+                                              NULL,  /* time_rec */
+                                              NULL); /* del_cred_handle */
+
+            if (recv_tok.value) {
+                free(recv_tok.value);
+                recv_tok.value = NULL;
+            }
+
+            if (send_tok.length != 0) {
+                if (verbose && logfile) {
+                    fprintf(logfile,
+                            "Sending accept_sec_context token (size=%d):\n",
+                            (int) send_tok.length);
+                    print_token(&send_tok);
+                }
+                if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+                    if (logfile)
+                        fprintf(logfile, "failure sending token\n");
+                    return -1;
+                }
+
+                (void) gss_release_buffer(&min_stat, &send_tok);
+            }
+            if (maj_stat != GSS_S_COMPLETE
+                && maj_stat != GSS_S_CONTINUE_NEEDED) {
+                display_status("accepting context", maj_stat,
+                               acc_sec_min_stat);
+                if (*context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose && logfile) {
+                if (maj_stat == GSS_S_CONTINUE_NEEDED)
+                    fprintf(logfile, "continue needed...\n");
+                else
+                    fprintf(logfile, "\n");
+                fflush(logfile);
+            }
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        /* display the flags */
+        display_ctx_flags(*ret_flags);
+
+        if (verbose && logfile) {
+            maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
+                    (int) oid_name.length, (char *) oid_name.value);
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+
+        maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_release_name(&min_stat, &client);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("releasing name", maj_stat, min_stat);
+            return -1;
+        }
     } else {
-	client_name->length = *ret_flags = 0;
+        client_name->length = *ret_flags = 0;
 
-	if (logfile)
-	    fprintf(logfile, "Accepted unauthenticated connection.\n");
+        if (logfile)
+            fprintf(logfile, "Accepted unauthenticated connection.\n");
     }
 
     return 0;
@@ -281,7 +282,7 @@ server_establish_context(s, server_creds, context, client_name, ret_flags)
  *
  * Arguments:
  *
- * 	port		(r) the port number on which to listen
+ *      port            (r) the port number on which to listen
  *
  * Returns: the listening socket file descriptor, or -1 on failure
  *
@@ -291,8 +292,7 @@ server_establish_context(s, server_creds, context, client_name, ret_flags)
  * On error, an error message is displayed and -1 is returned.
  */
 static int
-create_socket(port)
-    u_short port;
+create_socket(u_short port)
 {
     struct sockaddr_in saddr;
     int     s;
@@ -303,40 +303,38 @@ create_socket(port)
     saddr.sin_addr.s_addr = INADDR_ANY;
 
     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-	perror("creating socket");
-	return -1;
+        perror("creating socket");
+        return -1;
     }
     /* Let the socket be reused right away */
     (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof(on));
     if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
-	perror("binding socket");
-	(void) close(s);
-	return -1;
+        perror("binding socket");
+        (void) close(s);
+        return -1;
     }
     if (listen(s, 5) < 0) {
-	perror("listening on socket");
-	(void) close(s);
-	return -1;
+        perror("listening on socket");
+        (void) close(s);
+        return -1;
     }
     return s;
 }
 
 static float
-timeval_subtract(tv1, tv2)
-    struct timeval *tv1, *tv2;
+timeval_subtract(struct timeval *tv1, struct timeval *tv2)
 {
     return ((tv1->tv_sec - tv2->tv_sec) +
-	    ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+            ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
 }
 
 /*
  * Yes, yes, this isn't the best place for doing this test.
  * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
- * 					-TYT
+ *                                      -TYT
  */
 static int
-test_import_export_context(context)
-    gss_ctx_id_t *context;
+test_import_export_context(gss_ctx_id_t *context)
 {
     OM_uint32 min_stat, maj_stat;
     gss_buffer_desc context_token, copied_token;
@@ -348,32 +346,32 @@ test_import_export_context(context)
     gettimeofday(&tm1, (struct timezone *) 0);
     maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("exporting context", maj_stat, min_stat);
-	return 1;
+        display_status("exporting context", maj_stat, min_stat);
+        return 1;
     }
     gettimeofday(&tm2, (struct timezone *) 0);
     if (verbose && logfile)
-	fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
-		(int) context_token.length, timeval_subtract(&tm2, &tm1));
+        fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
+                (int) context_token.length, timeval_subtract(&tm2, &tm1));
     copied_token.length = context_token.length;
     copied_token.value = malloc(context_token.length);
     if (copied_token.value == 0) {
-	if (logfile)
-	    fprintf(logfile,
-		    "Couldn't allocate memory to copy context token.\n");
-	return 1;
+        if (logfile)
+            fprintf(logfile,
+                    "Couldn't allocate memory to copy context token.\n");
+        return 1;
     }
     memcpy(copied_token.value, context_token.value, copied_token.length);
     maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("importing context", maj_stat, min_stat);
-	return 1;
+        display_status("importing context", maj_stat, min_stat);
+        return 1;
     }
     free(copied_token.value);
     gettimeofday(&tm1, (struct timezone *) 0);
     if (verbose && logfile)
-	fprintf(logfile, "Importing context: %7.4f seconds\n",
-		timeval_subtract(&tm1, &tm2));
+        fprintf(logfile, "Importing context: %7.4f seconds\n",
+                timeval_subtract(&tm1, &tm2));
     (void) gss_release_buffer(&min_stat, &context_token);
     return 0;
 }
@@ -385,11 +383,11 @@ test_import_export_context(context)
  *
  * Arguments:
  *
- * 	s		(r) a TCP socket on which a connection has been
- *			accept()ed
- * 	service_name	(r) the ASCII name of the GSS-API service to
- * 			establish a context as
- *	export		(r) whether to test context exporting
+ *      s               (r) a TCP socket on which a connection has been
+ *                      accept()ed
+ *      service_name    (r) the ASCII name of the GSS-API service to
+ *                      establish a context as
+ *      export          (r) whether to test context exporting
  *
  * Returns: -1 on error
  *
@@ -405,10 +403,7 @@ test_import_export_context(context)
  * If any error occurs, -1 is returned.
  */
 static int
-sign_server(s, server_creds, export)
-    int     s;
-    gss_cred_id_t server_creds;
-    int     export;
+sign_server(int s, gss_cred_id_t server_creds, int export)
 {
     gss_buffer_desc client_name, xmit_buf, msg_buf;
     gss_ctx_id_t context;
@@ -419,134 +414,134 @@ sign_server(s, server_creds, export)
 
     /* Establish a context with the client */
     if (server_establish_context(s, server_creds, &context,
-				 &client_name, &ret_flags) < 0)
-	return (-1);
+                                 &client_name, &ret_flags) < 0)
+        return (-1);
 
     if (context == GSS_C_NO_CONTEXT) {
-	printf("Accepted unauthenticated connection.\n");
+        printf("Accepted unauthenticated connection.\n");
     } else {
-	printf("Accepted connection: \"%.*s\"\n",
-	       (int) client_name.length, (char *) client_name.value);
-	(void) gss_release_buffer(&min_stat, &client_name);
-
-	if (export) {
-	    for (i = 0; i < 3; i++)
-		if (test_import_export_context(&context))
-		    return -1;
-	}
+        printf("Accepted connection: \"%.*s\"\n",
+               (int) client_name.length, (char *) client_name.value);
+        (void) gss_release_buffer(&min_stat, &client_name);
+
+        if (export) {
+            for (i = 0; i < 3; i++)
+                if (test_import_export_context(&context))
+                    return -1;
+        }
     }
 
     do {
-	/* Receive the message token */
-	if (recv_token(s, &token_flags, &xmit_buf) < 0)
-	    return (-1);
-
-	if (token_flags & TOKEN_NOOP) {
-	    if (logfile)
-		fprintf(logfile, "NOOP token\n");
-	    if (xmit_buf.value) {
-		free(xmit_buf.value);
-		xmit_buf.value = 0;
-	    }
-	    break;
-	}
-
-	if (verbose && logfile) {
-	    fprintf(logfile, "Message token (flags=%d):\n", token_flags);
-	    print_token(&xmit_buf);
-	}
-
-	if ((context == GSS_C_NO_CONTEXT) &&
-	    (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
-	{
-	    if (logfile)
-		fprintf(logfile,
-			"Unauthenticated client requested authenticated services!\n");
-	    if (xmit_buf.value) {
-		free(xmit_buf.value);
-		xmit_buf.value = 0;
-	    }
-	    return (-1);
-	}
-
-	if (token_flags & TOKEN_WRAPPED) {
-	    maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
-				  &conf_state, (gss_qop_t *) NULL);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("unsealing message", maj_stat, min_stat);
-		if (xmit_buf.value) {
-		    free(xmit_buf.value);
-		    xmit_buf.value = 0;
-		}
-		return (-1);
-	    } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
-		fprintf(stderr, "Warning!  Message not encrypted.\n");
-	    }
-
-	    if (xmit_buf.value) {
-		free(xmit_buf.value);
-		xmit_buf.value = 0;
-	    }
-	} else {
-	    msg_buf = xmit_buf;
-	}
-
-	if (logfile) {
-	    fprintf(logfile, "Received message: ");
-	    cp = msg_buf.value;
-	    if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
-		(isprint((int) cp[1]) || isspace((int) cp[1]))) {
-		fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
-			(char *) msg_buf.value);
-	    } else {
-		fprintf(logfile, "\n");
-		print_token(&msg_buf);
-	    }
-	}
-
-	if (token_flags & TOKEN_SEND_MIC) {
-	    /* Produce a signature block for the message */
-	    maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
-				   &msg_buf, &xmit_buf);
-	    if (maj_stat != GSS_S_COMPLETE) {
-		display_status("signing message", maj_stat, min_stat);
-		return (-1);
-	    }
-
-	    if (msg_buf.value) {
-		free(msg_buf.value);
-		msg_buf.value = 0;
-	    }
-
-	    /* Send the signature block to the client */
-	    if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
-		return (-1);
-
-	    if (xmit_buf.value) {
-		free(xmit_buf.value);
-		xmit_buf.value = 0;
-	    }
-	} else {
-	    if (msg_buf.value) {
-		free(msg_buf.value);
-		msg_buf.value = 0;
-	    }
-	    if (send_token(s, TOKEN_NOOP, empty_token) < 0)
-		return (-1);
-	}
+        /* Receive the message token */
+        if (recv_token(s, &token_flags, &xmit_buf) < 0)
+            return (-1);
+
+        if (token_flags & TOKEN_NOOP) {
+            if (logfile)
+                fprintf(logfile, "NOOP token\n");
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            break;
+        }
+
+        if (verbose && logfile) {
+            fprintf(logfile, "Message token (flags=%d):\n", token_flags);
+            print_token(&xmit_buf);
+        }
+
+        if ((context == GSS_C_NO_CONTEXT) &&
+            (token_flags & (TOKEN_WRAPPED | TOKEN_ENCRYPTED | TOKEN_SEND_MIC)))
+        {
+            if (logfile)
+                fprintf(logfile,
+                        "Unauthenticated client requested authenticated services!\n");
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+            return (-1);
+        }
+
+        if (token_flags & TOKEN_WRAPPED) {
+            maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
+                                  &conf_state, (gss_qop_t *) NULL);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("unsealing message", maj_stat, min_stat);
+                if (xmit_buf.value) {
+                    free(xmit_buf.value);
+                    xmit_buf.value = 0;
+                }
+                return (-1);
+            } else if (!conf_state && (token_flags & TOKEN_ENCRYPTED)) {
+                fprintf(stderr, "Warning!  Message not encrypted.\n");
+            }
+
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        } else {
+            msg_buf = xmit_buf;
+        }
+
+        if (logfile) {
+            fprintf(logfile, "Received message: ");
+            cp = msg_buf.value;
+            if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
+                (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+                fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
+                        (char *) msg_buf.value);
+            } else {
+                fprintf(logfile, "\n");
+                print_token(&msg_buf);
+            }
+        }
+
+        if (token_flags & TOKEN_SEND_MIC) {
+            /* Produce a signature block for the message */
+            maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
+                                   &msg_buf, &xmit_buf);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("signing message", maj_stat, min_stat);
+                return (-1);
+            }
+
+            if (msg_buf.value) {
+                free(msg_buf.value);
+                msg_buf.value = 0;
+            }
+
+            /* Send the signature block to the client */
+            if (send_token(s, TOKEN_MIC, &xmit_buf) < 0)
+                return (-1);
+
+            if (xmit_buf.value) {
+                free(xmit_buf.value);
+                xmit_buf.value = 0;
+            }
+        } else {
+            if (msg_buf.value) {
+                free(msg_buf.value);
+                msg_buf.value = 0;
+            }
+            if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+                return (-1);
+        }
     } while (1 /* loop will break if NOOP received */ );
 
     if (context != GSS_C_NO_CONTEXT) {
-	/* Delete context */
-	maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    display_status("deleting context", maj_stat, min_stat);
-	    return (-1);
-	}
+        /* Delete context */
+        maj_stat = gss_delete_sec_context(&min_stat, &context, NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("deleting context", maj_stat, min_stat);
+            return (-1);
+        }
     }
 
     if (logfile)
-	fflush(logfile);
+        fflush(logfile);
 
     return (0);
 }
@@ -576,23 +571,23 @@ BOOL
 WaitAndIncrementThreadCounter(void)
 {
     for (;;) {
-	if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
-	    if (thread_count < max_threads) {
-		thread_count++;
-		ReleaseMutex(hMutex);
-		return TRUE;
-	    } else {
-		ReleaseMutex(hMutex);
-
-		if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
-		    continue;
-		} else {
-		    return FALSE;
-		}
-	    }
-	} else {
-	    return FALSE;
-	}
+        if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
+            if (thread_count < max_threads) {
+                thread_count++;
+                ReleaseMutex(hMutex);
+                return TRUE;
+            } else {
+                ReleaseMutex(hMutex);
+
+                if (WaitForSingleObject(hEvent, INFINITE) == WAIT_OBJECT_0) {
+                    continue;
+                } else {
+                    return FALSE;
+                }
+            }
+        } else {
+            return FALSE;
+        }
     }
 }
 
@@ -600,13 +595,13 @@ BOOL
 DecrementAndSignalThreadCounter(void)
 {
     if (WaitForSingleObject(hMutex, INFINITE) == WAIT_OBJECT_0) {
-	if (thread_count == max_threads)
-	    ResetEvent(hEvent);
-	thread_count--;
-	ReleaseMutex(hMutex);
-	return TRUE;
+        if (thread_count == max_threads)
+            ResetEvent(hEvent);
+        thread_count--;
+        ReleaseMutex(hMutex);
+        return TRUE;
     } else {
-	return FALSE;
+        return FALSE;
     }
 }
 #endif
@@ -632,14 +627,12 @@ worker_bee(void *param)
 
 #ifdef _WIN32
     if (max_threads > 1)
-	DecrementAndSignalThreadCounter();
+        DecrementAndSignalThreadCounter();
 #endif
 }
 
 int
-main(argc, argv)
-    int     argc;
-    char  **argv;
+main(int argc, char **argv)
 {
     char   *service_name;
     gss_cred_id_t server_creds;
@@ -654,69 +647,69 @@ main(argc, argv)
     argc--;
     argv++;
     while (argc) {
-	if (strcmp(*argv, "-port") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    port = atoi(*argv);
-	}
+        if (strcmp(*argv, "-port") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            port = atoi(*argv);
+        }
 #ifdef _WIN32
-	else if (strcmp(*argv, "-threads") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    max_threads = atoi(*argv);
-	}
+        else if (strcmp(*argv, "-threads") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            max_threads = atoi(*argv);
+        }
 #endif
-	else if (strcmp(*argv, "-verbose") == 0) {
-	    verbose = 1;
-	} else if (strcmp(*argv, "-once") == 0) {
-	    once = 1;
-	} else if (strcmp(*argv, "-inetd") == 0) {
-	    do_inetd = 1;
-	} else if (strcmp(*argv, "-export") == 0) {
-	    export = 1;
-	} else if (strcmp(*argv, "-logfile") == 0) {
-	    argc--;
-	    argv++;
-	    if (!argc)
-		usage();
-	    /* Gross hack, but it makes it unnecessary to add an
-	     * extra argument to disable logging, and makes the code
-	     * more efficient because it doesn't actually write data
-	     * to /dev/null. */
-	    if (!strcmp(*argv, "/dev/null")) {
-		logfile = display_file = NULL;
-	    } else {
-		logfile = fopen(*argv, "a");
-		display_file = logfile;
-		if (!logfile) {
-		    perror(*argv);
-		    exit(1);
-		}
-	    }
-	} else
-	    break;
-	argc--;
-	argv++;
+        else if (strcmp(*argv, "-verbose") == 0) {
+            verbose = 1;
+        } else if (strcmp(*argv, "-once") == 0) {
+            once = 1;
+        } else if (strcmp(*argv, "-inetd") == 0) {
+            do_inetd = 1;
+        } else if (strcmp(*argv, "-export") == 0) {
+            export = 1;
+        } else if (strcmp(*argv, "-logfile") == 0) {
+            argc--;
+            argv++;
+            if (!argc)
+                usage();
+            /* Gross hack, but it makes it unnecessary to add an
+             * extra argument to disable logging, and makes the code
+             * more efficient because it doesn't actually write data
+             * to /dev/null. */
+            if (!strcmp(*argv, "/dev/null")) {
+                logfile = display_file = NULL;
+            } else {
+                logfile = fopen(*argv, "a");
+                display_file = logfile;
+                if (!logfile) {
+                    perror(*argv);
+                    exit(1);
+                }
+            }
+        } else
+            break;
+        argc--;
+        argv++;
     }
     if (argc != 1)
-	usage();
+        usage();
 
     if ((*argv)[0] == '-')
-	usage();
+        usage();
 
 #ifdef _WIN32
     if (max_threads < 1) {
-	fprintf(stderr, "warning: there must be at least one thread\n");
-	max_threads = 1;
+        fprintf(stderr, "warning: there must be at least one thread\n");
+        max_threads = 1;
     }
 
     if (max_threads > 1 && do_inetd)
-	fprintf(stderr,
-		"warning: one thread may be used in conjunction with inetd\n");
+        fprintf(stderr,
+                "warning: one thread may be used in conjunction with inetd\n");
 
     InitHandles();
 #endif
@@ -724,63 +717,63 @@ main(argc, argv)
     service_name = *argv;
 
     if (server_acquire_creds(service_name, &server_creds) < 0)
-	return -1;
+        return -1;
 
     if (do_inetd) {
-	close(1);
-	close(2);
+        close(1);
+        close(2);
 
-	sign_server(0, server_creds, export);
-	close(0);
+        sign_server(0, server_creds, export);
+        close(0);
     } else {
-	int     stmp;
+        int     stmp;
 
-	if ((stmp = create_socket(port)) >= 0) {
-	    if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
-		perror("listening on socket");
+        if ((stmp = create_socket(port)) >= 0) {
+            if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
+                perror("listening on socket");
 
-	    do {
-		struct _work_plan *work = malloc(sizeof(struct _work_plan));
+            do {
+                struct _work_plan *work = malloc(sizeof(struct _work_plan));
 
-		if (work == NULL) {
-		    fprintf(stderr, "fatal error: out of memory");
-		    break;
-		}
+                if (work == NULL) {
+                    fprintf(stderr, "fatal error: out of memory");
+                    break;
+                }
 
-		/* Accept a TCP connection */
-		if ((work->s = accept(stmp, NULL, 0)) < 0) {
-		    perror("accepting connection");
-		    continue;
-		}
+                /* Accept a TCP connection */
+                if ((work->s = accept(stmp, NULL, 0)) < 0) {
+                    perror("accepting connection");
+                    continue;
+                }
 
-		work->server_creds = server_creds;
-		work->export = export;
+                work->server_creds = server_creds;
+                work->export = export;
 
-		if (max_threads == 1) {
-		    worker_bee((void *) work);
-		}
+                if (max_threads == 1) {
+                    worker_bee((void *) work);
+                }
 #ifdef _WIN32
-		else {
-		    if (WaitAndIncrementThreadCounter()) {
-			uintptr_t handle =
-			    _beginthread(worker_bee, 0, (void *) work);
-			if (handle == (uintptr_t) - 1) {
-			    closesocket(work->s);
-			    free(work);
-			}
-		    } else {
-			fprintf(stderr,
-				"fatal error incrementing thread counter");
-			closesocket(work->s);
-			free(work);
-			break;
-		    }
-		}
+                else {
+                    if (WaitAndIncrementThreadCounter()) {
+                        uintptr_t handle =
+                            _beginthread(worker_bee, 0, (void *) work);
+                        if (handle == (uintptr_t) - 1) {
+                            closesocket(work->s);
+                            free(work);
+                        }
+                    } else {
+                        fprintf(stderr,
+                                "fatal error incrementing thread counter");
+                        closesocket(work->s);
+                        free(work);
+                        break;
+                    }
+                }
 #endif
-	    } while (!once);
+            } while (!once);
 
-	    closesocket(stmp);
-	}
+            closesocket(stmp);
+        }
     }
 
     (void) gss_release_cred(&min_stat, &server_creds);
diff --git a/src/appl/gssftp/Makefile.in b/src/appl/gssftp/Makefile.in
deleted file mode 100644
index 959316f..0000000
--- a/src/appl/gssftp/Makefile.in
+++ /dev/null
@@ -1,6 +0,0 @@
-thisconfigdir=.
-myfulldir=appl/gssftp
-mydir=.
-BUILDTOP=$(REL)..$(S)..
-SUBDIRS=ftp ftpd
-LDFLAGS = -g
diff --git a/src/appl/gssftp/README.gssftp b/src/appl/gssftp/README.gssftp
deleted file mode 100644
index e0dff52..0000000
--- a/src/appl/gssftp/README.gssftp
+++ /dev/null
@@ -1,45 +0,0 @@
-Notes on "Secure FTP" Implementation
-===============================================
-Mark Eichin <eichin@cygnus.com>, Cygnus Support
-last modified: 1995 Jan 14
-===============================================
-
-This implementation is supplied by Cygnus Support for inclusion in the MIT
-Kerberos V5 Release. 
-
-Copyrights:
-The original BSD ftp implementation is:
- * Copyright (c) 1980, 1983, 1985, 1988, 1989, 1990, 1991 Regents of the
-   University of California.
-
-History and Credits (as of 1995 Jan 14)
-================================================
-
-Steve Lunt at Bellcore developed the original V4 kerberized ftp. He
-also started writing the IETF ftpsec draft at the time. This was
-available to the public, and Cygnus eventually incorporated it into
-CNS V4.
-
-Steve Lunt left Bellcore, and dropped out of the computer security
-field altogether, after handing the draft off to Marc Horowitz at
-OpenVision, who was working on a commercial GSSAPI implementation.
-
-Marc Horowitz left OpenVision and is back at MIT currently; in the
-mean time, Cygnus took the V4 ftp and upgraded it to use GSSAPI and
-draft-08, as well as integrating it into the Kerberos V5 autoconf
-based configuration scheme.
-
-Bill Schoofs <wjs@cray.com> supplied corrections to the implementation
-to more correctly match draft 8, as well as correcting some of the
-remaining KERBEROS_V4 code.
-
-Karri Balk - Contractor <kbalk@cup.hp.com> supplied additional
-corrections based on interoperation testing with non-free
-implementations.
-
-Marc Horowitz has indicated that a draft 9 is forthcoming, with some
-clarifications based on experience with this implementation.
-
-No other free implementation of draft-8 is known at this time. 
-
-
diff --git a/src/appl/gssftp/arpa/ftp.h b/src/appl/gssftp/arpa/ftp.h
deleted file mode 100644
index e20285c..0000000
--- a/src/appl/gssftp/arpa/ftp.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 1983, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftp.h	5.6 (Berkeley) 4/3/91
- */
-
-#ifndef _FTP_H_
-#define	_FTP_H_
-
-/* Definitions for FTP; see RFC-765. */
-
-/*
- * Reply codes.
- */
-#define PRELIM		1	/* positive preliminary */
-#define COMPLETE	2	/* positive completion */
-#define CONTINUE	3	/* positive intermediate */
-#define TRANSIENT	4	/* transient negative completion */
-#define ERROR		5	/* permanent negative completion */
-
-/*
- * Type codes
- */
-#define	TYPE_A		1	/* ASCII */
-#define	TYPE_E		2	/* EBCDIC */
-#define	TYPE_I		3	/* image */
-#define	TYPE_L		4	/* local byte size */
-
-#ifdef FTP_NAMES
-char *typenames[] =  {"0", "ASCII", "EBCDIC", "Image", "Local" };
-#endif
-
-/*
- * Form codes
- */
-#define	FORM_N		1	/* non-print */
-#define	FORM_T		2	/* telnet format effectors */
-#define	FORM_C		3	/* carriage control (ASA) */
-#ifdef FTP_NAMES
-char *formnames[] =  {"0", "Nonprint", "Telnet", "Carriage-control" };
-#endif
-
-/*
- * Structure codes
- */
-#define	STRU_F		1	/* file (no record structure) */
-#define	STRU_R		2	/* record structure */
-#define	STRU_P		3	/* page structure */
-#ifdef FTP_NAMES
-char *strunames[] =  {"0", "File", "Record", "Page" };
-#endif
-
-/*
- * Mode types
- */
-#define	MODE_S		1	/* stream */
-#define	MODE_B		2	/* block */
-#define	MODE_C		3	/* compressed */
-#ifdef FTP_NAMES
-char *modenames[] =  {"0", "Stream", "Block", "Compressed" };
-#endif
-
-/*
- * Protection levels
- */
-#define	PROT_C		1	/* clear */
-#define	PROT_S		2	/* safe */
-#define	PROT_P		3	/* private */
-#define	PROT_E		4	/* confidential */
-
-#ifdef FTP_NAMES
-char *levelnames[] =  {"0", "Clear", "Safe", "Private", "Confidential" };
-#endif
-
-#if defined(KERBEROS) && defined(NOENCRYPTION)
-/* define away krb_rd_priv and krb_mk_priv.  Don't need them anyway. */
-/* This might not be the best place for this ... */
-#define krb_rd_priv(o,l,ses,s,h,c,m) krb_rd_safe(o,l,s,h,c,m)
-#define krb_mk_priv(i,o,l,ses,s,h,c) krb_mk_safe(i,o,l,s,h,c)
-#endif
-
-/*
- * Record Tokens
- */
-#define	REC_ESC		'\377'	/* Record-mode Escape */
-#define	REC_EOR		'\001'	/* Record-mode End-of-Record */
-#define REC_EOF		'\002'	/* Record-mode End-of-File */
-
-/*
- * Block Header
- */
-#define	BLK_EOR		0x80	/* Block is End-of-Record */
-#define	BLK_EOF		0x40	/* Block is End-of-File */
-#define BLK_ERRORS	0x20	/* Block is suspected of containing errors */
-#define	BLK_RESTART	0x10	/* Block is Restart Marker */
-
-#define	BLK_BYTECOUNT	2	/* Bytes in this block */
-
-#endif /* !_FTP_H_ */
diff --git a/src/appl/gssftp/arpa/telnet.h b/src/appl/gssftp/arpa/telnet.h
deleted file mode 100644
index 019bfeb..0000000
--- a/src/appl/gssftp/arpa/telnet.h
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * Copyright (c) 1983 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnet.h	5.14 (Berkeley) 4/3/91
- */
-
-#ifndef _TELNET_H_
-#define	_TELNET_H_
-
-/*
- * Definitions for the TELNET protocol.
- */
-#define	IAC	255		/* interpret as command: */
-#define	DONT	254		/* you are not to use option */
-#define	DO	253		/* please, you use option */
-#define	WONT	252		/* I won't use option */
-#define	WILL	251		/* I will use option */
-#define	SB	250		/* interpret as subnegotiation */
-#define	GA	249		/* you may reverse the line */
-#define	EL	248		/* erase the current line */
-#define	EC	247		/* erase the current character */
-#define	AYT	246		/* are you there */
-#define	AO	245		/* abort output--but let prog finish */
-#define	IP	244		/* interrupt process--permanently */
-#define	BREAK	243		/* break */
-#define	DM	242		/* data mark--for connect. cleaning */
-#define	NOP	241		/* nop */
-#define	SE	240		/* end sub negotiation */
-#define EOR     239             /* end of record (transparent mode) */
-#define	ABORT	238		/* Abort process */
-#define	SUSP	237		/* Suspend process */
-#define	xEOF	236		/* End of file: EOF is already used... */
-
-#define SYNCH	242		/* for telfunc calls */
-
-#ifdef TELCMDS
-char *telcmds[] = {
-	"EOF", "SUSP", "ABORT", "EOR",
-	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
-	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
-};
-#else
-extern char *telcmds[];
-#endif
-
-#define	TELCMD_FIRST	xEOF
-#define	TELCMD_LAST	IAC
-#define	TELCMD_OK(x)	((x) <= TELCMD_LAST && (x) >= TELCMD_FIRST)
-#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
-
-/* telnet options */
-#define TELOPT_BINARY	0	/* 8-bit data path */
-#define TELOPT_ECHO	1	/* echo */
-#define	TELOPT_RCP	2	/* prepare to reconnect */
-#define	TELOPT_SGA	3	/* suppress go ahead */
-#define	TELOPT_NAMS	4	/* approximate message size */
-#define	TELOPT_STATUS	5	/* give status */
-#define	TELOPT_TM	6	/* timing mark */
-#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
-#define TELOPT_NAOL 	8	/* negotiate about output line width */
-#define TELOPT_NAOP 	9	/* negotiate about output page size */
-#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
-#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
-#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
-#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
-#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
-#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
-#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
-#define TELOPT_XASCII	17	/* extended ascic character set */
-#define	TELOPT_LOGOUT	18	/* force logout */
-#define	TELOPT_BM	19	/* byte macro */
-#define	TELOPT_DET	20	/* data entry terminal */
-#define	TELOPT_SUPDUP	21	/* supdup protocol */
-#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
-#define	TELOPT_SNDLOC	23	/* send location */
-#define	TELOPT_TTYPE	24	/* terminal type */
-#define	TELOPT_EOR	25	/* end or record */
-#define	TELOPT_TUID	26	/* TACACS user identification */
-#define	TELOPT_OUTMRK	27	/* output marking */
-#define	TELOPT_TTYLOC	28	/* terminal location number */
-#define	TELOPT_3270REGIME 29	/* 3270 regime */
-#define	TELOPT_X3PAD	30	/* X.3 PAD */
-#define	TELOPT_NAWS	31	/* window size */
-#define	TELOPT_TSPEED	32	/* terminal speed */
-#define	TELOPT_LFLOW	33	/* remote flow control */
-#define TELOPT_LINEMODE	34	/* Linemode option */
-#define TELOPT_XDISPLOC	35	/* X Display Location */
-#define TELOPT_ENVIRON	36	/* Environment variables */
-#define	TELOPT_AUTHENTICATION 37/* Authenticate */
-#define	TELOPT_ENCRYPT	38	/* Encryption option */
-#define	TELOPT_EXOPL	255	/* extended-options-list */
-
-
-#define	NTELOPTS	(1+TELOPT_ENCRYPT)
-#ifdef TELOPTS
-char *telopts[NTELOPTS+1] = {
-	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
-	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
-	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
-	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
-	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
-	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
-	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
-	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
-	"LINEMODE", "XDISPLOC", "ENVIRON", "AUTHENTICATION",
-	"ENCRYPT",
-	0,
-};
-#define	TELOPT_FIRST	TELOPT_BINARY
-#define	TELOPT_LAST	TELOPT_ENCRYPT
-#define	TELOPT_OK(x)	((x) <= TELOPT_LAST && (x) >= TELOPT_FIRST)
-#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
-#endif
-
-/* sub-option qualifiers */
-#define	TELQUAL_IS	0	/* option is... */
-#define	TELQUAL_SEND	1	/* send option */
-#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
-#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
-#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
-
-/*
- * LINEMODE suboptions
- */
-
-#define	LM_MODE		1
-#define	LM_FORWARDMASK	2
-#define	LM_SLC		3
-
-#define	MODE_EDIT	0x01
-#define	MODE_TRAPSIG	0x02
-#define	MODE_ACK	0x04
-#define MODE_SOFT_TAB	0x08
-#define MODE_LIT_ECHO	0x10
-
-#define	MODE_MASK	0x1f
-
-/* Not part of protocol, but needed to simplify things... */
-#define MODE_FLOW		0x0100
-#define MODE_ECHO		0x0200
-#define MODE_INBIN		0x0400
-#define MODE_OUTBIN		0x0800
-#define MODE_FORCE		0x1000
-
-#define	SLC_SYNCH	1
-#define	SLC_BRK		2
-#define	SLC_IP		3
-#define	SLC_AO		4
-#define	SLC_AYT		5
-#define	SLC_EOR		6
-#define	SLC_ABORT	7
-#define	SLC_EOF		8
-#define	SLC_SUSP	9
-#define	SLC_EC		10
-#define	SLC_EL		11
-#define	SLC_EW		12
-#define	SLC_RP		13
-#define	SLC_LNEXT	14
-#define	SLC_XON		15
-#define	SLC_XOFF	16
-#define	SLC_FORW1	17
-#define	SLC_FORW2	18
-
-#define	NSLC		18
-
-/*
- * For backwards compatability, we define SLC_NAMES to be the
- * list of names if SLC_NAMES is not defined.
- */
-#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
-			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
-			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
-#ifdef	SLC_NAMES
-char *slc_names[] = {
-	SLC_NAMELIST
-};
-#else
-extern char *slc_names[];
-#define	SLC_NAMES SLC_NAMELIST
-#endif
-
-#define	SLC_NAME_OK(x)	((x) >= 0 && (x) < NSLC)
-#define SLC_NAME(x)	slc_names[x]
-
-#define	SLC_NOSUPPORT	0
-#define	SLC_CANTCHANGE	1
-#define	SLC_VARIABLE	2
-#define	SLC_DEFAULT	3
-#define	SLC_LEVELBITS	0x03
-
-#define	SLC_FUNC	0
-#define	SLC_FLAGS	1
-#define	SLC_VALUE	2
-
-#define	SLC_ACK		0x80
-#define	SLC_FLUSHIN	0x40
-#define	SLC_FLUSHOUT	0x20
-
-#define	ENV_VALUE	0
-#define	ENV_VAR		1
-#define	ENV_ESC		2
-
-/*
- * AUTHENTICATION suboptions
- */
-
-/*
- * Who is authenticating who ...
- */
-#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
-#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
-#define	AUTH_WHO_MASK		1
-
-/*
- * amount of authentication done
- */
-#define	AUTH_HOW_ONE_WAY	0
-#define	AUTH_HOW_MUTUAL		2
-#define	AUTH_HOW_MASK		2
-
-#define	AUTHTYPE_NULL		0
-#define	AUTHTYPE_KERBEROS_V4	1
-#define	AUTHTYPE_KERBEROS_V5	2
-#define	AUTHTYPE_SPX		3
-#define	AUTHTYPE_MINK		4
-#define	AUTHTYPE_CNT		5
-
-#define	AUTHTYPE_TEST		99
-
-#ifdef	AUTH_NAMES
-char *authtype_names[] = {
-	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", 0,
-};
-#else
-extern char *authtype_names[];
-#endif
-
-#define	AUTHTYPE_NAME_OK(x)	((x) >= 0 && (x) < AUTHTYPE_CNT)
-#define	AUTHTYPE_NAME(x)	authtype_names[x]
-
-/*
- * ENCRYPTion suboptions
- */
-#define	ENCRYPT_IS		0	/* I pick encryption type ... */
-#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
-#define	ENCRYPT_REPLY		2	/* Initial setup response */
-#define	ENCRYPT_START		3	/* Am starting to send encrypted */
-#define	ENCRYPT_END		4	/* Am ending encrypted */
-#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
-#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
-#define	ENCRYPT_ENC_KEYID	7
-#define	ENCRYPT_DEC_KEYID	8
-#define	ENCRYPT_CNT		9
-
-#define	ENCTYPE_ANY		0
-#define	ENCTYPE_DES_CFB64	1
-#define	ENCTYPE_DES_OFB64	2
-#define	ENCTYPE_CNT		3
-
-#ifdef	ENCRYPT_NAMES
-char *encrypt_names[] = {
-	"IS", "SUPPORT", "REPLY", "START", "END",
-	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
-	0,
-};
-char *enctype_names[] = {
-	"ANY", "DES_CFB64",  "DES_OFB64",  0,
-};
-#else
-extern char *encrypt_names[];
-extern char *enctype_names[];
-#endif
-
-
-#define	ENCRYPT_NAME_OK(x)	((x) >= 0 && (x) < ENCRYPT_CNT)
-#define	ENCRYPT_NAME(x)		encrypt_names[x]
-
-#define	ENCTYPE_NAME_OK(x)	((x) >= 0 && (x) < ENCTYPE_CNT)
-#define	ENCTYPE_NAME(x)		enctype_names[x]
-
-#endif /* !_TELNET_H_ */
diff --git a/src/appl/gssftp/configure.in b/src/appl/gssftp/configure.in
deleted file mode 100644
index e483b64..0000000
--- a/src/appl/gssftp/configure.in
+++ /dev/null
@@ -1,68 +0,0 @@
-K5_AC_INIT(README.gssftp)
-CONFIG_RULES
-AC_C_CONST
-AC_PROG_INSTALL
-AC_PROG_YACC
-KRB5_SIGTYPE
-CHECK_SIGNALS
-CHECK_SIGPROCMASK
-CHECK_SETJMP
-CHECK_WAIT_TYPE
-DECLARE_SYS_ERRLIST
-AC_HEADER_STDARG
-AC_CHECK_HEADER(termios.h,[AC_CHECK_FUNC(cfsetispeed,AC_DEFINE(POSIX_TERMIOS,1,[Define if POSIX termios interface found]))])
-AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/select.h sys/sockio.h paths.h)
-CHECK_UTMP
-DECLARE_SYS_ERRLIST
-AC_REPLACE_FUNCS(getdtablesize)
-AC_CHECK_FUNCS(getcwd getdtablesize getusershell seteuid setreuid setresuid strerror getenv)
-AC_CHECK_LIB(crypt,crypt) dnl 
-KRB5_AC_LIBUTIL
-dnl 
-dnl copied from appl/bsd/configure.in
-dnl
-AC_MSG_CHECKING([setenv])
-AC_CACHE_VAL(krb5_cv_setenv,
-[AC_TRY_LINK(
-[],[setenv("PATH","/bin",0);],
-krb5_cv_setenv=yes,krb5_cv_setenv=no)])
-AC_MSG_RESULT($krb5_cv_setenv)
-if test $krb5_cv_setenv = no; then
-SETENVSRC='$(srcdir)/../../bsd/setenv.c'
-SETENVOBJ=setenv.o
-AC_SUBST([SETENVSRC])
-AC_SUBST([SETENVOBJ])
-AC_DEFINE([NEED_SETENV],1,[Define if setenv needs to be defined])
-fi
-dnl
-dnl
-dnl
-AC_MSG_CHECKING([shadow password support])
-AC_CACHE_VAL(krb5_cv_shadow_pwd,
-[AC_TRY_LINK(
-[#include <sys/types.h>
-#include <pwd.h>
-#include <shadow.h>],
-[struct spwd *sp = getspnam("root")],
-krb5_cv_shadow_pwd=yes, krb5_cv_shadow_pwd=no)])
-AC_MSG_RESULT($krb5_cv_shadow_pwd)
-if test $krb5_cv_shadow_pwd = yes; then
-AC_DEFINE(HAVE_SHADOW,1,[Define if shadow password interface found])
-fi
-case $krb5_cv_host in
-alpha*-dec-osf*)
-	AC_CHECK_LIB(security,setluid,
-		AC_DEFINE(HAVE_SETLUID,1,[Define if setluid provided in OSF/1 security library])
-		FTPD_LIBS="$FTPD_LIBS -lsecurity"
-	)
-	;;
-esac
-dnl
-dnl
-dnl
-AC_SUBST(FTPD_LIBS)
-dnl
-dnl
-dnl
-KRB5_BUILD_PROGRAM
-V5_AC_OUTPUT_MAKEFILE(. ftp ftpd)
diff --git a/src/appl/gssftp/deps b/src/appl/gssftp/deps
deleted file mode 100644
index 2feac3c..0000000
--- a/src/appl/gssftp/deps
+++ /dev/null
@@ -1 +0,0 @@
-# No dependencies here.
diff --git a/src/appl/gssftp/ftp/Makefile.in b/src/appl/gssftp/ftp/Makefile.in
deleted file mode 100644
index 8026f1e..0000000
--- a/src/appl/gssftp/ftp/Makefile.in
+++ /dev/null
@@ -1,65 +0,0 @@
-thisconfigdir=./..
-myfulldir=appl/gssftp/ftp
-mydir=ftp
-BUILDTOP=$(REL)..$(S)..$(S)..
-#
-# appl/gssftp/ftp/Makefile.in
-#
-DEFINES = -DGSSAPI -DFTP_BUFSIZ=65535
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-SRCS	= $(srcdir)/cmds.c $(srcdir)/cmdtab.c $(srcdir)/domacro.c \
-	  $(srcdir)/ftp.c $(srcdir)/getpass.c $(srcdir)/glob.c \
-	  $(srcdir)/main.c $(srcdir)/radix.c \
-	  $(srcdir)/ruserpass.c $(srcdir)/secure.c 
-
-
-OBJS	= $(OUTPRE)cmds.$(OBJEXT) $(OUTPRE)cmdtab.$(OBJEXT) \
-	  $(OUTPRE)domacro.$(OBJEXT) $(OUTPRE)ftp.$(OBJEXT) \
-	  $(OUTPRE)getpass.$(OBJEXT) $(OUTPRE)glob.$(OBJEXT) \
-	  $(OUTPRE)main.$(OBJEXT) $(OUTPRE)radix.$(OBJEXT) \
-	  $(OUTPRE)ruserpass.$(OBJEXT) $(OUTPRE)secure.$(OBJEXT)
-
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)
-
-all-unix::	ftp
-all-windows::	$(OUTPRE)ftp.exe
-
-ftp:	$(OBJS) $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o ftp $(OBJS) $(GSS_LIBS) $(KRB5_BASE_LIBS)
-
-$(OUTPRE)ftp.exe: $(OBJS) $(GLIB) $(KLIB)
-	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib advapi32.lib $(SCLIB)
-	$(_VC_MANIFEST_EMBED_EXE)
-
-clean-unix::
-	$(RM) ftp
-
-depend::
-
-install-unix::
-	for f in ftp; do \
-	  $(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
-	  $(INSTALL_DATA) $(srcdir)/$$f.M \
-		$(DESTDIR)$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
-	done
-
-ftp.o cmds.o main.o:	$(srcdir)/../arpa/ftp.h
-ftp.o cmds.o cmdtab.o domacro.o main.o ruserpass.o: $(srcdir)/ftp_var.h 
-secure.o: secure.h
-
-cmds.o: $(srcdir)/cmds.c
-cmdtab.o: $(srcdir)/cmdtab.c
-ftp.o: $(srcdir)/ftp.c
-getpass.o: $(srcdir)/getpass.c
-glob.o: $(srcdir)/glob.c
-main.o: $(srcdir)/main.c
-pclose.o: $(srcdir)/pclose.c
-ruserpass.o: $(srcdir)/ruserpass.c
-domacro.o: $(srcdir)/domacro.c
-radix.o: $(srcdir)/radix.c
-secure.o: $(srcdir)/secure.c
-
-# NOPOSTFIX
diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c
deleted file mode 100644
index 8bfd552..0000000
--- a/src/appl/gssftp/ftp/cmds.c
+++ /dev/null
@@ -1,2533 +0,0 @@
-/*
- * Copyright (c) 1985, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)cmds.c	5.26 (Berkeley) 3/5/91";
-#endif /* not lint */
-
-/*
- * FTP User Program -- Command Routines.
- */
-#ifdef _WIN32
-#include <win-mac.h>
-#endif
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <port-sockets.h>
-
-#ifdef _WIN32
-#include <sys/stat.h>
-#include <direct.h>
-#include <mbstring.h>
-#undef ERROR
-#else
-#include <sys/wait.h>
-#include <sys/stat.h>
-#endif
-
-#include <arpa/ftp.h>
-
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <ctype.h>
-#include <time.h>
-
-#include <k5-platform.h>
-
-#ifdef HAVE_GETCWD
-#define getwd(x) getcwd(x,MAXPATHLEN)
-#endif
-
-#include "ftp_var.h"
-#include "pathnames.h"
-
-extern	char *globerr;
-extern	char *home;
-extern	char *remglob();
-#ifndef HAVE_STRERROR
-#define strerror(error) (sys_errlist[error])
-#ifdef NEED_SYS_ERRLIST
-extern char *sys_errlist[];
-#endif
-#endif
-
-extern off_t restart_point;
-extern char reply_string[];
-
-char *mname;
-jmp_buf jabort;
-
-extern	char *auth_type;
-extern int do_auth();
-
-static int globulize (char **);
-static int confirm (char *, char *);
-static int getit (int, char **, int, char *);
-static sigtype mabort (int);
-static void quote1 (char *, int, char **);
-static char *dotrans (char *);
-static char *domap (char *);
-
-/*
- * `Another' gets another argument, and stores the new argc and argv.
- * It reverts to the top level (via main.c's intr()) on EOF/error.
- *
- * Returns false if no new arguments have been added.
- */
-int
-another(pargc, pargv, prompt)
-	int *pargc;
-	char ***pargv;
-	char *prompt;
-{
-        int len = strlen(line), ret;
-	extern sig_t intr();
-
-	if (len >= sizeof(line) - 3) {
-		printf("sorry, arguments too long\n");
-		intr();
-	}
-	printf("(%s) ", prompt);
-	line[len++] = ' ';
-	if (fgets(&line[len], (signed) sizeof(line) - len, stdin) == NULL)
-		intr();
-	len += strlen(&line[len]);
-	if (len > 0 && line[len - 1] == '\n')
-		line[len - 1] = '\0';
-	makeargv();
-	ret = margc > *pargc;
-	*pargc = margc;
-	*pargv = margv;
-	return (ret);
-}
-
-/*
- * Connect to peer server and
- * auto-login, if possible.
- */
-void setpeer(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char *host, *hookup();
-	unsigned short port;
-
-	if (connected) {
-		printf("Already connected to %s, use close first.\n",
-			hostname);
-		code = -1;
-		return;
-	}
-	if (argc < 2)
-		(void) another(&argc, &argv, "to");
-	if (argc < 2 || argc > 3) {
-		printf("usage: %s host-name [port]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	port = sp->s_port;
-	if (argc > 2) {
-		int iport = atoi (argv[2]);
-		if (iport <= 0 || iport >= 65536) {
-			printf("%s: bad port number-- %s\n", argv[1], argv[2]);
-			printf ("usage: %s host-name [port]\n", argv[0]);
-			code = -1;
-			return;
-		}
-		port = htons(iport);
-	}
-	host = hookup(argv[1], port);
-	if (host) {
-		int overbose;
-
-		connected = 1;
-		/*
-		 * Set up defaults for FTP.
-		 */
-		clevel = dlevel = PROT_C;
-		type = TYPE_A;
-		curtype = TYPE_A;
-		form = FORM_N;
-		mode = MODE_S;
-		stru = STRU_F;
-		(void) strlcpy(bytename, "8", sizeof(bytename)), bytesize = 8;
-		if (autoauth) {
-			if (do_auth() && autoencrypt) {
- 				clevel = PROT_P;
-				setpbsz(1<<20);
-				if (command("PROT P") == COMPLETE)
-					dlevel = PROT_P;
-				else
-					fprintf(stderr, "ftp: couldn't enable encryption\n");
-			}
-			if(auth_type && clevel == PROT_C)
-				clevel = PROT_S;
-			if(autologin)
-				(void) login(argv[1]);
-		}
-
-#ifndef unix
-/* sigh */
-#if defined(_AIX) || defined(__hpux) || defined(BSD)
-#define unix
-#endif
-#endif
-
-/* XXX - WIN32 - Is this really ok for Win32 (binary vs text mode)? */
-#if defined(unix) && (NBBY == 8 || defined(linux)) || defined(_WIN32)
-/*
- * this ifdef is to keep someone form "porting" this to an incompatible
- * system and not checking this out. This way they have to think about it.
- */
-		overbose = verbose;
-		if (debug == 0)
-			verbose = -1;
-		if (debug)
-		    printf("%s:%d: verbose=%d debug=%d overbose=%d\n",
-			   __FILE__, __LINE__, verbose, debug, overbose);
-		if (command("SYST") == COMPLETE && overbose) {
-			register char *cp, c=0;
-			cp = strchr(reply_string+4, ' ');
-			if (cp == NULL)
-				cp = strchr(reply_string+4, '\r');
-			if (cp) {
-				if (cp[-1] == '.')
-					cp--;
-				c = *cp;
-				*cp = '\0';
-			}
-
-			printf("Remote system type is %s.\n",
-				reply_string+4);
-			if (cp)
-				*cp = c;
-		}
-		if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) {
-			if (proxy)
-				unix_proxy = 1;
-			else
-				unix_server = 1;
-			/*
-			 * Set type to 0 (not specified by user),
-			 * meaning binary by default, but don't bother
-			 * telling server.  We can use binary
-			 * for text files unless changed by the user.
-			 */
-			type = 0;
-			if (overbose)
-			    printf("Using %s mode to transfer files.\n",
-				"binary");
-		} else {
-			if (proxy)
-				unix_proxy = 0;
-			else
-				unix_server = 0;
-			if (overbose &&
-			    !strncmp(reply_string, "215 TOPS20", 10))
-				printf(
-"Remember to set tenex mode when transfering binary files from this machine.\n");
-		}
-		verbose = overbose;
-#else
-		if (debug)
-		    printf("(!defined(unix): not checking remote system type)\n");
-#endif /* unix */
-	}
-}
-
-struct	levels {
-	char	*p_name;
-	char	*p_mode;
-	int	p_level;
-} levels[] = {
-	{ "clear",	"C",	PROT_C },
-	{ "safe",	"S",	PROT_S },
-#ifndef NOENCRYPTION
-	{ "private",	"P",	PROT_P },
-#endif
-	{ 0,             0,     0}
-};
-
-static char *
-getclevel()
-{
-	register struct levels *p;
-
-	for (p = levels; p->p_level != clevel; p++);
-	return(p->p_name);
-}
-
-static char *
-getdlevel()
-{
-	register struct levels *p;
-
-	for (p = levels; p->p_level != dlevel; p++);
-	return(p->p_name);
-}
-
-char *plevel[] = {
-	"protect",
-	"",
-	0
-};
-
-/*
- * Set control channel protection level.
- */
-void setclevel(argc, argv)
-	char *argv[];
-{
-	register struct levels *p;
-	int comret;
-
-	if (argc > 2) {
-		char *sep;
-
-		printf("usage: %s [", argv[0]);
-		sep = " ";
-		for (p = levels; p->p_name; p++) {
-			printf("%s%s", sep, p->p_name);
-			if (*sep == ' ')
-				sep = " | ";
-		}
-		printf(" ]\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2) {
-		printf("Using %s protection level for commands.\n",
-			getclevel());
-		code = 0;
-		return;
-	}
-	for (p = levels; p->p_name; p++)
-		if (strcmp(argv[1], p->p_name) == 0)
-			break;
-	if (p->p_name == 0) {
-		printf("%s: unknown protection level\n", argv[1]);
-		code = -1;
-		return;
-	}
-	if (!auth_type) {
-		if (strcmp(p->p_name, "clear"))
-			printf("Cannot set protection level to %s\n", argv[1]);
-		return;
-	}
-	if (!strcmp(p->p_name, "clear")) {
-		comret = command("CCC");
-		if (comret == COMPLETE)
-			clevel = PROT_C;
-		return;
-	}
-	clevel = p->p_level;
-	printf("Control channel protection level set to %s.\n", p->p_name);
-}
-
-/*
- * Set data channel protection level.
- */
-void
-setdlevel(argc, argv)
-	char *argv[];
-{
-	register struct levels *p;
-	int comret;
-
-	if (argc > 2) {
-		char *sep;
-
-		printf("usage: %s [", argv[0]);
-		sep = " ";
-		for (p = levels; p->p_name; p++) {
-			printf("%s%s", sep, p->p_name);
-			if (*sep == ' ')
-				sep = " | ";
-		}
-		printf(" ]\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2) {
-		printf("Using %s protection level to transfer files.\n",
-			getdlevel());
-		code = 0;
-		return;
-	}
-	for (p = levels; p->p_name; p++)
-		if (strcmp(argv[1], p->p_name) == 0)
-			break;
-	if (p->p_name == 0) {
-		printf("%s: unknown protection level\n", argv[1]);
-		code = -1;
-		return;
-	}
-	if (!auth_type) {
-		if (strcmp(p->p_name, "clear"))
-			printf("Cannot set protection level to %s\n", argv[1]);
-		return;
-	}
-	/* Start with a PBSZ of 1 meg */
-	if (p->p_level != PROT_C) setpbsz(1<<20);
-	comret = command("PROT %s", p->p_mode);
-	if (comret == COMPLETE)
-		dlevel = p->p_level;
-}
-
-
-/*
- * Set clear command protection level.
- */
-/*VARARGS*/
-void
-ccc()
-{
-	plevel[1] = "clear";
-	setclevel(2, plevel);
-}
-
-/*
- * Set clear data protection level.
- */
-/*VARARGS*/
-void
-setclear()
-{
-	plevel[1] = "clear";
-	setdlevel(2, plevel);
-}
-
-/*
- * Set safe data protection level.
- */
-/*VARARGS*/
-void
-setsafe()
-{
-	plevel[1] = "safe";
-	setdlevel(2, plevel);
-}
-
-#ifndef NOENCRYPTION
-/*
- * Set private data protection level.
- */
-/*VARARGS*/
-void
-setprivate()
-{
-	plevel[1] = "private";
-	setdlevel(2, plevel);
-}
-#endif
-
-struct	types {
-	char	*t_name;
-	char	*t_mode;
-	int	t_type;
-	char	*t_arg;
-} types[] = {
-	{ "ascii",	"A",	TYPE_A,	0 },
-	{ "binary",	"I",	TYPE_I,	0 },
-	{ "image",	"I",	TYPE_I,	0 },
-	{ "ebcdic",	"E",	TYPE_E,	0 },
-	{ "tenex",	"L",	TYPE_L,	bytename },
-	{  0,            0 ,    0,      0}
-};
-
-static char *
-gettype()
-{
-	register struct types *p;
-	int t;
-
-	t = type;
-	if (t == 0)
-		t = TYPE_I;
-	for (p = types; p->t_type != t; p++);
-	return(p->t_name);
-}
-
-/*
- * Set transfer type.
- */
-void
-settype(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register struct types *p;
-	int comret;
-
-	if (argc > 2) {
-		char *sep;
-
-		printf("usage: %s [", argv[0]);
-		sep = " ";
-		for (p = types; p->t_name; p++) {
-			printf("%s%s", sep, p->t_name);
-			sep = " | ";
-		}
-		printf(" ]\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2) {
-		printf("Using %s mode to transfer files.\n", gettype());
-		code = 0;
-		return;
-	}
-	for (p = types; p->t_name; p++)
-		if (strcmp(argv[1], p->t_name) == 0)
-			break;
-	if (p->t_name == 0) {
-		printf("%s: unknown mode\n", argv[1]);
-		code = -1;
-		return;
-	}
-	if ((p->t_arg != NULL) && (*(p->t_arg) != '\0'))
-		comret = command ("TYPE %s %s", p->t_mode, p->t_arg);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE)
-		curtype = type = p->t_type;
-}
-
-/*
- * Internal form of settype; changes current type in use with server
- * without changing our notion of the type for data transfers.
- * Used to change to and from ascii for listings.
- */
-void changetype(newtype, show)
-	int newtype, show;
-{
-	register struct types *p;
-	int comret, oldverbose = verbose;
-
-	if (newtype == 0)
-		newtype = TYPE_I;
-	if (newtype == curtype)
-		return;
-	if (debug == 0 && show == 0)
-		verbose = 0;
-	for (p = types; p->t_name; p++)
-		if (newtype == p->t_type)
-			break;
-	if (p->t_name == 0) {
-		printf("ftp: internal error: unknown type %d\n", newtype);
-		return;
-	}
-	if (newtype == TYPE_L && bytename[0] != '\0')
-		comret = command("TYPE %s %s", p->t_mode, bytename);
-	else
-		comret = command("TYPE %s", p->t_mode);
-	if (comret == COMPLETE)
-		curtype = newtype;
-	verbose = oldverbose;
-}
-
-char *stype[] = {
-	"type",
-	"",
-	0
-};
-
-/*
- * Set binary transfer type.
- */
-/*VARARGS*/
-void setbinary()
-{
-	stype[1] = "binary";
-	settype(2, stype);
-}
-
-/*
- * Set ascii transfer type.
- */
-/*VARARGS*/
-void setascii()
-{
-	stype[1] = "ascii";
-	settype(2, stype);
-}
-
-/*
- * Set tenex transfer type.
- */
-/*VARARGS*/
-void settenex()
-{
-	stype[1] = "tenex";
-	settype(2, stype);
-}
-
-static char *
-get_mode()
-{
-	return("stream");
-}
-
-/*
- * Set file transfer mode.
- */
-/*ARGSUSED*/
-void set_mode(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	printf("We only support %s mode, sorry.\n", get_mode());
-	code = -1;
-}
-
-static char *
-getform()
-{
-	return("non-print");
-}
-
-/*
- * Set file transfer format.
- */
-/*ARGSUSED*/
-void setform(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	printf("We only support %s format, sorry.\n", getform());
-	code = -1;
-}
-
-static char *
-getstruct()
-{
-	return("file");
-}
-
-/*
- * Set file transfer structure.
- */
-/*ARGSUSED*/
-void setstruct(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	printf("We only support %s structure, sorry.\n", getstruct());
-	code = -1;
-}
-
-/*
- * Send a single file.
- */
-void put(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char *cmd;
-	int loc = 0;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if (argc < 2 && !another(&argc, &argv, "local-file"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "remote-file")) {
-usage:
-		printf("usage: %s local-file remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	/*
-	 * If "globulize" modifies argv[1], and argv[2] is a copy of
-	 * the old argv[1], make it a copy of the new argv[1].
-	 */
-	if (argv[1] != oldargv1 && argv[2] == oldargv1) {
-		argv[2] = argv[1];
-	}
-	cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR");
-	if (loc && ntflag) {
-		argv[2] = dotrans(argv[2]);
-	}
-	if (loc && mapflag) {
-		argv[2] = domap(argv[2]);
-	}
-	sendrequest(cmd, argv[1], argv[2],
-	    argv[1] != oldargv1 || argv[2] != oldargv2);
-}
-
-/*
- * Send multiple files.
- */
-void mput(argc, argv)
-	int argc;
-	char **argv;
-{
-	register int i;
-	sig_t oldintr;
-	int ointer;
-	char *tp;
-
-	if (argc < 2 && !another(&argc, &argv, "local-files")) {
-		printf("usage: %s local-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	(void) setjmp(jabort);
-	if (proxy) {
-		char *cp, *tp2, tmpbuf[MAXPATHLEN];
-
-		while ((cp = remglob(argv,0)) != NULL) {
-			if (*cp == 0) {
-				mflag = 0;
-				continue;
-			}
-			if (mflag && confirm(argv[0], cp)) {
-				tp = cp;
-				if (mcase) {
-					while (*tp && !islower((unsigned char) (*tp))) {
-						tp++;
-					}
-					if (!*tp) {
-						tp = cp;
-						tp2 = tmpbuf;
-						while ((*tp2 = *tp) != 0) {
-						     if (isupper((unsigned char) *tp2)) {
-						        *tp2 = 'a' + *tp2 - 'A';
-						     }
-						     tp++;
-						     tp2++;
-						}
-					}
-					tp = tmpbuf;
-				}
-				if (ntflag) {
-					tp = dotrans(tp);
-				}
-				if (mapflag) {
-					tp = domap(tp);
-				}
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    cp, tp, cp != tp || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
-			}
-		}
-		(void) signal(SIGINT, oldintr);
-		mflag = 0;
-		return;
-	}
-	for (i = 1; i < argc; i++) {
-		register char **cpp, **gargs;
-
-		if (!doglob) {
-			if (mflag && confirm(argv[0], argv[i])) {
-				tp = (ntflag) ? dotrans(argv[i]) : argv[i];
-				tp = (mapflag) ? domap(tp) : tp;
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    argv[i], tp, tp != argv[i] || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
-			}
-			continue;
-		}
-		gargs = ftpglob(argv[i]);
-		if (globerr != NULL) {
-			printf("%s\n", globerr);
-			if (gargs) {
-				blkfree(gargs);
-				free(gargs);
-			}
-			continue;
-		}
-		for (cpp = gargs; cpp && *cpp != NULL; cpp++) {
-			if (mflag && confirm(argv[0], *cpp)) {
-				tp = (ntflag) ? dotrans(*cpp) : *cpp;
-				tp = (mapflag) ? domap(tp) : tp;
-				sendrequest((sunique) ? "STOU" : "STOR",
-				    *cpp, tp, *cpp != tp || !interactive);
-				if (!mflag && fromatty) {
-					ointer = interactive;
-					interactive = 1;
-					if (confirm("Continue with","mput")) {
-						mflag++;
-					}
-					interactive = ointer;
-				}
-			}
-		}
-		if (gargs != NULL) {
-			blkfree(gargs);
-			free(gargs);
-		}
-	}
-	(void) signal(SIGINT, oldintr);
-	mflag = 0;
-}
-
-void reget(argc, argv)
-	int argc;
-	char *argv[];
-{
-	(void) getit(argc, argv, 1, "r+w");
-}
-
-void get(argc, argv)
-	int argc;
-	char *argv[];
-{
-	(void) getit(argc, argv, 0, restart_point ? "r+w" : "w" );
-}
-
-/*
- * Receive one file.
- */
-static int getit(argc, argv, restartit, rmode)
-	int argc;
-	char *argv[];
-	char *rmode;
-{
-	int loc = 0;
-	char *oldargv1, *oldargv2;
-
-	if (argc == 2) {
-		argc++;
-		argv[2] = argv[1];
-		loc++;
-	}
-	if (argc < 2 && !another(&argc, &argv, "remote-file"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "local-file")) {
-usage:
-		printf("usage: %s remote-file [ local-file ]\n", argv[0]);
-		code = -1;
-		return (0);
-	}
-	oldargv1 = argv[1];
-	oldargv2 = argv[2];
-	if (!globulize(&argv[2])) {
-		code = -1;
-		return (0);
-	}
-	if (loc && mcase) {
-		char *tp = argv[1], *tp2, tmpbuf[MAXPATHLEN];
-
-		while (*tp && !islower((unsigned char) *tp)) {
-			tp++;
-		}
-		if (!*tp) {
-			tp = argv[2];
-			tp2 = tmpbuf;
-			while ((*tp2 = *tp) != 0) {
-				if (isupper((unsigned char) *tp2)) {
-					*tp2 = 'a' + *tp2 - 'A';
-				}
-				tp++;
-				tp2++;
-			}
-			argv[2] = tmpbuf;
-		}
-	}
-	if (loc && ntflag)
-		argv[2] = dotrans(argv[2]);
-	if (loc && mapflag)
-		argv[2] = domap(argv[2]);
-	if (restartit) {
-		struct stat stbuf;
-		int ret;
-
-		ret = stat(argv[2], &stbuf);
-		if (restartit == 1) {
-			if (ret < 0) {
-				fprintf(stderr, "local: %s: %s\n", argv[2],
-					strerror(errno));
-				return (0);
-			}
-			restart_point = stbuf.st_size;
-		} else {
-			if (ret == 0) {
-				int overbose;
-
-				overbose = verbose;
-				if (debug == 0)
-					verbose = -1;
-				if (command("MDTM %s", argv[1]) == COMPLETE) {
-					int yy, mo, day, hour, min, sec;
-					struct tm *tm;
-					verbose = overbose;
-					sscanf(reply_string,
-					    "%*s %04d%02d%02d%02d%02d%02d",
-					    &yy, &mo, &day, &hour, &min, &sec);
-					tm = gmtime(&stbuf.st_mtime);
-					tm->tm_mon++;
-					if (tm->tm_year > yy-1900)
-						return (1);
-					else if (tm->tm_year == yy-1900) {
-						if (tm->tm_mon > mo)
-							return (1);
-					} else if (tm->tm_mon == mo) {
-						if (tm->tm_mday > day)
-							return (1);
-					} else if (tm->tm_mday == day) {
-						if (tm->tm_hour > hour)
-							return (1);
-					} else if (tm->tm_hour == hour) {
-						if (tm->tm_min > min)
-							return (1);
-					} else if (tm->tm_min == min) {
-						if (tm->tm_sec > sec)
-							return (1);
-					}
-				} else {
-					printf("%s\n", reply_string);
-					verbose = overbose;
-					return (0);
-				}
-			}
-		}
-	}
-
-	recvrequest("RETR", argv[2], argv[1], rmode,
-	    argv[1] != oldargv1 || argv[2] != oldargv2, loc);
-	restart_point = 0;
-	return (0);
-}
-
-static sigtype
-mabort(sig)
-	int sig;
-{
-	int ointer;
-
-	printf("\n");
-	(void) fflush(stdout);
-	if (mflag && fromatty) {
-		ointer = interactive;
-		interactive = 1;
-		if (confirm("Continue with", mname)) {
-			interactive = ointer;
-			longjmp(jabort,0);
-		}
-		interactive = ointer;
-	}
-	mflag = 0;
-	longjmp(jabort,0);
-}
-
-/*
- * Get multiple files.
- */
-void mget(argc, argv)
-	int argc;
-	char **argv;
-{
-	sig_t oldintr;
-	int ointer;
-	char *cp, *tp, *tp2, tmpbuf[MAXPATHLEN];
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-		printf("usage: %s remote-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT,mabort);
-	(void) setjmp(jabort);
-	while ((cp = remglob(argv,proxy)) != NULL) {
-		if (*cp == '\0') {
-			mflag = 0;
-			continue;
-		}
-		if (mflag && confirm(argv[0], cp)) {
-			tp = cp;
-			if (mcase) {
-				while (*tp && !islower((unsigned char) *tp)) {
-					tp++;
-				}
-				if (!*tp) {
-					tp = cp;
-					tp2 = tmpbuf;
-					while ((*tp2 = *tp) != 0) {
-						if (isupper((unsigned char) *tp2)) {
-							*tp2 = 'a' + *tp2 - 'A';
-						}
-						tp++;
-						tp2++;
-					}
-				}
-				tp = tmpbuf;
-			}
-			if (ntflag) {
-				tp = dotrans(tp);
-			}
-			if (mapflag) {
-				tp = domap(tp);
-			}
-			recvrequest("RETR", tp, cp, "w",
-			    tp != cp || !interactive, 1);
-			if (!mflag && fromatty) {
-				ointer = interactive;
-				interactive = 1;
-				if (confirm("Continue with","mget")) {
-					mflag++;
-				}
-				interactive = ointer;
-			}
-		}
-	}
-	(void) signal(SIGINT,oldintr);
-	mflag = 0;
-}
-
-char *
-remglob(argv,doswitch)
-	char *argv[];
-	int doswitch;
-{
-#ifdef _WIN32
-	char *temp = NULL;
-#else
-	char temp[16];
-#endif
-	static char buf[MAXPATHLEN];
-	static FILE *ftemp = NULL;
-	static char **args;
-	int oldverbose, oldhash;
-	char *cp, *rmode;
-
-	if (!mflag) {
-		if (!doglob) {
-			args = NULL;
-		}
-		else {
-			if (ftemp) {
-				(void) fclose(ftemp);
-				ftemp = NULL;
-			}
-		}
-		return(NULL);
-	}
-	if (!doglob) {
-		if (args == NULL)
-			args = argv;
-		if ((cp = *++args) == NULL)
-			args = NULL;
-		return (cp);
-	}
-	if (ftemp == NULL) {
-#ifdef _WIN32
-		temp = _tempnam(_PATH_TMP, "ftpglob");
-		if (temp == NULL) {
-			printf("can't get temporary file name\n");
-			return (NULL);
-		}
-#else
-		(void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
-		temp[sizeof(temp) - 1] = '\0';
-		(void) mktemp(temp);
-#endif /* !_WIN32 */
-		oldverbose = verbose, verbose = 0;
-		oldhash = hash, hash = 0;
-		if (doswitch) {
-			pswitch(!proxy);
-		}
-		for (rmode = "w"; *++argv != NULL; rmode = "a")
-			recvrequest ("NLST", temp, *argv, rmode, 0, 0);
-		if (doswitch) {
-			pswitch(!proxy);
-		}
-		verbose = oldverbose; hash = oldhash;
-		ftemp = fopen(temp, "r");
-		(void) unlink(temp);
-#ifdef _WIN32
-		free(temp);
-		temp = NULL;
-#endif /* _WIN32 */
-		if (ftemp == NULL) {
-			printf("can't find list of remote files, oops\n");
-			return (NULL);
-		}
-	}
-	if (fgets(buf, sizeof (buf), ftemp) == NULL) {
-		(void) fclose(ftemp), ftemp = NULL;
-		return (NULL);
-	}
-	if ((cp = strchr(buf, '\n')) != NULL)
-		*cp = '\0';
-	return (buf);
-}
-
-static char *
-onoff(bool)
-	int bool;
-{
-
-	return (bool ? "on" : "off");
-}
-
-static void cstatus()
-{
-	if (!connected) {
-		printf(proxy ? "No proxy connection.\n" : "Not connected.\n");
-		return;
-	}
-	printf("Connected %sto %s.\n",
-		proxy ? "for proxy commands " : "", hostname);
-	if (auth_type) printf("Authentication type: %s\n", auth_type);
-	printf("Control Channel Protection Level: %s\n", getclevel());
-	printf("Data Channel Protection Level: %s\n", getdlevel());
-	printf("Passive mode %s\n", onoff(passivemode));
-	printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n",
-		get_mode(), gettype(), getform(), getstruct());
-	printf("Store unique: %s; Receive unique: %s\n", onoff(sunique),
-		onoff(runique));
-	printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag));
-	if (ntflag) {
-		printf("Ntrans: (in) %s (out) %s\n", ntin,ntout);
-	}
-	else {
-		printf("Ntrans: off\n");
-	}
-	if (mapflag) {
-		printf("Nmap: (in) %s (out) %s\n", mapin, mapout);
-	}
-	else {
-		printf("Nmap: off\n");
-	}
-}
-
-/*
- * Show status.
- */
-/*ARGSUSED*/
-void status(argc, argv)
-	char *argv[];
-{
-	int i;
-
-	cstatus();
-	if (!proxy) {
-		pswitch(1);
-		if (connected) putchar('\n');
-		cstatus();
-		if (connected) putchar('\n');
-		pswitch(0);
-	}
-	printf("Hash mark printing: %s; Use of PORT cmds: %s\n",
-		onoff(hash), onoff(sendport));
-	printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n",
-		onoff(verbose), onoff(bell), onoff(interactive),
-		onoff(doglob));
-	if (macnum > 0) {
-		printf("Macros:\n");
-		for (i=0; i<macnum; i++) {
-			printf("\t%s\n",macros[i].mac_name);
-		}
-	}
-	code = 0;
-}
-
-/*
- * Set beep on cmd completed mode.
- */
-/*VARARGS*/
-void setbell()
-{
-
-	bell = !bell;
-	printf("Bell mode %s.\n", onoff(bell));
-	code = bell;
-}
-
-/*
- * Turn on packet tracing.
- */
-/*VARARGS*/
-void settrace()
-{
-
-	trace = !trace;
-	printf("Packet tracing %s.\n", onoff(trace));
-	code = trace;
-}
-
-/*
- * Toggle hash mark printing during transfers.
- */
-/*VARARGS*/
-void sethash()
-{
-
-	hash = !hash;
-	printf("Hash mark printing %s", onoff(hash));
-	code = hash;
-	if (hash)
-		printf(" (%d bytes/hash mark)", 1024);
-	printf(".\n");
-}
-
-/*
- * Turn on printing of server echo's.
- */
-/*VARARGS*/
-void setverbose()
-{
-
-	verbose = !verbose;
-	printf("Verbose mode %s.\n", onoff(verbose));
-	code = verbose;
-}
-
-/*
- * Toggle PORT cmd use before each data connection.
- */
-/*VARARGS*/
-void setport()
-{
-
-	sendport = !sendport;
-	printf("Use of PORT cmds %s.\n", onoff(sendport));
-	code = sendport;
-}
-
-/*
- * Turn on interactive prompting
- * during mget, mput, and mdelete.
- */
-/*VARARGS*/
-void setprompt()
-{
-
-	interactive = !interactive;
-	printf("Interactive mode %s.\n", onoff(interactive));
-	code = interactive;
-}
-
-/*
- * Toggle metacharacter interpretation
- * on local file names.
- */
-/*VARARGS*/
-void setglob()
-{
-
-	doglob = !doglob;
-	printf("Globbing %s.\n", onoff(doglob));
-	code = doglob;
-}
-
-/*
- * Set debugging mode on/off and/or
- * set level of debugging.
- */
-/*VARARGS*/
-void setdebug(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int val;
-
-	if (argc > 1) {
-		val = atoi(argv[1]);
-		if (val < 0) {
-			printf("%s: bad debugging value.\n", argv[1]);
-			code = -1;
-			return;
-		}
-	} else
-		val = !debug;
-	debug = val;
-	if (debug)
-		options |= SO_DEBUG;
-	else
-		options &= ~SO_DEBUG;
-	printf("Debugging %s (debug=%d).\n", onoff(debug), debug);
-	code = debug > 0;
-}
-
-/*
- * Set current working directory
- * on remote machine.
- */
-void cd(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-directory")) {
-		printf("usage: %s remote-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("CWD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("CWD command not recognized, trying XCWD\n");
-		(void) command("XCWD %s", argv[1]);
-	}
-}
-
-/*
- * Set current working directory
- * on local machine.
- */
-void lcd(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char buf[MAXPATHLEN];
-
-	if (argc < 2)
-		argc++, argv[1] = home;
-	if (argc != 2) {
-		printf("usage: %s local-directory\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (!globulize(&argv[1])) {
-		code = -1;
-		return;
-	}
-	if (chdir(argv[1]) < 0) {
-		fprintf(stderr, "local: %s: %s\n", argv[1], strerror(errno));
-		code = -1;
-		return;
-	}
-	printf("Local directory now %s\n", getcwd(buf, sizeof buf));
-	code = 0;
-}
-
-/*
- * Delete a single file.
- */
-void delete_file(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "remote-file")) {
-		printf("usage: %s remote-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	(void) command("DELE %s", argv[1]);
-}
-
-/*
- * Delete multiple files.
- */
-void mdelete(argc, argv)
-	int argc;
-	char **argv;
-{
-	sig_t oldintr;
-	int ointer;
-	char *cp;
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files")) {
-		printf("usage: %s remote-files\n", argv[0]);
-		code = -1;
-		return;
-	}
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	(void) setjmp(jabort);
-	while ((cp = remglob(argv,0)) != NULL) {
-		if (*cp == '\0') {
-			mflag = 0;
-			continue;
-		}
-		if (mflag && confirm(argv[0], cp)) {
-			(void) command("DELE %s", cp);
-			if (!mflag && fromatty) {
-				ointer = interactive;
-				interactive = 1;
-				if (confirm("Continue with", "mdelete")) {
-					mflag++;
-				}
-				interactive = ointer;
-			}
-		}
-	}
-	(void) signal(SIGINT, oldintr);
-	mflag = 0;
-}
-
-/*
- * Rename a remote file.
- */
-void renamefile(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "from-name"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "to-name")) {
-usage:
-		printf("%s from-name to-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RNFR %s", argv[1]) == CONTINUE)
-		(void) command("RNTO %s", argv[2]);
-}
-
-/*
- * Get a directory listing
- * of remote files.
- */
-void ls(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char *cmd;
-
-	if (argc < 2)
-		argc++, argv[1] = NULL;
-	if (argc < 3)
-		argc++, argv[2] = "-";
-	if (argc > 3) {
-		printf("usage: %s remote-directory local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	cmd = argv[0][0] == 'n' ? "NLST" : "LIST";
-	if (strcmp(argv[2], "-") && !globulize(&argv[2])) {
-		code = -1;
-		return;
-	}
-	if (strcmp(argv[2], "-") && *argv[2] != '|')
-		if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) {
-			code = -1;
-			return;
-	}
-	recvrequest(cmd, argv[2], argv[1], "w", 0, 0);
-}
-
-/*
- * Get a directory listing
- * of multiple remote files.
- */
-void mls(argc, argv)
-	int argc;
-	char **argv;
-{
-	sig_t oldintr;
-	int ointer, i;
-	char *volatile cmd, rmode[1], *dest;
-
-	if (argc < 2 && !another(&argc, &argv, "remote-files"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "local-file")) {
-usage:
-		printf("usage: %s remote-files local-file\n", argv[0]);
-		code = -1;
-		return;
-	}
-	dest = argv[argc - 1];
-	argv[argc - 1] = NULL;
-	if (strcmp(dest, "-") && *dest != '|')
-		if (!globulize(&dest) ||
-		    !confirm("output to local-file:", dest)) {
-			code = -1;
-			return;
-	}
-	cmd = argv[0][1] == 'l' ? "NLST" : "LIST";
-	mname = argv[0];
-	mflag = 1;
-	oldintr = signal(SIGINT, mabort);
-	(void) setjmp(jabort);
-	for (i = 1; mflag && i < argc-1; ++i) {
-		*rmode = (i == 1) ? 'w' : 'a';
-		recvrequest(cmd, dest, argv[i], rmode, 0, 0);
-		if (!mflag && fromatty) {
-			ointer = interactive;
-			interactive = 1;
-			if (confirm("Continue with", argv[0])) {
-				mflag ++;
-			}
-			interactive = ointer;
-		}
-	}
-	(void) signal(SIGINT, oldintr);
-	mflag = 0;
-}
-
-/*
- * Do a shell escape
- */
-/*ARGSUSED*/
-#ifdef _WIN32
-void shell(int argc, char **argv)
-{
-	char *AppName;
-	char ShellCmd[MAX_PATH];
-	char CmdLine[MAX_PATH];
-	int i;
-	PROCESS_INFORMATION ProcessInformation;
-	BOOL Result;
-	STARTUPINFO StartupInfo;
-	int NumBytes;
-
-#ifdef _DEBUG
-	if (trace)
-	{
-		fprintf(stderr, "entered shell\n");
-		fprintf(stderr, "arguments = \n");
-		fprintf(stderr, "   argc = %d\n", argc);
-		for (i = 0; i < argc; i++)
-		{
-			fprintf(stderr, "    argv %d = %s\n", i, argv[i]);
-		}
-	}
-#endif /* _DEBUG */
-
-	NumBytes = GetEnvironmentVariable("COMSPEC", ShellCmd, sizeof(ShellCmd));
-
-	if (NumBytes == 0)
-	{
-		code = -1;
-		return;
-	}
-
-	AppName = ShellCmd;
-	_mbscpy(CmdLine, ShellCmd);
-
-	if (argc > 1)
-	{
-		_mbsncat(CmdLine, " /C", sizeof(CmdLine));
-	}
-
-	for (i = 1; i < argc; i++)
-	{
-		_mbsncat(CmdLine, " ", sizeof(CmdLine));
-		_mbsncat(CmdLine, argv[i], sizeof(CmdLine));
-	}
-	CmdLine[sizeof(CmdLine)-1] = 0;
-
-	memset(&StartupInfo, 0, sizeof(StartupInfo));
-	StartupInfo.cb = sizeof(StartupInfo);
-	Result = CreateProcess(AppName,              /* command name */
-			       CmdLine,              /* command line w/args */
-			       NULL,                 /* sec attr (app) */
-			       NULL,                 /* sec attr (thread) */
-			       FALSE,                /* inherit flags */
-			       0,                    /* creation flags */
-			       NULL,                 /* environment */
-			       NULL,                 /* working directory */
-			       &StartupInfo,         /* startup info struct */
-			       &ProcessInformation); /* process info struct */
-
-	if (Result)
-	{
-		WaitForSingleObject(ProcessInformation.hProcess, INFINITE);
-		CloseHandle(ProcessInformation.hProcess);
-		code = 0;
-	}
-	else {
-		code = -1;
-	}
-}
-#else
-void shell(argc, argv)
-	int argc;
-	char **argv;
-{
-	int pid;
-	sig_t old1, old2;
-	char shellnam[40], *shellprog, *namep;
-#ifdef WAIT_USES_INT
-	int w_status;
-#else
-	union wait w_status;
-#endif
-
-	old1 = signal (SIGINT, SIG_IGN);
-	old2 = signal (SIGQUIT, SIG_IGN);
-	if ((pid = fork()) == 0) {
-		for (pid = 3; pid < 20; pid++)
-			(void) close(pid);
-		(void) signal(SIGINT, SIG_DFL);
-		(void) signal(SIGQUIT, SIG_DFL);
-		shellprog = getenv("SHELL");
-		if (shellprog == NULL)
-			shellprog = "/bin/sh";
-		namep = strrchr(shellprog,'/');
-		if (namep == NULL)
-			namep = shellprog;
-		(void) snprintf(shellnam, sizeof(shellnam), "-%s", ++namep);
-		if (strcmp(namep, "sh") != 0)
-			shellnam[0] = '+';
-		if (debug) {
-			printf ("%s\n", shellprog);
-			(void) fflush (stdout);
-		}
-		if (argc > 1) {
-			execl(shellprog,shellnam,"-c",altarg,(char *)0);
-		}
-		else {
-			execl(shellprog,shellnam,(char *)0);
-		}
-		perror(shellprog);
-		code = -1;
-		exit(1);
-		}
-	if (pid > 0)
-		while (wait(&w_status) != pid)
-			;
-	(void) signal(SIGINT, old1);
-	(void) signal(SIGQUIT, old2);
-	if (pid == -1) {
-		perror("Try again later");
-		code = -1;
-	}
-	else {
-		code = 0;
-	}
-	return;
-}
-#endif
-
-/*
- * Send new user information (re-login)
- */
-void user(argc, argv)
-	int argc;
-	char **argv;
-{
-	char macct[80];
-	int n, aflag = 0;
-
-	if (argc < 2)
-		(void) another(&argc, &argv, "username");
-	if (argc < 2 || argc > 4) {
-		printf("usage: %s username [password] [account]\n", argv[0]);
-		code = -1;
-		return;
-	}
-	n = command("USER %s", argv[1]);
-	if (n == COMPLETE)
-		n = command("PASS dummy");
-	else if (n == CONTINUE) {
-#ifndef NOENCRYPTION
-		int oldclevel;
-#endif
-		if (argc < 3)
-			argv[2] = mygetpass("Password: "), argc++;
-#ifndef NOENCRYPTION
-		if ((oldclevel = clevel) == PROT_S) clevel = PROT_P;
-#endif
-		n = command("PASS %s", argv[2]);
-#ifndef NOENCRYPTION
-		/* level may have changed */
-		if (clevel == PROT_P) clevel = oldclevel;
-#endif
-	}
-	if (n == CONTINUE) {
-		if (argc < 4) {
-			printf("Account: "); (void) fflush(stdout);
-			(void) fgets(macct, sizeof(macct) - 1, stdin);
-			macct[strlen(macct) - 1] = '\0';
-			argv[3] = macct; argc++;
-		}
-		n = command("ACCT %s", argv[3]);
-		aflag++;
-	}
-	if (n != COMPLETE) {
-		fprintf(stdout, "Login failed.\n");
-		/* code = -1;*/
-		return;
-	}
-	if (!aflag && argc == 4) {
-		(void) command("ACCT %s", argv[3]);
-	}
-	return;
-}
-
-/*
- * Print working directory.
- */
-/*VARARGS*/
-void pwd()
-{
-	int oldverbose = verbose;
-
-	/*
-	 * If we aren't verbose, this doesn't do anything!
-	 */
-	verbose = 1;
-	if (command("PWD") == ERROR && code == 500) {
-		printf("PWD command not recognized, trying XPWD\n");
-		(void) command("XPWD");
-	}
-	verbose = oldverbose;
-}
-
-/*
- * Make a directory.
- */
-void makedir(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("MKD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("MKD command not recognized, trying XMKD\n");
-		(void) command("XMKD %s", argv[1]);
-	}
-}
-
-/*
- * Remove a directory.
- */
-void removedir(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "directory-name")) {
-		printf("usage: %s directory-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	if (command("RMD %s", argv[1]) == ERROR && code == 500) {
-		if (verbose)
-			printf("RMD command not recognized, trying XRMD\n");
-		(void) command("XRMD %s", argv[1]);
-	}
-}
-
-/*
- * Send a line, verbatim, to the remote machine.
- */
-void quote(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "command line to send")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("", argc, argv);
-}
-
-/*
- * Send a SITE command to the remote machine.  The line
- * is sent verbatim to the remote machine, except that the
- * word "SITE" is added at the front.
- */
-void site(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) {
-		printf("usage: %s line-to-send\n", argv[0]);
-		code = -1;
-		return;
-	}
-	quote1("SITE ", argc, argv);
-}
-
-/*
- * Turn argv[1..argc) into a space-separated string, then prepend initial text.
- * Send the result as a one-line command and get response.
- */
-static void quote1(initial, argc, argv)
-	char *initial;
-	int argc;
-	char **argv;
-{
-	register int i, len;
-	char buf[FTP_BUFSIZ];		/* must be >= sizeof(line) */
-
-	(void) strncpy(buf, initial, sizeof(buf) - 1);
-	buf[sizeof(buf) - 1] = '\0';
-	if (argc > 1) {
-		len = strlen(buf);
-		len += strlen(strncpy(&buf[len], argv[1], sizeof(buf) - 1 - len));
-		for (i = 2; i < argc; i++) {
-			buf[len++] = ' ';
-			len += strlen(strncpy(&buf[len], argv[i], sizeof(buf) - 1 - len));
-		}
-	}
-	if (command(buf) == PRELIM) {
-		while (getreply(0) == PRELIM);
-	}
-}
-
-void do_chmod(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "mode"))
-		goto usage;
-	if (argc < 3 && !another(&argc, &argv, "file-name")) {
-usage:
-		printf("usage: %s mode file-name\n", argv[0]);
-		code = -1;
-		return;
-	}
-	(void) command("SITE CHMOD %s %s", argv[1], argv[2]);
-}
-
-void do_umask(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	(void) command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]);
-	verbose = oldverbose;
-}
-
-void siteidle(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	(void) command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Ask the other side for help.
- */
-void rmthelp(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int oldverbose = verbose;
-
-	verbose = 1;
-	(void) command(argc == 1 ? "HELP" : "HELP %s", argv[1]);
-	verbose = oldverbose;
-}
-
-/*
- * Terminate session and exit.
- */
-/*VARARGS*/
-void quit()
-{
-
-	if (connected)
-		disconnect();
-	pswitch(1);
-	if (connected) {
-		disconnect();
-	}
-	exit(0);
-}
-
-/*
- * Terminate session, but don't exit.
- */
-void disconnect()
-{
-	extern FILE *cout;
-	extern SOCKET data;
-
-	if (!connected)
-		return;
-	(void) command("QUIT");
-	if (cout) {
-		(void) FCLOSE_SOCKET(cout);
-		cout = NULL;
-	}
-	connected = 0;
-	data = INVALID_SOCKET;
-	if (!proxy) {
-		macnum = 0;
-	}
-	auth_type = NULL;
-	dlevel = PROT_C;
-}
-
-static int confirm(cmd, file)
-	char *cmd, *file;
-{
-	char mline[FTP_BUFSIZ];
-
-	if (!interactive)
-		return (1);
-	printf("%s %s? ", cmd, file);
-	(void) fflush(stdout);
-	if (fgets(mline, sizeof mline, stdin) == NULL)
-		return (0);
-	return (*mline != 'n' && *mline != 'N');
-}
-
-void fatal(msg)
-	char *msg;
-{
-
-	fprintf(stderr, "ftp: %s\n", msg);
-	exit(1);
-}
-
-/*
- * Glob a local file name specification with
- * the expectation of a single return value.
- * Can't control multiple values being expanded
- * from the expression, we return only the first.
- */
-static int globulize(cpp)
-	char **cpp;
-{
-	char **globbed;
-	char **globbed1;
-
-	if (!doglob)
-		return (1);
-	globbed = ftpglob(*cpp);
-	if (globerr != NULL) {
-		printf("%s: %s\n", *cpp, globerr);
-		if (globbed) {
-			blkfree(globbed);
-			free(globbed);
-		}
-		return (0);
-	}
-	if (globbed) {
-		globbed1 = globbed;
-		*cpp = *globbed1++;
-		/* don't waste too much memory */
-		if (*globbed) {
-			blkfree(globbed1);
-			free(globbed);
-		}
-	}
-	return (1);
-}
-
-void account(argc,argv)
-	int argc;
-	char **argv;
-{
-	char macct[50], *ap;
-
-	if (argc > 1) {
-		++argv;
-		--argc;
-		(void) strncpy(macct,*argv,49);
-		macct[49] = '\0';
-		while (argc > 1) {
-			--argc;
-			++argv;
-			(void) strncat(macct,*argv, 49-strlen(macct));
-		}
-		ap = macct;
-	}
-	else {
-		ap = mygetpass("Account:");
-	}
-	(void) command("ACCT %s", ap);
-}
-
-jmp_buf abortprox;
-
-static sigtype
-proxabort(int sig)
-{
-	extern int proxy;
-
-	if (!proxy) {
-		pswitch(1);
-	}
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	longjmp(abortprox,1);
-}
-
-void doproxy(argc,argv)
-	int argc;
-	char *argv[];
-{
-	register struct cmd *c;
-	struct cmd *getcmd();
-	sig_t oldintr;
-
-	if (argc < 2 && !another(&argc, &argv, "command")) {
-		printf("usage: %s command\n", argv[0]);
-		code = -1;
-		return;
-	}
-	c = getcmd(argv[1]);
-	if (c == (struct cmd *) -1) {
-		printf("?Ambiguous command\n");
-		(void) fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (c == 0) {
-		printf("?Invalid command\n");
-		(void) fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (!c->c_proxy) {
-		printf("?Invalid proxy command\n");
-		(void) fflush(stdout);
-		code = -1;
-		return;
-	}
-	if (setjmp(abortprox)) {
-		code = -1;
-		return;
-	}
-	oldintr = signal(SIGINT, proxabort);
-	pswitch(1);
-	if (c->c_conn && !connected) {
-		printf("Not connected\n");
-		(void) fflush(stdout);
-		pswitch(0);
-		(void) signal(SIGINT, oldintr);
-		code = -1;
-		return;
-	}
-	(*c->c_handler)(argc-1, argv+1);
-	if (connected) {
-		proxflag = 1;
-	}
-	else {
-		proxflag = 0;
-	}
-	pswitch(0);
-	(void) signal(SIGINT, oldintr);
-}
-
-void setcase()
-{
-	mcase = !mcase;
-	printf("Case mapping %s.\n", onoff(mcase));
-	code = mcase;
-}
-
-void setcr()
-{
-	crflag = !crflag;
-	printf("Carriage Return stripping %s.\n", onoff(crflag));
-	code = crflag;
-}
-
-void setntrans(argc,argv)
-	int argc;
-	char *argv[];
-{
-	if (argc == 1) {
-		ntflag = 0;
-		printf("Ntrans off.\n");
-		code = ntflag;
-		return;
-	}
-	ntflag++;
-	code = ntflag;
-	(void) strncpy(ntin, argv[1], 16);
-	ntin[16] = '\0';
-	if (argc == 2) {
-		ntout[0] = '\0';
-		return;
-	}
-	(void) strncpy(ntout, argv[2], 16);
-	ntout[16] = '\0';
-}
-
-static char *
-dotrans(name)
-	char *name;
-{
-	static char new[MAXPATHLEN];
-	char *cp1, *cp2 = new;
-	register int i, ostop, found;
-
-	for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++);
-	for (cp1 = name; *cp1; cp1++) {
-		found = 0;
-		for (i = 0; *(ntin + i) && i < 16; i++) {
-			if (*cp1 == *(ntin + i)) {
-				found++;
-				if (i < ostop) {
-					*cp2++ = *(ntout + i);
-				}
-				break;
-			}
-		}
-		if (!found) {
-			*cp2++ = *cp1;
-		}
-	}
-	*cp2 = '\0';
-	return(new);
-}
-
-void setnmap(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char *cp;
-
-	if (argc == 1) {
-		mapflag = 0;
-		printf("Nmap off.\n");
-		code = mapflag;
-		return;
-	}
-	if (argc < 3 && !another(&argc, &argv, "mapout")) {
-		printf("Usage: %s [mapin mapout]\n",argv[0]);
-		code = -1;
-		return;
-	}
-	mapflag = 1;
-	code = 1;
-	cp = strchr(altarg, ' ');
-	if (proxy) {
-		while(*++cp == ' ');
-		altarg = cp;
-		cp = strchr(altarg, ' ');
-	}
-	*cp = '\0';
-	(void) strncpy(mapin, altarg, MAXPATHLEN - 1);
-	while (*++cp == ' ');
-	(void) strncpy(mapout, cp, MAXPATHLEN - 1);
-}
-
-static char *
-domap(name)
-	char *name;
-{
-	static char new[MAXPATHLEN];
-	register char *cp1 = name, *cp2 = mapin;
-	char *tp[9], *te[9];
-	int i, toks[9], toknum = 0, match = 1;
-
-	for (i=0; i < 9; ++i) {
-		toks[i] = 0;
-	}
-	while (match && *cp1 && *cp2) {
-		switch (*cp2) {
-			case '\\':
-				if (*++cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-			case '$':
-				if (*(cp2+1) >= '1' && (*cp2+1) <= '9') {
-					if (*cp1 != *(++cp2+1)) {
-						toks[toknum = *cp2 - '1']++;
-						tp[toknum] = cp1;
-						while (*++cp1 && *(cp2+1)
-							!= *cp1);
-						te[toknum] = cp1;
-					}
-					cp2++;
-					break;
-				}
-				/* FALLTHROUGH */
-			default:
-				if (*cp2 != *cp1) {
-					match = 0;
-				}
-				break;
-		}
-		if (match && *cp1) {
-			cp1++;
-		}
-		if (match && *cp2) {
-			cp2++;
-		}
-	}
-	if (!match && *cp1) /* last token mismatch */
-	{
-		toks[toknum] = 0;
-	}
-	cp1 = new;
-	*cp1 = '\0';
-	cp2 = mapout;
-	while (*cp2) {
-		match = 0;
-		switch (*cp2) {
-			case '\\':
-				if (*(cp2 + 1)) {
-					*cp1++ = *++cp2;
-				}
-				break;
-			case '[':
-LOOP:
-				if (*++cp2 == '$' && isdigit((int) *(cp2+1))) {
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-						match = 1;
-					}
-				}
-				else {
-					while (*cp2 && *cp2 != ',' &&
-					    *cp2 != ']') {
-						if (*cp2 == '\\') {
-							cp2++;
-						}
-						else if (*cp2 == '$' &&
-   						        isdigit((int) *(cp2+1))) {
-							if (*++cp2 == '0') {
-							   char *cp3 = name;
-
-							   while (*cp3) {
-								*cp1++ = *cp3++;
-							   }
-							}
-							else if (toks[toknum =
-							    *cp2 - '1']) {
-							   char *cp3=tp[toknum];
-
-							   while (cp3 !=
-								  te[toknum]) {
-								*cp1++ = *cp3++;
-							   }
-							}
-						}
-						else if (*cp2) {
-							*cp1++ = *cp2++;
-						}
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return(name);
-					}
-					match = 1;
-					cp2--;
-				}
-				if (match) {
-					while (*++cp2 && *cp2 != ']') {
-					      if (*cp2 == '\\' && *(cp2 + 1)) {
-							cp2++;
-					      }
-					}
-					if (!*cp2) {
-						printf("nmap: unbalanced brackets\n");
-						return(name);
-					}
-					break;
-				}
-				switch (*++cp2) {
-					case ',':
-						goto LOOP;
-					case ']':
-						break;
-					default:
-						cp2--;
-						goto LOOP;
-				}
-				break;
-			case '$':
-				if (isdigit((int) *(cp2 + 1))) {
-					if (*++cp2 == '0') {
-						char *cp3 = name;
-
-						while (*cp3) {
-							*cp1++ = *cp3++;
-						}
-					}
-					else if (toks[toknum = *cp2 - '1']) {
-						char *cp3 = tp[toknum];
-
-						while (cp3 != te[toknum]) {
-							*cp1++ = *cp3++;
-						}
-					}
-					break;
-				}
-				/* intentional drop through */
-			default:
-				*cp1++ = *cp2;
-				break;
-		}
-		cp2++;
-	}
-	*cp1 = '\0';
-	if (!*new) {
-		return(name);
-	}
-	return(new);
-}
-
-void setsunique()
-{
-	sunique = !sunique;
-	printf("Store unique %s.\n", onoff(sunique));
-	code = sunique;
-}
-
-void setrunique()
-{
-	runique = !runique;
-	printf("Receive unique %s.\n", onoff(runique));
-	code = runique;
-}
-
-/* change directory to perent directory */
-void cdup()
-{
-	if (command("CDUP") == ERROR && code == 500) {
-		if (verbose)
-			printf("CDUP command not recognized, trying XCUP\n");
-		(void) command("XCUP");
-	}
-}
-
-/* restart transfer at specific point */
-void restart(argc, argv)
-	int argc;
-	char *argv[];
-{
-	extern long atol();
-	if (argc != 2)
-		printf("restart: offset not specified\n");
-	else {
-		restart_point = atol(argv[1]);
-		printf("restarting at %ld. %s\n", (long) restart_point,
-		    "execute get, put or append to initiate transfer");
-	}
-}
-
-/* show remote system type */
-void syst()
-{
-	(void) command("SYST");
-}
-
-void macdef(argc, argv)
-	int argc;
-	char *argv[];
-{
-	char *tmp;
-	int c;
-
-	if (macnum == 16) {
-		printf("Limit of 16 macros have already been defined\n");
-		code = -1;
-		return;
-	}
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name\n",argv[0]);
-		code = -1;
-		return;
-	}
-	if (interactive) {
-		printf("Enter macro line by line, terminating it with a null line\n");
-	}
-	(void) strncpy(macros[macnum].mac_name, argv[1], 8);
-	if (macnum == 0) {
-		macros[macnum].mac_start = macbuf;
-	}
-	else {
-		macros[macnum].mac_start = macros[macnum - 1].mac_end + 1;
-	}
-	tmp = macros[macnum].mac_start;
-	while (tmp != macbuf+4096) {
-		if ((c = getchar()) == EOF) {
-			printf("macdef:end of file encountered\n");
-			code = -1;
-			return;
-		}
-		if ((*tmp = c) == '\n') {
-			if (tmp == macros[macnum].mac_start) {
-				macros[macnum++].mac_end = tmp;
-				code = 0;
-				return;
-			}
-			if (*(tmp-1) == '\0') {
-				macros[macnum++].mac_end = tmp - 1;
-				code = 0;
-				return;
-			}
-			*tmp = '\0';
-		}
-		tmp++;
-	}
-	while (1) {
-		while ((c = getchar()) != '\n' && c != EOF)
-			/* LOOP */;
-		if (c == EOF || getchar() == '\n') {
-			printf("Macro not defined - 4k buffer exceeded\n");
-			code = -1;
-			return;
-		}
-	}
-}
-
-/*
- * get size of file on remote machine
- */
-void sizecmd(argc, argv)
-	int argc;
-	char *argv[];
-{
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	(void) command("SIZE %s", argv[1]);
-}
-
-/*
- * get last modification time of file on remote machine
- */
-void modtime(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int overbose;
-
-	if (argc < 2 && !another(&argc, &argv, "filename")) {
-		printf("usage: %s filename\n", argv[0]);
-		code = -1;
-		return;
-	}
-	overbose = verbose;
-	if (debug == 0)
-		verbose = -1;
-	if (command("MDTM %s", argv[1]) == COMPLETE) {
-		int yy, mo, day, hour, min, sec;
-		sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo,
-			&day, &hour, &min, &sec);
-		/* might want to print this in local time */
-		printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1],
-			mo, day, yy, hour, min, sec);
-	} else
-		printf("%s\n", reply_string);
-	verbose = overbose;
-}
-
-/*
- * show status on remote machine
- */
-void rmtstatus(argc, argv)
-	int argc;
-	char *argv[];
-{
-	(void) command(argc > 1 ? "STAT %s" : "STAT" , argv[1]);
-}
-
-/*
- * get file if modtime is more recent than current file
- */
-void newer(argc, argv)
-	int argc;
-	char *argv[];
-{
-	if (getit(argc, argv, -1, "w"))
-		printf("Local file \"%s\" is newer than remote file \"%s\"\n",
-			argv[1], argv[2]);
-}
-
-#ifndef NO_PASSIVE_MODE
-/*
- * Start up passive mode interaction
- */
-
-/*VARARGS*/
-void setpassive()
-{
-
-	passivemode = !passivemode;
-	printf("Passive mode %s.\n", onoff(passivemode));
-	code = passivemode;
-}
-#endif
diff --git a/src/appl/gssftp/ftp/cmdtab.c b/src/appl/gssftp/ftp/cmdtab.c
deleted file mode 100644
index 76fdb46..0000000
--- a/src/appl/gssftp/ftp/cmdtab.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/*
- * Copyright (c) 1985, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)cmdtab.c	5.10 (Berkeley) 6/1/90";
-#endif /* not lint */
-
-#include <stdio.h>
-#include "ftp_var.h"
-
-/*
- * User FTP -- Command Tables.
- */
-
-char	accounthelp[] =	"send account command to remote server";
-char	appendhelp[] =	"append to a file";
-char	asciihelp[] =	"set ascii transfer type";
-char	beephelp[] =	"beep when command completed";
-char	binaryhelp[] =	"set binary transfer type";
-char	casehelp[] =	"toggle mget upper/lower case id mapping";
-char	ccchelp[] =	"set clear protection level for commands";
-char	cdhelp[] =	"change remote working directory";
-char	cduphelp[] = 	"change remote working directory to parent directory";
-char	chmodhelp[] =	"change file permissions of remote file";
-char	clearhelp[] =	"set clear protection level for file transfer";
-char	connecthelp[] =	"connect to remote ftp";
-char	crhelp[] =	"toggle carriage return stripping on ascii gets";
-char	deletehelp[] =	"delete remote file";
-char	debughelp[] =	"toggle/set debugging mode";
-char	dirhelp[] =	"list contents of remote directory";
-char	disconhelp[] =	"terminate ftp session";
-char	domachelp[] = 	"execute macro";
-char	formhelp[] =	"set file transfer format";
-char	globhelp[] =	"toggle metacharacter expansion of local file names";
-char	hashhelp[] =	"toggle printing `#' for each buffer transferred";
-char	helphelp[] =	"print local help information";
-char	idlehelp[] =	"get (set) idle timer on remote side";
-char	lcdhelp[] =	"change local working directory";
-char	levelhelp[] =	"set protection level for file transfer";
-char	clevelhelp[] =	"set protection level for commands";
-char	lshelp[] =	"list contents of remote directory";
-char	macdefhelp[] =  "define a macro";
-char	mdeletehelp[] =	"delete multiple files";
-char	mdirhelp[] =	"list contents of multiple remote directories";
-char	mgethelp[] =	"get multiple files";
-char	mkdirhelp[] =	"make directory on the remote machine";
-char	mlshelp[] =	"list contents of multiple remote directories";
-char	modtimehelp[] = "show last modification time of remote file";
-char	modehelp[] =	"set file transfer mode";
-char	mputhelp[] =	"send multiple files";
-char	newerhelp[] =	"get file if remote file is newer than local file ";
-char	nlisthelp[] =	"nlist contents of remote directory";
-char	nmaphelp[] =	"set templates for default file name mapping";
-char	ntranshelp[] =	"set translation table for default file name mapping";
-char	porthelp[] =	"toggle use of PORT cmd for each data connection";
-#ifndef NOENCRYPTION
-char	privatehelp[] =	"set private protection level for file transfer";
-#endif
-char	prompthelp[] =	"force interactive prompting on multiple commands";
-char	proxyhelp[] =	"issue command on alternate connection";
-char	pwdhelp[] =	"print working directory on remote machine";
-char	quithelp[] =	"terminate ftp session and exit";
-char	quotehelp[] =	"send arbitrary ftp command";
-char	receivehelp[] =	"receive file";
-char	regethelp[] =	"get file restarting at end of local file";
-char	remotehelp[] =	"get help from remote server";
-char	renamehelp[] =	"rename file";
-char	restarthelp[]=	"restart file transfer at bytecount";
-char	rmdirhelp[] =	"remove directory on the remote machine";
-char	rmtstatushelp[]="show status of remote machine";
-char	runiquehelp[] = "toggle store unique for local files";
-char	resethelp[] =	"clear queued command replies";
-char	safehelp[] =	"set safe protection level for file transfer";
-char	sendhelp[] =	"send one file";
-char	sitehelp[] =	"send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
-char	shellhelp[] =	"escape to the shell";
-char	sizecmdhelp[] = "show size of remote file";
-char	statushelp[] =	"show current status";
-char	structhelp[] =	"set file transfer structure";
-char	suniquehelp[] = "toggle store unique on remote machine";
-char	systemhelp[] =  "show remote system type";
-char	tenexhelp[] =	"set tenex file transfer type";
-char	tracehelp[] =	"toggle packet tracing";
-char	typehelp[] =	"set file transfer type";
-char	umaskhelp[] =	"get (set) umask on remote side";
-char	userhelp[] =	"send new user information";
-char	verbosehelp[] =	"toggle verbose mode";
-#ifndef NO_PASSIVE_MODE
-char	setpassivehelp[] = "toggle passive transfer mode";
-#endif
-
-struct cmd cmdtab[] = {
-	{ "!",		shellhelp,	0,	0,	0,	shell },
-	{ "$",		domachelp,	1,	0,	0,	domacro },
-	{ "account",	accounthelp,	0,	1,	1,	account},
-	{ "append",	appendhelp,	1,	1,	1,	put },
-	{ "ascii",	asciihelp,	0,	1,	1,	setascii },
-	{ "bell",	beephelp,	0,	0,	0,	setbell },
-	{ "binary",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "bye",	quithelp,	0,	0,	0,	quit },
-	{ "case",	casehelp,	0,	0,	1,	setcase },
-	{ "ccc",	ccchelp,	0,	1,	1,	ccc },
-	{ "cd",		cdhelp,		0,	1,	1,	cd },
-	{ "cdup",	cduphelp,	0,	1,	1,	cdup },
-	{ "chmod",	chmodhelp,	0,	1,	1,	do_chmod },
-	{ "clear",	clearhelp,	0,	1,	1,	setclear },
-	{ "close",	disconhelp,	0,	1,	1,	disconnect },
-	{ "cprotect",	clevelhelp,	0,	1,	1,	setclevel },
-	{ "cr",		crhelp,		0,	0,	0,	setcr },
-	{ "delete",	deletehelp,	0,	1,	1,	delete_file },
-	{ "debug",	debughelp,	0,	0,	0,	setdebug },
-	{ "dir",	dirhelp,	1,	1,	1,	ls },
-	{ "disconnect",	disconhelp,	0,	1,	1,	disconnect },
-	{ "form",	formhelp,	0,	1,	1,	setform },
-	{ "get",	receivehelp,	1,	1,	1,	get },
-	{ "glob",	globhelp,	0,	0,	0,	setglob },
-	{ "hash",	hashhelp,	0,	0,	0,	sethash },
-	{ "help",	helphelp,	0,	0,	1,	help },
-	{ "idle",	idlehelp,	0,	1,	1,	siteidle },
-	{ "image",	binaryhelp,	0,	1,	1,	setbinary },
-	{ "lcd",	lcdhelp,	0,	0,	0,	lcd },
-	{ "ls",		lshelp,		1,	1,	1,	ls },
-	{ "macdef",	macdefhelp,	0,	0,	0,	macdef },
-	{ "mdelete",	mdeletehelp,	1,	1,	1,	mdelete },
-	{ "mdir",	mdirhelp,	1,	1,	1,	mls },
-	{ "mget",	mgethelp,	1,	1,	1,	mget },
-	{ "mkdir",	mkdirhelp,	0,	1,	1,	makedir },
-	{ "mls",	mlshelp,	1,	1,	1,	mls },
-	{ "mode",	modehelp,	0,	1,	1,	set_mode },
-	{ "modtime",	modtimehelp,	0,	1,	1,	modtime },
-	{ "mput",	mputhelp,	1,	1,	1,	mput },
-	{ "newer",	newerhelp,	1,	1,	1,	newer },
-	{ "nmap",	nmaphelp,	0,	0,	1,	setnmap },
-	{ "nlist",	nlisthelp,	1,	1,	1,	ls },
-	{ "ntrans",	ntranshelp,	0,	0,	1,	setntrans },
-	{ "open",	connecthelp,	0,	0,	1,	setpeer },
-#ifndef NO_PASSIVE_MODE
-	{ "passive",	setpassivehelp,	0,	0,	0,	setpassive },
-#endif
-#ifndef NOENCRYPTION
-	{ "private",	privatehelp,	0,	1,	1,	setprivate },
-#endif
-	{ "prompt",	prompthelp,	0,	0,	0,	setprompt },
-	{ "protect",	levelhelp,	0,	1,	1,	setdlevel },
-	{ "proxy",	proxyhelp,	0,	0,	1,	doproxy },
-	{ "sendport",	porthelp,	0,	0,	0,	setport },
-	{ "put",	sendhelp,	1,	1,	1,	put },
-	{ "pwd",	pwdhelp,	0,	1,	1,	pwd },
-	{ "quit",	quithelp,	0,	0,	0,	quit },
-	{ "quote",	quotehelp,	1,	1,	1,	quote },
-	{ "recv",	receivehelp,	1,	1,	1,	get },
-	{ "reget",	regethelp,	1,	1,	1,	reget },
-	{ "rstatus",	rmtstatushelp,	0,	1,	1,	rmtstatus },
-	{ "rhelp",	remotehelp,	0,	1,	1,	rmthelp },
-	{ "rename",	renamehelp,	0,	1,	1,	renamefile },
-	{ "reset",	resethelp,	0,	1,	1,	reset },
-	{ "restart",	restarthelp,	1,	1,	1,	restart },
-	{ "rmdir",	rmdirhelp,	0,	1,	1,	removedir },
-	{ "runique",	runiquehelp,	0,	0,	1,	setrunique },
-	{ "safe",	safehelp,	0,	1,	1,	setsafe },
-	{ "send",	sendhelp,	1,	1,	1,	put },
-	{ "site",	sitehelp,	0,	1,	1,	site },
-	{ "size",	sizecmdhelp,	1,	1,	1,	sizecmd },
-	{ "status",	statushelp,	0,	0,	1,	status },
-	{ "struct",	structhelp,	0,	1,	1,	setstruct },
-	{ "system",	systemhelp,	0,	1,	1,	syst },
-	{ "sunique",	suniquehelp,	0,	0,	1,	setsunique },
-	{ "tenex",	tenexhelp,	0,	1,	1,	settenex },
-	{ "trace",	tracehelp,	0,	0,	0,	settrace },
-	{ "type",	typehelp,	0,	1,	1,	settype },
-	{ "user",	userhelp,	0,	1,	1,	user },
-	{ "umask",	umaskhelp,	0,	1,	1,	do_umask },
-	{ "verbose",	verbosehelp,	0,	0,	0,	setverbose },
-	{ "?",		helphelp,	0,	0,	1,	help },
-	{ 0 },
-};
-
-int	NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;
diff --git a/src/appl/gssftp/ftp/deps b/src/appl/gssftp/ftp/deps
deleted file mode 100644
index 7cee7b5..0000000
--- a/src/appl/gssftp/ftp/deps
+++ /dev/null
@@ -1,28 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \
-  cmds.c ftp_var.h pathnames.h
-$(OUTPRE)cmdtab.$(OBJEXT): cmdtab.c ftp_var.h
-$(OUTPRE)domacro.$(OBJEXT): domacro.c ftp_var.h
-$(OUTPRE)ftp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \
-  $(srcdir)/../arpa/telnet.h ftp.c ftp_var.h secure.h
-$(OUTPRE)getpass.$(OBJEXT): ftp_var.h getpass.c
-$(OUTPRE)glob.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  ftp_var.h glob.c
-$(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \
-  ftp_var.h main.c
-$(OUTPRE)radix.$(OBJEXT): ftp_var.h radix.c
-$(OUTPRE)ruserpass.$(OBJEXT): ftp_var.h ruserpass.c
-$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(srcdir)/../arpa/ftp.h secure.c secure.h
diff --git a/src/appl/gssftp/ftp/domacro.c b/src/appl/gssftp/ftp/domacro.c
deleted file mode 100644
index e15196a..0000000
--- a/src/appl/gssftp/ftp/domacro.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright (c) 1985 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)domacro.c	1.8 (Berkeley) 9/28/90";
-#endif /* not lint */
-
-#include <stdio.h>
-#include <signal.h>
-
-#include "ftp_var.h"
-
-#include <errno.h>
-#include <ctype.h>
-#include <string.h>
-
-void domacro(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register int i, j;
-	register char *cp1, *cp2;
-	int count = 2, loopflg = 0;
-	char line2[200];
-	extern char **glob();
-	struct cmd *getcmd(), *c;
-
-	if (argc < 2 && !another(&argc, &argv, "macro name")) {
-		printf("Usage: %s macro_name.\n", argv[0]);
-		code = -1;
-		return;
-	}
-	for (i = 0; i < macnum; ++i) {
-		if (!strncmp(argv[1], macros[i].mac_name, 9)) {
-			break;
-		}
-	}
-	if (i == macnum) {
-		printf("'%s' macro not found.\n", argv[1]);
-		code = -1;
-		return;
-	}
-	(void) strncpy(line2, line, sizeof(line2) - 1);
-	line2[sizeof(line2) - 1] = '\0';
-TOP:
-	cp1 = macros[i].mac_start;
-	while (cp1 != macros[i].mac_end) {
-		while (isspace((int) *cp1)) {
-			cp1++;
-		}
-		cp2 = line;
-		while (*cp1 != '\0') {
-		      switch(*cp1) {
-		   	    case '\\':
-				 *cp2++ = *++cp1;
-				 break;
-			    case '$':
-				 if (isdigit((int) *(cp1+1))) {
-				    j = 0;
-				    while (isdigit((int) (*++cp1))) {
-					  j = 10*j +  *cp1 - '0';
-				    }
-				    cp1--;
-				    if (argc - 2 >= j) {
-                                        if(cp2 + strlen(argv[j+1]) - line < sizeof(line))
-					(void) strncpy(cp2, argv[j+1],
-						       sizeof(line) - 1 -
-						       (cp2 - line));
-					line[sizeof(line) - 1] = '\0';
-					cp2 += strlen(argv[j+1]);
-				    }
-				    break;
-				 }
-				 if (*(cp1+1) == 'i') {
-					loopflg = 1;
-					cp1++;
-					if (count < argc) {
-                                           if(cp2 + strlen(argv[count]) - line < sizeof(line))
-					   (void) strncpy(cp2, argv[count],
-							  sizeof(line) - 1 -
-							  (cp2 - line));
-					   line[sizeof(line) - 1] = '\0';
-					   cp2 += strlen(argv[count]);
-					}
-					break;
-				}
-				/* intentional drop through */
-			    default:
-				*cp2++ = *cp1;
-				break;
-		      }
-		      if (*cp1 != '\0') {
-			 cp1++;
-		      }
-		}
-		*cp2 = '\0';
-		makeargv();
-		c = getcmd(margv[0]);
-		if (c == (struct cmd *)-1) {
-			printf("?Ambiguous command\n");
-			code = -1;
-		}
-		else if (c == 0) {
-			printf("?Invalid command\n");
-			code = -1;
-		}
-		else if (c->c_conn && !connected) {
-			printf("Not connected.\n");
-			code = -1;
-		}
-		else {
-			if (verbose) {
-				printf("%s\n",line);
-			}
-			(*c->c_handler)(margc, margv);
-			if (bell && c->c_bell) {
-				(void) putchar('\007');
-			}
-			(void) strncpy(line, line2, sizeof(line) - 1);
-			line[sizeof(line) - 1] = '\0';
-			makeargv();
-			argc = margc;
-			argv = margv;
-		}
-		if (cp1 != macros[i].mac_end) {
-			cp1++;
-		}
-	}
-	if (loopflg && ++count < argc) {
-		goto TOP;
-	}
-}
diff --git a/src/appl/gssftp/ftp/ftp.M b/src/appl/gssftp/ftp/ftp.M
deleted file mode 100644
index 11bbc93..0000000
--- a/src/appl/gssftp/ftp/ftp.M
+++ /dev/null
@@ -1,1127 +0,0 @@
-.\" Copyright (c) 1985, 1989, 1990 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)ftp.1	6.18 (Berkeley) 7/30/91
-.\" "
-.TH FTP 1
-.SH NAME
-ftp \- ARPANET file transfer program
-.SH SYNOPSIS
-.B ftp
-[\fB\-v\fP] [\fB\-d\fP] [\fB\-i\fP] [\fB\-n\fP] [\fB\-g\fP] [\fB\-k\fP
-\fIrealm\fP] [\fB\-f\fP] [\fB\-x\fP] [\fB\-u\fP] [\fB\-t\fP] [\fIhost\fP]
-.SH DESCRIPTION
-.B FTP
-is the user interface to the
-.SM ARPANET
-standard File Transfer Protocol.  The program allows a user to transfer
-files to and from a remote network site.
-.SH OPTIONS
-Options may be specified at the command line, or to the command
-interpreter.
-.TP
-.B \-v
-Verbose option forces
-.B ftp
-to show all responses from the remote server, as well as report on data
-transfer statistics.
-.TP
-.B \-n
-Restrains
-.B ftp
-from attempting ``auto-login'' upon initial connection.  If auto-login
-is enabled,
-.B ftp
-will check the
-.I .netrc
-(see below) file in the user's home directory for an entry describing an
-account on the remote machine.  If no entry exists,
-.B ftp
-will prompt for the remote machine login name (default is the user
-identity on the local machine), and, if necessary, prompt for a password
-and an account with which to login.
-.TP
-.B \-u
-Restrains
-.B ftp
-from attempting ``auto-authentication'' upon initial connection.  If
-auto-authentication is enabled,
-.B ftp
-attempts to authenticate to the
-.SM FTP
-server by sending the
-.SM AUTH
-command, using whichever authentication types are locally supported.
-Once an authentication type is accepted, an authentication protocol
-will proceed by issuing
-.SM ADAT
-commands.  This option also disables auto-login.
-.TP
-.B \-i
-Turns off interactive prompting during multiple file transfers.
-.TP
-.B \-d
-Enables debugging.
-.TP
-.B \-g
-Disables file name globbing.
-.TP
-.B \-f
-Causes credentials to be forwarded to the remote host.
-.TP
-.B \-x
-Causes the client to attempt to negotiate encryption (data and command
-protection levels ``private'') immediately after successfully
-authenticating.
-.TP
-.B \-t
-Enables packet tracing.
-.SH COMMANDS
-The client host with which
-.B ftp
-is to communicate may be specified on the command line.  If this is
-done,
-.B ftp
-will immediately attempt to establish a connection to an
-.SM FTP
-server on that host; otherwise,
-.B ftp
-will enter its command interpreter and await instructions from the user.
-When
-.B ftp
-is awaiting commands from the user the prompt
-``ftp>''
-is provided to the user.  The following commands are recognized by
-.BR ftp :
-.TP
-\fB\&!\fP [\fIcommand\fP] [\fIargs\fP]]
-Invoke an interactive shell on the local machine.  If there are
-arguments, the first is taken to be a command to execute directly, with
-the rest of the arguments as its arguments.
-.TP
-\fB\&$\fP \fImacro-name\fP [\fIargs\fP]
-Execute the macro
-.I macro-name
-that was defined with the
-.B macdef
-command.  Arguments are passed to the macro unglobbed.
-.TP
-\fBaccount\fP [\fIpasswd\fP]
-Supply a supplemental password required by a remote system for access to
-resources once a login has been successfully completed.  If no argument
-is included, the user will be prompted for an account password in a
-non-echoing input mode.
-.TP
-\fBappend\fP \fIlocal-file\fP [\fIremote-file\fP]
-Append a local file to a file on the remote machine.  If
-.I remote-file
-is left unspecified, the local file name is used in naming the remote
-file after being altered by any
-.B ntrans
-or
-.B nmap
-setting.  File transfer uses the current settings for
-.BR type ,
-.BR format ,
-.BR mode ,
-and
-.BR structure .
-.TP
-.B ascii
-Set the file transfer
-.B type
-to network
-.SM ASCII .
-This is the default type.
-.TP
-.B bell
-Arrange that a bell be sounded after each file transfer command is
-completed.
-.TP
-.B binary
-Set the file transfer
-.B type
-to support binary file transfer.
-.TP
-.B bye
-Terminate the
-.SM FTP
-session with the remote server and exit
-.BR ftp .
-An end of file will also terminate the session and exit.
-.TP
-.B case
-Toggle remote computer file name case mapping during
-.B mget
-commands.  When
-.B case
-is on (default is off), remote computer file names with all letters in
-upper case are written in the local directory with the letters mapped to
-lower case.
-.TP
-.B ccc
-Turn off integrity protection on the command channel.  This command
-must be sent integrity protected, and must be proceeded by a successful
-.SM ADAT
-command.  Since turning off integrity protection potentially
-allows an attacker to insert commands onto the command channel, some
-.SM FTP
-servers may refuse to honor this command.
-.TP
-\fBcd\fP \fIremote-directory\fP
-Change the working directory on the remote machine to
-.IR remote-directory .
-.TP
-.B cdup
-Change the remote machine working directory to the parent of the current
-remote machine working directory.
-.TP
-\fBchmod\fP \fImode\fP \fIfile-name\fP
-Change the permission modes of the file
-.I file-name
-on the remote system to
-.IR mode .
-.TP
-.B clear
-Set the protection level on data transfers to ``clear''.  If no
-.SM ADAT
-command succeeded, then this is the default protection level.
-.TP
-.B close
-Terminate the
-.SM FTP
-session with the remote server, and return to the command interpreter.
-Any defined macros are erased.
-.TP
-\fBcprotect\fP [\fIprotection-level\fP]
-Set the protection level on commands to
-.IR protection-level .
-The valid protection levels are ``clear'' for unprotected commands,
-``safe'' for commands integrity protected by
-cryptographic checksum, and ``private'' for commands
-confidentiality and integrity protected by encryption.  If an
-.SM ADAT
-command succeeded, then the default command protection level is
-``safe'', otherwise the only possible level is ``clear''.  If no
-level is specified, the current level is printed.
-.B cprotect clear
-is equivalent to the
-.B ccc
-command.
-.TP
-.B cr
-Toggle carriage return stripping during ascii type file retrieval.
-Records are denoted by a carriage return/linefeed sequence during ascii
-type file transfer.  When
-.B cr
-is on (the default), carriage returns are stripped from this sequence to
-conform with the
-.SM UNIX
-single linefeed record delimiter.  Records on non-UNIX remote systems
-may contain single linefeeds; when an ascii type transfer is made, these
-linefeeds may be distinguished from a record delimiter only when
-.B cr
-is off.
-.TP
-\fBdelete\fP \fIremote-file\fP
-Delete the file
-.I remote-file
-on the remote machine.
-.TP
-\fBdebug\fP [\fIdebug-value\fP]
-Toggle debugging mode.  If an optional
-.I debug-value
-is specified it is used to set the debugging level.  When debugging is
-on,
-.B ftp
-prints each command sent to the remote machine, preceded by the string
-`\-\->'
-.TP
-\fBdir\fP [\fIremote-directory\fP] [\fIlocal-file\fP]
-Print a listing of the directory contents in the directory,
-.IR remote-directory ,
-and, optionally, placing the output in
-.IR local-file .
-If interactive prompting is on,
-.B ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.B dir
-output.  If no directory is specified, the current working directory on
-the remote machine is used.  If no local file is specified, or
-.I local-file
-is
-`\fB\-\fP',
-output comes to the terminal.
-.TP
-.B disconnect
-A synonym for
-.IR close .
-.TP
-\fBform\fP \fIformat\fP
-Set the file transfer
-.B form
-to
-.IR format .
-The default format is ``file''.
-.TP
-\fBget\fP \fIremote-file\fP [\fIlocal-file\fP]
-Retrieve the file
-.I remote-file
-and store it on the local machine.  If the local file name is not
-specified, it is given the same name it has on the remote machine,
-subject to alteration by the current
-.BR case ,
-.BR ntrans ,
-and
-.B nmap
-settings.  The current settings for
-.BR type ,
-.BR form ,
-.BR mode ,
-and
-.B structure
-are used while transferring the file.
-.TP
-.B glob
-Toggle filename expansion for
-.BR mdelete ,
-.BR mget ,
-and
-.BR mput .
-If globbing is turned off with
-.BR glob ,
-the file name arguments are taken literally and not expanded.  Globbing
-for
-.B mput
-is done as in
-.IR csh (1).
-For
-.B mdelete
-and
-.BR mget ,
-each remote file name is expanded separately on the remote machine and
-the lists are not merged.  Expansion of a directory name is likely to be
-different from expansion of the name of an ordinary file: the exact
-result depends on the foreign operating system and ftp server, and can
-be previewed by doing
-`mls remote-files \-'
-Note:
-.B mget
-and
-.B mput
-are not meant to transfer entire directory subtrees of files.  That can
-be done by transferring a
-.IR tar (1)
-archive of the subtree (in binary mode).
-.TP
-.B hash
-Toggle hash-sign (``#'') printing for each data block transferred.  The
-size of a data block is 1024 bytes.
-.TP
-\fBhelp\fP [\fIcommand\fP]
-Print an informative message about the meaning of
-.IR command .
-If no argument is given,
-.B ftp
-prints a list of the known commands.
-.TP
-\fBidle\fP [\fIseconds\fP]
-Set the inactivity timer on the remote server to
-.I seconds
-seconds.  If
-.I seconds
-is omitted, the current inactivity timer is printed.
-.TP
-\fBlcd\fP [\fIdirectory\fP]
-Change the working directory on the local machine.  If no
-.I directory
-is specified, the user's home directory is used.
-.TP
-\fBls\fP [\fIremote-directory\fP] [\fIlocal-file\fP]
-Print a listing of the contents of a directory on the remote machine.
-The listing includes any system-dependent information that the server
-chooses to include; for example, most
-.SM UNIX
-systems will produce output from the command `ls \-l'.  (See also
-.BR nlist .)
-If
-.I remote-directory
-is left unspecified, the current working directory is used.  If
-interactive prompting is on,
-.B ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.B ls
-output.  If no local file is specified, or if
-.I local-file
-is
-`\fB\-\fP',
-the output is sent to the terminal.
-.TP
-\fBmacdef\fP\fImacro-name\fP
-Define a macro.  Subsequent lines are stored as the macro
-.IR macro-name ;
-a null line (consecutive newline characters in a file or carriage
-returns from the terminal) terminates macro input mode.  There is a
-limit of 16 macros and 4096 total characters in all defined macros.
-Macros remain defined until a
-.B close
-command is executed.  The macro processor interprets `$' and `\e' as
-special characters.  A `$' followed by a number (or numbers) is replaced
-by the corresponding argument on the macro invocation command line.  A
-`$' followed by an `i' signals that macro processor that the executing
-macro is to be looped.  On the first pass `$i' is replaced by the first
-argument on the macro invocation command line, on the second pass it is
-replaced by the second argument, and so on.  A `\e' followed by any
-character is replaced by that character.  Use the `\e' to prevent
-special treatment of the `$'.
-.TP
-\fBmdelete\fP [\fIremote-files\fP]
-Delete
-.I remote-files
-on the remote machine.
-.TP
-\fBmdir\fP \fIremote-files\fP \fIlocal-file\fP
-Like
-.BR dir ,
-except multiple remote files may be specified.  If interactive prompting
-is on,
-.B ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.B mdir
-output.
-.TP
-\fBmget\fP \fIremote-files\fP
-Expand the
-.I remote-files
-on the remote machine and do a
-.B get
-for each file name thus produced.  See
-.B glob
-for details on the filename expansion.  Resulting file names will then
-be processed according to
-.BR case ,
-.BR ntrans ,
-and
-.B nmap
-settings.  Files are transferred into the local working directory, which
-can be changed with `lcd directory'; new local directories can be
-created with
-`\&! mkdir directory'.
-.TP
-\fBmkdir\fP \fIdirectory-name\fP
-Make a directory on the remote machine.
-.TP
-\fBmls\fP \fIremote-files\fP \fIlocal-file\fP
-Like
-.BR nlist ,
-except multiple remote files may be specified, and the
-.I local-file
-must be specified.  If interactive prompting is on,
-.B ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.B mls
-output.
-.TP
-\fBmode\fP [\fImode-name\fP]
-Set the file transfer
-.B mode
-to
-.IR mode-name .
-The default mode is ``stream'' mode.
-.TP
-\fBmodtime\fP \fIfile-name\fP
-Show the last modification time of the file on the remote machine.
-.TP
-\fBmput\fP \fIlocal-files\fP
-Expand wild cards in the list of local files given as arguments and do a
-.B put
-for each file in the resulting list.  See
-.B glob
-for details of filename expansion.  Resulting file names will then be
-processed according to
-.B ntrans
-and
-.B nmap
-settings.
-.TP
-\fBnewer\fP \fIfile-name\fP
-Get the file only if the modification time of the remote file is more
-recent that the file on the current system.  If the file does not exist
-on the current system, the remote file is considered
-.BR newer .
-Otherwise, this command is identical to
-.BR get .
-.TP
-\fBnlist\fP [\fIremote-directory\fP] [\fIlocal-file\fP]
-Print a list of the files in a directory on the remote machine.  If
-.I remote-directory
-is left unspecified, the current working directory is used.  If
-interactive prompting is on,
-.B ftp
-will prompt the user to verify that the last argument is indeed the
-target local file for receiving
-.B nlist
-output.  If no local file is specified, or if
-.I local-file
-is `\fB\-\fP', the output is sent to the terminal.
-.TP
-\fBnmap\fP [\fIinpattern\fP \fIoutpattern\fP]
-Set or unset the filename mapping mechanism.  If no arguments are
-specified, the filename mapping mechanism is unset.  If arguments are
-specified, remote filenames are mapped during
-.B mput
-commands and
-.B put
-commands issued without a specified remote target filename.
-If arguments are specified, local filenames are mapped during
-.B mget
-commands and
-.B get
-commands issued without a specified local target filename.  This command
-is useful when connecting to non\-UNIX remote computer with different
-file naming conventions or practices.  The mapping follows the pattern
-set by
-.I inpattern
-and
-.IR outpattern .
-[\fIInpattern\fP] is a template for incoming filenames (which may have
-already been processed according to the
-.B ntrans
-and
-.B case
-settings).  Variable templating is accomplished by including the
-sequences `$1', `$2', ..., `$9' in
-.IR inpattern .
-Use `\e' to prevent this special treatment of the `$' character.  All
-other characters are treated literally, and are used to determine the
-.B nmap
-[\fIinpattern\fP] variable values.  For example, given
-.I inpattern
-$1.$2 and the remote file name "mydata.data", $1 would have the value
-"mydata", and $2 would have the value "data".  The
-.I outpattern
-determines the resulting mapped filename.  The sequences `$1', `$2',
-\&..., `$9' are replaced by any value resulting from the
-.I inpattern
-template.  The sequence `$0' is replace by the original filename.
-Additionally, the sequence `[\fIseq1\fP, \fIseq2\fP]' is replaced by
-[\fIseq1\fP] if
-.I seq1
-is not a null string; otherwise it is replaced by
-.IR seq2 .
-For example, the command
-.sp
-.nf
-	nmap $1.$2.$3 [$1,$2].[$2,file]
-.fi
-.sp
-would yield the output filename "myfile.data" for input filenames
-"myfile.data" and "myfile.data.old", "myfile.file" for the input
-filename "myfile", and "myfile.myfile" for the input filename ".myfile".
-Spaces may be included in
-.IR outpattern ,
-as in the example: `nmap $1 sed "s/ *$//" > $1'.  Use the `\e' character
-to prevent special treatment of the `$','[',']', and `,' characters.
-.TP
-\fBntrans\fP [\fIinchars\fP [\fIoutchars\fP]]
-Set or unset the filename character translation mechanism.  If no
-arguments are specified, the filename character translation mechanism is
-unset.  If arguments are specified, characters in remote filenames are
-translated during
-.B mput
-commands and
-.B put
-commands issued without a specified remote target filename.  If
-arguments are specified, characters in local filenames are translated
-during
-.B mget
-commands and
-.B get
-commands issued without a specified local target filename.  This command
-is useful when connecting to a non-UNIX remote computer with different
-file naming conventions or practices.  Characters in a filename matching
-a character in
-.I inchars
-are replaced with the corresponding character in
-.IR outchars .
-If the character's position in
-.I inchars
-is longer than the length of
-.IR outchars ,
-the character is deleted from the file name.
-.TP
-\fBopen\fP \fIhost\fP [\fIport\fP] [\fB\-forward\fP]
-Establish a connection to the specified
-.I host
-.SM FTP
-server.  An optional port number may be supplied, in which case,
-.B ftp
-will attempt to contact an
-.SM FTP
-server at that port.  If the
-.B auto-authenticate
-option is on (default),
-.B ftp
-will attempt to authenticate to the
-.SM FTP
-server by sending the
-.SM AUTH
-command, using whichever authentication types which are locally
-supported.  Once an authentication type is accepted, an authentication
-protocol will proceed by issuing
-.SM ADAT
-commands.  If the
-.B auto-login
-option is on (default),
-.B ftp
-will also attempt to automatically log the user in to the
-.SM FTP
-server (see below).  If the
-.B \-forward
-option is specified,
-.B ftp
-will forward a copy of the user's Kerberos tickets to the remote host.
-.TP
-.B passive
-Toggle passive data transfer mode.  In passive mode, the client initiates
-the data connection by listening on the data port.  Passive mode may
-be necessary for operation from behind firewalls which do not permit
-incoming connections.
-.TP
-.B private
-Set the protection level on data transfers to ``private''.  Data
-transmissions are confidentiality and integrity protected by encryption.
-If no
-.SM ADAT
-command succeeded, then the only possible level is ``clear''.
-.TP
-.B prompt
-Toggle interactive prompting.  Interactive prompting occurs during
-multiple file transfers to allow the user to selectively retrieve or
-store files.  If prompting is turned off (default is on), any
-.B mget
-or
-.B mput
-will transfer all files, and any
-.B mdelete
-will delete all files.
-.TP
-\fBprotect\fP [\fIprotection-level\fP]
-Set the protection level on data transfers to
-.IR protection-level .
-The valid protection levels are ``clear'' for unprotected data
-transmissions, ``safe'' for data transmissions integrity protected by
-cryptographic checksum, and ``private'' for data transmissions
-confidentiality and integrity protected by encryption.  If no
-.SM ADAT
-command succeeded, then the only possible level is ``clear''.  If no
-level is specified, the current level is printed.  The default
-protection level is ``clear''.
-.TP
-\fBproxy\fP \fIftp-command\fP
-Execute an ftp command on a secondary control connection.  This command
-allows simultaneous connection to two remote ftp servers for
-transferring files between the two servers.  The first
-.B proxy
-command should be an
-.B open  ,
-to establish the secondary control connection.  Enter the command 
-"proxy ?" to see other ftp commands executable on the secondary connection.
-The following commands behave differently when prefaced by
-.BR proxy :
-.B open
-will not define new macros during the auto-login process,
-.B close
-will not erase existing macro definitions,
-.B get
-and
-.B mget
-transfer files from the host on the primary control connection to the
-host on the secondary control connection, and
-.BR put ,
-.BR mput ,
-and
-.B append
-transfer files from the host on the secondary control connection to the
-host on the primary control connection.  Third party file transfers
-depend upon support of the ftp protocol
-.SM PASV
-command by the server on the secondary control connection.
-.TP
-\fBput\fP \fIlocal-file\fP [\fIremote-file\fP]
-Store a local file on the remote machine.  If
-.I remote-file
-is left unspecified, the local file name is used after processing
-according to any
-.B ntrans
-or
-.B nmap
-settings in naming the remote file.  File transfer uses the current
-settings for
-.BR type ,
-.BR format ,
-.BR mode ,
-and
-.BR structure .
-.TP
-.B pwd
-Print the name of the current working directory on the remote machine.
-.TP
-.B quit
-A synonym for
-.BR bye .
-.TP
-\fBquote\fP \fIarg1\fP [\fIarg2\fP] [\fI...\fP]
-The arguments specified are sent, verbatim, to the remote
-.SM FTP
-server.
-.TP
-\fBrecv\fP \fIremote-file\fP [\fIlocal-file\fP]
-A synonym for get.
-.TP
-\fBreget\fP \fIremote-file\fP [\fIlocal-file\fP]
-Reget acts like get, except that if
-.I local-file
-exists and is smaller than
-.IR remote-file ,
-.I local-file
-is presumed to be a partially transferred copy of
-.I remote-file
-and the transfer is continued from the apparent point of failure.  This
-command is useful when transferring very large files over networks that
-are prone to dropping connections.
-.TP
-\fBremotehelp\fP [\fIcommand-name\fP]
-Request help from the remote
-.SM FTP
-server.  If a
-.I command-name
-is specified it is supplied to the server as well.
-.TP
-\fBremotestatus\fP [\fIfile-name\fP]
-With no arguments, show status of remote machine.  If
-.I file-name
-is specified, show status of
-.I file-name
-on remote machine.
-.TP
-\fBrename\fP [\fIfrom\fP] [\fIto\fP]
-Rename the file
-.I from
-on the remote machine, to the file
-.IR to .
-.TP
-.B reset
-Clear reply queue.  This command re-synchronizes command/reply
-sequencing with the remote ftp server.  Resynchronization may be
-necessary following a violation of the ftp protocol by the remote
-server.
-.TP
-\fBrestart\fP \fImarker\fP
-Restart the immediately following
-.B get
-or
-.B put
-at the indicated
-.IR marker .
-On UNIX systems, marker is usually a byte offset into the file.
-.TP
-\fBrmdir\fP \fIdirectory-name\fP
-Delete a directory on the remote machine.
-.TP
-.B runique
-Toggle storing of files on the local system with unique filenames.  If a
-file already exists with a name equal to the target local filename for a
-.B get
-or
-.B mget
-command, a ".1" is appended to the name.  If the resulting name matches
-another existing file, a ".2" is appended to the original name.  If this
-process continues up to ".99", an error message is printed, and the
-transfer does not take place.  The generated unique filename will be
-reported.  Note that
-.B runique
-will not affect local files generated from a shell command (see below).
-The default value is off.
-.TP
-.B safe
-Set the protection level on data transfers to ``safe''.  Data
-transmissions are integrity-protected by cryptographic checksum.  If no
-.SM ADAT
-command succeeded, then the only possible level is ``clear''.
-.TP
-\fBsend\fP \fIlocal-file\fP [\fIremote-file\fP]
-A synonym for put.
-.TP
-.B sendport
-Toggle the use of
-.SM PORT
-commands.  By default,
-.B ftp
-will attempt to use a
-.SM PORT
-command when establishing a connection for each data transfer.  The use
-of
-.SM PORT
-commands can prevent delays when performing multiple file transfers.  If
-the
-.SM PORT
-command fails,
-.B ftp
-will use the default data port.  When the use of
-.SM PORT
-commands is disabled, no attempt will be made to use
-.SM PORT
-commands for each data transfer.  This is useful for certain
-.SM FTP
-implementations which do ignore
-.SM PORT
-commands but, incorrectly, indicate they've been accepted.
-.TP
-\fBsite\fP \fIarg1\fP [\fIarg2\fP] [\fI...\fP]
-The arguments specified are sent, verbatim, to the remote
-.SM FTP
-server as a
-.SM SITE
-command.
-.TP
-\fBsize\fP \fIfile-name\fP
-Return size of
-.I file-name
-on remote machine.
-.TP
-.B status
-Show the current status of
-.BR ftp .
-.TP
-\fBstruct\fP \fIstruct-name\fP
-Set the file transfer
-.I structure
-to
-.IR struct-name .
-By default ``stream'' structure is used.
-.TP
-.B sunique
-Toggle storing of files on remote machine under unique file names.
-Remote ftp server must support ftp protocol
-.SM STOU
-command for successful completion.  The remote server will report unique
-name.  Default value is off.
-.TP
-.B system
-Show the type of operating system running on the remote machine.
-.TP
-.B tenex
-Set the file transfer type to that needed to talk to
-.SM TENEX
-machines.
-.TP
-.B trace
-Toggle packet tracing.
-.TP
-\fBtype\fP [\fItype-name\fP]
-Set the file transfer
-.B type
-to
-.IR type-name .
-If no type is specified, the current type is printed.  The default type
-is network
-.SM ASCII.
-.TP
-\fBumask\fP [\fInewmask\fP]
-Set the default umask on the remote server to
-.IR newmask .
-If
-.I newmask
-is omitted, the current umask is printed.
-.TP
-\fBuser\fP \fIuser-name\fP [\fIpassword\fP] [\fIaccount\fP]
-Identify yourself to the remote
-.SM FTP
-server.  If the
-.I password
-is not specified and the server requires it,
-.B ftp
-will prompt the user for it (after disabling local echo).  If an
-.I account
-field is not specified, and the
-.SM FTP
-server requires it, the user will be prompted for it.  If an
-.I account
-field is specified, an account command will be relayed to the remote
-server after the login sequence is completed if the remote server did
-not require it for logging in.  Unless
-.B ftp
-is invoked with ``auto-login'' disabled, this process is done
-automatically on initial connection to the
-.SM FTP
-server.
-.TP
-.B verbose
-Toggle verbose mode.  In verbose mode, all responses from the
-.SM FTP
-server are displayed to the user.  In addition, if verbose is on, when a
-file transfer completes, statistics regarding the efficiency of the
-transfer are reported.  By default, verbose is on.
-.TP
-\fB \&? [\fIcommand\fP]
-A synonym for help.
-.PP
-Command arguments which have embedded spaces may be quoted with quote
-`"' marks.
-.SH ABORTING A FILE TRANSFER
-To abort a file transfer, use the terminal interrupt key (usually
-Ctrl-C).  Sending transfers will be immediately halted.  Receiving
-transfers will be halted by sending a 
-.SM FTP
-protocol
-.SM ABOR
-command to the remote server, and discarding any further data received.
-The speed at which this is accomplished depends upon the remote server's
-support for
-.SM ABOR
-processing.  If the remote server does not support the
-.SM ABOR
-command, an `ftp>' prompt will not appear until the remote server has
-completed sending the requested file.
-.PP
-The terminal interrupt key sequence will be ignored when
-.B ftp
-has completed any local processing and is awaiting a reply from the
-remote server.  A long delay in this mode may result from the
-.SM ABOR
-processing described above, or from unexpected behavior by the remote
-server, including violations of the ftp protocol.  If the delay results
-from unexpected remote server behavior, the local
-.B ftp
-program must be killed by hand.
-.SH FILE NAMING CONVENTIONS
-Files specified as arguments to
-.B ftp
-commands are processed according to the following rules.
-.TP
-1.
-If the file name `\fB-\fP' is specified,
-.I stdin
-(for reading) or
-.I stdout
-(for writing) is used.
-.TP
-2.
-If the first character of the file name is `\&|', the remainder of the
-argument is interpreted as a shell command.
-.B Ftp
-then forks a shell, using
-.IR popen (3)
-with the argument supplied, and reads from (writes to) stdout (stdin).
-If the shell command includes spaces, the argument must be quoted; e.g.
-``" ls -lt"''.  A particularly useful example of this mechanism is:
-``dir more''.
-.TP
-3.
-Failing the above checks, if ``globbing'' is enabled, local file names
-are expanded according to the rules used in
-.IR csh (1);
-c.f. the
-.B glob
-command.  If the
-.B ftp
-command expects a single local file (.e.g.
-.BR put ),
-only the first filename generated by the ``globbing'' operation is used.
-.TP
-4.
-For
-.B mget
-commands and
-.B get
-commands with unspecified local file names, the local filename is the
-remote filename, which may be altered by a
-.BR case ,
-.BR ntrans ,
-or
-.B nmap
-setting.  The resulting filename may then be altered if
-.B runique
-is on.
-.TP
-5.
-For
-.B mput
-commands and
-.B put
-commands with unspecified remote file names, the remote filename is the
-local filename, which may be altered by a
-.B ntrans
-or
-.B nmap
-setting.  The resulting filename may then be altered by the remote
-server if
-.B sunique
-is on.
-.SH FILE TRANSFER PARAMETERS
-The FTP specification specifies many parameters which may affect a file
-transfer.  The
-.B type
-may be one of ``ascii'', ``image'' (binary), ``ebcdic'', and ``local
-byte size'' (mostly for PDP-10's and PDP-20's).
-.B Ftp
-supports the ascii and image types of file transfer, plus local byte
-size 8 for
-.B tenex
-mode transfers.
-.PP
-.B Ftp
-supports only the default values for the remaining file transfer
-parameters:
-.BR mode ,
-.BR form ,
-and
-.BR struct .
-.SH THE .netrc FILE
-The
-.I .netrc
-file contains login and initialization information used by the
-auto-login process.  It resides in the user's home directory.  The
-following tokens are recognized; they may be separated by spaces, tabs,
-or new-lines:
-.TP
-\fBmachine\fP \fIname\fP
-Identify a remote machine
-.IR name .
-The auto-login process searches the
-.I .netrc
-file for a
-.B machine
-token that matches the remote machine specified on the
-.B ftp
-command line or as an
-.B open
-command argument.  Once a match is made, the subsequent
-.I .netrc
-tokens are processed, stopping when the end of file is reached or
-another
-.B machine
-or a
-.B default
-token is encountered.
-.TP
-.B default
-This is the same as
-.B machine
-.I name
-except that
-.B default
-matches any name.  There can be only one
-.B default
-token, and it must be after all
-.B machine
-tokens.  This is normally used as:
-.sp
-     default login anonymous password user@site
-.sp
-thereby giving the user
-.I automatic
-anonymous ftp login to machines not specified in
-.IR .netrc .
-This can be overridden by using the
-.B \-n
-flag to disable auto-login.
-.TP
-\fBlogin\fP \fIname\fP
-Identify a user on the remote machine.  If this token is present, the
-auto-login process will initiate a login using the specified
-.IR name .
-.TP
-\fBpassword\fP \fIstring\fP
-Supply a password.  If this token is present, the auto-login process
-will supply the specified string if the remote server requires a
-password as part of the login process.  Note that if this token is
-present in the
-.I .netrc
-file for any user other than
-.IR anonymous ,
-.B ftp
-will abort the auto-login process if the
-.I .netrc
-is readable by anyone besides the user.
-.TP
-\fBaccount\fP \fIstring\fP
-Supply an additional account password.  If this token is present, the
-auto-login process will supply the specified string if the remote server
-requires an additional account password, or the auto-login process will
-initiate an
-.SM ACCT
-command if it does not.
-.TP
-\fBmacdef\fP \fIname\fP
-Define a macro.  This token functions like the
-.B ftp
-.B macdef
-command functions.  A macro is defined with the specified name; its
-contents begin with the next
-.I .netrc
-line and continue until a null line (consecutive new-line characters) is
-encountered.  If a macro named
-.B init
-is defined, it is automatically executed as the last step in the
-auto-login process.
-.SH ENVIRONMENT
-.B Ftp
-utilizes the following environment variables.
-.TP
-.SM HOME
-For default location of a
-.I .netrc
-file, if one exists.
-.TP
-.SM SHELL
-For default shell.
-.SH SEE ALSO
-.IR ftpd (8)
-.PP
-Lunt, S. J., FTP Security Extensions, Internet Draft, November 1993.
-.SH HISTORY
-The
-.B ftp
-command appeared in 4.2BSD.
-.SH BUGS
-Correct execution of many commands depends upon proper behavior by the
-remote server.
-.PP
-An error in the treatment of carriage returns in the 4.2BSD ascii-mode
-transfer code has been corrected.  This correction may result in
-incorrect transfers of binary files to and from 4.2BSD servers using the
-ascii type.  Avoid this problem by using the binary image type.
diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c
deleted file mode 100644
index 6d20fbf..0000000
--- a/src/appl/gssftp/ftp/ftp.c
+++ /dev/null
@@ -1,2233 +0,0 @@
-/*
- * Copyright (c) 1985, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)ftp.c	5.38 (Berkeley) 4/22/91";
-#endif /* not lint */
-
-#ifdef _WIN32
-#include <windows.h>
-#include <winsock2.h>
-#include <sys/timeb.h>
-#include <time.h>
-#include <crtdbg.h>
-#undef ERROR
-#define NOSTBLKSIZE
-
-#define popen _popen
-#define pclose _pclose
-#define sleep(secs) Sleep(secs * 1000)
-int gettimeofday(struct timeval *tv, void *tz);
-
-#endif
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifndef _WIN32
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <sys/socket.h>
-#include <netdb.h>
-#include <sys/time.h>
-#include <sys/file.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-#include <pwd.h>
-#endif
-
-#include <arpa/ftp.h>
-#include <arpa/telnet.h>
-
-#include <stdio.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#include <port-sockets.h>
-
-#ifndef L_SET
-#define L_SET 0
-#endif
-#ifndef L_INCR
-#define L_INCR 1
-#endif
-
-#include <k5-platform.h>
-
-#ifdef GSSAPI
-#include <gssapi/gssapi.h>
-/* need to include the krb5 file, because we're doing manual fallback
-   from the v2 mech to the v2 mech.  Once there's real negotiation,
-   we can be generic again. */
-#include <gssapi/gssapi_generic.h>
-#include <gssapi/gssapi_krb5.h>
-gss_ctx_id_t gcontext;
-#endif /* GSSAPI */
-
-static int kerror;	/* XXX needed for all auth types */
-
-char	*auth_type;	/* Authentication succeeded?  If so, what type? */
-
-unsigned int maxbuf, actualbuf;
-unsigned char *ucbuf;
-
-#define DEFINITIONS
-#include "ftp_var.h"
-#include "secure.h"
-
-#ifdef GSSAPI
-void user_gss_error (OM_uint32, OM_uint32, char *);
-#endif
-
-static void proxtrans (char *, char *, char *);
-static int initconn (void);
-static void ptransfer (char *, long, struct timeval *, struct timeval *);
-static void abort_remote (FILE *);
-static void tvsub (struct timeval *, struct timeval *, struct timeval *);
-static char *gunique (char *);
-
-struct	sockaddr_in hisctladdr;
-struct	sockaddr_in hisdataaddr;
-struct	sockaddr_in data_addr;
-SOCKET	data = -1;
-int	abrtflag = 0;
-int	ptflag = 0;
-struct	sockaddr_in myctladdr;
-#ifndef _WIN32
-uid_t	getuid();
-#endif
-sig_t	lostpeer();
-off_t	restart_point = 0;
-jmp_buf ptabort;
-
-#ifndef HAVE_STRERROR
-#define strerror(error) (sys_errlist[error])
-#ifdef NEED_SYS_ERRLIST
-extern char *sys_errlist[];
-#endif
-#endif
-
-extern int connected;
-
-#define herror()	printf("unknown host\n")
-
-FILE	*cin, *cout;
-FILE	*dataconn (char *);
-
-char *
-hookup(char* host, int port)
-{
-	register struct hostent *hp = 0;
-	int s;
-	socklen_t len;
-#ifdef IP_TOS
-#ifdef IPTOS_LOWDELAY
-	int tos;
-#endif
-#endif
-	static char hostnamebuf[80];
-
-	memset(&hisctladdr, 0, sizeof (hisctladdr));
-	hisctladdr.sin_addr.s_addr = inet_addr(host);
-	if (hisctladdr.sin_addr.s_addr != -1) {
-		hisctladdr.sin_family = AF_INET;
-		(void) strncpy(hostnamebuf, host, sizeof(hostnamebuf));
-	} else {
-		hp = gethostbyname(host);
-		if (hp == NULL) {
-			fprintf(stderr, "ftp: %s: ", host);
-			herror();
-			code = -1;
-			return((char *) 0);
-		}
-		hisctladdr.sin_family = hp->h_addrtype;
-		memcpy(&hisctladdr.sin_addr, hp->h_addr_list[0],
-		       sizeof(hisctladdr.sin_addr));
-		(void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
-	}
-	hostname = hostnamebuf;
-	s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
-	if (s == INVALID_SOCKET) {
-		PERROR_SOCKET("ftp: socket");
-		code = -1;
-		return (0);
-	}
-	hisctladdr.sin_port = port;
-	while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) == SOCKET_ERROR) {
-		if (hp && hp->h_addr_list[1]) {
-			int oerrno = SOCKET_ERRNO;
-#ifndef _WIN32
-			extern char *inet_ntoa();
-#endif
-			fprintf(stderr, "ftp: connect to address %s: ",
-				inet_ntoa(hisctladdr.sin_addr));
-			SOCKET_SET_ERRNO(oerrno);
-			PERROR_SOCKET((char *) 0);
-			hp->h_addr_list++;
-			memcpy(&hisctladdr.sin_addr,
-			       hp->h_addr_list[0],
-			       sizeof(hisctladdr.sin_addr));
-			fprintf(stdout, "Trying %s...\n",
-				inet_ntoa(hisctladdr.sin_addr));
-			(void) closesocket(s);
-			s = socket(hisctladdr.sin_family, SOCK_STREAM, 0);
-			if (s == INVALID_SOCKET) {
-				PERROR_SOCKET("ftp: socket");
-				code = -1;
-				return (0);
-			}
-			continue;
-		}
-		PERROR_SOCKET("ftp: connect");
-		code = -1;
-		goto bad;
-	}
-	len = sizeof (myctladdr);
-	if (getsockname(s, (struct sockaddr *)&myctladdr, &len) == SOCKET_ERROR) {
-		PERROR_SOCKET("ftp: getsockname");
-		code = -1;
-		goto bad;
-	}
-#ifdef IP_TOS
-#ifdef IPTOS_LOWDELAY
-	tos = IPTOS_LOWDELAY;
-	if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) == SOCKET_ERROR) {
-		PERROR_SOCKET("ftp: setsockopt TOS (ignored)");
-	}
-#endif
-#endif
-	cin = FDOPEN_SOCKET(s, "r");
-	cout = FDOPEN_SOCKET(s, "w");
-	if (cin == NULL || cout == NULL) {
-		fprintf(stderr, "ftp: fdopen failed.\n");
-		if (cin) {
-			(void) FCLOSE_SOCKET(cin);
-			cin = NULL;
-		}
-		if (cout) {
-			(void) FCLOSE_SOCKET(cout);
-			cout = NULL;
-		}
-		code = -1;
-		goto bad;
-	}
-	if (verbose)
-		printf("Connected to %s.\n", hostname);
-	if (getreply(0) > 2) { 	/* read startup message from server */
-		if (cin) {
-			(void) FCLOSE_SOCKET(cin);
-			cin = NULL;
-		}
-		if (cout) {
-			(void) FCLOSE_SOCKET(cout);
-			cout = NULL;
-		}
-		code = -1;
-		goto bad;
-	}
-#ifdef SO_OOBINLINE
-	{
-	int on = 1;
-
-	if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on))
-		== SOCKET_ERROR && debug) {
-			PERROR_SOCKET("ftp: setsockopt");
-		}
-	}
-#endif /* SO_OOBINLINE */
-
-	return (hostname);
-bad:
-	(void) closesocket(s);
-	return ((char *)0);
-}
-
-int login(char *host)
-{
-	char tmp[80];
-	char *l_user, *pass, *l_acct, *getenv(), *getlogin();
-	int n, aflag = 0;
-
-	l_user = pass = l_acct = 0;
-	if (ruserpass(host, &l_user, &pass, &l_acct) < 0) {
-		code = -1;
-		return(0);
-	}
-	while (l_user == NULL) {
-		char *myname;
-
-		myname = getenv("LOGNAME");
-		if (myname == NULL)
-			myname = getenv("USER");
-#ifndef _WIN32
-		if (myname == NULL)
-			myname = getlogin();
-		if (myname == NULL) {
-			struct passwd *pp = getpwuid(getuid());
-
-			if (pp != NULL)
-				myname = pp->pw_name;
-		}
-#else
-		if (myname == NULL) {
-			static char buffer[200];
-			int len = sizeof(buffer);
-			if (GetUserName(buffer, &len))
-				myname = buffer;
-			else
-				myname = "<Unknown>";
-		}
-#endif
-		if (myname)
-			printf("Name (%s:%s): ", host, myname);
-		else
-			printf("Name (%s): ", host);
-		(void) fgets(tmp, sizeof(tmp) - 1, stdin);
-		tmp[strlen(tmp) - 1] = '\0';
-		if (*tmp == '\0')
-			l_user = myname;
-		else
-			l_user = tmp;
-	}
-	n = command("USER %s", l_user);
-	if (n == COMPLETE) {
-	        /* determine if we need to send a dummy password */
-		int oldverbose = verbose;
-
-		verbose = 0;
-		if (command("PWD") != COMPLETE) {
-			verbose = oldverbose;
-			command("PASS dummy");
-		} else {
-			verbose = oldverbose;
-		}
-	}
-	else if (n == CONTINUE) {
-#ifndef NOENCRYPTION
-		int oldclevel;
-#endif
-		if (pass == NULL)
-			pass = mygetpass("Password:");
-#ifndef NOENCRYPTION
-		oldclevel = clevel;
-		clevel = PROT_P;
-#endif
-		n = command("PASS %s", pass);
-#ifndef NOENCRYPTION
-		/* level may have changed */
-		if (clevel == PROT_P) clevel = oldclevel;
-#endif
-	}
-	if (n == CONTINUE) {
-		aflag++;
-		l_acct = mygetpass("Account:");
-		n = command("ACCT %s", l_acct);
-	}
-	if (n != COMPLETE) {
-		fprintf(stderr, "Login failed.\n");
-		return (0);
-	}
-	if (!aflag && l_acct != NULL)
-		(void) command("ACCT %s", l_acct);
-	if (proxy)
-		return(1);
-	for (n = 0; n < macnum; ++n) {
-		if (!strcmp("init", macros[n].mac_name)) {
-			(void) strlcpy(line, "$init", sizeof(line));
-			makeargv();
-			domacro(margc, margv);
-			break;
-		}
-	}
-	return (1);
-}
-
-static sigtype
-cmdabort(int sig)
-{
-	printf("\n");
-	(void) fflush(stdout);
-	abrtflag++;
-	if (ptflag)
-		longjmp(ptabort,1);
-}
-
-static int secure_command(char* cmd)
-{
-	unsigned char in[FTP_BUFSIZ], out[FTP_BUFSIZ];
-	int length;
-
-	if (auth_type && clevel != PROT_C) {
-#ifdef GSSAPI
-		/* secure_command (based on level) */
-		if (strcmp(auth_type, "GSSAPI") == 0) {
-			gss_buffer_desc in_buf, out_buf;
-			OM_uint32 maj_stat, min_stat;
-			int conf_state;
-/* clevel = PROT_P; */
-			in_buf.value = cmd;
-			in_buf.length = strlen(cmd) + 1;
-			maj_stat = gss_seal(&min_stat, gcontext,
-					    (clevel==PROT_P), /* private */
-					    GSS_C_QOP_DEFAULT,
-					    &in_buf, &conf_state,
-					    &out_buf);
-			if (maj_stat != GSS_S_COMPLETE) {
-				/* generally need to deal */
-				user_gss_error(maj_stat, min_stat,
-					       (clevel==PROT_P)?
-						 "gss_seal ENC didn't complete":
-						 "gss_seal MIC didn't complete");
-			} else if ((clevel == PROT_P) && !conf_state) {
-				fprintf(stderr,
-					"GSSAPI didn't encrypt message");
-			} else {
-				if (debug)
-				  fprintf(stderr, "sealed (%s) %lu bytes\n",
-					  clevel==PROT_P?"ENC":"MIC",
-					  (unsigned long) out_buf.length);
-				length=out_buf.length;
-				memcpy(out, out_buf.value, out_buf.length);
-				gss_release_buffer(&min_stat, &out_buf);
-			}
-		}
-#endif /* GSSAPI */
-		/* Other auth types go here ... */
-		kerror = radix_encode(out, in, &length, 0);
-		if (kerror) {
-			fprintf(stderr,"Couldn't base 64 encode command (%s)\n",
-					radix_error(kerror));
-			return(0);
-		}
-		fprintf(cout, "%s %s", clevel == PROT_P ? "ENC" : "MIC", in);
-		if(debug)
-		  fprintf(stderr, "secure_command(%s)\nencoding %d bytes %s %s\n",
-			  cmd, length, clevel==PROT_P ? "ENC" : "MIC", in);
-	} else	fputs(cmd, cout);
-	fprintf(cout, "\r\n");
-	(void) fflush(cout);
-	return(1);
-}
-
-int command(char *fmt, ...)
-{
-	char in[FTP_BUFSIZ];
-	va_list ap;
-	int r;
-	sig_t oldintr;
-
-	abrtflag = 0;
-	if (debug) {
-		if (proxflag) printf("%s ", hostname);
-		printf("---> ");
-		va_start(ap, fmt);
-		if (strncmp("PASS ", fmt, 5) == 0)
-			printf("PASS XXXX");
-		else
-			vfprintf(stdout, fmt, ap);
-		va_end(ap);
-		printf("\n");
-		(void) fflush(stdout);
-	}
-	if (cout == NULL) {
-		perror ("No control connection for command");
-		code = -1;
-		return (0);
-	}
-	oldintr = signal(SIGINT, cmdabort);
-	va_start(ap, fmt);
-	vsnprintf(in, FTP_BUFSIZ, fmt, ap);
-	va_end(ap);
-again:	if (secure_command(in) == 0)
-		return(0);
-	cpend = 1;
-	r = getreply(!strcmp(fmt, "QUIT"));
-#ifndef NOENCRYPTION
-	if (r == 533 && clevel == PROT_P) {
-		fprintf(stderr,
-			"ENC command not supported at server; retrying under MIC...\n");
-		clevel = PROT_S;
-		goto again;
-	}
-#endif
-	if (abrtflag && oldintr && oldintr != SIG_IGN)
-		(*oldintr)(SIGINT);
-	(void) signal(SIGINT, oldintr);
-	return(r);
-}
-
-char reply_string[FTP_BUFSIZ];		/* last line of previous reply */
-
-/* for parsing replies to the ADAT command */
-char *reply_parse, reply_buf[FTP_BUFSIZ], *reply_ptr;
-
-#include <ctype.h>
-
-int getreply(int expecteof)
-{
-	register int i, c, n;
-	register int dig;
-	register char *cp;
-	int originalcode = 0, continuation = 0;
-	sig_t oldintr;
-	int pflag = 0;
-	char *pt = pasv;
-	char ibuf[FTP_BUFSIZ], obuf[FTP_BUFSIZ];
-	int safe = 0;
-#ifndef strpbrk
-	extern char *strpbrk();
-#endif
-#ifndef strstr
-	extern char *strstr();
-#endif
-
-	ibuf[0] = '\0';
-	if (reply_parse) reply_ptr = reply_buf;
-	oldintr = signal(SIGINT, cmdabort);
-	for (;;) {
-		obuf[0] = '\0';
-		dig = n = code = i = 0;
-		cp = reply_string;
-		while ((c = ibuf[0] ? ibuf[i++] : getc(cin)) != '\n') {
-			if (c == IAC) {     /* handle telnet commands */
-				switch (c = getc(cin)) {
-				case WILL:
-				case WONT:
-					c = getc(cin);
-					fprintf(cout, "%c%c%c", IAC, DONT, c);
-					(void) fflush(cout);
-					break;
-				case DO:
-				case DONT:
-					c = getc(cin);
-					fprintf(cout, "%c%c%c", IAC, WONT, c);
-					(void) fflush(cout);
-					break;
-				default:
-					break;
-				}
-				continue;
-			}
-			dig++;
-			if (c == EOF) {
-				if (expecteof) {
-					(void) signal(SIGINT,oldintr);
-					code = 221;
-					return (0);
-				}
-				lostpeer();
-				if (verbose) {
-					printf("421 Service not available, remote server has closed connection\n");
-					(void) fflush(stdout);
-				}
-				code = 421;
-				return(4);
-			}
-			if (n == 0)
-				n = c;
-			if (auth_type && !ibuf[0] &&
-				(n == '6' || continuation)) {
-			    if (c != '\r' && dig > 4)
-				obuf[i++] = c;
-			} else {
-			    if (auth_type && !ibuf[0] && dig == 1 && verbose)
-			printf("Unauthenticated reply received from server:\n");
-			    if (reply_parse) *reply_ptr++ = c;
-			    if (c != '\r' && (verbose > 0 ||
-				(verbose > -1 && n == '5' && dig > 4))) {
-				    if (proxflag &&
-					(dig == 1 || (dig == 5 && verbose == 0)))
-						printf("%s:",hostname);
-				    (void) putchar(c);
-			    }
-			}
-			if (auth_type && !ibuf[0] && n != '6') continue;
-			if (dig < 4 && isdigit(c))
-				code = code * 10 + (c - '0');
-			if (!pflag && code == 227)
-				pflag = 1;
-			if (dig > 4 && pflag == 1 && isdigit(c))
-				pflag = 2;
-			if (pflag == 2) {
-				if (c != '\r' && c != ')')
-					*pt++ = c;
-				else {
-					*pt = '\0';
-					pflag = 3;
-				}
-			}
-			if (dig == 4 && c == '-' && n != '6') {
-				if (continuation)
-					code = 0;
-				continuation++;
-			}
-			if (cp < &reply_string[sizeof(reply_string) - 1])
-				*cp++ = c;
-		}
-		if (auth_type && !ibuf[0] && n != '6')
-			return(getreply(expecteof));
-		ibuf[0] = obuf[i] = '\0';
-		if (code && n == '6') {
-		    if (code != 631 && code != 632 && code != 633) {
-			printf("Unknown reply: %d %s\n", code, obuf);
-			n = '5';
-		    } else safe = (code == 631);
-		}
-		if (obuf[0])	/* if there is a string to decode */
-		    if (!auth_type) {
-			printf("Cannot decode reply:\n%d %s\n", code, obuf);
-			n = '5';
-		    }
-#ifdef NOENCRYPTION
-		    else if (code == 632) {
-			printf("Cannot decrypt %d reply: %s\n", code, obuf);
-			n = '5';
-		    }
-#endif
-#ifdef NOCONFIDENTIAL
-		    else if (code == 633) {
-			printf("Cannot decrypt %d reply: %s\n", code, obuf);
-			n = '5';
-		    }
-#endif
-		    else {
-			int len;
-			kerror = radix_encode((unsigned char *)obuf,
-					      (unsigned char *)ibuf,
-					      &len, 1);
-			if (kerror) {
-			    printf("Can't base 64 decode reply %d (%s)\n\"%s\"\n",
-					code, radix_error(kerror), obuf);
-			    n = '5';
-			}
-#ifdef GSSAPI
-			else if (strcmp(auth_type, "GSSAPI") == 0) {
-				gss_buffer_desc xmit_buf, msg_buf;
-				OM_uint32 maj_stat, min_stat;
-				int conf_state;
-				xmit_buf.value = ibuf;
-				xmit_buf.length = len;
-				/* decrypt/verify the message */
-				conf_state = safe;
-				maj_stat = gss_unseal(&min_stat, gcontext,
-						      &xmit_buf, &msg_buf,
-						      &conf_state, NULL);
-				if (maj_stat != GSS_S_COMPLETE) {
-				  user_gss_error(maj_stat, min_stat,
-						 "failed unsealing reply");
-				  n = '5';
-				} else {
-				  if(msg_buf.length < sizeof(ibuf) - 2 - 1) {
-				    memcpy(ibuf, msg_buf.value,
-					   msg_buf.length);
-				    memcpy(&ibuf[msg_buf.length], "\r\n", 3);
-				  } else {
-				    user_gss_error(maj_stat, min_stat,
-						   "reply was too long");
-				  }
-				  gss_release_buffer(&min_stat,&msg_buf);
-				  continue;
-				}
-			}
-#endif
-			/* Other auth types go here... */
-		    }
-		else
-		if (verbose > 0 || (verbose > -1 && n == '5')) {
-			(void) putchar(c);
-			(void) fflush (stdout);
-		}
-		if (continuation && code != originalcode) {
-			if (originalcode == 0)
-				originalcode = code;
-			continue;
-		}
-		*cp = '\0';
-		if (n != '1')
-			cpend = 0;
-		(void) signal(SIGINT,oldintr);
-		if (code == 421 || originalcode == 421)
-			lostpeer();
-		if (abrtflag && oldintr && oldintr != cmdabort && oldintr != SIG_IGN)
-			(*oldintr)(SIGINT);
-		if (reply_parse) {
-			*reply_ptr = '\0';
-			reply_ptr = strstr(reply_buf, reply_parse);
-			if (reply_ptr) {
-				reply_parse = reply_ptr + strlen(reply_parse);
-				reply_ptr = strpbrk(reply_parse, " \r");
-				if (reply_ptr)
-					*reply_ptr = '\0';
-			} else reply_parse = reply_ptr;
-		}
-		return (n - '0');
-	}
-}
-
-static int empty(fd_set *mask, int sec)
-{
-	struct timeval t;
-
-	t.tv_sec = (long) sec;
-	t.tv_usec = 0;
-	return(select(32, mask, (fd_set *) 0, (fd_set *) 0, &t));
-}
-
-jmp_buf	sendabort;
-
-static sigtype
-abortsend(int sig)
-{
-
-	mflag = 0;
-	abrtflag = 0;
-	printf("\nsend aborted\nwaiting for remote to finish abort\n");
-	(void) fflush(stdout);
-	longjmp(sendabort, 1);
-}
-
-void secure_error(char *fmt, ...)
-{
-	va_list ap;
-
-	va_start(ap, fmt);
-	vfprintf(stderr, fmt, ap);
-	va_end(ap);
-	putc('\n', stderr);
-}
-
-#define HASHBYTES 1024
-
-void sendrequest(char *cmd, char *local, char *remote, int printnames)
-{
-	struct stat st;
-	struct timeval start, stop;
-	register int c, d;
-	FILE *volatile fin, *volatile dout = 0;
-	int (*volatile closefunc)();
-	volatile sig_t oldintr, oldintp;
-	volatile long bytes = 0, hashbytes = HASHBYTES;
-	char *volatile lmode;
-	unsigned char buf[FTP_BUFSIZ], *bufp;
-
-	if (verbose && printnames) {
-		if (local && *local != '-')
-			printf("local: %s ", local);
-		if (remote)
-			printf("remote: %s\n", remote);
-	}
-	if (proxy) {
-		proxtrans(cmd, local, remote);
-		return;
-	}
-	if (curtype != type)
-		changetype(type, 0);
-	closefunc = NULL;
-	oldintr = NULL;
-	oldintp = NULL;
-	lmode = "w";
-	if (setjmp(sendabort)) {
-		while (cpend) {
-			(void) getreply(0);
-		}
-		if (data != INVALID_SOCKET) {
-			(void) closesocket(data);
-			data = INVALID_SOCKET;
-		}
-		if (oldintr)
-			(void) signal(SIGINT,oldintr);
-#ifdef SIGPIPE
-		if (oldintp)
-			(void) signal(SIGPIPE,oldintp);
-#endif
-		code = -1;
-		return;
-	}
-	oldintr = signal(SIGINT, abortsend);
-	if (strcmp(local, "-") == 0)
-		fin = stdin;
-	else if (*local == '|') {
-#ifdef SIGPIPE
-		oldintp = signal(SIGPIPE,SIG_IGN);
-#endif
-		fin = popen(local + 1, "r");
-		if (fin == NULL) {
-			perror(local + 1);
-			(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-			(void) signal(SIGPIPE, oldintp);
-#endif
-			code = -1;
-			return;
-		}
-		closefunc = pclose;
-	} else {
-#ifdef _WIN32
-		if ((curtype == TYPE_I) || (curtype == TYPE_L))
-			fin = fopen(local, "rb");
-		else
-			fin = fopen(local, "rt");
-#else /* !_WIN32 */
-		fin = fopen(local, "r");
-#endif /* !_WIN32 */
-		if (fin == NULL) {
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-			(void) signal(SIGINT, oldintr);
-			code = -1;
-			return;
-		}
-		closefunc = fclose;
-		if (fstat(fileno(fin), &st) < 0 ||
-		    (st.st_mode&S_IFMT) != S_IFREG) {
-			fprintf(stdout, "%s: not a plain file.\n", local);
-			(void) signal(SIGINT, oldintr);
-			fclose(fin);
-			code = -1;
-			return;
-		}
-	}
-	if (initconn()) {
-		(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-		if (oldintp)
-			(void) signal(SIGPIPE, oldintp);
-#endif
-		code = -1;
-		if (closefunc != NULL)
-			(*closefunc)(fin);
-		return;
-	}
-	if (setjmp(sendabort))
-		goto die;
-
-	if (restart_point &&
-	    (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) {
-		if (fseek(fin, (long) restart_point, 0) < 0) {
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-			restart_point = 0;
-			if (closefunc != NULL)
-				(*closefunc)(fin);
-			return;
-		}
-		if (command("REST %ld", (long) restart_point)
-			!= CONTINUE) {
-			restart_point = 0;
-			if (closefunc != NULL)
-				(*closefunc)(fin);
-			return;
-		}
-		restart_point = 0;
-		lmode = "r+w";
-	}
-	if (remote) {
-		if (command("%s %s", cmd, remote) != PRELIM) {
-			(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-			if (oldintp)
-				(void) signal(SIGPIPE, oldintp);
-#endif
-			if (closefunc != NULL)
-				(*closefunc)(fin);
-			return;
-		}
-	} else
-		if (command("%s", cmd) != PRELIM) {
-			(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-			if (oldintp)
-				(void) signal(SIGPIPE, oldintp);
-#endif
-			if (closefunc != NULL)
-				(*closefunc)(fin);
-			return;
-		}
-	dout = dataconn(lmode);
-	if (dout == NULL)
-		goto die;
-	(void) gettimeofday(&start, (struct timezone *)0);
-#ifdef SIGPIPE
-	oldintp = signal(SIGPIPE, SIG_IGN);
-#endif
-	switch (curtype) {
-
-	case TYPE_I:
-	case TYPE_L:
-		errno = d = 0;
-		while ((c = read(fileno(fin), buf, sizeof (buf))) > 0) {
-			bytes += c;
-			for (bufp = buf; c > 0; c -= d, bufp += d)
-				if ((d = secure_write(fileno(dout), bufp,
-						      (unsigned int) c)) <= 0)
-					break;
-			if (hash) {
-				while (bytes >= hashbytes) {
-					(void) putchar('#');
-					hashbytes += HASHBYTES;
-				}
-				(void) fflush(stdout);
-			}
-			if (d <= 0 )
-  break;
-		}
-		if (hash && bytes > 0) {
-			if (bytes < HASHBYTES)
-				(void) putchar('#');
-			(void) putchar('\n');
-			(void) fflush(stdout);
-		}
-		if (c < 0)
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-		if (d < 0 || (d = secure_flush(fileno(dout))) < 0) {
-			if (d == -1 && errno != EPIPE)
-				perror("netout");
-			bytes = -1;
-		}
-		break;
-
-	case TYPE_A:
-		while ((c = getc(fin)) != EOF) {
-			if (c == '\n') {
-				while (hash && (bytes >= hashbytes)) {
-					(void) putchar('#');
-					(void) fflush(stdout);
-					hashbytes += HASHBYTES;
-				}
-				if (ferror(dout) ||
-				    secure_putc('\r', dout) < 0)
-					break;
-				bytes++;
-			}
-			if (secure_putc(c, dout) < 0)
-				break;
-			bytes++;
-	/*		if (c == '\r') {			  	*/
-	/*		(void)	putc('\0', dout);   this violates rfc */
-	/*			bytes++;				*/
-	/*		}                          			*/
-		}
-		if (hash) {
-			if (bytes < hashbytes)
-				(void) putchar('#');
-			(void) putchar('\n');
-			(void) fflush(stdout);
-		}
-		if (ferror(fin))
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-		d = 0;
-		if (ferror(dout) || (d = secure_flush(fileno(dout))) < 0) {
-			if ((ferror(dout) || d == -1) && errno != EPIPE)
-				perror("netout");
-			bytes = -1;
-		}
-		break;
-	}
-	(void) gettimeofday(&stop, (struct timezone *)0);
-	if (closefunc != NULL)
-		(*closefunc)(fin);
-	(void) FCLOSE_SOCKET(dout);
-	dout = NULL;
-	(void) getreply(0);
-	(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-	if (oldintp)
-		(void) signal(SIGPIPE, oldintp);
-#endif
-	if (bytes > 0)
-		ptransfer("sent", bytes, &start, &stop);
-	return;
-die:
-	(void) gettimeofday(&stop, (struct timezone *)0);
-	(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-	if (oldintp)
-		(void) signal(SIGPIPE, oldintp);
-#endif
-	if (!cpend) {
-		code = -1;
-		return;
-	}
-	if (data != INVALID_SOCKET) {
-		(void) closesocket(data);
-		data = INVALID_SOCKET;
-	}
-	if (dout) {
-		(void) FCLOSE_SOCKET(dout);
-		dout = NULL;
-	}
-	(void) getreply(0);
-	code = -1;
-	if (closefunc != NULL && fin != NULL)
-		(*closefunc)(fin);
-	if (bytes > 0)
-		ptransfer("sent", bytes, &start, &stop);
-}
-
-jmp_buf	recvabort;
-
-static sigtype
-abortrecv(int sig)
-{
-
-	mflag = 0;
-	abrtflag = 0;
-	printf("\nreceive aborted\nwaiting for remote to finish abort\n");
-	(void) fflush(stdout);
-	longjmp(recvabort, 1);
-}
-
-void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode,
-		 int printnames, int fnameonly)
-{
-	FILE *volatile fout, *volatile din = 0, *popen();
-	int (*volatile closefunc)(), pclose(), fclose();
-	volatile sig_t oldintr, oldintp;
-	volatile int is_retr, tcrflag, bare_lfs = 0;
-	static unsigned int bufsize;
-	static char *buf;
-	unsigned int blksize;
-	volatile long bytes = 0, hashbytes = HASHBYTES;
-	register int c, d;
-	struct timeval start, stop;
-#ifndef NOSTBLKSIZE
-	struct stat st;
-#endif
-	off_t lseek();
-
-	is_retr = strcmp(cmd, "RETR") == 0;
-	if (is_retr && verbose && printnames) {
-		if (local && *local != '-')
-			printf("local: %s ", local);
-		if (remote)
-			printf("remote: %s\n", remote);
-	}
-	if (proxy && is_retr) {
-		proxtrans(cmd, local, remote);
-		return;
-	}
-	closefunc = NULL;
-	oldintr = NULL;
-	oldintp = NULL;
-	tcrflag = !crflag && is_retr;
-	if (setjmp(recvabort)) {
-		while (cpend) {
-			(void) getreply(0);
-		}
-		if (data != INVALID_SOCKET) {
-			(void) closesocket(data);
-			data = INVALID_SOCKET;
-		}
-		if (oldintr)
-			(void) signal(SIGINT, oldintr);
-		code = -1;
-		return;
-	}
-	oldintr = signal(SIGINT, abortrecv);
-	if (fnameonly || (strcmp(local, "-") && *local != '|')) {
-		if (access(local, 2) < 0) {
-			char *dir = strrchr(local, '/');
-
-			if (errno != ENOENT && errno != EACCES) {
-				fprintf(stderr, "local: %s: %s\n", local,
-					strerror(errno));
-				(void) signal(SIGINT, oldintr);
-				code = -1;
-				return;
-			}
-			if (dir != NULL)
-				*dir = 0;
-			d = access(dir ? local : ".", 2);
-			if (dir != NULL)
-				*dir = '/';
-			if (d < 0) {
-				fprintf(stderr, "local: %s: %s\n", local,
-					strerror(errno));
-				(void) signal(SIGINT, oldintr);
-				code = -1;
-				return;
-			}
-			if (!runique && errno == EACCES &&
-			    chmod(local, 0600) < 0) {
-				fprintf(stderr, "local: %s: %s\n", local,
-					strerror(errno));
-				(void) signal(SIGINT, oldintr);
-				(void) signal(SIGINT, oldintr);
-				code = -1;
-				return;
-			}
-			if (runique && errno == EACCES &&
-			   (local = gunique(local)) == NULL) {
-				(void) signal(SIGINT, oldintr);
-				code = -1;
-				return;
-			}
-		}
-		else if (runique && (local = gunique(local)) == NULL) {
-			(void) signal(SIGINT, oldintr);
-			code = -1;
-			return;
-		}
-	}
-	if (!is_retr) {
-		if (curtype != TYPE_A)
-			changetype(TYPE_A, 0);
-	} else if (curtype != type)
-		changetype(type, 0);
-	if (initconn()) {
-		(void) signal(SIGINT, oldintr);
-		code = -1;
-		return;
-	}
-	if (setjmp(recvabort))
-		goto die;
-	if (is_retr && restart_point &&
-	    command("REST %ld", (long) restart_point) != CONTINUE)
-		return;
-	if (remote) {
-		if (command("%s %s", cmd, remote) != PRELIM) {
-			(void) signal(SIGINT, oldintr);
-			return;
-		}
-	} else {
-		if (command("%s", cmd) != PRELIM) {
-			(void) signal(SIGINT, oldintr);
-			return;
-		}
-	}
-	din = dataconn("r");
-	if (din == NULL)
-		goto die;
-	if (strcmp(local, "-") == 0 && !fnameonly)
-		fout = stdout;
-	else if (*local == '|' && !fnameonly) {
-#ifdef SIGPIPE
-		oldintp = signal(SIGPIPE, SIG_IGN);
-#endif
-		fout = popen(local + 1, "w");
-		if (fout == NULL) {
-			perror(local+1);
-			goto die;
-		}
-		closefunc = pclose;
-	} else {
-#ifdef _WIN32
-		int old_fmode = _fmode;
-
-		if ((curtype == TYPE_I) || (curtype == TYPE_L))
-			_fmode = _O_BINARY;
-#endif /* _WIN32 */
-		fout = fopen(local, lmode);
-#ifdef _WIN32
-		_fmode = old_fmode;
-#endif
-		if (fout == NULL) {
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-			goto die;
-		}
-		closefunc = fclose;
-	}
-	blksize = FTP_BUFSIZ;
-#ifndef NOSTBLKSIZE
-	if (fstat(fileno(fout), &st) == 0 && st.st_blksize != 0)
-		blksize = st.st_blksize;
-#endif
-	if (blksize > bufsize) {
-		if (buf)
-			(void) free(buf);
-		buf = (char *)malloc((unsigned)blksize);
-		if (buf == NULL) {
-			perror("malloc");
-			bufsize = 0;
-			goto die;
-		}
-		bufsize = blksize;
-	}
-	(void) gettimeofday(&start, (struct timezone *)0);
-	switch (curtype) {
-
-	case TYPE_I:
-	case TYPE_L:
-		if (restart_point &&
-		    lseek(fileno(fout), (long) restart_point, L_SET) < 0) {
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-			if (closefunc != NULL)
-				(*closefunc)(fout);
-			return;
-		}
-		errno = d = 0;
-		while ((c = secure_read(fileno(din), buf, bufsize)) > 0) {
-		        d = write(fileno(fout), buf,(unsigned int) c);
-			if (d != c)
-				break;
-			bytes += c;
-			if (hash) {
-				while (bytes >= hashbytes) {
-					(void) putchar('#');
-					hashbytes += HASHBYTES;
-				}
-				(void) fflush(stdout);
-			}
-		}
-		if (hash && bytes > 0) {
-			if (bytes < HASHBYTES)
-				(void) putchar('#');
-			(void) putchar('\n');
-			(void) fflush(stdout);
-		}
-		if (c < 0) {
-			if (c == -1 && errno != EPIPE)
-				perror("netin");
-			bytes = -1;
-		}
-		if (d < c) {
-			if (d < 0)
-				fprintf(stderr, "local: %s: %s\n", local,
-					strerror(errno));
-			else
-				fprintf(stderr, "%s: short write\n", local);
-		}
-		break;
-
-	case TYPE_A:
-		if (restart_point) {
-			register int i, n, ch;
-
-			if (fseek(fout, 0L, L_SET) < 0)
-				goto done;
-			n = restart_point;
-			for (i = 0; i++ < n;) {
-				if ((ch = getc(fout)) == EOF)
-					goto done;
-				if (ch == '\n')
-					i++;
-			}
-			if (fseek(fout, 0L, L_INCR) < 0) {
-done:
-				fprintf(stderr, "local: %s: %s\n", local,
-					strerror(errno));
-				if (closefunc != NULL)
-					(*closefunc)(fout);
-				return;
-			}
-		}
-		while ((c = secure_getc(din)) >= 0) {
-			if (c == '\n')
-				bare_lfs++;
-			while (c == '\r') {
-				while (hash && (bytes >= hashbytes)) {
-					(void) putchar('#');
-					(void) fflush(stdout);
-					hashbytes += HASHBYTES;
-				}
-				bytes++;
-				if ((c = secure_getc(din)) != '\n' || tcrflag) {
-					if (ferror(fout))
-						goto break2;
-					(void) putc('\r', fout);
-					if (c == '\0') {
-						bytes++;
-						goto contin2;
-					}
-				}
-			}
-			if (c < 0) break;
-			(void) putc(c, fout);
-			bytes++;
-	contin2:	;
-		}
-break2:
-		if (bare_lfs) {
-			printf("WARNING! %d bare linefeeds received in ASCII mode\n", bare_lfs);
-			printf("File may not have transferred correctly.\n");
-		}
-		if (hash) {
-			if (bytes < hashbytes)
-				(void) putchar('#');
-			(void) putchar('\n');
-			(void) fflush(stdout);
-		}
-		if (ferror(din)) {
-			if (errno != EPIPE)
-				perror("netin");
-			bytes = -1;
-		}
-		if (ferror(fout) || c == -2) {
-		    if (c != -2)
-			fprintf(stderr, "local: %s: %s\n", local,
-				strerror(errno));
-			bytes = -1;
-		}
-		break;
-	}
-	if (closefunc != NULL)
-		(*closefunc)(fout);
-	(void) signal(SIGINT, oldintr);
-#ifdef SIGPIPE
-	if (oldintp)
-		(void) signal(SIGPIPE, oldintp);
-#endif
-	(void) gettimeofday(&stop, (struct timezone *)0);
-	(void) FCLOSE_SOCKET(din);
-	din = NULL;
-	(void) getreply(0);
-	if (bytes > 0 && is_retr)
-		ptransfer("received", bytes, &start, &stop);
-	return;
-die:
-
-/* abort using RFC959 recommended IP,SYNC sequence  */
-
-	(void) gettimeofday(&stop, (struct timezone *)0);
-#ifdef SIGPIPE
-	if (oldintp)
-		(void) signal(SIGPIPE, oldintr);
-#endif
-	(void) signal(SIGINT, SIG_IGN);
-	if (!cpend) {
-		code = -1;
-		(void) signal(SIGINT, oldintr);
-		return;
-	}
-
-	abort_remote(din);
-	code = -1;
-	if (data != INVALID_SOCKET) {
-		(void) closesocket(data);
-		data = INVALID_SOCKET;
-	}
-	if (closefunc != NULL && fout != NULL)
-		(*closefunc)(fout);
-	if (din) {
-		(void) FCLOSE_SOCKET(din);
-		din = NULL;
-	}
-	if (bytes > 0)
-		ptransfer("received", bytes, &start, &stop);
-	(void) signal(SIGINT, oldintr);
-}
-
-/*
- * Need to start a listen on the data channel before we send the command,
- * otherwise the server's connect may fail.
- */
-static int initconn()
-{
-	register char *p, *a;
-	int result, tmpno = 0;
-	socklen_t len;
-	int on = 1;
-#ifndef NO_PASSIVE_MODE
-	int a1,a2,a3,a4,p1,p2;
-
-	if (passivemode) {
-		data = socket(AF_INET, SOCK_STREAM, 0);
-		if (data == INVALID_SOCKET) {
-			PERROR_SOCKET("ftp: socket");
-			return(1);
-		}
-		if (options & SO_DEBUG &&
-		    setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) == SOCKET_ERROR)
-			PERROR_SOCKET("ftp: setsockopt (ignored)");
-		if (command("PASV") != COMPLETE) {
-			printf("Passive mode refused.  Turning off passive mode.\n");
-			passivemode = 0;
-			return initconn();
-		}
-
-/*
- * What we've got at this point is a string of comma separated
- * one-byte unsigned integer values, separated by commas.
- * The first four are the an IP address. The fifth is the MSB
- * of the port number, the sixth is the LSB. From that we'll
- * prepare a sockaddr_in.
- */
-
-		if (sscanf(pasv,"%d,%d,%d,%d,%d,%d",&a1,&a2,&a3,&a4,&p1,&p2) != 6) {
-			printf("Passive mode address scan failure. Shouldn't happen!\n");
-			return(1);
-		};
-
-		data_addr.sin_family = AF_INET;
-		data_addr.sin_addr.s_addr = htonl((a1<<24)|(a2<<16)|(a3<<8)|a4);
-		data_addr.sin_port = htons((p1<<8)|p2);
-
-		if (connect(data, (struct sockaddr *) &data_addr, sizeof(data_addr)) == SOCKET_ERROR) {
-			PERROR_SOCKET("ftp: connect");
-			return(1);
-		}
-#ifdef IP_TOS
-#ifdef IPTOS_THROUGHPUT
-	on = IPTOS_THROUGHPUT;
-	if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) == SOCKET_ERROR)
-		PERROR_SOCKET("ftp: setsockopt TOS (ignored)");
-#endif
-#endif
-		hisdataaddr = data_addr;
-		return(0);
-	}
-#endif
-
-noport:
-	data_addr = myctladdr;
-	if (sendport)
-		data_addr.sin_port = 0;	/* let system pick one */
-	if (data != INVALID_SOCKET)
-		(void) closesocket(data);
-	data = socket(AF_INET, SOCK_STREAM, 0);
-	if (data == INVALID_SOCKET) {
-		PERROR_SOCKET("ftp: socket");
-		if (tmpno)
-			sendport = 1;
-		return (1);
-	}
-	if (!sendport)
-		if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) == SOCKET_ERROR) {
-			PERROR_SOCKET("ftp: setsockopt (reuse address)");
-			goto bad;
-		}
-	if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) == SOCKET_ERROR) {
-		PERROR_SOCKET("ftp: bind");
-		goto bad;
-	}
-	if (options & SO_DEBUG &&
-	    setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) == SOCKET_ERROR)
-		PERROR_SOCKET("ftp: setsockopt (ignored)");
-	len = sizeof (data_addr);
-	if (getsockname(data, (struct sockaddr *)&data_addr, &len) == SOCKET_ERROR) {
-		PERROR_SOCKET("ftp: getsockname");
-		goto bad;
-	}
-	if (listen(data, 1) == SOCKET_ERROR)
-		PERROR_SOCKET("ftp: listen");
-	if (sendport) {
-		a = (char *)&data_addr.sin_addr;
-		p = (char *)&data_addr.sin_port;
-#define	UC(b)	(((int)b)&0xff)
-		result =
-		    command("PORT %d,%d,%d,%d,%d,%d",
-		      UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]),
-		      UC(p[0]), UC(p[1]));
-		if (result == ERROR && sendport == -1) {
-			sendport = 0;
-			tmpno = 1;
-			goto noport;
-		}
-		return (result != COMPLETE);
-	}
-	if (tmpno)
-		sendport = 1;
-#ifdef IP_TOS
-#ifdef IPTOS_THROUGHPUT
-	on = IPTOS_THROUGHPUT;
-	if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) == SOCKET_ERROR)
-		PERROR_SOCKET("ftp: setsockopt TOS (ignored)");
-#endif
-#endif
-	return (0);
-bad:
-	(void) closesocket(data), data = INVALID_SOCKET;
-	if (tmpno)
-		sendport = 1;
-	return (1);
-}
-
-FILE *
-dataconn(char *lmode)
-{
-	int s;
-	socklen_t fromlen = sizeof (hisdataaddr);
-#ifdef IP_TOS
-#ifdef IPTOS_LOWDELAY
-        int tos;
-#endif
-#endif
-
-#ifndef NO_PASSIVE_MODE
-	if (passivemode)
-		return (FDOPEN_SOCKET(data, lmode));
-#endif
-	s = accept(data, (struct sockaddr *) &hisdataaddr, &fromlen);
-	if (s == INVALID_SOCKET) {
-		PERROR_SOCKET("ftp: accept");
-		(void) closesocket(data), data = INVALID_SOCKET;
-		return (NULL);
-	}
-	(void) closesocket(data);
-	data = s;
-#ifdef IP_TOS
-#ifdef IPTOS_THROUGHPUT
-	tos = IPTOS_THROUGHPUT;
-	if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) == SOCKET_ERROR)
-		PERROR_SOCKET("ftp: setsockopt TOS (ignored)");
-#endif
-#endif
-	return (FDOPEN_SOCKET(data, lmode));
-}
-
-static void ptransfer(char *direction, long bytes,
-		      struct timeval *t0, struct timeval *t1)
-{
-	struct timeval td;
-	float s, kbs;
-
-	if (verbose) {
-		tvsub(&td, t1, t0);
-		s = td.tv_sec + (td.tv_usec / 1000000.);
-#define	nz(x)	((x) == 0 ? 1 : (x))
-		kbs = (bytes / nz(s))/1024.0;
-		printf("%ld bytes %s in %.2g seconds (%.2g Kbytes/s)\n",
-		    bytes, direction, s, kbs);
-	}
-}
-
-/*tvadd(tsum, t0)
-	struct timeval *tsum, *t0;
-{
-
-	tsum->tv_sec += t0->tv_sec;
-	tsum->tv_usec += t0->tv_usec;
-	if (tsum->tv_usec > 1000000)
-		tsum->tv_sec++, tsum->tv_usec -= 1000000;
-} */
-
-static void tvsub(struct timeval *tdiff, struct timeval *t1,
-		  struct timeval *t0)
-{
-
-	tdiff->tv_sec = t1->tv_sec - t0->tv_sec;
-	tdiff->tv_usec = t1->tv_usec - t0->tv_usec;
-	if (tdiff->tv_usec < 0)
-		tdiff->tv_sec--, tdiff->tv_usec += 1000000;
-}
-
-static sigtype
-psabort(int sig)
-{
-	abrtflag++;
-}
-
-void pswitch(int flag)
-{
-	sig_t oldintr;
-	static struct comvars {
-		int connect;
-		char name[MAXHOSTNAMELEN];
-		struct sockaddr_in mctl;
-		struct sockaddr_in hctl;
-		FILE *in;
-		FILE *out;
-		int tpe;
-		int curtpe;
-		int cpnd;
-		int sunqe;
-		int runqe;
-		int mcse;
-		int ntflg;
-		char nti[17];
-		char nto[17];
-		int mapflg;
-		char mi[MAXPATHLEN];
-		char mo[MAXPATHLEN];
-		char *authtype;
-		int clvl;
-	        int dlvl;
-	} proxstruct, tmpstruct;
-	struct comvars *ip, *op;
-
-	abrtflag = 0;
-	oldintr = signal(SIGINT, psabort);
-	if (flag) {
-		if (proxy)
-			return;
-		ip = &tmpstruct;
-		op = &proxstruct;
-		proxy++;
-	} else {
-		if (!proxy)
-			return;
-		ip = &proxstruct;
-		op = &tmpstruct;
-		proxy = 0;
-	}
-	ip->connect = connected;
-	connected = op->connect;
-	if (hostname) {
-		if (ip->name != hostname)
-			(void) strncpy(ip->name, hostname, sizeof(ip->name) - 1);
-		ip->name[strlen(ip->name)] = '\0';
-	} else
-		ip->name[0] = 0;
-	hostname = op->name;
-	ip->hctl = hisctladdr;
-	hisctladdr = op->hctl;
-	ip->mctl = myctladdr;
-	myctladdr = op->mctl;
-	ip->in = cin;
-	cin = op->in;
-	ip->out = cout;
-	cout = op->out;
-	ip->tpe = type;
-	type = op->tpe;
-	ip->curtpe = curtype;
-	curtype = op->curtpe;
-	ip->cpnd = cpend;
-	cpend = op->cpnd;
-	ip->sunqe = sunique;
-	sunique = op->sunqe;
-	ip->runqe = runique;
-	runique = op->runqe;
-	ip->mcse = mcase;
-	mcase = op->mcse;
-	ip->ntflg = ntflag;
-	ntflag = op->ntflg;
-	(void) strncpy(ip->nti, ntin, sizeof(ip->nti) - 1);
-	(ip->nti)[strlen(ip->nti)] = '\0';
-	(void) strncpy(ntin, op->nti, sizeof(ntin) - 1);
-	ntin[sizeof(ntin) - 1] = '\0';
-	(void) strncpy(ip->nto, ntout, sizeof(ip->nto) - 1);
-	(ip->nto)[strlen(ip->nto)] = '\0';
-	(void) strncpy(ntout, op->nto, sizeof(ntout) - 1);
-	ntout[sizeof(ntout) - 1] = '\0';
-	ip->mapflg = mapflag;
-	mapflag = op->mapflg;
-	(void) strncpy(ip->mi, mapin, MAXPATHLEN - 1);
-	(ip->mi)[strlen(ip->mi)] = '\0';
-	(void) strncpy(mapin, op->mi, sizeof(mapin) - 1);
-	mapin[sizeof(mapin) - 1] = '\0';
-	(void) strncpy(ip->mo, mapout, MAXPATHLEN - 1);
-	(ip->mo)[strlen(ip->mo)] = '\0';
-	(void) strncpy(mapout, op->mo, sizeof(mapout) - 1);
-	mapout[sizeof(mapout) - 1] = '\0';
-	ip->authtype = auth_type;
-	auth_type = op->authtype;
-	ip->clvl = clevel;
-	clevel = op->clvl;
-	ip->dlvl = dlevel;
-	dlevel = op->dlvl;
-	if (!clevel)
-	     clevel = PROT_C;
-	if (!dlevel)
-	     dlevel = PROT_C;
-	(void) signal(SIGINT, oldintr);
-	if (abrtflag) {
-		abrtflag = 0;
-		if (oldintr)
-			(*oldintr)(SIGINT);
-	}
-}
-
-int ptabflg;
-
-static sigtype
-abortpt(int sig)
-{
-	printf("\n");
-	(void) fflush(stdout);
-	ptabflg++;
-	mflag = 0;
-	abrtflag = 0;
-	longjmp(ptabort, 1);
-}
-
-static void
-proxtrans(char *cmd, char *local, char *remote)
-{
-	volatile sig_t oldintr;
-	volatile int secndflag = 0;
-	int prox_type, nfnd;
-	char *volatile cmd2;
-	 fd_set mask;
-
-	if (strcmp(cmd, "RETR"))
-		cmd2 = "RETR";
-	else
-		cmd2 = runique ? "STOU" : "STOR";
-	if ((prox_type = type) == 0) {
-		if (unix_server && unix_proxy)
-			prox_type = TYPE_I;
-		else
-			prox_type = TYPE_A;
-	}
-	if (curtype != prox_type)
-		changetype(prox_type, 1);
-	if (command("PASV") != COMPLETE) {
-		printf("proxy server does not support third party transfers.\n");
-		return;
-	}
-	pswitch(0);
-	if (!connected) {
-		printf("No primary connection\n");
-		pswitch(1);
-		code = -1;
-		return;
-	}
-	if (curtype != prox_type)
-		changetype(prox_type, 1);
-	if (command("PORT %s", pasv) != COMPLETE) {
-		pswitch(1);
-		return;
-	}
-	if (setjmp(ptabort))
-		goto die;
-	oldintr = signal(SIGINT, abortpt);
-	if (command("%s %s", cmd, remote) != PRELIM) {
-		(void) signal(SIGINT, oldintr);
-		pswitch(1);
-		return;
-	}
-	sleep(2);
-	pswitch(1);
-	secndflag++;
-	if (command("%s %s", cmd2, local) != PRELIM)
-		goto die;
-	ptflag++;
-	(void) getreply(0);
-	pswitch(0);
-	(void) getreply(0);
-	(void) signal(SIGINT, oldintr);
-	pswitch(1);
-	ptflag = 0;
-	printf("local: %s remote: %s\n", local, remote);
-	return;
-die:
-	(void) signal(SIGINT, SIG_IGN);
-	ptflag = 0;
-	if (strcmp(cmd, "RETR") && !proxy)
-		pswitch(1);
-	else if (!strcmp(cmd, "RETR") && proxy)
-		pswitch(0);
-	if (!cpend && !secndflag) {  /* only here if cmd = "STOR" (proxy=1) */
-		if (command("%s %s", cmd2, local) != PRELIM) {
-			pswitch(0);
-			if (cpend)
-				abort_remote((FILE *) NULL);
-		}
-		pswitch(1);
-		if (ptabflg)
-			code = -1;
-		(void) signal(SIGINT, oldintr);
-		return;
-	}
-	if (cpend)
-		abort_remote((FILE *) NULL);
-	pswitch(!proxy);
-	if (!cpend && !secndflag) {  /* only if cmd = "RETR" (proxy=1) */
-		if (command("%s %s", cmd2, local) != PRELIM) {
-			pswitch(0);
-			if (cpend)
-				abort_remote((FILE *) NULL);
-			pswitch(1);
-			if (ptabflg)
-				code = -1;
-			(void) signal(SIGINT, oldintr);
-			return;
-		}
-	}
-	if (cpend)
-		abort_remote((FILE *) NULL);
-	pswitch(!proxy);
-	if (cpend) {
-		FD_ZERO(&mask);
-		FD_SET(SOCKETNO(fileno(cin)), &mask);
-		if ((nfnd = empty(&mask, 10)) <= 0) {
-			if (nfnd < 0) {
-				perror("abort");
-			}
-			if (ptabflg)
-				code = -1;
-			lostpeer();
-		}
-		(void) getreply(0);
-		(void) getreply(0);
-	}
-	if (proxy)
-		pswitch(0);
-	pswitch(1);
-	if (ptabflg)
-		code = -1;
-	(void) signal(SIGINT, oldintr);
-}
-
-void reset()
-{
-   fd_set mask;
-	int nfnd = 1;
-
-	FD_ZERO(&mask);
-	while (nfnd > 0) {
-		FD_SET(SOCKETNO(fileno(cin)), &mask);
-		if ((nfnd = empty(&mask,0)) < 0) {
-			perror("reset");
-			code = -1;
-			lostpeer();
-		}
-		else if (nfnd) {
-			(void) getreply(0);
-		}
-	}
-}
-
-static char *
-gunique(char *local)
-{
-	static char new[MAXPATHLEN];
-	char *cp = strrchr(local, '/');
-	int d, count=0;
-	char ext = '1';
-
-	if (cp)
-		*cp = '\0';
-	d = access(cp ? local : ".", 2);
-	if (cp)
-		*cp = '/';
-	if (d < 0) {
-		fprintf(stderr, "local: %s: %s\n", local, strerror(errno));
-		return((char *) 0);
-	}
-	(void) strncpy(new, local, sizeof(new) - 3);
-	new[sizeof(new) - 1] = '\0';
-	cp = new + strlen(new);
-	*cp++ = '.';
-	while (!d) {
-		if (++count == 100) {
-			printf("runique: can't find unique file name.\n");
-			return((char *) 0);
-		}
-		*cp++ = ext;
-		*cp = '\0';
-		if (ext == '9')
-			ext = '0';
-		else
-			ext++;
-		if ((d = access(new, 0)) < 0)
-			break;
-		if (ext != '0')
-			cp--;
-		else if (*(cp - 2) == '.')
-			*(cp - 1) = '1';
-		else {
-			*(cp - 2) = *(cp - 2) + 1;
-			cp--;
-		}
-	}
-	return(new);
-}
-
-#ifdef GSSAPI
-static const struct {
-    gss_OID mech_type;
-    char *service_name;
-} gss_trials[] = {
-    { GSS_C_NO_OID, "ftp" },
-    { GSS_C_NO_OID, "host" },
-};
-static const int n_gss_trials = sizeof(gss_trials)/sizeof(gss_trials[0]);
-#endif /* GSSAPI */
-
-int do_auth()
-{
-	int oldverbose = verbose;
-#ifdef GSSAPI
-	u_char out_buf[FTP_BUFSIZ];
-	int i;
-#endif /* GSSAPI */
-
-	if (auth_type) return(1);	/* auth already succeeded */
-
-	/* Other auth types go here ... */
-
-#ifdef GSSAPI
-	if (command("AUTH %s", "GSSAPI") == CONTINUE) {
-	  OM_uint32 maj_stat, min_stat, dummy_stat;
-	  gss_name_t target_name;
-	  gss_buffer_desc send_tok, recv_tok, *token_ptr;
-	  char stbuf[FTP_BUFSIZ];
-	  int comcode, trial;
-	  struct gss_channel_bindings_struct chan;
-	  chan.initiator_addrtype = GSS_C_AF_INET; /* OM_uint32  */
-	  chan.initiator_address.length = 4;
-	  chan.initiator_address.value = &myctladdr.sin_addr.s_addr;
-	  chan.acceptor_addrtype = GSS_C_AF_INET; /* OM_uint32 */
-	  chan.acceptor_address.length = 4;
-	  chan.acceptor_address.value = &hisctladdr.sin_addr.s_addr;
-	  chan.application_data.length = 0;
-	  chan.application_data.value = 0;
-
-	  if (verbose)
-	    printf("GSSAPI accepted as authentication type\n");
-
-	  /* blob from gss-client */
-
-	  for (trial = 0; trial < n_gss_trials; trial++) {
-	    /* ftp@hostname first, the host@hostname */
-	    /* the V5 GSSAPI binding canonicalizes this for us... */
-	    snprintf(stbuf, sizeof(stbuf), "%s@%s",
-		     gss_trials[trial].service_name, hostname);
-	    if (debug)
-	      fprintf(stderr, "Trying to authenticate to <%s>\n", stbuf);
-
-	    send_tok.value = stbuf;
-	    send_tok.length = strlen(stbuf) + 1;
-	    maj_stat = gss_import_name(&min_stat, &send_tok,
-				       gss_nt_service_name, &target_name);
-
-	    if (maj_stat != GSS_S_COMPLETE) {
-		    user_gss_error(maj_stat, min_stat, "parsing name");
-		    secure_error("name parsed <%s>\n", stbuf);
-		    continue;
-	    }
-
-	    token_ptr = GSS_C_NO_BUFFER;
-	    gcontext = GSS_C_NO_CONTEXT; /* structure copy */
-
-	    do {
-	      if (debug)
-		fprintf(stderr, "calling gss_init_sec_context\n");
-	      maj_stat =
-		gss_init_sec_context(&min_stat,
-				     GSS_C_NO_CREDENTIAL,
-				     &gcontext,
-				     target_name,
-				     (gss_OID_desc *)gss_trials[trial].mech_type,
-				     GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
-				       (forward ? GSS_C_DELEG_FLAG :
-					(unsigned) 0),
-				     0,
-				     &chan,	/* channel bindings */
-				     token_ptr,
-				     NULL,	/* ignore mech type */
-				     &send_tok,
-				     NULL,	/* ignore ret_flags */
-				     NULL);	/* ignore time_rec */
-
-
-	      if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED){
-		if (trial == n_gss_trials-1)
-		  user_gss_error(maj_stat, min_stat, "initializing context");
-		/* could just be that we missed on the service name */
-		goto outer_loop;
-	      }
-
-	      if (send_tok.length != 0) {
-		int len = send_tok.length;
-		reply_parse = "ADAT="; /* for command() later */
-		oldverbose = verbose;
-		verbose = (trial == n_gss_trials-1)?0:-1;
-		kerror = radix_encode(send_tok.value, out_buf, &len, 0);
-		gss_release_buffer(&dummy_stat, &send_tok);
-		if (kerror)  {
-		  fprintf(stderr, "Base 64 encoding failed: %s\n",
-			  radix_error(kerror));
-		} else if ((comcode = command("ADAT %s", out_buf))!=COMPLETE
-			   && comcode != 3 /* (335) */) {
-		    if (trial == n_gss_trials-1) {
-			fprintf(stderr, "GSSAPI ADAT failed\n");
-			/* force out of loop */
-			maj_stat = GSS_S_FAILURE;
-		    }
-		    /* backoff to the v1 gssapi is still possible.  Send
-		       a new AUTH command.  If that fails, terminate the
-		       loop */
-		    if (command("AUTH %s", "GSSAPI") != CONTINUE) {
-			fprintf(stderr,
-				"GSSAPI ADAT failed, AUTH restart failed\n");
-			/* force out of loop */
-			maj_stat = GSS_S_FAILURE;
-		    }
-		    goto outer_loop;
-		} else if (!reply_parse) {
-		  fprintf(stderr,
-			  "No authentication data received from server\n");
-		  if (maj_stat == GSS_S_COMPLETE) {
-		    fprintf(stderr, "...but no more was needed\n");
-		    goto gss_complete_loop;
-		  } else {
-		    user_gss_error(maj_stat, min_stat, "no reply, huh?");
-		    goto gss_complete_loop;
-		  }
-		} else if ((kerror = radix_encode((unsigned char *)reply_parse,
-						  out_buf,&i,1))) {
-		  fprintf(stderr, "Base 64 decoding failed: %s\n",
-			  radix_error(kerror));
-		} else {
-		  /* everything worked */
-		  token_ptr = &recv_tok;
-		  recv_tok.value = out_buf;
-		  recv_tok.length = i;
-		  continue;
-		}
-
-		/* get out of loop clean */
-	      gss_complete_loop:
-		trial = n_gss_trials-1;
-		goto outer_loop;
-	      }
-	    } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-    outer_loop:
-	    gss_release_name(&dummy_stat, &target_name);
-	    if (maj_stat == GSS_S_COMPLETE)
-	        break;
-	  }
-	  verbose = oldverbose;
-	  if (maj_stat == GSS_S_COMPLETE) {
-	    printf("GSSAPI authentication succeeded\n");
-	    reply_parse = NULL;
-	    auth_type = "GSSAPI";
-	    return(1);
-	  } else {
-	    fprintf(stderr, "GSSAPI authentication failed\n");
-	    verbose = oldverbose;
-	    reply_parse = NULL;
-	  }
-	}
-#endif /* GSSAPI */
-
-	/* Other auth types go here ... */
-
-	return(0);
-}
-
-void
-setpbsz(unsigned int size)
-{
-	int oldverbose;
-
-	if (ucbuf) (void) free(ucbuf);
-	actualbuf = size;
-	while ((ucbuf = (unsigned char *)malloc(actualbuf)) == NULL)
-		if (actualbuf)
-			actualbuf >>= 2;
-		else {
-			perror("Error while trying to malloc PROT buffer:");
-			exit(1);
-		}
-	oldverbose = verbose;
-	verbose = 0;
-	reply_parse = "PBSZ=";
-	if (command("PBSZ %u", actualbuf) != COMPLETE)
-		fatal("Cannot set PROT buffer size");
-	if (reply_parse) {
-		if ((maxbuf = (unsigned int) atol(reply_parse)) > actualbuf)
-			maxbuf = actualbuf;
-	} else	maxbuf = actualbuf;
-	reply_parse = NULL;
-	verbose = oldverbose;
-}
-
-static void abort_remote(FILE *din)
-{
-	char buf[FTP_BUFSIZ];
-	int nfnd;
-	fd_set mask;
-
-	/*
-	 * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
-	 * after urgent byte rather than before as is protocol now
-	 */
-	snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC);
-	if (send(SOCKETNO(fileno(cout)), buf, 3, MSG_OOB) != 3)
-		PERROR_SOCKET("abort");
-	putc(DM, cout);
-	(void) secure_command("ABOR");
-	FD_ZERO(&mask);
-	FD_SET(SOCKETNO(fileno(cin)), &mask);
-	if (din) {
-		FD_SET(SOCKETNO(fileno(din)), &mask);
-	}
-	if ((nfnd = empty(&mask, 10)) <= 0) {
-		if (nfnd < 0) {
-			perror("abort");
-		}
-		if (ptabflg)
-			code = -1;
-		lostpeer();
-	}
-	if (din && FD_ISSET(SOCKETNO(fileno(din)), &mask)) {
-		/* Security: No threat associated with this read. */
-		while (read(fileno(din), buf, FTP_BUFSIZ) > 0)
-			/* LOOP */;
-	}
-	if (getreply(0) == ERROR && code == 552) {
-		/* 552 needed for nic style abort */
-		(void) getreply(0);
-	}
-	(void) getreply(0);
-}
-
-#ifdef GSSAPI
-void user_gss_error(OM_uint32 maj_stat, OM_uint32 min_stat, char *s)
-{
-	/* a lot of work just to report the error */
-	OM_uint32 gmaj_stat, gmin_stat, msg_ctx;
-	gss_buffer_desc msg;
-	msg_ctx = 0;
-	while (!msg_ctx) {
-		gmaj_stat = gss_display_status(&gmin_stat, maj_stat,
-					       GSS_C_GSS_CODE,
-					       GSS_C_NULL_OID,
-					       &msg_ctx, &msg);
-		if ((gmaj_stat == GSS_S_COMPLETE)||
-		    (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
-			fprintf(stderr, "GSSAPI error major: %s\n",
-				(char*)msg.value);
-			(void) gss_release_buffer(&gmin_stat, &msg);
-		}
-		if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
-			break;
-	}
-	msg_ctx = 0;
-	while (!msg_ctx) {
-		gmaj_stat = gss_display_status(&gmin_stat, min_stat,
-					       GSS_C_MECH_CODE,
-					       GSS_C_NULL_OID,
-					       &msg_ctx, &msg);
-		if ((gmaj_stat == GSS_S_COMPLETE)||
-		    (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
-			fprintf(stderr, "GSSAPI error minor: %s\n",
-				(char*)msg.value);
-			(void) gss_release_buffer(&gmin_stat, &msg);
-		}
-		if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
-			break;
-	}
-	fprintf(stderr, "GSSAPI error: %s\n", s);
-}
-
-void secure_gss_error(OM_uint32 maj_stat, OM_uint32 min_stat, char *s)
-{
-  user_gss_error(maj_stat, min_stat, s);
-  return;
-}
-#endif /* GSSAPI */
-
-#ifdef _WIN32
-
-int gettimeofday(struct timeval *tv, void *tz)
-{
-	struct _timeb tb;
-	_tzset();
-	_ftime(&tb);
-	if (tv) {
-		tv->tv_sec = tb.time;
-		tv->tv_usec = tb.millitm * 1000;
-	}
-#if 0
-	if (tz) {
-		tz->tz_minuteswest = tb.timezone;
-		tz->tz_dsttime = tb.dstflag;
-	}
-#else
-	_ASSERTE(!tz);
-#endif
-	return 0;
-}
-
-int fclose_socket(FILE* f)
-{
-	int rc = 0;
-	SOCKET _s = _get_osfhandle(_fileno(f));
-
-	rc = fclose(f);
-	if (rc)
-		return rc;
-	if (closesocket(_s) == SOCKET_ERROR)
-		return SOCKET_ERRNO;
-	return 0;
-}
-
-FILE* fdopen_socket(SOCKET s, char* mode)
-{
-	int o_mode = 0;
-	int old_fmode = _fmode;
-	FILE* f = 0;
-
-	if (strstr(mode, "a+")) o_mode |= _O_RDWR | _O_APPEND;
-	if (strstr(mode, "r+")) o_mode |= _O_RDWR;
-	if (strstr(mode, "w+")) o_mode |= _O_RDWR;
-	if (strchr(mode, 'a')) o_mode |= _O_WRONLY | _O_APPEND;
-	if (strchr(mode, 'r')) o_mode |= _O_RDONLY;
-	if (strchr(mode, 'w')) o_mode |= _O_WRONLY;
-
-	/* In theory, _open_osfhandle only takes: _O_APPEND, _O_RDONLY, _O_TEXT */
-
-	_fmode = _O_BINARY;
-	f = fdopen(_open_osfhandle(s, o_mode), mode);
-	_fmode = old_fmode;
-
-	return f;
-}
-#endif /* _WIN32 */
diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h
deleted file mode 100644
index 39386ff..0000000
--- a/src/appl/gssftp/ftp/ftp_var.h
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * Copyright (c) 1985, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftp_var.h	5.9 (Berkeley) 6/1/90
- */
-
-#ifdef _WIN32
-#include <windows.h>
-#include <winsock2.h>
-#include <ws2tcpip.h>
-#endif
-
-#ifdef _WIN32
-int fclose_socket(FILE* f);
-FILE* fdopen_socket(SOCKET s, char* mode);
-#define FCLOSE_SOCKET(f) fclose_socket(f)
-#define FDOPEN_SOCKET(s, mode) fdopen_socket(s, mode)
-#define SOCKETNO(fd) _get_osfhandle(fd)
-#define PERROR_SOCKET(str) do { errno = SOCKET_ERRNO; perror(str); } while(0)
-#else
-#define FCLOSE_SOCKET(f) fclose(f)
-#define FDOPEN_SOCKET(s, mode) fdopen(s, mode)
-#define SOCKETNO(fd) (fd)
-#define PERROR_SOCKET(str) perror(str)
-#endif
-
-#ifdef _WIN32
-typedef void (*sig_t)(int);
-typedef void sigtype;
-#else
-#define sig_t my_sig_t
-#define sigtype krb5_sigtype
-typedef sigtype (*sig_t)();
-#endif
-
-/*
- * FTP global variables.
- */
-
-#ifdef DEFINITIONS
-#define extern
-#endif
-
-/*
- * Options and other state info.
- */
-extern int	trace;		/* trace packets exchanged */
-extern int	hash;		/* print # for each buffer transferred */
-extern int	sendport;	/* use PORT cmd for each data connection */
-extern int	verbose;	/* print messages coming back from server */
-extern int	connected;	/* connected to server */
-extern int	fromatty;	/* input is from a terminal */
-extern int	interactive;	/* interactively prompt on m* cmds */
-extern int	debug;		/* debugging level */
-extern int	bell;		/* ring bell on cmd completion */
-extern int	doglob;		/* glob local file names */
-extern int autoauth;		/* Do authentication on connect */
-extern int	autologin;	/* establish user account on connection */
-extern int	autoencrypt;	/* negotiate encryption on connection */
-extern int	forward;	/* forward credentials */
-extern int	proxy;		/* proxy server connection active */
-extern int	proxflag;	/* proxy connection exists */
-extern int	sunique;	/* store files on server with unique name */
-extern int	runique;	/* store local files with unique name */
-extern int	mcase;		/* map upper to lower case for mget names */
-extern int	ntflag;		/* use ntin ntout tables for name translation */
-extern int	mapflag;	/* use mapin mapout templates on file names */
-extern int	code;		/* return/reply code for ftp command */
-extern int	crflag;		/* if 1, strip car. rets. on ascii gets */
-extern char	pasv[64];	/* passive port for proxy data connection */
-#ifndef NO_PASSIVE_MODE
-extern int	passivemode;	/* passive mode enabled */
-#endif
-extern char	*altarg;	/* argv[1] with no shell-like preprocessing  */
-extern char	ntin[17];	/* input translation table */
-extern char	ntout[17];	/* output translation table */
-#ifdef _WIN32
-#ifndef MAXPATHLEN
-#define MAXPATHLEN MAX_PATH
-#endif
-#else
-#include <sys/param.h>
-#endif
-extern char	mapin[MAXPATHLEN];	/* input map template */
-extern char	mapout[MAXPATHLEN];	/* output map template */
-extern int	clevel;		/* command channel protection level */
-extern int	dlevel;		/* data channel protection level */
-extern int	type;		/* requested file transfer type */
-extern int	curtype;	/* current file transfer type */
-extern int	stru;		/* file transfer structure */
-extern int	form;		/* file transfer format */
-extern int	mode;		/* file transfer mode */
-extern char	bytename[32];	/* local byte size in ascii */
-extern int	bytesize;	/* local byte size in binary */
-
-extern char	*hostname;	/* name of host connected to */
-extern int	unix_server;	/* server is unix, can use binary for ascii */
-extern int	unix_proxy;	/* proxy is unix, can use binary for ascii */
-
-extern struct	servent *sp;	/* service spec for tcp/ftp */
-
-#include <setjmp.h>
-extern jmp_buf	toplevel;	/* non-local goto stuff for cmd scanner */
-
-extern char	line[500];	/* input line buffer */
-extern char	*stringbase;	/* current scan point in line buffer */
-extern char	argbuf[500];	/* argument storage buffer */
-extern char	*argbase;	/* current storage point in arg buffer */
-extern int	margc;		/* count of arguments on input line */
-extern char	*margv[20];	/* args parsed from input line */
-extern int     cpend;           /* flag: if != 0, then pending server reply */
-extern int	mflag;		/* flag: if != 0, then active multi command */
-
-extern int	options;	/* used during socket creation */
-
-/*
- * Format of command table.
- */
-struct cmd {
-	char	*c_name;	/* name of command */
-	char	*c_help;	/* help string */
-	char	c_bell;		/* give bell when command completes */
-	char	c_conn;		/* must be connected to use command */
-	char	c_proxy;	/* proxy server may execute */
-	void	(*c_handler)();	/* function to call */
-};
-
-struct macel {
-	char mac_name[9];	/* macro name */
-	char *mac_start;	/* start of macro in macbuf */
-	char *mac_end;		/* end of macro in macbuf */
-};
-
-extern int macnum;		/* number of defined macros */
-extern struct macel macros[16];
-extern char macbuf[4096];
-
-#ifdef DEFINITIONS
-#undef extern
-#endif
-
-extern	char *tail();
-#ifndef _WIN32
-extern	char *mktemp();
-#endif
-
-extern int command(char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
-
-char *remglob (char **, int);
-int another (int *, char ***, char *);
-void makeargv (void);
-void setpeer (int, char **);
-void setclevel (int, char **);
-void setdlevel (int, char **);
-void ccc (void);
-void setclear (void);
-void setsafe (void);
-void setprivate (void);
-void settype (int, char **);
-void changetype (int, int);
-void setbinary (void);
-void setascii (void);
-void settenex (void);
-void set_mode  (int, char **);
-void setform  (int, char **);
-void setstruct  (int, char **);
-void siteidle  (int, char **);
-void put  (int, char **);
-void mput  (int, char **);
-void reget  (int, char **);
-void get  (int, char **);
-void mget  (int, char **);
-void status  (int, char **);
-void setbell (void);
-void settrace (void);
-void sethash (void);
-void setverbose (void);
-void setport (void);
-void setprompt (void);
-void setglob (void);
-void setdebug (int, char **);
-void cd (int, char **);
-void lcd (int, char **);
-void delete_file (int, char **);
-void mdelete (int, char **);
-void renamefile (int, char **);
-void ls (int, char **);
-void mls (int, char **);
-void shell (int, char **);
-void user (int, char **);
-void pwd (void);
-void makedir (int, char **);
-void removedir (int, char **);
-void quote (int, char **);
-void site (int, char **);
-void do_chmod (int, char **);
-void do_umask (int, char **);
-void setidle (int, char **);
-void rmthelp (int, char **);
-void quit (void);
-void disconnect (void);
-void fatal (char *);
-void account (int, char **);
-void doproxy (int, char **);
-void setcase (void);
-void setcr (void);
-void setntrans (int, char **);
-void setnmap (int, char **);
-void setsunique (void);
-void setrunique (void);
-void cdup (void);
-void restart (int, char **);
-void syst (void);
-void macdef (int, char **);
-void sizecmd (int, char **);
-void modtime (int, char **);
-void rmtstatus (int, char **);
-void newer (int, char **);
-void setpassive (void);
-
-/* ftp.c */
-void sendrequest (char *, char *, char *, int);
-void recvrequest (char *, char *volatile, char *, char *, int, int);
-int login (char *);
-void setpbsz (unsigned int);
-void pswitch (int);
-int getreply (int);
-void reset (void);
-char *hookup (char *, int);
-int do_auth (void);
-
-/* glob.c */
-void blkfree (char **);
-
-/* domacro.c */
-void domacro (int, char **);
-
-
-/* main.c */
-void help (int, char **);
-struct cmd *getcmd (char *);
-
-
-/* ruserpass.c */
-int ruserpass (char *, char **, char **, char **);
-
-/* radix.h */
-int radix_encode (unsigned char *, unsigned char *, int *, int);
-char *radix_error (int);
-
-/* getpass.c */
-char *mygetpass (char *);
-
-/* glob.c */
-char **ftpglob (char *);
diff --git a/src/appl/gssftp/ftp/getpass.c b/src/appl/gssftp/ftp/getpass.c
deleted file mode 100644
index cd27cdc..0000000
--- a/src/appl/gssftp/ftp/getpass.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- * Copyright (c) 1985 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#ifndef lint
-static	char sccsid[] = "@(#)getpass.c 1.1 90/04/28 SMI"; /* from UCB 5.4 3/7/86 */
-#endif /* not lint */
-
-#ifdef _WIN32
-#include <io.h>
-#include <windows.h>
-#include <stdio.h>
-
-static DWORD old_mode;
-static HANDLE cons_handle;
-
-BOOL WINAPI
-GetPassConsoleControlHandler(DWORD dwCtrlType)
-{
-	switch(dwCtrlType){
-	case CTRL_BREAK_EVENT:
-	case CTRL_C_EVENT:
-		printf("Interrupt\n");
-		fflush(stdout);
-		(void) SetConsoleMode(cons_handle, old_mode);
-		ExitProcess(-1);
-		break;
-	default:
-		break;
-	}
-	return TRUE;
-}
-
-char *
-mygetpass(char *prompt)
-{
-	DWORD new_mode;
-	char *ptr;
-	int scratchchar;
-	static char password[50+1];
-	int pwsize = sizeof(password);
-
-	cons_handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (cons_handle == INVALID_HANDLE_VALUE)
-		return NULL;
-	if (!GetConsoleMode(cons_handle, &old_mode))
-		return NULL;
-
-	new_mode = old_mode;
-	new_mode |=  ( ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT );
-	new_mode &= ~( ENABLE_ECHO_INPUT );
-
-	if (!SetConsoleMode(cons_handle, new_mode))
-		return NULL;
-
-	SetConsoleCtrlHandler(&GetPassConsoleControlHandler, TRUE);
-
-	(void) fputs(prompt, stdout);
-	(void) fflush(stdout);
-	(void) memset(password, 0, pwsize);
-
-	if (fgets(password, pwsize, stdin) == NULL) {
-		if (ferror(stdin))
-			goto out;
-		(void) putchar('\n');
-	}
-	else {
-		(void) putchar('\n');
-
-		if ((ptr = strchr(password, '\n')))
-			*ptr = '\0';
-		else /* need to flush */
-			do {
-				scratchchar = getchar();
-			} while (scratchchar != EOF && scratchchar != '\n');
-	}
-
-out:
-	(void) SetConsoleMode(cons_handle, old_mode);
-	SetConsoleCtrlHandler(&GetPassConsoleControlHandler, FALSE);
-
-	return password;
-}
-
-#else /* !_WIN32 */
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <stdio.h>
-#include <signal.h>
-
-#if defined (POSIX) || defined (POSIX_TERMIOS)
-#include <termios.h>
-static	struct termios ttyo, ttyb;
-#define stty(f, t) tcsetattr(f, TCSANOW, t)
-#define gtty(f, t) tcgetattr(f, t)
-#else
-#include <sgtty.h>
-static	struct sgttyb ttyo, ttyb;
-#endif
-
-#include "ftp_var.h"
-
-static	FILE *fi;
-
-static sigtype
-intfix(sig)
-	int sig;
-{
-	if (fi != NULL)
-		(void) stty(fileno(fi), &ttyo);
-	exit(SIGINT);
-}
-
-char *
-mygetpass(prompt)
-char *prompt;
-{
-	register char *p;
-	register int c;
-	static char pbuf[50+1];
-	sigtype (*sig)();
-
-	if ((fi = fopen("/dev/tty", "r")) == NULL)
-		fi = stdin;
-	else
-		setbuf(fi, (char *)NULL);
-	sig = signal(SIGINT, intfix);
-	(void) gtty(fileno(fi), &ttyb);
-	ttyo = ttyb;
-#if defined (POSIX) || defined (POSIX_TERMIOS)
-	ttyb.c_lflag &= ~ECHO;
-#else
-	ttyb.sg_flags &= ~ECHO;
-#endif
-	(void) stty(fileno(fi), &ttyb);
-	fprintf(stderr, "%s", prompt); (void) fflush(stderr);
-	for (p=pbuf; (c = getc(fi))!='\n' && c!=EOF;) {
-		if (p < &pbuf[sizeof(pbuf)-1])
-			*p++ = c;
-	}
-	*p = '\0';
-	fprintf(stderr, "\n"); (void) fflush(stderr);
-	(void) stty(fileno(fi), &ttyo);
-	(void) signal(SIGINT, sig);
-	if (fi != stdin)
-		(void) fclose(fi);
-	return(pbuf);
-}
-
-#endif /* !_WIN32 */
diff --git a/src/appl/gssftp/ftp/glob.c b/src/appl/gssftp/ftp/glob.c
deleted file mode 100644
index 3d62284..0000000
--- a/src/appl/gssftp/ftp/glob.c
+++ /dev/null
@@ -1,784 +0,0 @@
-/*
- * Copyright (c) 1980 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)glob.c	5.9 (Berkeley) 2/25/91";
-#endif /* not lint */
-
-/*
- * C-shell glob for random programs.
- */
-
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-
-#ifndef _WIN32
-#include <sys/param.h>
-#include <dirent.h>
-#include <pwd.h>
-#endif
-
-#ifdef POSIX
-#include <limits.h>
-#endif
-
-#include <k5-platform.h>
-
-#include "ftp_var.h"
-
-#ifdef ARG_MAX
-#undef NCARGS
-#define NCARGS ARG_MAX
-#endif
-
-#ifndef NCARGS
-#define NCARGS 4096
-#endif
-
-#define	QUOTE 0200
-#define	TRIM 0177
-#define	eq(a,b)		(strcmp(a, b)==0)
-#define	GAVSIZ		(NCARGS/6)
-#define	isdir(d)	((d.st_mode & S_IFMT) == S_IFDIR)
-
-static	char **gargv;		/* Pointer to the (stack) arglist */
-static	int gargc;		/* Number args in gargv */
-static	int gnleft;
-static	short gflag;
-char	**ftpglob();
-char	*globerr;
-char	*home;
-static	char *strspl (char *, char *), *strend (char *);
-char	**copyblk (char **);
-
-static void acollect (char *), addpath (int),
-  collect (char *), expand (char *),
-  Gcat (char *, char *);
-static void ginit (char **), matchdir (char *),
-  rscan (char **, int (*f)()), sort (void);
-static int amatch (char *, char *),
-  execbrc (char *, char *), match (char *, char *);
-static int digit (int), letter (int),
-  any (int, char *);
-#ifndef _WIN32
-static int gethdir (char *);
-#endif
-static int tglob (int );
-
-static	int globcnt;
-
-char	*globchars = "`{[*?";
-
-static	char *gpath, *gpathp, *lastgpathp;
-static	int globbed;
-static	char *entp;
-static	char **sortbas;
-
-char **
-ftpglob(v)
-	register char *v;
-{
-	char agpath[FTP_BUFSIZ];
-	char *agargv[GAVSIZ];
-	char *vv[2];
-	vv[0] = v;
-	vv[1] = 0;
-	gflag = 0;
-	rscan(vv, tglob);
-	if (gflag == 0) {
-	  /* Caller will always free the contents, so make a copy.  */
-	  size_t len = strlen (v) + 1;
-	  vv[0] = malloc (len);
-	  if (vv[0] == 0) {
-	    globerr = "Can't allocate memory";
-	    return 0;
-	  }
-	  memcpy (vv[0], v, len);
-	  return (copyblk(vv));
-	}
-
-	globerr = 0;
-	gpath = agpath; gpathp = gpath; *gpathp = 0;
-	lastgpathp = &gpath[sizeof(agpath) - 1];
-	ginit(agargv); globcnt = 0;
-	collect(v);
-	if (globcnt == 0 && (gflag&1)) {
-		blkfree(gargv), gargv = 0;
-		return (0);
-	} else
-		return (gargv = copyblk(gargv));
-}
-
-static void
-ginit(agargv)
-	char **agargv;
-{
-
-	agargv[0] = 0; gargv = agargv; sortbas = agargv; gargc = 0;
-	gnleft = NCARGS - 4;
-}
-
-static void
-collect(as)
-	register char *as;
-{
-	if (eq(as, "{") || eq(as, "{}")) {
-		Gcat(as, "");
-		sort();
-	} else
-		acollect(as);
-}
-
-static void
-acollect(as)
-	register char *as;
-{
-	register int ogargc = gargc;
-
-	gpathp = gpath; *gpathp = 0; globbed = 0;
-	expand(as);
-	if (gargc != ogargc)
-		sort();
-}
-
-static void
-sort()
-{
-	register char **p1, **p2, *c;
-	char **Gvp = &gargv[gargc];
-
-	p1 = sortbas;
-	while (p1 < Gvp-1) {
-		p2 = p1;
-		while (++p2 < Gvp)
-			if (strcmp(*p1, *p2) > 0)
-				c = *p1, *p1 = *p2, *p2 = c;
-		p1++;
-	}
-	sortbas = Gvp;
-}
-
-static void
-expand(as)
-	char *as;
-{
-	register char *cs;
-	register char *sgpathp, *oldcs;
-	struct stat stb;
-
-	sgpathp = gpathp;
-	cs = as;
-#ifndef _WIN32
-	if (*cs == '~' && gpathp == gpath) {
-		addpath('~');
-		for (cs++; letter(*cs) || digit(*cs) || *cs == '-';)
-			addpath(*cs++);
-		if (!*cs || *cs == '/') {
-			if (gpathp != gpath + 1) {
-				*gpathp = 0;
-				if (gethdir(gpath + 1))
-					globerr = "Unknown user name after ~";
-				(void) memmove(gpath, gpath + 1,
-					       strlen(gpath));
-			} else
-				(void) strncpy(gpath, home, FTP_BUFSIZ - 1);
-			gpath[FTP_BUFSIZ - 1] = '\0';
-			gpathp = strend(gpath);
-		}
-	}
-#endif
-	while (!any(*cs, globchars)) {
-		if (*cs == 0) {
-			if (!globbed)
-				Gcat(gpath, "");
-			else if (stat(gpath, &stb) >= 0) {
-				Gcat(gpath, "");
-				globcnt++;
-			}
-			goto endit;
-		}
-		addpath(*cs++);
-	}
-	oldcs = cs;
-	while (cs > as && *cs != '/')
-		cs--, gpathp--;
-	if (*cs == '/')
-		cs++, gpathp++;
-	*gpathp = 0;
-	if (*oldcs == '{') {
-		(void) execbrc(cs, ((char *)0));
-		return;
-	}
-	matchdir(cs);
-endit:
-	gpathp = sgpathp;
-	*gpathp = 0;
-}
-
-#ifdef _WIN32
-
-static void
-matchdir(pattern)
-	char *pattern;
-{
-	HANDLE hFile = INVALID_HANDLE_VALUE;
-	WIN32_FIND_DATA file_data;
-	char *base = *gpath ? gpath : ".";
-	char *buffer = 0;
-
-	if (asprintf(&buffer, "%s\\*", base) < 0) return;
-	hFile = FindFirstFile(buffer, &file_data);
-	if (hFile == INVALID_HANDLE_VALUE) {
-		if (!globbed)
-			globerr = "Bad directory components";
-		return;
-	}
-	do {
-		if (match(file_data.cFileName, pattern)) {
-			Gcat(gpath, file_data.cFileName);
-			globcnt++;
-		}
-	} while (FindNextFile(hFile, &file_data));
-	FindClose(hFile);
-}
-
-#else /* !_WIN32 */
-
-static void
-matchdir(pattern)
-	char *pattern;
-{
-#if 0
-	struct stat stb;
-#endif
-	register struct dirent *dp;
-	DIR *dirp;
-
-	dirp = opendir(*gpath?gpath:".");
-	if (dirp == NULL) {
-		if (globbed)
-			return;
-		goto patherr2;
-	}
-	/* This fails on systems where you can't inspect the contents of
-	   the DIR structure.  If there are systems whose opendir does
-	   not check for a directory, then use stat, not fstat. */
-#if 0
-	if (fstat(dirp->dd_fd, &stb) < 0)
-		goto patherr1;
-	if (!isdir(stb)) {
-		errno = ENOTDIR;
-		goto patherr1;
-	}
-#endif
-	while ((dp = readdir(dirp)) != NULL) {
-		if (dp->d_ino == 0)
-			continue;
-		if (match(dp->d_name, pattern)) {
-			Gcat(gpath, dp->d_name);
-			globcnt++;
-		}
-	}
-	closedir(dirp);
-	return;
-
-#if 0
-patherr1:
-#endif
-	closedir(dirp);
-patherr2:
-	globerr = "Bad directory components";
-}
-
-#endif /* !_WIN32 */
-
-static int
-execbrc(p, s)
-	char *p, *s;
-{
-	char restbuf[FTP_BUFSIZ + 2];
-	register char *pe, *pm, *pl;
-	int brclev = 0;
-	char *lm, savec, *sgpathp;
-
-	for (lm = restbuf; *p != '{'; *lm++ = *p++)
-		continue;
-	/* pe starts pointing to one past the first '{'. */
-	for (pe = ++p; *pe; pe++)
-	switch (*pe) {
-
-	case '{':
-		brclev++;
-		continue;
-
-	case '}':
-		if (brclev == 0)
-			goto pend;
-		brclev--;
-		continue;
-
-	case '[':
-		for (pe++; *pe && *pe != ']'; pe++)
-			continue;
-		if (!*pe)
-			pe--;
-		continue;
-	}
-pend:
-	brclev = 0;
-	for (pl = pm = p; pm <= pe; pm++)
-	switch (*pm & (QUOTE|TRIM)) {
-
-	case '{':
-		brclev++;
-		continue;
-
-	case '}':
-		if (brclev) {	/* brclev = 0 is outermost brace set */
-			brclev--;
-			continue;
-		}
-		goto doit;
-
-	case ','|QUOTE:
-	case ',':
-		if (brclev)
-			continue;
-doit:
-		savec = *pm;
-		*pm = 0;
-		(void) strncpy(lm, pl, sizeof(restbuf) - 1 - (lm - restbuf));
-		restbuf[sizeof(restbuf) - 1] = '\0';
-		if (*pe) {
-			(void) strncat(restbuf, pe + 1,
-				       sizeof(restbuf) - 1 - strlen(restbuf));
-		}
-		*pm = savec;
-		if (s == 0) {
-			sgpathp = gpathp;
-			expand(restbuf);
-			gpathp = sgpathp;
-			*gpathp = 0;
-		} else if (amatch(s, restbuf))
-			return (1);
-		sort();
-		pl = pm + 1;
-		if (brclev)
-			return (0);
-		continue;
-
-	case '[':
-		for (pm++; *pm && *pm != ']'; pm++)
-			continue;
-		if (!*pm)
-			pm--;
-		continue;
-	}
-	if (brclev)
-		goto doit;
-	return (0);
-}
-
-static int
-match(s, p)
-	char *s, *p;
-{
-	register int c;
-	register char *sentp;
-	char sglobbed = globbed;
-
-	if (*s == '.' && *p != '.')
-		return (0);
-	sentp = entp;
-	entp = s;
-	c = amatch(s, p);
-	entp = sentp;
-	globbed = sglobbed;
-	return (c);
-}
-
-static int
-amatch(s, p)
-	register char *s, *p;
-{
-	register int scc;
-	int ok, lc;
-	char *sgpathp;
-	struct stat stb;
-	int c, cc;
-
-	globbed = 1;
-	for (;;) {
-		scc = *s++ & TRIM;
-		switch (c = *p++) {
-
-		case '{':
-			return (execbrc(p - 1, s - 1));
-
-		case '[':
-			ok = 0;
-			lc = 077777;
-			while ((cc = *p++)) {
-				if (cc == ']') {
-					if (ok)
-						break;
-					return (0);
-				}
-				if (cc == '-') {
-					if (lc <= scc && scc <= *p++)
-						ok++;
-				} else
-					if (scc == (lc = cc))
-						ok++;
-			}
-			if (cc == 0) {
-				if (ok)
-					p--;
-				else
-					return 0;
-			}
-			continue;
-
-		case '*':
-			/* Multiple stars are equivalent to one.
-			   Don't chew up cpu time with O(n**2)
-			   recursion if a long string of them is
-			   given.  */
-			while (*p == '*')
-				p++;
-			if (!*p)
-				return (1);
-			if (*p == '/') {
-				p++;
-				goto slash;
-			}
-			s--;
-			do {
-				if (amatch(s, p))
-					return (1);
-			} while (*s++);
-			return (0);
-
-		case 0:
-			return (scc == 0);
-
-		default:
-			if (c != scc)
-				return (0);
-			continue;
-
-		case '?':
-			if (scc == 0)
-				return (0);
-			continue;
-
-		case '/':
-			if (scc)
-				return (0);
-slash:
-			s = entp;
-			sgpathp = gpathp;
-			while (*s)
-				addpath(*s++);
-			addpath('/');
-			if (stat(gpath, &stb) == 0 && isdir(stb)) {
-				if (*p == 0) {
-					Gcat(gpath, "");
-					globcnt++;
-				} else
-					expand(p);
-			}
-			gpathp = sgpathp;
-			*gpathp = 0;
-			return (0);
-		}
-	}
-}
-
-static int
-Gmatch(s, p)
-	register char *s, *p;
-{
-	register int scc;
-	int ok, lc;
-	int c, cc;
-
-	for (;;) {
-		scc = *s++ & TRIM;
-		switch (c = *p++) {
-
-		case '[':
-			ok = 0;
-			lc = 077777;
-			while ((cc = *p++)) {
-				if (cc == ']') {
-					if (ok)
-						break;
-					return (0);
-				}
-				if (cc == '-') {
-					if (lc <= scc && scc <= *p++)
-						ok++;
-				} else
-					if (scc == (lc = cc))
-						ok++;
-			}
-			if (cc == 0) {
-				if (ok)
-					p--;
-				else
-					return 0;
-			}
-			continue;
-
-		case '*':
-			if (!*p)
-				return (1);
-			for (s--; *s; s++)
-				if (Gmatch(s, p))
-					return (1);
-			return (0);
-
-		case 0:
-			return (scc == 0);
-
-		default:
-			if ((c & TRIM) != scc)
-				return (0);
-			continue;
-
-		case '?':
-			if (scc == 0)
-				return (0);
-			continue;
-
-		}
-	}
-}
-
-static void
-Gcat(s1, s2)
-	register char *s1, *s2;
-{
-	register int len = strlen(s1) + strlen(s2) + 1;
-
-	if (len >= gnleft || gargc >= GAVSIZ - 1)
-		globerr = "Arguments too long";
-	else {
-		gargc++;
-		gnleft -= len;
-		gargv[gargc] = 0;
-		gargv[gargc - 1] = strspl(s1, s2);
-	}
-}
-
-static void
-addpath(c)
-	int c;
-{
-
-	if (gpathp >= lastgpathp)
-		globerr = "Pathname too long";
-	else {
-		*gpathp++ = c & 0xff;
-		*gpathp = 0;
-	}
-}
-
-static void
-rscan(t, f)
-	register char **t;
-	int (*f)();
-{
-	register char *p, c;
-
-	while ((p = *t++)) {
-		if (f == tglob) {
-			if (*p == '~')
-				gflag |= 2;
-			else if (eq(p, "{") || eq(p, "{}"))
-				continue;
-		}
-		while ((c = *p++))
-			(*f)(c);
-	}
-}
-/*
-static
-scan(t, f)
-	register char **t;
-	int (*f)();
-{
-	register char *p, c;
-
-	while (p = *t++)
-		while (c = *p)
-			*p++ = (*f)(c);
-} */
-
-static int
-tglob(c)
-	register int c;
-{
-
-	if (any(c, globchars))
-		gflag |= c == '{' ? 2 : 1;
-	return (c);
-}
-/*
-static
-trim(c)
-	char c;
-{
-
-	return (c & TRIM);
-} */
-
-
-static int
-letter(c)
-	register int c;
-{
-
-	return ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || c == '_');
-}
-
-static int
-digit(c)
-	register int c;
-{
-
-	return (c >= '0' && c <= '9');
-}
-
-static int any(c, s)
-	register int c;
-	register char *s;
-{
-
-	while (*s)
-		if (*s++ == c)
-			return(1);
-	return(0);
-}
-static int blklen(av)
-	register char **av;
-{
-	register int i = 0;
-
-	while (*av++)
-		i++;
-	return (i);
-}
-
-static char **
-blkcpy(oav, bv)
-	char **oav;
-	register char **bv;
-{
-	register char **av = oav;
-
-	while ((*av++ = *bv++))
-		continue;
-	return (oav);
-}
-
-void blkfree(av0)
-	char **av0;
-{
-	register char **av = av0;
-
-	while (*av)
-		free(*av++);
-}
-
-static
-char *
-strspl(cp, dp)
-	register char *cp, *dp;
-{
-	char *ep;
-
-	if (asprintf(&ep, "%s%s", cp, dp) < 0)
-		fatal("Out of memory");
-	return (ep);
-}
-
-char **
-copyblk(v)
-	register char **v;
-{
-	register char **nv = (char **)malloc((unsigned)((blklen(v) + 1) *
-						sizeof(char **)));
-	if (nv == (char **)0)
-		fatal("Out of memory");
-
-	return (blkcpy(nv, v));
-}
-
-static
-char *
-strend(cp)
-	register char *cp;
-{
-
-	while (*cp)
-		cp++;
-	return (cp);
-}
-
-#ifndef _WIN32
-/*
- * Extract a home directory from the password file
- * The argument points to a buffer where the name of the
- * user whose home directory is sought is currently.
- * We write the home directory of the user back there.
- */
-static int gethdir(mhome)
-	char *mhome;
-{
-	register struct passwd *pp = getpwnam(mhome);
-	size_t bufsize = lastgpathp - mhome;
-
-	if (!pp)
-		return (1);
-	if (strlcpy(mhome, pp->pw_dir, bufsize) >= bufsize)
-		return (1);
-	return (0);
-}
-#endif
diff --git a/src/appl/gssftp/ftp/main.c b/src/appl/gssftp/ftp/main.c
deleted file mode 100644
index 48302cd..0000000
--- a/src/appl/gssftp/ftp/main.c
+++ /dev/null
@@ -1,606 +0,0 @@
-/*
- * Copyright (c) 1985, 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-char copyright[] =
-"@(#) Copyright (c) 1985, 1989 Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)main.c	5.18 (Berkeley) 3/1/91";
-#endif /* not lint */
-
-/*
- * FTP User Program -- Command Interface.
- */
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <stdio.h>
-#include <signal.h>
-#include "ftp_var.h"
-#ifndef _WIN32
-#include <sys/socket.h>
-#include <netdb.h>
-#include <sys/ioctl.h>
-#include <sys/types.h>
-#include <pwd.h>
-#endif /* !_WIN32 */
-
-#ifdef _WIN32
-#include <io.h>
-#undef ERROR
-#endif
-
-#include <arpa/ftp.h>
-
-#include <string.h>
-#include <errno.h>
-#include <ctype.h>
-
-#include <port-sockets.h>
-
-#ifdef _WIN32
-/* For SO_SYNCHRONOUS_NONALERT and SO_OPENTYPE: */
-#include <mswsock.h>
-#endif
-
-#ifndef _WIN32
-uid_t	getuid();
-#endif
-
-sigtype	intr (int), lostpeer (int);
-extern	char *home;
-char	*getlogin();
-
-static void cmdscanner (int);
-static char *slurpstring (void);
-
-
-int
-main(argc, argv)
-	volatile int argc;
-	char **volatile argv;
-{
-	register char *cp;
-	int top;
-#ifndef _WIN32
-	struct passwd *pw = NULL;
-#endif
-	char homedir[MAXPATHLEN];
-	char *progname = argv[0];
-
-#ifdef _WIN32
-	DWORD optionValue = SO_SYNCHRONOUS_NONALERT;
-	if (setsockopt(INVALID_SOCKET, SOL_SOCKET, SO_OPENTYPE, (char *)&optionValue, sizeof(optionValue)) == SOCKET_ERROR) {
-		fprintf(stderr, "ftp: cannot enable synchronous sockets\n");
-		exit(1);
-	}
-#endif
-
-	sp = getservbyname("ftp", "tcp");
-	if (sp == 0) {
-		fprintf(stderr, "ftp: ftp/tcp: unknown service\n");
-		exit(1);
-	}
-	doglob = 1;
-	interactive = 1;
-	autoauth = 1;
-	autologin = 1;
-	forward = 0;
-	autoencrypt = 0;
-	argc--, argv++;
-	while (argc > 0 && **argv == '-') {
-		for (cp = *argv + 1; *cp; cp++)
-			switch (*cp) {
-
-			case 'd':
-				options |= SO_DEBUG;
-				debug++;
-				break;
-
-			case 'v':
-				verbose++;
-				break;
-
-			case 't':
-				trace++;
-				break;
-
-			case 'i':
-				interactive = 0;
-				break;
-
-			case 'n':
-				autologin = 0;
-				break;
-
-			case 'g':
-				doglob = 0;
-				break;
-
-			case 'u':
-				autoauth = 0;
-				break;
-
-			case 'f':
-				forward = 1;
-				break;
-
-			case 'x':
-				autoencrypt = 1;
-				break;
-
-			default:
-			  fprintf(stderr,
-				  "ftp: %c: unknown option\n", *cp);
-			  fprintf(stderr, "Usage: %s [-v] [-d] [-i] [-n] [-g] "
-				  "[-k realm] [-f] [-x] [-u] [-t] [host]\n",
-				  progname);
-			  exit(1);
-			}
-	nextopt:
-		argc--, argv++;
-	}
-	fromatty = isatty(fileno(stdin));
-	if (fromatty)
-		verbose++;
-	cpend = 0;	/* no pending replies */
-	proxy = 0;	/* proxy not active */
-#ifndef NO_PASSIVE_MODE
-	passivemode = 0; /* passive mode not active */
-#endif
-	crflag = 1;	/* strip c.r. on ascii gets */
-	sendport = -1;	/* not using ports */
-	/*
-	 * Set up the home directory in case we're globbing.
-	 */
-#ifdef _WIN32
-	cp = getenv("HOME");
-	if (cp != NULL) {
-		home = homedir;
-		(void) strncpy(home, cp, sizeof(homedir) - 1);
-		homedir[sizeof(homedir) - 1] = '\0';
-	}
-#else /* !_WIN32 */
-	cp = getlogin();
-	if (cp != NULL) {
-		pw = getpwnam(cp);
-	}
-	if (pw == NULL)
-		pw = getpwuid(getuid());
-	if (pw != NULL) {
-		home = homedir;
-		(void) strncpy(home, pw->pw_dir, sizeof(homedir) - 1);
-		homedir[sizeof(homedir) - 1] = '\0';
-	}
-#endif /* !_WIN32 */
-	if (argc > 0) {
-		if (setjmp(toplevel))
-			exit(0);
-		(void) signal(SIGINT, intr);
-#ifdef SIGPIPE
-		(void) signal(SIGPIPE, lostpeer);
-#endif
-		setpeer(argc + 1, argv - 1);
-	}
-	top = setjmp(toplevel) == 0;
-	if (top) {
-		(void) signal(SIGINT, intr);
-#ifdef SIGPIPE
-		(void) signal(SIGPIPE, lostpeer);
-#endif
-	}
-	for (;;) {
-		cmdscanner(top);
-		top = 1;
-	}
-}
-
-sigtype
-intr(sig)
-	int sig;
-{
-
-	longjmp(toplevel, 1);
-}
-
-sigtype
-lostpeer(sig)
-	int sig;
-{
-	extern FILE *cout;
-	extern SOCKET data;
-	extern char *auth_type;
-	extern int clevel;
-	extern int dlevel;
-
-	if (connected) {
-		if (cout != NULL) {
-			(void) shutdown(SOCKETNO(fileno(cout)), 1+1);
-			(void) FCLOSE_SOCKET(cout);
-			cout = NULL;
-		}
-		if (data != INVALID_SOCKET) {
-			(void) shutdown(data, 1+1);
-			(void) closesocket(data);
-			data = INVALID_SOCKET;
-		}
-		connected = 0;
-		auth_type = NULL;
-		clevel = dlevel = PROT_C;
-	}
-	pswitch(1);
-	if (connected) {
-		if (cout != NULL) {
-			(void) shutdown(SOCKETNO(fileno(cout)), 1+1);
-			(void) FCLOSE_SOCKET(cout);
-			cout = NULL;
-		}
-		connected = 0;
-		auth_type = NULL;
-		clevel = dlevel = PROT_C;
-	}
-	proxflag = 0;
-	pswitch(0);
-}
-
-/*char *
-tail(filename)
-	char *filename;
-{
-	register char *s;
-
-	while (*filename) {
-		s = strrchr(filename, '/');
-		if (s == NULL)
-			break;
-		if (s[1])
-			return (s + 1);
-		*s = '\0';
-	}
-	return (filename);
-}
-*/
-/*
- * Command parser.
- */
-static void
-cmdscanner(top)
-	int top;
-{
-	register struct cmd *c;
-	register int l;
-
-	if (!top)
-		(void) putchar('\n');
-	for (;;) {
-		if (fromatty) {
-			printf("ftp> ");
-			(void) fflush(stdout);
-		}
-		if (fgets(line, sizeof line, stdin) == NULL)
-			quit();
-		l = strlen(line);
-		if (l == 0)
-			break;
-		if (line[--l] == '\n') {
-			if (l == 0)
-				break;
-			line[l] = '\0';
-		} else if (l == sizeof(line) - 2) {
-			printf("sorry, input line too long\n");
-			while ((l = getchar()) != '\n' && l != EOF)
-				/* void */;
-			break;
-		} /* else it was a line without a newline */
-		makeargv();
-		if (margc == 0) {
-			continue;
-		}
-		c = getcmd(margv[0]);
-		if (c == (struct cmd *)-1) {
-			printf("?Ambiguous command\n");
-			continue;
-		}
-		if (c == 0) {
-			printf("?Invalid command\n");
-			continue;
-		}
-		if (c->c_conn && !connected) {
-			printf("Not connected.\n");
-			continue;
-		}
-		(*c->c_handler)(margc, margv);
-		if (bell && c->c_bell)
-			(void) putchar('\007');
-		if (c->c_handler != help)
-			break;
-	}
-	(void) signal(SIGINT, intr);
-#ifdef SIGPIPE
-	(void) signal(SIGPIPE, lostpeer);
-#endif
-}
-
-struct cmd *
-getcmd(name)
-	register char *name;
-{
-	extern struct cmd cmdtab[];
-	register char *p, *q;
-	register struct cmd *c, *found;
-	register int nmatches, longest;
-
-	longest = 0;
-	nmatches = 0;
-	found = 0;
-	for (c = cmdtab; (p = c->c_name) != NULL; c++) {
-		for (q = name; *q == *p++; q++)
-			if (*q == 0)		/* exact match? */
-				return (c);
-		if (!*q) {			/* the name was a prefix */
-			if (q - name > longest) {
-				longest = q - name;
-				nmatches = 1;
-				found = c;
-			} else if (q - name == longest)
-				nmatches++;
-		}
-	}
-	if (nmatches > 1)
-		return ((struct cmd *)-1);
-	return (found);
-}
-
-/*
- * Slice a string up into argc/argv.
- */
-
-int slrflag;
-
-void makeargv()
-{
-	char **argp;
-
-	margc = 0;
-	argp = margv;
-	stringbase = line;		/* scan from first of buffer */
-	argbase = argbuf;		/* store from first of buffer */
-	slrflag = 0;
-	while ((*argp++ = slurpstring())) {
-		margc++;
-		if (margc == sizeof(margv)/sizeof(margv[0])) {
-			printf("sorry, too many arguments in input line\n");
-			margc = 0;
-			margv[0] = 0;
-			return;
-		}
-	}
-}
-
-/*
- * Parse string into argbuf;
- * implemented with FSM to
- * handle quoting and strings
- */
-static char *
-slurpstring()
-{
-	int got_one = 0;
-	register char *sb = stringbase;
-	register char *ap = argbase;
-	char *tmp = argbase;		/* will return this if token found */
-
-	if (*sb == '!' || *sb == '$') {	/* recognize ! as a token for shell */
-		switch (slrflag) {	/* and $ as token for macro invoke */
-			case 0:
-				slrflag++;
-				stringbase++;
-				return ((*sb == '!') ? "!" : "$");
-				/* NOTREACHED */
-			case 1:
-				slrflag++;
-				altarg = stringbase;
-				break;
-			default:
-				break;
-		}
-	}
-
-S0:
-	switch (*sb) {
-
-	case '\0':
-		goto EXIT;
-
-	case ' ':
-	case '\t':
-		sb++; goto S0;
-
-	default:
-		switch (slrflag) {
-			case 0:
-				slrflag++;
-				break;
-			case 1:
-				slrflag++;
-				altarg = sb;
-				break;
-			default:
-				break;
-		}
-		goto S1;
-	}
-
-S1:
-	switch (*sb) {
-
-	case ' ':
-	case '\t':
-	case '\0':
-		goto EXIT;	/* end of token */
-
-	case '\\':
-		sb++; goto S2;	/* slurp next character */
-
-	case '"':
-		sb++; goto S3;	/* slurp quoted string */
-
-	default:
-		*ap++ = *sb++;	/* add character to token */
-		got_one = 1;
-		goto S1;
-	}
-
-S2:
-	switch (*sb) {
-
-	case '\0':
-		goto EXIT;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S1;
-	}
-
-S3:
-	switch (*sb) {
-
-	case '\0':
-		goto EXIT;
-
-	case '"':
-		sb++; goto S1;
-
-	default:
-		*ap++ = *sb++;
-		got_one = 1;
-		goto S3;
-	}
-
-EXIT:
-	if (got_one)
-		*ap++ = '\0';
-	argbase = ap;			/* update storage pointer */
-	stringbase = sb;		/* update scan pointer */
-	if (got_one) {
-		return(tmp);
-	}
-	switch (slrflag) {
-		case 0:
-			slrflag++;
-			break;
-		case 1:
-			slrflag++;
-			altarg = (char *) 0;
-			break;
-		default:
-			break;
-	}
-	return((char *)0);
-}
-
-#define	HELPINDENT ((int) sizeof("disconnect"))
-
-/*
- * Help command.
- * Call each command handler with argc == 0 and argv[0] == name.
- */
-void help(argc, argv)
-	int argc;
-	char *argv[];
-{
-	extern struct cmd cmdtab[];
-	register struct cmd *c;
-
-	if (argc == 1) {
-		register int i, j, w, k;
-		int columns, width = 0, lines;
-		extern int NCMDS;
-
-		printf("Commands may be abbreviated.  Commands are:\n\n");
-		for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
-			int len = strlen(c->c_name);
-
-			if (len > width)
-				width = len;
-		}
-		width = (width + 8) &~ 7;
-		columns = 80 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-			for (j = 0; j < columns; j++) {
-				c = cmdtab + j * lines + i;
-				if (c->c_name && (!proxy || c->c_proxy)) {
-					printf("%s", c->c_name);
-				}
-				else if (c->c_name) {
-					for (k=0; k < strlen(c->c_name); k++) {
-						(void) putchar(' ');
-					}
-				}
-				if (c + lines >= &cmdtab[NCMDS]) {
-					printf("\n");
-					break;
-				}
-				w = strlen(c->c_name);
-				while (w < width) {
-					w = (w + 8) &~ 7;
-					(void) putchar('\t');
-				}
-			}
-		}
-		return;
-	}
-	while (--argc > 0) {
-		register char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (c == (struct cmd *)-1)
-			printf("?Ambiguous help command %s\n", arg);
-		else if (c == (struct cmd *)0)
-			printf("?Invalid help command %s\n", arg);
-		else
-			printf("%-*s\t%s\n", HELPINDENT,
-				c->c_name, c->c_help);
-	}
-}
diff --git a/src/appl/gssftp/ftp/pathnames.h b/src/appl/gssftp/ftp/pathnames.h
deleted file mode 100644
index 7c0de5b..0000000
--- a/src/appl/gssftp/ftp/pathnames.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 1989 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	5.2 (Berkeley) 6/1/90
- */
-
-#undef _PATH_TMP
-#define	_PATH_TMP	"/tmp/ftpXXXXXX"
diff --git a/src/appl/gssftp/ftp/pclose.c b/src/appl/gssftp/ftp/pclose.c
deleted file mode 100644
index 5d6a5aa..0000000
--- a/src/appl/gssftp/ftp/pclose.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright (c) 1980 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-#ifndef lint
-static	char sccsid[] = "@(#)pclose.c 1.1 90/04/28 SMI"; /* from UCB 1.2 3/7/86 */
-#endif /* not lint */
-
-#include <stdio.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#include <signal.h>
-#include <sys/param.h>
-#include <sys/wait.h>
-#define sig_t my_sig_t
-#define sigtype krb5_sigtype
-typedef sigtype (*sig_t)();
-
-#define	tst(a,b)	(*mode == 'r'? (b) : (a))
-#define	RDR	0
-#define	WTR	1
-
-static	int *popen_pid;
-static	int nfiles;
-
-#ifndef HAVE_GETDTABLESIZE
-#include <sys/resource.h>
-int getdtablesize() {
-  struct rlimit rl;
-  getrlimit(RLIMIT_NOFILE, &rl);
-  return rl.rlim_cur;
-}
-#endif
-
-FILE *
-mypopen(cmd,mode)
-	char *cmd;
-	char *mode;
-{
-	int p[2];
-	volatile int myside, hisside;
-	int pid;
-
-	if (nfiles <= 0)
-		nfiles = getdtablesize();
-	if (popen_pid == NULL) {
-		popen_pid = (int *)malloc((unsigned) nfiles * sizeof *popen_pid);
-		if (popen_pid == NULL)
-			return (NULL);
-		for (pid = 0; pid < nfiles; pid++)
-			popen_pid[pid] = -1;
-	}
-	if (pipe(p) < 0)
-		return (NULL);
-	myside = tst(p[WTR], p[RDR]);
-	hisside = tst(p[RDR], p[WTR]);
-	if ((pid = fork()) == 0) {
-		/* myside and hisside reverse roles in child */
-		(void) close(myside);
-		if (hisside != tst(0, 1)) {
-			(void) dup2(hisside, tst(0, 1));
-			(void) close(hisside);
-		}
-		execl("/bin/sh", "sh", "-c", cmd, (char *)NULL);
-		_exit(127);
-	}
-	if (pid == -1) {
-		(void) close(myside);
-		(void) close(hisside);
-		return (NULL);
-	}
-	popen_pid[myside] = pid;
-	(void) close(hisside);
-	return (fdopen(myside, mode));
-}
-
-sigtype
-pabort(sig)
-	int sig;
-{
-	extern int mflag;
-
-	mflag = 0;
-}
-
-mypclose(ptr)
-	FILE *ptr;
-{
-	int child, pid;
-#ifdef USE_SIGPROCMASK
-	sigset_t old, new;
-#else
-	int omask;
-#endif
-	sigtype pabort(), (*istat)();
-#ifdef WAIT_USES_INT
-	int status;
-#else
-	union wait status;
-#endif
-
-	child = popen_pid[fileno(ptr)];
-	popen_pid[fileno(ptr)] = -1;
-	(void) fclose(ptr);
-	if (child == -1)
-		return (-1);
-	istat = signal(SIGINT, pabort);
-#ifdef USE_SIGPROCMASK
-	sigemptyset(&old);
-	sigemptyset(&new);
-	sigaddset(&new,SIGQUIT);
-	sigaddset(&new,SIGHUP);
-	sigprocmask(SIG_BLOCK, &new, &old);
-	while ((pid = wait(&status)) != child && pid != -1)
-		;
-	sigprocmask(SIG_SETMASK, &old, NULL);
-#else
-	omask = sigblock(sigmask(SIGQUIT)|sigmask(SIGHUP));
-	while ((pid = wait(&status)) != child && pid != -1)
-		;
-	sigsetmask(omask);
-#endif
-	(void) signal(SIGINT, istat);
-	return (pid == -1 ? -1 : 0);
-}
diff --git a/src/appl/gssftp/ftp/radix.c b/src/appl/gssftp/ftp/radix.c
deleted file mode 100644
index 2d6dfd1..0000000
--- a/src/appl/gssftp/ftp/radix.c
+++ /dev/null
@@ -1,166 +0,0 @@
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-
-#include "ftp_var.h"
-
-static char *radixN =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static char pad = '=';
-
-int radix_encode(inbuf, outbuf, len, decode)
-unsigned char inbuf[], outbuf[];
-int *len, decode;
-{
-	int i,j,D = 0;
-	char *p;
-	unsigned char c = 0;
-
-	if (decode) {
-		for (i=0,j=0; inbuf[i] && inbuf[i] != pad; i++) {
-		    if ((p = strchr(radixN, inbuf[i])) == NULL) return(1);
-		    D = p - radixN;
-		    switch (i&3) {
-			case 0:
-			    c = D<<2;
-			    break;
-			case 1:
-			    outbuf[j++] = c | D>>4;
-			    c = (D&15)<<4;
-			    break;
-			case 2:
-			    outbuf[j++] = c | D>>2;
-			    c = (D&3)<<6;
-			    break;
-			case 3:
-			    outbuf[j++] = c | D;
-		    }
-		}
-		switch (i&3) {
-			case 1: return(3);
-			case 2: if (D&15) return(3);
-				if (strcmp((char *)&inbuf[i], "==")) return(2);
-				break;
-			case 3: if (D&3) return(3);
-				if (strcmp((char *)&inbuf[i], "="))  return(2);
-		}
-		*len = j;
-	} else {
-		for (i=0,j=0; i < *len; i++)
-		    switch (i%3) {
-			case 0:
-			    outbuf[j++] = radixN[inbuf[i]>>2];
-			    c = (inbuf[i]&3)<<4;
-			    break;
-			case 1:
-			    outbuf[j++] = radixN[c|inbuf[i]>>4];
-			    c = (inbuf[i]&15)<<2;
-			    break;
-			case 2:
-			    outbuf[j++] = radixN[c|inbuf[i]>>6];
-			    outbuf[j++] = radixN[inbuf[i]&63];
-			    c = 0;
-		    }
-		if (i%3) outbuf[j++] = radixN[c];
-		switch (i%3) {
-			case 1: outbuf[j++] = pad;
-			case 2: outbuf[j++] = pad;
-		}
-		outbuf[*len = j] = '\0';
-	}
-	return(0);
-}
-
-char *
-radix_error(e)
-int e;
-{
-	switch (e) {
-	    case 0:  return("Success");
-	    case 1:  return("Bad character in encoding");
-	    case 2:  return("Encoding not properly padded");
-	    case 3:  return("Decoded # of bits not a multiple of 8");
-	    default: return("Unknown error");
-	}
-}
-
-#ifdef STANDALONE
-usage(s)
-char *s;
-{
-	fprintf(stderr, "Usage: %s [ -d ] [ string ]\n", s);
-	exit(2);
-}
-
-static int n;
-
-putbuf(inbuf, outbuf, len, decode)
-unsigned char inbuf[], outbuf[];
-int len, decode;
-{
-	int c;
-
-	if (c = radix_encode(inbuf, outbuf, &len, decode)) {
-		fprintf(stderr, "Couldn't %scode input: %s\n",
-				decode ? "de" : "en", radix_error(c));
-		exit(1);
-	}
-	if (decode)
-		write(1, outbuf, len);
-	else
-		for (c = 0; c < len;) {
-			putchar(outbuf[c++]);
-			if (++n%76 == 0) putchar('\n');
-		}
-}
-
-main(argc,argv)
-int argc;
-char *argv[];
-{
-	unsigned char *inbuf, *outbuf;
-	int c, len = 0, decode = 0;
-	extern int optind;
-
-	while ((c = getopt(argc, argv, "d")) != -1)
-		switch(c) {
-			default:
-				usage(argv[0]);
-			case 'd':
-				decode++;
-		}
-
-	switch (argc - optind) {
-		case 0:
-			inbuf  = (unsigned char *) malloc(5);
-			outbuf = (unsigned char *) malloc(5);
-			while ((c = getchar()) != EOF)
-			    if (c != '\n') {
-				inbuf[len++] = c;
-				if (len == (decode ? 4 : 3)) {
-					inbuf[len] = '\0';
-					putbuf(inbuf, outbuf, len, decode);
-					len=0;
-				}
-			    }
-			if (len) {
-				inbuf[len] = '\0';
-				putbuf(inbuf, outbuf, len, decode);
-			}
-			break;
-		case 1:
-			inbuf = (unsigned char *)argv[optind];
-			len = strlen(inbuf);
-			outbuf = (unsigned char *)
-				malloc((len * (decode?3:4)) / (decode?4:3) + 1);
-			putbuf(inbuf, outbuf, len, decode);
-			break;
-		default:
-			fprintf(stderr, "Only one argument allowed\n");
-			usage(argv[0]);
-	}
-	if (n%76) putchar('\n');
-	exit(0);
-}
-#endif /* STANDALONE */
diff --git a/src/appl/gssftp/ftp/ruserpass.c b/src/appl/gssftp/ftp/ruserpass.c
deleted file mode 100644
index 03fbc79..0000000
--- a/src/appl/gssftp/ftp/ruserpass.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- * Copyright (c) 1985 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)ruserpass.c	5.3 (Berkeley) 3/1/91";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <string.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <ctype.h>
-#include <sys/stat.h>
-#include <errno.h>
-#include "ftp_var.h"
-
-#ifdef _WIN32
-#include <win-mac.h>
-#endif
-
-#ifndef MAXHOSTNAMELEN
-#define MAXHOSTNAMELEN 64
-#endif
-
-static int token (void);
-static	FILE *cfile;
-
-#define	DEFAULT	1
-#define	LOGIN	2
-#define	PASSWD	3
-#define	ACCOUNT 4
-#define MACDEF  5
-#define	ID	10
-#define	MACH	11
-
-static char tokval[100];
-
-static struct toktab {
-	char *tokstr;
-	int tval;
-} toktab[]= {
-	{ "default",	DEFAULT },
-	{ "login",	LOGIN },
-	{ "password",	PASSWD },
-	{ "passwd",	PASSWD },
-	{ "account",	ACCOUNT },
-	{ "machine",	MACH },
-	{ "macdef",	MACDEF },
-	{ NULL,		0 }
-};
-
-
-static int
-token()
-{
-	char *cp;
-	int c;
-	struct toktab *t;
-
-	if (feof(cfile))
-		return (0);
-	while ((c = getc(cfile)) != EOF &&
-	    (c == '\n' || c == '\t' || c == ' ' || c == ','))
-		continue;
-	if (c == EOF)
-		return (0);
-	cp = tokval;
-	if (c == '"') {
-		while ((c = getc(cfile)) != EOF && c != '"') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	} else {
-		*cp++ = c;
-		while ((c = getc(cfile)) != EOF
-		    && c != '\n' && c != '\t' && c != ' ' && c != ',') {
-			if (c == '\\')
-				c = getc(cfile);
-			*cp++ = c;
-		}
-	}
-	*cp = 0;
-	if (tokval[0] == 0)
-		return (0);
-	for (t = toktab; t->tokstr; t++)
-		if (!strcmp(t->tokstr, tokval))
-			return (t->tval);
-	return (ID);
-}
-
-int
-ruserpass(host, aname, apass, aacct)
-	char *host, **aname, **apass, **aacct;
-{
-	char *hdir, buf[FTP_BUFSIZ], *tmp;
-	char myname[MAXHOSTNAMELEN + 1], *mydomain;
-	int t, i, c, usedefault = 0;
-	struct stat stb;
-
-	hdir = getenv("HOME");
-	if (hdir == NULL)
-		hdir = ".";
-	(void) snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
-	cfile = fopen(buf, "r");
-	if (cfile == NULL) {
-		if (errno != ENOENT)
-			perror(buf);
-		return(0);
-	}
-	if (gethostname(myname, sizeof(myname)) < 0)
-		myname[0] = '\0';
-	if ((mydomain = strchr(myname, '.')) == NULL)
-		mydomain = "";
-next:
-	while ((t = token())) switch(t) {
-
-	case DEFAULT:
-		usedefault = 1;
-		/* FALL THROUGH */
-
-	case MACH:
-		if (!usedefault) {
-			if (token() != ID)
-				continue;
-			/*
-			 * Allow match either for user's input host name
-			 * or official hostname.  Also allow match of
-			 * incompletely-specified host in local domain.
-			 */
-			if (strcasecmp(host, tokval) == 0)
-				goto match;
-			if (strcasecmp(hostname, tokval) == 0)
-				goto match;
-			if ((tmp = strchr(hostname, '.')) != NULL &&
-			    strcasecmp(tmp, mydomain) == 0 &&
-			    strncasecmp(hostname, tokval,
-					(unsigned) (tmp-hostname)) == 0 &&
-			    tokval[tmp - hostname] == '\0')
-				goto match;
-			if ((tmp = strchr(host, '.')) != NULL &&
-			    strcasecmp(tmp, mydomain) == 0 &&
-			    strncasecmp(host, tokval,
-					(unsigned ) (tmp - host)) == 0 &&
-			    tokval[tmp - host] == '\0')
-				goto match;
-			continue;
-		}
-	match:
-		while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
-
-		case LOGIN:
-			if (token()) {
-				if (*aname == 0) {
-					*aname = strdup(tokval);
-				} else {
-					if (strcmp(*aname, tokval))
-						goto next;
-				}
-			}
-			break;
-		case PASSWD:
-			if (strcmp(*aname, "anonymous") &&
-			    fstat(fileno(cfile), &stb) >= 0 &&
-			    (stb.st_mode & 077) != 0) {
-	fprintf(stderr, "Error - .netrc file not correct mode.\n");
-	fprintf(stderr, "Remove password or correct mode.\n");
-				goto bad;
-			}
-			if (token() && *apass == 0) {
-				*apass = strdup(tokval);
-			}
-			break;
-		case ACCOUNT:
-			if (fstat(fileno(cfile), &stb) >= 0
-			    && (stb.st_mode & 077) != 0) {
-	fprintf(stderr, "Error - .netrc file not correct mode.\n");
-	fprintf(stderr, "Remove account or correct mode.\n");
-				goto bad;
-			}
-			if (token() && *aacct == 0) {
-				*aacct = strdup(tokval);
-			}
-			break;
-		case MACDEF:
-			if (proxy) {
-				(void) fclose(cfile);
-				return(0);
-			}
-			while ((c = getc(cfile)) != EOF)
-				if (c != ' ' && c != '\t')
-					break;
-			if (c == EOF || c == '\n') {
-				printf("Missing macdef name argument.\n");
-				goto bad;
-			}
-			if (macnum == 16) {
-				printf("Limit of 16 macros have already been defined\n");
-				goto bad;
-			}
-			tmp = macros[macnum].mac_name;
-			*tmp++ = c;
-			for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
-			    !isspace(c); ++i) {
-				*tmp++ = c;
-			}
-			if (c == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-				goto bad;
-			}
-			*tmp = '\0';
-			if (c != '\n') {
-				while ((c=getc(cfile)) != EOF && c != '\n');
-			}
-			if (c == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-				goto bad;
-			}
-			if (macnum == 0) {
-				macros[macnum].mac_start = macbuf;
-			}
-			else {
-				macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
-			}
-			tmp = macros[macnum].mac_start;
-			while (tmp != macbuf + 4096) {
-				if ((c=getc(cfile)) == EOF) {
-				printf("Macro definition missing null line terminator.\n");
-					goto bad;
-				}
-				*tmp = c;
-				if (*tmp == '\n') {
-					if (*(tmp-1) == '\0') {
-					   macros[macnum++].mac_end = tmp - 1;
-					   break;
-					}
-					*tmp = '\0';
-				}
-				tmp++;
-			}
-			if (tmp == macbuf + 4096) {
-				printf("4K macro buffer exceeded\n");
-				goto bad;
-			}
-			break;
-		default:
-	fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
-			break;
-		}
-		goto done;
-	}
-done:
-	(void) fclose(cfile);
-	return(0);
-bad:
-	(void) fclose(cfile);
-	return(-1);
-}
diff --git a/src/appl/gssftp/ftp/secure.c b/src/appl/gssftp/ftp/secure.c
deleted file mode 100644
index 5846604..0000000
--- a/src/appl/gssftp/ftp/secure.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * Shared routines for client and server for
- * secure read(), write(), getc(), and putc().
- * Only one security context, thus only work on one fd at a time!
- */
-#include "autoconf.h"
-
-#ifdef GSSAPI
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-extern gss_ctx_id_t gcontext;
-#endif /* GSSAPI */
-
-#include <secure.h>	/* stuff which is specific to client or server */
-
-#ifdef _WIN32
-#undef ERROR
-#endif
-
-#include <arpa/ftp.h>
-
-#include <stdio.h>
-#include <string.h>
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/types.h>
-#ifdef _WIN32
-#include <port-sockets.h>
-#else
-#include <netinet/in.h>
-#endif
-#include <errno.h>
-
-#ifndef HAVE_STRERROR
-#define strerror(error) (sys_errlist[error])
-#ifdef NEED_SYS_ERRLIST
-extern char *sys_errlist[];
-#endif
-#endif
-
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#ifdef HAVE_INTTYPES_H
-# include <inttypes.h>
-#endif
-typedef uint32_t ftp_uint32;
-typedef int32_t ftp_int32;
-
-static int secure_putbuf (int, unsigned char *, unsigned int);
-
-extern struct	sockaddr_in hisaddr;
-extern struct	sockaddr_in myaddr;
-extern int	dlevel;
-extern char	*auth_type;
-
-/* Some libc's (GNU libc, at least) define MAX as a macro. Forget that. */
-#ifdef MAX
-#undef MAX
-#endif
-
-#define MAX maxbuf
-extern unsigned int maxbuf; 	/* maximum output buffer size */
-extern unsigned char *ucbuf;	/* cleartext buffer */
-static unsigned int nout;	/* number of chars in ucbuf,
-				 * pointer into ucbuf */
-static unsigned int smaxbuf;    /* Internal saved value of maxbuf
-				   in case changes on us */
-static unsigned int smaxqueue;  /* Maximum allowed to queue before
-				   flush buffer. < smaxbuf by fudgefactor */
-
-/* perhaps use these in general, certainly use them for GSSAPI */
-
-#ifndef looping_write
-static int
-looping_write(fd, buf, len)
-    int fd;
-    register const char *buf;
-    int len;
-{
-    int cc;
-    register int wrlen = len;
-    do {
-	cc = write(fd, buf, wrlen);
-	if (cc < 0) {
-	    if (errno == EINTR)
-		continue;
-	    return(cc);
-	}
-	else {
-	    buf += cc;
-	    wrlen -= cc;
-	}
-    } while (wrlen > 0);
-    return(len);
-}
-#endif
-#ifndef looping_read
-static int
-looping_read(fd, buf, len)
-    int fd;
-    register char *buf;
-    register int len;
-{
-    int cc, len2 = 0;
-
-    do {
-	cc = read(fd, buf, len);
-	if (cc < 0) {
-	    if (errno == EINTR)
-		continue;
-	    return(cc);		 /* errno is already set */
-	}
-	else if (cc == 0) {
-	    return(len2);
-	} else {
-	    buf += cc;
-	    len2 += cc;
-	    len -= cc;
-	}
-    } while (len > 0);
-    return(len2);
-}
-#endif
-
-
-
-#define ERR	-2
-
-/*
- * Given maxbuf as a buffer size, determine how much can we
- * really transfer given the overhead of different algorithms
- *
- * Sets smaxbuf and smaxqueue
- */
-
-static int secure_determine_constants()
-{
-    smaxbuf = maxbuf;
-    smaxqueue = maxbuf;
-
-#ifdef GSSAPI
-    if (strcmp(auth_type, "GSSAPI") == 0) {
-	OM_uint32 maj_stat, min_stat, mlen;
-	OM_uint32 msize = maxbuf;
-	maj_stat = gss_wrap_size_limit(&min_stat, gcontext,
-				       (dlevel == PROT_P),
-				       GSS_C_QOP_DEFAULT,
-				       msize, &mlen);
-	if (maj_stat != GSS_S_COMPLETE) {
-			secure_gss_error(maj_stat, min_stat,
-					 "GSSAPI fudge determination");
-			/* Return error how? */
-			return ERR;
-	}
-	smaxqueue = mlen;
-    }
-#endif
-
-	return 0;
-}
-
-static int
-secure_putbyte(fd, c)
-int fd;
-unsigned char c;
-{
-	int ret;
-
-	if ((smaxbuf == 0) || (smaxqueue == 0) || (smaxbuf != maxbuf)) {
-	    ret = secure_determine_constants();
-	    if (ret) return ret;
-	}
-	ucbuf[nout++] = c;
-	if (nout == smaxqueue) {
-	  nout = 0;
-	  ret = secure_putbuf(fd, ucbuf, smaxqueue);
-	  return(ret?ret:c);
-	}
-	return (c);
-}
-
-/* returns:
- *	 0  on success
- *	-1  on error (errno set)
- *	-2  on security error
- */
-int secure_flush(fd)
-int fd;
-{
-	int ret;
-
-	if (dlevel == PROT_C)
-		return(0);
-	if (nout) {
- 	        ret = secure_putbuf(fd, ucbuf, nout);
-		if (ret)
-			return(ret);
-	}
-	return(secure_putbuf(fd, (unsigned char *) "", nout = 0));
-}
-
-/* returns:
- *	c>=0  on success
- *	-1    on error
- *	-2    on security error
- */
-int secure_putc(c, stream)
-int c;
-FILE *stream;
-{
-	if (dlevel == PROT_C)
-		return(putc(c,stream));
-	return(secure_putbyte(fileno(stream), (unsigned char) c));
-}
-
-/* returns:
- *	nbyte on success
- *	-1  on error (errno set)
- *	-2  on security error
- */
-int
-secure_write(fd, buf, nbyte)
-int fd;
-unsigned char *buf;
-unsigned int nbyte;
-{
-	unsigned int i;
-	int c;
-
-	if (dlevel == PROT_C)
-		return(write(fd,buf,nbyte));
-	for (i=0; nbyte>0; nbyte--)
-		if ((c = secure_putbyte(fd, buf[i++])) < 0)
-			return(c);
-	return(i);
-}
-
-/* returns:
- *	 0  on success
- *	-1  on error (errno set)
- *	-2  on security error
- */
-static int
-secure_putbuf(fd, buf, nbyte)
-  int fd;
-unsigned char *buf;
-unsigned int nbyte;
-{
-	static char *outbuf;		/* output ciphertext */
-	static unsigned int bufsize;	/* size of outbuf */
-	ftp_int32 length = 0;
-	ftp_uint32 net_len;
-	unsigned int fudge = smaxbuf - smaxqueue; /* Difference in length
-						     buffer lengths required */
-
-	/* Other auth types go here ... */
-#ifdef GSSAPI
-	if (strcmp(auth_type, "GSSAPI") == 0) {
-		gss_buffer_desc in_buf, out_buf;
-		OM_uint32 maj_stat, min_stat;
-		int conf_state;
-
-		in_buf.value = buf;
-		in_buf.length = nbyte;
-		maj_stat = gss_seal(&min_stat, gcontext,
-				    (dlevel == PROT_P), /* confidential */
-				    GSS_C_QOP_DEFAULT,
-				    &in_buf, &conf_state,
-				    &out_buf);
-		if (maj_stat != GSS_S_COMPLETE) {
-			/* generally need to deal */
-			/* ie. should loop, but for now just fail */
-			secure_gss_error(maj_stat, min_stat,
-					 dlevel == PROT_P?
-					 "GSSAPI seal failed":
-					 "GSSAPI sign failed");
-			return(ERR);
-		}
-
-		if (bufsize < out_buf.length) {
-			if (outbuf?
-			    (outbuf = realloc(outbuf, (unsigned) out_buf.length)):
-			    (outbuf = malloc((unsigned) out_buf.length))) {
-				bufsize = out_buf.length;
-			} else {
-				bufsize = 0;
-				secure_error("%s (in malloc of PROT buffer)",
-					     strerror(errno));
-				return(ERR);
-			}
-		}
-
-		length=out_buf.length;
-		memcpy(outbuf, out_buf.value, out_buf.length);
-		gss_release_buffer(&min_stat, &out_buf);
-	}
-#endif /* GSSAPI */
-	net_len = htonl((u_long) length);
-	if (looping_write(fd, (char *) &net_len, 4) == -1) return(-1);
-	if (looping_write(fd, outbuf, length) != length) return(-1);
-	return(0);
-}
-
-static int
-secure_getbyte(fd)
-int fd;
-{
-	/* number of chars in ucbuf, pointer into ucbuf */
-	static unsigned int nin, bufp;
-	int kerror;
-	ftp_uint32 length;
-
-	if (nin == 0) {
-		if ((kerror = looping_read(fd, (char *) &length,
-				sizeof(length)))
-				!= sizeof(length)) {
-			secure_error("Couldn't read PROT buffer length: %d/%s",
-				     kerror,
-				     kerror == -1 ? strerror(errno)
-				     : "premature EOF");
-			return(ERR);
-		}
-		if ((length = (u_long) ntohl(length)) > MAX) {
-			secure_error("Length (%d) of PROT buffer > PBSZ=%u",
-				     length, MAX);
-			return(ERR);
-		}
-		if ((kerror = looping_read(fd, (char *) ucbuf, (int) length)) != length) {
-			secure_error("Couldn't read %u byte PROT buffer: %s",
-					length, kerror == -1 ?
-					strerror(errno) : "premature EOF");
-			return(ERR);
-		}
-		/* Other auth types go here ... */
-#ifdef GSSAPI
-		if (strcmp(auth_type, "GSSAPI") == 0) {
-		  gss_buffer_desc xmit_buf, msg_buf;
-		  OM_uint32 maj_stat, min_stat;
-		  int conf_state;
-
-		  xmit_buf.value = ucbuf;
-		  xmit_buf.length = length;
-		  conf_state = (dlevel == PROT_P);
-		  /* decrypt/verify the message */
-		  maj_stat = gss_unseal(&min_stat, gcontext, &xmit_buf,
-					&msg_buf, &conf_state, NULL);
-		  if (maj_stat != GSS_S_COMPLETE) {
-		    secure_gss_error(maj_stat, min_stat,
-				     (dlevel == PROT_P)?
-				     "failed unsealing ENC message":
-				     "failed unsealing MIC message");
-		    return ERR;
-		  }
-
-		  memcpy(ucbuf, msg_buf.value, nin = bufp = msg_buf.length);
-		  gss_release_buffer(&min_stat, &msg_buf);
-	      }
-#endif /* GSSAPI */
-		/* Other auth types go here ... */
-	}
-	if (nin == 0)
-		return(EOF);
-	else	return(ucbuf[bufp - nin--]);
-}
-
-/* returns:
- *	c>=0 on success
- *	-1   on EOF
- *	-2   on security error
- */
-int secure_getc(stream)
-FILE *stream;
-{
-	if (dlevel == PROT_C)
-		return(getc(stream));
-	return(secure_getbyte(fileno(stream)));
-}
-
-/* returns:
- *	n>0 on success (n == # of bytes read)
- *	0   on EOF
- *	-1  on error (errno set), only for PROT_C
- *	-2  on security error
- */
-int secure_read(fd, buf, nbyte)
-int fd;
-char *buf;
-unsigned int nbyte;
-{
-	static int c;
-	int i;
-
-	if (dlevel == PROT_C)
-		return(read(fd,buf,nbyte));
-	if (c == EOF)
-		return(c = 0);
-	for (i=0; nbyte>0; nbyte--)
-		switch (c = secure_getbyte(fd)) {
-			case ERR: return(c);
-			case EOF: if (!i) c = 0;
-				  return(i);
-			default:  buf[i++] = c;
-		}
-	return(i);
-}
diff --git a/src/appl/gssftp/ftp/secure.h b/src/appl/gssftp/ftp/secure.h
deleted file mode 100644
index 011d745..0000000
--- a/src/appl/gssftp/ftp/secure.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#include <stdio.h>
-
-#define CRED_DECL	extern CREDENTIALS cred;
-#define SESSION		&cred.session
-#define myaddr		data_addr
-#define hisaddr		hisdataaddr
-
-int secure_flush (int);
-int secure_putc (int, FILE *);
-int secure_getc (FILE *);
-int secure_write (int, unsigned char *, unsigned int);
-int secure_read (int, char *, unsigned int);
-void secure_gss_error (OM_uint32 maj_stat, OM_uint32 min_stat, char *s);
-
-void secure_error(char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
diff --git a/src/appl/gssftp/ftpd/CHANGES b/src/appl/gssftp/ftpd/CHANGES
deleted file mode 100644
index 39c7ebd..0000000
--- a/src/appl/gssftp/ftpd/CHANGES
+++ /dev/null
@@ -1,31 +0,0 @@
-This version of ftpd has been fixed to conform to RFC959.
-
-Unfortunately, this conformance introduces a user visible change.  While
-technically, this is the fault of the client (ftp) instead of the server
-(ftpd), the change will be seen whenever an old ftp client calls a new ftpd
-server.
-
-The problem is that the old ftpd implemented the NLST command by execing
-/bin/ls.  This produced non-conformant output in some cases.  The new
-ftpd no longer executes /bin/ls for the NLST command as it has it's own
-built-in code.
-
-The user visible change in the ftp behavior is caused by the ftp client
-"knowing" that the daemon will exec /bin/ls.  This assumption should not
-have been made.
-
-When the old ftp client is used, one of the options is the "ls" command
-which sends the command NLST to the ftpd server.  The client should really
-be sending the LIST command.  The new ftp client has been corrected to do
-this.
-
-NLST should not normally be used directly by humans.  It is intended to
-interface with commands like mget or mput.
-
-Users who are not able to upgrade their ftp client may obtain the previous
-behavior, by using the command "dir" instead of "ls".
-
-These changes only apply to those sites using code derived from the Berkeley
-software releases (which means almost every UNIX based implementation will
-see this problem).
-
diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in
deleted file mode 100644
index 8e96a32..0000000
--- a/src/appl/gssftp/ftpd/Makefile.in
+++ /dev/null
@@ -1,78 +0,0 @@
-thisconfigdir=./..
-myfulldir=appl/gssftp/ftpd
-mydir=ftpd
-BUILDTOP=$(REL)..$(S)..$(S)..
-#
-# appl/gssftp/ftpd/Makefile.in
-#
-DEFINES = -DGSSAPI -DFTP_BUFSIZ=10240 #-DNOCONFIDENTIAL
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-SETENVSRC=@SETENVSRC@
-SETENVOBJ=@SETENVOBJ@
-LIBOBJS=@LIBOBJS@
-COMERRLIB=$(BUILDTOP)/util/et/libcom_err.a
-FTPD_LIBS=@FTPD_LIBS@
-
-SRCS	= $(srcdir)/ftpd.c ftpcmd.c $(srcdir)/popen.c \
-	  $(srcdir)/vers.c \
-	  $(srcdir)/../ftp/glob.c \
-	  $(srcdir)/../ftp/radix.c \
-	  $(srcdir)/../ftp/secure.c \
-	  $(srcdir)/../../bsd/getdtablesize.c $(SETENVSRC)
-
-OBJS	= ftpd.o ftpcmd.o glob.o popen.o vers.o radix.o \
-	  secure.o $(LIBOBJS) $(SETENVOBJ)
-
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)
-
-all::	ftpd
-
-ftpd:	$(OBJS) $(PTY_DEPLIB) $(GSS_DEPLIBS) $(KRB5_BASE_DEPLIBS)
-	$(CC_LINK) -o $@ $(OBJS) $(FTPD_LIBS) $(PTY_LIB) $(UTIL_LIB) $(GSS_LIBS) $(KRB5_BASE_LIBS)
-
-generate-files-mac: ftpcmd.c
-
-clean::
-	$(RM) ftpd ftpcmd.c
-
-depend::
-
-install::
-	for f in ftpd; do \
-	  $(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(SERVER_BINDIR)/`echo $$f|sed '$(transform)'`; \
-	  $(INSTALL_DATA) $(srcdir)/$$f.M \
-		${DESTDIR}$(SERVER_MANDIR)/`echo $$f|sed '$(transform)'`.8; \
-	done
-
-
-ftpcmd.c: $(srcdir)/ftpcmd.y
-	$(RM) ftpcmd.c y.tab.c
-	$(YACC) $(srcdir)/ftpcmd.y
-	$(MV) y.tab.c ftpcmd.c
-
-glob.o: $(srcdir)/../ftp/glob.c
-	$(CC) -c $(ALL_CFLAGS) $(srcdir)/../ftp/glob.c
-radix.o: $(srcdir)/../ftp/radix.c
-	$(CC) -c $(ALL_CFLAGS) $(srcdir)/../ftp/radix.c
-secure.o: $(srcdir)/../ftp/secure.c
-	$(CC) -c $(ALL_CFLAGS) $(srcdir)/../ftp/secure.c
-
-getdtablesize.o: $(srcdir)/../../bsd/getdtablesize.c
-	$(CC) -c $(ALL_CFLAGS) $(srcdir)/../../bsd/getdtablesize.c
-
-setenv.o: $(srcdir)/../../bsd/setenv.c
-	$(CC) -c $(ALL_CFLAGS) $(srcdir)/../../bsd/setenv.c
-
-
-ftpd.o: $(srcdir)/pathnames.h
-secure.o: $(srcdir)/secure.h
-
-ftpd.o: $(srcdir)/ftpd.c
-ftpcmd.o: ftpcmd.c
-popen.o: $(srcdir)/popen.c
-vers.o: $(srcdir)/vers.c
-
-# NOPOSTFIX
diff --git a/src/appl/gssftp/ftpd/deps b/src/appl/gssftp/ftpd/deps
deleted file mode 100644
index 1d0d355..0000000
--- a/src/appl/gssftp/ftpd/deps
+++ /dev/null
@@ -1,29 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)ftpd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/port-sockets.h $(srcdir)/../arpa/ftp.h \
-  $(srcdir)/../arpa/telnet.h ftpd.c ftpd_var.h pathnames.h \
-  secure.h
-$(OUTPRE)ftpcmd.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssapi/gssapi_generic.h $(SRCTOP)/include/k5-buf.h \
-  $(srcdir)/../arpa/ftp.h $(srcdir)/../arpa/telnet.h \
-  ftpcmd.c ftpd_var.h
-$(OUTPRE)popen.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssapi/gssapi_generic.h ftpd_var.h \
-  popen.c
-$(OUTPRE)vers.$(OBJEXT): vers.c
-$(OUTPRE)glob.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(srcdir)/../ftp/ftp_var.h $(srcdir)/../ftp/glob.c
-$(OUTPRE)radix.$(OBJEXT): $(srcdir)/../ftp/ftp_var.h \
-  $(srcdir)/../ftp/radix.c
-$(OUTPRE)secure.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(srcdir)/../arpa/ftp.h $(srcdir)/../ftp/secure.c secure.h
-$(OUTPRE)getdtablesize.$(OBJEXT): $(srcdir)/../../bsd/getdtablesize.c
diff --git a/src/appl/gssftp/ftpd/ftpcmd.y b/src/appl/gssftp/ftpd/ftpcmd.y
deleted file mode 100644
index 1b820f9..0000000
--- a/src/appl/gssftp/ftpd/ftpcmd.y
+++ /dev/null
@@ -1,1532 +0,0 @@
-/* -*- fundamental -*-
- * Copyright (c) 1985, 1988 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ftpcmd.y	5.24 (Berkeley) 2/25/91
- */
-
-/*
- * Grammar for FTP commands.
- * See RFC 959.
- * See Also draft-ietf-cat-ftpsec-08.txt.
- */
-
-%{
-
-#ifndef lint
-static char sccsid[] = "@(#)ftpcmd.y	5.24 (Berkeley) 2/25/91";
-#endif /* not lint */
-
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/ioctl.h>
-#ifdef HAVE_SYS_SOCKIO_H
-#include <sys/sockio.h>
-#endif
-#include <sys/stat.h>
-#include <netinet/in.h>
-#include <arpa/ftp.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <syslog.h>
-#include <time.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-#include <k5-buf.h>
-
-#include "ftpd_var.h"
-
-extern	char *auth_type;
-
-unsigned int maxbuf, actualbuf;
-unsigned char *ucbuf;
-
-static int kerror;	/* XXX needed for all auth types */
-#ifdef GSSAPI
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-extern gss_ctx_id_t gcontext;
-#endif
-
-#ifndef unix
-/* sigh */
-#if defined(_AIX) || defined(__hpux) || defined(BSD)
-#define unix
-#endif
-#endif
-
-#ifndef NBBY
-#define NBBY 8
-#endif
-
-static struct sockaddr_in host_port;
-
-extern	struct sockaddr_in data_dest;
-extern	int logged_in;
-extern	struct passwd *pw;
-extern	int guest;
-extern	int logging;
-extern	int type;
-extern	int form;
-extern	int clevel;
-extern	int debug;
-
-
-extern	int allow_ccc;
-extern	int ccc_ok;
-extern	int timeout;
-extern	int maxtimeout;
-extern  int pdata;
-extern	int authlevel;
-extern	char hostname[], remotehost[];
-extern	char proctitle[];
-extern	char *globerr;
-extern	int usedefault;
-extern  int transflag;
-extern  char tmpline[];
-
-char	**ftpglob();
-
-off_t	restart_point;
-
-static	int cmd_type;
-static	int cmd_form;
-static	int cmd_bytesz;
-char	cbuf[FTP_BUFSIZ]; /* was 512 */
-char	*fromname;
-
-/* bison needs these decls up front */
-extern jmp_buf errcatch;
-
-#define	CMD	0	/* beginning of command */
-#define	ARGS	1	/* expect miscellaneous arguments */
-#define	STR1	2	/* expect SP followed by STRING */
-#define	STR2	3	/* expect STRING */
-#define	OSTR	4	/* optional SP then STRING */
-#define	ZSTR1	5	/* SP then optional STRING */
-#define	ZSTR2	6	/* optional STRING after SP */
-#define	SITECMD	7	/* SITE command */
-#define	NSTR	8	/* Number followed by a string */
-
-struct tab {
-	char	*name;
-	short	token;
-	short	state;
-	short	implemented;	/* 1 if command is implemented */
-	char	*help;
-};
-struct tab cmdtab[];
-struct tab sitetab[];
-
-void sizecmd(char *);
-void help(struct tab *, char *);
-static int yylex(void);
-static char *copy(char *);
-%}
-
-%union { int num; char *str; }
-
-%token
-	SP	CRLF	COMMA	STRING	NUMBER
-
-	USER	PASS	ACCT	REIN	QUIT	PORT
-	PASV	TYPE	STRU	MODE	RETR	STOR
-	APPE	MLFL	MAIL	MSND	MSOM	MSAM
-	MRSQ	MRCP	ALLO	REST	RNFR	RNTO
-	ABOR	DELE	CWD	LIST	NLST	SITE
-	STAT	HELP	NOOP	MKD	RMD	PWD
-	CDUP	STOU	SMNT	SYST	SIZE	MDTM
-	AUTH	ADAT	PROT    PBSZ
-	CCC
-
-	UMASK	IDLE	CHMOD
-
-	LEXERR
-
-%type <num> NUMBER
-%type <num> form_code prot_code struct_code mode_code octal_number
-%type <num> check_login byte_size nonguest
-
-%type <str> STRING
-%type <str> password pathname username pathstring
-
-%start	cmd_list
-
-%%
-
-cmd_list:	/* empty */
-	|	cmd_list cmd
-		{
-			fromname = (char *) 0;
-			restart_point = (off_t) 0;
-		}
-	|	cmd_list rcmd
-	;
-
-cmd:		USER SP username CRLF
-		{
-			user((char *) $3);
-			free($3);
-		}
-	|	PASS SP password CRLF
-		{
-			pass((char *) $3);
-			free($3);
-		}
-	|	PORT SP host_port CRLF
-		{
-			/*
-			 * Don't allow a port < 1024 if we're not
-			 * connecting back to the original source address
-			 * This prevents nastier forms of the bounce attack.
-			 */
-			if (ntohs(host_port.sin_port) < 1024)
-				reply(504, "Port number too low");
-			else {
-				data_dest = host_port;
-				usedefault = 0;
-				if (pdata >= 0) {
-					(void) close(pdata);
-					pdata = -1;
-				}
-				reply(200, "PORT command successful.");
-			}
-		}
-	|	PASV check_login CRLF
-		{
-			if ($2)
-				passive();
-		}
-	|	PROT SP prot_code CRLF
-		{
-		    if (maxbuf)
-			setdlevel ($3);
-		    else
-			reply(503, "Must first set PBSZ");
-		}
-	|	CCC CRLF
-		{
-			if (!allow_ccc) {
-			    reply(534, "CCC not supported");
-			}
-			else {
-			    if(clevel == PROT_C && !ccc_ok) {
-			        reply(533, "CCC command must be integrity protected");
-			    } else {
-			        reply(200, "CCC command successful.");
-				ccc_ok = 1;
-			    }
-			}
-		}
-	|	PBSZ SP STRING CRLF
-		{
-			/* Others may want to do something more fancy here */
-			if (!auth_type)
-			    reply(503, "Must first perform authentication");
-			else if (strlen($3) > 10 ||
-				 (strlen($3) == 10 && 
-				  strcmp($3,"4294967296") >= 0))
-			    reply(501, "Bad value for PBSZ: %s", $3);
-			else {
-			    if (ucbuf) (void) free(ucbuf);
-			    actualbuf = (unsigned int) atol($3);
-			    /* I attempt what is asked for first, and if that
-			       fails, I try dividing by 4 */
-			    while ((ucbuf = (unsigned char *)malloc(actualbuf)) == NULL)
-				if (actualbuf)
-				    lreply(200, "Trying %u", actualbuf >>= 2);
-				else {
-				    perror_reply(421,
-					"Local resource failure: malloc");
-				    dologout(1);
-				}
-			    reply(200, "PBSZ=%u", maxbuf = actualbuf);
-			}
-		}
-	|	TYPE SP type_code CRLF
-		{
-			switch (cmd_type) {
-
-			case TYPE_A:
-				if (cmd_form == FORM_N) {
-					reply(200, "Type set to A.");
-					type = cmd_type;
-					form = cmd_form;
-				} else
-					reply(504, "Form must be N.");
-				break;
-
-			case TYPE_E:
-				reply(504, "Type E not implemented.");
-				break;
-
-			case TYPE_I:
-				reply(200, "Type set to I.");
-				type = cmd_type;
-				break;
-
-			case TYPE_L:
-#if NBBY == 8
-				if (cmd_bytesz == 8) {
-					reply(200,
-					    "Type set to L (byte size 8).");
-					type = cmd_type;
-				} else
-					reply(504, "Byte size must be 8.");
-#else /* NBBY == 8 */
-				UNIMPLEMENTED for NBBY != 8
-#endif /* NBBY == 8 */
-			}
-		}
-	|	STRU SP struct_code CRLF
-		{
-			switch ($3) {
-
-			case STRU_F:
-				reply(200, "STRU F ok.");
-				break;
-
-			default:
-				reply(504, "Unimplemented STRU type.");
-			}
-		}
-	|	MODE SP mode_code CRLF
-		{
-			switch ($3) {
-
-			case MODE_S:
-				reply(200, "MODE S ok.");
-				break;
-
-			default:
-				reply(502, "Unimplemented MODE type.");
-			}
-		}
-	|	ALLO SP NUMBER CRLF
-		{
-			reply(202, "ALLO command ignored.");
-		}
-	|	ALLO SP NUMBER SP 'R' SP NUMBER CRLF
-		{
-			reply(202, "ALLO command ignored.");
-		}
-	|	RETR check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				retrieve((char *) 0, (char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	STOR check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				store_file((char *) $4, "w", 0);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	APPE check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				store_file((char *) $4, "a", 0);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	NLST check_login CRLF
-		{
-			if ($2)
-				send_file_list(".");
-		}
-	|	NLST check_login SP STRING CRLF
-		{
-			if ($2 && $4 != NULL) 
-				send_file_list((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	LIST check_login CRLF
-		{
-			if ($2)
-				retrieve("/bin/ls -lgA", "");
-		}
-	|	LIST check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				retrieve("/bin/ls -lgA %s", (char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	STAT check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				statfilecmd((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	STAT CRLF
-		{
-			statcmd();
-		}
-	|	DELE check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				delete_file((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	RNTO SP pathname CRLF
-		{
-			if (fromname) {
-				renamecmd(fromname, (char *) $3);
-				free(fromname);
-				fromname = (char *) 0;
-			} else {
-				reply(503, "Bad sequence of commands.");
-			}
-			free($3);
-		}
-	|	ABOR CRLF
-		{
-			reply(225, "ABOR command successful.");
-		}
-	|	CWD check_login CRLF
-		{
-			if ($2)
-				cwd(pw->pw_dir);
-		}
-	|	CWD check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				cwd((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	HELP CRLF
-		{
-			help(cmdtab, (char *) 0);
-		}
-	|	HELP SP STRING CRLF
-		{
-			register char *cp = (char *)$3;
-
-			if (strncasecmp(cp, "SITE", 4) == 0) {
-				cp = (char *)$3 + 4;
-				if (*cp == ' ')
-					cp++;
-				if (*cp)
-					help(sitetab, cp);
-				else
-					help(sitetab, (char *) 0);
-			} else
-				help(cmdtab, (char *) $3);
-		}
-	|	NOOP CRLF
-		{
-			reply(200, "NOOP command successful.");
-		}
-	|	MKD nonguest SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				makedir((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	RMD nonguest SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				removedir((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	PWD check_login CRLF
-		{
-			if ($2)
-				pwd();
-		}
-	|	CDUP check_login CRLF
-		{
-			if ($2)
-				cwd("..");
-		}
-	|	SITE SP HELP CRLF
-		{
-			help(sitetab, (char *) 0);
-		}
-	|	SITE SP HELP SP STRING CRLF
-		{
-			help(sitetab, (char *) $5);
-		}
-	|	SITE SP UMASK check_login CRLF
-		{
-			int oldmask;
-
-			if ($4) {
-				oldmask = umask(0);
-				(void) umask(oldmask);
-				reply(200, "Current UMASK is %03o", oldmask);
-			}
-		}
-	|	SITE SP UMASK nonguest SP octal_number CRLF
-		{
-			int oldmask;
-
-			if ($4) {
-				if (($6 == -1) || ($6 > 0777)) {
-					reply(501, "Bad UMASK value");
-				} else {
-					oldmask = umask($6);
-					reply(200,
-					    "UMASK set to %03o (was %03o)",
-					    $6, oldmask);
-				}
-			}
-		}
-	|	SITE SP CHMOD nonguest SP octal_number SP pathname CRLF
-		{
-			if ($4 && ($8 != NULL)) {
-				if ($6 > 0777)
-					reply(501,
-				"CHMOD: Mode value must be between 0 and 0777");
-				else if (chmod((char *) $8, $6) < 0)
-					perror_reply(550, (char *) $8);
-				else
-					reply(200, "CHMOD command successful.");
-			}
-			if ($8 != NULL)
-				free($8);
-		}
-	|	SITE SP IDLE CRLF
-		{
-			reply(200,
-			    "Current IDLE time limit is %d seconds; max %d",
-				timeout, maxtimeout);
-		}
-	|	SITE SP IDLE SP NUMBER CRLF
-		{
-			if ($5 < 30 || $5 > maxtimeout) {
-				reply(501,
-			"Maximum IDLE time must be between 30 and %d seconds",
-				    maxtimeout);
-			} else {
-				timeout = $5;
-				(void) alarm((unsigned) timeout);
-				reply(200,
-				    "Maximum IDLE time set to %d seconds",
-				    timeout);
-			}
-		}
-	|	STOU check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				store_file((char *) $4, "w", 1);
-			if ($4 != NULL)
-				free($4);
-		}
-	|	SYST CRLF
-		{
-#ifdef unix
-#ifdef __svr4__
-#undef BSD
-#endif
-#ifdef BSD
-			reply(215, "UNIX Type: L%d Version: BSD-%d",
-				NBBY, BSD);
-#else /* BSD */
-			reply(215, "UNIX Type: L%d", NBBY);
-#endif /* BSD */
-#else /* unix */
-			reply(215, "UNKNOWN Type: L%d", NBBY);
-#endif /* unix */
-		}
-
-		/*
-		 * SIZE is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return size of file in a format suitable for
-		 * using with RESTART (we just count bytes).
-		 */
-	|	SIZE check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL)
-				sizecmd((char *) $4);
-			if ($4 != NULL)
-				free($4);
-		}
-
-		/*
-		 * MDTM is not in RFC959, but Postel has blessed it and
-		 * it will be in the updated RFC.
-		 *
-		 * Return modification time of file as an ISO 3307
-		 * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx
-		 * where xxx is the fractional second (of any precision,
-		 * not necessarily 3 digits)
-		 */
-	|	MDTM check_login SP pathname CRLF
-		{
-			if ($2 && $4 != NULL) {
-				struct stat stbuf;
-				if (stat($4, &stbuf) < 0)
-					perror_reply(550, $4);
-				else if ((stbuf.st_mode&S_IFMT) != S_IFREG) {
-					reply(550, "%s: not a plain file.",
-						(char *) $4);
-				} else {
-					register struct tm *t;
-					struct tm *gmtime();
-					t = gmtime(&stbuf.st_mtime);
-					reply(213,
-					    "%4d%02d%02d%02d%02d%02d",
-					    1900+t->tm_year, t->tm_mon+1, 
-					    t->tm_mday, t->tm_hour, 
-					    t->tm_min, t->tm_sec);
-				}
-			}
-			if ($4 != NULL)
-				free($4);
-		}
-	|	AUTH SP STRING CRLF
-		{
-			auth((char *) $3);
-		}
-	|	ADAT SP STRING CRLF
-		{
-			auth_data((char *) $3);
-			free($3);
-		}
-	|	QUIT CRLF
-		{
-			reply(221, "Goodbye.");
-			dologout(0);
-		}
-	|	error CRLF
-		{
-			yyerrok;
-		}
-	;
-rcmd:		RNFR check_login SP pathname CRLF
-		{
-			restart_point = (off_t) 0;
-			if ($2 && $4) {
-				fromname = renamefrom((char *) $4);
-				if (fromname == (char *) 0 && $4) {
-					free($4);
-				}
-			}
-		}
-	|	REST SP byte_size CRLF
-		{
-			fromname = (char *) 0;
-			restart_point = $3;
-			reply(350, "Restarting at %ld. %s", 
-			      (long) restart_point,
-			      "Send STORE or RETRIEVE to initiate transfer.");
-		}
-	;
-		
-username:	STRING
-	;
-
-password:	/* empty */
-		{
-			*(char **)&($$) = (char *)calloc(1, sizeof(char));
-		}
-	|	STRING
-	;
-
-byte_size:	NUMBER
-	;
-
-host_port:	NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA 
-		NUMBER COMMA NUMBER
-		{
-			register char *a, *p;
-
-			a = (char *)&host_port.sin_addr;
-			a[0] = $1; a[1] = $3; a[2] = $5; a[3] = $7;
-			p = (char *)&host_port.sin_port;
-			p[0] = $9; p[1] = $11;
-			host_port.sin_family = AF_INET;
-		}
-	;
-
-form_code:	'N'
-	{
-		$$ = FORM_N;
-	}
-	|	'T'
-	{
-		$$ = FORM_T;
-	}
-	|	'C'
-	{
-		$$ = FORM_C;
-	}
-	;
-
-prot_code:	'C'
-	{
-		$$ = PROT_C;
-	}
-	|	'S'
-	{
-		$$ = PROT_S;
-	}
-	|	'P'
-	{
-		$$ = PROT_P;
-	}
-	|	'E'
-	{
-		$$ = PROT_E;
-	}
-	;
-
-type_code:	'A'
-	{
-		cmd_type = TYPE_A;
-		cmd_form = FORM_N;
-	}
-	|	'A' SP form_code
-	{
-		cmd_type = TYPE_A;
-		cmd_form = $3;
-	}
-	|	'E'
-	{
-		cmd_type = TYPE_E;
-		cmd_form = FORM_N;
-	}
-	|	'E' SP form_code
-	{
-		cmd_type = TYPE_E;
-		cmd_form = $3;
-	}
-	|	'I'
-	{
-		cmd_type = TYPE_I;
-	}
-	|	'L'
-	{
-		cmd_type = TYPE_L;
-		cmd_bytesz = NBBY;
-	}
-	|	'L' SP byte_size
-	{
-		cmd_type = TYPE_L;
-		cmd_bytesz = $3;
-	}
-	/* this is for a bug in the BBN ftp */
-	|	'L' byte_size
-	{
-		cmd_type = TYPE_L;
-		cmd_bytesz = $2;
-	}
-	;
-
-struct_code:	'F'
-	{
-		$$ = STRU_F;
-	}
-	|	'R'
-	{
-		$$ = STRU_R;
-	}
-	|	'P'
-	{
-		$$ = STRU_P;
-	}
-	;
-
-mode_code:	'S'
-	{
-		$$ = MODE_S;
-	}
-	|	'B'
-	{
-		$$ = MODE_B;
-	}
-	|	'C'
-	{
-		$$ = MODE_C;
-	}
-	;
-
-pathname:	pathstring
-	{
-		/*
-		 * Problem: this production is used for all pathname
-		 * processing, but only gives a 550 error reply.
-		 * This is a valid reply in some cases but not in others.
-		 */
-		if (logged_in && $1 && strncmp((char *) $1, "~", 1) == 0) {
-			char **vv;
-
-			vv = ftpglob((char *) $1);
-			$$ = (vv != NULL) ? *vv : NULL;
-			if ($$ == NULL) {
-				if (globerr == NULL)
-					$$ = $1;
-				else {
-					reply(550, "%s", globerr);
-					free($1);
-				}
-			} else
-				free($1);
-		} else
-			$$ = $1;
-	}
-	;
-
-pathstring:	STRING
-	;
-
-octal_number:	NUMBER
-	{
-		register int ret, dec, multby, digit;
-
-		/*
-		 * Convert a number that was read as decimal number
-		 * to what it would be if it had been read as octal.
-		 */
-		dec = $1;
-		multby = 1;
-		ret = 0;
-		while (dec) {
-			digit = dec%10;
-			if (digit > 7) {
-				ret = -1;
-				break;
-			}
-			ret += digit * multby;
-			multby *= 8;
-			dec /= 10;
-		}
-		$$ = ret;
-	}
-	;
-
-check_login:	/* empty */
-	{
-		if (logged_in)
-			$$ = 1;
-		else {
-			reply(530, "Please login with USER and PASS.");
-			$$ = 0;
-		}
-	}
-	;
-
-nonguest: check_login
-	{
-		if (guest) {
-			reply(550, "Operation prohibited for anonymous users.");
-			$$ = 0;
-		}
-		else
-			$$ = $1;
-	}
-	;
-%%
-
-struct tab cmdtab[] = {		/* In order defined in RFC 765 */
-	{ "USER", USER, STR1, 1,	"<sp> username" },
-	{ "PASS", PASS, ZSTR1, 1,	"<sp> password" },
-	{ "ACCT", ACCT, STR1, 0,	"(specify account)" },
-	{ "SMNT", SMNT, ARGS, 0,	"(structure mount)" },
-	{ "REIN", REIN, ARGS, 0,	"(reinitialize server state)" },
-	{ "QUIT", QUIT, ARGS, 1,	"(terminate service)", },
-	{ "PORT", PORT, ARGS, 1,	"<sp> b0, b1, b2, b3, b4" },
-	{ "PASV", PASV, ARGS, 1,	"(set server in passive mode)" },
-	{ "TYPE", TYPE, ARGS, 1,	"<sp> [ A | E | I | L ]" },
-	{ "STRU", STRU, ARGS, 1,	"(specify file structure)" },
-	{ "MODE", MODE, ARGS, 1,	"(specify transfer mode)" },
-	{ "RETR", RETR, STR1, 1,	"<sp> file-name" },
-	{ "STOR", STOR, STR1, 1,	"<sp> file-name" },
-	{ "APPE", APPE, STR1, 1,	"<sp> file-name" },
-	{ "MLFL", MLFL, OSTR, 0,	"(mail file)" },
-	{ "MAIL", MAIL, OSTR, 0,	"(mail to user)" },
-	{ "MSND", MSND, OSTR, 0,	"(mail send to terminal)" },
-	{ "MSOM", MSOM, OSTR, 0,	"(mail send to terminal or mailbox)" },
-	{ "MSAM", MSAM, OSTR, 0,	"(mail send to terminal and mailbox)" },
-	{ "MRSQ", MRSQ, OSTR, 0,	"(mail recipient scheme question)" },
-	{ "MRCP", MRCP, STR1, 0,	"(mail recipient)" },
-	{ "ALLO", ALLO, ARGS, 1,	"allocate storage (vacuously)" },
-	{ "REST", REST, ARGS, 1,	"(restart command)" },
-	{ "RNFR", RNFR, STR1, 1,	"<sp> file-name" },
-	{ "RNTO", RNTO, STR1, 1,	"<sp> file-name" },
-	{ "ABOR", ABOR, ARGS, 1,	"(abort operation)" },
-	{ "DELE", DELE, STR1, 1,	"<sp> file-name" },
-	{ "CWD",  CWD,  OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "XCWD", CWD,	OSTR, 1,	"[ <sp> directory-name ]" },
-	{ "LIST", LIST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "NLST", NLST, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "SITE", SITE, SITECMD, 1,	"site-cmd [ <sp> arguments ]" },
-	{ "SYST", SYST, ARGS, 1,	"(get type of operating system)" },
-	{ "STAT", STAT, OSTR, 1,	"[ <sp> path-name ]" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-	{ "NOOP", NOOP, ARGS, 1,	"" },
-	{ "MKD",  MKD,  STR1, 1,	"<sp> path-name" },
-	{ "XMKD", MKD,  STR1, 1,	"<sp> path-name" },
-	{ "RMD",  RMD,  STR1, 1,	"<sp> path-name" },
-	{ "XRMD", RMD,  STR1, 1,	"<sp> path-name" },
-	{ "PWD",  PWD,  ARGS, 1,	"(return current directory)" },
-	{ "XPWD", PWD,  ARGS, 1,	"(return current directory)" },
-	{ "CDUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "XCUP", CDUP, ARGS, 1,	"(change to parent directory)" },
-	{ "STOU", STOU, STR1, 1,	"<sp> file-name" },
-	{ "AUTH", AUTH, STR1, 1,	"<sp> auth-type" },
-	{ "ADAT", ADAT, STR1, 1,	"<sp> auth-data" },
-	{ "PROT", PROT, ARGS, 1,	"<sp> protection-level" },
-	{ "PBSZ", PBSZ, STR1, 1,	"<sp> buffer-size" },
-	{ "CCC",  CCC,  ARGS, 1,	"(clear command channel)" },
-	{ "SIZE", SIZE, OSTR, 1,	"<sp> path-name" },
-	{ "MDTM", MDTM, OSTR, 1,	"<sp> path-name" },
-	{ NULL,   0,    0,    0,	0 }
-};
-
-struct tab sitetab[] = {
-	{ "UMASK", UMASK, ARGS, 1,	"[ <sp> umask ]" },
-	{ "IDLE", IDLE, ARGS, 1,	"[ <sp> maximum-idle-time ]" },
-	{ "CHMOD", CHMOD, NSTR, 1,	"<sp> mode <sp> file-name" },
-	{ "HELP", HELP, OSTR, 1,	"[ <sp> <string> ]" },
-	{ NULL,   0,    0,    0,	0 }
-};
-
-static struct tab *
-lookup(p, cmd)
-	register struct tab *p;
-	char *cmd;
-{
-
-	for (; p->name != NULL; p++)
-		if (strcmp(cmd, p->name) == 0)
-			return (p);
-	return (0);
-}
-
-/*
- * urgsafe_getc - hacked up getc to ignore EOF if SIOCATMARK returns TRUE
- */
-static int
-urgsafe_getc(f)
-	FILE *f;
-{
-	register int c;
-	int atmark;
-
-	c = getc(f);
-	if (c == EOF) {
-		if (ioctl(fileno(f), SIOCATMARK, &atmark) != -1) {
-			c = getc(f);
-			syslog(LOG_DEBUG, "atmark: c=%d", c);
-		}
-	}
-	return c;
-}
-
-#include <arpa/telnet.h>
-
-/*
- * getline - a hacked up version of fgets to ignore TELNET escape codes.
- */
-char *
-ftpd_getline(s, n, iop)
-	char *s;
-	int n;
-	register FILE *iop;
-{
-	register int c;
-	register char *cs;
-
-	cs = s;
-/* tmpline may contain saved command from urgent mode interruption */
-	for (c = 0; tmpline[c] != '\0' && --n > 0; ++c) {
-		*cs++ = tmpline[c];
-		if (tmpline[c] == '\n') {
-			*cs++ = '\0';
-			if (debug)
-				syslog(LOG_DEBUG, "command: %s", s);
-			tmpline[0] = '\0';
-			return(s);
-		}
-		if (c == 0)
-			tmpline[0] = '\0';
-	}
-	while ((c = urgsafe_getc(iop)) != EOF) {
-		c &= 0377;
-		if (c == IAC) {
-			if (debug) syslog(LOG_DEBUG, "got IAC");
-		    if ((c = urgsafe_getc(iop)) != EOF) {
-			c &= 0377;
-			if (debug) syslog(LOG_DEBUG, "got IAC %d", c);
-			switch (c) {
-			case WILL:
-			case WONT:
-				c = urgsafe_getc(iop);
-				printf("%c%c%c", IAC, DONT, 0377&c);
-				(void) fflush(stdout);
-				continue;
-			case DO:
-			case DONT:
-				c = urgsafe_getc(iop);
-				printf("%c%c%c", IAC, WONT, 0377&c);
-				(void) fflush(stdout);
-				continue;
-			case IAC:
-				break;
-			default:
-				continue;	/* ignore command */
-			}
-		    }
-		}
-		*cs++ = c;
-		if (--n <= 0 || c == '\n')
-			break;
-	}
-	if (c == EOF && cs == s)
-		return (NULL);
-	*cs++ = '\0';
-	if (auth_type) {
-	    char out[sizeof(cbuf)], *cp;
-	    int len, mic;
-
-
-	    /* Check to see if we have a protected command. */
-	    if (!((mic = strncmp(s, "ENC", 3)) && strncmp(s, "MIC", 3)
-		&& strncmp(s, "AUTH", 4)
-#ifndef NOCONFIDENTIAL
-	        && strncmp(s, "CONF", 4)
-#endif
-	        ) && (cs = strpbrk(s, " \r\n"))) {
-	    	    *cs++ = '\0'; /* If so, split it into s and cs. */
-	    } else { /* If not, check if unprotected commands are allowed. */
-		if(ccc_ok) {
-		    clevel = PROT_C;
-		    upper(s);
-		    return(s);
-		} else {
-		    reply(533, "All commands must be protected.");
-		    syslog(LOG_ERR, "Unprotected command received");
-		    *s = '\0';
-		    return(s);
-		}
-	    }
-	    upper(s);
-	    if (debug)
-	        syslog(LOG_INFO, "command %s received (mic=%d)", s, mic);
-#ifdef NOCONFIDENTIAL
-	    if (!strcmp(s, "CONF")) {
-		reply(537, "CONF protected commands not supported.");
-		*s = '\0';
-		return(s);
-	    }
-#endif
-/* Some paranoid sites may want to require that commands be encrypted. */
-#ifdef PARANOID
-	    if (mic) {
-		reply(533, "All commands must be ENC protected.  Retry command under ENC.");
-		*s = '\0';
-		return(s);
-	    }
-#endif /* PARANOID */
-#ifdef NOENCRYPTION
-	    if (!mic) {
-		reply(533, "ENC protection not supported.  Retry command under MIC.");
-		*s = '\0';
-		return(s);
-	    }
-#endif /* NOENCRYPTION */
-	    if ((cp = strpbrk(cs, " \r\n")))
-		*cp = '\0';
-	    kerror = radix_encode(cs, out, &len, 1);
-	    if (kerror) {
-		reply(501, "Can't base 64 decode argument to %s command (%s)",
-		      mic ? "MIC" : "ENC", radix_error(kerror));
-		*s = '\0';
-		return(s);
-	    }
-	    if (debug) syslog(LOG_DEBUG, "getline got %d from %s <%s>\n", 
-			      len, cs, mic?"MIC":"ENC");
-	    clevel = mic ? PROT_S : PROT_P;
-#ifdef GSSAPI
-/* we know this is a MIC or ENC already, and out/len already has the bits */
-	    if (strcmp(auth_type, "GSSAPI") == 0) {
-		gss_buffer_desc xmit_buf, msg_buf;
-		OM_uint32 maj_stat, min_stat;
-		int conf_state;
-
-		xmit_buf.value = out;
-		xmit_buf.length = len;
-		/* decrypt the message */
-		conf_state = !mic;
-		maj_stat = gss_unseal(&min_stat, gcontext, &xmit_buf,
-				      &msg_buf, &conf_state, NULL);
-		if (maj_stat == GSS_S_CONTINUE_NEEDED) {
-			if (debug) syslog(LOG_DEBUG, "%s-unseal continued", 
-					  mic?"MIC":"ENC");
-			reply(535, "%s-unseal continued, oops",
-			      mic?"MIC":"ENC");
-			*s = 0; return s;
-		}
-		if (maj_stat != GSS_S_COMPLETE) {
-			reply_gss_error(535, maj_stat, min_stat, 
-					mic? "failed unsealing MIC message":
-					"failed unsealing ENC message");
-			*s = 0;
-			return s;
-		}
-
-		memcpy(s, msg_buf.value, msg_buf.length);
-		memcpy(s+msg_buf.length-(s[msg_buf.length-1]?0:1), "\r\n", 3);
-		gss_release_buffer(&min_stat, &msg_buf);
-	    }
-#endif /* GSSAPI */
-	    /* Other auth types go here ... */
-
-	    /* A password should never be MICed, but the CNS ftp
-	     * client and the pre-6/98 Krb5 client did this if you
-	     * authenticated but didn't encrypt.
-	     */
-	    if (authlevel && mic && !strncmp(s, "PASS", 4)) {
-	    	lreply(530, "There is a problem with your ftp client. Password refused.");
-		reply(530, "Enable encryption before logging in, or update your ftp program.");
-		*s = 0;
-		return s;
-	    }
-
-	}
-#ifdef GSSAPI	/* or other auth types */
-	else {	/* !auth_type */
-	    if ( (!(strncmp(s, "ENC", 3))) || (!(strncmp(s, "MIC", 3)))
-#ifndef NOCONFIDENTIAL
-                || (!(strncmp(s, "CONF", 4)))
-#endif
-                                        ) {
-                reply(503, "Must perform authentication before sending protected commands");
-                *s = '\0';
-                return(s);
-	    }
-	}
-#endif GSSAPI
-
-	if (debug) {
-		if (!strncmp(s, "PASS ", 5) && !guest)
-			syslog(LOG_DEBUG, "command: <PASS XXX>");
-		else
-			syslog(LOG_DEBUG, "command: <%.*s>(%d)",
-			       strlen(s) - 2, s, strlen(s));
-	}
-	return (s);
-}
-
-static krb5_sigtype
-toolong(sig)
-	int sig;
-{
-	time_t now;
-
-	reply(421,
-	  "Timeout (%d seconds): closing control connection.", timeout);
-	(void) time(&now);
-	if (logging) {
-		syslog(LOG_INFO,
-			"User %s timed out after %d seconds at %s",
-			(pw ? pw -> pw_name : "unknown"), timeout, ctime(&now));
-	}
-	dologout(1);
-}
-
-static int
-yylex()
-{
-	static int cpos, state;
-	register char *cp, *cp2;
-	register struct tab *p;
-	int n;
-	char c;
-
-	for (;;) {
-		switch (state) {
-
-		case CMD:
-			(void) signal(SIGALRM, toolong);
-			(void) alarm((unsigned) timeout);
-			if (ftpd_getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
-				reply(221, "You could at least say goodbye.");
-				dologout(0);
-			}
-			(void) alarm(0);
-
-			/* If getline() finds an error, the string is null */
-			if (*cbuf == '\0')
-				continue;
-
-#ifdef SETPROCTITLE
-			if (strncasecmp(cbuf, "PASS", 4) != NULL)
-				setproctitle("%s: %s", proctitle, cbuf);
-#endif /* SETPROCTITLE */
-			if ((cp = strchr(cbuf, '\r'))) {
-				*cp++ = '\n';
-				*cp = '\0';
-			}
-			if ((cp = strpbrk(cbuf, " \n")))
-				cpos = cp - cbuf;
-			if (cpos == 0)
-				cpos = 4;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			upper(cbuf);
-			p = lookup(cmdtab, cbuf);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					nack(p->name);
-					longjmp(errcatch,0);
-					/* NOTREACHED */
-				}
-				state = p->state;
-				yylval.str = p->name;
-				return (p->token);
-			}
-			break;
-
-		case SITECMD:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			cp = &cbuf[cpos];
-			if ((cp2 = strpbrk(cp, " \n")))
-				cpos = cp2 - cbuf;
-			c = cbuf[cpos];
-			cbuf[cpos] = '\0';
-			upper(cp);
-			p = lookup(sitetab, cp);
-			cbuf[cpos] = c;
-			if (p != 0) {
-				if (p->implemented == 0) {
-					state = CMD;
-					nack(p->name);
-					longjmp(errcatch,0);
-					/* NOTREACHED */
-				}
-				state = p->state;
-				yylval.str = p->name;
-				return (p->token);
-			}
-			state = CMD;
-			break;
-
-		case OSTR:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR1:
-		case ZSTR1:
-		dostr1:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				state = state == OSTR ? STR2 : state+1;
-				return (SP);
-			}
-			break;
-
-		case ZSTR2:
-			if (cbuf[cpos] == '\n') {
-				state = CMD;
-				return (CRLF);
-			}
-			/* FALLTHROUGH */
-
-		case STR2:
-			cp = &cbuf[cpos];
-			n = strlen(cp);
-			cpos += n - 1;
-			/*
-			 * Make sure the string is nonempty and \n terminated.
-			 */
-			if (n > 1 && cbuf[cpos] == '\n') {
-				cbuf[cpos] = '\0';
-				yylval.str = copy(cp);
-				cbuf[cpos] = '\n';
-				state = ARGS;
-				return (STRING);
-			}
-			break;
-
-		case NSTR:
-			if (cbuf[cpos] == ' ') {
-				cpos++;
-				return (SP);
-			}
-			if (isdigit((int) cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((int) cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.num = atoi(cp);
-				cbuf[cpos] = c;
-				state = STR1;
-				return (NUMBER);
-			}
-			state = STR1;
-			goto dostr1;
-
-		case ARGS:
-			if (isdigit((int) cbuf[cpos])) {
-				cp = &cbuf[cpos];
-				while (isdigit((int) cbuf[++cpos]))
-					;
-				c = cbuf[cpos];
-				cbuf[cpos] = '\0';
-				yylval.num = atoi(cp);
-				cbuf[cpos] = c;
-				return (NUMBER);
-			}
-			switch (cbuf[cpos++]) {
-
-			case '\n':
-				state = CMD;
-				return (CRLF);
-
-			case ' ':
-				return (SP);
-
-			case ',':
-				return (COMMA);
-
-			case 'A':
-			case 'a':
-				return ('A');
-
-			case 'B':
-			case 'b':
-				return ('B');
-
-			case 'C':
-			case 'c':
-				return ('C');
-
-			case 'E':
-			case 'e':
-				return ('E');
-
-			case 'F':
-			case 'f':
-				return ('F');
-
-			case 'I':
-			case 'i':
-				return ('I');
-
-			case 'L':
-			case 'l':
-				return ('L');
-
-			case 'N':
-			case 'n':
-				return ('N');
-
-			case 'P':
-			case 'p':
-				return ('P');
-
-			case 'R':
-			case 'r':
-				return ('R');
-
-			case 'S':
-			case 's':
-				return ('S');
-
-			case 'T':
-			case 't':
-				return ('T');
-
-			}
-			break;
-
-		default:
-			fatal("Unknown state in scanner.");
-		}
-		yyerror((char *) 0);
-		state = CMD;
-		longjmp(errcatch,0);
-	}
-}
-
-void
-upper(s)
-	register char *s;
-{
-	while (*s != '\0') {
-		if (islower((int) (*s)))
-			*s = toupper((int) (*s));
-		s++;
-	}
-}
-
-static char *
-copy(s)
-	char *s;
-{
-	char *p;
-
-	p = strdup(s);
-	if (p == NULL)
-		fatal("Ran out of memory.");
-	return (p);
-}
-
-void
-help(ctab, s)
-	struct tab *ctab;
-	char *s;
-{
-	register struct tab *c;
-	register int width, NCMDS;
-	char str[80];
-	char *ftype;
-
-	if (ctab == sitetab)
-		ftype = "SITE ";
-	else
-		ftype = "";
-	width = 0, NCMDS = 0;
-	for (c = ctab; c->name != NULL; c++) {
-		int len = strlen(c->name);
-
-		if (len > width)
-			width = len;
-		NCMDS++;
-	}
-	width = (width + 8) &~ 7;
-	if (s == 0) {
-		register int i, j, w;
-		int columns, lines;
-		struct k5buf buf;
-
-		lreply(214, "The following %scommands are recognized %s.",
-		    ftype, "(* =>'s unimplemented)");
-		columns = 76 / width;
-		if (columns == 0)
-			columns = 1;
-		lines = (NCMDS + columns - 1) / columns;
-		for (i = 0; i < lines; i++) {
-			krb5int_buf_init_fixed(&buf, str, sizeof(str));
-			krb5int_buf_add(&buf, "   ");
-			for (j = 0; j < columns; j++) {
-				c = ctab + j * lines + i;
-				krb5int_buf_add_fmt(&buf, "%s%c", c->name,
-						    c->implemented ? ' '
-						    : '*');
-				if (c + lines >= &ctab[NCMDS])
-					break;
-				w = strlen(c->name) + 1;
-				while (w < width) {
-					krb5int_buf_add(&buf, " ");
-					w++;
-				}
-			}
-			reply(0, "%s", str);
-		}
-		reply(214, "Direct comments to ftp-bugs@%s.", hostname);
-		return;
-	}
-	upper(s);
-	c = lookup(ctab, s);
-	if (c == (struct tab *)0) {
-		reply(502, "Unknown command %s.", s);
-		return;
-	}
-	if (c->implemented)
-		reply(214, "Syntax: %s%s %s", ftype, c->name, c->help);
-	else
-		reply(214, "%s%-*s\t%s; unimplemented.", ftype, width,
-		    c->name, c->help);
-}
-
-void
-sizecmd(filename)
-char *filename;
-{
-	switch (type) {
-	case TYPE_L:
-	case TYPE_I: {
-		struct stat stbuf;
-		if (stat(filename, &stbuf) < 0 ||
-		    (stbuf.st_mode&S_IFMT) != S_IFREG)
-			reply(550, "%s: not a plain file.", filename);
-		else
-			reply(213, "%lu", (long) stbuf.st_size);
-		break;}
-	case TYPE_A: {
-		FILE *fin;
-		register int c;
-		register long count;
-		struct stat stbuf;
-		fin = fopen(filename, "r");
-		if (fin == NULL) {
-			perror_reply(550, filename);
-			return;
-		}
-		if (fstat(fileno(fin), &stbuf) < 0 ||
-		    (stbuf.st_mode&S_IFMT) != S_IFREG) {
-			reply(550, "%s: not a plain file.", filename);
-			(void) fclose(fin);
-			return;
-		}
-
-		count = 0;
-		while((c=getc(fin)) != EOF) {
-			if (c == '\n')	/* will get expanded to \r\n */
-				count++;
-			count++;
-		}
-		(void) fclose(fin);
-
-		reply(213, "%ld", count);
-		break;}
-	default:
-		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
-	}
-}
diff --git a/src/appl/gssftp/ftpd/ftpd.M b/src/appl/gssftp/ftpd/ftpd.M
deleted file mode 100644
index 5cdc9b3..0000000
--- a/src/appl/gssftp/ftpd/ftpd.M
+++ /dev/null
@@ -1,501 +0,0 @@
-.\" Copyright (c) 1985, 1988, 1991 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     @(#)ftpd.8	6.9 (Berkeley) 3/16/91
-.\" "
-.TH FTPD 8
-.SH NAME
-ftpd \- DARPA Internet File Transfer Protocol server
-.SH SYNOPSIS
-.B ftpd
-[\fB\-A \fP|\fB -a\fP] [\fB\-C\fP] [\fB\-c\fP] [\fB\-d\fP] [\fB-E\fP]
-[\fB\-l\fP] [\fB\-v\fP] [\fB\-T\fP \fImaxtimeout\fP] [\fB\-t\fP \fItimeout\fP]
-[\fB\-p\fP \fIport\fP] [\fB\-U\fP \fIftpusers-file\fP] [\fB\-u\fP \fIumask\fP]
-[\fB\-r\fP \fIrealm-file\fP] [\fB\-s\fP \fIsrvtab\fP]
-[\fB\-w\fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]}]
-.SH DESCRIPTION
-.B Ftpd
-is the
-.SM DARPA
-Internet File Transfer Protocol server process.  The server uses the
-.SM TCP
-protocol and listens at the port specified in the ``ftp'' service
-specification; see
-.IR services (5).
-.PP
-Available options:
-.TP
-.B \-A
-Connections are only allowed for users who can authenticate via the
-ftp AUTH mechanism. (Anonymous ftp may also be allowed if it is 
-configured.) Ftpd will ask the user for a password if one is
-required.
-.TP
-.B \-a
-Connections are only allowed for users who can authenticate (via the
-ftp AUTH mechanism) and who are authorized to connect to the named 
-account without a password. (Anonymous ftp may also be allowed if it is 
-configured.)
-.TP
-.B \-C
-Non-anonymous users need local credentials (for example, to authenticate
-to remote fileservers), and so they should be prompted for a password
-unless they forwarded credentials as part of authentication.
-.TP
-.B \-c
-Allow the CCC (Clear Command Channel) command to be used. This allows
-less secure connections, and should probably only be used when debugging.
-.TP
-.B \-d
-Debugging information is written to the syslog.  (Identical to -v)
-.TP
-.B \-E
-Don't allow passwords to be typed across unencrypted connections.
-.TP
-.B \-l
-Each
-.IR ftp (1)
-session is logged in the syslog.  If this flag appears twice, additional
-information about operations performed (such as files retrieved, directories
-created, etc.) will be logged via syslog.  If it appears three times, some
-other statistics such as the number of bytes transferred will be logged via
-syslog as well.
-.TP
-.B \-v
-Debugging information is written to the syslog.  (Identical to -d)
-.TP
-\fB\-T\fP \fImaxtimeout\fP
-A client may request a maximum timeout period allowed set to
-.I timeout
-seconds with the
-.B \-T
-option.  The default limit is 2 hours.  This is different from the normal
-inactivity timeout specified by the
-.B \-t
-option (see below).
-.TP
-\fB\-t\fP \fItimeout\fP
-The inactivity timeout period is set to
-.I timeout
-seconds (the default is 15 minutes).
-.TP
-\fB\-p\fP \fIport\fP
-Run as a server and accept a connection on
-.IR port .
-Normally the ftp server is invoked by
-.IR inetd (8).
-.TP
-\fB\-U\fP \fIftpusers-file\fP
-Sets the full path and name of the
-.I ftpusers
-file to use.  The default value is normally
-.IR /etc/ftpusers .
-.TP
-\fB\-u\fP \fIumask\fP
-Sets the umask for the ftpd process.  The default value is normally 027.
-.TP
-\fB\-w \fP{\fBip\fP|\fImaxhostlen\fP[\fB,\fP{\fBstriplocal\fP|\fBnostriplocal\fP}]}
-Controls the form of the remote hostname passed to login(1).
-Specifying \fBip\fP results in the numeric IP address always being
-passed to login(1).  Specifying a number, \fImaxhostlen\fP, sets the
-maximum length of the hostname passed to login(1) before it will be
-passed as a numeric IP address.  If \fImaxhostlen\fP is 0, then the
-system default, as determined by the utmp or utmpx structures, is
-used.  The \fBnostriplocal\fP and \fBstriplocal\fP options, which must
-be preceded by a comma, control whether or not the local host domain
-is stripped from the remote hostname.  By default, the equivalent of
-\fBstriplocal\fP is in effect.
-.PP
-The ftp server currently supports the following ftp requests; case is
-not distinguished.
-.TP "\w'Request\ \ 'u"
-.B Request
-.B Description
-.sp -1
-.TP
-ABOR
-abort previous command
-.sp -1
-.TP
-ACCT
-specify account (ignored)
-.sp -1
-.TP
-ADAT
-send an authentication protocol message
-.sp -1
-.TP
-ALLO
-allocate storage (vacuously)
-.sp -1
-.TP
-APPE
-append to a file
-.sp -1
-.TP
-AUTH
-specify an authentication protocol to be performed
-.sp -1
-.TP
-CCC
-set the command channel protection mode to "Clear" (no protection).
-Only available if the \fB-c\fP command-line option was given.
-.sp -1
-.TP
-CDUP
-change to parent of current working directory
-.sp -1
-.TP
-CWD
-change working directory
-.sp -1
-.TP
-DELE
-delete a file
-.sp -1
-.TP
-ENC
-send a privacy and integrity protected command (given in argument)
-.sp -1
-.TP
-HELP
-give help information
-.sp -1
-.TP
-LIST
-give list files in a directory (``ls -lgA'')
-.sp -1
-.TP
-MIC
-send an integrity protected command (given in argument)
-.sp -1
-.TP
-MKD
-make a directory
-.sp -1
-.TP
-MDTM
-show last modification time of file
-.sp -1
-.TP
-MODE
-specify data transfer
-.I mode
-.sp -1
-.TP
-NLST
-give name list of files in directory
-.sp -1
-.TP
-NOOP
-do nothing
-.sp -1
-.TP
-PASS
-specify password
-.sp -1
-.TP
-PASV
-prepare for server-to-server transfer
-.sp -1
-.TP
-PBSZ
-specify a protection buffer size
-.sp -1
-.TP
-PORT
-specify data connection port
-.sp -1
-.TP
-PROT
-specify a protection level under which to protect data transfers
-.sp -1
-.TP
-PWD
-print the current working directory
-.sp -1
-.TP
-QUIT
-terminate session
-.sp -1
-.TP
-REST
-restart incomplete transfer
-.sp -1
-.TP
-RETR
-retrieve a file
-.sp -1
-.TP
-RMD
-remove a directory
-.sp -1
-.TP
-RNFR
-specify rename-from file name
-.sp -1
-.TP
-RNTO
-specify rename-to file name
-.sp -1
-.TP
-SITE
-non-standard commands (see next section)
-.sp -1
-.TP
-SIZE
-return size of file
-.sp -1
-.TP
-STAT
-return status of server
-.sp -1
-.TP
-STOR
-store a file
-.sp -1
-.TP
-STOU
-store a file with a unique name
-.sp -1
-.TP
-STRU
-specify data transfer
-.I structure
-.sp -1
-.TP
-SYST
-show operating system type of server system
-.sp -1
-.TP
-TYPE
-specify data transfer
-.I type
-.sp -1
-.TP
-USER
-specify user name
-.sp -1
-.TP
-XCUP
-change to parent of current working directory (deprecated)
-.sp -1
-.TP
-XCWD
-change working directory (deprecated)
-.sp -1
-.TP
-XMKD
-make a directory (deprecated)
-.sp -1
-.TP
-XPWD
-print the current working directory (deprecated)
-.sp -1
-.TP
-XRMD
-remove a directory (deprecated)
-.PP
-The following non-standard or
-.SM UNIX
-specific commands are supported by the SITE request.
-.TP "\w'Request\ \ 'u"
-.B Request
-.B Description
-.sp -1
-.TP
-UMASK
-change umask. 
-.IR E.g. ,
-SITE UMASK 002
-.sp -1
-.TP
-IDLE
-set idle-timer. 
-.IR E.g. ,
-SITE IDLE 60
-.sp -1
-.TP
-CHMOD
-change mode of a file. 
-.IR E.g. ,
-SITE CHMOD 755 filename
-.sp -1
-.TP
-HELP
-give help information.
-.IR E.g. ,
-SITE HELP
-.PP
-The remaining ftp requests specified in Internet
-.I RFC 959
-are recognized, but not implemented.  MDTM and SIZE are not specified in
-.I RFC
-.IR 959 ,
-but will appear in the next updated FTP RFC.
-.PP
-The ftp server will abort an active file transfer only when the ABOR
-command is preceded by a Telnet "Interrupt Process" (IP) signal and a
-Telnet "Synch" signal in the command Telnet stream, as described in
-Internet
-.I RFC
-.IR 959 .
-If a STAT command is received during a data transfer, preceded by a
-Telnet IP and Synch, transfer status will be returned.
-.PP
-.B Ftpd
-interprets file names according to the
-``globbing''
-conventions used by
-.IR csh (1).
-This allows users to utilize the metacharacters ``\&*?[]{}~''.
-.PP
-.B Ftpd
-authenticates users according to the following rules:
-.sp
-.TP
-  1.
-The user name must be in the password data base,
-.IR /etc/passwd .
-.TP
-  2.
-An
-.SM AUTH
-command must be accepted, the ensuing authentication protocol (conducted
-via
-.SM ADAT
-commands and replies) must successfully complete, and the authenticated
-user must permitted access.  Otherwise, a valid password which is not
-null must be provided by the client.
-.TP
-  3.
-The user name must not appear in the file
-.IR /etc/ftpusers .
-.TP
-  4.
-The user must have a standard shell returned by 
-.IR getusershell (3).
-.TP
-  5.
-If the user name is ``anonymous'' or ``ftp'', an anonymous ftp account
-must be present in the password file (user ``ftp'').  In this case the
-user is allowed to log in by specifying any password (by convention this
-is given as the client host's name).
-.PP
-In the last case,
-.B ftpd
-takes special measures to restrict the client's access privileges.  The
-server performs a
-.IR chroot (2)
-command to the home directory of the ``ftp'' user.  In order that system
-security is not breached, it is recommended that the ``ftp'' subtree be
-constructed with care; the following rules are recommended.
-.TP
-.I ~ftp
-Make the home directory owned by ``ftp'' and unwritable by anyone.
-.TP
-.I ~ftp/bin
-Make this directory owned by the super-user and unwritable by anyone.
-The program
-.IR ls (1)
-must be present to support the list command.  This program should have
-mode 111.
-.TP
-.I ~ftp/etc
-Make this directory owned by the super-user and unwritable by anyone.
-The files
-.IR passwd (5)
-and
-.IR group (5)
-must be present for the
-.I ls
-command to be able to produce owner names rather than numbers.  The
-password field in
-.I passwd
-is not used, and should not contain real encrypted passwords.  These
-files should be mode 444.
-.TP
-.I ~ftp/pub
-Make this directory mode 777 and owned by ``ftp''.  Users should then
-place files which are to be accessible via the anonymous account in this
-directory.
-.PP
-If an
-.SM ADAT
-command succeeds, the control channel must be either integrity or
-privacy protected.  In this case, the
-.SM MIC
-and
-.SM ENC
-commands are the only commands allowed over the control channel.  The
-argument to the
-.SM MIC
-command is a base 64 encoded string which, when decoded, is an ftp
-command integrity protected with a cryptographic checksum.  The argument
-to the
-.SM ENC
-command is a base 64 encoded string which, when decoded, is an ftp
-command privacy and integrity protected with encryption.
-.PP
-If an
-.SM ADAT
-command succeeds, ftp replies will also be either integrity or privacy
-protected.
-.PP
-If an
-.SM ADAT
-command succeeds, the data channel can also be integrity or privacy
-protected.  The
-.SM PROT
-command accepts S for integrity and P for privacy protection.  Unless an
-.SM ADAT
-command succeeds, the only protection level accepted by the
-.SM PROT
-command is C (clear).
-.SH SEE ALSO
-.IR ftp (1),
-.IR getusershell (3),
-.IR syslogd (8)
-.PP
-Lunt, S. J., FTP Security Extensions, Internet Draft, November 1993.
-.SH BUGS
-The anonymous account is inherently dangerous and should avoided when
-possible.
-.PP
-The server must run as the super-user to create sockets with privileged
-port numbers.  It maintains an effective user id of the logged in user,
-reverting to the super-user only when binding addresses to sockets.  The
-possible security holes have been extensively scrutinized, but are
-possibly incomplete.
-.SH HISTORY
-The
-.B ftpd
-command appeared in 4.2BSD.
diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c
deleted file mode 100644
index 7958fac..0000000
--- a/src/appl/gssftp/ftpd/ftpd.c
+++ /dev/null
@@ -1,2725 +0,0 @@
-/*
- * Copyright (c) 1985, 1988, 1990 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-char copyright[] =
-"@(#) Copyright (c) 1985, 1988, 1990 Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-#ifndef lint
-static char sccsid[] = "@(#)ftpd.c	5.40 (Berkeley) 7/2/91";
-#endif /* not lint */
-
-/*
- * FTP server.
- */
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <sys/file.h>
-#include <netinet/in.h>
-#include <netinet/in_systm.h>
-#include <netinet/ip.h>
-
-#define	FTP_NAMES
-#include <arpa/ftp.h>
-#include <arpa/inet.h>
-#include <arpa/telnet.h>
-
-#include <signal.h>
-#include <dirent.h>
-#include <fcntl.h>
-#include <time.h>
-#include <pwd.h>
-#ifdef HAVE_SHADOW
-#include <shadow.h>
-#endif
-#include <grp.h>
-#include <setjmp.h>
-#ifndef POSIX_SETJMP
-#undef sigjmp_buf
-#undef sigsetjmp
-#undef siglongjmp
-#define sigjmp_buf	jmp_buf
-#define sigsetjmp(j,s)	setjmp(j)
-#define siglongjmp	longjmp
-#endif
-#include <netdb.h>
-#include <errno.h>
-#include <syslog.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-#ifndef STDARG
-#if (defined(__STDC__) && ! defined(VARARGS)) || defined(HAVE_STDARG_H)
-#define STDARG
-#endif
-#endif
-#ifdef STDARG
-#include <stdarg.h>
-#endif
-#include "pathnames.h"
-#include <libpty.h>
-
-#include <k5-platform.h>
-
-#ifdef NEED_SETENV
-extern int setenv(char *, char *, int);
-#endif
-
-#ifndef L_SET
-#define L_SET 0
-#endif
-#ifndef L_INCR
-#define L_INCR 1
-#endif
-
-#ifndef HAVE_STRERROR
-#define strerror(error)	(sys_errlist[error])
-#ifdef NEED_SYS_ERRLIST
-extern char *sys_errlist[];
-#endif
-#endif
-
-extern char *mktemp ();
-char *ftpusers;
-extern int yyparse(void);
-
-#include <k5-util.h>
-#include "port-sockets.h"
-
-#ifdef GSSAPI
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-#include <gssapi/gssapi_krb5.h>
-gss_ctx_id_t gcontext;
-gss_buffer_desc client_name;
-static char *gss_services[] = { "ftp", "host", NULL };
-
-#include <krb5.h>
-krb5_context kcontext;
-krb5_ccache ccache;
-
-static void ftpd_gss_convert_creds(char *name, gss_cred_id_t);
-static int ftpd_gss_userok(gss_buffer_t, char *name);
-
-static void log_gss_error(int, OM_uint32, OM_uint32, const char *);
-
-#endif /* GSSAPI */
-
-char *auth_type;	/* Authentication succeeded?  If so, what type? */
-static char *temp_auth_type;
-int authorized;		/* Auth succeeded and was accepted by gssapi */
-int have_creds;		/* User has credentials on disk */
-
-/*
- * File containing login names
- * NOT to be used on this machine.
- * Commonly used to disallow uucp.
- */
-#include "ftpd_var.h"
-#include "secure.h"
-
-extern	char *crypt();
-extern	char version[];
-extern	char *home;		/* pointer to home directory for glob */
-extern	FILE *ftpd_popen(), *fopen(), *freopen();
-extern	int  ftpd_pclose(), fclose();
-extern	char cbuf[];
-extern	off_t restart_point;
-
-struct	sockaddr_in ctrl_addr;
-struct	sockaddr_in data_source;
-struct	sockaddr_in data_dest;
-struct	sockaddr_in his_addr;
-struct	sockaddr_in pasv_addr;
-
-int	data;
-jmp_buf	errcatch;
-sigjmp_buf urgcatch;
-int	logged_in;
-struct	passwd *pw;
-int	debug;
-int	allow_ccc = 0;    /* whether or not the CCC command is allowed */
-int	ccc_ok = 0;       /* whether or not to accept cleartext commands */
-int	timeout = 900;    /* timeout after 15 minutes of inactivity */
-int	maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */
-int	logging;
-int	authlevel;
-int	want_creds;
-int	guest;
-int	restricted;
-int	type;
-int	clevel;			/* control protection level */
-int	dlevel;			/* data protection level */
-int	form;
-int	stru;			/* avoid C keyword */
-int	mode;
-int	usedefault = 1;		/* for data transfers */
-int	pdata = -1;		/* for passive mode */
-int	transflag;
-off_t	file_size;
-off_t	byte_count;
-#if !defined(CMASK) || CMASK == 0
-#undef CMASK
-#define CMASK 027
-#endif
-int	defumask = CMASK;		/* default umask value */
-char	tmpline[FTP_BUFSIZ];
-char    pathbuf[MAXPATHLEN + 1];
-char	hostname[MAXHOSTNAMELEN];
-char	remotehost[MAXHOSTNAMELEN];
-char	rhost_addra[16];
-char	*rhost_sane;
-
-/* Defines for authlevel */
-#define AUTHLEVEL_NONE		0
-#define AUTHLEVEL_AUTHENTICATE	1
-#define AUTHLEVEL_AUTHORIZE	2
-
-/*
- * Timeout intervals for retrying connections
- * to hosts that don't accept PORT cmds.  This
- * is a kludge, but given the problems with TCP...
- */
-#define	SWAITMAX	90	/* wait at most 90 seconds */
-#define	SWAITINT	5	/* interval between retries */
-
-int	swaitmax = SWAITMAX;
-int	swaitint = SWAITINT;
-
-void	lostconn(int), myoob(int);
-FILE	*getdatasock(char *);
-#if defined(__STDC__)
-/*
- * The following prototypes must be ANSI for systems for which
- * sizeof(off_t) > sizeof(int) to prevent stack overflow problems
- */
-FILE	*dataconn(char *name, off_t size, char *mymode);
-void	send_data(FILE *instr, FILE *outstr, off_t blksize);
-#else
-void	send_data();
-FILE	*dataconn();
-#endif
-static void dolog(struct sockaddr_in *);
-static int receive_data(FILE *, FILE *);
-static void login(char *passwd, int logincode);
-static void end_login(void);
-static int disallowed_user(char *);
-static int restricted_user(char *);
-static int checkuser(char *);
-static char *gunique(char *);
-
-#ifdef SETPROCTITLE
-char	**Argv = NULL;		/* pointer to argument vector */
-char	*LastArgv = NULL;	/* end of argv */
-char	proctitle[FTP_BUFSIZ];	/* initial part of title */
-#endif /* SETPROCTITLE */
-
-#ifdef __SCO__
-/* sco has getgroups and setgroups but no initgroups */
-int initgroups(char* name, gid_t basegid) {
-  gid_t others[NGROUPS_MAX+1];
-  int ngrps;
-
-  others[0] = basegid;
-  ngrps = getgroups(NGROUPS_MAX, others+1);
-  return setgroups(ngrps+1, others);
-}
-#endif
-
-int stripdomain = 1;
-int maxhostlen = 0;
-int always_ip = 0;
-
-int
-main(argc, argv, envp)
-	int argc;
-	char *argv[];
-	char **envp;
-{
-	int addrlen, c, on = 1, tos, port = -1;
-	extern char *optarg;
-	extern int optopt;
-	char *option_string = "AaCcdElp:T:t:U:u:vw:";
-	ftpusers = _PATH_FTPUSERS_DEFAULT;
-
-	debug = 0;
-#ifdef SETPROCTITLE
-	/*
-	 *  Save start and extent of argv for setproctitle.
-	 */
-	Argv = argv;
-	while (*envp)
-		envp++;
-	LastArgv = envp[-1] + strlen(envp[-1]);
-#endif /* SETPROCTITLE */
-
-#ifdef GSSAPI
-	krb5_init_context(&kcontext);
-#endif
-
-	while ((c = getopt(argc, argv, option_string)) != -1) {
-		switch (c) {
-
-		case 'v':
-			debug = 1;
-			break;
-
-		case 'd':
-			debug = 1;
-			break;
-
-		case 'E':
-			if (!authlevel)
-				authlevel = AUTHLEVEL_AUTHENTICATE;
-			break;
-
-		case 'l':
-			logging ++;
-			break;
-
-		case 'a':
-			authlevel = AUTHLEVEL_AUTHORIZE;
-			break;
-
-		case 'A':
-			authlevel = AUTHLEVEL_AUTHENTICATE;
-			break;
-
-		case 'C':
-			want_creds = 1;
-			break;
-
-		case 'c':
-			allow_ccc = 1;
-			break;
-
-		case 'p':
-			port = atoi(optarg);
-			break;
-
-		case 't':
-			timeout = atoi(optarg);
-			if (maxtimeout < timeout)
-				maxtimeout = timeout;
-			break;
-
-		case 'T':
-			maxtimeout = atoi(optarg);
-			if (timeout > maxtimeout)
-				timeout = maxtimeout;
-			break;
-
-		case 'u':
-			{
-			    int val = 0;
-			    char *umask_val = optarg;
-
-			    while (*umask_val >= '0' && *umask_val <= '9') {
-				    val = val*8 + *umask_val - '0';
-				    umask_val++;
-			    }
-			    if (*umask_val != ' ' && *umask_val != '\0')
-				    fprintf(stderr, "ftpd: Bad value for -u\n");
-			    else
-				    defumask = val;
-			    break;
-			}
-
-		case 'U':
-			ftpusers = optarg;
-			break;
-
-		case 'w':
-		{
-			char *foptarg;
-			foptarg = optarg;
-
-			if (!strcmp(foptarg, "ip"))
-				always_ip = 1;
-			else {
-				char *cp2;
-				cp2 = strchr(foptarg, ',');
-				if (cp2 == NULL)
-					maxhostlen = atoi(foptarg);
-				else if (*(++cp2)) {
-					if (!strcmp(cp2, "striplocal"))
-						stripdomain = 1;
-					else if (!strcmp(cp2, "nostriplocal"))
-						stripdomain = 0;
-					else {
-						fprintf(stderr,
-							"ftpd: bad arg to -w\n");
-						exit(1);
-					}
-					*(--cp2) = '\0';
-					maxhostlen = atoi(foptarg);
-				}
-			}
-			break;
-		}
-		default:
-			fprintf(stderr, "ftpd: Unknown flag -%c ignored.\n",
-			     (char)optopt);
-			break;
-		}
-	}
-
-	if (port != -1) {
-		struct sockaddr_in sin4;
-		int s, ns;
-		socklen_t sz;
-
-		/* Accept an incoming connection on port.  */
-		sin4.sin_family = AF_INET;
-		sin4.sin_addr.s_addr = INADDR_ANY;
-		sin4.sin_port = htons(port);
-		s = socket(AF_INET, SOCK_STREAM, 0);
-		if (s < 0) {
-			perror("socket");
-			exit(1);
-		}
-		(void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-				  (char *)&on, sizeof(on));
-		if (bind(s, (struct sockaddr *)&sin4, sizeof sin4) < 0) {
-			perror("bind");
-			exit(1);
-		}
-		if (listen(s, 1) < 0) {
-			perror("listen");
-			exit(1);
-		}
-		sz = sizeof sin4;
-		ns = accept(s, (struct sockaddr *)&sin4, &sz);
-		if (ns < 0) {
-			perror("accept");
-			exit(1);
-		}
-		(void) close(s);
-		(void) dup2(ns, 0);
-		(void) dup2(ns, 1);
-		(void) dup2(ns, 2);
-		if (ns > 2)
-		  (void) close(ns);
-	}
-
-	/*
-	 * LOG_NDELAY sets up the logging connection immediately,
-	 * necessary for anonymous ftp's that chroot and can't do it later.
-	 */
-#ifndef LOG_NDELAY
-/* Ultrix syslog does not support NDELAY.  */
-#define LOG_NDELAY 0
-#endif
-#ifndef LOG_DAEMON
-#define LOG_DAEMON 0
-#endif
-	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
-
-	addrlen = sizeof (his_addr);
-	if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) {
-		syslog(LOG_ERR, "getpeername (%s): %m",argv[0]);
-		exit(1);
-	}
-	addrlen = sizeof (ctrl_addr);
-	if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) {
-		syslog(LOG_ERR, "getsockname (%s): %m",argv[0]);
-		exit(1);
-	}
-#ifdef IP_TOS
-#ifdef IPTOS_LOWDELAY
-	tos = IPTOS_LOWDELAY;
-	if (setsockopt(0, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
-		syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-#endif
-#endif
-	port = ntohs(ctrl_addr.sin_port);
-	data_source.sin_port = htons(port - 1);
-
-	(void) freopen("/dev/null", "w", stderr);
-	(void) signal(SIGPIPE, lostconn);
-	(void) signal(SIGCHLD, SIG_IGN);
-#ifdef SIGURG
-#ifdef POSIX_SIGNALS
-	{
-		struct sigaction sa;
-
-		sigemptyset(&sa.sa_mask);
-		sa.sa_flags = 0;
-		sa.sa_handler = myoob;
-		if (sigaction(SIGURG, &sa, NULL) < 0)
-			syslog(LOG_ERR, "signal: %m");
-	}
-#else
-	if ((long)signal(SIGURG, myoob) < 0)
-		syslog(LOG_ERR, "signal: %m");
-#endif /* POSIX_SIGNALS */
-#endif /* SIGURG */
-
-	/* Try to handle urgent data inline */
-#ifdef SO_OOBINLINE
-	if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) < 0)
-		syslog(LOG_ERR, "setsockopt: %m");
-#endif
-
-#ifdef	F_SETOWN
-	if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1)
-		syslog(LOG_ERR, "fcntl F_SETOWN: %m");
-#endif
-	dolog(&his_addr);
-	/*
-	 * Set up default state
-	 */
-	data = -1;
-	clevel = dlevel = PROT_C;
-	type = TYPE_A;
-	form = FORM_N;
-	stru = STRU_F;
-	mode = MODE_S;
-	tmpline[0] = '\0';
-	(void) gethostname(hostname, sizeof (hostname));
-	reply(220, "%s FTP server (%s) ready.", hostname, version);
-	(void) setjmp(errcatch);
-	for (;;)
-		(void) yyparse();
-	/* NOTREACHED */
-}
-
-void
-lostconn(sig)
-int sig;
-{
-	if (debug)
-		syslog(LOG_DEBUG, "lost connection");
-	dologout(-1);
-}
-
-static char ttyline[20];
-
-/*
- * Helper function for sgetpwnam().
- */
-static char *
-sgetsave(s)
-	char *s;
-{
-	char *new = strdup(s);
-
-	if (new == NULL) {
-		perror_reply(421, "Local resource failure: malloc");
-		dologout(1);
-		/* NOTREACHED */
-	}
-	return (new);
-}
-
-/*
- * Save the result of a getpwnam.  Used for USER command, since
- * the data returned must not be clobbered by any other command
- * (e.g., globbing).
- */
-static struct passwd *
-sgetpwnam(name)
-	char *name;
-{
-	static struct passwd save;
-	register struct passwd *p;
-#ifdef HAVE_SHADOW
-	register struct spwd *sp;
-#endif
-	if ((p = getpwnam(name)) == NULL)
-		return (p);
-	if (save.pw_name) {
-		free(save.pw_name);
-		free(save.pw_passwd);
-		free(save.pw_gecos);
-		free(save.pw_dir);
-		free(save.pw_shell);
-	}
-	save = *p;
-	save.pw_name = sgetsave(p->pw_name);
-#ifdef HAVE_SHADOW
-	if ((sp = getspnam(name)) == NULL)
-	    save.pw_passwd = sgetsave(p->pw_passwd);
-	else
-	    save.pw_passwd = sgetsave(sp->sp_pwdp);
-#else
-	save.pw_passwd = sgetsave(p->pw_passwd);
-#endif
-	save.pw_gecos = sgetsave(p->pw_gecos);
-	save.pw_dir = sgetsave(p->pw_dir);
-	save.pw_shell = sgetsave(p->pw_shell);
-	return (&save);
-}
-
-/*
- * Expand the given pathname relative to the current working directory.
- */
-static char *
-path_expand(path)
-       char *path;
-{
-	pathbuf[0] = '\x0';
-	if (!path) return pathbuf;
-	/* Don't bother with getcwd() if the path is absolute */
-	if (path[0] != '/') {
-	        if (!getcwd(pathbuf, sizeof pathbuf)) {
-		        pathbuf[0] = '\x0';
-			syslog(LOG_ERR, "getcwd() failed");
-		}
-		else {
-		        int len = strlen(pathbuf);
-			if (pathbuf[len-1] != '/') {
-			        pathbuf[len++] = '/';
-				pathbuf[len] = '\x0';
-			}
-		}
-	}
-	return strncat(pathbuf, path,
-		       sizeof (pathbuf) - strlen(pathbuf) - 1);
-}
-
-/*
- * Set data channel protection level
- */
-void
-setdlevel(prot_level)
-int prot_level;
-{
-	switch (prot_level) {
-		case PROT_S:
-#ifndef NOENCRYPTION
-		case PROT_P:
-#endif
-			if (auth_type)
-		case PROT_C:
-				reply(200, "Data channel protection level set to %s.",
-					(dlevel = prot_level) == PROT_S ?
-						"safe" : dlevel == PROT_P ?
-						"private" : "clear");
-			else
-		default:	reply(536, "%s protection level not supported.",
-					levelnames[prot_level]);
-	}
-}
-
-int login_attempts;		/* number of failed login attempts */
-int askpasswd;			/* had user command, ask for passwd */
-
-/*
- * USER command.
- * Sets global passwd pointer pw if named account exists and is acceptable;
- * sets askpasswd if a PASS command is expected.  If logged in previously,
- * need to reset state.  If name is "ftp" or "anonymous", the name is not in
- * ftpusers, and ftp account exists, set guest and pw, then just return.
- * If account doesn't exist, ask for passwd anyway.  Otherwise, check user
- * requesting login privileges.  Disallow anyone who does not have a standard
- * shell as returned by getusershell().  Disallow anyone mentioned in the file
- * ftpusers to allow people such as root and uucp to be avoided, except
- * for users whose names are followed by whitespace and then the keyword
- * "restrict."  Restricted users are allowed to login, but a chroot() is
- * done to their home directory.
- */
-void
-user(name)
-	char *name;
-{
-	register char *cp;
-	char *shell;
-	char buf[FTP_BUFSIZ];
-#ifdef HAVE_GETUSERSHELL
-	char *getusershell();
-#endif
-
-	if (logged_in) {
-		if (guest) {
-			reply(530, "Can't change user from guest login.");
-			return;
-		}
-		end_login();
-	}
-
-	authorized = guest = 0;
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
-		if (disallowed_user("ftp") || disallowed_user("anonymous"))
-			reply(530, "User %s access denied.", name);
-		else if ((pw = sgetpwnam("ftp")) != NULL) {
-			guest = 1;
-			askpasswd = 1;
-			reply(331, "Guest login ok, send ident as password.");
-		} else
-			reply(530, "User %s unknown.", name);
-		return;
-	}
-
-	/*
-	 * If authentication is required, check that before anything
-	 * else to avoid leaking information.
-	 */
-	if (authlevel && !auth_type) {
-		reply(530,
-		      "Must perform authentication before identifying USER.");
-		return;
-	}
-
-	pw = sgetpwnam(name);
-	if (pw) {
-		if ((shell = pw->pw_shell) == NULL || *shell == 0)
-			shell = "/bin/sh";
-#ifdef HAVE_GETUSERSHELL
-		setusershell();
-		while ((cp = getusershell()) != NULL)
-			if (strcmp(cp, shell) == 0)
-				break;
-		endusershell();
-#else
-		cp = shell;
-#endif
-		if (cp == NULL || disallowed_user(name)) {
-			reply(530, "User %s access denied.", name);
-			if (logging)
-				syslog(LOG_NOTICE,
-				    "FTP LOGIN REFUSED FROM %s, %s (%s)",
-				    rhost_addra, remotehost, name);
-			pw = (struct passwd *) NULL;
-			return;
-		}
-		restricted = restricted_user(name);
-	}
-
-	if (auth_type) {
-		int result;
-#ifdef GSSAPI
-		if (auth_type && strcmp(auth_type, "GSSAPI") == 0) {
-			int len;
-
-			authorized = ftpd_gss_userok(&client_name, name) == 0;
-			len = sizeof("GSSAPI user  is not authorized as "
-				     "; Password required.")
-				+ strlen(client_name.value)
-				+ strlen(name);
-			if (len >= sizeof(buf)) {
-				syslog(LOG_ERR, "user: username too long");
-				name = "[username too long]";
-			}
-			snprintf(buf, sizeof(buf),
-				 "GSSAPI user %s is%s authorized as %s",
-				(char *) client_name.value,
-				authorized ? "" : " not",
-				name);
-		}
-#endif /* GSSAPI */
-
-		if (!authorized && authlevel == AUTHLEVEL_AUTHORIZE) {
-			strncat(buf, "; Access denied.",
-				sizeof(buf) - strlen(buf) - 1);
-			result = 530;
-			pw = NULL;
-		} else if (!authorized || (want_creds && !have_creds)) {
-			strncat(buf, "; Password required.",
-				sizeof(buf) - strlen(buf) - 1);
-			askpasswd = 1;
-			result = 331;
-		} else
-			result = 232;
-		if (result == 232)
-			login(NULL, result);
-		reply(result, "%s", buf);
-		syslog(authorized ? LOG_INFO : LOG_ERR, "%s", buf);
-		return;
-	}
-
-	/* User didn't authenticate and authentication wasn't required. */
-	reply(331, "Password required for %s.", name);
-	askpasswd = 1;
-
-	/*
-	 * Delay before reading passwd after first failed
-	 * attempt to slow down passwd-guessing programs.
-	 */
-	if (login_attempts)
-		sleep((unsigned) login_attempts);
-}
-
-/*
- * Check if a user is in the file ftpusers.
- * Return 1 if they are (a disallowed user), -1 if their username
- * is followed by "restrict." (a restricted user).  Otherwise return 0.
- */
-static int
-checkuser(name)
-	char *name;
-{
-	register FILE *fd;
-	register char *p;
-	char line[FTP_BUFSIZ];
-
-	if ((fd = fopen(ftpusers, "r")) != NULL) {
-	     while (fgets(line, sizeof(line), fd) != NULL) {
-	          if ((p = strchr(line, '\n')) != NULL) {
-			*p = '\0';
-			if (line[0] == '#')
-			     continue;
-			if (strcmp(line, name) == 0)
-			     return (1);
-			if (strncmp(line, name, strlen(name)) == 0) {
-			     int i = strlen(name) + 1;
-
-			     /* Make sure foo doesn't match foobar */
-			     if (line[i] == '\0' || !isspace((int) line[i]))
-			          continue;
-			     /* Ignore whitespace */
-			     while (isspace((int) line[++i]));
-
-			     if (strcmp(&line[i], "restrict") == 0)
-			          return (-1);
-			     else
-			          return (1);
-			}
-		  }
-	     }
-	     (void) fclose(fd);
-	}
-
-	return (0);
-}
-
-static int
-disallowed_user(name)
-        char *name;
-{
-        return(checkuser(name) == 1);
-}
-
-static int
-restricted_user(name)
-        char *name;
-{
-        return(checkuser(name) == -1);
-}
-
-/*
- * Terminate login as previous user, if any, resetting state;
- * used when USER command is given or login fails.
- */
-static void
-end_login()
-{
-
-	(void) krb5_seteuid((uid_t)0);
-	if (logged_in)
-		pty_logwtmp(ttyline, "", "");
-	if (have_creds) {
-#ifdef GSSAPI
-		krb5_cc_destroy(kcontext, ccache);
-#endif
-		have_creds = 0;
-	}
-	pw = NULL;
-	logged_in = 0;
-	guest = 0;
-}
-
-static int
-kpass(name, passwd)
-char *name, *passwd;
-{
-#ifdef GSSAPI
-	krb5_principal server, me;
-	krb5_creds my_creds;
-	krb5_timestamp now;
-#endif /* GSSAPI */
-	char ccname[MAXPATHLEN];
-
-#ifdef GSSAPI
-	memset(&my_creds, 0, sizeof(my_creds));
-	if (krb5_parse_name(kcontext, name, &me))
-		return 0;
-	my_creds.client = me;
-
-	snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld",
-		 (long) getpid());
-	if (krb5_cc_resolve(kcontext, ccname, &ccache))
-		return(0);
-	if (krb5_cc_initialize(kcontext, ccache, me))
-		return(0);
-	if (krb5_build_principal_ext(kcontext, &server,
-				     krb5_princ_realm(kcontext, me)->length,
-				     krb5_princ_realm(kcontext, me)->data,
-				     KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
-				     krb5_princ_realm(kcontext, me)->length,
-				     krb5_princ_realm(kcontext, me)->data,
-				     0))
-		goto nuke_ccache;
-
-	my_creds.server = server;
-	if (krb5_timeofday(kcontext, &now))
-		goto nuke_ccache;
-	my_creds.times.starttime = 0; /* start timer when
-					 request gets to KDC */
-	my_creds.times.endtime = now + 60 * 60 * 10;
-	my_creds.times.renew_till = 0;
-
-	if (krb5_get_init_creds_password(kcontext, &my_creds, me,
-					 passwd, NULL, NULL, 0, NULL, NULL))
-	  goto nuke_ccache;
-
-	if (krb5_cc_store_cred(kcontext, ccache, &my_creds))
-	  goto nuke_ccache;
-
-	if (!want_creds) {
-		krb5_cc_destroy(kcontext, ccache);
-		return(1);
-	}
-
-	have_creds = 1;
-	return(1);
-#endif /* GSSAPI */
-
-nuke_ccache:
-#ifdef GSSAPI
-	krb5_cc_destroy(kcontext, ccache);
-#endif /* GSSAPI */
-	return(0);
-}
-
-void
-pass(passwd)
-	char *passwd;
-{
-	char *xpasswd, *salt;
-
-	if (authorized && !want_creds) {
-		reply(202, "PASS command superfluous.");
-		return;
-	}
-
-	if (logged_in || askpasswd == 0) {
-	  	reply(503, "Login with USER first.");
-		return;
-	}
-
-	if (!guest) {
-	    	/* "ftp" is only account allowed no password */
-		if (pw == NULL)
-			salt = "xx";
-		else
-			salt = pw->pw_passwd;
-#ifdef __SCO__
-		/* SCO does not provide crypt.  */
-		xpasswd = "";
-#else
-		xpasswd = crypt(passwd, salt);
-#endif
-		/* Fail if:
-		 *   pw is NULL
-		 *   kpass fails and we want_creds
-		 *   kpass fails and the user has no local password
-		 *   kpass fails and the provided password doesn't match pw
-		 */
-		if (pw == NULL || (!kpass(pw->pw_name, passwd) &&
-				   (want_creds || !*pw->pw_passwd ||
-				    strcmp(xpasswd, pw->pw_passwd)))) {
-			pw = NULL;
-			sleep(5);
-			if (++login_attempts >= 3) {
-				reply(421,
-				      "Login incorrect, closing connection.");
-				syslog(LOG_NOTICE,
-				       "repeated login failures from %s (%s)",
-				       rhost_addra, remotehost);
-				dologout(0);
-			}
-			reply(530, "Login incorrect.");
-			return;
-	        }
-	}
-	login_attempts = 0;		/* this time successful */
-
-	login(passwd, 0);
-	return;
-}
-
-static void
-login(passwd, logincode)
-	char *passwd;
-	int logincode;
-{
-	if (have_creds) {
-#ifdef GSSAPI
-		const char *ccname = krb5_cc_get_name(kcontext, ccache);
-		chown(ccname, pw->pw_uid, pw->pw_gid);
-#endif
-	}
-
-	(void) krb5_setegid((gid_t)pw->pw_gid);
-	(void) initgroups(pw->pw_name, pw->pw_gid);
-
-	/* open wtmp before chroot */
-	(void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid());
-	pty_logwtmp(ttyline, pw->pw_name, rhost_sane);
-	logged_in = 1;
-
-	if (guest || restricted) {
-		if (chroot(pw->pw_dir) < 0) {
-			reply(550, "Can't set privileges.");
-			goto bad;
-		}
-	}
-#ifdef HAVE_SETLUID
-  	/*
-  	 * If we're on a system which keeps track of login uids, then
- 	 * set the login uid. If this fails this opens up a problem on DEC OSF
- 	 * with C2 enabled.
-	 */
-	if (((uid_t)getluid() != pw->pw_uid)
-	    && setluid((uid_t)pw->pw_uid) < 0) {
-	        reply(550, "Can't set luid.");
-		goto bad;
-	}
-#endif
-	if (krb5_seteuid((uid_t)pw->pw_uid) < 0) {
-	        reply(550, "Can't set uid.");
-		goto bad;
-	}
-	if (guest) {
-		/*
-		 * We MUST do a chdir() after the chroot. Otherwise
-		 * the old current directory will be accessible as "."
-		 * outside the new root!
-		 */
-		if (chdir("/") < 0) {
-			reply(550, "Can't set guest privileges.");
-			goto bad;
-		}
-	} else {
-	        if (chdir(restricted ? "/" : pw->pw_dir) < 0) {
-		        if (chdir("/") < 0) {
-			        reply(530, "User %s: can't change directory to %s.",
-				      pw->pw_name, pw->pw_dir);
-				goto bad;
-			} else {
-				if (!logincode)
-					logincode = 230;
-			        lreply(logincode, "No directory! Logging in with home=/");
-			}
-		}
-	}
-	if (guest) {
-		reply(230, "Guest login ok, access restrictions apply.");
-#ifdef SETPROCTITLE
-		snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%.*s",
-			 rhost_sane, passwd);
-		setproctitle(proctitle);
-#endif /* SETPROCTITLE */
-		if (logging)
-			syslog(LOG_INFO,
-			       "ANONYMOUS FTP LOGIN FROM %s, %s (%s)",
-			       rhost_addra, remotehost, passwd);
-	} else {
-		if (askpasswd) {
-			askpasswd = 0;
-			reply(230, "User %s logged in.", pw->pw_name);
-		}
-#ifdef SETPROCTITLE
-		snprintf(proctitle, sizeof(proctitle), "%s: %s",
-			 rhost_sane, pw->pw_name);
-		setproctitle(proctitle);
-#endif /* SETPROCTITLE */
-		if (logging)
-			syslog(LOG_INFO, "FTP LOGIN FROM %s, %s (%s)",
-			    rhost_addra, remotehost, pw->pw_name);
-	}
-	home = pw->pw_dir;		/* home dir for globbing */
-	(void) umask(defumask);
-	return;
-bad:
-	/* Forget all about it... */
-	end_login();
-}
-
-void
-retrieve(cmd, name)
-	char *cmd, *name;
-{
-	FILE *fin, *dout;
-	struct stat st;
-	int (*closefunc)();
-
-	if (logging > 1 && !cmd)
-	        syslog(LOG_NOTICE, "get %s", path_expand(name));
-	if (cmd == 0) {
-		fin = fopen(name, "r"), closefunc = fclose;
-		st.st_size = 0;
-	} else {
-		char line[FTP_BUFSIZ];
-
-		if (strlen(cmd) + strlen(name) + 1 >= sizeof(line)) {
-			syslog(LOG_ERR, "retrieve: filename too long");
-			reply(501, "filename too long");
-			return;
-		}
-		(void) snprintf(line, sizeof(line), cmd, name), name = line;
-		fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose;
-		st.st_size = -1;
-#ifndef NOSTBLKSIZE
-		st.st_blksize = FTP_BUFSIZ;
-#endif
-	}
-	if (fin == NULL) {
-		if (errno != 0)
-			perror_reply(550, name);
-		return;
-	}
-	if (cmd == 0 &&
-	    (fstat(fileno(fin), &st) < 0 || (st.st_mode&S_IFMT) != S_IFREG)) {
-		reply(550, "%s: not a plain file.", name);
-		goto done;
-	}
-	if (restart_point) {
-		if (type == TYPE_A) {
-			register int i, n, c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fin)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-		} else if (lseek(fileno(fin), restart_point, L_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	dout = dataconn(name, st.st_size, "w");
-	if (dout == NULL)
-		goto done;
-#ifndef NOSTBLKSIZE
-	send_data(fin, dout, st.st_blksize);
-#else
-	send_data(fin, dout, FTP_BUFSIZ);
-#endif
-	(void) fclose(dout);
-	data = -1;
-	pdata = -1;
-done:
-	(*closefunc)(fin);
-	if (logging > 2 && !cmd)
-	        syslog(LOG_NOTICE, "get: %i bytes transferred", byte_count);
-}
-
-void
-store_file(name, fmode, unique)
-	char *name, *fmode;
-	int unique;
-{
-	FILE *fout, *din;
-	struct stat st;
-	int (*closefunc)();
-
-	if (logging > 1) syslog(LOG_NOTICE, "put %s", path_expand(name));
-
-	if (unique && stat(name, &st) == 0 &&
-	    (name = gunique(name)) == NULL)
-		return;
-
-	if (restart_point)
-		fmode = "r+w";
-	fout = fopen(name, fmode);
-	closefunc = fclose;
-	if (fout == NULL) {
-		perror_reply(553, name);
-		return;
-	}
-	if (restart_point) {
-		if (type == TYPE_A) {
-			register int i, n, c;
-
-			n = restart_point;
-			i = 0;
-			while (i++ < n) {
-				if ((c=getc(fout)) == EOF) {
-					perror_reply(550, name);
-					goto done;
-				}
-				if (c == '\n')
-					i++;
-			}
-			/*
-			 * We must do this seek to "current" position
-			 * because we are changing from reading to
-			 * writing.
-			 */
-			if (fseek(fout, 0L, L_INCR) < 0) {
-				perror_reply(550, name);
-				goto done;
-			}
-		} else if (lseek(fileno(fout), restart_point, L_SET) < 0) {
-			perror_reply(550, name);
-			goto done;
-		}
-	}
-	din = dataconn(name, (off_t)-1, "r");
-	if (din == NULL)
-		goto done;
-	if (receive_data(din, fout) == 0) {
-		if (unique)
-			reply(226, "Transfer complete (unique file name:%s).",
-			    name);
-		else
-			reply(226, "Transfer complete.");
-	}
-	(void) fclose(din);
-	data = -1;
-	pdata = -1;
-done:
-	(*closefunc)(fout);
-	if (logging > 2)
-	        syslog(LOG_NOTICE, "put: %i bytes transferred", byte_count);
-}
-
-FILE *
-getdatasock(fmode)
-	char *fmode;
-{
-	int s, on = 1, tries;
-
-	if (data >= 0)
-		return (fdopen(data, fmode));
-	(void) krb5_seteuid((uid_t)0);
-	s = socket(AF_INET, SOCK_STREAM, 0);
-	if (s < 0)
-		goto bad;
-	if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-	    (char *) &on, sizeof (on)) < 0)
-		goto bad;
-	/* anchor socket to avoid multi-homing problems */
-	data_source.sin_family = AF_INET;
-	data_source.sin_addr = ctrl_addr.sin_addr;
-	for (tries = 1; ; tries++) {
-		if (bind(s, (struct sockaddr *)&data_source,
-		    sizeof (data_source)) >= 0)
-			break;
-		if (errno != EADDRINUSE || tries > 10)
-			goto bad;
-		sleep(tries);
-	}
-	if (krb5_seteuid((uid_t)pw->pw_uid)) {
-		fatal("seteuid user");
-	}
-#ifdef IP_TOS
-#ifdef IPTOS_THROUGHPUT
-	on = IPTOS_THROUGHPUT;
-	if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0)
-		syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-#endif
-#endif
-	return (fdopen(s, fmode));
-bad:
-	if (krb5_seteuid((uid_t)pw->pw_uid)) {
-		fatal("seteuid user");
-	}
-	(void) close(s);
-	return (NULL);
-}
-
-FILE *
-dataconn(name, size, fmode)
-	char *name;
-	off_t size;
-	char *fmode;
-{
-	char sizebuf[32];
-	FILE *file;
-	int retry = 0, tos;
-
-	file_size = size;
-	byte_count = 0;
-	if (size != (off_t) -1)
-		/* cast size to long in case sizeof(off_t) > sizeof(long) */
-		(void) snprintf (sizebuf, sizeof(sizebuf), " (%ld bytes)",
-				 (long)size);
-	else
-		sizebuf[0] = '\0';
-	if (pdata >= 0) {
-		int s, fromlen = sizeof(data_dest);
-
-		s = accept(pdata, (struct sockaddr *)&data_dest, &fromlen);
-		if (s < 0) {
-			reply(425, "Can't open data connection.");
-			(void) close(pdata);
-			pdata = -1;
-			return(NULL);
-		}
-		(void) close(pdata);
-		pdata = s;
-#ifdef IP_TOS
-#ifdef IPTOS_LOWDELAY
-		tos = IPTOS_LOWDELAY;
-		(void) setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos,
-		    sizeof(int));
-#endif
-#endif
-		reply(150, "Opening %s mode data connection for %s%s.",
-		     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-		return(fdopen(pdata, fmode));
-	}
-	if (data >= 0) {
-		reply(125, "Using existing data connection for %s%s.",
-		    name, sizebuf);
-		usedefault = 1;
-		return (fdopen(data, fmode));
-	}
-	if (usedefault)
-		data_dest = his_addr;
-	usedefault = 1;
-	file = getdatasock(fmode);
-	if (file == NULL) {
-		reply(425, "Can't create data socket (%s,%d): %s.",
-		    inet_ntoa(data_source.sin_addr),
-		    ntohs(data_source.sin_port), strerror(errno));
-		return (NULL);
-	}
-	data = fileno(file);
-	while (connect(data, (struct sockaddr *)&data_dest,
-	    sizeof (data_dest)) < 0) {
-		if (errno == EADDRINUSE && retry < swaitmax) {
-			sleep((unsigned) swaitint);
-			retry += swaitint;
-			continue;
-		}
-		perror_reply(425, "Can't build data connection");
-		(void) fclose(file);
-		data = -1;
-		return (NULL);
-	}
-	reply(150, "Opening %s mode data connection for %s%s.",
-	     type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf);
-	return (file);
-}
-
-/*
- * XXX callers need to limit total length of output string to
- * FTP_BUFSIZ
- */
-void
-secure_error(char *fmt, ...)
-{
-	char buf[FTP_BUFSIZ];
-	va_list ap;
-
-	va_start(ap, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, ap);
-	va_end(ap);
-	reply(535, "%s", buf);
-	syslog(LOG_ERR, "%s", buf);
-}
-
-/*
- * Tranfer the contents of "instr" to
- * "outstr" peer using the appropriate
- * encapsulation of the data subject
- * to Mode, Structure, and Type.
- *
- * NB: Form isn't handled.
- */
-void send_data(instr, outstr, blksize)
-	FILE *instr, *outstr;
-	off_t blksize;
-{
-	register int c, cnt;
-	register char *buf;
-	int netfd, filefd;
-	volatile int ret = 0;
-
-	transflag++;
-	if (sigsetjmp(urgcatch, 1)) {
-		transflag = 0;
-		(void)secure_flush(fileno(outstr));
-		return;
-	}
-	switch (type) {
-
-	case TYPE_A:
-		while ((c = getc(instr)) != EOF) {
-			byte_count++;
-			if (c == '\n') {
-				if (ferror(outstr) ||
-				    (ret = secure_putc('\r', outstr)) < 0)
-					goto data_err;
-			}
-			if ((ret = secure_putc(c, outstr)) < 0)
-				goto data_err;
-		}
-		transflag = 0;
-		if (ferror(instr))
-			goto file_err;
-		if (ferror(outstr) ||
-		    (ret = secure_flush(fileno(outstr))) < 0)
-			goto data_err;
-		reply(226, "Transfer complete.");
-		return;
-
-	case TYPE_I:
-	case TYPE_L:
-		if ((buf = malloc((u_int)blksize)) == NULL) {
-			transflag = 0;
-			perror_reply(451, "Local resource failure: malloc");
-			return;
-		}
-		netfd = fileno(outstr);
-		filefd = fileno(instr);
-		while ((cnt = read(filefd, buf, (u_int)blksize)) > 0 &&
-		    (ret = secure_write(netfd, buf, cnt)) == cnt)
-			byte_count += cnt;
-		transflag = 0;
-		(void)free(buf);
-		if (cnt != 0) {
-			if (cnt < 0)
-				goto file_err;
-			goto data_err;
-		}
-		if ((ret = secure_flush(netfd)) < 0)
-			goto data_err;
-		reply(226, "Transfer complete.");
-		return;
-	default:
-		transflag = 0;
-		reply(550, "Unimplemented TYPE %d in send_data", type);
-		return;
-	}
-
-data_err:
-	transflag = 0;
-	if (ret != -2) perror_reply(426, "Data connection");
-	return;
-
-file_err:
-	transflag = 0;
-	perror_reply(551, "Error on input file");
-}
-
-/*
- * Transfer data from peer to
- * "outstr" using the appropriate
- * encapulation of the data subject
- * to Mode, Structure, and Type.
- *
- * N.B.: Form isn't handled.
- */
-static int
-receive_data(instr, outstr)
-	FILE *instr, *outstr;
-{
-	register int c;
-	volatile int cnt, bare_lfs = 0;
-	char buf[FTP_BUFSIZ];
-	int ret = 0;
-
-	transflag++;
-	if (sigsetjmp(urgcatch, 1)) {
-		transflag = 0;
-		return (-1);
-	}
-	switch (type) {
-
-	case TYPE_I:
-	case TYPE_L:
-		while ((cnt = secure_read(fileno(instr), buf, sizeof buf)) > 0) {
-			if (write(fileno(outstr), buf, cnt) != cnt)
-				goto file_err;
-			byte_count += cnt;
-		}
-		transflag = 0;
-		ret = cnt;
-		if (cnt < 0)
-			goto data_err;
-		return (0);
-
-	case TYPE_E:
-		reply(553, "TYPE E not implemented.");
-		transflag = 0;
-		return (-1);
-
-	case TYPE_A:
-		while ((c = secure_getc(instr)) >= 0) {
-			byte_count++;
-			if (c == '\n')
-				bare_lfs++;
-			while (c == '\r') {
-				if (ferror(outstr))
-					goto data_err;
-				if ((c = secure_getc(instr)) != '\n') {
-					(void) putc ('\r', outstr);
-					if (c == '\0')
-						goto contin2;
-				}
-			}
-			if (c < 0) break;
-			(void) putc(c, outstr);
-	contin2:	;
-		}
-		fflush(outstr);
-		ret = c;
-		if (c == -2 || ferror(instr))
-			goto data_err;
-		if (ferror(outstr))
-			goto file_err;
-		transflag = 0;
-		if (bare_lfs) {
-			lreply(226, "WARNING! %d bare linefeeds received in ASCII mode", bare_lfs);
-			reply(0, "   File may not have transferred correctly.");
-		}
-		return (0);
-	default:
-		reply(550, "Unimplemented TYPE %d in receive_data", type);
-		transflag = 0;
-		return (-1);
-	}
-
-data_err:
-	transflag = 0;
-	if (ret != -2) perror_reply(426, "Data Connection");
-	return (-1);
-
-file_err:
-	transflag = 0;
-	perror_reply(452, "Error writing file");
-	return (-1);
-}
-
-void
-statfilecmd(filename)
-	char *filename;
-{
-	char line[FTP_BUFSIZ];
-	FILE *fin;
-	int c, n;
-	char str[FTP_BUFSIZ], *p;
-
-	if (strlen(filename) + sizeof("/bin/ls -lgA ")
-	    >= sizeof(line)) {
-		reply(501, "filename too long");
-		return;
-	}
-	(void) snprintf(line, sizeof(line), "/bin/ls -lgA %s", filename);
-	fin = ftpd_popen(line, "r");
-	lreply(211, "status of %s:", filename);
-	p = str;
-	n = 0;
-	while ((c = getc(fin)) != EOF) {
-		if (c == '\n') {
-			if (ferror(stdout)){
-				perror_reply(421, "control connection");
-				(void) ftpd_pclose(fin);
-				dologout(1);
-				/* NOTREACHED */
-			}
-			if (ferror(fin)) {
-				perror_reply(551, filename);
-				(void) ftpd_pclose(fin);
-				return;
-			}
-			*p = '\0';
-			reply(0, "%s", str);
-			p = str;
-			n = 0;
-		} else {
-			*p++ = c;
-			n++;
-			if (n >= sizeof(str)) {
-				reply(551, "output line too long");
-				(void) ftpd_pclose(fin);
-				return;
-			}
-		}
-	}
-	if (p != str) {
-		*p = '\0';
-		reply(0, "%s", str);
-	}
-	(void) ftpd_pclose(fin);
-	reply(211, "End of Status");
-}
-
-void
-statcmd()
-{
-	struct sockaddr_in *sin4;
-	u_char *a, *p;
-	char str[FTP_BUFSIZ];
-
-	lreply(211, "%s FTP server status:", hostname);
-	reply(0, "     %s", version);
-	snprintf(str, sizeof(str), "     Connected to %s (%s)",
-		 remotehost[0] ? remotehost : "", rhost_addra);
-	reply(0, "%s", str);
-	if (auth_type) reply(0, "     Authentication type: %s", auth_type);
-	if (logged_in) {
-		if (guest)
-			reply(0, "     Logged in anonymously");
-		else
-			reply(0, "     Logged in as %s", pw->pw_name);
-	} else if (askpasswd)
-		reply(0, "     Waiting for password");
-	else if (temp_auth_type)
-		reply(0, "     Waiting for authentication data");
-	else
-		reply(0, "     Waiting for user name");
-	reply(0, "     Protection level: %s", levelnames[dlevel]);
-	snprintf(str, sizeof(str), "     TYPE: %s", typenames[type]);
-	if (type == TYPE_A || type == TYPE_E) {
-		snprintf(&str[strlen(str)], sizeof(str) - strlen(str),
-			 ", FORM: %s", formnames[form]);
-	}
-	if (type == TYPE_L)
-		strncat(str, " 8", sizeof (str) - strlen(str) - 1);
-	snprintf(&str[strlen(str)], sizeof(str) - strlen(str),
-		 "; STRUcture: %s; transfer MODE: %s",
-		 strunames[stru], modenames[mode]);
-	reply(0, "%s", str);
-	if (data != -1)
-		strlcpy(str, "     Data connection open", sizeof(str));
-	else if (pdata != -1) {
-		strlcpy(str, "     in Passive mode", sizeof(str));
-		sin4 = &pasv_addr;
-		goto printaddr;
-	} else if (usedefault == 0) {
-		sin4 = &data_dest;
-printaddr:
-		a = (u_char *) &sin4->sin_addr;
-		p = (u_char *) &sin4->sin_port;
-#define UC(b) (((int) b) & 0xff)
-		snprintf(str, sizeof(str), "     PORT (%d,%d,%d,%d,%d,%d)",
-			 UC(a[0]), UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]),
-			 UC(p[1]));
-#undef UC
-	} else
-		strlcpy(str, "     No data connection", sizeof(str));
-	reply(0, "%s", str);
-	reply(211, "End of status");
-}
-
-void
-fatal(s)
-	char *s;
-{
-	reply(451, "Error in server: %s", s);
-	reply(221, "Closing connection due to server error.");
-	dologout(0);
-	/* NOTREACHED */
-}
-
-char cont_char = ' ';
-
-/*
- * XXX callers need to limit total length of output string to
- * FTP_BUFSIZ bytes for now.
- */
-#ifdef STDARG
-void
-reply(int n, char *fmt, ...)
-#else
-/* VARARGS2 */
-void
-reply(n, fmt, p0, p1, p2, p3, p4, p5)
-	int n;
-	char *fmt;
-#endif
-{
-	char buf[FTP_BUFSIZ];
-#ifdef STDARG
-	va_list ap;
-
-	va_start(ap, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, ap);
-	va_end(ap);
-#else
-	snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5);
-#endif
-
-	if (auth_type) {
-		/*
-		 * Deal with expansion in mk_{safe,priv},
-		 * radix_encode, gss_seal, plus slop.
-		 */
-		char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
-		int length = 0, kerror;
-		if (n) snprintf(in, sizeof(in), "%d%c", n, cont_char);
-		else in[0] = '\0';
-		strncat(in, buf, sizeof (in) - strlen(in) - 1);
-#ifdef GSSAPI
-		/* reply (based on level) */
-		if (strcmp(auth_type, "GSSAPI") == 0) {
-			gss_buffer_desc in_buf, out_buf;
-			OM_uint32 maj_stat, min_stat;
-			int conf_state;
-
-			in_buf.value = in;
-			in_buf.length = strlen(in);
-			maj_stat = gss_seal(&min_stat, gcontext,
-					    clevel == PROT_P, /* private */
-					    GSS_C_QOP_DEFAULT,
-					    &in_buf, &conf_state,
-					    &out_buf);
-			if (maj_stat != GSS_S_COMPLETE) {
-#if 0
-/* Don't setup an infinite loop */
-				/* generally need to deal */
-				secure_gss_error(maj_stat, min_stat,
-					       (clevel==PROT_P)?
-						 "gss_seal ENC didn't complete":
-						 "gss_seal MIC didn't complete");
-#endif /* 0 */
-			} else if ((clevel == PROT_P) && !conf_state) {
-#if 0
-/* Don't setup an infinite loop */
-				secure_error("GSSAPI didn't encrypt message");
-#endif /* 0 */
-			} else {
-				memcpy(out, out_buf.value,
-				       length=out_buf.length);
-				gss_release_buffer(&min_stat, &out_buf);
-			}
-		}
-#endif /* GSSAPI */
-		/* Other auth types go here ... */
-		if (length >= sizeof(in) / 4 * 3) {
-			syslog(LOG_ERR, "input to radix_encode too long");
-			fputs(in, stdout);
-		} else if ((kerror = radix_encode(out, in, &length, 0))) {
-			syslog(LOG_ERR, "Couldn't encode reply (%s)",
-					radix_error(kerror));
-			fputs(in,stdout);
-		} else
-			printf("%s%c%s", clevel == PROT_P ? "632" : "631",
-			       n ? cont_char : '-', in);
-	} else {
-		if (n) printf("%d%c", n, cont_char);
-		fputs(buf, stdout);
-	}
-	printf("\r\n");
-	(void)fflush(stdout);
-	if (debug) {
-		if (n) syslog(LOG_DEBUG, "<--- %d%c", n, cont_char);
-		syslog(LOG_DEBUG, "%s", buf);
-	}
-}
-
-/*
- * XXX callers need to limit total length of output string to
- * FTP_BUFSIZ
- */
-#ifdef STDARG
-void
-lreply(int n, char *fmt, ...)
-#else
-/* VARARGS2 */
-void
-lreply(n, fmt, p0, p1, p2, p3, p4, p5)
-	int n;
-	char *fmt;
-#endif
-{
-	char buf[FTP_BUFSIZ];
-#ifdef STDARG
-	va_list ap;
-
-	va_start(ap, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, ap);
-	va_end(ap);
-#else
-	snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5);
-#endif
-	cont_char = '-';
-	reply(n, "%s", buf);
-	cont_char = ' ';
-}
-
-void
-ack(s)
-	char *s;
-{
-	reply(250, "%s command successful.", s);
-}
-
-void
-nack(s)
-	char *s;
-{
-	reply(502, "%s command not implemented.", s);
-}
-
-/* ARGSUSED */
-void
-yyerror(s)
-	char *s;
-{
-	char *cp;
-
-	cp = strchr(cbuf,'\n');
-	if (cp)
-		*cp = '\0';
-	reply(500, "'%.*s': command not understood.",
-	      (int) (FTP_BUFSIZ - sizeof("'': command not understood.")),
-	      cbuf);
-}
-
-void
-delete_file(name)
-	char *name;
-{
-	struct stat st;
-
-	if (logging > 1) syslog(LOG_NOTICE, "del %s", path_expand(name));
-
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-	if ((st.st_mode&S_IFMT) == S_IFDIR) {
-		if (rmdir(name) < 0) {
-			perror_reply(550, name);
-			return;
-		}
-		goto done;
-	}
-	if (unlink(name) < 0) {
-		perror_reply(550, name);
-		return;
-	}
-done:
-	ack("DELE");
-}
-
-void
-cwd(path)
-	char *path;
-{
-	if (chdir(path) < 0)
-		perror_reply(550, path);
-	else
-		ack("CWD");
-}
-
-void
-makedir(name)
-	char *name;
-{
-        if (logging > 1) syslog(LOG_NOTICE, "mkdir %s", path_expand(name));
-
-	if (mkdir(name, 0777) < 0)
-		perror_reply(550, name);
-	else
-		reply(257, "MKD command successful.");
-}
-
-void
-removedir(name)
-	char *name;
-{
-        if (logging > 1) syslog(LOG_NOTICE, "rmdir %s", path_expand(name));
-
-	if (rmdir(name) < 0)
-		perror_reply(550, name);
-	else
-		ack("RMD");
-}
-
-void
-pwd()
-{
-	if (getcwd(pathbuf, sizeof pathbuf) == (char *)NULL)
-#ifdef POSIX
-		perror_reply(550, pathbuf);
-#else
-		reply(550, "%s.", pathbuf);
-#endif
-	else
-		reply(257, "\"%s\" is current directory.", pathbuf);
-}
-
-char *
-renamefrom(name)
-	char *name;
-{
-	struct stat st;
-
-	if (stat(name, &st) < 0) {
-		perror_reply(550, name);
-		return ((char *)0);
-	}
-	reply(350, "File exists, ready for destination name");
-	return (name);
-}
-
-void
-renamecmd(from, to)
-	char *from, *to;
-{
-        if(logging > 1)
-                syslog(LOG_NOTICE, "rename %s %s", path_expand(from), to);
-
-	if (rename(from, to) < 0)
-		perror_reply(550, "rename");
-	else
-		ack("RNTO");
-}
-
-static void
-dolog(sin4)
-	struct sockaddr_in *sin4;
-{
-	struct hostent *hp = gethostbyaddr((char *)&sin4->sin_addr,
-		sizeof (struct in_addr), AF_INET);
-	time_t t, time();
-	extern char *ctime();
-	krb5_error_code retval;
-
-	if (hp != NULL) {
-		(void) strncpy(remotehost, hp->h_name, sizeof (remotehost));
-		remotehost[sizeof (remotehost) - 1] = '\0';
-	} else
-		remotehost[0] = '\0';
-	strncpy(rhost_addra, inet_ntoa(sin4->sin_addr), sizeof (rhost_addra));
-	rhost_addra[sizeof (rhost_addra) - 1] = '\0';
-	retval = pty_make_sane_hostname((struct sockaddr *) sin4, maxhostlen,
-					stripdomain, always_ip, &rhost_sane);
-	if (retval) {
-		fprintf(stderr, "make_sane_hostname: %s\n",
-			error_message(retval));
-		exit(1);
-	}
-#ifdef SETPROCTITLE
-	snprintf(proctitle, sizeof(proctitle), "%s: connected", rhost_sane);
-	setproctitle(proctitle);
-#endif /* SETPROCTITLE */
-
-	if (logging) {
-		t = time((time_t *) 0);
-		syslog(LOG_INFO, "connection from %s (%s) at %s",
-		    rhost_addra, remotehost, ctime(&t));
-	}
-}
-
-/*
- * Record logout in wtmp file
- * and exit with supplied status.
- */
-void
-dologout(status)
-	int status;
-{
-	if (logged_in) {
-		(void) krb5_seteuid((uid_t)0);
-		pty_logwtmp(ttyline, "", "");
-	}
-	if (have_creds) {
-#ifdef GSSAPI
-		krb5_cc_destroy(kcontext, ccache);
-#endif
-	}
-	/* beware of flushing buffers after a SIGPIPE */
-	_exit(status);
-}
-
-void
-myoob(sig)
-    int sig;
-{
-	char *cp, *cs;
-#ifndef strpbrk
-	extern char *strpbrk();
-#endif
-
-	/* only process if transfer occurring */
-	if (!transflag)
-		return;
-	cp = tmpline;
-	if (ftpd_getline(cp, sizeof(tmpline), stdin) == NULL) {
-		reply(221, "You could at least say goodbye.");
-		dologout(0);
-	}
-	upper(cp);
-	if ((cs = strpbrk(cp, "\r\n")))
-		*cs++ = '\0';
-	if (strcmp(cp, "ABOR") == 0) {
-		tmpline[0] = '\0';
-		reply(426, "Transfer aborted. Data connection closed.");
-		reply(226, "Abort successful");
-		siglongjmp(urgcatch, 1);
-	}
-	if (strcmp(cp, "STAT") == 0) {
-		if (file_size != (off_t) -1)
-			reply(213, "Status: %lu of %lu bytes transferred",
-			      (unsigned long) byte_count,
-			      (unsigned long) file_size);
-		else
-			reply(213, "Status: %lu bytes transferred",
-			      (unsigned long) byte_count);
-	}
-}
-
-/*
- * Note: a response of 425 is not mentioned as a possible response to
- * 	the PASV command in RFC959. However, it has been blessed as
- * 	a legitimate response by Jon Postel in a telephone conversation
- *	with Rick Adams on 25 Jan 89.
- */
-void
-passive()
-{
-	int len;
-	register char *p, *a;
-
-	pdata = socket(AF_INET, SOCK_STREAM, 0);
-	if (pdata < 0) {
-		perror_reply(425, "Can't open passive connection");
-		return;
-	}
-	pasv_addr = ctrl_addr;
-	pasv_addr.sin_port = 0;
-	(void) krb5_seteuid((uid_t)0);
-	if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) {
-		(void) krb5_seteuid((uid_t)pw->pw_uid);
-		goto pasv_error;
-	}
-	if (krb5_seteuid((uid_t)pw->pw_uid)) {
-		fatal("seteuid user");
-	}
-	len = sizeof(pasv_addr);
-	if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0)
-		goto pasv_error;
-	if (listen(pdata, 1) < 0)
-		goto pasv_error;
-	a = (char *) &pasv_addr.sin_addr;
-	p = (char *) &pasv_addr.sin_port;
-
-#define UC(b) (((int) b) & 0xff)
-
-	reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]),
-		UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1]));
-	return;
-
-pasv_error:
-	(void) close(pdata);
-	pdata = -1;
-	perror_reply(425, "Can't open passive connection");
-	return;
-}
-
-/*
- * Generate unique name for file with basename "local".
- * The file named "local" is already known to exist.
- * Generates failure reply on error.
- */
-static char *
-gunique(local)
-	char *local;
-{
-	static char new[MAXPATHLEN];
-	struct stat st;
-	char *cp = strrchr(local, '/');
-	int count = 0;
-
-	if (cp)
-		*cp = '\0';
-	if (stat(cp ? local : ".", &st) < 0) {
-		perror_reply(553, cp ? local : ".");
-		return((char *) 0);
-	}
-	if (cp)
-		*cp = '/';
-	(void) strncpy(new, local, sizeof(new) - 1);
-	new[sizeof(new) - 1] = '\0';
-	cp = new + strlen(new);
-	*cp++ = '.';
-	for (count = 1; count < 100; count++) {
-		(void) snprintf(cp, sizeof(new) - (cp - new), "%d", count);
-		if (stat(new, &st) < 0)
-			return(new);
-	}
-	reply(452, "Unique file name cannot be created.");
-	return((char *) 0);
-}
-
-/*
- * Format and send reply containing system error number.
- */
-void
-perror_reply(code, string)
-	int code;
-	char *string;
-{
-	char *err_string;
-	size_t extra_len;
-
-	err_string = strerror(errno);
-	if (err_string == NULL)
-		err_string = "(unknown error)";
-	extra_len = strlen(err_string) + sizeof("(truncated): .");
-
-	/*
-	 * XXX knows about FTP_BUFSIZ in reply()
-	 */
-	if (strlen(string) + extra_len > FTP_BUFSIZ) {
-		reply(code, "(truncated)%.*s: %s.",
-		      (int) (FTP_BUFSIZ - extra_len), string, err_string);
-	} else {
-		reply(code, "%s: %s.", string, err_string);
-	}
-}
-
-void
-auth(atype)
-char *atype;
-{
-	if (auth_type)
-		reply(534, "Authentication type already set to %s", auth_type);
-	else
-#ifdef GSSAPI
-	if (strcmp(atype, "GSSAPI") == 0)
-		reply(334, "Using authentication type %s; ADAT must follow",
-				temp_auth_type = atype);
-	else
-#endif /* GSSAPI */
-	/* Other auth types go here ... */
-		reply(504, "Unknown authentication type: %s", atype);
-}
-
-int
-auth_data(adata)
-char *adata;
-{
-	int kerror, length;
-
-	if (auth_type) {
-		reply(503, "Authentication already established");
-		return(0);
-	}
-	if (!temp_auth_type) {
-		reply(503, "Must identify AUTH type before ADAT");
-		return(0);
-	}
-#ifdef GSSAPI
-	if (strcmp(temp_auth_type, "GSSAPI") == 0) {
-		int replied = 0;
-		int found = 0;
-		gss_cred_id_t server_creds, deleg_creds;
-		gss_name_t client;
-		OM_uint32 ret_flags;
-		int rad_len;
-		gss_buffer_desc name_buf;
-		gss_name_t server_name;
-		OM_uint32 acquire_maj, acquire_min, accept_maj, accept_min,
-				stat_maj, stat_min;
-		gss_OID mechid;
-		gss_buffer_desc tok, out_tok;
-		char gbuf[FTP_BUFSIZ];
-		u_char gout_buf[FTP_BUFSIZ];
-		char localname[MAXHOSTNAMELEN];
-		char service_name[MAXHOSTNAMELEN+10];
-		char **gservice;
-		struct hostent *hp;
-		stat_maj = 0;
-		accept_maj = 0;
-		acquire_maj = 0;
-
-		kerror = radix_encode(adata, gout_buf, &length, 1);
-		if (kerror) {
-			reply(501, "Couldn't decode ADAT (%s)",
-			      radix_error(kerror));
-			syslog(LOG_ERR, "Couldn't decode ADAT (%s)",
-			       radix_error(kerror));
-			return(0);
-		}
-		tok.value = gout_buf;
-		tok.length = length;
-
-		if (gethostname(localname, MAXHOSTNAMELEN)) {
-			reply(501, "couldn't get local hostname (%d)\n", errno);
-			syslog(LOG_ERR, "Couldn't get local hostname (%d)", errno);
-			return 0;
-		}
-		if (!(hp = gethostbyname(localname))) {
-			reply(501, "couldn't canonicalize local hostname\n");
-			syslog(LOG_ERR, "Couldn't canonicalize local hostname");
-			return 0;
-		}
-		strncpy(localname, hp->h_name, sizeof(localname) - 1);
-		localname[sizeof(localname) - 1] = '\0';
-
-		for (gservice = gss_services; *gservice; gservice++) {
-			snprintf(service_name, sizeof(service_name),
-				 "%s@%s", *gservice, localname);
-			name_buf.value = service_name;
-			name_buf.length = strlen(name_buf.value) + 1;
-			if (debug)
-				syslog(LOG_INFO, "importing <%s>", service_name);
-			stat_maj = gss_import_name(&stat_min, &name_buf,
-						   gss_nt_service_name,
-						   &server_name);
-			if (stat_maj != GSS_S_COMPLETE) {
-				reply_gss_error(501, stat_maj, stat_min,
-						"importing name");
-				syslog(LOG_ERR, "gssapi error importing name");
-				return 0;
-			}
-
-			acquire_maj = gss_acquire_cred(&acquire_min, server_name, 0,
-						       GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
-						       &server_creds, NULL, NULL);
-			(void) gss_release_name(&stat_min, &server_name);
-
-			if (acquire_maj != GSS_S_COMPLETE)
-				continue;
-
-			found++;
-
-			gcontext = GSS_C_NO_CONTEXT;
-
-			accept_maj = gss_accept_sec_context(&accept_min,
-							    &gcontext, /* context_handle */
-							    server_creds, /* verifier_cred_handle */
-							    &tok, /* input_token */
-							    GSS_C_NO_CHANNEL_BINDINGS, /* channel bindings */
-							    &client, /* src_name */
-							    &mechid, /* mech_type */
-							    &out_tok, /* output_token */
-							    &ret_flags,
-							    NULL, 	/* ignore time_rec */
-							    &deleg_creds  /* forwarded credentials */
-							    );
-			if (accept_maj==GSS_S_COMPLETE||accept_maj==GSS_S_CONTINUE_NEEDED)
-				break;
-		}
-
-		if (found) {
-			if (accept_maj!=GSS_S_COMPLETE && accept_maj!=GSS_S_CONTINUE_NEEDED) {
-				reply_gss_error(535, accept_maj, accept_min,
-						"accepting context");
-				syslog(LOG_ERR, "failed accepting context");
-				(void) gss_release_cred(&stat_min, &server_creds);
-				if (ret_flags & GSS_C_DELEG_FLAG)
-					(void) gss_release_cred(&stat_min,
-								&deleg_creds);
-				return 0;
-			}
-		} else {
-			/* Kludge to make sure the right error gets reported, so we don't *
-			 * get those nasty "error: no error" messages.			  */
-			if(stat_maj != GSS_S_COMPLETE)
-			        reply_gss_error(501, stat_maj, stat_min,
-						"acquiring credentials");
-			else
-			        reply_gss_error(501, acquire_maj, acquire_min,
-						"acquiring credentials");
-			syslog(LOG_ERR, "gssapi error acquiring credentials");
-			return 0;
-		}
-
-		if (out_tok.length) {
-			if (out_tok.length >= ((FTP_BUFSIZ - sizeof("ADAT="))
-					       / 4 * 3)) {
-				secure_error("ADAT: reply too long");
-				syslog(LOG_ERR, "ADAT: reply too long");
-				(void) gss_release_cred(&stat_min, &server_creds);
-				if (ret_flags & GSS_C_DELEG_FLAG)
-					(void) gss_release_cred(&stat_min,
-								&deleg_creds);
-				return(0);
-			}
-
-			rad_len = out_tok.length;
-			kerror = radix_encode(out_tok.value, gbuf,
-					      &rad_len, 0);
-			out_tok.length = rad_len;
-			if (kerror) {
-				secure_error("Couldn't encode ADAT reply (%s)",
-					     radix_error(kerror));
-				syslog(LOG_ERR, "couldn't encode ADAT reply");
-				(void) gss_release_cred(&stat_min, &server_creds);
-				if (ret_flags & GSS_C_DELEG_FLAG)
-					(void) gss_release_cred(&stat_min,
-								&deleg_creds);
-				return(0);
-			}
-			if (accept_maj == GSS_S_COMPLETE) {
-				reply(235, "ADAT=%s", gbuf);
-			} else {
-				/* If the server accepts the security data, and
-				   requires additional data, it should respond
-				   with reply code 335. */
-				reply(335, "ADAT=%s", gbuf);
-			}
-			replied = 1;
-			(void) gss_release_buffer(&stat_min, &out_tok);
-		}
-		if (accept_maj == GSS_S_COMPLETE) {
-			/* GSSAPI authentication succeeded */
-			stat_maj = gss_display_name(&stat_min, client,
-						    &client_name, &mechid);
-			if (stat_maj != GSS_S_COMPLETE) {
-				/* "If the server rejects the security data (if
-				   a checksum fails, for instance), it should
-				   respond with reply code 535." */
-				reply_gss_error(535, stat_maj, stat_min,
-						"extracting GSSAPI identity name");
-				log_gss_error(LOG_ERR, stat_maj, stat_min,
-					      "gssapi error extracting identity");
-				(void) gss_release_cred(&stat_min, &server_creds);
-				if (ret_flags & GSS_C_DELEG_FLAG)
-					(void) gss_release_cred(&stat_min,
-								&deleg_creds);
-				return 0;
-			}
-			auth_type = temp_auth_type;
-			temp_auth_type = NULL;
-
-			(void) gss_release_cred(&stat_min, &server_creds);
-			if (ret_flags & GSS_C_DELEG_FLAG) {
-			  if (want_creds)
-			    ftpd_gss_convert_creds(client_name.value,
-						   deleg_creds);
-			  (void) gss_release_cred(&stat_min, &deleg_creds);
-			}
-
-			/* If the server accepts the security data, but does
-			   not require any additional data (i.e., the security
-			   data exchange has completed successfully), it must
-			   respond with reply code 235. */
-			if (!replied)
-			  {
-			    if (ret_flags & GSS_C_DELEG_FLAG && !have_creds)
-			      reply(235, "GSSAPI Authentication succeeded, but could not accept forwarded credentials");
-			    else
-			      reply(235, "GSSAPI Authentication succeeded");
-			  }
-
-			return(1);
-		} else if (accept_maj == GSS_S_CONTINUE_NEEDED) {
-			/* If the server accepts the security data, and
-			   requires additional data, it should respond with
-			   reply code 335. */
-			if (!replied)
-			    reply(335, "more data needed");
-			(void) gss_release_cred(&stat_min, &server_creds);
-			if (ret_flags & GSS_C_DELEG_FLAG)
-			  (void) gss_release_cred(&stat_min, &deleg_creds);
-			return(0);
-		} else {
-			/* "If the server rejects the security data (if
-			   a checksum fails, for instance), it should
-			   respond with reply code 535." */
-			reply_gss_error(535, stat_maj, stat_min,
-					"GSSAPI failed processing ADAT");
-			syslog(LOG_ERR, "GSSAPI failed processing ADAT");
-			(void) gss_release_cred(&stat_min, &server_creds);
-			if (ret_flags & GSS_C_DELEG_FLAG)
-			  (void) gss_release_cred(&stat_min, &deleg_creds);
-			return(0);
-		}
-	}
-#endif /* GSSAPI */
-	/* Other auth types go here ... */
-	/* Also need to check authorization, but that is done in user() */
-	return(0);
-}
-
-static char *onefile[] = {
-	"",
-	0
-};
-
-/* returns:
- *	n>=0 on success
- *	-1 on error
- *	-2 on security error
- *
- * XXX callers need to limit total length of output string to
- * FTP_BUFSIZ
- */
-static int
-secure_fprintf(FILE *stream, char *fmt, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 2, 3)))
-#endif
-    ;
-
-static int
-secure_fprintf(FILE *stream, char *fmt, ...)
-{
-        char s[FTP_BUFSIZ];
-        int rval;
-        va_list ap;
-
-        va_start(ap, fmt);
-        if (dlevel == PROT_C) rval = vfprintf(stream, fmt, ap);
-        else {
-		vsnprintf(s, sizeof(s), fmt, ap);
-                rval = secure_write(fileno(stream), s, strlen(s));
-        }
-        va_end(ap);
-
-        return(rval);
-}
-
-void
-send_file_list(whichfiles)
-	char *whichfiles;
-{
-	struct stat st;
-	DIR *dirp = NULL;
-	struct dirent *dir;
-	FILE *volatile dout = NULL;
-	register char **volatile dirlist, *dirname;
-	volatile int simple = 0;
-#ifndef strpbrk
-	char *strpbrk();
-#endif
-	volatile int ret = 0;
-
-	if (strpbrk(whichfiles, "~{[*?") != NULL) {
-		extern char **ftpglob(), *globerr;
-
-		globerr = NULL;
-		dirlist = ftpglob(whichfiles);
-		if (globerr != NULL) {
-			reply(550, globerr);
-			return;
-		} else if (dirlist == NULL) {
-			errno = ENOENT;
-			perror_reply(550, whichfiles);
-			return;
-		}
-	} else {
-		onefile[0] = whichfiles;
-		dirlist = onefile;
-		simple = 1;
-	}
-
-	if (sigsetjmp(urgcatch, 1)) {
-		transflag = 0;
-		(void)secure_flush(fileno(dout));
-		return;
-	}
-	while ((dirname = *dirlist++)) {
-		if (stat(dirname, &st) < 0) {
-			/*
-			 * If user typed "ls -l", etc, and the client
-			 * used NLST, do what the user meant.
-			 */
-			if (dirname[0] == '-' && *dirlist == NULL &&
-			    transflag == 0) {
-				retrieve("/bin/ls %s", dirname);
-				return;
-			}
-			perror_reply(550, whichfiles);
-			if (dout != NULL) {
-				(void) fclose(dout);
-				transflag = 0;
-				data = -1;
-				pdata = -1;
-			}
-			return;
-		}
-
-		if ((st.st_mode&S_IFMT) == S_IFREG) {
-			if (dout == NULL) {
-				dout = dataconn("file list", (off_t)-1, "w");
-				if (dout == NULL)
-					return;
-				transflag++;
-			}
-			if ((ret = secure_fprintf(dout, "%s%s\n", dirname,
-				type == TYPE_A ? "\r" : "")) < 0)
-					goto data_err;
-			byte_count += strlen(dirname) + 1;
-			continue;
-		} else if ((st.st_mode&S_IFMT) != S_IFDIR)
-			continue;
-
-		if ((dirp = opendir(dirname)) == NULL)
-			continue;
-
-		while ((dir = readdir(dirp)) != NULL) {
-			char nbuf[MAXPATHLEN];
-
-			if (dir->d_name[0] == '.' && dir->d_name[1] == '\0')
-				continue;
-			if (dir->d_name[0] == '.' && dir->d_name[1] == '.' &&
-			    dir->d_name[2] == '\0')
-				continue;
-
-			if (strlen(dirname) + strlen(dir->d_name)
-			    + 1 /* slash */
-			    + 2	/* CRLF */
-			    + 1 > sizeof(nbuf)) {
-				syslog(LOG_ERR,
-				       "send_file_list: pathname too long");
-				ret = -2; /* XXX */
-				goto data_err;
-			}
-			snprintf(nbuf, sizeof(nbuf), "%s/%s",
-				 dirname, dir->d_name);
-
-			/*
-			 * We have to do a stat to insure it's
-			 * not a directory or special file.
-			 */
-			if (simple || (stat(nbuf, &st) == 0 &&
-			    (st.st_mode&S_IFMT) == S_IFREG)) {
-				if (dout == NULL) {
-					dout = dataconn("file list", (off_t)-1,
-						"w");
-					if (dout == NULL)
-						return;
-					transflag++;
-				}
-				if (nbuf[0] == '.' && nbuf[1] == '/')
-				{
-					if ((ret = secure_fprintf(dout, "%s%s\n", &nbuf[2],
-						type == TYPE_A ? "\r" : "")) < 0)
-							goto data_err;
-				}
-				else
-					if ((ret = secure_fprintf(dout, "%s%s\n", nbuf,
-						type == TYPE_A ? "\r" : "")) < 0)
-							goto data_err;
-				byte_count += strlen(nbuf) + 1;
-			}
-		}
-		(void) closedir(dirp);
-	}
-	if (dout != NULL ) {
-	  ret = secure_write(fileno(dout), "", 0);
-	  if (ret >= 0)
-	    ret = secure_flush(fileno(dout));
-	}
-data_err:
-	if (dout == NULL)
-		reply(550, "No files found.");
-	else if (ferror(dout) != 0 || ret == EOF)
-		perror_reply(550, "Data connection");
-	else if (ret != -2)
-		reply(226, "Transfer complete.");
-
-	transflag = 0;
-	if (dout != NULL)
-	  (void) fclose(dout);
-	data = -1;
-	pdata = -1;
-}
-
-#ifdef SETPROCTITLE
-/*
- * clobber argv so ps will show what we're doing.
- * (stolen from sendmail)
- * warning, since this is usually started from inetd.conf, it
- * often doesn't have much of an environment or arglist to overwrite.
- */
-
-setproctitle(buf)
-char *buf;
-{
-	register char *p, *bp, ch;
-	register int i;
-
-	/* make ps print our process name */
-	p = Argv[0];
-	*p++ = '-';
-
-	i = strlen(buf);
-	if (i > LastArgv - p - 2) {
-		i = LastArgv - p - 2;
-		buf[i] = '\0';
-	}
-	bp = buf;
-	while (ch = *bp++)
-		if (ch != '\n' && ch != '\r')
-			*p++ = ch;
-	while (p < LastArgv)
-		*p++ = ' ';
-}
-#endif /* SETPROCTITLE */
-
-#ifdef GSSAPI
-/* A more general callback would probably use a void*, but currently I
-   only need an int in both cases.  */
-static void with_gss_error_text(void (*cb)(const char *, int, int),
-				OM_uint32 maj_stat, OM_uint32 min_stat,
-				int misc);
-
-static void
-log_gss_error_1(const char *msg, int severity, int is_major)
-{
-    syslog(severity, "... GSSAPI error %s: %s",
-	   is_major ? "major" : "minor", msg);
-}
-
-static void
-log_gss_error(int severity, OM_uint32 maj_stat, OM_uint32 min_stat,
-	      const char *s)
-{
-    syslog(severity, s);
-    with_gss_error_text(log_gss_error_1, maj_stat, min_stat, severity);
-}
-
-static void
-reply_gss_error_1(const char *msg, int code, int is_major)
-{
-    lreply(code, "GSSAPI error %s: %s",
-	   is_major ? "major" : "minor", msg);
-}
-
-void
-reply_gss_error(int code, OM_uint32 maj_stat, OM_uint32 min_stat, char *s)
-{
-    with_gss_error_text(reply_gss_error_1, maj_stat, min_stat, code);
-    reply(code, "GSSAPI error: %s", s);
-}
-
-static void with_gss_error_text(void (*cb)(const char *, int, int),
-				OM_uint32 maj_stat, OM_uint32 min_stat,
-				int misc)
-{
-	/* a lot of work just to report the error */
-	OM_uint32 gmaj_stat, gmin_stat;
-	gss_buffer_desc msg;
-	OM_uint32 msg_ctx;
-	msg_ctx = 0;
-	while (!msg_ctx) {
-		gmaj_stat = gss_display_status(&gmin_stat, maj_stat,
-					       GSS_C_GSS_CODE,
-					       GSS_C_NULL_OID,
-					       &msg_ctx, &msg);
-		if ((gmaj_stat == GSS_S_COMPLETE)||
-		    (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
-			(*cb)((char*)msg.value, misc, 1);
-			(void) gss_release_buffer(&gmin_stat, &msg);
-		}
-		if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
-			break;
-	}
-	msg_ctx = 0;
-	while (!msg_ctx) {
-		gmaj_stat = gss_display_status(&gmin_stat, min_stat,
-					       GSS_C_MECH_CODE,
-					       GSS_C_NULL_OID,
-					       &msg_ctx, &msg);
-		if ((gmaj_stat == GSS_S_COMPLETE)||
-		    (gmaj_stat == GSS_S_CONTINUE_NEEDED)) {
-			(*cb)((char*)msg.value, misc, 0);
-			(void) gss_release_buffer(&gmin_stat, &msg);
-		}
-		if (gmaj_stat != GSS_S_CONTINUE_NEEDED)
-			break;
-	}
-}
-
-void
-secure_gss_error(maj_stat, min_stat, s)
-OM_uint32 maj_stat, min_stat;
-char *s;
-{
-  reply_gss_error(535, maj_stat, min_stat, s);
-  return;
-}
-
-
-/* ftpd_gss_userok -- hide details of getting the name and verifying it */
-/* returns 0 for OK */
-static int
-ftpd_gss_userok(gclient_name, name)
-	gss_buffer_t gclient_name;
-	char *name;
-{
-	int retval = -1;
-	krb5_principal p;
-
-	if (krb5_parse_name(kcontext, gclient_name->value, &p) != 0)
-		return -1;
-	if (krb5_kuserok(kcontext, p, name))
-		retval = 0;
-	else
-		retval = 1;
-	krb5_free_principal(kcontext, p);
-	return retval;
-}
-
-/* ftpd_gss_convert_creds -- write out forwarded creds */
-/* (code lifted from login.krb5) */
-static void
-ftpd_gss_convert_creds(name, creds)
-	char *name;
-	gss_cred_id_t creds;
-{
-	OM_uint32 major_status, minor_status;
-	krb5_principal me;
-	char ccname[MAXPATHLEN];
-
-	/* Set up ccache */
-	if (krb5_parse_name(kcontext, name, &me))
-		return;
-
-	snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld",
-		 (long) getpid());
-	if (krb5_cc_resolve(kcontext, ccname, &ccache))
-		return;
-	if (krb5_cc_initialize(kcontext, ccache, me))
-		return;
-
-	/* Copy GSS creds into ccache */
-	major_status = gss_krb5_copy_ccache(&minor_status, creds, ccache);
-	if (major_status != GSS_S_COMPLETE)
-		goto cleanup;
-
-	have_creds = 1;
-	return;
-
-cleanup:
-	krb5_cc_destroy(kcontext, ccache);
-}
-
-
-#endif /* GSSAPI */
diff --git a/src/appl/gssftp/ftpd/ftpd_var.h b/src/appl/gssftp/ftpd/ftpd_var.h
deleted file mode 100644
index ea0ebe3..0000000
--- a/src/appl/gssftp/ftpd/ftpd_var.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * appl/gssftp/ftpd/ftp_var.h
- *
- * Copyright 2001 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- *
- * Prototypes for various functions in the ftpd sources.
- */
-
-#ifndef FTPD_VAR_H__
-#define FTPD_VAR_H__
-
-/* Prototypes */
-
-#ifdef GSSAPI
-#include <gssapi/gssapi.h>
-#include <gssapi/gssapi_generic.h>
-#endif
-
-/* radix.c */
-char *radix_error (int);
-int radix_encode (unsigned char *, unsigned char *, int *, int);
-
-/* ftpd.c */
-void ack(char *);
-int auth_data(char *);
-void auth(char *);
-void cwd(char *);
-void delete_file(char *);
-void dologout(int);
-void fatal(char *);
-void makedir(char *);
-void nack(char *);
-void pass(char *);
-void passive(void);
-void perror_reply(int, char *);
-void pwd(void);
-void removedir(char *);
-void renamecmd(char *, char *);
-char *renamefrom(char *);
-void retrieve(char *, char *);
-void send_file_list(char *);
-void setdlevel(int);
-void statcmd(void);
-void statfilecmd(char *);
-void store_file(char *, char *, int);
-void user(char *);
-void yyerror(char *);
-
-#ifdef GSSAPI
-void
-reply_gss_error(int, OM_uint32, OM_uint32, char *);
-#endif
-
-
-#if defined(STDARG) || (defined(__STDC__) && ! defined(VARARGS)) || defined(HAVE_STDARG_H)
-extern void reply(int, char *, ...)
-#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
-     __attribute__ ((__format__ (__printf__, 2, 3)))
-#endif
-     ;
-extern void lreply(int, char *, ...)
-#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
-     __attribute__ ((__format__ (__printf__, 2, 3)))
-#endif
-     ;
-#endif
-
-
-/* ftpcmd.y */
-void upper(char *);
-char *ftpd_getline(char *, int, FILE *);
-#endif /* FTPD_VAR_H__ */
-
-/* popen.c */
-FILE * ftpd_popen(char *, char *);
-int ftpd_pclose(FILE *);
diff --git a/src/appl/gssftp/ftpd/logwtmp.c b/src/appl/gssftp/ftpd/logwtmp.c
deleted file mode 100644
index 06b97b9..0000000
--- a/src/appl/gssftp/ftpd/logwtmp.c
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 1988 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)logwtmp.c	5.7 (Berkeley) 2/25/91";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <utmp.h>
-#include <unistd.h>
-#include <string.h>
-
-#ifdef HAVE_PATHS_H
-#include <paths.h>
-#endif
-
-#ifdef WTMP_FILE
-#define WTMPFILE WTMP_FILE
-#else
-#ifdef _PATH_WTMP
-#define WTMPFILE _PATH_WTMP
-#endif 	/* _PATH_WTMP  */
-#endif	/* WTMP_FILE */
-
-#ifndef WTMPFILE
-#define	WTMPFILE	"/usr/adm/wtmp"
-#endif
-
-static int fd = -1;
-
-/*
- * Modified version of logwtmp that holds wtmp file open
- * after first call, for use with ftp (which may chroot
- * after login, but before logout).
- */
-void ftp_logwtmp(line, name, host)
-	char *line, *name, *host;
-{
-	struct utmp ut;
-	struct stat buf;
-	time_t time();
-
-	if (fd < 0 && (fd = open(WTMPFILE, O_WRONLY|O_APPEND, 0)) < 0)
-		return;
-	if (fstat(fd, &buf) == 0) {
-		(void)strncpy(ut.ut_line, line, sizeof(ut.ut_line));
-		(void)strncpy(ut.ut_name, name, sizeof(ut.ut_name));
-#ifndef NO_UT_HOST
-		(void)strncpy(ut.ut_host, host, sizeof(ut.ut_host));
-#endif
-		(void)time(&ut.ut_time);
-		if (write(fd, (char *)&ut, sizeof(struct utmp)) !=
-		    sizeof(struct utmp))
-			(void)ftruncate(fd, buf.st_size);
-	}
-}
diff --git a/src/appl/gssftp/ftpd/pathnames.h b/src/appl/gssftp/ftpd/pathnames.h
deleted file mode 100644
index 41398bc..0000000
--- a/src/appl/gssftp/ftpd/pathnames.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (c) 1989 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	5.2 (Berkeley) 6/1/90
- */
-
-#define	_PATH_FTPUSERS_DEFAULT	"/etc/ftpusers"
diff --git a/src/appl/gssftp/ftpd/popen.c b/src/appl/gssftp/ftpd/popen.c
deleted file mode 100644
index f7995f7..0000000
--- a/src/appl/gssftp/ftpd/popen.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/*
- * Copyright (c) 1988 The Regents of the University of California.
- * All rights reserved.
- *
- * This code is derived from software written by Ken Arnold and
- * published in UNIX Review, Vol. 6, No. 8.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)popen.c	5.9 (Berkeley) 2/25/91";
-#endif /* not lint */
-
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <signal.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "ftpd_var.h"
-
-/*
- * Special version of popen which avoids call to shell.  This insures noone
- * may create a pipe to a hidden program as a side effect of a list or dir
- * command.
- */
-static int *pids;
-static int fds;
-
-#define MAX_ARGV	100
-#define MAX_GARGV	1000
-
-FILE *
-ftpd_popen(program, type)
-	char *program, *type;
-{
-	register char *cp;
-	FILE *volatile iop;
-	int argc, gargc, pdes[2], pid;
-	char **pop, *argv[MAX_ARGV], *gargv[MAX_GARGV], *vv[2];
-	extern char **ftpglob(), **copyblk();
-	extern void blkfree(char **);
-
-	if ((*type != 'r' && *type != 'w') || type[1])
-		return(NULL);
-
-	if (!pids) {
-		if ((fds = getdtablesize()) <= 0)
-			return(NULL);
-		if ((pids = (int *)malloc((u_int)(fds * sizeof(int)))) == NULL)
-			return(NULL);
-		memset(pids, 0, fds * sizeof(int));
-	}
-	if (pipe(pdes) < 0)
-		return(NULL);
-
-	/* break up string into pieces */
-	for (argc = 0, cp = program; argc < MAX_ARGV - 1; cp = NULL)
-		if (!(argv[argc++] = strtok(cp, " \t\n")))
-			break;
-	argv[MAX_ARGV-1] = NULL;
-	for (argc = 0; argv[argc]; argc++)
-		argv[argc] = strdup(argv[argc]);
-
-	/* glob each piece */
-	gargv[0] = argv[0];
-	for (gargc = argc = 1; argv[argc]; argc++) {
-		if (!(pop = ftpglob(argv[argc]))) {	/* globbing failed */
-			vv[0] = argv[argc];
-			vv[1] = NULL;
-			pop = copyblk(vv);
-		}
-		argv[argc] = (char *)pop;		/* save to free later */
-		while (*pop && gargc < MAX_GARGV)
-			gargv[gargc++] = *pop++;
-	}
-	gargv[gargc] = NULL;
-
-	iop = NULL;
-	switch(pid = fork()) {
-	case -1:			/* error */
-		(void)close(pdes[0]);
-		(void)close(pdes[1]);
-		goto pfree;
-		/* NOTREACHED */
-	case 0:				/* child */
-		if (*type == 'r') {
-			if (pdes[1] != 1) {
-				dup2(pdes[1], 1);
-				dup2(pdes[1], 2);	/* stderr, too! */
-				(void)close(pdes[1]);
-			}
-			(void)close(pdes[0]);
-		} else {
-			if (pdes[0] != 0) {
-				dup2(pdes[0], 0);
-				(void)close(pdes[0]);
-			}
-			(void)close(pdes[1]);
-		}
-		execv(gargv[0], gargv);
-		_exit(1);
-	}
-	/* parent; assume fdopen can't fail...  */
-	if (*type == 'r') {
-		iop = fdopen(pdes[0], type);
-		(void)close(pdes[1]);
-	} else {
-		iop = fdopen(pdes[1], type);
-		(void)close(pdes[0]);
-	}
-	pids[fileno(iop)] = pid;
-
-pfree:	for (argc = 1; argv[argc] != NULL; argc++) {
-		blkfree((char **)argv[argc]);
-		free(argv[argc]);
-	}
-	return(iop);
-}
-
-int
-ftpd_pclose(iop)
-	FILE *iop;
-{
-	register int fdes;
-#ifdef USE_SIGPROCMASK
-	sigset_t old, new;
-#else
-	int omask;
-#endif
-#ifdef WAIT_USES_INT
-	int stat_loc;
-#else
-	union wait stat_loc;
-#endif
-	int pid;
-
-	/*
-	 * pclose returns -1 if stream is not associated with a
-	 * `popened' command, or, if already `pclosed'.
-	 */
-	if (pids == 0 || pids[fdes = fileno(iop)] == 0)
-		return(-1);
-	(void)fclose(iop);
-#ifdef USE_SIGPROCMASK
-	sigemptyset(&old);
-	sigemptyset(&new);
-	sigaddset(&new,SIGINT);
-	sigaddset(&new,SIGQUIT);
-	sigaddset(&new,SIGHUP);
-	sigprocmask(SIG_BLOCK, &new, &old);
-	while ((pid = wait((int *)&stat_loc)) != pids[fdes] && pid != -1);
-	sigprocmask(SIG_SETMASK, &old, NULL);
-#else
-	omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGHUP));
-	while ((pid = wait((int *)&stat_loc)) != pids[fdes] && pid != -1);
-	sigsetmask(omask);
-#endif
-	pids[fdes] = 0;
-#ifdef WAIT_USES_INT
-	return(pid == -1 ? -1 : stat_loc);
-#else
-	return(pid == -1 ? -1 : stat_loc.w_status);
-#endif
-}
diff --git a/src/appl/gssftp/ftpd/secure.h b/src/appl/gssftp/ftpd/secure.h
deleted file mode 100644
index 21b7ff8..0000000
--- a/src/appl/gssftp/ftpd/secure.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#include <stdio.h>
-
-#define CRED_DECL	extern AUTH_DAT kdata;
-#define SESSION		&kdata.session
-#define myaddr		data_source
-#define hisaddr		data_dest
-
-int secure_flush (int);
-int secure_putc (int, FILE *);
-int secure_getc (FILE *);
-int secure_write (int, unsigned char *, unsigned int);
-int secure_read (int, char *, unsigned int);
-void secure_gss_error (OM_uint32 maj_stat, OM_uint32 min_stat, char *s);
-
-void secure_error(char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
diff --git a/src/appl/gssftp/ftpd/vers.c b/src/appl/gssftp/ftpd/vers.c
deleted file mode 100644
index 76846bd..0000000
--- a/src/appl/gssftp/ftpd/vers.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*-
- * Copyright (c) 1990 The Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char sccsid[] = "@(#)vers.c	5.1 (Berkeley) 6/24/90";
-#endif /* not lint */
-
-char version[] = "Version 5.60";
diff --git a/src/appl/libpty/Makefile.in b/src/appl/libpty/Makefile.in
deleted file mode 100644
index 080d82e..0000000
--- a/src/appl/libpty/Makefile.in
+++ /dev/null
@@ -1,112 +0,0 @@
-thisconfigdir=.
-myfulldir=appl/libpty
-mydir=.
-BUILDTOP=$(REL)..$(S)..
-RELDIR=../appl/libpty
-
-SED = sed
-
-KRB5_RUN_ENV= @KRB5_RUN_ENV@
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-LIBBASE=pty
-LIBMAJOR=1
-LIBMINOR=2
-
-STLIBOBJS= cleanup.o getpty.o init_slave.o open_ctty.o open_slave.o \
-	update_utmp.o update_wtmp.o vhangup.o void_assoc.o pty_err.o \
-	logwtmp.o init.o sane_hostname.o
-
-STOBJLISTS=OBJS.ST
-
-INSTALLFILE = cp
-
-# for pty-int.h
-LOCALINCLUDES=-I. -I$(srcdir)
-
-FILES= Makefile cleanup.c getpty.c init_slave.c open_ctty.c open_slave.c update_utmp.c update_wtmp.c vhangup.c void_assoc.c pty_err.h pty_err.c\
-logwtmp.c init.c
-
-CFILES=$(srcdir)/cleanup.c $(srcdir)/getpty.c $(srcdir)/init_slave.c \
-	$(srcdir)/open_ctty.c $(srcdir)/open_slave.c \
-	$(srcdir)/update_utmp.c $(srcdir)/update_wtmp.c $(srcdir)/vhangup.c \
-	$(srcdir)/void_assoc.c $(srcdir)/logwtmp.c \
-	$(srcdir)/init.c $(srcdir)/sane_hostname.c
-
-
-SRCS=pty_err.c $(CFILES)
-SHLIB_EXPDEPS = \
-	$(COM_ERR_DEPLIB)
-SHLIB_EXPLIBS= -lcom_err 
-SHLIB_DIRS=-L$(TOPLIBD)
-SHLIB_RDIRS=$(KRB5_LIBDIR)
-
-DEPLIBS=
-
-#
-all-unix:: includes pty_err.h
-
-all-unix:: all-liblinks
-
-dump-utmp: dump-utmp.o
-	$(CC) $(LDFLAGS) -o dump-utmp dump-utmp.o
-dump-utmp.o: dump-utmp.c
-
-pty_paranoia: pty_paranoia.o $(COM_ERR_DEPLIB) $(PTY_DEPLIB)
-	$(CC_LINK) -o pty_paranoia pty_paranoia.o $(PTY_LIB) $(COM_ERR_LIB) $(LIBS)
-
-check-paranoia: pty_paranoia
-	$(KRB5_RUN_ENV) $(VALGRIND) ./pty_paranoia
-
-install-unix:: install-libs
-
-clean-unix::
-	$(RM) libpty.a $(BUILDTOP)/include/libpty.h pty_err.c pty_err.h
-clean-unix:: clean-liblinks clean-libs clean-libobjs
-
-depend:: includes pty_err.h
-
-#install:: libpty.h
-#	$(INSTALL_DATA) $(srcdir)/libpty.h  $(DESTDIR)$(KRB5_INCDIR)/libpty.h
-
-includes:: libpty.h
-	if cmp $(srcdir)/libpty.h \
-	$(BUILDTOP)/include/libpty.h >/dev/null 2>&1; then :; \
-	else \
-		(set -x; $(RM) $(BUILDTOP)/include/libpty.h; \
-		 $(CP) $(srcdir)/libpty.h \
-			$(BUILDTOP)/include/libpty.h) ; \
-	fi
-
-includes:: $(BUILDTOP)/include/autoconf.h
-
-clean-unix::
-	$(RM) $(BUILDTOP)/include/libpty.h
-
-
-
-clean-unix:: clean-liblinks clean-libs clean-libobjs clean-files
-
-clean-files::
-	rm -f *~ \#* *.bak \
-		*.otl *.aux *.toc *.PS *.dvi *.x9700 *.ps \
-		*.cp *.fn *.ky *.log *.pg *.tp *.vr \
-		*.o profiled/?*.o libcom_err.a libcom_err_p.a \
-		com_err.o compile_et \
-		et.ar TAGS y.tab.c lex.yy.c error_table.c \
-		et_lex.lex.c \
-		test1.h test1.c test2.h test2.c test_et \
-		eddep makedep *.ln
-
-pty_err.o: pty_err.c
-pty_err.h: pty_err.et
-pty_err.c: pty_err.et
-
-$(BUILDTOP)/include/autoconf.h: $(SRCTOP)/include/autoconf.h.in
-	(cd $(BUILDTOP)/include; $(MAKE) autoconf.h)
-
-@libpriv_frag@
-@lib_frag@
-@libobj_frag@
-
diff --git a/src/appl/libpty/README b/src/appl/libpty/README
deleted file mode 100644
index f10dd2b..0000000
--- a/src/appl/libpty/README
+++ /dev/null
@@ -1,108 +0,0 @@
-	This file is to serve as documentation and usage notes on
-libpty until
-more formal docs are written.  By that point, it will probably
-describe how pty can be broken out of the Kerberos distribution.
-
-void pty_init(void);
-
-	 Initialize error tables.
-
-
-long pty_getpty ( int *fd, char *slave, int slavelength);
-	Find and initialize a clean master pty.  This should open the
-pty as fd, and return the name of the slave.  It should return 0 or an
-error code.  The slavelength parameter should include the maximum
-length allocated for a slave name.  The slave may not be initialized, although any
-
-operating-system specific initialization (for example, unlockpt and
-grantpt) may be performed.
-
-long pty_open_slave (/*in */ char * slave, /* out*/ int *fd)
-
-	Initialize the slave side by dissociating the current terminal
-and by setting process groups, etc.  In addition, it will initialize
-the terminal flags (termios or old BSD) appropriately; the application
-may have to do additional customization, but this should sanitize
-things.  In addition, the pty will be opened securely, and will become
-the controlling terminal.  This procedure will fail unless the process
-is running as root.  Ideally, pty_open_slave will be called in a child
-process of the process that called pty_getpty.  If an operating system
-implements setsid() per the POSIX spec, but does not implement
-TIOCNOTTY, this procedure will not be able to insure that the
-controlling terminal is established if it is called in the parent
-process.  Unfortunately, the parent process must not write to the pty
-until the slave side is opened.  Also, the parent process should not
-open the slave side through other means unless it is prepared to have
-that file descriptor subjected to a vhangup() or revoke() when
-pty_open_slave is called in the child.  So, ideally, the parent calls
-pty_getpty, forks, waits for the slave to call pty_open_slave, then
-continues.  Since this synchronization may be difficult to build in to
-existing programs, pty_open_slave makes an effort to function if
-called in the parent under operating systems where this is possible.
-Currently, I haven't found any operating systems where this isn't
-possible.  Also note that pty_open_slave will succeed only once per process.
-
-long pty_open_ctty(int *fd, char *line)
-
-	Attempt to disassociate the current process from its controlling terminal and open line as a new controlling terminal.  No assumption about line being the slave side of a pty is made.
-
-long pty_initialize_slave (int fd)
-
-	Perform the non-security related initializations on the slave
-side of a pty.  For example, push the appropriate streams, set termios
-structures, etc.  This is included in pty_open_slave.  I am interested
-in any suggestions on how to pass information on the state to which
-the application wants the terminal initialized.  For example, rlogind
-wants a transparent channel, while other programs likely want cooked
-mode.  I can't take a termios structure because I may be on a
-non-termios system.  Currently, I push the streams, do a bit of
-cleanup, but don't really modify the terminal that much. Another
-possible goal for this function would be to do enough initialization
-that the slave side of the pty can be treated simply as a tty instead
-of a pty after this call.
-
-
-long pty_update_utmp ( int process_type, int pid, char *user, char
-*line, char *host, int flags)
-
-	Update the utmp information or return an error.The
-process_type is one of the magic types defined in libpty.h.  The flags
-are logical combinations of one of the following:
-
-    		PTY_TTYSLOT_USABLE: The tty pointed to by the line
-		  parameter is the first tty that would be found by
-		  searching stdin then stdout.  In other words,
-		  ttyslot() would return the right slot in utmp on
-		  systems where ttyslot() is cannonically used.  Note
-		  that for inserting utmp entries for new logins, it
-		  is not always possible to find the right place if
-		  this flag is not given. Thus, for programs like
-		  telnetd that set up utmp entries, it is important to
-		  be able to set this flag on the initial utmp update.
-		  It is expected that this flag may be cleared on
-		  update_utmp calls to remove utmp entries.
-
-		PTY_UTMP_USERNAME_VALID: the username field in the
-		  utmp entry associated with this line contains the
-		  user who (is/was) associated with the line.
-		  Regardless of this flag, the utmp file will contain
-		  the username specified after this call.  However, if
-		  a username is needed by the system for wtmp logout
-		  (Solaris 2.1 for example), then the system can fetch
-		  the user from the utmp record before doing the wtmp
-		  update.  This will only be attempted if the username
-		  is a null pointer.  
-
-long pty_cleanup(char *slave, pid_t pid, int update_wtmp)
-
-	Clean up after the slave application has exited.  Close down
-the pty, HUPing processes associated with it.  (pid is the pid of the
-slave process that may have died, slave is the name of the slave
-terminal.)  PID is allowed to be zero if unknown; this may disable
-some cleanup operations.  This routine may fork on some systems.  As
-such, SIGCHLD may be generated and blocked for some time during the
-routine.  In addition, on systems without waitpid() or wait4(), wait()
-may be called.
-
-
-    
diff --git a/src/appl/libpty/cleanup.c b/src/appl/libpty/cleanup.c
deleted file mode 100644
index 2622d19..0000000
--- a/src/appl/libpty/cleanup.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * pty_cleanup: Kill processes associated with pty.
- *
- * (C)Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-
-long pty_cleanup (char *slave,
-		  /* May be zero for unknown.  */
-		  int pid,
-		  int update_utmp)
-{
-#ifdef VHANG_LAST
-    int retval, fd;
-#endif
-
-    if (update_utmp)
-	pty_update_utmp(PTY_DEAD_PROCESS, pid,  "", slave, (char *)0, PTY_UTMP_USERNAME_VALID);
-
-    (void)chmod(slave, 0666);
-    (void)chown(slave, 0, 0);
-#ifdef HAVE_REVOKE
-    revoke(slave);
-    /*
-     * Revoke isn't guaranteed to send a SIGHUP to the processes it
-     * dissociates from the terminal.  The best solution without a Posix
-     * mechanism for forcing a hangup is to killpg() the process
-     * group of the pty.  This will at least kill the shell and
-     * hopefully, the child processes.  This is not always the case, however.
-     * If the shell puts each job in a process group and doesn't pass
-     * along SIGHUP, all processes may not die.
-     */
-    if ( pid > 0 ) {
-#ifdef HAVE_KILLPG
-	killpg(pid, SIGHUP);
-#else
-	kill( -(pid), SIGHUP );
-#endif /*HAVE_KILLPG*/
-    }
-#else /* HAVE_REVOKE*/
-#ifdef VHANG_LAST
-    {
-      int status;
-#ifdef POSIX_SIGNALS
-      sigset_t old, new;
-      sigemptyset(&new);
-      sigaddset(&new, SIGCHLD);
-      sigprocmask ( SIG_BLOCK, &new, &old);
-#else /*POSIX_SIGNALS*/
-      int mask = sigblock(sigmask(SIGCHLD));
-#endif /*POSIX_SIGNALS*/
-      switch (retval = fork()) {
-      case -1:
-#ifdef POSIX_SIGNALS
-	sigprocmask(SIG_SETMASK, &old, 0);
-#else /*POSIX_SIGNALS*/
-	sigsetmask(mask);
-#endif /*POSIX_SIGNALS*/
-	return errno;
-      case 0:
-	ptyint_void_association();
-	if ((retval = pty_open_ctty(slave, &fd)))
-	  exit(retval);
-	ptyint_vhangup();
-	exit(0);
-	break;
-      default:
-#ifdef HAVE_WAITPID
-	waitpid(retval, &status, 0);
-#else /*HAVE_WAITPID*/
-	wait(&status);
-#endif
-#ifdef POSIX_SIGNALS
-	sigprocmask(SIG_SETMASK, &old, 0);
-#else /*POSIX_SIGNALS*/
-	sigsetmask(mask);
-#endif /*POSIX_SIGNALS*/
-
-	break;
-      }
-    }
-#endif /*VHANG_LAST*/
-#endif /* HAVE_REVOKE*/
-#ifndef HAVE_STREAMS
-    slave[strlen("/dev/")] = 'p';
-    (void)chmod(slave, 0666);
-    (void)chown(slave, 0, 0);
-#endif
-    return 0;
-}
diff --git a/src/appl/libpty/configure.in b/src/appl/libpty/configure.in
deleted file mode 100644
index 22af702..0000000
--- a/src/appl/libpty/configure.in
+++ /dev/null
@@ -1,262 +0,0 @@
-K5_AC_INIT(getpty.c)
-CONFIG_RULES
-AC_PROG_AWK
-AC_CHECK_FUNCS(fchmod fchown revoke vhangup killpg _getpty)
-dnl
-LOGINLIBS=
-dnl
-dnl Make our operating system-specific security checks and definitions for
-dnl login.
-dnl  In addition, the following code decides what streams modules will
-dnl be pushed onto a pty.In particular, if HAVE_STREAMS is defined and
-dnl HAVE_LINE_PUSH is not defined, modules may be pushed by inserting
-dnl An appropriate generic ifdef for each module in init_slave.c and
-dnl  AC_DEFINES for the operating systems that need the modules.
-dnl  Each OS that supports streams has a different idea of what you want to
-dnl push.
-dnl
-case $krb5_cv_host in
-*-*-ultrix*)
-echo "Disabling initial vhangup and setsid because they break under Ultrix..."
-AC_DEFINE([OPEN_CTTY_ONLY_ONCE],[1],[Define on Ultrix where an initial vhangup breaks])
-ac_cv_func_setsid=no # setsid doesn't do the right thing under Ultrix even though present
-;;
-
-*-*-aix3*) # AIX has streams include files but not streams TTY
-# Moreover, strops.h trashes sys/ioctl.h
-krb5_cv_has_streams=no
-;;
-alpha*-dec-osf*)
-	AC_MSG_RESULT(will open ctty prior to revoke due to OSF/1 lossage)
-	AC_DEFINE(REVOKE_NEEDS_OPEN,1,[Define if ctty needs to be opened before revoke as on OSF/1])
-	;;
-*-*-solaris*)
-     AC_DEFINE(PUSH_PTEM,1,[push ptem?])
-     AC_DEFINE(PUSH_LDTERM,1,[push ldterm?])
-     AC_DEFINE(PUSH_TTCOMPAT,1,[push ttcompat?])
-     ;;
-*-*-hpux*)
-     krb5_cv_has_streams=no
-     ;;
-esac
-dnl
-AC_CHECK_LIB(util,openpty, [AC_DEFINE(HAVE_OPENPTY,1,[Define if openpty is provided in util library]) LIBS="$LIBS -lutil"])
-AC_TYPE_MODE_T
-AC_CHECK_TYPE(time_t, long)
-AC_CHECK_FUNCS(setreuid gettosbyname setsid ttyname line_push ptsname grantpt openpty)
-AC_CHECK_HEADERS(unistd.h stdlib.h string.h libutil.h pty.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h sys/wait.h ttyent.h lastlog.h sys/select.h util.h sys/stream.h)
-AC_CHECK_FUNCS(waitpid)
-CHECK_SIGNALS
-AC_CHECK_HEADER(termios.h,[AC_CHECK_FUNC(cfsetispeed,AC_DEFINE(POSIX_TERMIOS,1,[Define for POSIX termios interface]))])
-
-AC_CHECK_HEADER(sys/ptyvar.h, [], [],
-[#if HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-#if HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif])
-
-######################################################################
-#
-# utmp related hair here.  There's lots of it.
-#
-
-AC_CHECK_HEADERS(utmp.h utmpx.h)
-AC_CHECK_FUNCS(setutent setutxent setutsent updwtmp updwtmpx logwtmp getutmp getutmpx)
-AC_CHECK_FUNCS(utmpname utmpxname)
-
-AC_DEFUN(K5_CHECK_UT_MEMBER,
-[AC_MSG_CHECKING([for $2 in struct $1])
-AC_CACHE_VAL([krb5_cv_struct_$1_$2],
-[AC_TRY_COMPILE([#include <sys/types.h>
-#include <$1.h>], [struct $1 u; u.$2;],
-eval "krb5_cv_struct_$1_$2=yes", eval "krb5_cv_struct_$1_$2=no")])
-if eval "test \"`echo '$krb5_cv_struct_'$1'_'$2`\" = yes"; then
-  AC_MSG_RESULT(yes)
-  krb5_tr_ut=HAVE_STRUCT_`echo $1'_'$2 | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
-  AC_DEFINE_UNQUOTED($krb5_tr_ut,1,[Define if $2 field present in $1])
-else
-  AC_MSG_RESULT(no)
-fi])
-
-if test "$ac_cv_header_utmp_h" = yes; then
-  AC_MSG_RESULT(checking struct utmp members)
-  for krb5_mem in ut_host ut_syslen ut_addr ut_id ut_pid ut_type ut_exit; do
-    K5_CHECK_UT_MEMBER(utmp, $krb5_mem)
-  done
-fi
-
-if test "$ac_cv_header_utmpx_h" = yes; then
-  AC_MSG_RESULT(checking struct utmpx members)
-  for krb5_mem in ut_host ut_syslen ut_addr ut_id ut_pid ut_type ut_exit; do
-    K5_CHECK_UT_MEMBER(utmpx, $krb5_mem)
-  done
-fi
-
-AC_DEFUN(K5_CHECK_UT_EXIT_MEMBER,
-[AC_MSG_CHECKING([for ut_exit.$2 in struct $1])
-AC_CACHE_VAL([krb5_cv_struct_$1_ut_exit_$2],
-[AC_TRY_COMPILE([#include <sys/types.h>
-#include <$1.h>], [struct $1 u; u.ut_exit.$2;],
-eval "krb5_cv_struct_$1_ut_exit_$2=yes",
-eval "krb5_cv_struct_$1_ut_exit_$2=no")])
-if eval "test \"`echo '$krb5_cv_struct_'$1'_ut_exit_'$2`\" = yes"; then
-  AC_MSG_RESULT(yes)
-  ifelse([$3], , :, [$3])
-else
-  AC_MSG_RESULT(no)
-  ifelse([$4], , :, [$4])
-fi])
-
-if test "$krb5_cv_struct_utmp_ut_exit" = yes; then
-  AC_MSG_RESULT(checking for working ut_exit.e_exit in struct utmp)
-  for krb5_mem in __e_exit ut_e_exit ut_exit e_exit; do
-    K5_CHECK_UT_EXIT_MEMBER(utmp, $krb5_mem,
-[krb5_utmp_e_exit=$krb5_mem
-krb5_utmp_e_termination=`echo $krb5_mem|sed -e 's%_exit$%_termination%'`], )
-  done
-  if test "${krb5_utmp_e_exit+set}" = set; then
-    AC_MSG_RESULT([working ut_exit.e_exit in utmp is $krb5_utmp_e_exit])
-    AC_DEFINE_UNQUOTED(PTY_UTMP_E_EXIT, $krb5_utmp_e_exit,[Define to utmp exit field name])
-    AC_DEFINE_UNQUOTED(PTY_UTMP_E_TERMINATION, $krb5_utmp_e_termination,[Define to utmp termination field name])
-  else
-    AC_MSG_RESULT([cannot find working ut_exit.e_exit in utmp])
-  fi
-fi
-
-if test "$krb5_cv_struct_utmpx_ut_exit" = yes; then
-  AC_MSG_RESULT(checking for working ut_exit.e_exit in struct utmpx)
-  for krb5_mem in __e_exit ut_e_exit ut_exit e_exit; do
-    K5_CHECK_UT_EXIT_MEMBER(utmpx, $krb5_mem,
-[krb5_utmpx_e_exit=$krb5_mem
-krb5_utmpx_e_termination=`echo $krb5_mem|sed -e 's%_exit$%_termination%'`], )
-  done
-  if test "${krb5_utmpx_e_exit+set}" = set; then
-    AC_MSG_RESULT([working ut_exit.e_exit in utmpx is $krb5_utmpx_e_exit])
-    AC_DEFINE_UNQUOTED(PTY_UTMPX_E_EXIT, $krb5_utmpx_e_exit,[Define to utmpx exit field name])
-    AC_DEFINE_UNQUOTED(PTY_UTMPX_E_TERMINATION, $krb5_utmpx_e_termination,[Define to utmpx termination field name])
-  else
-    AC_MSG_RESULT([cannot find working ut_exit.e_exit in utmpx])
-  fi
-fi
-
-if test "$ac_cv_header_utmpx_h" = yes; then
-  AC_MSG_CHECKING(consistency of utmpx API)
-  if test "$ac_cv_func_setutxent" = yes; then
-    if test "$krb5_cv_struct_utmpx_ut_id" = yes \
-      && test "$krb5_cv_struct_utmpx_ut_type" = yes \
-      && test "$krb5_cv_struct_utmpx_ut_pid" = yes; then
-      AC_MSG_RESULT(ok)
-    else
-      AC_MSG_RESULT(not ok)
-      AC_MSG_ERROR([have setutxent but no ut_id, ut_type, or ut_pid in utmpx])
-    fi
-  else
-    AC_MSG_RESULT(not ok)
-    AC_MSG_ERROR([have utmpx.h but no setutxent])
-  fi
-fi
-
-if test "$ac_cv_func_setutent" = yes && \
-  test "$ac_cv_header_utmpx_h" = no; then
-  AC_MSG_CHECKING(consistency of sysV-ish utmp API)
-  if test "$ac_cv_header_utmp_h" = yes; then
-    if test "$krb5_cv_struct_utmp_ut_id" = yes \
-      && test "$krb5_cv_struct_utmp_ut_type" = yes \
-      && test "$krb5_cv_struct_utmp_ut_pid" = yes; then
-      AC_MSG_RESULT(ok)
-    else
-      AC_MSG_RESULT(not ok)
-      AC_MSG_ERROR([have setutent but no ut_id, ut_type, or ut_pid in utmp])
-    fi
-  else
-    AC_MSG_RESULT(not ok)
-    AC_MSG_ERROR([have setutent but no utmp.h])
-  fi
-fi
-
-#
-# end of utmp-related hair
-#
-######################################################################
-dnl
-KRB5_NEED_PROTO([#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-],getutmp)
-dnl
-#########################################
-KRB5_NEED_PROTO([#include <sys/types.h>
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_LIBUTIL_H
-#include <libutil.h>
-#endif
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-],logwtmp)
-########################################
-KRB5_NEED_PROTO([#include <unistd.h>
-],revoke)
-########################################
-dnl
-AC_MSG_CHECKING([streams interface])
-AC_CACHE_VAL(krb5_cv_has_streams,
-[AC_TRY_COMPILE(
-[#include <sys/stream.h>
-#include <sys/stropts.h>], [],
-krb5_cv_has_streams=yes, krb5_cv_has_streams=no)])
-AC_MSG_RESULT($krb5_cv_has_streams)
-if test $krb5_cv_has_streams = yes; then
-AC_DEFINE(HAVE_STREAMS,1,[Define if have streams])
-fi
-dnl
-dnl
-dnl
-AC_MSG_CHECKING([arguments to getpgrp])
-AC_CACHE_VAL(krb5_cv_getpgrp_args,
-[AC_TRY_COMPILE(
-[#ifndef __STDC__
-#define __STDC__ 1
-#endif
-#include <unistd.h>
-#include <sys/types.h>], [pid_t pid = getpgrp(getpid())],
-krb5_cv_getpgrp_args=pid, krb5_cv_getpgrp_args=void)])
-AC_MSG_RESULT($krb5_cv_getpgrp_args)
-if test $krb5_cv_getpgrp_args = pid; then
-AC_DEFINE(GETPGRP_ONEARG,1,[Define if getpgrp takes one arg])
-fi
-dnl
-dnl
-AC_MSG_CHECKING([number of arguments to setpgrp])
-AC_CACHE_VAL(krb5_cv_setpgrp_args,
-[AC_TRY_COMPILE(
-[#ifndef __STDC__
-#define __STDC__ 1
-#endif
-#include <unistd.h>],[setpgrp(0,0)],
-krb5_cv_setpgrp_args=two, krb5_cv_setpgrp_args=void)])
-AC_MSG_RESULT($krb5_cv_setpgrp_args)
-if test $krb5_cv_setpgrp_args = two; then
-AC_DEFINE(SETPGRP_TWOARG,1,[Define if setpgrp takes two args])
-fi
-dnl
-KRB5_AC_INET6
-AC_C_CONST
-KRB5_BUILD_LIBRARY
-KRB5_BUILD_LIBOBJS
-KRB5_BUILD_PROGRAM
-KRB5_RUN_FLAGS
-V5_AC_OUTPUT_MAKEFILE
diff --git a/src/appl/libpty/deps b/src/appl/libpty/deps
deleted file mode 100644
index 841f663..0000000
--- a/src/appl/libpty/deps
+++ /dev/null
@@ -1,45 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-pty_err.so pty_err.po $(OUTPRE)pty_err.$(OBJEXT): $(COM_ERR_DEPS) \
-  pty_err.c
-cleanup.so cleanup.po $(OUTPRE)cleanup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h cleanup.c \
-  libpty.h pty-int.h pty_err.h
-getpty.so getpty.po $(OUTPRE)getpty.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h getpty.c libpty.h \
-  pty-int.h pty_err.h
-init_slave.so init_slave.po $(OUTPRE)init_slave.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  init_slave.c libpty.h pty-int.h pty_err.h
-open_ctty.so open_ctty.po $(OUTPRE)open_ctty.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  libpty.h open_ctty.c pty-int.h pty_err.h
-open_slave.so open_slave.po $(OUTPRE)open_slave.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  libpty.h open_slave.c pty-int.h pty_err.h
-update_utmp.so update_utmp.po $(OUTPRE)update_utmp.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \
-  libpty.h pty-int.h pty_err.h update_utmp.c
-update_wtmp.so update_wtmp.po $(OUTPRE)update_wtmp.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  libpty.h pty-int.h pty_err.h update_wtmp.c
-vhangup.so vhangup.po $(OUTPRE)vhangup.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \
-  pty-int.h pty_err.h vhangup.c
-void_assoc.so void_assoc.po $(OUTPRE)void_assoc.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \
-  libpty.h pty-int.h pty_err.h void_assoc.c
-logwtmp.so logwtmp.po $(OUTPRE)logwtmp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h libpty.h \
-  logwtmp.c pty-int.h pty_err.h
-init.so init.po $(OUTPRE)init.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h init.c \
-  libpty.h pty-int.h pty_err.h
-sane_hostname.so sane_hostname.po $(OUTPRE)sane_hostname.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  libpty.h pty-int.h pty_err.h sane_hostname.c
diff --git a/src/appl/libpty/dump-utmp.c b/src/appl/libpty/dump-utmp.c
deleted file mode 100644
index de3a746..0000000
--- a/src/appl/libpty/dump-utmp.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/*
- * Copyright 2001 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- * dump-utmp.c: dump utmp and utmpx format files for debugging purposes.
- */
-
-#include <sys/types.h>
-#include <sys/file.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-
-#ifndef UTMPX
-#ifdef HAVE_UTMPX_H
-#define UTMPX
-#endif
-#endif
-
-#if defined(HAVE_UTMPNAME) || defined(HAVE_UTMPXNAME)
-#define UTN			/* we can set utmp or utmpx for getut*() */
-#endif
-
-#ifdef UTMPX
-#include <utmpx.h>
-void print_utx(int, const struct utmpx *);
-#endif
-#include <utmp.h>
-
-void print_ut(int, const struct utmp *);
-
-void usage(const char *);
-
-#if defined (HAVE_STRUCT_UTMP_UT_TYPE) || defined (UTMPX)
-char *ut_typename(int);
-
-char *
-ut_typename(int t) {
-    switch (t) {
-#define S(N) case N : return #N
-#define S2(N,N2) case N : return #N2
-	S(EMPTY);
-	S(RUN_LVL);
-	S(BOOT_TIME);
-	S(OLD_TIME);
-	S(NEW_TIME);
-	S2(INIT_PROCESS,INIT);
-	S2(LOGIN_PROCESS,LOGIN);
-	S2(USER_PROCESS,USER);
-	S2(DEAD_PROCESS,DEAD);
-	S(ACCOUNTING);
-    default: return "??";
-    }
-}
-#endif
-
-#define S2D(x) (sizeof(x) * 2.4 + 1.5)
-
-void
-print_ut(int all, const struct utmp *u)
-{
-    int lu, ll;
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-    int lid;
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_PID
-    int lpid;
-#endif
-#ifdef PTY_UTMP_E_EXIT
-    int let, lee;
-#endif
-
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    if (!all && ((u->ut_type == EMPTY) || (u->ut_type == DEAD_PROCESS)))
-	return;
-#endif
-
-    lu = sizeof(u->ut_name);
-    ll = sizeof(u->ut_line);
-    printf("%-*.*s:", lu, lu, u->ut_name);
-    printf("%-*.*s:", ll, ll, u->ut_line);
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-    lid = sizeof(u->ut_id);
-    printf("%-*.*s:", lid, lid, u->ut_id);
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_PID
-    lpid = S2D(u->ut_pid);
-    printf("%*ld", lpid, (long)u->ut_pid);
-#endif
-#ifdef PTY_UTMP_E_EXIT
-    let = S2D(u->ut_exit.PTY_UTMP_E_TERMINATION);
-    lee = S2D(u->ut_exit.PTY_UTMP_E_EXIT);
-    printf("(%*ld,", let, (long)u->ut_exit.PTY_UTMP_E_TERMINATION);
-    printf("%*ld)", lee, (long)u->ut_exit.PTY_UTMP_E_EXIT);
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    printf(" %-9s", ut_typename(u->ut_type));
-#endif
-    printf(" %s", ctime(&u->ut_time) + 4);
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    if (u->ut_host[0])
-	printf(" %.*s\n", (int) sizeof(u->ut_host), u->ut_host);
-#endif
-
-    return;
-}
-
-#ifdef UTMPX
-void
-print_utx(int all, const struct utmpx *u)
-{
-    int lu, ll, lid, lpid;
-#ifdef PTY_UTMPX_E_EXIT
-    int let, lee;
-#endif
-
-    if (!all && ((u->ut_type == EMPTY) || (u->ut_type == DEAD_PROCESS)))
-	return;
-
-    lu = sizeof(u->ut_user);
-    ll = sizeof(u->ut_line);
-    lid = sizeof(u->ut_id);
-    printf("%-*.*s:", lu, lu, u->ut_user);
-    printf("%-*.*s:", ll, ll, u->ut_line);
-    printf("%-*.*s", lid, lid, u->ut_id);
-    if (lu + ll + lid >= 60)
-	printf("\n");
-    else
-	printf(":");
-    lpid = S2D(u->ut_pid);
-    printf("%*ld", lpid, (long)u->ut_pid);
-#ifdef PTY_UTMPX_E_EXIT
-    let = S2D(u->ut_exit.PTY_UTMPX_E_TERMINATION);
-    lee = S2D(u->ut_exit.PTY_UTMPX_E_EXIT);
-    printf("(%*ld,", let, (long)u->ut_exit.PTY_UTMPX_E_TERMINATION);
-    printf("%*ld)", lee, (long)u->ut_exit.PTY_UTMPX_E_EXIT);
-#endif
-    printf(" %-9s", ut_typename(u->ut_type));
-    printf(" %s", ctime(&u->ut_tv.tv_sec) + 4);
-#ifdef HAVE_STRUCT_UTMPX_UT_HOST
-    if (u->ut_host[0])
-	printf(" %s\n", u->ut_host);
-#endif
-
-    return;
-}
-#endif
-
-#ifdef UTMPX
-#define OPTX "x"
-#else
-#define OPTX
-#endif
-#ifdef UTN
-#define OPTG "g"
-#else
-#define OPTG
-#endif
-#define OPTS "a" OPTX OPTG
-
-void
-usage(const char *prog)
-{
-    fprintf(stderr, "usage: %s [-" OPTS "] file\n", prog);
-    exit(1);
-}
-
-int
-main(int argc, char **argv)
-{
-    int c;
-    int all, is_utmpx, do_getut;
-    int f;
-    char *fn;
-    size_t recsize;
-    size_t nread;
-    union {
-	struct utmp ut;
-#ifdef UTMPX
-	struct utmpx utx;
-#endif
-    } u;
-
-    all = is_utmpx = do_getut = 0;
-    recsize = sizeof(struct utmp);
-
-    while ((c = getopt(argc, argv, OPTS)) != EOF) {
-	switch (c) {
-	case 'a':
-	    all = 1;
-	    break;
-#ifdef UTMPX
-	case 'x':
-	    is_utmpx = 1;
-	    recsize = sizeof(struct utmpx);
-	    break;
-#endif
-#ifdef UTN
-	case 'g':
-	    do_getut = 1;
-	    break;
-#endif
-	default:
-	    usage(argv[0]);
-	}
-    }
-    if (argc <= optind)
-	usage(argv[0]);
-    fn = argv[optind];
-    if (!do_getut) {
-	f = open(fn, O_RDONLY);
-	if (f == -1) {
-	    perror(fn);
-	    exit(1);
-	}
-	while ((nread = read(f, &u, recsize)) > 0) {
-	    if (nread < recsize) {
-		fprintf(stderr, "short read");
-		close(f);
-		exit(1);
-	    }
-	    if (is_utmpx) {
-#ifdef UTMPX
-		print_utx(all, &u.utx);
-#else
-		abort();
-#endif
-	    } else {
-		print_ut(all, &u.ut);
-	    }
-	}
-	if (nread == -1) {
-	    perror("read");
-	    exit(1);
-	}
-	close(f);
-    } else {
-	if (is_utmpx) {
-#ifdef UTMPX
-#ifdef HAVE_UTMPXNAME
-	    struct utmpx *utxp;
-	    utmpxname(fn);
-	    setutxent();
-	    while ((utxp = getutxent()) != NULL)
-		print_utx(all, utxp);
-#else
-	    fprintf(stderr, "no utmpxname(); can't use getutxent()\n");
-	    exit(1);
-#endif
-#else
-	    abort();
-#endif
-	} else {
-#ifdef HAVE_UTMPNAME
-	    struct utmp *utp;
-	    utmpname(fn);
-	    setutxent();
-	    while ((utp = getutent()) != NULL)
-		print_ut(all, utp);
-#else
-	    fprintf(stderr, "no utmpname(); can't use getutent()\n");
-	    exit(1);
-#endif
-	}
-    }
-    exit(0);
-}
diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c
deleted file mode 100644
index f262e61..0000000
--- a/src/appl/libpty/getpty.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * pty_getpty: open a PTY master.
- *
- * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-#include "k5-platform.h"
-
-long
-ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt)
-{
-#if !defined(HAVE__GETPTY) && !defined(HAVE_OPENPTY)
-    char *cp;
-    char *p;
-    int i,ptynum;
-    struct stat stb;
-    char slavebuf[1024];
-#endif
-
-#ifdef HAVE__GETPTY
-    char *slaveret; /*Temporary to hold pointer to slave*/
-#endif /*HAVE__GETPTY*/
-
-#ifdef HAVE_OPENPTY
-    int slavefd;
-
-    if(openpty(fd, &slavefd, slave, (struct termios *) 0,
-         (struct winsize *) 0)) return 1;
-    close(slavefd);
-    return 0;
-#else /*HAVE_OPENPTY*/
-#ifdef HAVE__GETPTY
-    /* This code is included for Irix; as of version 5.3, Irix has /dev/ptmx,
-     * but it fails to work properly; even after calling unlockpt,
-     * root gets permission denied opening the pty.
-     * The code to support _getpty should be removed if Irix gets working
-     * streams ptys in favor of maintaining the least needed code
-     * paths.
-     */
-    if ((slaveret = _getpty(fd, O_RDWR|O_NDELAY, 0600, 0)) == 0) {
-	*fd = -1;
-	return PTY_GETPTY_NOPTY;
-    }
-    if (strlcpy(slave, slaveret, slavelength) >= slavelength) {
-	close(*fd);
-	*fd = -1;
-	return PTY_GETPTY_SLAVE_TOOLONG;
-    }
-    return 0;
-#else /*HAVE__GETPTY*/
-
-    *fd = open("/dev/ptym/clone", O_RDWR|O_NDELAY);	/* HPUX*/
-#ifdef HAVE_STREAMS
-    if (*fd < 0) *fd = open("/dev/ptmx",O_RDWR|O_NDELAY); /*Solaris*/
-#endif
-    if (*fd < 0) *fd = open("/dev/ptc", O_RDWR|O_NDELAY); /* AIX */
-    if (*fd < 0) *fd = open("/dev/pty", O_RDWR|O_NDELAY); /* sysvimp */
-
-    if (*fd >= 0) {
-
-#if defined(HAVE_GRANTPT)&&defined(HAVE_STREAMS)
-	if (do_grantpt)
-	    if (grantpt(*fd) || unlockpt(*fd)) return PTY_GETPTY_STREAMS;
-#endif
-
-#ifdef HAVE_PTSNAME
-	p = ptsname(*fd);
-#else
-#ifdef	HAVE_TTYNAME
-	p = ttyname(*fd);
-#else
-	/* XXX If we don't have either what do we do */
-#endif
-#endif
-	if (p) {
-	    if (strlcpy(slave, p, slavelength) >= slavelength) {
-		    close (*fd);
-		    *fd = -1;
-		    return PTY_GETPTY_SLAVE_TOOLONG;
-	    }
-	    return 0;
-	}
-
-	if (fstat(*fd, &stb) < 0) {
-	    close(*fd);
-	    return PTY_GETPTY_FSTAT;
-	}
-	ptynum = (int)(stb.st_rdev&0xFF);
-	snprintf(slavebuf, sizeof(slavebuf), "/dev/ttyp%x", ptynum);
-	if (strlen(slavebuf) > slavelength - 1) {
-	    close(*fd);
-	    *fd = -1;
-	    return PTY_GETPTY_SLAVE_TOOLONG;
-	}
-	strncpy(slave, slavebuf, slavelength);
-	return 0;
-    } else {
-    	for (cp = "pqrstuvwxyzPQRST";*cp; cp++) {
-	    snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX");
-	    slavebuf[sizeof("/dev/pty") - 1] = *cp;
-	    slavebuf[sizeof("/dev/ptyp") - 1] = '0';
-	    if (stat(slavebuf, &stb) < 0)
-		break;
-	    for (i = 0; i < 16; i++) {
-		slavebuf[sizeof("/dev/ptyp") - 1] = "0123456789abcdef"[i];
-		*fd = open(slavebuf, O_RDWR);
-		if (*fd < 0) continue;
-
-		/* got pty */
-		slavebuf[sizeof("/dev/") - 1] = 't';
-		if (strlen(slavebuf) > slavelength -1) {
-		    close(*fd);
-		    *fd = -1;
-		    return PTY_GETPTY_SLAVE_TOOLONG;
-		}
-		strncpy(slave, slavebuf, slavelength);
-		return 0;
-	    }
-	}
-	return PTY_GETPTY_NOPTY;
-    }
-#endif /*HAVE__GETPTY*/
-#endif /* HAVE_OPENPTY */
-}
-
-long
-pty_getpty(int *fd, char *slave, int slavelength)
-{
-    return ptyint_getpty_ext(fd, slave, slavelength, 1);
-}
diff --git a/src/appl/libpty/init.c b/src/appl/libpty/init.c
deleted file mode 100644
index 0b7038b..0000000
--- a/src/appl/libpty/init.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * pty_init: Initialize internal state of pty.
- *
- * Currently initializes error tables.
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-long pty_init(void)
-{
-    initialize_pty_error_table();
-    return 0;
-}
diff --git a/src/appl/libpty/init_slave.c b/src/appl/libpty/init_slave.c
deleted file mode 100644
index 760d5ac..0000000
--- a/src/appl/libpty/init_slave.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * pty_init_slave: open slave side of terminal, clearing for use.
- *
- * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-/* * The following is an array of modules that should be pushed on the
- *  stream.  See configure.in for caviats and notes about when this
- *  array is used and not used.
- */
-#if defined(HAVE_STREAMS)&&(!defined(HAVE_LINE_PUSH))
-static char *push_list[] = {
-#ifdef PUSH_PTEM
-  "ptem",
-#endif
-#ifdef PUSH_LDTERM
-  "ldterm",
-#endif
-#ifdef PUSH_TTCOMPAT
-"ttcompat",
-#endif
-  0};
-#endif /*HAVE_STREAMS but not HAVE_LINE_PUSH*/
-
-
-
-long pty_initialize_slave (int fd)
-{
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-    struct termios new_termio;
-#else
-    struct sgttyb b;
-#endif /* POSIX_TERMIOS */
-    int pid;
-
-#ifdef HAVE_STREAMS
-#ifdef HAVE_LINE_PUSH
-        while (ioctl (fd, I_POP, 0) == 0); /*Clear out any old lined's*/
-
-    if (line_push(fd) < 0)
-	{
-	    (void) close(fd); fd = -1;
-	    return PTY_OPEN_SLAVE_LINE_PUSHFAIL;
-	}
-#else /*No line_push */
-    {
-       char **module = &push_list[0];
-      while (*module)
-		if (ioctl(fd, I_PUSH, *(module++)) < 0)
-		  	return PTY_OPEN_SLAVE_PUSH_FAIL;
-    }
-
-#endif /*LINE_PUSH*/
-#endif /*HAVE_STREAMS*/
-
-    /*
-	 * Under Ultrix 3.0, the pgrp of the slave pty terminal
-	 * needs to be set explicitly.  Why rlogind works at all
-	 * without this on 4.3BSD is a mystery.
-	 */
-#ifdef GETPGRP_ONEARG
-    pid = getpgrp(getpid());
-#else
-    pid = getpgrp();
-#endif
-
-#ifdef TIOCSPGRP
-    ioctl(fd, TIOCSPGRP, &pid);
-#endif
-
-
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-	tcsetpgrp(fd, pid);
-	tcgetattr(fd,&new_termio);
-	new_termio.c_cc[VMIN] = 1;
-	new_termio.c_cc[VTIME] = 0;
-    tcsetattr(fd,TCSANOW,&new_termio);
-#endif /* POSIX_TERMIOS */
-
-    return 0;
-}
diff --git a/src/appl/libpty/libpty.h b/src/appl/libpty/libpty.h
deleted file mode 100644
index 13cc5ec..0000000
--- a/src/appl/libpty/libpty.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Header file for manipulation of ptys and utmp entries.
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#ifndef __LIBPTY_H__
-
-/* Constants for pty_update_utmp */
-#define PTY_LOGIN_PROCESS 0
-#define PTY_USER_PROCESS 1
-#define PTY_DEAD_PROCESS 2
-
-/* flags to update_utmp*/
-#define PTY_TTYSLOT_USABLE (0x1)
-#define PTY_UTMP_USERNAME_VALID (0x2)
-
-long pty_init(void);
-long pty_getpty ( int *fd, char *slave, int slavelength);
-
-long pty_open_slave (const char *slave, int *fd);
-long pty_open_ctty (const char *slave, int *fd);
-
-long pty_initialize_slave ( int fd);
-long pty_update_utmp(int process_type, int pid, const char *user,
-		     const char *tty_line, const char *host, int flags);
-
-long pty_logwtmp(const char *tty, const char *user, const char *host);
-
-long pty_cleanup(char *slave, int pid, int update_utmp);
-
-#ifndef SOCK_DGRAM
-struct sockaddr;
-#endif
-
-long pty_make_sane_hostname(const struct sockaddr *, int, int, int, char **);
-#define __LIBPTY_H__
-#endif
diff --git a/src/appl/libpty/logwtmp.c b/src/appl/libpty/logwtmp.c
deleted file mode 100644
index 2417fb4..0000000
--- a/src/appl/libpty/logwtmp.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * pty_logwtmp: Implement the logwtmp function if not present.
- *
- * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-#if defined(HAVE_SETUTXENT) || defined(HAVE_SETUTENT)
-#ifdef HAVE_SETUTXENT
-#define PTY_STRUCT_UTMPX struct utmpx
-#else
-#define PTY_STRUCT_UTMPX struct utmp
-#endif
-
-#ifdef NEED_LOGWTMP_PROTO
-void logwtmp(const char *, const char *, const char *);
-#endif
-
-long
-pty_logwtmp(const char *tty, const char *user, const char *host)
-{
-#ifndef HAVE_LOGWTMP
-    PTY_STRUCT_UTMPX utx;
-    int loggingin;
-    size_t len;
-    const char *cp;
-    char utmp_id[5];
-#endif
-
-#ifdef HAVE_LOGWTMP
-    logwtmp(tty,user,host);
-    return 0;
-#else
-
-    loggingin = (user[0] != '\0');
-
-    memset(&utx, 0, sizeof(utx));
-    strncpy(utx.ut_line, tty, sizeof(utx.ut_line));
-    strncpy(utx.ut_user, user, sizeof(utx.ut_user));
-#if (defined(HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMPX_UT_HOST))	   \
-	|| (!defined(HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMP_UT_HOST))
-    strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-    utx.ut_host[sizeof(utx.ut_host) - 1] = '\0';
-#endif
-#ifdef HAVE_SETUTXENT
-    gettimeofday(&utx.ut_tv, NULL);
-#else
-    (void)time(&utx.ut_time);
-#endif
-    utx.ut_pid = (loggingin ? getpid() : 0);
-    utx.ut_type = (loggingin ? USER_PROCESS : DEAD_PROCESS);
-
-    len = strlen(tty);
-    if (len >= 2)
-	cp = tty + len - 2;
-    else
-	cp = tty;
-    snprintf(utmp_id, sizeof(utmp_id), "kr%s", cp);
-    strncpy(utx.ut_id, utmp_id, sizeof(utx.ut_id));
-
-#ifdef HAVE_SETUTXENT
-    return ptyint_update_wtmpx(&utx);
-#else
-    return ptyint_update_wtmp(&utx);
-#endif
-
-#endif /* !HAVE_LOGWTMP */
-}
-
-#else  /* !(defined(HAVE_SETUTXENT) || defined(HAVE_SETUTENT)) */
-
-long
-pty_logwtmp(const char *tty, const char *user, const char *host)
-{
-    struct utmp ut;
-
-#ifdef HAVE_LOGWTMP
-    logwtmp(tty,user,host);
-    return 0;
-#else
-
-    memset(&ut, 0, sizeof(ut));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    strncpy(ut.ut_host, host, sizeof(ut.ut_host));
-    ut.ut_host[sizeof(ut.ut_host) - 1] = '\0';
-#endif
-    strncpy(ut.ut_line, tty, sizeof(ut.ut_line));
-    strncpy(ut.ut_name, user, sizeof(ut.ut_name));
-    return ptyint_update_wtmp(&ut);
-
-#endif /* !HAVE_LOGWTMP */
-}
-
-#endif /* !(defined(HAVE_SETUTXENT) || defined(HAVE_SETUTENT)) */
diff --git a/src/appl/libpty/open_ctty.c b/src/appl/libpty/open_ctty.c
deleted file mode 100644
index 9d6fb0d..0000000
--- a/src/appl/libpty/open_ctty.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * pty_open_ctty: Open and establish controlling terminal.
- *
- * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-/*
- * This function will be called twice.  The first time it will acquire
- * a controlling terminal from which to vhangup() or revoke() (see
- * comments in open_slave.c); the second time, it will be to open the
- * actual slave device for use by the application.  We no longer call
- * ptyint_void_association(), as that will be called in
- * pty_open_slave() to avoid spurious calls to setsid(), etc.
- *
- * It is assumed that systems where vhangup() exists and does break
- * the ctty association will allow the slave to be re-acquired as the
- * ctty.  Also, if revoke() or vhangup() doesn't break the ctty
- * association, we assume that we can successfully reopen the slave.
- *
- * This function doesn't check whether we actually acquired the ctty;
- * we assume that the caller will check that, or that it doesn't
- * matter in the particular case.
- */
-long
-pty_open_ctty(const char *slave, int *fd)
-{
-
-#ifdef ultrix
-    /*
-     * The Ultrix (and other BSD tty drivers) require the process
-     * group to be zero, in order to acquire the new tty as a
-     * controlling tty.  This may actually belong in
-     * ptyint_void_association().
-     */
-    (void) setpgrp(0, 0);
-#endif
-    *fd = open(slave, O_RDWR);
-    if (*fd < 0)
-	return PTY_OPEN_SLAVE_OPENFAIL;
-#ifdef ultrix
-    setpgrp(0, getpid());
-#endif
-
-#ifdef TIOCSCTTY
-    ioctl(*fd, TIOCSCTTY, 0); /* Don't check return.*/
-#endif /* TIOCSTTY */
-    return 0;
-}
diff --git a/src/appl/libpty/open_slave.c b/src/appl/libpty/open_slave.c
deleted file mode 100644
index 97f20fe..0000000
--- a/src/appl/libpty/open_slave.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * pty_open_slave: open slave side of terminal, clearing for use.
- *
- * Copyright 1995, 1996, 2001 by the Massachusetts Institute of
- * Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-long
-pty_open_slave(const char *slave, int *fd)
-{
-    int tmpfd;
-    long retval;
-
-    /* Sanity check. */
-    if (slave == NULL || *slave == '\0')
-	return PTY_OPEN_SLAVE_TOOSHORT;
-
-    /* First, set up a new session and void old associations. */
-    ptyint_void_association();
-
-    /*
-     * Make a first attempt at acquiring the ctty under certain
-     * condisions.  This is necessary for several reasons:
-     *
-     * Under Irix, if you open a pty slave and then close it, a
-     * subsequent open of the slave will cause the master to read EOF.
-     * To prevent this, don't close the first fd until we do the real
-     * open following vhangup().
-     *
-     * Under Tru64 v5.0, if there isn't a fd open on the slave,
-     * revoke() fails with ENOTTY, curiously enough.
-     *
-     * Anyway, sshd seems to make a practice of doing this.
-     */
-#if defined(VHANG_FIRST) || defined(REVOKE_NEEDS_OPEN)
-    retval = pty_open_ctty(slave, fd);
-    if (retval)
-	return retval;
-    if (*fd < 0)
-	return PTY_OPEN_SLAVE_OPENFAIL;
-#endif
-
-    /* chmod and chown the slave. */
-    if (chmod(slave, 0))
-	return PTY_OPEN_SLAVE_CHMODFAIL;
-    if (chown(slave, 0, 0) == -1)
-	return PTY_OPEN_SLAVE_CHOWNFAIL;
-
-#ifdef HAVE_REVOKE
-    if (revoke(slave) < 0) {
-	return PTY_OPEN_SLAVE_REVOKEFAIL;
-    }
-#else /* !HAVE_REVOKE */
-#ifdef VHANG_FIRST
-    ptyint_vhangup();
-#endif
-#endif /* !HAVE_REVOKE */
-
-    /* Open the pty for real. */
-    retval = pty_open_ctty(slave, &tmpfd);
-#if defined(VHANG_FIRST) || defined(REVOKE_NEEDS_OPEN)
-    close(*fd);
-#endif
-    if (retval) {
-	*fd = -1;
-	return PTY_OPEN_SLAVE_OPENFAIL;
-    }
-    *fd = tmpfd;
-    retval = pty_initialize_slave(*fd);
-    if (retval)
-	return retval;
-    /* Make sure it's really our ctty. */
-    tmpfd = open("/dev/tty", O_RDWR|O_NDELAY);
-    if (tmpfd < 0) {
-	close(*fd);
-	*fd = -1;
-	return PTY_OPEN_SLAVE_NOCTTY;
-    }
-    close(tmpfd);
-    return 0;
-}
diff --git a/src/appl/libpty/pty-int.h b/src/appl/libpty/pty-int.h
deleted file mode 100644
index 3e7274f..0000000
--- a/src/appl/libpty/pty-int.h
+++ /dev/null
@@ -1,138 +0,0 @@
-/* Includes needed by libpty*/
-#ifndef __PTY_INT_H__
-#include <pty_err.h>
-#include <sys/types.h>
-
-#if defined(_AIX) && defined(_THREAD_SAFE)
-/* On AIX 4.3.3, both utmp.h and utmpx.h will define struct utmp_data,
-   and they'll define them differently, if _THREAD_SAFE is defined.
-
-   We don't actually care about this library being thread-safe, but
-   for various reasons we do use both versions of the interface at the
-   moment.
-
-   So trick the system headers into not "helping" us in that area.
-
-   This is an ugly hack, and shouldn't be needed.  Bleah.  */
-# undef _THREAD_SAFE
-#endif
-
-#include "autoconf.h"
-
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef __SCO__
-#include <sys/unistd.h>
-#endif
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
-
-#include <stdio.h>
-
-#ifdef HAVE_PTY_H
-#include <pty.h>
-#endif
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <sys/file.h>
-#include <sys/time.h>
-#include <ctype.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <pwd.h>
-
-#ifdef HAVE_SYS_LABEL_H
-/* only SunOS 4? */
-#include <sys/label.h>
-#include <sys/audit.h>
-#include <pwdadj.h>
-#endif
-
-#include <signal.h>
-
-#ifdef hpux
-#include <sys/ptyio.h>
-#endif
-#ifdef sysvimp
-#include <compat.h>
-#endif
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#ifdef HAVE_STREAMS
-#include <sys/stream.h>
-#include <sys/stropts.h>
-#endif
-
-#if defined(POSIX_TERMIOS) && !defined(ultrix)
-#include <termios.h>
-#else
-#include <sgtty.h>
-#endif
-
-#include "port-sockets.h"
-#include <string.h>
-#include <sys/param.h>
-
-#ifdef HAVE_UTIL_H
-#include <util.h>
-#endif
-
-#ifdef HAVE_STREAMS
-/* krlogin doesn't test sys/tty... */
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-
-
-
-#ifdef HAVE_SYS_PTYVAR_H
-/* Solaris actually uses packet mode, so the real macros are needed too */
-#include <sys/ptyvar.h>
-#endif
-#endif
-
-#if defined(HAVE_VHANGUP) && !defined(OPEN_CTTY_ONLY_ONCE) \
-	&& !defined(HAVE_REVOKE)
-/*
- * Breaks under Ultrix and others where you cannot get controlling
- * terminal twice.
- */
-#define VHANG_FIRST
-#define VHANG_LAST
-#endif
-
-#if defined(NEED_GETUTMPX_PROTOTYPE)
-extern void getutmpx (const struct utmp *, struct utmpx *);
-#endif
-
-#if defined(NEED_REVOKE_PROTO)
-extern int revoke(const char *);
-#endif
-
-/* Internal functions */
-long ptyint_void_association(void);
-long ptyint_open_ctty (char *slave, int *fd);
-long ptyint_getpty_ext(int *, char *, int, int);
-#ifdef HAVE_SETUTXENT
-long ptyint_update_wtmpx(struct utmpx *utx);
-#endif
-#if !(defined(WTMPX_FILE) && defined(HAVE_UPDWTMPX)) \
-	|| !defined(HAVE_SETUXENT)
-long ptyint_update_wtmp(struct utmp *ut);
-#endif
-void ptyint_vhangup(void);
-
-#define __PTY_INT_H__
-#endif
diff --git a/src/appl/libpty/pty_err.et b/src/appl/libpty/pty_err.et
deleted file mode 100644
index 770cce7..0000000
--- a/src/appl/libpty/pty_err.et
+++ /dev/null
@@ -1,50 +0,0 @@
-#
-# util/pty/pty_err.et
-#
-# Copyright 1995 by the Massachusetts Institute of Technology.
-# All Rights Reserved.
-#
-# 
-# Permission to use, copy, modify, and
-# distribute this software and its documentation for any purpose and
-# without fee is hereby granted, provided that the above copyright
-# notice appear in all copies and that both that copyright notice and
-# this permission notice appear in supporting documentation, and that
-# the name of M.I.T. not be used in advertising or publicity pertaining
-# to distribution of the software without specific, written prior
-# permission.  Furthermore if you modify this software you must label
-# your software as modified software and not distribute it in such a
-# fashion that it might be confused with the original M.I.T. software.
-# M.I.T. makes no representations about the suitability of
-# this software for any purpose.  It is provided "as is" without express
-# or implied warranty.
-# 
-
-# libpty--pty handling error table
-
-error_table pty
-
-error_code PTY_GETPTY_STREAMS, "Failed to unlock or grant streams pty."
-
-error_code PTY_GETPTY_FSTAT, "fstat of master pty failed"
-
-error_code PTY_GETPTY_NOPTY, "All terminal ports in use"
-
-error_code PTY_GETPTY_SLAVE_TOOLONG, "buffer to hold slave pty name is too short"
-
-error_code PTY_OPEN_SLAVE_OPENFAIL, "Failed to open slave side of pty"
-error_code PTY_OPEN_SLAVE_CHMODFAIL, "Failed to chmod slave side of pty"
-
-error_code PTY_OPEN_SLAVE_NOCTTY, "Unable to set controlling terminal"
-error_code PTY_OPEN_SLAVE_CHOWNFAIL, "Failed to chown slave side of pty"
-error_code PTY_OPEN_SLAVE_LINE_PUSHFAIL, "Call to line_push failed to push streams on slave pty"
-
-error_code PTY_OPEN_SLAVE_PUSH_FAIL, "Failed to push stream on slave side of pty"
-
-
-error_code PTY_OPEN_SLAVE_REVOKEFAIL, "Failed to revoke slave side of pty"
-
-error_code PTY_UPDATE_UTMP_PROCTYPE_INVALID, "bad process type passed to pty_update_utmp"
-error_code PTY_OPEN_SLAVE_TOOSHORT, "Slave pty name is zero-length"
-
-end
diff --git a/src/appl/libpty/pty_paranoia.c b/src/appl/libpty/pty_paranoia.c
deleted file mode 100644
index 18ef6e3..0000000
--- a/src/appl/libpty/pty_paranoia.c
+++ /dev/null
@@ -1,650 +0,0 @@
-/*
- * Copyright 2001 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-/*
- * A rant on the nature of pseudo-terminals:
- * -----------------------------------------
- *
- * Controlling terminals and job control:
- *
- * First, some explanation of job control and controlling terminals is
- * necessary for background.  This discussion applies to hardwired
- * terminals as well as ptys.  On most modern systems, all processes
- * belong to a process group.  A process whose process group id (pgid)
- * is the sames as its pid is the process group leader of its process
- * group.  Process groups belong to sessions.  On a modern system, a
- * process that is not currently a process group leader may create a
- * new session by calling setsid(), which makes it a session leader as
- * well as a process group leader, and also removes any existing
- * controlling terminal (ctty) association.  Only a session leader may
- * acquire a ctty.  It's not clear how systems that don't have
- * setsid() handle ctty acquisition, though probably any process group
- * leader that doesn't have a ctty may acquire one that way.
- *
- * A terminal that is a ctty has an associated foreground process
- * group, which is a member of the terminal's associated session.
- * This process group gets read/write access to the terminal and will
- * receive terminal-generated signals (e.g. SIGINT, SIGTSTP).  Process
- * groups belonging to the session but not in the foreground may get
- * signals that suspend them if they try to read/write from the ctty,
- * depending on various terminal settings.
- *
- * On many systems, the controlling process (the session leader
- * associated with a ctty) exiting will cause the session to lose its
- * ctty, even though some processes may continue to have open file
- * descriptors on the former ctty.  It is possible for a process to
- * have no file descriptors open on its controlling tty, but to
- * reacquire such by opening /dev/tty, as long as its session still
- * has a ctty.
- *
- * On ptys in general:
- *
- * Ptys have a slave side and a master side.  The slave side looks
- * like a hardwired serial line to the application that opens it;
- * usually, telnetd or rlogind, etc. opens the slave and hands it to
- * the login program as stdin/stdout/stderr.  The master side usually
- * gets the actual network traffic written to/from it.  Roughly, the
- * master and slave are two ends of a bidirectional pair of FIFOs,
- * though this can get complicated by other things.
- *
- * The master side of a pty is theoretically a single-open device.
- * This MUST be true on systems that have BSD-style ptys, since there
- * is usually no way to allocate an unused pty except by attempting to
- * open all the master pty nodes in the system.
- *
- * Often, but not always, the last close of a slave device will cause
- * the master to get an EOF.  Closing the master device will sometimes
- * cause the foreground process group of the slave to get a SIGHUP,
- * but that may depend on terminal settings.
- *
- * BSD ptys:
- *
- * On a BSD-derived system, the master nodes are named like
- * /dev/ptyp0, and the slave nodes are named like /dev/ttyp0.  The
- * last two characters are the variable ones, and a shell-glob type
- * pattern for a slave device is usually of the form
- * /dev/tty[p-z][0-9a-f], though variants are known to exist.
- *
- * System V cloning ptys:
- *
- * There is a cloning master device (usually /dev/ptmx, but the name
- * can vary) that gets opened.  Each open of the cloning master
- * results in an open file descriptor of a unique master device.  The
- * application calls ptsname() to find the pathname to the slave node.
- *
- * In theory, the slave side of the pty is locked out until the
- * process opening the master calls grantpt() to adjust permissions
- * and unlockpt() to unlock the slave.  It turns out that Unix98
- * doesn't require that the slave actually get locked out, or that
- * unlockpt() actually do anything on such systems.  At least AIX
- * allows the slave to be opened prior to calling unlockpt(), but most
- * other SysV-ish systems seem to actually lock out the slave.
- *
- * Pty security:
- *
- * It's not guaranteed on a BSD-ish system that a slave can't be
- * opened when the master isn't open.  It's even possible to acquire
- * the slave as a ctty (!) if the open is done as non-blocking.  It's
- * possible to open the master corresponding to an open slave, which
- * creates some security issues: once this master is open, data
- * written to the slave will actually pass to the master.
- *
- * On a SysV-ish system, the close of the master will invalidate any
- * open file descriptors on the slave.
- *
- * In general, there are two functions that can be used to "clean" a
- * pty slave, revoke() and vhangup().  revoke() will invalidate all
- * file descriptors open on a particular pathname (often this only
- * works on terminal devices), usually by invalidating the underlying
- * vnode.  vhangup() will send a SIGHUP to the foreground process
- * group of the control terminal.  On many systems, it also has
- * revoke() semantics.
- *
- * If a process acquires a controlling terminal in order to perform a
- * vhangup(), the reopen of the controlling terminal after the
- * vhangup() call should be done prior to the close of the file
- * descriptor used to initially acquire the controlling terminal,
- * since that will likely prevent the process on the master side from
- * reading a spurious EOF due to all file descriptors to the slave
- * being closed.
- *
- * Known quirks of various OSes:
- *
- * AIX 4.3.3:
- *
- * If the environment variable XPG_SUS_ENV is not equal to "ON", then
- * it's possible to open the slave prior to calling unlockpt().
- */
-
-/*
- * NOTE: this program will get reworked at some point to actually test
- * passing of data between master and slave, and to do general cleanup.
- *
- * This is rather complex, so it bears some explanation.
- *
- * There are multiple child processes and a parent process.  These
- * communicate via pipes (which we assume here to be unidirectional).
- * The pipes are:
- *
- * pp1 - parent -> any children
- *
- * p1p - any children -> parent
- *
- * p21 - only child2 -> child1
- *
- * A parent process will acquire a pty master and slave via
- * pty_getpty().  It will then fork a process, child1.  It then does a
- * waitpid() for child1, and then writes to child2 via syncpipe pp1.
- * It then reads from child3 via syncpipe p1p, then closes the
- * master.  It writes to child3 via syncpipe pp1 to indicate that it
- * has closed the master.  It then reads from child3 via syncpipe p1p
- * and exits with a value appropriate to what it read from child3.
- *
- * child1 will acquire the slave as its ctty and fork child2; child1
- * will exit once it reads from the syncpipe p21 from child2.
- *
- * child2 will set a signal handler for SIGHUP and then write to
- * child1 via syncpipe p21 to indicate that child2 has set up the
- * handler.  It will then read from the syncpipe pp1 from the parent
- * to confirm that the parent has seen child1 exit, and then checks to
- * see if it still has a ctty.  Under Unix98, and likely earlier
- * System V derivatives, the exiting of the session leader associated
- * with a ctty (in this case, child1) will cause the entire session to
- * lose its ctty.
- *
- * child2 will then check to see if it can reopen the slave, and
- * whether it has a ctty after reopening it.  This should fail on most
- * systems.
- *
- * child2 will then fork child3 and immediately exit.
- *
- * child3 will write to the syncpipe p1p and read from the syncpipe
- * pp1.  It will then check if it has a ctty and then attempt to
- * reopen the slave.  This should fail.  It will then write to the
- * parent via syncpipe p1p and exit.
- *
- * If this doesn't fail, child3 will attempt to write to the open
- * slave fd.  This should fail unless a prior call to revoke(),
- * etc. failed due to lack of permissions, e.g. NetBSD when running as
- * non-root.
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-#include <sys/wait.h>
-#include <stdlib.h>
-
-char *prog;
-int masterfd, slavefd;
-char slave[64], slave2[64];
-pid_t pid1, pid2, pid3;
-int status1, status2;
-int pp1[2], p1p[2], p21[2];
-
-void handler(int);
-void rdsync(int, int *, const char *);
-void wrsync(int, int, const char *);
-void testctty(const char *);
-void testex(int, const char *);
-void testwr(int, const char *);
-void child1(void);
-void child2(void);
-void child3(void);
-
-void
-handler(int sig)
-{
-    printf("pid %ld got signal %d\n", (long)getpid(), sig);
-    fflush(stdout);
-    return;
-}
-
-void
-rdsync(int fd, int *status, const char *caller)
-{
-    int n;
-    char c;
-
-#if 0
-    printf("rdsync: %s: starting\n", caller);
-    fflush(stdout);
-#endif
-    while ((n = read(fd, &c, 1)) < 0) {
-	if (errno != EINTR) {
-	    fprintf(stderr, "rdsync: %s", caller);
-	    perror("");
-	    exit(1);
-	} else {
-	    printf("rdsync: %s: got EINTR; looping\n", caller);
-	    fflush(stdout);
-	}
-    }
-    if (!n) {
-	fprintf(stderr, "rdsync: %s: unexpected EOF\n", caller);
-	exit(1);
-    }
-    printf("rdsync: %s: got sync byte\n", caller);
-    fflush(stdout);
-    if (status != NULL)
-	*status = c;
-}
-
-void
-wrsync(int fd, int status, const char *caller)
-{
-    int n;
-    char c;
-
-    c = status;
-    while ((n = write(fd, &c, 1)) < 0) {
-	if (errno != EINTR) {
-	    fprintf(stderr, "wrsync: %s", caller);
-	    perror("");
-	    exit(1);
-	} else {
-	    printf("wrsync: %s: got EINTR; looping\n", caller);
-	    fflush(stdout);
-	}
-    }
-#if 0
-    printf("wrsync: %s: sent sync byte\n", caller);
-#endif
-    fflush(stdout);
-}
-
-void
-testctty(const char *caller)
-{
-    int fd;
-
-    fd = open("/dev/tty", O_RDWR|O_NONBLOCK);
-    if (fd < 0) {
-	printf("%s: no ctty\n", caller);
-    } else {
-	printf("%s: have ctty\n", caller);
-    }
-}
-
-void
-testex(int fd, const char *caller)
-{
-    fd_set rfds, xfds;
-    struct timeval timeout;
-    int n;
-    char c;
-
-    timeout.tv_sec = 0;
-    timeout.tv_usec = 0;
-    FD_ZERO(&rfds);
-    FD_ZERO(&xfds);
-    FD_SET(fd, &rfds);
-    FD_SET(fd, &xfds);
-
-    n = select(fd + 1, &rfds, NULL, &xfds, &timeout);
-    if (n < 0) {
-	fprintf(stderr, "testex: %s: ", caller);
-	perror("select");
-    }
-    if (n) {
-	if (FD_ISSET(fd, &rfds) || FD_ISSET(fd, &xfds)) {
-	    n = read(fd, &c, 1);
-	    if (!n) {
-		printf("testex: %s: got EOF\n", caller);
-		fflush(stdout);
-		return;
-	    } else if (n == -1) {
-		printf("testex: %s: got errno=%ld (%s)\n",
-		       caller, (long)errno, strerror(errno));
-	    } else {
-		printf("testex: %s: read 1 byte!?\n", caller);
-	    }
-	}
-    } else {
-	printf("testex: %s: no exceptions or readable fds\n", caller);
-    }
-}
-
-void
-testwr(int fd, const char *caller)
-{
-    fd_set wfds;
-    struct timeval timeout;
-    int n;
-
-    timeout.tv_sec = 0;
-    timeout.tv_usec = 0;
-    FD_ZERO(&wfds);
-    FD_SET(fd, &wfds);
-
-    n = select(fd + 1, NULL, &wfds, NULL, &timeout);
-    if (n < 0) {
-	fprintf(stderr, "testwr: %s: ", caller);
-	perror("select");
-    }
-    if (n) {
-	if (FD_ISSET(fd, &wfds)) {
-	    printf("testwr: %s: is writable\n", caller);
-	    fflush(stdout);
-	}
-    }
-}
-
-
-void
-child3(void)
-{
-    int n;
-
-    ptyint_void_association();
-    slavefd = open(slave, O_RDWR|O_NONBLOCK);
-    if (slavefd < 0) {
-	wrsync(p1p[1], 1, "[02] child3->parent");
-	printf("child3: failed reopen of slave\n");
-	fflush(stdout);
-	exit(1);
-    }
-#ifdef TIOCSCTTY
-    ioctl(slavefd, TIOCSCTTY, 0);
-#endif
-
-    printf("child3: reopened slave\n");
-    testctty("child3: after reopen of slave");
-    testwr(slavefd, "child3: after reopen of slave");
-    testex(slavefd, "child3: after reopen of slave");
-    close(slavefd);
-    testctty("child3: after close of slave");
-
-    /*
-     * Sync for parent to close master.
-     */
-    wrsync(p1p[1], 0, "[02] child3->parent");
-    rdsync(pp1[0], NULL, "[03] parent->child3");
-
-    testctty("child3: after close of master");
-    printf("child3: attempting reopen of slave\n");
-    fflush(stdout);
-    slavefd = open(slave, O_RDWR|O_NONBLOCK);
-    if (slavefd < 0) {
-	printf("child3: failed reopen of slave after master close: "
-	       "errno=%ld (%s)\n", (long)errno, strerror(errno));
-	wrsync(p1p[1], 0, "[04] child3->parent");
-	fflush(stdout);
-	exit(0);
-    }
-    if (fcntl(slavefd, F_SETFL, 0) == -1) {
-	perror("child3: fcntl");
-	wrsync(p1p[1], 2, "[04] child3->parent");
-	exit(1);
-    }
-#ifdef TIOCSCTTY
-    ioctl(slavefd, TIOCSCTTY, 0);
-#endif
-    printf("child3: reopened slave after master close\n");
-    testctty("child3: after reopen of slave after master close");
-    testwr(slavefd, "child3: after reopen of slave after master close");
-    testex(slavefd, "child3: after reopen of slave after master close");
-    n = write(slavefd, "foo", 4);
-    if (n < 0) {
-	printf("child3: writing to slave of closed master: errno=%ld (%s)\n",
-	       (long)errno, strerror(errno));
-	wrsync(p1p[1], 1, "[04] child3->parent");
-    } else {
-	printf("child3: wrote %d byes to slave of closed master\n", n);
-	fflush(stdout);
-	wrsync(p1p[1], 2, "[04] child3->parent");
-    }
-    rdsync(pp1[0], NULL, "[05] parent->child3");
-    testex(slavefd, "child3: after parent reopen of master");
-    testwr(slavefd, "child3: after parent reopen of master");
-    fflush(stdout);
-    n = write(slavefd, "bar", 4);
-    if (n < 0) {
-	perror("child3: writing to slave");
-    } else {
-	printf("child3: wrote %d bytes to slave\n", n);
-	fflush(stdout);
-    }
-    wrsync(p1p[1], 0, "[06] child3->parent");
-    rdsync(pp1[0], NULL, "[07] parent->child3");
-    wrsync(p1p[1], 0, "[08] child3->parent");
-    exit(0);
-}
-
-void
-child2(void)
-{
-    struct sigaction sa;
-
-    close(p21[0]);
-    setpgid(0, 0);
-    sa.sa_flags = 0;
-    sigemptyset(&sa.sa_mask);
-    sa.sa_handler = handler;
-    if (sigaction(SIGHUP, &sa, NULL) < 0) {
-	wrsync(p21[1], 1, "[00] child2->child1");
-	perror("child2: sigaction");
-	fflush(stdout);
-	exit(1);
-    }
-    printf("child2: set up signal handler\n");
-    testctty("child2: after start");
-    testwr(slavefd, "child2: after start");
-    wrsync(p21[1], 0, "[00] child2->child1");
-    rdsync(pp1[0], NULL, "[01] parent->child2");
-
-    testctty("child2: after child1 exit");
-    testex(slavefd, "child2: after child1 exit");
-    testwr(slavefd, "child2: after child1 exit");
-    close(slavefd);
-    testctty("child2: after close of slavefd");
-    slavefd = open(slave, O_RDWR|O_NONBLOCK);
-    if (slavefd < 0) {
-	wrsync(p1p[1], 1, "[02] child2->parent");
-	printf("child2: failed reopen of slave\n");
-	fflush(stdout);
-	exit(1);
-    }
-#ifdef TIOCSCTTY
-    ioctl(slavefd, TIOCSCTTY, 0);
-#endif
-    printf("child2: reopened slave\n");
-    testctty("child2: after reopen of slave");
-    fflush(stdout);
-    close(slavefd);
-    pid3 = fork();
-    if (!pid3) {
-	child3();
-    } else if (pid3 == -1) {
-	wrsync(p1p[1], 1, "[02] child2->parent");
-	perror("child2: fork of child3");
-	exit(1);
-    }
-    printf("child2: forked child3=%ld\n", (long)pid3);
-    fflush(stdout);
-    exit(0);
-}
-
-void
-child1(void)
-{
-    int status;
-
-#if 0
-    setuid(1);
-#endif
-    close(pp1[1]);
-    close(p1p[0]);
-    close(masterfd);
-    ptyint_void_association();
-    slavefd = open(slave, O_RDWR|O_NONBLOCK);
-    if (slavefd < 0) {
-	perror("child1: open slave");
-	exit(1);
-    }
-#ifdef TIOCSCTTY
-    ioctl(slavefd, TIOCSCTTY, 0);
-#endif
-
-    printf("child1: opened slave\n");
-    testctty("child1: after slave open");
-
-    if (pipe(p21) < 0) {
-	perror("pipe child2->child1");
-	exit(1);
-    }
-    pid2 = fork();
-    if (!pid2) {
-	child2();
-    } else if (pid2 == -1) {
-	perror("child1: fork child2");
-	exit(1);
-    }
-    close(p21[1]);
-    printf("child1: forked child2=%ld\n", (long)pid2);
-    fflush(stdout);
-    rdsync(p21[0], &status, "[00] child2->child1");
-    exit(status);
-}
-
-int
-main(int argc, char *argv[])
-{
-    long retval;
-    int status;
-    char buf[4];
-    int n;
-
-    prog = argv[0];
-
-    printf("parent: pid=%ld\n", (long)getpid());
-
-    retval = ptyint_getpty_ext(&masterfd, slave, sizeof(slave), 0);
-
-    if (retval) {
-	com_err(prog, retval, "open master");
-	exit(1);
-    }
-#if 0
-    chown(slave, 1, -1);
-#endif
-    printf("parent: master opened; slave=%s\n", slave);
-    fflush(stdout);
-
-#if defined(HAVE_GRANTPT) && defined(HAVE_STREAMS)
-#ifdef O_NOCTTY
-    printf("parent: attempting to open slave before unlockpt\n");
-    fflush(stdout);
-    slavefd = open(slave, O_RDWR|O_NONBLOCK|O_NOCTTY);
-    if (slavefd < 0) {
-	printf("parent: failed slave open before unlockpt errno=%ld (%s)\n",
-	       (long)errno, strerror(errno));
-    } else {
-	printf("parent: WARNING: "
-	       "succeeded in opening slave before unlockpt\n");
-    }
-    close(slavefd);
-#endif
-    if (grantpt(masterfd) < 0) {
-	perror("parent: grantpt");
-	exit(1);
-    }
-    if (unlockpt(masterfd) < 0) {
-	perror("parent: unlockpt");
-	exit(1);
-    }
-#endif /* HAVE_GRANTPT && HAVE_STREAMS */
-
-    if (pipe(pp1) < 0) {
-	perror("pipe parent->child1");
-	exit(1);
-    }
-    if (pipe(p1p) < 0) {
-	perror("pipe child1->parent");
-	exit(1);
-    }
-
-    pid1 = fork();
-    if (!pid1) {
-	child1();
-    } else if (pid1 == -1) {
-	perror("fork of child1");
-	exit(1);
-    }
-    printf("parent: forked child1=%ld\n", (long)pid1);
-    fflush(stdout);
-    if (waitpid(pid1, &status1, 0) < 0) {
-	perror("waitpid for child1");
-	exit(1);
-    }
-    printf("parent: child1 exited, status=%d\n", status1);
-    if (status1)
-	exit(status1);
-
-    wrsync(pp1[1], 0, "[01] parent->child2");
-    rdsync(p1p[0], &status, "[02] child3->parent");
-    if (status) {
-	fprintf(stderr, "child2 or child3 got an error\n");
-	exit(1);
-    }
-
-    printf("parent: closing master\n");
-    fflush(stdout);
-    close(masterfd);
-    chmod(slave, 0666);
-    printf("parent: closed master\n");
-    wrsync(pp1[1], 0, "[03] parent->child3");
-
-    rdsync(p1p[0], &status, "[04] child3->parent");
-    switch (status) {
-    case 1:
-	break;
-    case 0:
-	exit(0);
-    default:
-	fprintf(stderr, "child3 got an error\n");
-	fflush(stdout);
-	exit(1);
-    }
-
-    retval = pty_getpty(&masterfd, slave2, sizeof(slave2));
-    printf("parent: new master opened; slave=%s\n", slave2);
-#if 0
-#ifdef HAVE_REVOKE
-    printf("parent: revoking\n");
-    revoke(slave2);
-#endif
-#endif
-    fflush(stdout);
-    wrsync(pp1[1], 0, "[05] parent->child3");
-    rdsync(p1p[0], NULL, "[06] child3->parent");
-
-    n = read(masterfd, buf, 4);
-    if (n < 0) {
-	perror("parent: reading from master");
-    } else {
-	printf("parent: read %d bytes (%.*s) from master\n", n, n, buf);
-	fflush(stdout);
-    }
-    chmod(slave2, 0666);
-    close(masterfd);
-    wrsync(pp1[1], 0, "[07] parent->child3");
-    rdsync(p1p[0], NULL, "[08] child3->parent");
-    fflush(stdout);
-    exit(0);
-}
diff --git a/src/appl/libpty/sane_hostname.c b/src/appl/libpty/sane_hostname.c
deleted file mode 100644
index 46ac842..0000000
--- a/src/appl/libpty/sane_hostname.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * pty_make_sane_hostname: Make a sane hostname from an IP address.
- * This returns allocated memory!
- *
- * Copyright 1999, 2000, 2001 by the Massachusetts Institute of
- * Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-#include "com_err.h"
-#include "pty-int.h"
-#include <sys/socket.h>
-#include "libpty.h"
-#include <arpa/inet.h>
-
-#include "socket-utils.h"
-#include "fake-addrinfo.h"
-
-static void
-downcase (char *s)
-{
-    for (; *s != '\0'; s++)
-	*s = tolower ((int) *s);
-}
-
-long
-pty_make_sane_hostname(const struct sockaddr *addr, int maxlen,
-		       int strip_ldomain, int always_ipaddr, char **out)
-{
-    struct addrinfo *ai = 0;
-    char addrbuf[NI_MAXHOST];
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    struct utmp ut;
-#else
-    struct utmpx utx;
-#endif
-    char *cp, *domain;
-    char lhost[MAXHOSTNAMELEN];
-    size_t ut_host_len;
-
-    /* Note that on some systems (e.g., AIX 4.3.3), we may get an IPv6
-       address such as ::FFFF:18.18.1.71 when an IPv4 connection comes
-       in.  That's okay; at least on AIX, getnameinfo will deal with
-       that properly.  */
-
-    *out = NULL;
-    if (maxlen && maxlen < 16)
-	/* assume they meant 16, otherwise IPv4 addr won't fit */
-	maxlen = 16;
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    ut_host_len = sizeof (ut.ut_host);
-#else
-    ut_host_len = sizeof (utx.ut_host);
-#endif
-    if (maxlen == 0)
-	maxlen = ut_host_len;
-    *out = malloc(ut_host_len);
-    if (*out == NULL)
-	return ENOMEM;
-
-    if (always_ipaddr) {
-    use_ipaddr:
-	if (getnameinfo (addr, socklen (addr), addrbuf, sizeof (addrbuf),
-			 (char *)0, 0, NI_NUMERICHOST) == 0)
-	    strncpy(*out, addrbuf, ut_host_len);
-	else
-	    strncpy(*out, "??", ut_host_len);
-	(*out)[ut_host_len - 1] = '\0';
-	return 0;
-    }
-
-    /* If we didn't want to chop off the local domain, this would be
-       much simpler -- just a single getnameinfo call and a strncpy.  */
-    if (getnameinfo(addr, socklen (addr), addrbuf, sizeof (addrbuf),
-		    (char *) NULL, 0, NI_NAMEREQD) != 0)
-	goto use_ipaddr;
-    downcase (addrbuf);
-    if (strip_ldomain) {
-	struct addrinfo hints;
-	(void) gethostname(lhost, sizeof (lhost));
-	memset (&hints, 0, sizeof (hints));
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_flags = AI_CANONNAME;
-	if (getaddrinfo(lhost, (char *)NULL, &hints, &ai) == 0
-	    && ai != NULL) {
-		if (ai->ai_canonname != NULL) {
-			downcase (ai->ai_canonname);
-			domain = strchr (ai->ai_canonname, '.');
-			if (domain != NULL) {
-				cp = strstr (addrbuf, domain);
-				if (cp != NULL)
-					*cp = '\0';
-			}
-		}
-		freeaddrinfo (ai);
-	}
-    }
-    strncpy(*out, addrbuf, ut_host_len);
-    (*out)[ut_host_len - 1] = '\0';
-    if (strlen(*out) >= maxlen)
-	goto use_ipaddr;
-    return 0;
-}
diff --git a/src/appl/libpty/update_utmp.c b/src/appl/libpty/update_utmp.c
deleted file mode 100644
index bec57fa..0000000
--- a/src/appl/libpty/update_utmp.c
+++ /dev/null
@@ -1,724 +0,0 @@
-/*
- * pty_update_utmp: Update or create a utmp entry
- *
- * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-/*
- * Rant about the historical vagaries of utmp:
- * -------------------------------------------
- *
- * There exist many subtly incompatible incarnations of utmp, ranging
- * from BSD to System V to Unix98 and everywhere in between.  This
- * rant attempts to collect in one place as much knowledge as possible
- * about this portability nightmare.
- *
- * BSD:
- * ----
- *
- * The simplest (and earliest? possibly dating back to Version 7...)
- * case is 4.x BSD utmp/wtmp.  There are no auxiliary files.  There is
- * only a struct utmp, declared in utmp.h.  Its contents usually
- * include:
- *
- *	char ut_line[]
- *	char ut_name[]
- *	char ut_host[]
- *	long ut_time
- *
- * The meanings of these fields follow their names reasonbly well.
- * The ut_line field usually is the pathname of the tty device
- * associated with the login, with the leading "/dev/" stripped off.
- *
- * It is believed that ut_host is nul-terminated, while the other
- * strings are merely nul-padded.
- *
- * Generally, ut_name is an empty string for a logout record in both
- * utmp and wtmp.  For entries made by the window system or other
- * terminal emulation stuff, ut_host is an empty string (at least
- * under SunOS 4.x, it seems).  The macro nonuser() is used to
- * determine this if a utmp entry is made by the window system on at
- * least SunOS 4.x.
- *
- * The native login never clears its own utmp entry or writes its own
- * logout record; its parent (one of init, rlogind, telnetd, etc.)
- * should handle that.  In theory, getty could do that, but getty
- * usually doesn't fork to exec login.
- *
- * Old (c. 1984) System V:
- * -----------------------
- *
- * This is partially conjecture, based on some reading of
- * /usr/xpg2include/utmp.h on a SunOS 4.x system.  There appears to
- * only be a struct utmp, declared in utmp.h.  It is likely used for
- * both utmp and wtmp files.  It is quite likely that the utmp is only
- * supposed to be accessed via the getutline()/pututline() API.  The
- * contents of struct utmp seem to include:
- *
- *	char	ut_user[]
- *	char	ut_id[]
- *	char	ut_line[]
- *	short	ut_pid
- *	short	ut_type
- *	struct exit_status ut_exit
- *	time_t	ut_time
- *
- * On these systems, ut_name is often #define'ed to be ut_user to be
- * somewhat compatible with the BSD-style utmp.  Note that there is
- * not necessarily a ut_host field in this utmp structure.
- *
- * The ut_id field bears some explanation.  The systems that use this
- * style of utmp also use a sysV-ish init, which starts processes out
- * of /etc/inittab rather than /etc/ttys, and has the concept of
- * runlevels.  The first field in each line of /etc/inittab contains a
- * unique ID field.  init probably gets really confused if there are
- * conflicts here.  Every process that init starts gets its own entry
- * written to utmp.
- *
- * It is possible for multiple entries to have the same ut_line but
- * different ut_id values, since the sysadmin will be responsible for
- * assigning values to ut_id.  Usually, ut_id is four characters,
- * while the permissible unique ID values for entries in /etc/inittab
- * are constrained to two characters, but this is not always the
- * case.  In the case where we are emulating the vendor's login
- * program and being run out of getty, we need to account for which
- * value of ut_id was used by the getty, since pututline() will search
- * based on ut_id and not ut_line for some reason.
- *
- * The ut_pid and ut_type fields are used for bookkeeping by init.
- * The ut_type field gets the value INIT_PROCESS for processes started
- * by init.  It gets the value LOGIN_PROCESS if it is a process that
- * is prompting for a login name, and it gets the value USER_PROCESS
- * for an actual valid login.  When the process dies, either init
- * cleans up after it and records a DEAD_PROCESS entry in utmp, or the
- * process itself does so.  It's not completely clear which actually
- * happens, though it is quite possible that init only cleans up after
- * processes that it starts itself.
- *
- * Other values of ut_type exist; they're largely internal bookkeeping
- * for init's runlevels and such, and don't really interest this
- * library at all.
- *
- * The ut_exit field contains the following members:
- *
- *	short	e_termination
- *	short	e_exit
- *
- * It is not clear how these values are used; presumably they record
- * the process termination status of dead processes.
- *
- * There is no uniform API for manipulating wtmp on systems that use
- * this sort of utmp structure; it can be assumed that the structure
- * can be directly written to the wtmp file.
- *
- * Unix98:
- * -------
- *
- * This description also likely applies to later System V derivatives
- * as well as systems conforming to earlier X/Open standards such as
- * XPG4.  There is a new header, utmpx.h, which defines a struct utmpx
- * and a new getutxline()/pututxline() API for accessing it.  Some
- * systems actually have a utmpx file on disk; others use the utmpx
- * API to access a file named utmp, just to further confuse matters.
- *
- * The utmpx structure is guaranteed (by Unix98) to contain at least
- * the following:
- *
- *	char	ut_user[]
- *	char	ut_line[]
- *	char	ut_id[]
- *	pid_t	ut_pid
- *	short	ut_type
- *	struct timeval ut_tv
- *
- * It is not guaranteed to contain, but often does contain, the
- * following:
- *
- *	char	ut_host[]
- *	int	ut_syslen
- *	int	ut_session
- *	struct exit_status ut_exit
- *
- * The ut_syslen field, on systems that contain it, contains the
- * number of significant characters in ut_host, including the
- * terminating nul character.
- *
- * The main difference between this struct utmpx and the struct utmp
- * used by early sysV derivatives is the change from a time_t or long
- * for ut_time to a struct timeval for ut_tv.
- *
- * Comments in various header files imply that ut_session is used for
- * window systems, but it's not clear how.  Perhaps it contains the
- * session ID of the session running the window system, e.g. the xdm
- * or X server on an X11 system.
- *
- * Most of the description of the earlier sysV format probably applies
- * here, with suitable changes of names.  On systems that maintain
- * utmpx and utmp files in parallel, it is assumed that using the
- * pututxline() API is sufficient to keep them in sync.  There are no
- * known counterexamples to this.
- *
- * Nevertheless, there are, on some systems, API functions getutmp()
- * and getutmpx() that appear to convert from struct utmpx to struct
- * utmp and vice versa.  This could be useful when there is a wtmp
- * file but not a corresponding wtmpx file.
- *
- * Incidentally, ut_exit is sometimes present in the struct utmp but
- * not the struct utmpx for a given system.  Sometimes, it exists in
- * both, but contains differently named members.  It's probably one of
- * the least portable pieces in this whole mess.
- *
- * Known Quirks of Specific OSes:
- * ------------------------------
- *
- * Solaris 2.x:
- *
- * Has utmpd, which will automatically clean up utmpx, utmp, wtmpx,
- * wtmp after process termination, provided that pututxline() was
- * used.
- *
- * Solaris 8 seems to have a bug in utmpname() that causes
- * garbage filenames to be generated.  Solaris 7 (and possibly Solaris
- * 8) have a bug in utmpxname() that prevents them from looking at
- * anything other than /var/adm/utmpx, it seems.  For some reason,
- * though, utmpname() goes and looks at the corresponding utmpx file.
- *
- * Solaris 7 (and may be 8 as well) has a bug in pututline() that
- * interacts badly with prior invocation of getutline(): if
- * getutline() finds an entry, calling pututline() without first
- * calling setutent() will overwrite the record following the one that
- * was intended.
- *
- * Also, ut_exit in utmpx contains ut_e_termination and
- * ut_e_exit (otherwise it contains the expected e_termination and
- * e_exit) only if _XPG4_2 is defined and __EXTENSIONS__ is not, which
- * is not a compilation environment we're likely to encourage.  The
- * ut_exit field of utmp contains the expected fields.
- *
- * If _XPG4_2 is not defined or __EXTENSIONS__ is defined, the
- * functions getutmp(), getutmpx(), updwtmp(), and updwtmpx() are
- * available, as well as the undocumented functions makeutx() and
- * modutx().
- *
- * All the files utmp, utmpx, wtmp, and wtmpx exist.
- *
- * HP-UX 10.x:
- *
- * There is a curious interaction between how we allocate pty masters
- * and how ttyname() works.  It seems that if /dev/ptmx/clone is
- * opened, a call to ptsname() on the master fd gets a filename of the
- * form /dev/pty/tty[pqrs][0-9a-f], while ttyname() called on a fd
- * opened with that filename returns a filename of the form
- * /dev/tty[pqrs][0-9a-f] instead.  These two filenames are actually
- * hardlinks to the same special device node, so it shouldn't be a
- * security problem.
- *
- * We can't call ttyname() in the parent because it would involve
- * possibly acquiring a controlling terminal (which would be
- * potentially problematic), so we have to resort to some trickery in
- * order to ensure that the ut_line in the wtmp logout and login
- * records match.  If they don't match, various utilities such as last
- * will get confused.  Of course it's likely an OS bug that ttyname()
- * and ptsname() are inconsistent in this way, but it's one that isn't
- * too painful to work around.
- *
- * It seems that the HP-UX native telnetd has problems similar to ours
- * in this area, though it manages to write the correct logout record
- * to wtmp somehow.  It probably does basically what we do here:
- * search for a record with a matching ut_pid and grab its ut_line for
- * writing into the logout record.  Interestingly enough, its
- * LOGIN_PROCESS record is of the form pty/tty[pqrs][0-9][a-f].
- *
- * Uses four-character unique IDs for /etc/inittab, which means that
- * programs not running out of init should use two-character ut_id
- * fields to avoid conflict.
- *
- * In utmpx, ut_exit contains __e_termination and __e_exit, while
- * ut_exit in utmp contains the expected fields.
- *
- * There is no wtmpx file, despite there being utmp and utmpx files.
- *
- * HP-UX 11.23:
- *
- * In addition to other HP-UX issues, 11.23 includes yet another utmp
- * management interface in utmps.h.  This interface updates a umtpd
- * daemon which then manages local files.  Directly accessing the files
- * through the existing, yet deprecated, utmp.h interface results in
- * nothing.
- *
- * Irix 6.x:
- *
- * In utmpx, ut_exit contains __e_termination and __e_exit, which get
- * #define aliases e_termination and e_exit if _NO_XOPEN4 is true.
- * Curiously enough, utmp.h declares ut_exit to have __e_termination
- * and __e_exit as well, but does #define e_termination
- * __e_termination, etc. if another header (utmpx.h) hasn't already
- * declared struct __exit_status.  It seems that the default
- * compilation environment has the effect of making _NO_XOPEN4 true
- * though.
- *
- * If _NO_XOPEN4 is true, getutmp(), getutmpx(), updwtmp(), and
- * updwtmpx() are available, as well as the undocumented functions
- * makeutx() and modutx().
- *
- * All the files utmp, utmpx, wtmp, and wtmpx exist.
- *
- * Tru64 Unix 4.x:
- *
- * In utmpx, ut_exit contains ut_termination and ut_exit, while utmp
- * contains the expected fields.  The files utmp and wtmp seem to
- * exist, but not utmpx or wtmpx.
- *
- * When writing a logout entry, the presence of a non-empty username
- * confuses last.
- *
- * AIX 4.3.x:
- *
- * The ut_exit field seems to exist in utmp, but not utmpx. The files
- * utmp and wtmp seem to exist, but not utmpx, or wtmpx.
- *
- * libpty Implementation Decisions:
- * --------------------------------
- *
- * We choose to use the pututxline() whenever possible, falling back
- * to pututline() and calling write() to write out struct utmp if
- * necessary.  The code to handle pututxline() and pututline() is
- * rather similar, since the structure members are quite similar, and
- * we make the assumption that it will never be necessary to call
- * both.  This allows us to avoid duplicating lots of code, by means
- * of some slightly demented macros.
- *
- * If neither pututxline() nor pututline() are available, we assume
- * BSD-style utmp files and behave accordingly, writing the structure
- * out to disk ourselves.
- *
- * On systems where updwtmpx() or updwtmp() are available, we use
- * those to update the wtmpx or wtmp file.  When they're not
- * available, we write the utmpx or utmp structure out to disk
- * ourselves, though sometimes conversion from utmpx to utmp format is
- * needed.
- *
- * We assume that at logout the system is ok with with having an empty
- * username both in utmp and wtmp.
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-#include "k5-platform.h"
-
-#if !defined(UTMP_FILE) && defined(_PATH_UTMP)
-#define UTMP_FILE _PATH_UTMP
-#endif
-
-/* if it is *still* missing, assume SunOS */
-#ifndef UTMP_FILE
-#define	UTMP_FILE	"/etc/utmp"
-#endif
-
-/*
- * The following grossness exists to avoid duplicating lots of code
- * between the cases where we have an old-style sysV utmp and where we
- * have a modern (Unix98 or XPG4) utmpx, or the new (hp-ux 11.23) utmps.
- * See the above history rant for further explanation.
- */
-#if defined(HAVE_SETUTXENT) || defined(HAVE_SETUTENT) || defined(HAVE_SETUTSENT)
-#ifdef HAVE_SETUTSENT
-#include <utmps.h>
-#define PTY_STRUCT_UTMPX struct utmps
-#define PTY_SETUTXENT setutsent
-#define PTY_GETUTXENT GETUTSENT
-#define PTY_GETUTXLINE GETUTSLINE
-#define PTY_PUTUTXLINE PUTUTSLINE
-#define PTY_ENDUTXENT endutsent
-#else
-#ifdef HAVE_SETUTXENT
-#define PTY_STRUCT_UTMPX struct utmpx
-#define PTY_SETUTXENT setutxent
-#define PTY_GETUTXENT getutxent
-#define PTY_GETUTXLINE getutxline
-#define PTY_PUTUTXLINE pututxline
-#define PTY_ENDUTXENT endutxent
-#else
-#define PTY_STRUCT_UTMPX struct utmp
-#define PTY_SETUTXENT setutent
-#define PTY_GETUTXENT getutent
-#define PTY_GETUTXLINE getutline
-#define PTY_PUTUTXLINE pututline
-#define PTY_ENDUTXENT endutent
-#endif
-#endif
-static int better(const PTY_STRUCT_UTMPX *, const PTY_STRUCT_UTMPX *,
-		  const PTY_STRUCT_UTMPX *);
-static int match_pid(const PTY_STRUCT_UTMPX *,
-		     const PTY_STRUCT_UTMPX *);
-static PTY_STRUCT_UTMPX *best_utxent(const PTY_STRUCT_UTMPX *);
-
-/*
- * Utility function to determine whether A is a better match for
- * SEARCH than B.  Should only be called by best_utxent().
- */
-static int
-better(const PTY_STRUCT_UTMPX *search,
-       const PTY_STRUCT_UTMPX *a, const PTY_STRUCT_UTMPX *b)
-{
-    if (strncmp(search->ut_id, b->ut_id, sizeof(b->ut_id))) {
-	if (!strncmp(search->ut_id, a->ut_id, sizeof(a->ut_id))) {
-	    return 1;
-	}
-    }
-
-    if (strncmp(a->ut_id, b->ut_id, sizeof(b->ut_id))) {
-	/* Got different UT_IDs; find the right one. */
-	if (!strncmp(search->ut_id, b->ut_id, sizeof(b->ut_id))) {
-	    /* Old entry already matches; use it. */
-	    return 0;
-	}
-	if (a->ut_type == LOGIN_PROCESS
-	    && b->ut_type != LOGIN_PROCESS) {
-	    /* Prefer LOGIN_PROCESS */
-	    return 1;
-	}
-	if (search->ut_type == DEAD_PROCESS
-	    && a->ut_type == USER_PROCESS
-	    && b->ut_type != USER_PROCESS) {
-	    /*
-	     * Try USER_PROCESS if we're entering a DEAD_PROCESS.
-	     */
-	    return 1;
-	}
-	return 0;
-    } else {
-	/*
-	 * Bad juju.  We shouldn't get two entries with identical
-	 * ut_id fields for the same value of ut_line.  pututxline()
-	 * will probably pick the first entry, in spite of the strange
-	 * state of utmpx, if we rewind with setutxent() first.
-	 *
-	 * For now, return 0, to force the earlier entry to be used.
-	 */
-	return 0;
-    }
-}
-
-static int
-match_pid(const PTY_STRUCT_UTMPX *search, const PTY_STRUCT_UTMPX *u)
-{
-    if (u->ut_type != LOGIN_PROCESS && u->ut_type != USER_PROCESS)
-	return 0;
-    if (u->ut_pid == search->ut_pid) {
-	/*
-	 * One of ut_line or ut_id should match, else some nastiness
-	 * may result.  We can fall back to searching by ut_line if
-	 * need be.  This should only really break if we're login.krb5
-	 * running out of getty, or we're cleaning up after the vendor
-	 * login, and either the vendor login or the getty has
-	 * different ideas than we do of what both ut_id and ut_line
-	 * should be.  It should be rare, though.  We may want to
-	 * remove this restriction later.
-	 */
-	if (!strncmp(u->ut_line, search->ut_line, sizeof(u->ut_line)))
-	    return 1;
-	if (!strncmp(u->ut_id, search->ut_id, sizeof(u->ut_id)))
-	    return 1;
-    }
-    return 0;
-}
-
-/*
- * This expects to be called with SEARCH pointing to a struct utmpx
- * with its ut_type equal to USER_PROCESS or DEAD_PROCESS, since if
- * we're making a LOGIN_PROCESS entry, we presumably don't care about
- * preserving existing state.  At the very least, the ut_pid, ut_line,
- * ut_id, and ut_type fields must be filled in by the caller.
- */
-static PTY_STRUCT_UTMPX *
-best_utxent(const PTY_STRUCT_UTMPX *search)
-{
-    PTY_STRUCT_UTMPX utxtmp, *utxp;
-    int i, best;
-
-    memset(&utxtmp, 0, sizeof(utxtmp));
-
-    /*
-     * First, search based on pid, but only if non-zero.
-     */
-    if (search->ut_pid) {
-	i = 0;
-	PTY_SETUTXENT();
-	while ((utxp = PTY_GETUTXENT()) != NULL) {
-	    if (match_pid(search, utxp)) {
-		return utxp;
-	    }
-	    i++;
-	}
-    }
-    /*
-     * Uh-oh, someone didn't enter our pid.  Try valiantly to search
-     * by terminal line.
-     */
-    i = 0;
-    best = -1;
-    PTY_SETUTXENT();
-    while ((utxp = PTY_GETUTXLINE(search)) != NULL) {
-	if (better(search, utxp, &utxtmp)) {
-	    utxtmp = *utxp;
-	    best = i;
-	}
-	memset(utxp, 0, sizeof(*utxp));
-	i++;
-    }
-    if (best == -1)
-	return NULL;
-    PTY_SETUTXENT();
-    for (i = 0; i <= best; i++) {
-	if (utxp != NULL)
-	    memset(utxp, 0, sizeof(*utxp));
-	utxp = PTY_GETUTXLINE(search);
-    }
-    return utxp;
-}
-
-/*
- * All calls to this function for a given login session must have the
- * pids be equal; various things will break if this is not the case,
- * since we do some searching based on the pid.  Note that if a parent
- * process calls this via pty_cleanup(), it should still pass the
- * child's pid rather than its own.
- */
-long
-pty_update_utmp(int process_type, int pid, const char *username,
-		    const char *line, const char *host, int flags)
-{
-    PTY_STRUCT_UTMPX utx, *utxtmp, utx2;
-    const char *cp;
-    size_t len;
-    char utmp_id[5];
-
-    /*
-     * Zero things out in case there are fields we don't handle here.
-     * They tend to be non-portable anyway.
-     */
-    memset(&utx, 0, sizeof(utx));
-    utxtmp = NULL;
-    cp = line;
-    if (strncmp(cp, "/dev/", sizeof("/dev/") - 1) == 0)
-	cp += sizeof("/dev/") - 1;
-    strncpy(utx.ut_line, cp, sizeof(utx.ut_line));
-    utx.ut_pid = pid;
-    switch (process_type) {
-    case PTY_LOGIN_PROCESS:
-	utx.ut_type = LOGIN_PROCESS;
-	break;
-    case PTY_USER_PROCESS:
-	utx.ut_type = USER_PROCESS;
-	break;
-    case PTY_DEAD_PROCESS:
-	utx.ut_type = DEAD_PROCESS;
-	break;
-    default:
-	return PTY_UPDATE_UTMP_PROCTYPE_INVALID;
-    }
-    len = strlen(line);
-    if (len >= 2) {
-	cp = line + len - 1;
-	if (*(cp - 1) != '/')
-	    cp--;		/* last two characters, unless it's a / */
-    } else
-	cp = line;
-    /*
-     * HP-UX has mostly 4-character inittab ids, while most other sysV
-     * variants use only 2-charcter inittab ids, so to avoid
-     * conflicts, we pick 2-character ut_ids for our own use.  We may
-     * want to feature-test for this, but it would be somewhat of a
-     * pain, and would eit cross-compiling.
-     */
-#ifdef __hpux
-    strlcpy(utmp_id, cp, sizeof(utmp_id));
-#else
-    if (len > 2 && *(cp - 1) != '/')
-	snprintf(utmp_id, sizeof(utmp_id), "k%s", cp - 1);
-    else
-	snprintf(utmp_id, sizeof(utmp_id), "k0%s", cp);
-#endif
-    strncpy(utx.ut_id, utmp_id, sizeof(utx.ut_id));
-    /*
-     * Get existing utmpx entry for PID or LINE, if any, so we can
-     * copy some stuff from it.  This is particularly important if we
-     * are login.krb5 and are running out of getty, since getty will
-     * have written the entry for the line with ut_type ==
-     * LOGIN_PROCESS, and what it has recorded in ut_id may not be
-     * what we come up with, since that's up to the whim of the
-     * sysadmin who writes the inittab entry.
-     *
-     * Note that we may be screwed if we try to write a logout record
-     * for a vendor's login program, since it may construct ut_line
-     * and ut_id differently from us; even though we search on ut_pid,
-     * we validate against ut_id or ut_line to sanity-check.  We may
-     * want to rethink whether to actually include this check, since
-     * it should be highly unlikely that there will be a bogus entry
-     * in utmpx matching our pid.
-     */
-    if (process_type != PTY_LOGIN_PROCESS)
-	utxtmp = best_utxent(&utx);
-
-#ifdef HAVE_SETUTXENT
-    if (gettimeofday(&utx.ut_tv, NULL))
-	return errno;
-#else
-    (void)time(&utx.ut_time);
-#endif
-    /*
-     * On what system is there not ut_host?  Unix98 doesn't mandate
-     * this field, but we have yet to see a system that supports utmpx
-     * that doesn't have it.  For what it's worth, some ancient utmp
-     * headers on svr4 systems imply that there's no ut_host in struct
-     * utmp...
-     */
-#if (defined(HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMPX_UT_HOST))	\
-	|| (!defined(HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMP_UT_HOST))
-    if (host != NULL) {
-	strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-	/* Unlike other things in utmpx, ut_host is nul-terminated? */
-	utx.ut_host[sizeof(utx.ut_host) - 1] = '\0';
-    } else
-	utx.ut_host[0] = '\0';
-#if (defined(HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMPX_UT_SYSLEN))	\
-	|| (!defined (HAVE_SETUTXENT) && defined(HAVE_STRUCT_UTMP_UT_SYSLEN))
-    if (host != NULL)
-	utx.ut_syslen = strlen(utx.ut_host) + 1;
-    else
-	utx.ut_syslen = 0;
-#endif
-#endif
-
-    /* XXX deal with ut_addr? */
-
-    if (utxtmp != NULL) {
-	/*
-	 * For entries not of type LOGIN_PROCESS, override some stuff
-	 * with what was in the previous entry we found, if any.
-	 */
-	strncpy(utx.ut_id, utxtmp->ut_id, sizeof(utx.ut_id));
-	utx.ut_pid = utxtmp->ut_pid;
-    }
-
-    strncpy(utx.ut_user, username, sizeof(utx.ut_user));
-
-    /*
-     * Make a copy now and deal with copying relevant things out of
-     * utxtmp in case setutxline() or pututxline() clobbers utxtmp.
-     * (After all, the returned pointer from the getutx*() functions
-     * is allowed to point to static storage that may get overwritten
-     * by subsequent calls to related functions.)
-     */
-    utx2 = utx;
-    if (process_type == PTY_DEAD_PROCESS && utxtmp != NULL) {
-	/*
-	 * Use ut_line from old entry to avoid confusing last on
-	 * HP-UX.
-	 */
-	strncpy(utx2.ut_line, utxtmp->ut_line, sizeof(utx2.ut_line));
-    }
-
-    PTY_SETUTXENT();
-    PTY_PUTUTXLINE(&utx);
-    PTY_ENDUTXENT();
-
-    /* Don't record LOGIN_PROCESS entries. */
-    if (process_type == PTY_LOGIN_PROCESS)
-	return 0;
-
-#ifdef HAVE_SETUTXENT
-    return ptyint_update_wtmpx(&utx2);
-#else
-    return ptyint_update_wtmp(&utx2);
-#endif
-}
-
-#else /* !(HAVE_SETUTXENT || HAVE_SETUTENT) */
-
-long
-pty_update_utmp(int process_type, int pid, const char *username,
-		const char *line, const char *host, int flags)
-{
-    struct utmp ent, ut;
-    const char *cp;
-    int tty, lc, fd;
-    off_t seekpos;
-    ssize_t ret;
-    struct stat statb;
-
-    memset(&ent, 0, sizeof(ent));
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    if (host)
-	strncpy(ent.ut_host, host, sizeof(ent.ut_host));
-#endif
-    strncpy(ent.ut_name, username, sizeof(ent.ut_name));
-    cp = line;
-    if (strncmp(cp, "/dev/", sizeof("/dev/") - 1) == 0)
-	cp += sizeof("/dev/") - 1;
-    strncpy(ent.ut_line, cp, sizeof(ent.ut_line));
-    (void)time(&ent.ut_time);
-
-    if (flags & PTY_TTYSLOT_USABLE)
-	tty = ttyslot();
-    else {
-	tty = -1;
-	fd = open(UTMP_FILE, O_RDONLY);
-	if (fd == -1)
-	    return errno;
-	for (lc = 0; ; lc++) {
-	    seekpos = lseek(fd, (off_t)(lc * sizeof(struct utmp)), SEEK_SET);
-	    if (seekpos != (off_t)(lc * sizeof(struct utmp)))
-		break;
-	    if (read(fd, (char *) &ut, sizeof(struct utmp))
-		!= sizeof(struct utmp))
-		break;
-	    if (strncmp(ut.ut_line, ent.ut_line, sizeof(ut.ut_line)) == 0) {
-		tty = lc;
-		break;
-	    }
-	}
-	close(fd);
-    }
-    if (tty > 0) {
-	fd = open(UTMP_FILE, O_WRONLY);
-	if (fd == -1)
-	    return 0;
-	if (fstat(fd, &statb)) {
-	    close(fd);
-	    return 0;
-	}
-	seekpos = lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
-	if (seekpos != (off_t)(tty * sizeof(struct utmp))) {
-	    close(fd);
-	    return 0;
-	}
-	ret = write(fd, (char *)&ent, sizeof(struct utmp));
-	if (ret != sizeof(struct utmp)) {
-	    ftruncate(fd, statb.st_size);
-	}
-	close(fd);
-    }
-    /* Don't record LOGIN_PROCESS entries. */
-    if (process_type == PTY_LOGIN_PROCESS)
-	return 0;
-    else
-	return ptyint_update_wtmp(&ent);
-}
-#endif
diff --git a/src/appl/libpty/update_wtmp.c b/src/appl/libpty/update_wtmp.c
deleted file mode 100644
index 12a2720..0000000
--- a/src/appl/libpty/update_wtmp.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * ptyint_update_wtmp: Update wtmp.
- *
- * Copyright 1995, 2001 by the Massachusetts Institute of Technology.
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-#if !defined(WTMP_FILE) && defined(_PATH_WTMP)
-#define WTMP_FILE _PATH_WTMP
-#endif
-
-#if !defined(WTMPX_FILE) && defined(_PATH_WTMPX)
-#define WTMPX_FILE _PATH_WTMPX
-#endif
-
-/* if it is *still* missing, assume SunOS */
-#ifndef WTMP_FILE
-#define	WTMP_FILE	"/usr/adm/wtmp"
-#endif
-
-#ifdef HAVE_SETUTXENT
-
-#if defined(HAVE_GETUTMP) && defined(NEED_GETUTMP_PROTO)
-extern void getutmp(const struct utmpx *, struct utmp *);
-#endif
-
-/*
- * Welcome to conditional salad.
- *
- * This really wants to take a (const struct utmpx *) but updutmpx()
- * on Solaris at least doesn't take a const argument.  *sigh*
- */
-long
-ptyint_update_wtmpx(struct utmpx *ent)
-{
-#if !(defined(HAVE_UPDWTMPX) && defined(WTMPX_FILE))
-    struct utmp ut;
-#endif
-
-#if defined(HAVE_UPDWTMPX) && defined(WTMPX_FILE)
-    updwtmpx(WTMPX_FILE, ent);
-    return 0;
-#else
-
-#ifdef HAVE_GETUTMP
-    getutmp(ent, &ut);
-#else  /* Emulate getutmp().  Yuck. */
-    memset(&ut, 0, sizeof(ut));
-    strncpy(ut.ut_name, ent->ut_user, sizeof(ut.ut_name));
-    strncpy(ut.ut_line, ent->ut_line, sizeof(ut.ut_line));
-    ut.ut_time = ent->ut_tv.tv_sec;
-#ifdef HAVE_STRUCT_UTMP_UT_HOST
-    strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host));
-    ut.ut_host[sizeof(ut.ut_host) - 1] = '\0';
-#ifdef HAVE_STRUCT_UTMP_UT_SYSLEN
-    ut.ut_syslen = strlen(ut.ut_host) + 1;
-#endif
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_ID
-    strncpy(ut.ut_id, ent->ut_id, sizeof(ut.ut_id));
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_PID
-    ut.ut_pid = ent->ut_pid;
-#endif
-#ifdef HAVE_STRUCT_UTMP_UT_TYPE
-    ut.ut_type = ent->ut_type;
-#endif
-#if defined(PTY_UTMP_E_EXIT) && defined(PTY_UTMPX_E_EXIT)
-    ut.ut_exit.PTY_UTMP_E_EXIT = ent->ut_exit.PTY_UTMPX_E_EXIT;
-    ut.ut_exit.PTY_UTMP_E_TERMINATION =
-	ent->ut_exit.PTY_UTMPX_E_TERMINATION;
-#endif
-#endif /* !HAVE_GETUTMP */
-
-    return ptyint_update_wtmp(&ut);
-#endif /* !(defined(WTMPX_FILE) && defined(HAVE_UPDWTMPX)) */
-}
-
-#endif  /* HAVE_SETUTXENT */
-
-#if !(defined(WTMPX_FILE) && defined(HAVE_UPDWTMPX)) \
-	|| !defined(HAVE_SETUTXENT)
-
-long
-ptyint_update_wtmp(struct utmp *ent)
-{
-#ifndef HAVE_UPDWTMP
-    int fd;
-    struct stat statb;
-#endif
-
-#ifdef HAVE_UPDWTMP
-    updwtmp(WTMP_FILE, ent);
-#else
-    fd = open(WTMP_FILE, O_WRONLY | O_APPEND, 0);
-    if (fd != -1 && !fstat(fd, &statb)) {
-	if (write(fd, (char *)ent, sizeof(struct utmp))
-	    != sizeof(struct utmp))
-	    (void)ftruncate(fd, statb.st_size);
-	(void)close(fd);
-    }
-#endif
-    /*
-     * no current failure cases; file not found is not failure!
-     */
-    return 0;
-}
-
-#endif
diff --git a/src/appl/libpty/vhangup.c b/src/appl/libpty/vhangup.c
deleted file mode 100644
index a542500..0000000
--- a/src/appl/libpty/vhangup.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * pty_open_slave: open slave side of terminal, clearing for use.
- *
- * Copyright 1995 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-void ptyint_vhangup(void)
-{
-#ifdef HAVE_VHANGUP
-#ifdef POSIX_SIGNALS
-    struct sigaction sa;
-    /* Initialize "sa" structure. */
-    (void) sigemptyset(&sa.sa_mask);
-    sa.sa_flags = 0;
-
-#endif
-
-#ifdef POSIX_SIGNALS
-	sa.sa_handler = SIG_IGN;
-	(void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
-	vhangup();
-	sa.sa_handler = SIG_DFL;
-	(void) sigaction(SIGHUP, &sa, (struct sigaction *)0);
-#else
-	signal(SIGHUP, SIG_IGN);
-	vhangup();
-	signal(SIGHUP, SIG_DFL);
-#endif
-#endif
-}
diff --git a/src/appl/libpty/void_assoc.c b/src/appl/libpty/void_assoc.c
deleted file mode 100644
index 9182589..0000000
--- a/src/appl/libpty/void_assoc.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * ptyint_void_association(): Void association with controlling terminal
- *
- * Copyright 1995, 1996 by the Massachusetts Institute of Technology.
- *
- *
- * Permission to use, copy, modify, and distribute this software and
- * its documentation for any purpose and without fee is hereby
- * granted, provided that the above copyright notice appear in all
- * copies and that both that copyright notice and this permission
- * notice appear in supporting documentation, and that the name of
- * M.I.T. not be used in advertising or publicity pertaining to
- * distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- *
- */
-
-#include "com_err.h"
-#include "libpty.h"
-#include "pty-int.h"
-
-/*
- * This function gets called to set up the current process as a
- * session leader (hence, can't be called except from a process that
- * isn't already a session leader) and dissociates the controlling
- * terminal (if any) from the session.
- */
-long
-ptyint_void_association(void)
-{
-    int fd;
-#ifdef HAVE_SETSID
-    (void) setsid();
-#endif
-    /* Void tty association first */
-#ifdef TIOCNOTTY
-    fd = open("/dev/tty", O_RDWR);
-    if (fd >= 0) {
-	ioctl(fd, TIOCNOTTY, 0);
-	close(fd);
-    }
-#endif
-    return 0;
-}
diff --git a/src/appl/sample/Makefile.in b/src/appl/sample/Makefile.in
index 8194446..dde058f 100644
--- a/src/appl/sample/Makefile.in
+++ b/src/appl/sample/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=appl/sample
 mydir=appl/sample
 SUBDIRS = sclient sserver
 BUILDTOP=$(REL)..$(S)..
diff --git a/src/appl/sample/sample.h b/src/appl/sample/sample.h
index e61a2f3..be6ef18 100644
--- a/src/appl/sample/sample.h
+++ b/src/appl/sample/sample.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/sample/sample.h
  *
diff --git a/src/appl/sample/sclient/Makefile.in b/src/appl/sample/sclient/Makefile.in
index db69a13..481d81e 100644
--- a/src/appl/sample/sclient/Makefile.in
+++ b/src/appl/sample/sclient/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=appl/sample/sclient
 mydir=appl/sample/sclient
 
 BUILDTOP=$(REL)..$(S)..$(S)..
diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c
index 2f9b479..cf5a39f 100644
--- a/src/appl/sample/sclient/sclient.c
+++ b/src/appl/sample/sclient/sclient.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/sample/sclient/sclient.c
  *
@@ -58,31 +59,28 @@
 #endif
 
 static int
-net_read(fd, buf, len)
-    int fd;
-    char *buf;
-    int len;
+net_read(int fd, char *buf, int len)
 {
     int cc, len2 = 0;
 
     do {
-	cc = SOCKET_READ((SOCKET)fd, buf, len);
-	if (cc < 0) {
-	    if (SOCKET_ERRNO == SOCKET_EINTR)
-		continue;
+        cc = SOCKET_READ((SOCKET)fd, buf, len);
+        if (cc < 0) {
+            if (SOCKET_ERRNO == SOCKET_EINTR)
+                continue;
 
-		/* XXX this interface sucks! */
-        errno = SOCKET_ERRNO;
+            /* XXX this interface sucks! */
+            errno = SOCKET_ERRNO;
 
-	    return(cc);		 /* errno is already set */
-	}
-	else if (cc == 0) {
-	    return(len2);
-	} else {
-	    buf += cc;
-	    len2 += cc;
-	    len -= cc;
-	}
+            return(cc);          /* errno is already set */
+        }
+        else if (cc == 0) {
+            return(len2);
+        } else {
+            buf += cc;
+            len2 += cc;
+            len -= cc;
+        }
     } while (len > 0);
     return(len2);
 }
@@ -107,84 +105,84 @@ main(int argc, char *argv[])
     char *service = SAMPLE_SERVICE;
 
     if (argc != 2 && argc != 3 && argc != 4) {
-	fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]);
-	exit(1);
+        fprintf(stderr, "usage: %s <hostname> [port] [service]\n",argv[0]);
+        exit(1);
     }
 
     retval = krb5_init_context(&context);
     if (retval) {
-	    com_err(argv[0], retval, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
 
     (void) signal(SIGPIPE, SIG_IGN);
 
     if (argc > 2)
-	portstr = argv[2];
+        portstr = argv[2];
     else
-	portstr = SAMPLE_PORT;
+        portstr = SAMPLE_PORT;
 
     memset(&aihints, 0, sizeof(aihints));
     aihints.ai_socktype = SOCK_STREAM;
     aierr = getaddrinfo(argv[1], portstr, &aihints, &ap);
     if (aierr) {
-	fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n",
-		argv[0], argv[1], portstr, gai_strerror(aierr));
-	exit(1);
+        fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: %s\n",
+                argv[0], argv[1], portstr, gai_strerror(aierr));
+        exit(1);
     }
     if (ap == 0) {
-	/* Should never happen.  */
-	fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n",
-		argv[0], argv[1], portstr);
-	exit(1);
+        /* Should never happen.  */
+        fprintf(stderr, "%s: error looking up host '%s' port '%s'/tcp: no addresses returned?\n",
+                argv[0], argv[1], portstr);
+        exit(1);
     }
 
     if (argc > 3) {
-	service = argv[3];
+        service = argv[3];
     }
 
     retval = krb5_sname_to_principal(context, argv[1], service,
-				     KRB5_NT_SRV_HST, &server);
+                                     KRB5_NT_SRV_HST, &server);
     if (retval) {
-	com_err(argv[0], retval, "while creating server name for host %s service %s",
-		argv[1], service);
-	exit(1);
+        com_err(argv[0], retval, "while creating server name for host %s service %s",
+                argv[1], service);
+        exit(1);
     }
 
     /* set up the address of the foreign socket for connect() */
     apstart = ap; /* For freeing later */
     for (sock = -1; ap && sock == -1; ap = ap->ai_next) {
-	char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
-	char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
-	if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
-			pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
-	    memset(abuf, 0, sizeof(abuf));
-	    memset(pbuf, 0, sizeof(pbuf));
-	    strncpy(abuf, "[error, cannot print address?]",
-		    sizeof(abuf)-1);
-	    strncpy(pbuf, "[?]", sizeof(pbuf)-1);
-	}
-	memset(mbuf, 0, sizeof(mbuf));
-	strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
-	strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
-	strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
-	strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
-	sock = socket(ap->ai_family, SOCK_STREAM, 0);
-	if (sock < 0) {
-	    fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
-	    continue;
-	}
-	if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
-	    fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
-	    close(sock);
-	    sock = -1;
-	    continue;
-	}
-	/* connected, yay! */
+        char abuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+        char mbuf[NI_MAXHOST + NI_MAXSERV + 64];
+        if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
+                        pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+            memset(abuf, 0, sizeof(abuf));
+            memset(pbuf, 0, sizeof(pbuf));
+            strncpy(abuf, "[error, cannot print address?]",
+                    sizeof(abuf)-1);
+            strncpy(pbuf, "[?]", sizeof(pbuf)-1);
+        }
+        memset(mbuf, 0, sizeof(mbuf));
+        strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
+        strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
+        strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
+        strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
+        sock = socket(ap->ai_family, SOCK_STREAM, 0);
+        if (sock < 0) {
+            fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
+            continue;
+        }
+        if (connect(sock, ap->ai_addr, ap->ai_addrlen) < 0) {
+            fprintf(stderr, "%s: connect: %s\n", mbuf, strerror(errno));
+            close(sock);
+            sock = -1;
+            continue;
+        }
+        /* connected, yay! */
     }
     if (sock == -1)
-	/* Already printed error message above.  */
-	exit(1);
+        /* Already printed error message above.  */
+        exit(1);
     printf("connected\n");
 
     cksum_data.data = argv[1];
@@ -192,67 +190,67 @@ main(int argc, char *argv[])
 
     retval = krb5_cc_default(context, &ccdef);
     if (retval) {
-	com_err(argv[0], retval, "while getting default ccache");
-	exit(1);
+        com_err(argv[0], retval, "while getting default ccache");
+        exit(1);
     }
 
     retval = krb5_cc_get_principal(context, ccdef, &client);
     if (retval) {
-	com_err(argv[0], retval, "while getting client principal name");
-	exit(1);
+        com_err(argv[0], retval, "while getting client principal name");
+        exit(1);
     }
     retval = krb5_sendauth(context, &auth_context, (krb5_pointer) &sock,
-			   SAMPLE_VERSION, client, server,
-			   AP_OPTS_MUTUAL_REQUIRED,
-			   &cksum_data,
-			   0,		/* no creds, use ccache instead */
-			   ccdef, &err_ret, &rep_ret, NULL);
+                           SAMPLE_VERSION, client, server,
+                           AP_OPTS_MUTUAL_REQUIRED,
+                           &cksum_data,
+                           0,           /* no creds, use ccache instead */
+                           ccdef, &err_ret, &rep_ret, NULL);
 
-    krb5_free_principal(context, server);	/* finished using it */
+    krb5_free_principal(context, server);       /* finished using it */
     krb5_free_principal(context, client);
     krb5_cc_close(context, ccdef);
     if (auth_context) krb5_auth_con_free(context, auth_context);
 
     if (retval && retval != KRB5_SENDAUTH_REJECTED) {
-	com_err(argv[0], retval, "while using sendauth");
-	exit(1);
+        com_err(argv[0], retval, "while using sendauth");
+        exit(1);
     }
     if (retval == KRB5_SENDAUTH_REJECTED) {
-	/* got an error */
-	printf("sendauth rejected, error reply is:\n\t\"%*s\"\n",
-	       err_ret->text.length, err_ret->text.data);
+        /* got an error */
+        printf("sendauth rejected, error reply is:\n\t\"%*s\"\n",
+               err_ret->text.length, err_ret->text.data);
     } else if (rep_ret) {
-	/* got a reply */
-	krb5_free_ap_rep_enc_part(context, rep_ret);
+        /* got a reply */
+        krb5_free_ap_rep_enc_part(context, rep_ret);
 
-	printf("sendauth succeeded, reply is:\n");
-	if ((retval = net_read(sock, (char *)&xmitlen,
-			       sizeof(xmitlen))) <= 0) {
-	    if (retval == 0)
-		errno = ECONNABORTED;
-	    com_err(argv[0], errno, "while reading data from server");
-	    exit(1);
-	}
-	recv_data.length = ntohs(xmitlen);
-	if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) {
-	    com_err(argv[0], ENOMEM,
-		    "while allocating buffer to read from server");
-	    exit(1);
-	}
-	if ((retval = net_read(sock, (char *)recv_data.data,
-			       recv_data.length)) <= 0) {
-	    if (retval == 0)
-		errno = ECONNABORTED;
-	    com_err(argv[0], errno, "while reading data from server");
-	    exit(1);
-	}
-	recv_data.data[recv_data.length] = '\0';
-	printf("reply len %d, contents:\n%s\n",
-	       recv_data.length,recv_data.data);
-	free(recv_data.data);
+        printf("sendauth succeeded, reply is:\n");
+        if ((retval = net_read(sock, (char *)&xmitlen,
+                               sizeof(xmitlen))) <= 0) {
+            if (retval == 0)
+                errno = ECONNABORTED;
+            com_err(argv[0], errno, "while reading data from server");
+            exit(1);
+        }
+        recv_data.length = ntohs(xmitlen);
+        if (!(recv_data.data = (char *)malloc((size_t) recv_data.length + 1))) {
+            com_err(argv[0], ENOMEM,
+                    "while allocating buffer to read from server");
+            exit(1);
+        }
+        if ((retval = net_read(sock, (char *)recv_data.data,
+                               recv_data.length)) <= 0) {
+            if (retval == 0)
+                errno = ECONNABORTED;
+            com_err(argv[0], errno, "while reading data from server");
+            exit(1);
+        }
+        recv_data.data[recv_data.length] = '\0';
+        printf("reply len %d, contents:\n%s\n",
+               recv_data.length,recv_data.data);
+        free(recv_data.data);
     } else {
-	com_err(argv[0], 0, "no error or reply from sendauth!");
-	exit(1);
+        com_err(argv[0], 0, "no error or reply from sendauth!");
+        exit(1);
     }
     freeaddrinfo(apstart);
     krb5_free_context(context);
diff --git a/src/appl/sample/sserver/Makefile.in b/src/appl/sample/sserver/Makefile.in
index e5ca92f..0126533 100644
--- a/src/appl/sample/sserver/Makefile.in
+++ b/src/appl/sample/sserver/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=appl/sample/sserver
 mydir=appl/sample/sserver
 
 BUILDTOP=$(REL)..$(S)..$(S)..
diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c
index 0ad9c07..bdd69a8 100644
--- a/src/appl/sample/sserver/sserver.c
+++ b/src/appl/sample/sserver/sserver.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/sample/sserver/sserver.c
  *
@@ -64,24 +65,21 @@ extern krb5_deltat krb5_clockskew;
 #define DEBUG
 
 static void
-usage(name)
-    char *name;
+usage(char *name)
 {
-	fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
-		name);
+    fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n",
+            name);
 }
 
 int
-main(argc, argv)
-    int argc;
-    char *argv[];
+main(int argc, char *argv[])
 {
     krb5_context context;
     krb5_auth_context auth_context = NULL;
     krb5_ticket * ticket;
     struct sockaddr_in peername;
     GETPEERNAME_ARG3_TYPE  namelen = sizeof(peername);
-    int sock = -1;			/* incoming connection fd */
+    int sock = -1;                      /* incoming connection fd */
     krb5_data recv_data;
     short xmitlen;
     krb5_error_code retval;
@@ -89,11 +87,11 @@ main(argc, argv)
     char repbuf[BUFSIZ];
     char *cname;
     char *service = SAMPLE_SERVICE;
-    short port = 0;		/* If user specifies port */
+    short port = 0;             /* If user specifies port */
     extern int opterr, optind;
     extern char * optarg;
     int ch;
-    krb5_keytab keytab = NULL;	/* Allow specification on command line */
+    krb5_keytab keytab = NULL;  /* Allow specification on command line */
     char *progname;
     int on = 1;
 
@@ -101,8 +99,8 @@ main(argc, argv)
 
     retval = krb5_init_context(&context);
     if (retval) {
-	    com_err(argv[0], retval, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
 
     /* open a log connection */
@@ -113,27 +111,28 @@ main(argc, argv)
      *
      */
     opterr = 0;
-    while ((ch = getopt(argc, argv, "p:S:s:")) != -1)
-    switch (ch) {
-    case 'p':
-	port = atoi(optarg);
-	break;
-    case 's':
-	service = optarg;
-	break;
-    case 'S':
-	if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
-	    com_err(progname, retval,
-		    "while resolving keytab file %s", optarg);
-	    exit(2);
-	}
-	break;
-
-      case '?':
-    default:
-	usage(progname);
-	exit(1);
-	break;
+    while ((ch = getopt(argc, argv, "p:S:s:")) != -1) {
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case 'S':
+            if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+                com_err(progname, retval,
+                        "while resolving keytab file %s", optarg);
+                exit(2);
+            }
+            break;
+
+        case '?':
+        default:
+            usage(progname);
+            exit(1);
+            break;
+        }
     }
 
     argc -= optind;
@@ -141,15 +140,15 @@ main(argc, argv)
 
     /* Backwards compatibility, allow port to be specified at end */
     if (argc > 1) {
-	    port = atoi(argv[1]);
+        port = atoi(argv[1]);
     }
 
     retval = krb5_sname_to_principal(context, NULL, service,
-				     KRB5_NT_SRV_HST, &server);
+                                     KRB5_NT_SRV_HST, &server);
     if (retval) {
-	syslog(LOG_ERR, "while generating service name (%s): %s",
-	       service, error_message(retval));
-	exit(1);
+        syslog(LOG_ERR, "while generating service name (%s): %s",
+               service, error_message(retval));
+        exit(1);
     }
 
     /*
@@ -158,86 +157,86 @@ main(argc, argv)
      */
 
     if (port) {
-	int acc;
-	struct sockaddr_in sockin;
-
-	if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
-	    syslog(LOG_ERR, "socket: %m");
-	    exit(3);
-	}
-	/* Let the socket be reused right away */
-	(void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
-			  sizeof(on));
-
-	sockin.sin_family = AF_INET;
-	sockin.sin_addr.s_addr = 0;
-	sockin.sin_port = htons(port);
-	if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) {
-	    syslog(LOG_ERR, "bind: %m");
-	    exit(3);
-	}
-	if (listen(sock, 1) == -1) {
-	    syslog(LOG_ERR, "listen: %m");
-	    exit(3);
-	}
-	if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
-	    syslog(LOG_ERR, "accept: %m");
-	    exit(3);
-	}
-	dup2(acc, 0);
-	close(sock);
-	sock = 0;
+        int acc;
+        struct sockaddr_in sockin;
+
+        if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+            syslog(LOG_ERR, "socket: %m");
+            exit(3);
+        }
+        /* Let the socket be reused right away */
+        (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+                          sizeof(on));
+
+        sockin.sin_family = AF_INET;
+        sockin.sin_addr.s_addr = 0;
+        sockin.sin_port = htons(port);
+        if (bind(sock, (struct sockaddr *) &sockin, sizeof(sockin))) {
+            syslog(LOG_ERR, "bind: %m");
+            exit(3);
+        }
+        if (listen(sock, 1) == -1) {
+            syslog(LOG_ERR, "listen: %m");
+            exit(3);
+        }
+        if ((acc = accept(sock, (struct sockaddr *)&peername, &namelen)) == -1){
+            syslog(LOG_ERR, "accept: %m");
+            exit(3);
+        }
+        dup2(acc, 0);
+        close(sock);
+        sock = 0;
     } else {
-	/*
-	 * To verify authenticity, we need to know the address of the
-	 * client.
-	 */
-	if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
-	    syslog(LOG_ERR, "getpeername: %m");
-	    exit(1);
-	}
-	sock = 0;
+        /*
+         * To verify authenticity, we need to know the address of the
+         * client.
+         */
+        if (getpeername(0, (struct sockaddr *)&peername, &namelen) < 0) {
+            syslog(LOG_ERR, "getpeername: %m");
+            exit(1);
+        }
+        sock = 0;
     }
 
     retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&sock,
-			   SAMPLE_VERSION, server,
-			   0,	/* no flags */
-			   keytab,	/* default keytab is NULL */
-			   &ticket);
+                           SAMPLE_VERSION, server,
+                           0,   /* no flags */
+                           keytab,      /* default keytab is NULL */
+                           &ticket);
     if (retval) {
-	syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
-	exit(1);
+        syslog(LOG_ERR, "recvauth failed--%s", error_message(retval));
+        exit(1);
     }
 
     /* Get client name */
     repbuf[sizeof(repbuf) - 1] = '\0';
     retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname);
     if (retval){
-	syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
-	strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
+        syslog(LOG_ERR, "unparse failed: %s", error_message(retval));
+        strncpy(repbuf, "You are <unparse error>\n", sizeof(repbuf) - 1);
     } else {
-	strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
-	strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
-	strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
-	free(cname);
+        strncpy(repbuf, "You are ", sizeof(repbuf) - 1);
+        strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf));
+        strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf));
+        free(cname);
     }
     xmitlen = htons(strlen(repbuf));
     recv_data.length = strlen(repbuf);
     recv_data.data = repbuf;
     if ((retval = krb5_net_write(context, 0, (char *)&xmitlen,
-				 sizeof(xmitlen))) < 0) {
-	syslog(LOG_ERR, "%m: while writing len to client");
-	exit(1);
+                                 sizeof(xmitlen))) < 0) {
+        syslog(LOG_ERR, "%m: while writing len to client");
+        exit(1);
     }
     if ((retval = krb5_net_write(context, 0, (char *)recv_data.data,
-				 recv_data.length)) < 0) {
-	syslog(LOG_ERR, "%m: while writing data to client");
-	exit(1);
+                                 recv_data.length)) < 0) {
+        syslog(LOG_ERR, "%m: while writing data to client");
+        exit(1);
     }
 
     krb5_free_ticket(context, ticket);
     if(keytab)
-      krb5_kt_close(context, keytab);
+        krb5_kt_close(context, keytab);
     krb5_free_principal(context, server);
     krb5_auth_con_free(context, auth_context);
     krb5_free_context(context);
diff --git a/src/appl/simple/Makefile.in b/src/appl/simple/Makefile.in
index c6b7baa..7681efb 100644
--- a/src/appl/simple/Makefile.in
+++ b/src/appl/simple/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=appl/simple
 mydir=appl/simple
 SUBDIRS = client server
 BUILDTOP=$(REL)..$(S)..
diff --git a/src/appl/simple/client/Makefile.in b/src/appl/simple/client/Makefile.in
index c6840fe..3e53f5e 100644
--- a/src/appl/simple/client/Makefile.in
+++ b/src/appl/simple/client/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=appl/simple/client
 mydir=appl/simple/client
 BUILDTOP=$(REL)..$(S)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c
index 4f5e403..57e4988 100644
--- a/src/appl/simple/client/sim_client.c
+++ b/src/appl/simple/client/sim_client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/simple/client/sim_client.c
  *
@@ -52,25 +53,22 @@
 #define MAXHOSTNAMELEN 64
 #endif
 
-#define MSG "hi there!"			/* message text */
+#define MSG "hi there!"                 /* message text */
 
 void usage (char *);
 
 void
-usage(name)
-    char *name;
+usage(char *name)
 {
-	fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
+    fprintf(stderr, "usage: %s [-p port] [-h host] [-m message] [-s service] [host]\n", name);
 }
 
 int
-main(argc, argv)
-    int argc;
-    char *argv[];
+main(int argc, char *argv[])
 {
     int sock, i;
     unsigned int len;
-    int flags = 0;			/* flags for sendto() */
+    int flags = 0;                      /* flags for sendto() */
     struct servent *serv;
     struct hostent *host;
     char *cp;
@@ -78,11 +76,11 @@ main(argc, argv)
 #ifdef BROKEN_STREAMS_SOCKETS
     char my_hostname[MAXHOSTNAMELEN];
 #endif
-    struct sockaddr_in s_sock;		/* server address */
-    struct sockaddr_in c_sock;		/* client address */
+    struct sockaddr_in s_sock;          /* server address */
+    struct sockaddr_in c_sock;          /* client address */
     extern int opterr, optind;
     extern char * optarg;
-    int	ch;
+    int ch;
 
     short port = 0;
     char *message = MSG;
@@ -95,15 +93,15 @@ main(argc, argv)
     krb5_ccache ccdef;
     krb5_address addr, *portlocal_addr;
     krb5_rcache rcache;
-    krb5_data	rcache_name;
+    krb5_data   rcache_name;
 
-    krb5_context 	  context;
-    krb5_auth_context 	  auth_context = NULL;
+    krb5_context          context;
+    krb5_auth_context     auth_context = NULL;
 
     retval = krb5_init_context(&context);
     if (retval) {
-	    com_err(argv[0], retval, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
 
     progname = argv[0];
@@ -114,43 +112,43 @@ main(argc, argv)
      */
     opterr = 0;
     while ((ch = getopt(argc, argv, "p:m:h:s:")) != -1)
-    switch (ch) {
-    case 'p':
-	port = atoi(optarg);
-	break;
-    case 'm':
-	message = optarg;
-	break;
-    case 'h':
-	hostname = optarg;
-	break;
-    case 's':
-	service = optarg;
-	break;
-    case '?':
-    default:
-	usage(progname);
-	exit(1);
-	break;
-    }
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 'm':
+            message = optarg;
+            break;
+        case 'h':
+            hostname = optarg;
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case '?':
+        default:
+            usage(progname);
+            exit(1);
+            break;
+        }
     argc -= optind;
     argv += optind;
     if (argc > 0) {
-	if (hostname)
-	    usage(progname);
-	hostname = argv[0];
+        if (hostname)
+            usage(progname);
+        hostname = argv[0];
     }
 
     if (hostname == 0) {
-	fprintf(stderr, "You must specify a hostname to contact.\n\n");
-	usage(progname);
-	exit(1);
+        fprintf(stderr, "You must specify a hostname to contact.\n\n");
+        usage(progname);
+        exit(1);
     }
 
     /* Look up server host */
     if ((host = gethostbyname(hostname)) == (struct hostent *) 0) {
-	fprintf(stderr, "%s: unknown host\n", hostname);
-	exit(1);
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
     }
     strncpy(full_hname, host->h_name, sizeof(full_hname)-1);
     full_hname[sizeof(full_hname)-1] = '\0';
@@ -170,33 +168,33 @@ main(argc, argv)
     s_sock.sin_family = AF_INET;
 
     if (port == 0) {
-	/* Look up service */
-	if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
-	    fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
-	    exit(1);
-	}
-	s_sock.sin_port = serv->s_port;
+        /* Look up service */
+        if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+            fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+            exit(1);
+        }
+        s_sock.sin_port = serv->s_port;
     } else {
-	s_sock.sin_port = htons(port);
+        s_sock.sin_port = htons(port);
     }
 
     /* Open a socket */
     if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-	com_err(progname, errno, "opening datagram socket");
-	exit(1);
+        com_err(progname, errno, "opening datagram socket");
+        exit(1);
     }
 
     memset(&c_sock, 0, sizeof(c_sock));
     c_sock.sin_family = AF_INET;
 #ifdef BROKEN_STREAMS_SOCKETS
     if (gethostname(my_hostname, sizeof(my_hostname)) < 0) {
-	perror("gethostname");
-	exit(1);
+        perror("gethostname");
+        exit(1);
     }
 
     if ((host = gethostbyname(my_hostname)) == (struct hostent *)0) {
-	fprintf(stderr, "%s: unknown host\n", hostname);
-	exit(1);
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
     }
     memcpy(&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
 #endif
@@ -204,8 +202,8 @@ main(argc, argv)
 
     /* Bind it to set the address; kernel will fill in port # */
     if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
-	com_err(progname, errno, "while binding datagram socket");
-	exit(1);
+        com_err(progname, errno, "while binding datagram socket");
+        exit(1);
     }
 
     /* PREPARE KRB_AP_REQ MESSAGE */
@@ -215,14 +213,14 @@ main(argc, argv)
 
     /* Get credentials for server */
     if ((retval = krb5_cc_default(context, &ccdef))) {
-	com_err(progname, retval, "while getting default ccache");
-	exit(1);
+        com_err(progname, retval, "while getting default ccache");
+        exit(1);
     }
 
     if ((retval = krb5_mk_req(context, &auth_context, 0, service, full_hname,
-			      &inbuf, ccdef, &packet))) {
-	com_err(progname, retval, "while preparing AP_REQ");
-	exit(1);
+                              &inbuf, ccdef, &packet))) {
+        com_err(progname, retval, "while preparing AP_REQ");
+        exit(1);
     }
     printf("Got credentials for %s.\n", service);
 
@@ -230,13 +228,13 @@ main(argc, argv)
        properly bound for getsockname() below. */
 
     if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
-	com_err(progname, errno, "while connecting to server");
-	exit(1);
+        com_err(progname, errno, "while connecting to server");
+        exit(1);
     }
     /* Send authentication info to server */
     if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
-		  flags)) < 0)
-	com_err(progname, errno, "while sending KRB_AP_REQ message");
+                  flags)) < 0)
+        com_err(progname, errno, "while sending KRB_AP_REQ message");
     printf("Sent authentication data: %d bytes\n", i);
     krb5_free_data_contents(context, &packet);
 
@@ -246,48 +244,48 @@ main(argc, argv)
     memset(&c_sock, 0, sizeof(c_sock));
     len = sizeof(c_sock);
     if (getsockname(sock, (struct sockaddr *)&c_sock, &len) < 0) {
-	com_err(progname, errno, "while getting socket name");
-	exit(1);
+        com_err(progname, errno, "while getting socket name");
+        exit(1);
     }
 
     addr.addrtype = ADDRTYPE_IPPORT;
     addr.length = sizeof(c_sock.sin_port);
     addr.contents = (krb5_octet *)&c_sock.sin_port;
     if ((retval = krb5_auth_con_setports(context, auth_context,
-					 &addr, NULL))) {
-	com_err(progname, retval, "while setting local port\n");
-	exit(1);
+                                         &addr, NULL))) {
+        com_err(progname, retval, "while setting local port\n");
+        exit(1);
     }
 
     addr.addrtype = ADDRTYPE_INET;
     addr.length = sizeof(c_sock.sin_addr);
     addr.contents = (krb5_octet *)&c_sock.sin_addr;
     if ((retval = krb5_auth_con_setaddrs(context, auth_context,
-					 &addr, NULL))) {
-	com_err(progname, retval, "while setting local addr\n");
-	exit(1);
+                                         &addr, NULL))) {
+        com_err(progname, retval, "while setting local addr\n");
+        exit(1);
     }
 
     /* THIS IS UGLY */
     if ((retval = krb5_gen_portaddr(context, &addr,
-				    (krb5_pointer) &c_sock.sin_port,
-				    &portlocal_addr))) {
-	com_err(progname, retval, "while generating port address");
-	exit(1);
+                                    (krb5_pointer) &c_sock.sin_port,
+                                    &portlocal_addr))) {
+        com_err(progname, retval, "while generating port address");
+        exit(1);
     }
 
     if ((retval = krb5_gen_replay_name(context,portlocal_addr,
-				       "_sim_clt",&cp))) {
-	com_err(progname, retval, "while generating replay cache name");
-	exit(1);
+                                       "_sim_clt",&cp))) {
+        com_err(progname, retval, "while generating replay cache name");
+        exit(1);
     }
 
     rcache_name.length = strlen(cp);
     rcache_name.data = cp;
 
     if ((retval = krb5_get_server_rcache(context, &rcache_name, &rcache))) {
-	com_err(progname, retval, "while getting server rcache");
-	exit(1);
+        com_err(progname, retval, "while getting server rcache");
+        exit(1);
     }
 
     /* set auth_context rcache */
@@ -298,14 +296,14 @@ main(argc, argv)
     inbuf.length = strlen(message);
 
     if ((retval = krb5_mk_safe(context, auth_context, &inbuf, &packet, NULL))){
-	com_err(progname, retval, "while making KRB_SAFE message");
-	exit(1);
+        com_err(progname, retval, "while making KRB_SAFE message");
+        exit(1);
     }
 
     /* Send it */
     if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
-		  flags)) < 0)
-	com_err(progname, errno, "while sending SAFE message");
+                  flags)) < 0)
+        com_err(progname, errno, "while sending SAFE message");
     printf("Sent checksummed message: %d bytes\n", i);
     krb5_free_data_contents(context, &packet);
 
@@ -313,22 +311,22 @@ main(argc, argv)
 
     /* Make the encrypted message */
     if ((retval = krb5_mk_priv(context, auth_context, &inbuf,
-			       &packet, NULL))) {
-	com_err(progname, retval, "while making KRB_PRIV message");
-	exit(1);
+                               &packet, NULL))) {
+        com_err(progname, retval, "while making KRB_PRIV message");
+        exit(1);
     }
 
     /* Send it */
     if ((i = send(sock, (char *)packet.data, (unsigned) packet.length,
-		  flags)) < 0)
-	com_err(progname, errno, "while sending PRIV message");
+                  flags)) < 0)
+        com_err(progname, errno, "while sending PRIV message");
     printf("Sent encrypted message: %d bytes\n", i);
     krb5_free_data_contents(context, &packet);
 
     retval = krb5_rc_destroy(context, rcache);
     if (retval) {
-	com_err(progname, retval, "while deleting replay cache");
-	exit(1);
+        com_err(progname, retval, "while deleting replay cache");
+        exit(1);
     }
     krb5_auth_con_setrcache(context, auth_context, NULL);
     krb5_auth_con_free(context, auth_context);
diff --git a/src/appl/simple/server/Makefile.in b/src/appl/simple/server/Makefile.in
index 12b2b04..ef64bed 100644
--- a/src/appl/simple/server/Makefile.in
+++ b/src/appl/simple/server/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=appl/simple/server
 mydir=appl/simple/server
 BUILDTOP=$(REL)..$(S)..$(S)..
 
diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c
index c82c6f3..d06c255 100644
--- a/src/appl/simple/server/sim_server.c
+++ b/src/appl/simple/server/sim_server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/simple/server/sim_server.c
  *
@@ -53,33 +54,30 @@
 #define PROGNAME argv[0]
 
 static void
-usage(name)
-    char *name;
+usage(char *name)
 {
-	fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
+    fprintf(stderr, "usage: %s [-p port] [-s service] [-S keytab]\n", name);
 }
 
 int
-main(argc, argv)
-int argc;
-char *argv[];
+main(int argc, char *argv[])
 {
     int sock, i;
     unsigned int len;
-    int flags = 0;			/* for recvfrom() */
+    int flags = 0;                      /* for recvfrom() */
     int on = 1;
     struct servent *serv;
     struct hostent *host;
-    struct sockaddr_in s_sock;		/* server's address */
-    struct sockaddr_in c_sock;		/* client's address */
+    struct sockaddr_in s_sock;          /* server's address */
+    struct sockaddr_in c_sock;          /* client's address */
     char full_hname[MAXHOSTNAMELEN];
     char *cp;
     extern int opterr, optind;
     extern char * optarg;
-    int	ch;
+    int ch;
 
-    short port = 0;		/* If user specifies port */
-    krb5_keytab keytab = NULL;	/* Allow specification on command line */
+    short port = 0;             /* If user specifies port */
+    krb5_keytab keytab = NULL;  /* Allow specification on command line */
     char *service = SIMPLE_SERVICE;
 
     krb5_error_code retval;
@@ -93,8 +91,8 @@ char *argv[];
 
     retval = krb5_init_context(&context);
     if (retval) {
-	    com_err(argv[0], retval, "while initializing krb5");
-	    exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
 
     /*
@@ -102,33 +100,34 @@ char *argv[];
      *
      */
     opterr = 0;
-    while ((ch = getopt(argc, argv, "p:s:S:")) != -1)
-    switch (ch) {
-    case 'p':
-	port = atoi(optarg);
-	break;
-    case 's':
-	service = optarg;
-	break;
-    case 'S':
-	if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
-	    com_err(PROGNAME, retval,
-		    "while resolving keytab file %s", optarg);
-	    exit(2);
-	}
-	break;
-
-    case '?':
-    default:
-	usage(PROGNAME);
-	exit(1);
-	break;
+    while ((ch = getopt(argc, argv, "p:s:S:")) != -1) {
+        switch (ch) {
+        case 'p':
+            port = atoi(optarg);
+            break;
+        case 's':
+            service = optarg;
+            break;
+        case 'S':
+            if ((retval = krb5_kt_resolve(context, optarg, &keytab))) {
+                com_err(PROGNAME, retval,
+                        "while resolving keytab file %s", optarg);
+                exit(2);
+            }
+            break;
+
+        case '?':
+        default:
+            usage(PROGNAME);
+            exit(1);
+            break;
+        }
     }
 
     if ((retval = krb5_sname_to_principal(context, NULL, service,
-					  KRB5_NT_SRV_HST, &sprinc))) {
-	com_err(PROGNAME, retval, "while generating service name %s", service);
-	exit(1);
+                                          KRB5_NT_SRV_HST, &sprinc))) {
+        com_err(PROGNAME, retval, "while generating service name %s", service);
+        exit(1);
     }
 
     /* Set up server address */
@@ -136,41 +135,41 @@ char *argv[];
     s_sock.sin_family = AF_INET;
 
     if (port == 0) {
-	/* Look up service */
-	if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
-	    fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
-	    exit(1);
-	}
-	s_sock.sin_port = serv->s_port;
+        /* Look up service */
+        if ((serv = getservbyname(SIMPLE_PORT, "udp")) == NULL) {
+            fprintf(stderr, "service unknown: %s/udp\n", SIMPLE_PORT);
+            exit(1);
+        }
+        s_sock.sin_port = serv->s_port;
     } else {
-	s_sock.sin_port = htons(port);
+        s_sock.sin_port = htons(port);
     }
 
     if (gethostname(full_hname, sizeof(full_hname)) < 0) {
-	perror("gethostname");
-	exit(1);
+        perror("gethostname");
+        exit(1);
     }
 
     if ((host = gethostbyname(full_hname)) == (struct hostent *)0) {
-	fprintf(stderr, "%s: host unknown\n", full_hname);
-	exit(1);
+        fprintf(stderr, "%s: host unknown\n", full_hname);
+        exit(1);
     }
     memcpy(&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
 
     /* Open socket */
     if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-	perror("opening datagram socket");
-	exit(1);
+        perror("opening datagram socket");
+        exit(1);
     }
 
-     /* Let the socket be reused right away */
-     (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
-		       sizeof(on));
+    /* Let the socket be reused right away */
+    (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&on,
+                      sizeof(on));
 
     /* Bind the socket */
     if (bind(sock, (struct sockaddr *)&s_sock, sizeof(s_sock))) {
-	perror("binding datagram socket");
-	exit(1);
+        perror("binding datagram socket");
+        exit(1);
     }
 
 #ifdef DEBUG
@@ -182,9 +181,9 @@ char *argv[];
     /* use "recvfrom" so we know client's address */
     len = sizeof(struct sockaddr_in);
     if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
-		 (struct sockaddr *)&c_sock, &len)) < 0) {
-	perror("receiving datagram");
-	exit(1);
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
     }
 
     printf("Received %d bytes\n", i);
@@ -193,14 +192,14 @@ char *argv[];
 
     /* Check authentication info */
     if ((retval = krb5_rd_req(context, &auth_context, &packet,
-			      sprinc, keytab, NULL, &ticket))) {
-	com_err(PROGNAME, retval, "while reading request");
-	exit(1);
+                              sprinc, keytab, NULL, &ticket))) {
+        com_err(PROGNAME, retval, "while reading request");
+        exit(1);
     }
     if ((retval = krb5_unparse_name(context, ticket->enc_part2->client,
-				    &cp))) {
-	com_err(PROGNAME, retval, "while unparsing client name");
-	exit(1);
+                                    &cp))) {
+        com_err(PROGNAME, retval, "while unparsing client name");
+        exit(1);
     }
     printf("Got authentication info from %s\n", cp);
     free(cp);
@@ -210,8 +209,8 @@ char *argv[];
     addr.length = sizeof(c_sock.sin_addr);
     addr.contents = (krb5_octet *)&c_sock.sin_addr;
     if ((retval = krb5_auth_con_setaddrs(context, auth_context,
-					 NULL, &addr))) {
-	com_err(PROGNAME, retval, "while setting foreign addr");
+                                         NULL, &addr))) {
+        com_err(PROGNAME, retval, "while setting foreign addr");
         exit(1);
     }
 
@@ -219,8 +218,8 @@ char *argv[];
     addr.length = sizeof(c_sock.sin_port);
     addr.contents = (krb5_octet *)&c_sock.sin_port;
     if ((retval = krb5_auth_con_setports(context, auth_context,
-					 NULL, &addr))) {
-	com_err(PROGNAME, retval, "while setting foreign port");
+                                         NULL, &addr))) {
+        com_err(PROGNAME, retval, "while setting foreign port");
         exit(1);
     }
 
@@ -229,9 +228,9 @@ char *argv[];
     /* use "recvfrom" so we know client's address */
     len = sizeof(struct sockaddr_in);
     if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
-		 (struct sockaddr *)&c_sock, &len)) < 0) {
-	perror("receiving datagram");
-	exit(1);
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
     }
 #ifdef DEBUG
     printf("&c_sock.sin_addr is %s\n", inet_ntoa(c_sock.sin_addr));
@@ -242,9 +241,9 @@ char *argv[];
     packet.data = (krb5_pointer) pktbuf;
 
     if ((retval = krb5_rd_safe(context, auth_context, &packet,
-			       &message, NULL))) {
-	com_err(PROGNAME, retval, "while verifying SAFE message");
-	exit(1);
+                               &message, NULL))) {
+        com_err(PROGNAME, retval, "while verifying SAFE message");
+        exit(1);
     }
     printf("Safe message is: '%.*s'\n", (int) message.length, message.data);
 
@@ -255,9 +254,9 @@ char *argv[];
     /* use "recvfrom" so we know client's address */
     len = sizeof(struct sockaddr_in);
     if ((i = recvfrom(sock, (char *)pktbuf, sizeof(pktbuf), flags,
-		      (struct sockaddr *)&c_sock, &len)) < 0) {
-	perror("receiving datagram");
-	exit(1);
+                      (struct sockaddr *)&c_sock, &len)) < 0) {
+        perror("receiving datagram");
+        exit(1);
     }
     printf("Received %d bytes\n", i);
 
@@ -265,12 +264,12 @@ char *argv[];
     packet.data = (krb5_pointer) pktbuf;
 
     if ((retval = krb5_rd_priv(context, auth_context, &packet,
-			       &message, NULL))) {
-	com_err(PROGNAME, retval, "while verifying PRIV message");
-	exit(1);
+                               &message, NULL))) {
+        com_err(PROGNAME, retval, "while verifying PRIV message");
+        exit(1);
     }
     printf("Decrypted message is: '%.*s'\n", (int) message.length,
-	   message.data);
+           message.data);
 
     krb5_auth_con_free(context, auth_context);
     krb5_free_context(context);
diff --git a/src/appl/simple/simple.h b/src/appl/simple/simple.h
index bbee794..8d8f176 100644
--- a/src/appl/simple/simple.h
+++ b/src/appl/simple/simple.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/simple/simple.h
  *
@@ -28,5 +29,5 @@
  * server & client applications.
  */
 
-#define SIMPLE_SERVICE	"sample"
-#define SIMPLE_PORT	"sample"
+#define SIMPLE_SERVICE  "sample"
+#define SIMPLE_PORT     "sample"
diff --git a/src/appl/telnet/Config.generic b/src/appl/telnet/Config.generic
deleted file mode 100644
index c6f88a5..0000000
--- a/src/appl/telnet/Config.generic
+++ /dev/null
@@ -1,830 +0,0 @@
-#
-# Copyright (c) 1991 The Regents of the University of California.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms are permitted provided
-# that: (1) source distributions retain this entire copyright notice and
-# comment, and (2) distributions including binaries display the following
-# acknowledgement:  ``This product includes software developed by the
-# University of California, Berkeley and its contributors'' in the
-# documentation or other materials provided with the distribution and in
-# all advertising materials mentioning features or use of this software.
-# Neither the name of the University nor the names of its contributors may
-# be used to endorse or promote products derived from this software without
-# specific prior written permission.
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-#
-#	@(#)Config.generic	5.5 (Berkeley) 3/1/91
-#
-
-# This is the configuration file for building all of
-# telnet/telnetd/libtelnet.  If you want to add your
-# own local configuration for a specific machine that
-# is already listed here, it is best to create a new
-# file called "Config.local", and put the definitions
-# there.  If you are adding definitions for a new system
-# type, you can add them here.  In this case, please send
-# the new definition, and any changes you have to make to
-# the code, back to "dab@cray.com" so that your changes
-# can be put into the next release.
-#
-# Each definition must have the form:
-#
-#	<target>:
-#		make -f Makefile.generic ${WHAT} \
-#			<definitions>
-
-# DEFINES=
-#
-#    Variables to be defined when actually compiling the source.  Defined
-#    as: DEFINES="-D<var> -D<var2> ... -D<varn>"
-#
-#    TELNET/TELNETD CONFIGURATION
-#
-# 	LINEMODE	Turns on support in telnetd for the linemode option.
-#			(Linemode is always on in the client).
-#
-#	KLUDGELINEMODE	Define this to get the kludged up version of linemode
-#			that was in 4.3BSD.  This is a good thing to have
-#			around for talking to older systems.  This has no
-#			effect on telnetd if LINEMODE has not been defined.
-#
-#	DIAGNOSTICS	Turns on diagnostic code in telnetd; adds extra
-#			logic and checks, and debuging output if started
-#			with the -D option.
-#
-#	NO_URGENT	Define this if you don't want telnetd to send
-#			IAC DM in urgent mode when the pty output queue
-#			is flushed.
-#
-#	GENERATE_GA	Turns on code to allow the generation of Go Ahead(GA)
-#			if the server is WONT SGA.  This code is imprecise,
-#			it generates the GA when two seconds have elapsed
-#			and no input or output has occurred.
-#
-#	AUTHENTICATION	Enable the AUTHENTICATION option.
-#
-#	ENCRYPTION	Enable the ENCRYPT option.
-#
-#	KRB4		Enable Kerberos Version 4 Authentication code
-#			in libtelnet/libtelnet.a
-#
-#	KRB5		Enable Kerberos Version 5 Authentication code
-#			in libtelnet/libtelnet.a
-#
-#	SPX		Enable SPX authentication code in.
-#			libtelnet/libtelnet.a
-#
-#	RSA_ENCPWD
-#
-#	KRB4_ENCPWD
-#
-#
-#	DES_ENCRYPTION	Enable DES encryption/decryption, requires
-#			getting a the initial key from Kerberos.  This
-#			works with both Kerberos Version 4 and 5.
-#
-#	ENV_HACK	Turn on code to recognize and allow
-#			interoperability with systems that have their
-#			definitions for ENV_VALUE and ENV_VAR reversed.
-#
-#    LOCAL SYSYTEM PARAMATERS
-#
-#	TERMCAP		Define this if your system is termcap based,
-#			otherwise a terminfo based system is assumed.
-#
-#	SYSV_TERMIO	Use the System V termio structure. (implies USE_TERMIO)
-#
-#	NO_CC_T		Define this if your termio.h file does not have
-#			a typedef for cc_t.
-#
-#	USE_TERMIO	Define this if you have the POSIX termios structures.
-#			This code works under the BSD 4.4 terminal driver.
-#
-#	HAS_GETTOS	Define this if you have the setsockopt() option for
-#			setting the IP Type Of Service bits, (IP_TOS) and
-#			you have the gettosbyname() function.
-#
-#	NEWINIT		Turns on the new init code for UNICOS systems.
-#
-#	STREAMS		This system needs <sys/stream.h> for <sys/tty.h>
-#			(Sun 4.0.3)
-#
-#	FILIO_H		This system should use <sys/fileo.h> instead
-#			of <sys/ioctl.h> (Sun 4.0.3)
-#
-#	HAVE_fd_set	This system has a typedef for fd_set, but does
-#			not have FDSET() defined.
-#
-#	NO_STRING_H	If you don't have <string.h>, but have <strings.h>
-#
-#	LOGIN_PROGRAM=	Specifies the login program to use.  By default,
-#			it is /bin/login, or whatever is specified by 
-#			_PATH_LOGIN in <paths.h>
-#
-#	NO_LOGIN_P	If /bin/login doesn't understand the "-p"
-#			(preserve environment) option.
-#
-#	LOGIN_ARGS	if /bin/login understands environment variables
-#			after the login name.  Only used if NO_LOGIN_P
-#			is defined.
-#
-#	NO_LOGIN_F	If /bin/login doesn't understand the "-f" option.
-#			Only used if AUTHENTICATION is defined.
-#
-#	LOGIN_CAP_F	If /bin/login understands the "-F" option (which
-#			works like "-f", but root logins are allowed).
-#			Only used if NO_LOGIN_F is not defined.
-#
-#	LOGIN_R		This says that /bin/login understands the "-r host"
-#			option.  Only used if NO_LOGIN_F is defined (and
-#			the system supports the TIOCSTI ioctl).
-#
-#	LOGIN_HOST	Only applies if LOGIN_R is defined.  This
-#			specifies the hostname to be passed to "login -r"
-#			for successfully authenticated logins.  This
-#			defaults to "localhost" (don't forget to include
-#			the quotes, e.g. -DLOGIN_HOST=\"localhost\").
-#
-#			It can also be set to host (-DLOGIN_HOST=host)
-#			to have the real hostname passed to "/bin/login -r".
-#			  NOTE: If you do this, then anyone that wants to
-#				allow authenticated login access will have
-#				to add those remote hosts to their .rhosts,
-#				which sort of defeats the whole purpose of
-#				authenticated login... 
-#
-#	NO_BSD_SETJMP	For UNICOS releases prior to 7.0.  Turns off
-#			the inclusion of <bsdsetjmp.h>.
-#
-#	STREAMS		If the system has streams; causes <sys/stream.h>
-#			to be included instead of <sys/tty.h>
-#
-#	MUST_ALIGN	If !KRB & !HAVE_KRB4_DES_LIB and your words
-#			must be word aligned.
-#
-#	STREAMSPTY	Use /dev/ptmx to get a clean pty.  Uses
-#			streams packet mode rather than Berkeley.
-#			Appropriate for SVr4 derivatives.
-#
-#	UTMPX		System has /etc/utmpx as well as /etc/utmp.
-#			Use makeutx and modutx to update utmp/x and wtmp/x.
-#			Appropriate for SVr4 derivatives.
-#
-#	HAS_CGETENT	If your system has the cgetent() and cgetstr()
-#			routines.  This is a 4.4BSD feature, that
-#			eliminates grabbing the getty gettytab.c source.
-#			You need to include getent.o on the LIB_OBJ
-#			line if this is defined.
-#
-#	OLD_ENVIRON	Support for the old environment option.
-
-# LIB_OBJ=
-#    This is a list of object files that are needed but are not in
-#    the standard C library.
-#
-# 	    strcasecmp.o	If you don't have strncasecmp(3)
-#	    strdup.o		If you don't have strdup(3)
-#	    setenv.o		If you don't have setenv(3) and unsetenv(3)
-#	    setsid.o		If you don't have the POSIX setsid() call
-#	    strerror.o		If you don't have strerror(3)
-#	    strftime.o		If you don't have strftime(3)
-#	    getopt.o		If you don't have getopt(3)
-#	    herror.o		If you don't have herror(3)
-#	    gettytab.o		If you can get gettytab.c from getty source.
-#	    getent.o		If you can't get gettytab.c (or have
-#				HAS_CGETENT defined...)
-#	    mem.o		If you don't have mem*(3) routines.
-
-# LIB_SRC=
-#    This is a list of source modules for specificed in LIB_OBJ.
-#    This information is used by make for checking dependencies.
-
-
-# LIBS=
-#    This is a list of libraries to be included.  This will always
-#    include the telnet library, and will also include either -lcurses
-#    or -ltermcap, -lutil for 4.4bsd, and -lnet for UNICOS5.0 and earlier.
-#    Also -lkrb & -ldes if Kerberos.
-
-# LIBPATH=
-#    This is a list of the paths to all the libraries listed in LIBS.
-#    This information is used by make for checking dependencies.
-#    Don't forget libc.a
-
-# VPATH=
-#    Directory where gettytab.c can be found, if you have it.
-
-# LIBEXEC=
-#    Directory where the telnetd executable should be installed.
-
-# LCCFLAGS=
-#    Local flags for ${CC} (like -O)
-
-# AR=
-#    Name of "ar" program, usually just "ar".
-
-# ARFLAGS
-#    Flags to pass to ${AR}
-
-# RANLIB
-#    Name of "ranlib" program, set it to "NONE" if you don't
-#    have a "ranlib".
-
-all:
-	@echo "You must specify what type of system you are on,"
-	@echo "or setup a Config.local file for your system."
-	@echo "Known system types are:"
-	@echo
-	@echo " 4.4bsd 4.3reno 4.4bsd.auth 4.3reno.auth 4.3tahoe 4.3bsd"
-	@echo " bsdi1.0 bsdi1.0.auth"
-	@echo " unicos8.1 unicos8.0 unicos7.C unicos7.0"
-	@echo " unicos8.1.auth unicos8.0.auth unicos7.0.auth"
-	@echo " unicos7.C.auth unicos7.0.des.auth"
-	@echo " unicos6.1 unicos6.0 unicos5.1 unicos5.0"
-	@echo " sun3.5 sun4.0.3c sun4.0 sun4.1 sun4.1.auth"
-	@echo " solaris2.2 solaris2.2.auth"
-	@echo " dynix3.0.12 dynix3.0.17"
-	@echo " ultrix3.1 ultrix4.0 ultrix4.1 ultrix4.3 ultrix4.3.auth"
-	@echo " irix4.0.1"
-	@echo " hpux8.0"
-	@echo " next1.0"
-	@echo " convex"
-
-4.4bsd:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lutil -ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/usr/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-DLINEMODE -DTERMCAP -DKLUDGELINEMODE \
-		    -DDEFAULT_IM='\"\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r\"' \
-			-DUSE_TERMIO -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON \
-			-DHAS_CGETENT" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o" \
-		LIB_SRC="getent.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/libexec \
-		CC="${CC}" LCCFLAGS="-O"
-
-4.3reno:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lutil -ltermcap ../libtelnet/libtelnet.a ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-DLINEMODE -DTERMCAP -DKLUDGELINEMODE \
-	-DDEFAULT_IM='\"\r\n4.3BSD-Reno UNIX (%h) (%t)\r\n\r\r\n\r\"' \
-			-DUSE_TERMIO -DDIAGNOSTICS -DENV_HACK \
-			-DOLD_ENVIRON ${AUTH_DEF}" \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="gettytab.o" \
-		LIB_SRC="gettytab.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		VPATH=/usr/src/libexec/getty \
-		LIBEXEC=${DESTDIR}/usr/libexec \
-		CC="${CC}" LCCFLAGS="-O"
-
-
-4.4bsd.auth 4.3reno.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb -ldes" \
-		AUTH_LIBPATH="/usr/lib/libkrb.a /usr/lib/libdes.a" \
-		AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION"
-
-4.3tahoe:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-		 -DDEFAULT_IM='\"\r\n4.3BSD-Tahoe UNIX (%h) (%t)\r\n\r\r\n\r\"'\
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="strdup.o setsid.o strftime.o gettytab.o" \
-		LIB_SRC="strdup.c setsid.c strftime.c gettytab.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		VPATH=/usr/src/etc/getty \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-4.3bsd:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-		    -DDEFAULT_IM='\"\r\n4.3BSD UNIX (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="strdup.o setsid.o strftime.o \
-			gettytab.o getopt.o herror.o" \
-		LIB_SRC="strdup.c setsid.c strftime.c \
-			gettytab.c getopt.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		VPATH=/usr/src/etc/getty \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-bsdi1.0:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lutil -ltermcap ../libtelnet/libtelnet.a ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-			../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-DLINEMODE -DTERMCAP -DKLUDGELINEMODE \
-	-DDEFAULT_IM='\"\r\nBSDI BSD/386 1.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DUSE_TERMIO -DDIAGNOSTICS -DENV_HACK \
-			-DOLD_ENVIRON ${AUTH_DEF}" \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="gettytab.o" \
-		LIB_SRC="gettytab.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		VPATH=/usr/src/libexec/getty \
-		LIBEXEC=${DESTDIR}/usr/libexec \
-		CC="${CC}" LCCFLAGS="-O"
-
-bsdi1.0.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb -ldes" \
-		AUTH_LIBPATH="/usr/lib/libkrb.a /usr/lib/libdes.a" \
-		AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION"
-		AUTH_INC=-I/usr/include/kerberosIV
-
-unicos8.1:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DLINEMODE -DKLUDGELINEMODE \
-			-DSYSV_TERMIO -DHAS_GETTOS ${AUTH_DEF} \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 8.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="getent.o" \
-		LIB_SRC="getent.c" \
-
-unicos8.0:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DLINEMODE -DKLUDGELINEMODE \
-			-DSYSV_TERMIO -DHAS_GETTOS ${AUTH_DEF} \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 8.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="getent.o" \
-		LIB_SRC="getent.c" \
-		CC="${CC}" LCCFLAGS="-O"
-
-unicos7.C:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}"\
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DLINEMODE -DKLUDGELINEMODE \
-			-DSYSV_TERMIO -DHAS_GETTOS ${AUTH_DEF} \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 7.C (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="getent.o" \
-		LIB_SRC="getent.c" \
-		CC="${CC}" LCCFLAGS="-O"
-
-
-unicos7.0:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet -lkrb" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a /usr/lib/libkrb.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DLINEMODE -DKLUDGELINEMODE \
-			-DSYSV_TERMIO -DHAS_GETTOS \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 7.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o" \
-		LIB_SRC="getent.c" \
-		CC="${CC}" LCCFLAGS="-O"
-
-# As of UNICOS 7.0.5.2, there is no longer a /usr/lib/libdes.a
-# If you still have a /usr/lib/libdes.a, use the "unicos7.0.des.auth"
-# target instead of "unicos7.0.auth".
-
-unicos8.1.auth unicos8.0.auth unicos7.0.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB=-lkrb AUTH_LIBPATH=/usr/lib/libkrb.a \
-		AUTH_INC=-I/usr/include/krb \
-		AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION"
-
-unicos7.C.auth unicos7.0.des.auth:
-	make -f ../Config.generic `basename $@ .des.auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb -ldes" \
-		AUTH_LIBPATH="/usr/lib/libkrb.a /usr/lib/libdes.a" \
-		AUTH_INC=-I/usr/include/krb \
-		AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION"
-
-unicos6.1:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DKLUDGELINEMODE -DUSE_TERMIO -DHAS_GETTOS \
-			-DLINEMODE -DSYSV_TERMIO -DNEWINIT \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_BSD_SETJMP \
-			-DLOGIN_ARGS \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 6.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o parsetos.o" \
-		LIB_SRC="getent.c parsetos.c" \
-		CC="${CC}" LCCFLAGS="-O"
-
-unicos6.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lcurses -L../libtelnet -ltelnet" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=bsdsignal \
-			-DKLUDGELINEMODE -DUSE_TERMIO -DHAS_GETTOS \
-			-DLINEMODE -DSYSV_TERMIO -DNEWINIT \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_BSD_SETJMP \
-			-DLOGIN_ARGS \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 6.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o parsetos.o" \
-		LIB_SRC="getent.c parsetos.c" \
-		CC="${CC}" LCCFLAGS="-O"
-
-unicos5.1:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lnet -lcurses -L../libtelnet -ltelnet" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=sigset \
-			-DKLUDGELINEMODE -DSYSV_TERMIO -DNO_CC_T \
-			-DUNICOS5 -DLINEMODE -DSYSV_TERMIO \
-			-DNEWINIT -DNO_LOGIN_F -DNO_LOGIN_P -DNO_BSD_SETJMP \
-			-DLOGIN_ARGS \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 5.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strerror.o setsid.o strftime.o" \
-		LIB_SRC="getent.c strerror.c setsid.c strftime.c" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-unicos5.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-lnet -lcurses -L../libtelnet -ltelnet" \
-		LIBPATH="/lib/libc.a /usr/lib/libcurses.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-Dvfork=fork -Dsignal=sigset \
-			-DKLUDGELINEMODE -DSYSV_TERMIO -DNO_CC_T \
-			-DUNICOS5 -DUNICOS50 -DLINEMODE -DSYSV_TERMIO \
-			-DNEWINIT -DNO_LOGIN_F -DNO_LOGIN_P -DNO_BSD_SETJMP \
-			-DLOGIN_ARGS \
-		  -DDEFAULT_IM='\"\r\nCray UNICOS 5.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strerror.o setsid.o strftime.o" \
-		LIB_SRC="getent.c strerror.c setsid.c strftime.c" \
-		AR=bld ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-sun3.5:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-			-DHAVE_fd_set \
-			-DDIAGNOSTICS  -DENV_HACK -DOLD_ENVIRON \
-		   -DDEFAULT_IM='\"\r\nSunOS UNIX 3.5 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DNO_LOGIN_P" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strdup.o strerror.o setsid.o \
-			setenv.o strftime.o strcasecmp.o herror.o" \
-		LIB_SRC="getent.c strdup.c strerror.c setsid.c \
-			setenv.c strftime.c strcasecmp.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc/in.telnetd \
-		CC="${CC}" LCCFLAGS="-O"
-
-sun4.0.3c sun4.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DFILIO_H -DTERMCAP -DUSE_TERMIO -DNO_CC_T \
-			-DKLUDGELINEMODE \
-		   -DDEFAULT_IM='\"\r\nSunOS UNIX 4.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DSTREAMS -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON \
-			" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strerror.o setsid.o setenv.o \
-				strcasecmp.o strftime.o herror.o" \
-		LIB_SRC="getent.c strerror.c setsid.c setenv.c \
-				strcasecmp.c strftime.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc/in.telnetd \
-		CC="${CC}" LCCFLAGS="-O"
-
-sun4.1:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-			../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DFILIO_H -DTERMCAP -DUSE_TERMIO \
-			-DKLUDGELINEMODE -DSTREAMS \
-		   -DDEFAULT_IM='\"\r\nSunOS UNIX 4.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON ${AUTH_DEF}" \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="getent.o strerror.o setenv.o herror.o" \
-		LIB_SRC="getent.c strerror.c setenv.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc/in.telnetd \
-		CC="${CC}" LCCFLAGS="-O"
-
-sun4.1.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb -ldes" \
-		AUTH_LIBPATH="/usr/lib/libkrb.a /usr/lib/libdes.a" \
-		AUTH_DEF="-DAUTHENTICATION -DENCRYPTION -DKRB4 -DDES_ENCRYPTION"
-
-sol2.2 solaris2.2:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermlib ../libtelnet/libtelnet.a" \
-		LIBPATH="/usr/ccs/lib/libtermlib.a ../libtelnet/libtelnet.a \
-			/usr/lib/libc.a /usr/ucblib/libucb.a \
-			/usr/lib/libsocket.a /usr/lib/libnsl.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES="-DFILIO_H -DUSE_TERMIO -DKLUDGELINEMODE \
-			-DSTREAMS -DSTREAMSPTY -DDIAGNOSTICS -DSOLARIS \
-			-DENV_HACK -DOLD_ENVIRON -DNO_LOGIN_P -DUTMPX \
-	-DDEFAULT_IM='\"\r\n\r\nUNIX(r) System V Release 4.0 (%h)\r\n\r\n\"' \
-			-DLOGIN_ARGS" \
-		INCLUDES="-I.. -I/usr/ucbinclude" \
-		LIB_OBJ="getent.o strerror.o setenv.o herror.o" \
-		LIB_SRC="getent.c strerror.c setenv.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/usr/etc/in.telnetd \
-		CC="${CC}" LCCFLAGS="-O"
-
-sol2.2.auth solaris2.2.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb" AUTH_LIBPATH="/usr/lib/libkrb.a" \
-		AUTH_INC=-I/usr/include/kerberos \
-		AUTH_DEF="-DAUTHENTICATION -DKRB4"
-
-dynix3.0.12:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-		 -DDEFAULT_IM='\"\r\nDYNIX(R) V3.0.12 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON -DNO_STRING_H " \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strchr.o strrchr.o strdup.o strerror.o \
-			setsid.o setenv.o strcasecmp.o strftime.o getopt.o \
-			mem.o" \
-		LIB_SRC="getent.c strchr.c strrchr.c strdup.c strerror.c \
-			setsid.c setenv.c strcasecmp.c strftime.c getopt.c \
-			mem.o" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-dynix3.0.17:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a -lseq" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-			../libtelnet/libtelnet.a /usr/lib/libseq.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON -DNO_STRING_H \
-		 -DDEFAULT_IM='\"\r\nDYNIX(R) V3.0.17 (%h) (%t)\r\n\r\r\n\r\"' \
-			" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strchr.o strrchr.o strdup.o strerror.o \
-			setsid.o strftime.o mem.o" \
-		LIB_SRC="getent.c strchr.c strrchr.c strdup.c strerror.c \
-			setsid.c strftime.c mem.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-ultrix3.1:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DTERMCAP -DKLUDGELINEMODE \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_LOGIN_H \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON -DUSE_TERMIO \
-		    -DDEFAULT_IM='\"\r\nULTRIX V3.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-YPOSIX" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strdup.o strerror.o setenv.o \
-			strftime.o herror.o" \
-		LIB_SRC="getent.c strdup.c strerror.c setenv.c \
-			strftime.c herror.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-ultrix4.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DUSE_TERMIO -DTERMCAP \
-		    -DDEFAULT_IM='\"\r\nULTRIX V4.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DKLUDGELINEMODE -DDIAGNOSTICS \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_LOGIN_H \
-			-DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strdup.o strerror.o setsid.o \
-			setenv.o strftime.o" \
-		LIB_SRC="getent.c strdup.c strerror.c setsid.c \
-			setenv.c strftime.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-ultrix4.1:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DUSE_TERMIO -DTERMCAP \
-		    -DDEFAULT_IM='\"\r\nULTRIX V4.1 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DKLUDGELINEMODE -DDIAGNOSTICS \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_LOGIN_H \
-			-DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o strdup.o" \
-		LIB_SRC="getent.c strdup.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-ultrix4.3:
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-DUSE_TERMIO -DTERMCAP \
-		    -DDEFAULT_IM='\"\r\nULTRIX V4.3 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DKLUDGELINEMODE -DDIAGNOSTICS \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_LOGIN_H \
-			-DENV_HACK -DOLD_ENVIRON ${AUTH_DEF}" \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="getent.o strdup.o" \
-		LIB_SRC="getent.c strdup.c" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc \
-		CC="${CC}" LCCFLAGS="-g"
-
-ultrix4.3.auth:
-	make -f ../Config.generic `basename $@ .auth` WHAT=${WHAT} \
-		AUTH_LIB="-lkrb -ldes" \
-		AUTH_LIBPATH="/usr/lib/libkrb.a /usr/lib/libdes.a" \
-		AUTH_DEF="-DAUTHENTICATION -DKRB4"
-
-irix4.0.1:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermlib ../libtelnet/libtelnet.a" \
-		LIBPATH="/usr/lib/libc.a /usr/lib/libtermlib.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-Dvfork=fork -DUSE_TERMIO \
-		    -DDEFAULT_IM='\"\r\n\r\nIRIX System V.3 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DNO_LOGIN_F -DNO_LOGIN_P \
-			-DDIAGNOSTICS " \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o setenv.o" \
-		LIB_SRC="getent.c setenv.c" \
-		AR=ar ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-hpux8.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="/lib/libc.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a" \
-		DEST=${DESTDIR}/usr/bin \
-		DEFINES=${ODEFS}"-Dvfork=fork -DUSE_TERMIO \
-		    -DDEFAULT_IM='\"\r\n\r\nHP-UX 8.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DNO_LOGIN_F -DNO_LOGIN_P -DNO_LOGIN_H \
-			-DDIAGNOSTICS -DLOGIN_ARGS" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o setenv.o" \
-		LIB_SRC="getent.c setenv.c" \
-		AR=ar ARFLAGS=cq RANLIB=NONE \
-		LIBEXEC=${DESTDIR}/etc \
-		CC="${CC}" LCCFLAGS="-O"
-
-next1.0:
-	@echo $@ is untested... it may or may not work..."
-	make -f Makefile.generic ${WHAT} \
-		LIBS="../libtelnet/libtelnet.a -ltermcap -lsys_s ${AUTH_LIB}" \
-		LIBPATH="/lib/libc.a /lib/libsys_s.a /usr/lib/libtermcap.a \
-				../libtelnet/libtelnet.a ${AUTH_LIBPATH}" \
-		DEST=${DESTDIR}/usr/ucb \
-		DEFINES=${ODEFS}"-bsd -DTERMCAP -DKLUDGELINEMODE \
-			-DDEFAULT_IM='\"\r\nNeXT 1.0 (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON \
-			-DNO_STRING_H -Dgetenv=getenv_ ${AUTH_DEF}" \
-		INCLUDES="-I.. ${AUTH_INC}" \
-		LIB_OBJ="strdup.o setenv.o setsid.o strftime.o \
-			strcasecmp.o gettytab.o" \
-		LIB_SRC=s"trdup.c setenv.c setsid.c strftime.c \
-			strcasecmp.c gettytab.c" \
-		CC="${CC}" LCCFLAGS="-O" \
-		VPATH=../../getty \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc
-
-#
-# For the convex, make symbolic links to the tc[sg]getattr.c routines,
-# because we are using posix stuff, but not the posix library...
-# Pass the stuff to Makefile.generic by passing the object/source names
-# in through LIB_OBJ and LIB_SRC
-#
-convex:
-	@echo $@ is untested... it may or may not work..."
-	ln -s ../../rel_usr/src/lib/libc/posix/tcsetattr.c tcsetattr.c
-	ln -s ../../rel_usr/src/lib/libc/posix/tcgetattr.c tcgetattr.c
-	make -f Makefile.generic ${WHAT} \
-		LIBS="-ltermcap ../libtelnet/libtelnet.a" \
-		LIBPATH="../libtelnet/libtelnet.a" \
-		AR=ar ARFLAGS=cq RANLIB=ranlib \
-		LIBEXEC=${DESTDIR}/usr/etc/in.telnetd \
-		CC="${CC}" LCCFLAGS="-g ${OPTLEV} -Dconvex" \
-		DEFINES=${ODEFS}"-DUSE_TERMIO -DLINEMODE \
-			-DDEFAULT_IM='\"\r\nConvex (%h) (%t)\r\n\r\r\n\r\"' \
-			-DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON" \
-		INCLUDES="-I.." \
-		LIB_OBJ="getent.o setsid.o strftime.o \
-			tcsetattr.o tcgetattr.o" \
-		LIB_SRC="getent.c setsid.c strftime.c \
-			tcsetattr.c tcgetattr.c"
-
-clean cleandir:
-	make -f Makefile.generic $@
diff --git a/src/appl/telnet/Makefile.in b/src/appl/telnet/Makefile.in
deleted file mode 100644
index 716b458..0000000
--- a/src/appl/telnet/Makefile.in
+++ /dev/null
@@ -1,5 +0,0 @@
-thisconfigdir=.
-myfulldir=appl/telnet
-mydir=.
-BUILDTOP=$(REL)..$(S)..
-SUBDIRS=libtelnet telnet telnetd
diff --git a/src/appl/telnet/README b/src/appl/telnet/README
deleted file mode 100644
index 29d51a3..0000000
--- a/src/appl/telnet/README
+++ /dev/null
@@ -1,679 +0,0 @@
-
-This is a distribution of both client and server telnet.  These programs
-have been compiled on:
-			telnet	telnetd
-	BSD 4.4		  x	  x
-	BSD 4.3 Reno	  X	  X
-	UNICOS 8.0	  X	  X
-	UNICOS 7.C	  X	  X
-	UNICOS 7.0	  X	  X
-	UNICOS 6.1	  X	  X
-	BSDI 1.0	  X	  X
-	Solaris 2.2       x       x (no linemode in server)
-	Solaris 2.3       x       x (no linemode in server)
-	SunOs 4.1.3	  X	  X (no linemode in server)
-	Ultrix 4.3	  X	  X (no linemode in server)
-	DYNIX V3.0.17.9	  X	  X (no linemode in server)
-	HP-UX 8.0	  x       x (no linemode in server)
-
-In addition, previous versions have been compiled on the following
-machines, but were not available for testing this version.
-			telnet	telnetd
-	Next1.0		  X	  X
-	UNICOS 6.0	  X	  X
-	UNICOS 5.1	  X	  X
-	UNICOS 5.0	  X	  X
-	SunOs 4.0.3c	  X	  X (no linemode in server)
-	BSD 4.3		  X  	  X (no linemode in server)
-	DYNIX V3.0.12	  X	  X (no linemode in server)
-	Ultrix 3.1	  X	  X (no linemode in server)
-	Ultrix 4.0	  X	  X (no linemode in server)
-	SunOs 3.5	  X	  X (no linemode in server)
-
-This code should work, but there are no guarantees.
-
-January 19, 1994
-
-This is a list of some of the changes since the last tar release
-of telnet/telnetd.  There are probably other changes that aren't
-listed here, but this should hit a lot of the main ones.
-
-   General:
-	Changed #define for AUTHENTICATE to AUTHENTICATION
-	Changed #define for ENCRYPT to ENCRYPTION
-	Changed #define for DES_ENCRYPT to DES_ENCRYPTION
-
-	Added support for SPX authentication: -DSPX
-
-	Added support for Kerberos Version 5 authentication: -DKRB5
-
-	Added support for ANSI C function prototypes
-
-	Added support for the NEW-ENVIRON option (RFC-1572)
-	including support for USERVAR.
-
-	Made support for the old Environment Option (RFC-1408)
-	conditional on -DOLD_ENVIRON
-
-	Added #define ENV_HACK - support for RFC 1571
-
-	The encryption code is removed from the public distributions.
-	Domestic 4.4 BSD distributions contain the encryption code.
-
-	ENV_HACK: Code to deal with systems that only implement
-		the old ENVIRON option, and have reversed definitions
-		of ENV_VAR and ENV_VAL.  Also fixes ENV processing in
-		client to handle things besides just the default set...
-
-	NO_BSD_SETJMP: UNICOS configuration for
-		UNICOS 6.1/6.0/5.1/5.0 systems.
-
-	STREAMSPTY: Use /dev/ptmx to get a clean pty.  This
-		is for SVr4 derivatives (Like Solaris)
-
-	UTMPX: For systems that have /etc/utmpx. This is for
-		SVr4 derivatives (Like Solaris)
-
-	Definitions for BSDI 1.0
-
-	Definitions for 4.3 Reno and 4.4 BSD.
-
-	Definitions for UNICOS 8.0 and UNICOS 7.C
-
-	Definitions for Solaris 2.0
-
-	Definitions for HP-UX 8.0
-
-	Latest Copyright notices from Berkeley.
-
-	FLOW-CONTROL: support for RFC-XXXx
-
-
-   Client Specific:
-
-	Fix the "send" command to not send garbage...
-
-	Fix status message for "skiprc"
-
-	Make sure to send NAWS after telnet has been suspended
-	or an external command has been run, if the window size
-	has changed.
-
-	sysV88 support.
-
-   Server Specific:
-
-	Support flowcontrol option in non-linemode servers.
-
-	-k Server supports Kludge Linemode, but will default to
-	   either single character mode or real Linemode support.
-	   The user will have to explicitly ask to switch into
-	   kludge linemode. ("stty extproc", or escape back to
-	   to telnet and say "mode line".)
-
-	-u Specify the length of the hostname field in the utmp
-	   file.  Hostname longer than this length will be put
-	   into the utmp file in dotted decimal notation, rather
-	   than putting in a truncated hostname.
-	
-	-U Registered hosts only.  If a reverse hostname lookup
-	   fails, the connection will be refused.
-
-	-f/-F
-	   Allows forwarding of credentials for KRB5.
-
-Februrary 22, 1991:
-
-    Features:
-
-	This version of telnet/telnetd has support for both
-	the AUTHENTICATION and ENCRYPTION options.  The
-	AUTHENTICATION option is fairly well defined, and
-	an option number has been assigned to it.  The
-	ENCRYPTION option is still in a state of flux; an
-	option number has been assigned to, but it is still
-	subject to change.  The code is provided in this release
-	for experimental and testing purposes.
-
-	The telnet "send" command can now be used to send
-	do/dont/will/wont commands, with any telnet option
-	name.  The rules for when do/dont/will/wont are sent
-	are still followed, so just because the user requests
-	that one of these be sent doesn't mean that it will
-	be sent...
-
-	The telnet "getstatus" command no longer requires
-	that option printing be enabled to see the response
-	to the "DO STATUS" command.
-
-	A -n flag has been added to telnetd to disable
-	keepalives.
-
-	A new telnet command, "auth" has been added (if
-	AUTHENTICATE is defined).  It has four sub-commands,
-	"status", "disable", "enable" and "help".
-
-	A new telnet command, "encrypt" has been added (if
-	ENCRYPT is defined).  It has many sub-commands:
-	"enable", "type", "start", "stop", "input",
-	"-input", "output", "-output", "status", and "help".
-
-	The LOGOUT option is now supported by both telnet
-	and telnetd, a new command, "logout", was added
-	to support this.
-
-	Several new toggle options were added:
-	    "autoencrypt", "autodecrypt", "autologin", "authdebug",
-	    "encdebug", "skiprc", "verbose_encrypt"
-
-	An "rlogin" interface has been added.  If the program
-	is named "rlogin", or the "-r" flag is given, then
-	an rlogin type of interface will be used.
-		~.	Terminates the session
-		~<susp> Suspend the session
-		~^]	Escape to telnet command mode
-		~~	Pass through the ~.
-	    BUG: If you type the rlogin escape character
-		 in the middle of a line while in rlogin
-		 mode, you cannot erase it or any characters
-		 before it.  Hopefully this can be fixed
-		 in a future release...
-
-    General changes:
-
-	A "libtelnet.a" has now been created.  This libraray
-	contains code that is common to both telnet and
-	telnetd.  This is also where library routines that
-	are needed, but are not in the standard C library,
-	are placed.
-
-	The makefiles have been re-done.  All of the site
-	specific configuration information has now been put
-	into a single "Config.generic" file, in the top level
-	directory.  Changing this one file will take care of
-	all three subdirectories.  Also, to add a new/local
-	definition, a "Config.local" file may be created
-	at the top level; if that file exists, the subdirectories
-	will use that file instead of "Config.generic".
-
-	Many 1-2 line functions in commands.c have been
-	removed, and just inserted in-line, or replaced
-	with a macro.
-
-    Bug Fixes:
-
-	The non-termio code in both telnet and telnetd was
-	setting/clearing CTLECH in the sg_flags word.  This
-	was incorrect, and has been changed to set/clear the
-	LCTLECH bit in the local mode word.
-
-	The SRCRT #define has been removed.  If IP_OPTIONS
-	and IPPROTO_IP are defined on the system, then the
-	source route code is automatically enabled.
-
-	The NO_GETTYTAB #define has been removed; there
-	is a compatability routine that can be built into
-	libtelnet to achive the same results.
-
-	The server, telnetd, has been switched to use getopt()
-	for parsing the argument list.
-
-	The code for getting the input/output speeds via
-	cfgetispeed()/cfgetospeed() was still not quite
-	right in telnet.  Posix says if the ispeed is 0,
-	then it is really equal to the ospeed.
-
-	The suboption processing code in telnet now has
-	explicit checks to make sure that we received
-	the entire suboption (telnetd was already doing this).
-
-	The telnet code for processing the terminal type
-	could cause a core dump if an existing connection
-	was closed, and a new connection opened without
-	exiting telnet.
-
-	Telnetd was doing a TCSADRAIN when setting the new
-	terminal settings;  This is not good, because it means
-	that the tcsetattr() will hang waiting for output to
-	drain, and telnetd is the only one that will drain
-	the output...  The fix is to use TCSANOW which does
-	not wait.
-
-	Telnetd was improperly setting/clearing the ISTRIP
-	flag in the c_lflag field, it should be using the
-	c_iflag field. 
-
-	When the child process of telnetd was opening the
-	slave side of the pty, it was re-setting the EXTPROC
-	bit too early, and some of the other initialization
-	code was wiping it out.  This would cause telnetd
-	to go out of linemode and into single character mode.
-
-	One instance of leaving linemode in telnetd forgot
-	to send a WILL ECHO to the client, the net result
-	would be that the user would see double character
-	echo.
-
-	If the MODE was being changed several times very
-	quickly, telnetd could get out of sync with the
-	state changes and the returning acks; and wind up
-	being left in the wrong state.
-
-September 14, 1990:
-
-	Switch the client to use getopt() for parsing the
-	argument list.  The 4.3Reno getopt.c is included for
-	systems that don't have getopt().
-
-	Use the posix _POSIX_VDISABLE value for what value
-	to use when disabling special characters.  If this
-	is undefined, it defaults to 0x3ff.
-
-	For non-termio systems, TIOCSETP was being used to
-	change the state of the terminal.  This causes the
-	input queue to be flushed, which we don't want.  This
-	is now changed to TIOCSETN.
-
-	Take out the "#ifdef notdef" around the code in the
-	server that generates a "sync" when the pty oputput
-	is flushed.  The potential problem is that some older
-	telnet clients may go into an infinate loop when they
-	receive a "sync", if so, the server can be compiled
-	with "NO_URGENT" defined.
-
-	Fix the client where it was setting/clearing the OPOST
-	bit in the c_lflag field, not the c_oflag field.
-
-	Fix the client where it was setting/clearing the ISTRIP
-	bit in the c_lflag field, not the c_iflag field.  (On
-	4.3Reno, this is the ECHOPRT bit in the c_lflag field.)
-	The client also had its interpretation of WILL BINARY
-	and DO BINARY reversed.
-
-	Fix a bug in client that would cause a core dump when
-	attempting to remove the last environment variable.
-
-	In the client, there were a few places were switch()
-	was being passed a character, and if it was a negative
-	value, it could get sign extended, and not match
-	the 8 bit case statements.  The fix is to and the
-	switch value with 0xff.
-
-	Add a couple more printoption() calls in the client, I
-	don't think there are any more places were a telnet
-	command can be received and not printed out when
-	"options" is on.
-
-	A new flag has been added to the client, "-a".  Currently,
-	this just causes the USER name to be sent across, in
-	the future this may be used to signify that automatic
-	authentication is requested.
-
-	The USER variable is now only sent by the client if
-	the "-a" or "-l user" options are explicity used, or
-	if the user explicitly asks for the "USER" environment
-	variable to be exported.  In the server, if it receives
-	the "USER" environment variable, it won't print out the
-	banner message, so that only "Password:" will be printed.
-	This makes the symantics more like rlogin, and should be
-	more familiar to the user.  (People are not used to
-	getting a banner message, and then getting just a
-	"Password:" prompt.)
-
-	Re-vamp the code for starting up the child login
-	process.  The code was getting ugly, and it was
-	hard to tell what was really going on.  What we
-	do now is after the fork(), in the child:
-		1) make sure we have no controlling tty
-		2) open and initialize the tty
-		3) do a setsid()/setpgrp()
-		4) makes the tty our controlling tty.
-	On some systems, #2 makes the tty our controlling
-	tty, and #4 is a no-op.  The parent process does
-	a gets rid of any controlling tty after the child
-	is fork()ed.
-
-	Use the strdup() library routine in telnet, instead
-	of the local savestr() routine.  If you don't have
-	strdup(), you need to define NO_STRDUP.
-
-	Add support for ^T (SIGINFO/VSTATUS), found in the
-	4.3Reno distribution.  This maps to the AYT character.
-	You need a 4-line bugfix in the kernel to get this
-	to work properly:
-
-	> *** tty_pty.c.ORG	Tue Sep 11 09:41:53 1990
-	> --- tty_pty.c	Tue Sep 11 17:48:03 1990
-	> ***************
-	> *** 609,613 ****
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data);
-	> 			return(0);
-	> 		}
-	> --- 609,616 ----
-	> 			if ((tp->t_lflag&NOFLSH) == 0)
-	> 				ttyflush(tp, FREAD|FWRITE);
-	> ! 			pgsignal(tp->t_pgrp, *(unsigned int *)data, 1);
-	> ! 			if ((*(unsigned int *)data == SIGINFO) &&
-	> ! 			    ((tp->t_lflag&NOKERNINFO) == 0))
-	> ! 				ttyinfo(tp);
-	> 			return(0);
-	> 		}
-
-	The client is now smarter when setting the telnet escape
-	character; it only sets it to one of VEOL and VEOL2 if
-	one of them is undefined, and the other one is not already
-	defined to the telnet escape character.
-
-	Handle TERMIOS systems that have seperate input and output
-	line speed settings imbedded in the flags.
-
-	Many other minor bug fixes.
-
-June 20, 1990:
-	Re-organize makefiles and source tree.  The telnet/Source
-	directory is now gone, and all the source that was in
-	telnet/Source is now just in the telnet directory.
-
-	Seperate makefile for each system are now gone.  There
-	are two makefiles, Makefile and Makefile.generic.
-	The "Makefile" has the definitions for the various
-	system, and "Makefile.generic" does all the work.
-	There is a variable called "WHAT" that is used to
-	specify what to make.  For example, in the telnet
-	directory, you might say:
-		make 4.4bsd WHAT=clean
-	to clean out the directory.
-
-	Add support for the ENVIRON and XDISPLOC options.
-	In order for the server to work, login has to have
-	the "-p" option to preserve environment variables.
-
-	Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support.
-
-	Add the "-l user" option to command line and open command
-	(This is passed through the ENVIRON option).
-
-	Add the "-e" command line option, for setting the escape
-	character.
-
-	Add the "-D", diagnostic, option to the server.  This allows
-	the server to print out debug information, which is very
-	useful when trying to debug a telnet that doesn't have any
-	debugging ability.
-
-	Turn off the literal next character when not in LINEMODE.
-
-	Don't recognize ^Y locally, just pass it through.
-
-	Make minor modifications for Sun4.0 and Sun4.1
-
-	Add support for both FORW1 and FORW2 characters.  The
-	telnet escpape character is set to whichever of the
-	two is not being used.  If both are in use, the escape
-	character is not set, so when in linemode the user will
-	have to follow the escape character with a <CR> or <EOF)
-	to get it passed through.
-
-	Commands can now be put in single and double quotes, and
-	a backslash is now an escape character.  This is needed
-	for allowing arbitrary strings to be assigned to environment
-	variables.
-
-	Switch telnetd to use macros like telnet for keeping
-	track of the state of all the options.
-
-	Fix telnetd's processing of options so that we always do
-	the right processing of the LINEMODE option, regardless
-	of who initiates the request to turn it on.  Also, make
-	sure that if the other side went "WILL ECHO" in response
-	to our "DO ECHO", that we send a "DONT ECHO" to get the
-	option turned back off!
-
-	Fix the TERMIOS setting of the terminal speed to handle both
-	BSD's seperate fields, and the SYSV method of CBAUD bits.
-
-	Change how we deal with the other side refusing to enable
-	an option.  The sequence used to be: send DO option; receive
-	WONT option; send DONT option.  Now, the sequence is: send
-	DO option; receive WONT option.  Both should be valid
-	according to the spec, but there has been at least one
-	client implementation of telnet identified that can get
-	really confused by this.  (The exact sequence, from a trace
-	on the server side, is (numbers are number of responses that
-	we expect to get after that line...):
-
-		send WILL ECHO	1 (initial request)
-		send WONT ECHO	2 (server is changing state)
-		recv DO ECHO	1 (first reply, ok.  expect DONT ECHO next)
-		send WILL ECHO	2 (server changes state again)
-		recv DONT ECHO	1 (second reply, ok.  expect DO ECHO next)
-		recv DONT ECHO	0 (third reply, wrong answer. got DONT!!!)
-	***	send WONT ECHO	  (send WONT to acknowledge the DONT)
-		send WILL ECHO	1 (ask again to enable option)
-		recv DO ECHO	0
-
-		recv DONT ECHO	0
-		send WONT ECHO	1
-		recv DONT ECHO	0
-		recv DO ECHO	1
-		send WILL ECHO	0
-		(and the last 5 lines loop forever)
-
-	The line with the "***" is last of the WILL/DONT/WONT sequence.
-	The change to the server to not generate that makes this same
-	example become:
-
-		send will ECHO	1
-		send wont ECHO	2
-		recv do ECHO	1
-		send will ECHO	2
-		recv dont ECHO	1
-		recv dont ECHO	0
-		recv do ECHO	1
-		send will ECHO	0
-
-	There is other option negotiation going on, and not sending
-	the third part changes some of the timings, but this specific
-	example no longer gets stuck in a loop.  The "telnet.state"
-	file has been modified to reflect this change to the algorithm.
-
-	A bunch of miscellaneous bug fixes and changes to make
-	lint happier.
-
-	This version of telnet also has some KERBEROS stuff in
-	it. This has not been tested, it uses an un-authorized
-	telnet option number, and uses an out-of-date version
-	of the (still being defined) AUTHENTICATION option.
-	There is no support for this code, do not enable it.
-
-
-March 1, 1990:
-CHANGES/BUGFIXES SINCE LAST RELEASE:
-	Some support for IP TOS has been added.  Requires that the
-	kernel support the IP_TOS socket option (currently this
-	is only in UNICOS 6.0).
-
-	Both telnet and telnetd now use the cc_t typedef.  typedefs are
-	included for systems that don't have it (in termios.h).
-
-	SLC_SUSP was not supported properly before.  It is now.
-
-	IAC EOF was not translated  properly in telnetd for SYSV_TERMIO
-	when not in linemode.  It now saves a copy of the VEOF character,
-	so that when ICANON is turned off and we can't trust it anymore
-	(because it is now the VMIN character) we use the saved value.
-
-	There were two missing "break" commands in the linemode
-	processing code in telnetd.
-
-	Telnetd wasn't setting the kernel window size information
-	properly.  It was using the rows for both rows and columns...
-
-Questions/comments go to
-		David Borman
-		Cray Research, Inc.
-		655F Lone Oak Drive
-		Eagan, MN 55123
-		dab@cray.com.
-
-README:	You are reading it.
-
-Config.generic:
-	This file contains all the OS specific definitions.  It
-	has pre-definitions for many common system types, and is
-	in standard makefile fromat.  See the comments at the top
-	of the file for more information.
-
-Config.local:
-	This is not part of the distribution, but if this file exists,
-	it is used instead of "Config.generic".  This allows site
-	specific configuration without having to modify the distributed
-	"Config.generic" file.
-
-kern.diff:
-	This file contains the diffs for the changes needed for the
-	kernel to support LINEMODE is the server.  These changes are
-	for a 4.3BSD system.  You may need to make some changes for
-	your particular system.
-
-	There is a new bit in the terminal state word, TS_EXTPROC.
-	When this bit is set, several aspects of the terminal driver
-	are disabled.  Input line editing, character echo, and
-	mapping of signals are all disabled.  This allows the telnetd
-	to turn of these functions when in linemode, but still keep
-	track of what state the user wants the terminal to be in.
-
-	New ioctl()s:
-
-		TIOCEXT		Turn on/off the TS_EXTPROC bit
-		TIOCGSTATE	Get t_state of tty to look at TS_EXTPROC bit
-		TIOCSIG		Generate a signal to processes in the
-				current process group of the pty.
-
-	There is a new mode for packet driver, the TIOCPKT_IOCTL bit.
-	When packet mode is turned on in the pty, and the TS_EXTPROC
-	bit is set, then whenever the state of the pty is changed, the
-	next read on the master side of the pty will have the TIOCPKT_IOCTL
-	bit set, and the data will contain the following:
-		struct xx {
-			struct sgttyb a;
-			struct tchars b;
-			struct ltchars c;
-			int t_state;
-			int t_flags;
-		}
-	This allows the process on the server side of the pty to know
-	when the state of the terminal has changed, and what the new
-	state is.
-
-	However, if you define USE_TERMIO or SYSV_TERMIO, the code will
-	expect that the structure returned in the TIOCPKT_IOCTL is
-	the termio/termios structure.
-
-stty.diff:
-	This file contains the changes needed for the stty(1) program
-	to report on the current status of the TS_EXTPROC bit.  It also
-	allows the user to turn on/off the TS_EXTPROC bit.  This is useful
-	because it allows the user to say "stty -extproc", and the
-	LINEMODE option will be automatically disabled, and saying "stty
-	extproc" will re-enable the LINEMODE option.
-
-telnet.state:
-	Both the client and server have code in them to deal
-	with option negotiation loops.  The algorithm that is
-	used is described in this file.
-
-telnet:
-	This directory contains the client code.  No kernel changes are
-	needed to use this code.
-
-telnetd:
-	This directory contains the server code.  If LINEMODE or KLUDGELINEMODE
-	are defined, then the kernel modifications listed above are needed.
-
-libtelnet:
-	This directory contains code that is common to both the client
-	and the server.
-
-arpa:
-	This directory has a new <arpa/telnet.h>
-
-libtelnet/Makefile.4.4:
-telnet/Makefile.4.4:
-telnetd/Makefile.4.4:
-	These are the makefiles that can be used on a 4.3Reno
-	system when this software is installed in /usr/src/lib/libtelnet,
-	/usr/src/libexec/telnetd, and /usr/src/usr.bin/telnet.
-
-
-The following TELNET options are supported:
-	
-	LINEMODE:
-		The LINEMODE option is supported as per RFC1116.  The
-		FORWARDMASK option is not currently supported.
-
-	BINARY: The client has the ability to turn on/off the BINARY
-		option in each direction.  Turning on BINARY from
-		server to client causes the LITOUT bit to get set in
-		the terminal driver on both ends,  turning on BINARY
-		from the client to the server causes the PASS8 bit
-		to get set in the terminal driver on both ends.
-
-	TERMINAL-TYPE:
-		This is supported as per RFC1091.  On the server side,
-		when a terminal type is received, termcap/terminfo
-		is consulted to determine if it is a known terminal
-		type.  It keeps requesting terminal types until it
-		gets one that it recongnizes, or hits the end of the
-		list.  The server side looks up the entry in the
-		termcap/terminfo data base, and generates a list of
-		names which it then passes one at a time to each
-		request for a terminal type, duplicating the last
-		entry in the list before cycling back to the beginning.
-
-	NAWS:	The Negotiate about Window Size, as per RFC 1073.
-
-	TERMINAL-SPEED:
-		Implemented as per RFC 1079
-
-	TOGGLE-FLOW-CONTROL:
-		Implemented as per RFC 1080
-
-	TIMING-MARK:
-		As per RFC 860
-
-	SGA:	As per RFC 858
-
-	ECHO:	As per RFC 857
-
-	LOGOUT: As per RFC 727
-
-	STATUS:
-		The server will send its current status upon
-		request.  It does not ask for the clients status.
-		The client will request the servers current status
-		from the "send getstatus" command.
-
-	ENVIRON:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued, but should be in the near future...
-
-	X-DISPLAY-LOCATION:
-		This functionality can be done through the ENVIRON
-		option, it is added here for completeness.
-
-	AUTHENTICATION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The basic framework is pretty much decided,
-		but the definitions for the specific authentication
-		schemes is still in a state of flux.
-
-	ENCRYPTION:
-		This option is currently being defined by the IETF
-		Telnet Working Group, and an RFC has not yet been
-		issued.  The draft RFC is still in a state of flux,
-		so this code may change in the future.
diff --git a/src/appl/telnet/arpa/telnet.h b/src/appl/telnet/arpa/telnet.h
deleted file mode 100644
index f6d0eb5..0000000
--- a/src/appl/telnet/arpa/telnet.h
+++ /dev/null
@@ -1,327 +0,0 @@
-/*
- * Copyright (c) 1983, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnet.h	8.1 (Berkeley) 6/2/93
- */
-
-#ifndef _TELNET_H_
-#define	_TELNET_H_
-
-/*
- * Definitions for the TELNET protocol.
- */
-#define	IAC	255		/* interpret as command: */
-#define	DONT	254		/* you are not to use option */
-#define	DO	253		/* please, you use option */
-#define	WONT	252		/* I won't use option */
-#define	WILL	251		/* I will use option */
-#define	SB	250		/* interpret as subnegotiation */
-#define	GA	249		/* you may reverse the line */
-#define	EL	248		/* erase the current line */
-#define	EC	247		/* erase the current character */
-#define	AYT	246		/* are you there */
-#define	AO	245		/* abort output--but let prog finish */
-#define	IP	244		/* interrupt process--permanently */
-#define	BREAK	243		/* break */
-#define	DM	242		/* data mark--for connect. cleaning */
-#define	NOP	241		/* nop */
-#define	SE	240		/* end sub negotiation */
-#define EOR     239             /* end of record (transparent mode) */
-#define	ABORT	238		/* Abort process */
-#define	SUSP	237		/* Suspend process */
-#define	xEOF	236		/* End of file: EOF is already used... */
-
-#define SYNCH	242		/* for telfunc calls */
-
-#ifdef TELCMDS
-char *telcmds[] = {
-	"EOF", "SUSP", "ABORT", "EOR",
-	"SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC",
-	"EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0,
-};
-#else
-extern char *telcmds[];
-#endif
-
-#define	TELCMD_FIRST	xEOF
-#define	TELCMD_LAST	IAC
-#define	TELCMD_OK(x)	((unsigned int)(x) <= TELCMD_LAST && \
-			 (unsigned int)(x) >= TELCMD_FIRST)
-#define	TELCMD(x)	telcmds[(x)-TELCMD_FIRST]
-
-/* telnet options */
-#define TELOPT_BINARY	0	/* 8-bit data path */
-#define TELOPT_ECHO	1	/* echo */
-#define	TELOPT_RCP	2	/* prepare to reconnect */
-#define	TELOPT_SGA	3	/* suppress go ahead */
-#define	TELOPT_NAMS	4	/* approximate message size */
-#define	TELOPT_STATUS	5	/* give status */
-#define	TELOPT_TM	6	/* timing mark */
-#define	TELOPT_RCTE	7	/* remote controlled transmission and echo */
-#define TELOPT_NAOL 	8	/* negotiate about output line width */
-#define TELOPT_NAOP 	9	/* negotiate about output page size */
-#define TELOPT_NAOCRD	10	/* negotiate about CR disposition */
-#define TELOPT_NAOHTS	11	/* negotiate about horizontal tabstops */
-#define TELOPT_NAOHTD	12	/* negotiate about horizontal tab disposition */
-#define TELOPT_NAOFFD	13	/* negotiate about formfeed disposition */
-#define TELOPT_NAOVTS	14	/* negotiate about vertical tab stops */
-#define TELOPT_NAOVTD	15	/* negotiate about vertical tab disposition */
-#define TELOPT_NAOLFD	16	/* negotiate about output LF disposition */
-#define TELOPT_XASCII	17	/* extended ascic character set */
-#define	TELOPT_LOGOUT	18	/* force logout */
-#define	TELOPT_BM	19	/* byte macro */
-#define	TELOPT_DET	20	/* data entry terminal */
-#define	TELOPT_SUPDUP	21	/* supdup protocol */
-#define	TELOPT_SUPDUPOUTPUT 22	/* supdup output */
-#define	TELOPT_SNDLOC	23	/* send location */
-#define	TELOPT_TTYPE	24	/* terminal type */
-#define	TELOPT_EOR	25	/* end or record */
-#define	TELOPT_TUID	26	/* TACACS user identification */
-#define	TELOPT_OUTMRK	27	/* output marking */
-#define	TELOPT_TTYLOC	28	/* terminal location number */
-#define	TELOPT_3270REGIME 29	/* 3270 regime */
-#define	TELOPT_X3PAD	30	/* X.3 PAD */
-#define	TELOPT_NAWS	31	/* window size */
-#define	TELOPT_TSPEED	32	/* terminal speed */
-#define	TELOPT_LFLOW	33	/* remote flow control */
-#define TELOPT_LINEMODE	34	/* Linemode option */
-#define TELOPT_XDISPLOC	35	/* X Display Location */
-#define TELOPT_OLD_ENVIRON 36	/* Old - Environment variables */
-#define	TELOPT_AUTHENTICATION 37/* Authenticate */
-#define	TELOPT_ENCRYPT	38	/* Encryption option */
-#define TELOPT_NEW_ENVIRON 39	/* New - Environment variables */
-#define	TELOPT_EXOPL	255	/* extended-options-list */
-
-
-#define	NTELOPTS	(1+TELOPT_NEW_ENVIRON)
-#ifdef TELOPTS
-char *telopts[NTELOPTS+1] = {
-	"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
-	"STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP",
-	"NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS",
-	"NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO",
-	"DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT",
-	"SEND LOCATION", "TERMINAL TYPE", "END OF RECORD",
-	"TACACS UID", "OUTPUT MARKING", "TTYLOC",
-	"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
-	"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
-	"ENCRYPT", "NEW-ENVIRON",
-	0,
-};
-#define	TELOPT_FIRST	TELOPT_BINARY
-#define	TELOPT_LAST	TELOPT_NEW_ENVIRON
-#define	TELOPT_OK(x)	((unsigned int)(x) <= TELOPT_LAST)
-#define	TELOPT(x)	telopts[(x)-TELOPT_FIRST]
-#endif
-
-/* sub-option qualifiers */
-#define	TELQUAL_IS	0	/* option is... */
-#define	TELQUAL_SEND	1	/* send option */
-#define	TELQUAL_INFO	2	/* ENVIRON: informational version of IS */
-#define	TELQUAL_REPLY	2	/* AUTHENTICATION: client version of IS */
-#define	TELQUAL_NAME	3	/* AUTHENTICATION: client version of IS */
-
-#define	LFLOW_OFF		0	/* Disable remote flow control */
-#define	LFLOW_ON		1	/* Enable remote flow control */
-#define	LFLOW_RESTART_ANY	2	/* Restart output on any char */
-#define	LFLOW_RESTART_XON	3	/* Restart output only on XON */
-
-/*
- * LINEMODE suboptions
- */
-
-#define	LM_MODE		1
-#define	LM_FORWARDMASK	2
-#define	LM_SLC		3
-
-#define	MODE_EDIT	0x01
-#define	MODE_TRAPSIG	0x02
-#define	MODE_ACK	0x04
-#define MODE_SOFT_TAB	0x08
-#define MODE_LIT_ECHO	0x10
-
-#define	MODE_MASK	0x1f
-
-/* Not part of protocol, but needed to simplify things... */
-#define MODE_FLOW		0x0100
-#define MODE_ECHO		0x0200
-#define MODE_INBIN		0x0400
-#define MODE_OUTBIN		0x0800
-#define MODE_FORCE		0x1000
-
-#define	SLC_SYNCH	1
-#define	SLC_BRK		2
-#define	SLC_IP		3
-#define	SLC_AO		4
-#define	SLC_AYT		5
-#define	SLC_EOR		6
-#define	SLC_ABORT	7
-#define	SLC_EOF		8
-#define	SLC_SUSP	9
-#define	SLC_EC		10
-#define	SLC_EL		11
-#define	SLC_EW		12
-#define	SLC_RP		13
-#define	SLC_LNEXT	14
-#define	SLC_XON		15
-#define	SLC_XOFF	16
-#define	SLC_FORW1	17
-#define	SLC_FORW2	18
-
-#define	NSLC		18
-
-/*
- * For backwards compatability, we define SLC_NAMES to be the
- * list of names if SLC_NAMES is not defined.
- */
-#define	SLC_NAMELIST	"0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \
-			"ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \
-			"LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0,
-#ifdef	SLC_NAMES
-char *slc_names[] = {
-	SLC_NAMELIST
-};
-#else
-extern char *slc_names[];
-#define	SLC_NAMES SLC_NAMELIST
-#endif
-
-#define	SLC_NAME_OK(x)	((unsigned int)(x) <= NSLC)
-#define SLC_NAME(x)	slc_names[x]
-
-#define	SLC_NOSUPPORT	0
-#define	SLC_CANTCHANGE	1
-#define	SLC_VARIABLE	2
-#define	SLC_DEFAULT	3
-#define	SLC_LEVELBITS	0x03
-
-#define	SLC_FUNC	0
-#define	SLC_FLAGS	1
-#define	SLC_VALUE	2
-
-#define	SLC_ACK		0x80
-#define	SLC_FLUSHIN	0x40
-#define	SLC_FLUSHOUT	0x20
-
-#define	OLD_ENV_VAR	1
-#define	OLD_ENV_VALUE	0
-#define	NEW_ENV_VAR	0
-#define	NEW_ENV_VALUE	1
-#define	ENV_ESC		2
-#define ENV_USERVAR	3
-
-/*
- * AUTHENTICATION suboptions
- */
-
-/*
- * Who is authenticating who ...
- */
-#define	AUTH_WHO_CLIENT		0	/* Client authenticating server */
-#define	AUTH_WHO_SERVER		1	/* Server authenticating client */
-#define	AUTH_WHO_MASK		1
-
-/*
- * amount of authentication done
- */
-#define	AUTH_HOW_ONE_WAY	0
-#define	AUTH_HOW_MUTUAL		2
-#define	AUTH_HOW_MASK		2
-
-/*
- * should we be encrypting? (not yet formally standardized)
- */
-#define AUTH_ENCRYPT_OFF	0
-#define AUTH_ENCRYPT_ON		4
-#define AUTH_ENCRYPT_MASK	4
-
-#define	AUTHTYPE_NULL		0
-#define	AUTHTYPE_KERBEROS_V4	1
-#define	AUTHTYPE_KERBEROS_V5	2
-#define	AUTHTYPE_SPX		3
-#define	AUTHTYPE_MINK		4
-#define	AUTHTYPE_CNT		5
-
-#define	AUTHTYPE_TEST		99
-
-#ifdef	AUTH_NAMES
-char *authtype_names[] = {
-	"NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", 0,
-};
-#else
-extern char *authtype_names[];
-#endif
-
-#define	AUTHTYPE_NAME_OK(x)	((unsigned int)(x) < AUTHTYPE_CNT)
-#define	AUTHTYPE_NAME(x)	authtype_names[x]
-
-/*
- * ENCRYPTion suboptions
- */
-#define	ENCRYPT_IS		0	/* I pick encryption type ... */
-#define	ENCRYPT_SUPPORT		1	/* I support encryption types ... */
-#define	ENCRYPT_REPLY		2	/* Initial setup response */
-#define	ENCRYPT_START		3	/* Am starting to send encrypted */
-#define	ENCRYPT_END		4	/* Am ending encrypted */
-#define	ENCRYPT_REQSTART	5	/* Request you start encrypting */
-#define	ENCRYPT_REQEND		6	/* Request you send encrypting */
-#define	ENCRYPT_ENC_KEYID	7
-#define	ENCRYPT_DEC_KEYID	8
-#define	ENCRYPT_CNT		9
-
-#define	ENCTYPE_ANY		0
-#define	ENCTYPE_DES_CFB64	1
-#define	ENCTYPE_DES_OFB64	2
-#define	ENCTYPE_CNT		3
-
-#ifdef	ENCRYPT_NAMES
-char *encrypt_names[] = {
-	"IS", "SUPPORT", "REPLY", "START", "END",
-	"REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID",
-	0,
-};
-char *enctype_names[] = {
-	"ANY", "DES_CFB64",  "DES_OFB64",  0,
-};
-#else
-extern char *encrypt_names[];
-extern char *enctype_names[];
-#endif
-
-
-#define	ENCRYPT_NAME_OK(x)	((unsigned int)(x) < ENCRYPT_CNT)
-#define	ENCRYPT_NAME(x)		encrypt_names[x]
-
-#define	ENCTYPE_NAME_OK(x)	((unsigned int)(x) < ENCTYPE_CNT)
-#define	ENCTYPE_NAME(x)		enctype_names[x]
-
-#endif /* !_TELNET_H_ */
diff --git a/src/appl/telnet/configure.in b/src/appl/telnet/configure.in
deleted file mode 100644
index fc91a5a..0000000
--- a/src/appl/telnet/configure.in
+++ /dev/null
@@ -1,164 +0,0 @@
-K5_AC_INIT(configure.in)
-CONFIG_RULES
-dnl AC_CONFIG_SUBDIRS(libtelnet telnet telnetd)
-dnl
-dnl from old libtelnet/configure.in, plus additional header & func checks
-dnl
-AC_REPLACE_FUNCS([strcasecmp strdup setsid strerror strftime getopt herror parsetos])
-AC_CHECK_FUNCS(setenv unsetenv getenv gettosbyname cgetent gettosbyname vsnprintf)
-AC_CHECK_HEADERS(stdlib.h string.h unistd.h arpa/nameser.h sys/select.h arpa/inet.h sys/filio.h curses.h utmp.h sys/time.h sys/tty.h sac.h sys/ptyvar.h sys/stream.h sys/utsname.h memory.h)
-if test $ac_cv_func_setenv = no || test $ac_cv_func_unsetenv = no \
-  || test $ac_cv_func_getenv = no; then
-  SETENVSRC=setenv.c
-  SETENVOBJ=setenv.o
-  AC_SUBST([SETENVSRC])
-  AC_SUBST([SETENVOBJ])
-  AC_DEFINE([NEED_SETENV],1,[Define if setenv needs to be defined])
-fi
-dnl
-KRB5_NEED_PROTO([#include <stdlib.h>],setenv)
-AC_C_CONST
-KRB5_BUILD_LIBRARY
-KRB5_BUILD_LIBOBJS
-dnl
-old_LIBS="$LIBS"
-dnl
-dnl from old telnet/configure.in
-dnl
-AC_PROG_INSTALL
-AC_FUNC_VFORK
-AC_HEADER_STDARG
-case $krb5_cv_host in
-*-*-solaris*)
-	if test "$ac_cv_c_compiler_gnu" = yes; then
-		# Solaris 8 at least has curses.h that is noisy under gcc
-		ac_cv_header_curses_h=yes
-	fi
-	;;
-esac
-dnl
-dnl On some systems, term.h requires curses.h inclusion
-AC_CHECK_HEADERS(term.h,,,dnl
-[#ifdef HAVE_CURSES_H
-#include <curses.h>
-#endif
-])
-dnl
-AC_CHECK_LIB(termcap,main,AC_DEFINE(TERMCAP,1,[Define if termcap library is available])
-LIBS="$LIBS -ltermcap")
-AC_CHECK_LIB(curses,setupterm,LIBS="$LIBS -lcurses",
-  AC_CHECK_LIB(ncurses,setupterm,LIBS="$LIBS -lncurses")
-)
-AC_CHECK_FUNC(tgetent, , [AC_MSG_ERROR([Could not find tgetent; are you missing a curses/ncurses library?])])
-KRB5_AC_INET6
-AC_CHECK_FUNCS(setupterm)
-AC_CHECK_HEADER(termios.h,AC_DEFINE(USE_TERMIO,1,[Define if termio should be used]) ac_termio=1)
-if test -z "$ac_termio"; then
-AC_CHECK_HEADER(termio.h,AC_DEFINE(SYSV_TERMIO,1,[Define if SysV termio interface is found]),ac_sysv_termio=1)
-if test -z "$ac_sysv_termio"; then
-  AC_MSG_CHECKING([for cc_t in termio.h])
-  AC_CACHE_VAL(krb_cv_type_cc_t,
-  [AC_TRY_LINK([cc_t],[#include <termio.h>],
-  [cc_t foo;],krb_cv_type_cc_t=yes,krb_cv_type_cc_t=no)])
-  AC_MSG_RESULT($krb_cv_type_cc_t)
-  if test $krb_cv_type_cc_t = no; then
-    AC_DEFINE(NO_CC_T,1,[Define if termio.h does not define type cc_t])
-  fi
-fi
-fi
-KRB5_NEED_PROTO([#include <unistd.h>
-#include <stdlib.h>],parsetos,1)
-dnl
-KRB5_NEED_PROTO([#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>],herror,1)
-dnl
-CHECK_SIGNALS
-dnl
-KRB5_BUILD_PROGRAM
-dnl
-TELNET_LIBS="$LIBS"
-AC_SUBST(TELNET_LIBS)
-LIBS="$old_LIBS"
-dnl
-dnl from old telnetd/configure.in
-dnl
-dnl AC_PROG_INSTALL
-AC_CHECK_LIB(termcap,main,AC_DEFINE(TERMCAP)
-LIBS="$LIBS -ltermcap",
-  AC_CHECK_LIB(curses,setupterm,LIBS="$LIBS -lcurses",
-  AC_CHECK_LIB(ncurses,setupterm,LIBS="$LIBS -lncurses")
-))
-dnl ... whole termios.h/termio.h/NO_CC_T thing again ...
-AC_HEADER_TIME
-dnl KRB5_AC_INET6
-dnl
-dnl Test if speed_t needs to be defined
-AC_CACHE_CHECK([if speed_t is defined], krb5_cv_type_speed_t,
-[AC_TRY_COMPILE(dnl
-[#include <sys/types.h>
-#if STDC_HEADERS
-#include <stdlib.h>
-#include <stddef.h>
-#endif
-#ifndef	USE_TERMIO
-#include <sgtty.h>
-#else
-# ifdef	SYSV_TERMIO
-# include <termio.h>
-# else
-# include <termios.h>
-# endif
-#endif
-],[speed_t termspeed],krb5_cv_type_speed_t=yes, krb5_cv_type_speed_t=no)])
-if test $krb5_cv_type_speed_t = no; then
-   AC_DEFINE(speed_t, int, [Define if system termios interface doesn't define speed_t])
-fi;
-dnl
-dnl
-dnl Make our operating system-specific security checks and definitions for
-dnl login.
-dnl
-case $krb5_cv_host in
-*-*-hpux*)
-     broken_streams=yes
-     ;;
-*-*-linux*)
-     # Someday Linux may have a Streams user-level interface, so checking
-     # for sys/stream.h may not always work.  But I'm reasonably
-     # sure Linux will never require pushing magic streams modules onto 
-     # pty's! :-)   --- TYT
-     broken_streams=yes
-     ;;
-*-*-irix*)
-     # Irix doesn't have a working granpt, and more over
-     # you can't push anything onto a pty, so telnetd really
-     # Really wants to treat it as if it doesn't have streams
-     broken_streams=yes
-     ;;
-esac
-if test -z "$broken_streams" -a "$ac_cv_header_sys_stream_h" = yes; then
-    AC_CHECK_FUNC(grantpt,AC_DEFINE(STREAMSPTY,1,[Define if streams pty interface should be used]))
-fi
-AC_MSG_CHECKING([if setpgrp takes two arguments])
-dnl
-AC_CACHE_VAL(krb5_cv_sys_setpgrp_two,
-[AC_TRY_LINK( 
-[#include <unistd.h>],[setpgrp(0,0)],
-krb5_cv_sys_setpgrp_two=yes,krb5_cv_sys_setpgrp_two=no)])
-AC_MSG_RESULT($krb5_cv_sys_setpgrp_two)
-if test $krb5_cv_sys_setpgrp_two = yes; then
-  AC_DEFINE(SETPGRP_TWOARG,1,[Define if setpgrp takes two arguments])
-fi
-dnl
-KRB5_NEED_PROTO([#include <stdlib.h>],unsetenv,1)
-dnl KRB5_NEED_PROTO([#include <stdlib.h>],setenv,1)
-dnl KRB5_BUILD_PROGRAM
-dnl
-TELNETD_LIBS="$LIBS"
-AC_SUBST(TELNETD_LIBS)
-LIBS="$old_LIBS"
-dnl
-KRB5_AC_LIBUTIL
-V5_AC_OUTPUT_MAKEFILE(. libtelnet telnet telnetd)
diff --git a/src/appl/telnet/deps b/src/appl/telnet/deps
deleted file mode 100644
index 2feac3c..0000000
--- a/src/appl/telnet/deps
+++ /dev/null
@@ -1 +0,0 @@
-# No dependencies here.
diff --git a/src/appl/telnet/kern.diff b/src/appl/telnet/kern.diff
deleted file mode 100644
index 3c1153b..0000000
--- a/src/appl/telnet/kern.diff
+++ /dev/null
@@ -1,308 +0,0 @@
-*** h/ioctl.h.old	Tue May 23 14:50:42 1989
---- h/ioctl.h	Tue Aug 29 18:24:49 1989
-***************
-*** 214,219 ****
---- 214,220 ----
-  #define		TIOCPKT_START		0x08	/* start output */
-  #define		TIOCPKT_NOSTOP		0x10	/* no more ^S, ^Q */
-  #define		TIOCPKT_DOSTOP		0x20	/* now do ^S ^Q */
-+ #define		TIOCPKT_IOCTL		0x40	/* state change of pty driver */
-  #define	TIOCSTOP	_IO('t', 111)		/* stop output, like ^S */
-  #define	TIOCSTART	_IO('t', 110)		/* start output, like ^Q */
-  #define	TIOCMSET	_IOW('t', 109, int)	/* set all modem bits */
-***************
-*** 226,231 ****
---- 227,235 ----
-  #define	TIOCUCNTL	_IOW('t', 102, int)	/* pty: set/clr usr cntl mode */
-  #define		UIOCCMD(n)	_IO('u', n)		/* usr cntl op "n" */
-  #define	TIOCCONS	_IO('t', 98)		/* become virtual console */
-+ #define	TIOCEXT		_IOW('t', 97, int)	/* pty: external processing */
-+ #define	TIOCGSTATE	_IOR('t', 96, int)	/* pty: get internal state */
-+ #define	TIOCSIG		_IO('t', 95)		/* pty: generate signal */
-  
-  #define	OTTYDISC	0		/* old, v7 std tty driver */
-  #define	NETLDISC	1		/* line discip for berk net */
-*** h/tty.h.old	Tue May 23 14:51:01 1989
---- h/tty.h	Wed Aug 23 11:30:40 1989
-***************
-*** 70,75 ****
---- 70,76 ----
-  	struct	ttychars t_chars;	/* tty */
-  	struct	winsize t_winsize;	/* window size */
-  /* be careful of tchars & co. */
-+ #ifndef	NO_T_CHARS_DEFINES
-  #define	t_erase		t_chars.tc_erase
-  #define	t_kill		t_chars.tc_kill
-  #define	t_intrc		t_chars.tc_intrc
-***************
-*** 84,89 ****
---- 85,91 ----
-  #define	t_flushc	t_chars.tc_flushc
-  #define	t_werasc	t_chars.tc_werasc
-  #define	t_lnextc	t_chars.tc_lnextc
-+ #endif
-  };
-  
-  #define	TTIPRI	28
-***************
-*** 124,129 ****
---- 126,132 ----
-  #define	TS_LNCH		0x080000	/* next character is literal */
-  #define	TS_TYPEN	0x100000	/* retyping suspended input (PENDIN) */
-  #define	TS_CNTTB	0x200000	/* counting tab width; leave FLUSHO alone */
-+ #define	TS_EXTPROC	0x400000	/* external processing of data */
-  
-  #define	TS_LOCAL	(TS_BKSL|TS_QUOT|TS_ERASE|TS_LNCH|TS_TYPEN|TS_CNTTB)
-  
-*** sys/tty.c.old	Tue May 23 14:52:28 1989
---- sys/tty.c	Thu Aug 24 09:31:49 1989
-***************
-*** 275,280 ****
---- 275,285 ----
-  	 */
-  	switch (com) {
-  
-+ 	/* get internal state - needed for TS_EXTPROC bit */
-+ 	case TIOCGSTATE:
-+ 		*(int *)data = tp->t_state;
-+ 		break;
-+ 
-  	/* get discipline number */
-  	case TIOCGETD:
-  		*(int *)data = tp->t_line;
-***************
-*** 752,757 ****
---- 757,763 ----
-  	 */
-  	if ((tp->t_state&TS_TYPEN) == 0 && (t_flags&PASS8) == 0)
-  		c &= 0177;
-+     if ((tp->t_state&TS_EXTPROC) == 0) {
-  	/*
-  	 * Check for literal nexting very first
-  	 */
-***************
-*** 834,839 ****
---- 840,846 ----
-  		else if (c == '\\')
-  			tp->t_state |= TS_BKSL;
-  	}
-+     }
-  
-  	/*
-  	 * Cbreak mode, don't process line editing
-***************
-*** 851,856 ****
---- 858,864 ----
-  		goto endcase;
-  	}
-  
-+     if ((tp->t_state&TS_EXTPROC) == 0) {
-  	/*
-  	 * From here on down cooked mode character
-  	 * processing takes place.
-***************
-*** 911,916 ****
---- 919,925 ----
-  			goto endcase;
-  		}
-  	}
-+     }
-  
-  	/*
-  	 * Check for input buffer overflow
-***************
-*** 933,938 ****
---- 942,948 ----
-  		} else if (tp->t_rocount++ == 0)
-  			tp->t_rocol = tp->t_col;
-  		tp->t_state &= ~TS_QUOT;
-+ 	    if ((tp->t_state&TS_EXTPROC) == 0) {
-  		if (c == '\\')
-  			tp->t_state |= TS_QUOT;
-  		if (tp->t_state&TS_ERASE) {
-***************
-*** 948,953 ****
---- 958,964 ----
-  				i--;
-  			}
-  		}
-+ 	    }
-  	}
-  endcase:
-  	/*
-***************
-*** 998,1005 ****
-  		return (-1);
-  	/*
-  	 * Turn tabs to spaces as required
-  	 */
-! 	if (c == '\t' && (tp->t_flags&TBDELAY) == XTABS) {
-  		register int s;
-  
-  		c = 8 - (tp->t_col&7);
---- 1009,1022 ----
-  		return (-1);
-  	/*
-  	 * Turn tabs to spaces as required
-+ 	 *
-+ 	 * Special case if we have external processing, we don't
-+ 	 * do the tab expansion because we'll probably get it
-+ 	 * wrong.  If tab expansion needs to be done, let it
-+ 	 * happen externally.
-  	 */
-! 	if ((tp->t_state&TS_EXTPROC) == 0 &&
-! 	    c == '\t' && (tp->t_flags&TBDELAY) == XTABS) {
-  		register int s;
-  
-  		c = 8 - (tp->t_col&7);
-***************
-*** 1497,1503 ****
-  	int s;
-  	char *nextc();
-  
-! 	if ((tp->t_flags&ECHO) == 0)
-  		return;
-  	tp->t_flags &= ~FLUSHO;
-  	c &= 0377;
---- 1514,1520 ----
-  	int s;
-  	char *nextc();
-  
-! 	if ((tp->t_flags&ECHO) == 0 || (tp->t_state&TS_EXTPROC))
-  		return;
-  	tp->t_flags &= ~FLUSHO;
-  	c &= 0377;
-***************
-*** 1618,1624 ****
-  
-  	if ((tp->t_state&TS_CNTTB) == 0)
-  		tp->t_flags &= ~FLUSHO;
-! 	if ((tp->t_flags&ECHO) == 0)
-  		return;
-  	c &= 0377;
-  	if (tp->t_flags&RAW) {
---- 1635,1641 ----
-  
-  	if ((tp->t_state&TS_CNTTB) == 0)
-  		tp->t_flags &= ~FLUSHO;
-! 	if ((tp->t_flags&ECHO) == 0 || (tp->t_state&TS_EXTPROC))
-  		return;
-  	c &= 0377;
-  	if (tp->t_flags&RAW) {
-*** sys/tty_pty.c.old	Tue May 23 14:52:43 1989
---- sys/tty_pty.c	Tue Aug 29 18:48:36 1989
-***************
-*** 208,213 ****
---- 208,214 ----
-  		return (EIO);
-  	tp->t_oproc = ptsstart;
-  	(void)(*linesw[tp->t_line].l_modem)(tp, 1);
-+ 	tp->t_state &= ~TS_EXTPROC;
-  	pti = &pt_ioctl[minor(dev)];
-  	pti->pt_flags = 0;
-  	pti->pt_send = 0;
-***************
-*** 247,252 ****
---- 248,275 ----
-  				error = ureadc((int)pti->pt_send, uio);
-  				if (error)
-  					return (error);
-+ 				if (pti->pt_send & TIOCPKT_IOCTL) {
-+ 					struct xx {
-+ 						struct sgttyb a;
-+ 						struct tchars b;
-+ 						struct ltchars c;
-+ 						int d;
-+ 						int e;
-+ 					} cb;
-+ 					cb.a.sg_ispeed = tp->t_ispeed;
-+ 					cb.a.sg_ospeed = tp->t_ospeed;
-+ 					cb.a.sg_erase = tp->t_erase;
-+ 					cb.a.sg_kill = tp->t_kill;
-+ 					cb.a.sg_flags = tp->t_flags;
-+ 					bcopy((caddr_t)&tp->t_intrc,
-+ 					      (caddr_t)&cb.b, sizeof(cb.b));
-+ 					bcopy((caddr_t)&tp->t_suspc,
-+ 					      (caddr_t)&cb.c, sizeof(cb.c));
-+ 					cb.d = tp->t_state;
-+ 					cb.e = ((unsigned)tp->t_flags)>>16;
-+ 					cc = MIN(uio->uio_resid, sizeof(cb));
-+ 					uiomove(&cb, cc, UIO_READ, uio);
-+ 				}
-  				pti->pt_send = 0;
-  				return (0);
-  			}
-***************
-*** 483,488 ****
---- 506,533 ----
-  	 * IF CONTROLLER STTY THEN MUST FLUSH TO PREVENT A HANG.
-  	 * ttywflush(tp) will hang if there are characters in the outq.
-  	 */
-+ 	if (cmd == TIOCEXT) {
-+ 		/*
-+ 		 * When the TS_EXTPROC bit is being toggled, we need
-+ 		 * to send an TIOCPKT_IOCTL if the packet driver
-+ 		 * is turned on.
-+ 		 */
-+ 		if (*(int *)data) {
-+ 			if (pti->pt_flags & PF_PKT) {
-+ 				pti->pt_send |= TIOCPKT_IOCTL;
-+ 				ptcwakeup(tp);
-+ 			}
-+ 			tp->t_state |= TS_EXTPROC;
-+ 		} else {
-+ 			if ((tp->t_state & TS_EXTPROC) &&
-+ 			    (pti->pt_flags & PF_PKT)) {
-+ 				pti->pt_send |= TIOCPKT_IOCTL;
-+ 				ptcwakeup(tp);
-+ 			}
-+ 			tp->t_state &= ~TS_EXTPROC;
-+ 		}
-+ 		return (0);
-+ 	} else
-  	if (cdevsw[major(dev)].d_open == ptcopen)
-  		switch (cmd) {
-  
-***************
-*** 525,530 ****
---- 570,583 ----
-  			while (getc(&tp->t_outq) >= 0)
-  				;
-  			break;
-+ 
-+ 		case TIOCSIG:
-+ 			if (*(unsigned int *)data >= NSIG)
-+ 				return(EINVAL);
-+ 			if ((tp->t_flags&NOFLSH) == 0)
-+ 				ttyflush(tp, FREAD|FWRITE);
-+ 			gsignal(tp->t_pgrp, *(unsigned int *)data);
-+ 			return(0);
-  		}
-  	error = ttioctl(tp, cmd, data, flag);
-  	/*
-***************
-*** 549,554 ****
---- 602,624 ----
-  			return (0);
-  		}
-  		error = ENOTTY;
-+ 	}
-+ 	/*
-+ 	 * If external processing and packet mode send ioctl packet.
-+ 	 */
-+ 	if ((tp->t_state & TS_EXTPROC) && (pti->pt_flags & PF_PKT)) {
-+ 		switch(cmd) {
-+ 		case TIOCSETP:
-+ 		case TIOCSETN:
-+ 		case TIOCSETC:
-+ 		case TIOCSLTC:
-+ 		case TIOCLBIS:
-+ 		case TIOCLBIC:
-+ 		case TIOCLSET:
-+ 			pti->pt_send |= TIOCPKT_IOCTL;
-+ 		default:
-+ 			break;
-+ 		}
-  	}
-  	stop = (tp->t_flags & RAW) == 0 &&
-  	    tp->t_stopc == CTRL('s') && tp->t_startc == CTRL('q');
diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in
deleted file mode 100644
index 2b8aff2..0000000
--- a/src/appl/telnet/libtelnet/Makefile.in
+++ /dev/null
@@ -1,89 +0,0 @@
-thisconfigdir=..
-myfulldir=appl/telnet/libtelnet
-mydir=libtelnet
-BUILDTOP=$(REL)..$(S)..$(S)..
-# derived from the original Makefile.generic
-#
-# Copyright (c) 1991 The Regents of the University of California.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms are permitted provided
-# that: (1) source distributions retain this entire copyright notice and
-# comment, and (2) distributions including binaries display the following
-# acknowledgement:  ``This product includes software developed by the
-# University of California, Berkeley and its contributors'' in the
-# documentation or other materials provided with the distribution and in
-# all advertising materials mentioning features or use of this software.
-# Neither the name of the University nor the names of its contributors may
-# be used to endorse or promote products derived from this software without
-# specific prior written permission.
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-#
-#	@(#)Makefile.generic	5.5 (Berkeley) 3/1/91
-#
-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB5 -DFORWARD \
-	-UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
-LOCALINCLUDES=-I.. -I$(srcdir)/..
-DEFINES = -DTELNET_BUFSIZE=65535 $(AUTH_DEF)
-LIBOBJS=@LIBOBJS@
-
-SETENVSRC=@SETENVSRC@
-SETENVOBJ=@SETENVOBJ@
-
-LIBBASE=telnet
-LIBMAJOR=0
-LIBMINOR=0
-RELDIR=../../../appl/telnet/libtelnet
-STOBJLISTS=OBJS.ST
-
-SRCS=   $(srcdir)/auth.c \
-	$(srcdir)/encrypt.c \
-	$(srcdir)/genget.c \
-	$(srcdir)/misc.c \
-	$(srcdir)/kerberos5.c \
-	$(srcdir)/forward.c \
-	$(srcdir)/enc_des.c \
-	$(srcdir)/setenv.c \
-	$(srcdir)/getent.c \
-	$(srcdir)/parsetos.c \
-	$(srcdir)/strdup.c \
-	$(srcdir)/strcasecmp.c \
-	$(srcdir)/strchr.c \
-	$(srcdir)/strrchr.c \
-	$(srcdir)/strftime.c \
-	$(srcdir)/strerror.c
-
-STLIBOBJS=   auth.o encrypt.o genget.o \
-	misc.o kerberos5.o forward.o enc_des.o \
-	$(LIBOBJS) getent.o $(SETENVOBJ)
-
-TELNET_H= $(srcdir)/../arpa/telnet.h
-
-all:: all-libs
-
-clean:: clean-libs clean-libobjs
-
-auth.o: $(TELNET_H)
-auth.o: encrypt.h
-auth.o: auth.h
-auth.o: misc-proto.h
-encrypt.o: $(TELNET_H)
-encrypt.o: encrypt.h
-encrypt.o: misc.h
-kerberos5.o: $(TELNET_H)
-kerberos5.o: encrypt.h
-kerberos5.o: auth.h
-kerberos5.o: misc.h
-misc.o: misc.h
-enc_des.o: $(TELNET_H)
-enc_des.o: encrypt.h
-enc_des.o: key-proto.h
-enc_des.o: misc-proto.h
-install::
-
-@libpriv_frag@
-@lib_frag@
-@libobj_frag@
-
diff --git a/src/appl/telnet/libtelnet/auth-proto.h b/src/appl/telnet/libtelnet/auth-proto.h
deleted file mode 100644
index c0d666d..0000000
--- a/src/appl/telnet/libtelnet/auth-proto.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#if	defined(AUTHENTICATION)
-Authenticator *findauthenticator (int, int);
-
-void auth_init (char *, int);
-int auth_cmd (int, char **);
-void auth_request (void);
-void auth_send (unsigned char *, int);
-void auth_send_retry (void);
-void auth_is (unsigned char *, int);
-void auth_reply (unsigned char *, int);
-void auth_finished (Authenticator *, int);
-void auth_wait (char *);
-int auth_check (char *);
-int auth_must_encrypt (void);
-void auth_disable_name (char *);
-void auth_gen_printsub (unsigned char *, int, unsigned char *, unsigned int);
-
-
-int getauthmask (char *, int *);
-int auth_enable (char *);
-int auth_disable (char *);
-int auth_onoff (char *, int);
-int auth_togdebug (int);
-int auth_status (void);
-void auth_name (unsigned char *, int);
-int auth_sendname (unsigned char *, int);
-void auth_debug (int);
-void auth_printsub (unsigned char *, int, unsigned char *, unsigned int);
-
-
-#ifdef	KRB5
-int kerberos5_init (Authenticator *, int);
-int kerberos5_send (Authenticator *);
-void kerberos5_is (Authenticator *, unsigned char *, int);
-void kerberos5_reply (Authenticator *, unsigned char *, int);
-int kerberos5_status (Authenticator *, char *, int);
-void kerberos5_printsub (unsigned char *, int, unsigned char *, unsigned int);
-void kerberos5_cleanup (void);
-#endif
-#endif
diff --git a/src/appl/telnet/libtelnet/auth.c b/src/appl/telnet/libtelnet/auth.c
deleted file mode 100644
index a880196..0000000
--- a/src/appl/telnet/libtelnet/auth.c
+++ /dev/null
@@ -1,650 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)auth.c	8.1 (Berkeley) 6/4/93 */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#if	defined(AUTHENTICATION)
-#include <stdio.h>
-#include <sys/types.h>
-#include <signal.h>
-#define	AUTH_NAMES
-#include <arpa/telnet.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#include <unistd.h>
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc-proto.h"
-#include "auth-proto.h"
-
-#define	typemask(x)		(1<<((x)-1))
-
-
-
-int auth_debug_mode = 0;
-int auth_has_failed = 0;
-int auth_enable_encrypt = 0;
-int auth_client_non_unix = 0;
-static 	char	*Name = "Noname";
-static	int	Server = 0;
-static	Authenticator	*authenticated = 0;
-static	int	authenticating = 0;
-static	int	validuser = 0;
-static	unsigned char	_auth_send_data[256];
-static	unsigned char	*auth_send_data;
-static	int	auth_send_cnt = 0;
-
-/*
- * Authentication types supported.  Plese note that these are stored
- * in priority order, i.e. try the first one first.
- */
-Authenticator authenticators[] = {
-#ifdef	SPX
-	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				spx_init,
-				spx_send,
-				spx_is,
-				spx_reply,
-				spx_status,
-				spx_printsub },
-	{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				spx_init,
-				spx_send,
-				spx_is,
-				spx_reply,
-				spx_status,
-				spx_printsub },
-#endif
-#ifdef	KRB5
-#ifdef ENCRYPTION
-	{ AUTHTYPE_KERBEROS_V5,
-		  AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL|AUTH_ENCRYPT_ON,
-				kerberos5_init,
-				kerberos5_send,
-				kerberos5_is,
-				kerberos5_reply,
-				kerberos5_status,
-				kerberos5_printsub },
-#endif
-	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
-				kerberos5_init,
-				kerberos5_send,
-				kerberos5_is,
-				kerberos5_reply,
-				kerberos5_status,
-				kerberos5_printsub },
-	{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-				kerberos5_init,
-				kerberos5_send,
-				kerberos5_is,
-				kerberos5_reply,
-				kerberos5_status,
-				kerberos5_printsub },
-#endif
-	{ 0, },
-};
-
-static Authenticator NoAuth = { 0 };
-
-static int	i_support = 0;
-static int	i_wont_support = 0;
-
-	Authenticator *
-findauthenticator(type, way)
-	int type;
-	int way;
-{
-	Authenticator *ap = authenticators;
-
-	while (ap->type && (ap->type != type || ap->way != way))
-		++ap;
-	return(ap->type ? ap : 0);
-}
-
-	void
-auth_init(name, server)
-	char *name;
-	int server;
-{
-	Authenticator *ap = authenticators;
-
-	Server = server;
-	Name = name;
-
-	i_support = 0;
-	authenticated = 0;
-	authenticating = 0;
-	while (ap->type) {
-		if (!ap->init || (*ap->init)(ap, server)) {
-			i_support |= typemask(ap->type);
-			if (auth_debug_mode)
-				printf(">>>%s: I support auth type %d %d\r\n",
-					Name,
-					ap->type, ap->way);
-		}
-		++ap;
-	}
-}
-
-	void
-auth_disable_name(name)
-	char *name;
-{
-	int x;
-	for (x = 0; x < AUTHTYPE_CNT; ++x) {
-		if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
-			i_wont_support |= typemask(x);
-			break;
-		}
-	}
-}
-
-	int
-getauthmask(type, maskp)
-	char *type;
-	int *maskp;
-{
-	register int x;
-
-	if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
-		*maskp = -1;
-		return(1);
-	}
-
-	for (x = 1; x < AUTHTYPE_CNT; ++x) {
-		if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
-			*maskp = typemask(x);
-			return(1);
-		}
-	}
-	return(0);
-}
-
-	int
-auth_enable(type)
-	char * type;
-{
-	return(auth_onoff(type, 1));
-}
-
-	int
-auth_disable(type)
-	char * type;
-{
-	return(auth_onoff(type, 0));
-}
-
-	int
-auth_onoff(type, on)
-	char *type;
-	int on;
-{
-	int i, mask = -1;
-	Authenticator *ap;
-
-	if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
-                printf("auth %s 'type'\n", on ? "enable" : "disable");
-		printf("Where 'type' is one of:\n");
-		printf("\t%s\n", AUTHTYPE_NAME(0));
-		mask = 0;
-		for (ap = authenticators; ap->type; ap++) {
-			if ((mask & (i = typemask(ap->type))) != 0)
-				continue;
-			mask |= i;
-			printf("\t%s\n", AUTHTYPE_NAME(ap->type));
-		}
-		return(0);
-	}
-
-	if (!getauthmask(type, &mask)) {
-		printf("%s: invalid authentication type\n", type);
-		return(0);
-	}
-	if (on)
-		i_wont_support &= ~mask;
-	else
-		i_wont_support |= mask;
-	return(1);
-}
-
-	int
-auth_togdebug(on)
-	int on;
-{
-	if (on < 0)
-		auth_debug_mode ^= 1;
-	else
-		auth_debug_mode = on;
-	printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-auth_status()
-{
-	Authenticator *ap;
-	int i, mask;
-
-	if (i_wont_support == -1)
-		printf("Authentication disabled\n");
-	else
-		printf("Authentication enabled\n");
-
-	mask = 0;
-	for (ap = authenticators; ap->type; ap++) {
-		if ((mask & (i = typemask(ap->type))) != 0)
-			continue;
-		mask |= i;
-		printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
-			(i_wont_support & typemask(ap->type)) ?
-					"disabled" : "enabled");
-	}
-	return(1);
-}
-
-/*
- * This routine is called by the server to start authentication
- * negotiation.
- */
-	void
-auth_request()
-{
-	static unsigned char str_request[64] = { IAC, SB,
-						 TELOPT_AUTHENTICATION,
-						 TELQUAL_SEND, };
-	Authenticator *ap = authenticators;
-	unsigned char *e = str_request + 4;
-
-	if (!authenticating) {
-		authenticating = 1;
-		while (ap->type) {
-			if (i_support & ~i_wont_support & typemask(ap->type)) {
-				if (ap->type == AUTHTYPE_KERBEROS_V4 ||
-				    !auth_client_non_unix) {
-					if (auth_debug_mode) {
-						printf(">>>%s: Sending type %d %d\r\n",
-						       Name, ap->type, ap->way);
-					}
-					*e++ = ap->type;
-					*e++ = ap->way;
-				}
-			}
-			++ap;
-		}
-		if (auth_client_non_unix) {
-			ap = authenticators;
-			while (ap->type) {
-				if (i_support & ~i_wont_support & typemask(ap->type)) {
-					*e++ = ap->type;
-					*e++ = ap->way;
-				}
-				++ap;
-			}
-		}
-		*e++ = IAC;
-		*e++ = SE;
-		net_write(str_request, e - str_request);
-		printsub('>', &str_request[2], e - str_request - 2);
-	}
-}
-
-/*
- * This is called when an AUTH SEND is received.
- * It should never arrive on the server side (as only the server can
- * send an AUTH SEND).
- * You should probably respond to it if you can...
- *
- * If you want to respond to the types out of order (i.e. even
- * if he sends  LOGIN KERBEROS and you support both, you respond
- * with KERBEROS instead of LOGIN (which is against what the
- * protocol says)) you will have to hack this code...
- */
-	void
-auth_send(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	if (Server) {
-		if (auth_debug_mode) {
-			printf(">>>%s: auth_send called!\r\n", Name);
-		}
-		return;
-	}
-
-	if (auth_debug_mode) {
-		printf(">>>%s: auth_send got:", Name);
-		printd(data, cnt); printf("\r\n");
-	}
-
-	/*
-	 * Save the list of authentication mechanisms
-	 */
-	auth_send_cnt = cnt;
-	if (auth_send_cnt > sizeof(_auth_send_data))
-	    auth_send_cnt = sizeof(_auth_send_data);
-	memcpy(_auth_send_data, data, (unsigned) auth_send_cnt);
-	auth_send_data = _auth_send_data;
-
-	auth_send_retry();
-}
-
-/*
- * Try the next authentication mechanism on the list, and see if it
- * works.
- */
-void auth_send_retry()
-{
-	Authenticator *ap;
-	static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
-					    TELQUAL_IS, AUTHTYPE_NULL, 0,
-					    IAC, SE };
-
-	if (Server) {
-		if (auth_debug_mode) {
-			printf(">>>%s: auth_send_retry called!\r\n", Name);
-		}
-		return;
-	}
-
-	for (;(auth_send_cnt -= 2) >= 0; auth_send_data += 2) {
-	    if (auth_debug_mode)
-		printf(">>>%s: He supports %d\r\n", Name, *auth_send_data);
-	    if (!(i_support & typemask(*auth_send_data)))
-		continue;
-	    if (i_wont_support & typemask(*auth_send_data))
-		continue;
-	    ap = findauthenticator(auth_send_data[0], auth_send_data[1]);
-	    if (!ap || !ap->send)
-		continue;
-	    if ((ap->way & AUTH_ENCRYPT_MASK) && !auth_enable_encrypt)
-		continue;
-
-	    if (auth_debug_mode)
-		printf(">>>%s: Trying %d %d\r\n", Name, auth_send_data[0],
-		       auth_send_data[1]);
-	    if ((*ap->send)(ap)) {
-		/*
-		 * Okay, we found one we like and did it.  we can go
-		 * home now.
-		 */
-		if (auth_debug_mode)
-		    printf(">>>%s: Using type %d\r\n", Name, *auth_send_data);
-		auth_send_data += 2;
-		return;
-	    }
-	}
-	net_write(str_none, sizeof(str_none));
-	printsub('>', &str_none[2], sizeof(str_none) - 2);
-	if (auth_debug_mode)
-		printf(">>>%s: Sent failure message\r\n", Name);
-	auth_finished(0, AUTH_REJECT);
-	auth_has_failed = 1;
-#ifdef KANNAN
-	/*
-	 *  We requested strong authentication, however no mechanisms worked.
-	 *  Therefore, exit on client end.
-	 */
-	printf("Unable to securely authenticate user ... exit\n");
-	exit(0);
-#endif /* KANNAN */
-}
-
-	void
-auth_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-
-	if (cnt < 2)
-		return;
-
-	if (data[0] == AUTHTYPE_NULL) {
-		auth_finished(0, AUTH_REJECT);
-		return;
-	}
-
-	if ((ap = findauthenticator(data[0], data[1]))) {
-		if (ap->is)
-			(*ap->is)(ap, data+2, cnt-2);
-	} else if (auth_debug_mode)
-		printf(">>>%s: Invalid authentication in IS: %d\r\n",
-			Name, *data);
-}
-
-	void
-auth_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Authenticator *ap;
-
-	if (cnt < 2)
-		return;
-
-	if ((ap = findauthenticator(data[0], data[1]))) {
-		if (ap->reply)
-			(*ap->reply)(ap, data+2, cnt-2);
-	} else if (auth_debug_mode)
-		printf(">>>%s: Invalid authentication in SEND: %d\r\n",
-			Name, *data);
-}
-
-	void
-auth_name(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	unsigned char savename[256];
-
-	if (cnt < 1) {
-		if (auth_debug_mode)
-			printf(">>>%s: Empty name in NAME\r\n", Name);
-		return;
-	}
-	if (cnt > sizeof(savename) - 1) {
-		if (auth_debug_mode)
-			printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
-					Name, cnt, (int) sizeof(savename)-1);
-		return;
-	}
-	memcpy(savename, data, (unsigned) cnt);
-	savename[cnt] = '\0';	/* Null terminate */
-	if (auth_debug_mode)
-		printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
-	auth_encrypt_user((const char *)savename);
-}
-
-	int
-auth_sendname(cp, len)
-	unsigned char *cp;
-	int len;
-{
-	static unsigned char str_request[256+6]
-			= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
-	register unsigned char *e = str_request + 4;
-	register unsigned char *ee = &str_request[sizeof(str_request)-2];
-
-	while (--len >= 0) {
-		if ((*e++ = *cp++) == IAC)
-			*e++ = IAC;
-		if (e >= ee)
-			return(0);
-	}
-	*e++ = IAC;
-	*e++ = SE;
-	net_write(str_request, e - str_request);
-	printsub('>', &str_request[2], e - &str_request[2]);
-	return(1);
-}
-
-	void
-auth_finished(ap, result)
-	Authenticator *ap;
-	int result;
-{
-	if (!(authenticated = ap))
-		authenticated = &NoAuth;
-	validuser = result;
-}
-
-	/* ARGSUSED */
-	static void
-auth_intr(sig)
-	int sig;
-{
-	auth_finished(0, AUTH_REJECT);
-}
-
-	void
-auth_wait(name)
-	char *name;
-{
-	if (auth_debug_mode)
-		printf(">>>%s: in auth_wait.\r\n", Name);
-
-	if (Server && !authenticating)
-		return;
-
-	(void) signal(SIGALRM, auth_intr);
-	alarm(30);
-	while (!authenticated)
-		if (telnet_spin())
-			break;
-	alarm(0);
-	(void) signal(SIGALRM, SIG_DFL);
-}
-
-	int
-auth_check(name)
-	char *name;
-{
-	/*
-	 * Now check to see if the user is valid or not
-	 */
-	if (!authenticated || authenticated == &NoAuth)
-		return(AUTH_REJECT);
-
-	if (validuser == AUTH_VALID)
-		validuser = AUTH_USER;
-
-	if (authenticated->status)
-		validuser = (*authenticated->status)(authenticated,
-						     name, validuser);
-	return(validuser);
-}
-
-int auth_must_encrypt()
-{
-    if (authenticated &&
-	((authenticated->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON))
-	return 1;
-    return 0;
-}
-
-	void
-auth_debug(mode)
-	int mode;
-{
-	auth_debug_mode = mode;
-}
-
-	void
-auth_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt;
-	unsigned int buflen;
-{
-	Authenticator *ap;
-
-	if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
-		(*ap->printsub)(data, cnt, buf, buflen);
-	else
-		auth_gen_printsub(data, cnt, buf, buflen);
-}
-
-	void
-auth_gen_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt;
-	unsigned int buflen;
-{
-	register unsigned char *cp;
-	unsigned char tbuf[16];
-
-	cnt -= 3;
-	data += 3;
-	buf[buflen-1] = '\0';
-	buf[buflen-2] = '*';
-	buflen -= 2;
-	for (; cnt > 0; cnt--, data++) {
-		snprintf((char *)tbuf, sizeof(tbuf), " %d", *data);
-		for (cp = tbuf; *cp && buflen > 0; --buflen)
-			*buf++ = *cp++;
-		if (buflen <= 0)
-			return;
-	}
-	*buf = '\0';
-}
-#endif
diff --git a/src/appl/telnet/libtelnet/auth.h b/src/appl/telnet/libtelnet/auth.h
deleted file mode 100644
index f9f31d8..0000000
--- a/src/appl/telnet/libtelnet/auth.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)auth.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__AUTH__
-#define	__AUTH__
-
-#define	AUTH_REJECT	0	/* Rejected */
-#define	AUTH_UNKNOWN	1	/* We don't know who he is, but he's okay */
-#define	AUTH_OTHER	2	/* We know him, but not his name */
-#define	AUTH_USER	3	/* We know he name */
-#define	AUTH_VALID	4	/* We know him, and he needs no password */
-
-typedef struct XauthP {
-	int	type;
-	int	way;
-	int	(*init) (struct XauthP *, int);
-	int	(*send) (struct XauthP *);
-	void	(*is) (struct XauthP *, unsigned char *, int);
-	void	(*reply) (struct XauthP *, unsigned char *, int);
-	int	(*status) (struct XauthP *, char *, int);
-	void	(*printsub) (unsigned char *, int, unsigned char *, unsigned int);
-} Authenticator;
-
-#include "auth-proto.h"
-
-#define OPTS_FORWARD_CREDS           0x00000002
-#define OPTS_FORWARDABLE_CREDS       0x00000001
-
-extern int auth_debug_mode;
-#endif
diff --git a/src/appl/telnet/libtelnet/deps b/src/appl/telnet/libtelnet/deps
deleted file mode 100644
index 09cecf0..0000000
--- a/src/appl/telnet/libtelnet/deps
+++ /dev/null
@@ -1,38 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-auth.so auth.po $(OUTPRE)auth.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  auth-proto.h auth.c auth.h enc-proto.h encrypt.h misc-proto.h
-encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  enc-proto.h encrypt.c encrypt.h misc-proto.h misc.h
-genget.so genget.po $(OUTPRE)genget.$(OBJEXT): genget.c \
-  misc-proto.h misc.h
-misc.so misc.po $(OUTPRE)misc.$(OBJEXT): auth-proto.h \
-  auth.h enc-proto.h encrypt.h misc-proto.h misc.c misc.h
-kerberos5.so kerberos5.po $(OUTPRE)kerberos5.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(srcdir)/../arpa/telnet.h \
-  auth-proto.h auth.h enc-proto.h encrypt.h kerberos5.c \
-  krb5forw.h misc-proto.h misc.h
-forward.so forward.po $(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h forward.c \
-  krb5forw.h
-enc_des.so enc_des.po $(OUTPRE)enc_des.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h $(srcdir)/../arpa/telnet.h \
-  enc-proto.h enc_des.c encrypt.h key-proto.h misc-proto.h
-setenv.so setenv.po $(OUTPRE)setenv.$(OBJEXT): misc-proto.h \
-  setenv.c
-getent.so getent.po $(OUTPRE)getent.$(OBJEXT): getent.c \
-  gettytab.h
-parsetos.so parsetos.po $(OUTPRE)parsetos.$(OBJEXT): \
-  misc-proto.h parsetos.c
-strdup.so strdup.po $(OUTPRE)strdup.$(OBJEXT): strdup.c
-strcasecmp.so strcasecmp.po $(OUTPRE)strcasecmp.$(OBJEXT): \
-  strcasecmp.c
-strchr.so strchr.po $(OUTPRE)strchr.$(OBJEXT): strchr.c
-strrchr.so strrchr.po $(OUTPRE)strrchr.$(OBJEXT): strrchr.c
-strftime.so strftime.po $(OUTPRE)strftime.$(OBJEXT): \
-  strftime.c
-strerror.so strerror.po $(OUTPRE)strerror.$(OBJEXT): \
-  strerror.c
diff --git a/src/appl/telnet/libtelnet/enc-proto.h b/src/appl/telnet/libtelnet/enc-proto.h
deleted file mode 100644
index eed7db6..0000000
--- a/src/appl/telnet/libtelnet/enc-proto.h
+++ /dev/null
@@ -1,144 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)enc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-#ifdef	ENCRYPTION
-void encrypt_init (char *, int);
-Encryptions *findencryption (int);
-Encryptions *finddecryption (int);
-void encrypt_send_supprt (void);
-void encrypt_auto (int);
-void decrypt_auto (int);
-void encrypt_debug (int);
-void encrypt_is (unsigned char *, int);
-void encrypt_reply (unsigned char *, int);
-void encrypt_start_input (int);
-void encrypt_session_key (Session_Key *, int);
-void encrypt_end_input (void);
-void encrypt_start_output (int);
-void encrypt_end_output (void);
-void encrypt_send_request_start (void);
-void encrypt_send_request_end (void);
-void encrypt_send_end (void);
-void encrypt_wait (void);
-int encrypt_is_encrypting (void);
-int EncryptAutoEnc (int);
-int EncryptAutoDec (int);
-int EncryptEnable (char *, char *);
-int EncryptDisable (char *, char *);
-int EncryptDebug (int);
-int EncryptType (char *, char *);
-int EncryptStart (char *);
-int EncryptStartInput (void);
-int EncryptStartOutput (void);
-int EncryptStop (char *);
-int EncryptStopInput (void);
-int EncryptStopOutput (void);
-int EncryptStatus (void);
-int EncryptVerbose (int);
-void encrypt_send_support (void);
-void encrypt_send_keyid (int, unsigned char *, unsigned int, int);
-int net_write (unsigned char *, int);
-void encrypt_gen_printsub (unsigned char *, int, unsigned char *, int);
-void encrypt_printsub (unsigned char *, int, unsigned char *, int);
-
-
-void encrypt_request_start (unsigned char *, int);
-void encrypt_request_end (void);
-void encrypt_enc_keyid (unsigned char *, int);
-void encrypt_dec_keyid (unsigned char *, int);
-void encrypt_support (unsigned char *, int);
-void encrypt_start (unsigned char *, int);
-void encrypt_end (void);
-
-
-#ifdef	TELENTD
-void encrypt_wait (void);
-#else
-void printsub (int, unsigned char *, int);
-int encrypt_cmd (int, char **);
-void encrypt_display (void);
-#endif
-
-void krbdes_encrypt (unsigned char *, int);
-int krbdes_decrypt (int);
-int krbdes_is (unsigned char *, int);
-int krbdes_reply (unsigned char *, int);
-void krbdes_init (int);
-int krbdes_start (int, int);
-void krbdes_session (Session_Key *, int);
-void krbdes_printsub (unsigned char *, int, unsigned char *, int);
-
-void cfb64_encrypt (unsigned char *, int);
-int cfb64_decrypt (int);
-void cfb64_init (int);
-int cfb64_start (int, int);
-int cfb64_is (unsigned char *, int);
-int cfb64_reply (unsigned char *, int);
-void cfb64_session (Session_Key *, int);
-int cfb64_keyid (int, unsigned char *, int *);
-void cfb64_printsub (unsigned char *, int, unsigned char *, int);
-
-void ofb64_encrypt (unsigned char *, int);
-int ofb64_decrypt (int);
-void ofb64_init (int);
-int ofb64_start (int, int);
-int ofb64_is (unsigned char *, int);
-int ofb64_reply (unsigned char *, int);
-void ofb64_session (Session_Key *, int);
-int ofb64_keyid (int, unsigned char *, int *);
-void ofb64_printsub (unsigned char *, int, unsigned char *, int);
-#endif	/* ENCRYPTION */
diff --git a/src/appl/telnet/libtelnet/enc_des.c b/src/appl/telnet/libtelnet/enc_des.c
deleted file mode 100644
index 9c20eb0..0000000
--- a/src/appl/telnet/libtelnet/enc_des.c
+++ /dev/null
@@ -1,780 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-/* based on @(#)enc_des.c	8.1 (Berkeley) 6/4/93 */
-
-#ifdef	ENCRYPTION
-# ifdef	AUTHENTICATION
-#  ifdef DES_ENCRYPTION
-#include <krb5.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#include "encrypt.h"
-#include "key-proto.h"
-#include "misc-proto.h"
-
-extern int encrypt_debug_mode;
-
-extern krb5_context telnet_context;
-
-#define	CFB	0
-#define	OFB	1
-
-#define	NO_SEND_IV	1
-#define	NO_RECV_IV	2
-#define	NO_KEYID	4
-#define	IN_PROGRESS	(NO_SEND_IV|NO_RECV_IV|NO_KEYID)
-#define	SUCCESS		0
-#define	FAILED		-1
-
-
-struct fb {
-	Block temp_feed;
-	unsigned char fb_feed[64];
-	int need_start;
-	int state[2];
-	int keyid[2];
-	int once;
-	int validkey;
-	struct stinfo {
-		Block		str_output;
-		Block		str_feed;
-		Block		str_iv;
-		unsigned char	str_keybytes[8]; /* yuck */
-		krb5_keyblock	str_key;
-		int		str_index;
-		int		str_flagshift;
-	} streams[2];
-};
-
-static struct fb fb[2];
-
-struct keyidlist {
-	char	*keyid;
-	int	keyidlen;
-	char	*key;
-	int	keylen;
-	int	flags;
-} keyidlist [] = {
-	{ "\0", 1, 0, 0, 0 },		/* default key of zero */
-	{ 0, 0, 0, 0, 0 }
-};
-
-#define	KEYFLAG_MASK	03
-
-#define	KEYFLAG_NOINIT	00
-#define	KEYFLAG_INIT	01
-#define	KEYFLAG_OK	02
-#define	KEYFLAG_BAD	03
-
-#define	KEYFLAG_SHIFT	2
-
-#define	SHIFT_VAL(a,b)	(KEYFLAG_SHIFT*((a)+((b)*2)))
-
-#define	FB64_IV		1
-#define	FB64_IV_OK	2
-#define	FB64_IV_BAD	3
-
-
-void fb64_stream_iv (Block, struct stinfo *);
-void fb64_init (struct fb *);
-static int fb64_start (struct fb *, int, int);
-int fb64_is (unsigned char *, int, struct fb *);
-int fb64_reply (unsigned char *, int, struct fb *);
-static void fb64_session (Session_Key *, int, struct fb *);
-void fb64_stream_key (Block, struct stinfo *);
-int fb64_keyid (int, unsigned char *, int *, struct fb *);
-void fb64_printsub (unsigned char *, int, unsigned char *, int,
-		     unsigned char *);
-
-static void ecb_encrypt(stp, in, out)
-     struct stinfo *stp;
-     Block in;
-     Block out;
-{
-	krb5_error_code code;
-	krb5_data din;
-	krb5_enc_data dout;
-
-	din.length = 8;
-	din.data = in;
-
-	dout.ciphertext.length = 8;
-	dout.ciphertext.data = out;
-	dout.enctype = ENCTYPE_UNKNOWN;
-
-	code = krb5_c_encrypt(telnet_context, &stp->str_key, 0, 0,
-			      &din, &dout);
-	/* XXX I'm not sure what to do if this fails */
-	if (code)
-		com_err("libtelnet", code, "encrypting stream data");
-}
-
-	void
-cfb64_init(server)
-	int server;
-{
-	fb64_init(&fb[CFB]);
-	fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
-}
-
-	void
-ofb64_init(server)
-	int server;
-{
-	fb64_init(&fb[OFB]);
-	fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
-	fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
-	fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
-}
-
-	void
-fb64_init(fbp)
-	register struct fb *fbp;
-{
-	memset(fbp, 0, sizeof(*fbp));
-	fbp->state[0] = fbp->state[1] = FAILED;
-	fbp->fb_feed[0] = IAC;
-	fbp->fb_feed[1] = SB;
-	fbp->fb_feed[2] = TELOPT_ENCRYPT;
-	fbp->fb_feed[3] = ENCRYPT_IS;
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- *	 2: Not yet.  Other things (like getting the key from
- *	    Kerberos) have to happen before we can continue.
- */
-	int
-cfb64_start(dir, server)
-	int dir;
-	int server;
-{
-	return(fb64_start(&fb[CFB], dir, server));
-}
-	int
-ofb64_start(dir, server)
-	int dir;
-	int server;
-{
-	return(fb64_start(&fb[OFB], dir, server));
-}
-
-	static int
-fb64_start(fbp, dir, server)
-	struct fb *fbp;
-	int dir;
-	int server;
-{
-	int x;
-	unsigned char *p;
-	register int state;
-
-	switch (dir) {
-	case DIR_DECRYPT:
-		/*
-		 * This is simply a request to have the other side
-		 * start output (our input).  He will negotiate an
-		 * IV so we need not look for it.
-		 */
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		break;
-
-	case DIR_ENCRYPT:
-		state = fbp->state[dir-1];
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		else if ((state & NO_SEND_IV) == 0)
-			break;
-
-		if (!fbp->validkey) {
-			fbp->need_start = 1;
-			break;
-		}
-		state &= ~NO_SEND_IV;
-		state |= NO_RECV_IV;
-		if (encrypt_debug_mode)
-			printf("Creating new feed\r\n");
-		/*
-		 * Create a random feed and send it over.
-		 */
-		{
-			krb5_data d;
-
-			d.data = fbp->temp_feed;
-			d.length = sizeof(fbp->temp_feed);
-
-			if (krb5_c_random_make_octets(telnet_context, &d))
-				return(FAILED);
-		}
-
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_IS;
-		p++;
-		*p++ = FB64_IV;
-		for (x = 0; x < sizeof(Block); ++x) {
-			if ((*p++ = fbp->temp_feed[x]) == IAC)
-				*p++ = IAC;
-		}
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-		break;
-	default:
-		return(FAILED);
-	}
-	return(fbp->state[dir-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-	int
-cfb64_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_is(data, cnt, &fb[CFB]));
-}
-	int
-ofb64_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_is(data, cnt, &fb[OFB]));
-}
-
-	int
-fb64_is(data, cnt, fbp)
-	unsigned char *data;
-	int cnt;
-	struct fb *fbp;
-{
-	unsigned char *p;
-	register int state = fbp->state[DIR_DECRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV:
-		if (cnt != sizeof(Block)) {
-			if (encrypt_debug_mode)
-				printf("CFB64: initial vector failed on size\r\n");
-			state = FAILED;
-			goto failure;
-		}
-
-		if (encrypt_debug_mode)
-			printf("CFB64: initial vector received\r\n");
-
-		if (encrypt_debug_mode)
-			printf("Initializing Decrypt stream\r\n");
-
-		fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]);
-
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_OK;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", *(data-1));
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		/*
-		 * We failed.  Send an FB64_IV_BAD option
-		 * to the other side so it will know that
-		 * things failed.
-		 */
-		p = fbp->fb_feed + 3;
-		*p++ = ENCRYPT_REPLY;
-		p++;
-		*p++ = FB64_IV_BAD;
-		*p++ = IAC;
-		*p++ = SE;
-		printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
-		net_write(fbp->fb_feed, p - fbp->fb_feed);
-
-		break;
-	}
-	return(fbp->state[DIR_DECRYPT-1] = state);
-}
-
-/*
- * Returns:
- *	-1: some error.  Negotiation is done, encryption not ready.
- *	 0: Successful, initial negotiation all done.
- *	 1: successful, negotiation not done yet.
- */
-	int
-cfb64_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_reply(data, cnt, &fb[CFB]));
-}
-	int
-ofb64_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	return(fb64_reply(data, cnt, &fb[OFB]));
-}
-
-
-	int
-fb64_reply(data, cnt, fbp)
-	unsigned char *data;
-	int cnt;
-	struct fb *fbp;
-{
-	register int state = fbp->state[DIR_ENCRYPT-1];
-
-	if (cnt-- < 1)
-		goto failure;
-
-	switch (*data++) {
-	case FB64_IV_OK:
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		if (state == FAILED)
-			state = IN_PROGRESS;
-		state &= ~NO_RECV_IV;
-		encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
-		break;
-
-	case FB64_IV_BAD:
-		memset(fbp->temp_feed, 0, sizeof(Block));
-		fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
-		state = FAILED;
-		break;
-
-	default:
-		if (encrypt_debug_mode) {
-			printf("Unknown option type: %d\r\n", data[-1]);
-			printd(data, cnt);
-			printf("\r\n");
-		}
-		/* FALL THROUGH */
-	failure:
-		state = FAILED;
-		break;
-	}
-	return(fbp->state[DIR_ENCRYPT-1] = state);
-}
-
-	void
-cfb64_session(key, server)
-	Session_Key *key;
-	int server;
-{
-	fb64_session(key, server, &fb[CFB]);
-}
-
-	void
-ofb64_session(key, server)
-	Session_Key *key;
-	int server;
-{
-	fb64_session(key, server, &fb[OFB]);
-}
-
-	static void
-fb64_session(key, server, fbp)
-	Session_Key *key;
-	int server;
-	struct fb *fbp;
-{
-	if (!key || key->type != SK_DES) {
-		if (encrypt_debug_mode)
-			printf("Can't set krbdes's session key (%d != %d)\r\n",
-				key ? key->type : -1, SK_DES);
-		return;
-	}
-
-	fbp->validkey = 1;
-
-	fb64_stream_key(key->data, &fbp->streams[DIR_ENCRYPT-1]);
-	fb64_stream_key(key->data, &fbp->streams[DIR_DECRYPT-1]);
-
-	/*
-	 * Now look to see if krbdes_start() was was waiting for
-	 * the key to show up.  If so, go ahead an call it now
-	 * that we have the key.
-	 */
-	if (fbp->need_start) {
-		fbp->need_start = 0;
-		fb64_start(fbp, DIR_ENCRYPT, server);
-	}
-}
-
-/*
- * We only accept a keyid of 0.  If we get a keyid of
- * 0, then mark the state as SUCCESS.
- */
-	int
-cfb64_keyid(dir, kp, lenp)
-	int dir, *lenp;
-	unsigned char *kp;
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
-}
-
-	int
-ofb64_keyid(dir, kp, lenp)
-	int dir, *lenp;
-	unsigned char *kp;
-{
-	return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
-}
-
-	int
-fb64_keyid(dir, kp, lenp, fbp)
-	int dir, *lenp;
-	unsigned char *kp;
-	struct fb *fbp;
-{
-	register int state = fbp->state[dir-1];
-
-	if (*lenp != 1 || (*kp != '\0')) {
-		*lenp = 0;
-		return(state);
-	}
-
-	if (state == FAILED)
-		state = IN_PROGRESS;
-
-	state &= ~NO_KEYID;
-
-	return(fbp->state[dir-1] = state);
-}
-
-	void
-fb64_printsub(data, cnt, buf, buflen, type)
-	unsigned char *data, *buf, *type;
-	int cnt, buflen;
-{
-	char lbuf[32];
-	register int i;
-	char *cp;
-
-	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
-	buflen -= 1;
-
-	switch(data[2]) {
-	case FB64_IV:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_OK:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
-		cp = lbuf;
-		goto common;
-
-	case FB64_IV_BAD:
-		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
-		cp = lbuf;
-		goto common;
-
-	default:
-		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
-		cp = lbuf;
-	common:
-		for (; (buflen > 0) && (*buf = *cp++); buf++)
-			buflen--;
-		for (i = 3; i < cnt; i++) {
-			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
-			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
-				buflen--;
-		}
-		break;
-	}
-}
-
-	void
-cfb64_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	fb64_printsub(data, cnt, buf, buflen, (unsigned char *) "CFB64");
-}
-
-	void
-ofb64_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	fb64_printsub(data, cnt, buf, buflen, (unsigned char *) "OFB64");
-}
-
-	void
-fb64_stream_iv(seed, stp)
-	Block seed;
-	register struct stinfo *stp;
-{
-	memcpy(stp->str_iv,     seed, sizeof(Block));
-	memcpy(stp->str_output, seed, sizeof(Block));
-
-	stp->str_index = sizeof(Block);
-}
-
-	void
-fb64_stream_key(key, stp)
-	Block key;
-	register struct stinfo *stp;
-{
-	memcpy(stp->str_keybytes, key, sizeof(Block));
-	stp->str_key.length = 8;
-	stp->str_key.contents = stp->str_keybytes;
-	/* the original version of this code uses des ecb mode, but
-	   it only ever does one block at a time.  cbc with a zero iv
-	   is identical */
-	stp->str_key.enctype = ENCTYPE_DES_CBC_RAW;
-
-	memcpy(stp->str_output, stp->str_iv, sizeof(Block));
-
-	stp->str_index = sizeof(Block);
-}
-
-/*
- * DES 64 bit Cipher Feedback
- *
- *     key --->+-----+
- *          +->| DES |--+
- *          |  +-----+  |
- *	    |           v
- *  INPUT --(--------->(+)+---> DATA
- *          |             |
- *	    +-------------+
- *
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	On = Dn ^ Vn
- *	V(n+1) = DES(On, key)
- */
-
-	void
-cfb64_encrypt(s, c)
-	register unsigned char *s;
-	int c;
-{
-	register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
-	register int idx;
-
-	idx = stp->str_index;
-	while (c-- > 0) {
-		if (idx == sizeof(Block)) {
-			Block b;
-			ecb_encrypt(stp, stp->str_output, b);
-			memcpy(stp->str_feed,b,sizeof(Block));
-			idx = 0;
-		}
-
-		/* On encryption, we store (feed ^ data) which is cypher */
-		*s = stp->str_output[idx] = (stp->str_feed[idx] ^ *s);
-		s++;
-		idx++;
-	}
-	stp->str_index = idx;
-}
-
-	int
-cfb64_decrypt(data)
-	int data;
-{
-	register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
-	int idx;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	idx = stp->str_index++;
-	if (idx == sizeof(Block)) {
-		Block b;
-		ecb_encrypt(stp, stp->str_output, b);
-		memcpy(stp->str_feed, b, sizeof(Block));
-		stp->str_index = 1;	/* Next time will be 1 */
-		idx = 0;		/* But now use 0 */
-	}
-
-	/* On decryption we store (data) which is cypher. */
-	stp->str_output[idx] = data;
-	return(data ^ stp->str_feed[idx]);
-}
-
-/*
- * DES 64 bit Output Feedback
- *
- * key --->+-----+
- *	+->| DES |--+
- *	|  +-----+  |
- *	+-----------+
- *	            v
- *  INPUT -------->(+) ----> DATA
- *
- * Given:
- *	iV: Initial vector, 64 bits (8 bytes) long.
- *	Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
- *	On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
- *
- *	V0 = DES(iV, key)
- *	V(n+1) = DES(Vn, key)
- *	On = Dn ^ Vn
- */
-	void
-ofb64_encrypt(s, c)
-	register unsigned char *s;
-	int c;
-{
-	register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
-	register int idx;
-
-	idx = stp->str_index;
-	while (c-- > 0) {
-		if (idx == sizeof(Block)) {
-			Block b;
-			ecb_encrypt(stp, stp->str_feed, b);
-			memcpy(stp->str_feed,b,sizeof(Block));
-			idx = 0;
-		}
-		*s++ ^= stp->str_feed[idx];
-		idx++;
-	}
-	stp->str_index = idx;
-}
-
-	int
-ofb64_decrypt(data)
-	int data;
-{
-	register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
-	int idx;
-
-	if (data == -1) {
-		/*
-		 * Back up one byte.  It is assumed that we will
-		 * never back up more than one byte.  If we do, this
-		 * may or may not work.
-		 */
-		if (stp->str_index)
-			--stp->str_index;
-		return(0);
-	}
-
-	idx = stp->str_index++;
-	if (idx == sizeof(Block)) {
-		Block b;
-		ecb_encrypt(stp, stp->str_feed, b);
-		memcpy(stp->str_feed, b, sizeof(Block));
-		stp->str_index = 1;	/* Next time will be 1 */
-		idx = 0;		/* But now use 0 */
-	}
-
-	return(data ^ stp->str_feed[idx]);
-}
-#  endif /* DES_ENCRYPTION */
-# endif	/* AUTHENTICATION */
-#else	/* ENCRYPTION */
-#include "misc-proto.h"
-#endif	/* ENCRYPTION */
diff --git a/src/appl/telnet/libtelnet/encrypt.c b/src/appl/telnet/libtelnet/encrypt.c
deleted file mode 100644
index 19e855d..0000000
--- a/src/appl/telnet/libtelnet/encrypt.c
+++ /dev/null
@@ -1,1014 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)encrypt.c	8.1 (Berkeley) 6/4/93 */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef	ENCRYPTION
-
-#include <stdio.h>
-#define	ENCRYPT_NAMES
-#include <arpa/telnet.h>
-
-#include "encrypt.h"
-#include "misc.h"
-
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-/*
- * These functions pointers point to the current routines
- * for encrypting and decrypting data.
- */
-void	(*encrypt_output) (unsigned char *, int);
-int	(*decrypt_input) (int);
-
-int encrypt_debug_mode = 0;
-static int decrypt_mode = 0;
-static int encrypt_mode = 0;
-static int encrypt_verbose = 0;
-static int autoencrypt = 0;
-static int autodecrypt = 0;
-static int havesessionkey = 0;
-static int Server = 0;
-static char *Name = "Noname";
-
-#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)
-
-static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
-				| typemask(ENCTYPE_DES_OFB64);
-static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
-				| typemask(ENCTYPE_DES_OFB64);
-static long i_wont_support_encrypt = 0;
-static long i_wont_support_decrypt = 0;
-#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
-#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)
-
-static long remote_supports_encrypt = 0;
-static long remote_supports_decrypt = 0;
-
-static Encryptions encryptions[] = {
-#ifdef	DES_ENCRYPTION
-    { "DES_CFB64",	ENCTYPE_DES_CFB64,
-			cfb64_encrypt,
-			cfb64_decrypt,
-			cfb64_init,
-			cfb64_start,
-			cfb64_is,
-			cfb64_reply,
-			cfb64_session,
-			cfb64_keyid,
-			cfb64_printsub },
-    { "DES_OFB64",	ENCTYPE_DES_OFB64,
-			ofb64_encrypt,
-			ofb64_decrypt,
-			ofb64_init,
-			ofb64_start,
-			ofb64_is,
-			ofb64_reply,
-			ofb64_session,
-			ofb64_keyid,
-			ofb64_printsub },
-#endif	/* DES_ENCRYPTION */
-    { 0, },
-};
-
-static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
-					 ENCRYPT_SUPPORT };
-static unsigned char str_suplen = 0;
-static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
-static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
-
-	Encryptions *
-findencryption(type)
-	int type;
-{
-	Encryptions *ep = encryptions;
-
-	if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
-		return(0);
-	while (ep->type && ep->type != type)
-		++ep;
-	return(ep->type ? ep : 0);
-}
-
-	Encryptions *
-finddecryption(type)
-	int type;
-{
-	Encryptions *ep = encryptions;
-
-	if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
-		return(0);
-	while (ep->type && ep->type != type)
-		++ep;
-	return(ep->type ? ep : 0);
-}
-
-#define	MAXKEYLEN 64
-
-static struct key_info {
-	unsigned char keyid[MAXKEYLEN];
-	int keylen;
-	int dir;
-	int *modep;
-	Encryptions *(*getcrypt)();
-} ki[2] = {
-	{ { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
-	{ { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
-};
-
-	void
-encrypt_init(name, server)
-	char *name;
-	int server;
-{
-	Encryptions *ep = encryptions;
-
-	Name = name;
-	Server = server;
-	i_support_encrypt = i_support_decrypt = 0;
-	remote_supports_encrypt = remote_supports_decrypt = 0;
-	encrypt_mode = 0;
-	decrypt_mode = 0;
-	encrypt_output = 0;
-	decrypt_input = 0;
-#ifdef notdef
-	encrypt_verbose = !server;
-#endif
-
-	str_suplen = 4;
-
-	while (ep->type) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: I will support %s\r\n",
-				Name, ENCTYPE_NAME(ep->type));
-		i_support_encrypt |= typemask(ep->type);
-		i_support_decrypt |= typemask(ep->type);
-		if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
-			if ((str_send[str_suplen++] = ep->type) == IAC)
-				str_send[str_suplen++] = IAC;
-		if (ep->init)
-			(*ep->init)(Server);
-		++ep;
-	}
-	str_send[str_suplen++] = IAC;
-	str_send[str_suplen++] = SE;
-}
-
-static	void
-encrypt_list_types()
-{
-	Encryptions *ep = encryptions;
-
-	printf("Valid encryption types:\n");
-	while (ep->type) {
-		printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
-		++ep;
-	}
-}
-
-	int
-EncryptEnable(type, mode)
-	char *type, *mode;
-{
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt enable <type> [input|output]\n");
-		encrypt_list_types();
-		return(0);
-	}
-	if (EncryptType(type, mode))
-		return(EncryptStart(mode));
-	return(0);
-}
-
-	int
-EncryptDisable(type, mode)
-	char *type, *mode;
-{
-	register Encryptions *ep;
-	int ret = 0;
-
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt disable <type> [input|output]\n");
-		encrypt_list_types();
-	} else if ((ep = (Encryptions *)genget(type, (char **) encryptions,
-						sizeof(Encryptions))) == 0) {
-		printf("%s: invalid encryption type\n", type);
-	} else if (Ambiguous(ep)) {
-		printf("Ambiguous type '%s'\n", type);
-	} else {
-		if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
-			if (decrypt_mode == ep->type)
-				EncryptStopInput();
-			i_wont_support_decrypt |= typemask(ep->type);
-			ret = 1;
-		}
-		if ((mode == 0) || (isprefix(mode, "output"))) {
-			if (encrypt_mode == ep->type)
-				EncryptStopOutput();
-			i_wont_support_encrypt |= typemask(ep->type);
-			ret = 1;
-		}
-		if (ret == 0)
-			printf("%s: invalid encryption mode\n", mode);
-	}
-	return(ret);
-}
-
-	int
-EncryptType(type, mode)
-	char *type;
-	char *mode;
-{
-	register Encryptions *ep;
-	int ret = 0;
-
-	if (isprefix(type, "help") || isprefix(type, "?")) {
-		printf("Usage: encrypt type <type> [input|output]\n");
-		encrypt_list_types();
-	} else if ((ep = (Encryptions *)genget(type, (char **) encryptions,
-						sizeof(Encryptions))) == 0) {
-		printf("%s: invalid encryption type\n", type);
-	} else if (Ambiguous(ep)) {
-		printf("Ambiguous type '%s'\n", type);
-	} else {
-		if ((mode == 0) || isprefix(mode, "input")) {
-			decrypt_mode = ep->type;
-			i_wont_support_decrypt &= ~typemask(ep->type);
-			ret = 1;
-		}
-		if ((mode == 0) || isprefix(mode, "output")) {
-			encrypt_mode = ep->type;
-			i_wont_support_encrypt &= ~typemask(ep->type);
-			ret = 1;
-		}
-		if (ret == 0)
-			printf("%s: invalid encryption mode\n", mode);
-	}
-	return(ret);
-}
-
-	int
-EncryptStart(mode)
-	char *mode;
-{
-	register int ret = 0;
-	if (mode) {
-		if (isprefix(mode, "input"))
-			return(EncryptStartInput());
-		if (isprefix(mode, "output"))
-			return(EncryptStartOutput());
-		if (isprefix(mode, "help") || isprefix(mode, "?")) {
-			printf("Usage: encrypt start [input|output]\n");
-			return(0);
-		}
-		printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode);
-		return(0);
-	}
-	ret += EncryptStartInput();
-	ret += EncryptStartOutput();
-	return(ret);
-}
-
-	int
-EncryptStartInput()
-{
-	if (decrypt_mode) {
-		encrypt_send_request_start();
-		return(1);
-	}
-	if (!Server)
-	    printf("No previous decryption mode, decryption not enabled\r\n");
-	return(0);
-}
-
-	int
-EncryptStartOutput()
-{
-	if (encrypt_mode) {
-		encrypt_start_output(encrypt_mode);
-		return(1);
-	}
-	if (!Server)
-	    printf("No previous encryption mode, encryption not enabled\r\n");
-	return(0);
-}
-
-	int
-EncryptStop(mode)
-	char *mode;
-{
-	int ret = 0;
-	if (mode) {
-		if (isprefix(mode, "input"))
-			return(EncryptStopInput());
-		if (isprefix(mode, "output"))
-			return(EncryptStopOutput());
-		if (isprefix(mode, "help") || isprefix(mode, "?")) {
-			printf("Usage: encrypt stop [input|output]\n");
-			return(0);
-		}
-		printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode);
-		return(0);
-	}
-	ret += EncryptStopInput();
-	ret += EncryptStopOutput();
-	return(ret);
-}
-
-	int
-EncryptStopInput()
-{
-	encrypt_send_request_end();
-	return(1);
-}
-
-	int
-EncryptStopOutput()
-{
-	encrypt_send_end();
-	return(1);
-}
-
-	void
-encrypt_display()
-{
-	if (encrypt_output)
-		printf("Currently encrypting output with %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	if (decrypt_input)
-		printf("Currently decrypting input with %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-}
-
-	int
-EncryptStatus()
-{
-	if (encrypt_output)
-		printf("Currently encrypting output with %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	else if (encrypt_mode) {
-		printf("Currently output is clear text.\r\n");
-		printf("Last encryption mode was %s\r\n",
-			ENCTYPE_NAME(encrypt_mode));
-	}
-	if (decrypt_input) {
-		printf("Currently decrypting input with %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-	} else if (decrypt_mode) {
-		printf("Currently input is clear text.\r\n");
-		printf("Last decryption mode was %s\r\n",
-			ENCTYPE_NAME(decrypt_mode));
-	}
-	return 1;
-}
-
-	void
-encrypt_send_support()
-{
-	if (str_suplen) {
-		/*
-		 * If the user has requested that decryption start
-		 * immediatly, then send a "REQUEST START" before
-		 * we negotiate the type.
-		 */
-		if (!Server && autodecrypt)
-			encrypt_send_request_start();
-		net_write(str_send, str_suplen);
-		printsub('>', &str_send[2], str_suplen - 2);
-		str_suplen = 0;
-	}
-}
-
-	int
-EncryptDebug(on)
-	int on;
-{
-	if (on < 0)
-		encrypt_debug_mode ^= 1;
-	else
-		encrypt_debug_mode = on;
-	printf("Encryption debugging %s\r\n",
-		encrypt_debug_mode ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-EncryptVerbose(on)
-	int on;
-{
-	if (on < 0)
-		encrypt_verbose ^= 1;
-	else
-		encrypt_verbose = on;
-	printf("Encryption %s verbose\r\n",
-		encrypt_verbose ? "is" : "is not");
-	return(1);
-}
-
-	int
-EncryptAutoEnc(on)
-	int on;
-{
-	encrypt_auto(on);
-	printf("Automatic encryption of output is %s\r\n",
-		autoencrypt ? "enabled" : "disabled");
-	return(1);
-}
-
-	int
-EncryptAutoDec(on)
-	int on;
-{
-	decrypt_auto(on);
-	printf("Automatic decryption of input is %s\r\n",
-		autodecrypt ? "enabled" : "disabled");
-	return(1);
-}
-
-/*
- * Called when ENCRYPT SUPPORT is received.
- */
-	void
-encrypt_support(typelist, cnt)
-	unsigned char *typelist;
-	int cnt;
-{
-	register int type, use_type = 0;
-	Encryptions *ep;
-
-	/*
-	 * Forget anything the other side has previously told us.
-	 */
-	remote_supports_decrypt = 0;
-
-	while (cnt-- > 0) {
-		type = *typelist++;
-		if (encrypt_debug_mode)
-			printf(">>>%s: He is supporting %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME(type), type);
-		if ((type < ENCTYPE_CNT) &&
-		    (I_SUPPORT_ENCRYPT & typemask(type))) {
-			remote_supports_decrypt |= typemask(type);
-			if (use_type == 0)
-				use_type = type;
-		}
-	}
-	if (use_type) {
-		ep = findencryption(use_type);
-		if (!ep)
-			return;
-		type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
-		if (encrypt_debug_mode)
-			printf(">>>%s: (*ep->start)() returned %d\r\n",
-					Name, type);
-		if (type < 0)
-			return;
-		encrypt_mode = use_type;
-		if (type == 0)
-			encrypt_start_output(use_type);
-	}
-}
-
-	void
-encrypt_is(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-	register int type, ret;
-
-	if (--cnt < 0)
-		return;
-	type = *data++;
-	if (type < ENCTYPE_CNT)
-		remote_supports_encrypt |= typemask(type);
-	if (!(ep = finddecryption(type))) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		return;
-	}
-	if (!ep->is) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		ret = 0;
-	} else {
-		ret = (*ep->is)(data, cnt);
-		if (encrypt_debug_mode)
-			printf("(*ep->is)(%lx, %d) returned %s(%d)\n",
-			        (unsigned long) data, cnt,
-				(ret < 0) ? "FAIL " :
-				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-	}
-	if (ret < 0) {
-		autodecrypt = 0;
-	} else {
-		decrypt_mode = type;
-		if (ret == 0 && autodecrypt)
-			encrypt_send_request_start();
-	}
-}
-
-	void
-encrypt_reply(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-	register int ret, type;
-
-	if (--cnt < 0)
-		return;
-	type = *data++;
-	if (!(ep = findencryption(type))) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		return;
-	}
-	if (!ep->reply) {
-		if (encrypt_debug_mode)
-			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		ret = 0;
-	} else {
-		ret = (*ep->reply)(data, cnt);
-		if (encrypt_debug_mode)
-			printf("(*ep->reply)(%lx, %d) returned %s(%d)\n",
-				(unsigned long) data, cnt,
-				(ret < 0) ? "FAIL " :
-				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
-	}
-	if (encrypt_debug_mode)
-		printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
-	if (ret < 0) {
-		autoencrypt = 0;
-	} else {
-		encrypt_mode = type;
-		if (ret == 0 && autoencrypt)
-			encrypt_start_output(type);
-	}
-}
-
-/*
- * Called when a ENCRYPT START command is received.
- */
-	void
-encrypt_start(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	Encryptions *ep;
-
-	if (!decrypt_mode) {
-		/*
-		 * Something is wrong.  We should not get a START
-		 * command without having already picked our
-		 * decryption scheme.  Send a REQUEST-END to
-		 * attempt to clear the channel...
-		 */
-		printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name);
-		encrypt_send_request_end();
-		return;
-	}
-
-	if ((ep = finddecryption(decrypt_mode))) {
-		decrypt_input = ep->input;
-		if (encrypt_verbose)
-			printf("[ Input is now decrypted with type %s ]\r\n",
-				ENCTYPE_NAME(decrypt_mode));
-		if (encrypt_debug_mode)
-			printf(">>>%s: Start to decrypt input with type %s\r\n",
-				Name, ENCTYPE_NAME(decrypt_mode));
-	} else {
-		printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
-				Name,
-				ENCTYPE_NAME_OK(decrypt_mode)
-					? ENCTYPE_NAME(decrypt_mode)
-					: "(unknown)",
-				decrypt_mode);
-		encrypt_send_request_end();
-	}
-}
-
-	void
-encrypt_session_key(key, server)
-	Session_Key *key;
-	int server;
-{
-	Encryptions *ep = encryptions;
-
-	havesessionkey = 1;
-
-	while (ep->type) {
-		if (ep->session)
-			(*ep->session)(key, server);
-#ifdef notdef
-		if (!encrypt_output && autoencrypt && !server)
-			encrypt_start_output(ep->type);
-		if (!decrypt_input && autodecrypt && !server)
-			encrypt_send_request_start();
-#endif
-		++ep;
-	}
-}
-
-/*
- * Called when ENCRYPT END is received.
- */
-	void
-encrypt_end()
-{
-	decrypt_input = 0;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Input is back to clear text\r\n", Name);
-	if (encrypt_verbose)
-		printf("[ Input is now clear text ]\r\n");
-}
-
-/*
- * Called when ENCRYPT REQUEST-END is received.
- */
-	void
-encrypt_request_end()
-{
-	encrypt_send_end();
-}
-
-/*
- * Called when ENCRYPT REQUEST-START is received.  If we receive
- * this before a type is picked, then that indicates that the
- * other side wants us to start encrypting data as soon as we
- * can.
- */
-	void
-encrypt_request_start(data, cnt)
-	unsigned char *data;
-	int cnt;
-{
-	if (encrypt_mode == 0)  {
-		if (Server)
-			autoencrypt = 1;
-		return;
-	}
-	encrypt_start_output(encrypt_mode);
-}
-
-static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
-
-static void encrypt_keyid (struct key_info *kp, unsigned char *, unsigned int);
-
-void encrypt_enc_keyid(keyid, len)
-	unsigned char *keyid;
-	int len;
-{
-	encrypt_keyid(&ki[1], keyid, (unsigned) len);
-}
-
-void encrypt_dec_keyid(keyid, len)
-	unsigned char *keyid;
-	int len;
-{
-	encrypt_keyid(&ki[0], keyid, (unsigned) len);
-}
-
-static void encrypt_keyid(kp, keyid, len)
-	struct key_info *kp;
-	unsigned char *keyid;
-	unsigned int len;
-{
-	Encryptions *ep;
-	int dir = kp->dir;
-	register int ret = 0;
-
-	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
-		if (len == 0)
-			return;
-		kp->keylen = 0;
-	} else if (len == 0) {
-		/*
-		 * Empty option, indicates a failure.
-		 */
-		if (kp->keylen == 0)
-			return;
-		kp->keylen = 0;
-		if (ep->keyid)
-			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-
-	} else if ((len != kp->keylen) ||
-		   (memcmp(keyid, kp->keyid, len) != 0)) {
-		/*
-		 * Length or contents are different
-		 */
-		kp->keylen = len;
-		memcpy(kp->keyid, keyid, len);
-		if (ep->keyid)
-			(void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
-	} else {
-		if (ep->keyid)
-			ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
-		if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
-			encrypt_start_output(*kp->modep);
-		return;
-	}
-
-	encrypt_send_keyid(dir, kp->keyid, (unsigned) kp->keylen, 0);
-}
-
-	void
-encrypt_send_keyid(dir, keyid, keylen, saveit)
-	int dir;
-	unsigned char *keyid;
-	unsigned int keylen;
-	int saveit;
-{
-	unsigned char *strp;
-
-	str_keyid[3] = (dir == DIR_ENCRYPT)
-			? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
-	if (saveit) {
-		struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
-		memcpy(kp->keyid, keyid, keylen);
-		kp->keylen = keylen;
-	}
-
-	for (strp = &str_keyid[4]; keylen > 0; --keylen) {
-		if ((*strp++ = *keyid++) == IAC)
-			*strp++ = IAC;
-	}
-	*strp++ = IAC;
-	*strp++ = SE;
-	net_write(str_keyid, strp - str_keyid);
-	printsub('>', &str_keyid[2], strp - str_keyid - 2);
-}
-
-	void
-encrypt_auto(on)
-	int on;
-{
-	if (on < 0)
-		autoencrypt ^= 1;
-	else
-		autoencrypt = on ? 1 : 0;
-}
-
-	void
-decrypt_auto(on)
-	int on;
-{
-	if (on < 0)
-		autodecrypt ^= 1;
-	else
-		autodecrypt = on ? 1 : 0;
-}
-
-	void
-encrypt_start_output(type)
-	int type;
-{
-	Encryptions *ep;
-	register unsigned char *p;
-	register int i;
-
-	if (!(ep = findencryption(type))) {
-		if (encrypt_debug_mode) {
-			printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
-				Name,
-				ENCTYPE_NAME_OK(type)
-					? ENCTYPE_NAME(type) : "(unknown)",
-				type);
-		}
-		return;
-	}
-	if (ep->start) {
-		i = (*ep->start)(DIR_ENCRYPT, Server);
-		if (encrypt_debug_mode) {
-			printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
-				Name,
-				(i < 0) ? "failed" :
-					"initial negotiation in progress",
-				i, ENCTYPE_NAME(type));
-		}
-		if (i)
-			return;
-	}
-	p = str_start + 3;
-	*p++ = ENCRYPT_START;
-	for (i = 0; i < ki[0].keylen; ++i) {
-		if ((*p++ = ki[0].keyid[i]) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	net_write(str_start, p - str_start);
-	net_encrypt();
-	printsub('>', &str_start[2], p - &str_start[2]);
-	/*
-	 * If we are already encrypting in some mode, then
-	 * encrypt the ring (which includes our request) in
-	 * the old mode, mark it all as "clear text" and then
-	 * switch to the new mode.
-	 */
-	encrypt_output = ep->output;
-	encrypt_mode = type;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Started to encrypt output with type %s\r\n",
-			Name, ENCTYPE_NAME(type));
-	if (encrypt_verbose)
-		printf("[ Output is now encrypted with type %s ]\r\n",
-			ENCTYPE_NAME(type));
-}
-
-	void
-encrypt_send_end()
-{
-	if (!encrypt_output)
-		return;
-
-	str_end[3] = ENCRYPT_END;
-	net_write(str_end, sizeof(str_end));
-	net_encrypt();
-	printsub('>', &str_end[2], sizeof(str_end) - 2);
-	/*
-	 * Encrypt the output buffer now because it will not be done by
-	 * netflush...
-	 */
-	encrypt_output = 0;
-	if (encrypt_debug_mode)
-		printf(">>>%s: Output is back to clear text\r\n", Name);
-	if (encrypt_verbose)
-		printf("[ Output is now clear text ]\r\n");
-}
-
-	void
-encrypt_send_request_start()
-{
-	register unsigned char *p;
-	register int i;
-
-	p = &str_start[3];
-	*p++ = ENCRYPT_REQSTART;
-	for (i = 0; i < ki[1].keylen; ++i) {
-		if ((*p++ = ki[1].keyid[i]) == IAC)
-			*p++ = IAC;
-	}
-	*p++ = IAC;
-	*p++ = SE;
-	net_write(str_start, p - str_start);
-	printsub('>', &str_start[2], p - &str_start[2]);
-	if (encrypt_debug_mode)
-		printf(">>>%s: Request input to be encrypted\r\n", Name);
-}
-
-	void
-encrypt_send_request_end()
-{
-	str_end[3] = ENCRYPT_REQEND;
-	net_write(str_end, sizeof(str_end));
-	printsub('>', &str_end[2], sizeof(str_end) - 2);
-
-	if (encrypt_debug_mode)
-		printf(">>>%s: Request input to be clear text\r\n", Name);
-}
-
-	void
-encrypt_wait()
-{
-	if (encrypt_debug_mode)
-		printf(">>>%s: in encrypt_wait\r\n", Name);
-	if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
-		return;
-	while (autoencrypt && !encrypt_output)
-		if (telnet_spin())
-			return;
-}
-
-int encrypt_is_encrypting()
-{
-    if (encrypt_output && decrypt_input)
-	return 1;
-    return 0;
-}
-
-	void
-encrypt_debug(mode)
-	int mode;
-{
-	encrypt_debug_mode = mode;
-}
-
-	void
-encrypt_gen_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	char tbuf[16], *cp;
-
-	cnt -= 2;
-	data += 2;
-	buf[buflen-1] = '\0';
-	buf[buflen-2] = '*';
-	buflen -= 2;;
-	for (; cnt > 0; cnt--, data++) {
-		snprintf(tbuf, sizeof(tbuf), " %d", *data);
-		for (cp = tbuf; *cp && buflen > 0; --buflen)
-			*buf++ = *cp++;
-		if (buflen <= 0)
-			return;
-	}
-	*buf = '\0';
-}
-
-	void
-encrypt_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt, buflen;
-{
-	Encryptions *ep;
-	register int type = data[1];
-
-	for (ep = encryptions; ep->type && ep->type != type; ep++)
-		;
-
-	if (ep->printsub)
-		(*ep->printsub)(data, cnt, buf, buflen);
-	else
-		encrypt_gen_printsub(data, cnt, buf, buflen);
-}
-#else	/* ENCRYPTION */
-#include "misc-proto.h"
-#endif	/* ENCRYPTION */
diff --git a/src/appl/telnet/libtelnet/encrypt.h b/src/appl/telnet/libtelnet/encrypt.h
deleted file mode 100644
index 4efac57..0000000
--- a/src/appl/telnet/libtelnet/encrypt.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)encrypt.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifdef	ENCRYPTION
-# ifndef __ENCRYPTION__
-# define __ENCRYPTION__
-
-#define	DIR_DECRYPT		1
-#define	DIR_ENCRYPT		2
-
-typedef	unsigned char Block[8];
-typedef unsigned char *BlockT;
-typedef struct { Block _; } Schedule[16];
-
-#define	VALIDKEY(key)	( key[0] | key[1] | key[2] | key[3] | \
-			  key[4] | key[5] | key[6] | key[7])
-
-#define	SAMEKEY(k1, k2)	(!memcmp((void *)k1, (void *)k2, sizeof(Block)))
-
-typedef	struct {
-	short		type;
-	int		length;
-	unsigned char	*data;
-} Session_Key;
-
-typedef struct {
-	char	*name;
-	int	type;
-	void	(*output) (unsigned char *, int);
-	int	(*input) (int);
-	void	(*init) (int);
-	int	(*start) (int, int);
-	int	(*is) (unsigned char *, int);
-	int	(*reply) (unsigned char *, int);
-	void	(*session) (Session_Key *, int);
-	int	(*keyid) (int, unsigned char *, int *);
-	void	(*printsub) (unsigned char *, int, unsigned char *, int);
-} Encryptions;
-
-#define	SK_DES		1	/* Matched Kerberos v5 ENCTYPE_DES */
-
-#include "enc-proto.h"
-
-extern int encrypt_debug_mode;
-extern int (*decrypt_input) (int);
-extern void (*encrypt_output) (unsigned char *, int);
-# endif /* __ENCRYPTION__ */
-#endif /* ENCRYPTION */
diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c
deleted file mode 100644
index 98afb39..0000000
--- a/src/appl/telnet/libtelnet/forward.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * appl/telnet/libtelnet/forward.c
- */
-
-/*
- * Copyright (c) 1983 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-
-/* General-purpose forwarding routines. These routines may be put into */
-/* libkrb5.a to allow widespread use */
-
-#if defined(KERBEROS) || defined(KRB5)
-#include <stdio.h>
-#include <netdb.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include "krb5.h"
-#include <errno.h>
-
-#include "krb5forw.h"
-
-#if defined(NEED_SETENV) || defined(NEED_SETENV_PROTO)
-extern int setenv(char *, char *, int);
-#endif
-
-extern char *line;		/* see sys_term.c */
-
-/* Decode, decrypt and store the forwarded creds in the local ccache. */
-krb5_error_code
-rd_and_store_for_creds(context, auth_context, inbuf, ticket)
-    krb5_context context;
-    krb5_auth_context auth_context;
-    krb5_data *inbuf;
-    krb5_ticket *ticket;
-{
-    krb5_creds **creds;
-    krb5_error_code retval;
-    char ccname[35];
-    krb5_ccache ccache = NULL;
-
-    if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)))
-	return(retval);
-
-    snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid());
-    setenv("KRB5CCNAME", ccname, 1);
-
-    if ((retval = krb5_cc_resolve(context, ccname, &ccache)))
-	goto cleanup;
-
-    if ((retval = krb5_cc_initialize(context, ccache,
-				     ticket->enc_part2->client)))
-	goto cleanup;
-
-    if ((retval = krb5_cc_store_cred(context, ccache, *creds)))
-	goto cleanup;
-
-cleanup:
-    krb5_free_creds(context, *creds);
-    return retval;
-}
-
-#endif /* defined(KRB5) && defined(FORWARD) */
diff --git a/src/appl/telnet/libtelnet/genget.c b/src/appl/telnet/libtelnet/genget.c
deleted file mode 100644
index bc307c8..0000000
--- a/src/appl/telnet/libtelnet/genget.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)genget.c	8.1 (Berkeley) 6/4/93 */
-
-#include <ctype.h>
-#include "misc.h"
-
-#define	LOWER(x) (isupper((int) x) ? tolower((int) x) : (x))
-/*
- * The prefix function returns 0 if *s1 is not a prefix
- * of *s2.  If *s1 exactly matches *s2, the negative of
- * the length is returned.  If *s1 is a prefix of *s2,
- * the length of *s1 is returned.
- */
-	int
-isprefix(s1, s2)
-	register char *s1, *s2;
-{
-        char *os1;
-	register char c1, c2;
-
-        if (*s1 == '\0')
-                return(-1);
-        os1 = s1;
-	c1 = *s1;
-	c2 = *s2;
-        while (LOWER(c1) == LOWER(c2)) {
-		if (c1 == '\0')
-			break;
-                c1 = *++s1;
-                c2 = *++s2;
-        }
-        return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
-}
-
-static char *ambiguous;		/* special return value for command routines */
-
-	char **
-genget(name, table, stlen)
-	char	*name;		/* name to match */
-	char	**table;	/* name entry in table */
-	int	stlen;
-{
-	register char **c, **found;
-	register int n;
-
-	if (name == 0)
-	    return 0;
-
-	found = 0;
-	for (c = table; *c != 0; c = (char **)((char *)c + stlen)) {
-		if ((n = isprefix(name, *c)) == 0)
-			continue;
-		if (n < 0)		/* exact match */
-			return(c);
-		if (found)
-			return(&ambiguous);
-		found = c;
-	}
-	return(found);
-}
-
-/*
- * Function call version of Ambiguous()
- */
-	int
-Ambiguous(s)
-	void *s;
-{
-	return((char **)s == &ambiguous);
-}
diff --git a/src/appl/telnet/libtelnet/getent.c b/src/appl/telnet/libtelnet/getent.c
deleted file mode 100644
index b80439e..0000000
--- a/src/appl/telnet/libtelnet/getent.c
+++ /dev/null
@@ -1,71 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)getent.c	8.1 (Berkeley) 6/4/93 */
-
-#include "gettytab.h"
-
-#ifdef	HAVE_CGETENT
-static char *area;
-#endif
-
-/*ARGSUSED*/
-int
-getent(cp, name)
-char *cp, *name;
-{
-#ifdef	HAVE_CGETENT
-	char *dba[2];
-
-	dba[0] = "/etc/gettytab";
-	dba[1] = 0;
-	return((cgetent(&area, dba, name) == 0) ? 1 : 0);
-#else
-	return(0);
-#endif
-}
-
-#ifndef	SOLARIS
-/*ARGSUSED*/
-char *
-getstr(id, cpp)
-char *id, **cpp;
-{
-#ifdef	HAVE_CGETENT
-	char *answer;
-	return((cgetstr(area, id, &answer) > 0) ? answer : 0);
-#else
-	return(0);
-#endif
-}
-#endif
diff --git a/src/appl/telnet/libtelnet/getopt.c b/src/appl/telnet/libtelnet/getopt.c
deleted file mode 100644
index d61cc3c..0000000
--- a/src/appl/telnet/libtelnet/getopt.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)getopt.c	8.1 (Berkeley) 6/4/93 */
-
-#ifndef __STDC__
-#define const
-#endif
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * get option letter from argument vector
- */
-int	opterr = 1,		/* if error message should be printed */
-	optind = 1,		/* index into parent argv vector */
-	optopt,			/* character checked for validity */
-	optreset;		/* reset getopt */
-char	*optarg;		/* argument associated with option */
-
-#define	BADCH	(int)'?'
-#define	BADARG	(int)':'
-#define	EMSG	""
-
-int
-getopt(nargc, nargv, ostr)
-	int nargc;
-	char * const *nargv;
-	const char *ostr;
-{
-	static char *place = EMSG;		/* option letter processing */
-	register char *oli;			/* option letter list index */
-	char *p;
-
-	if (optreset || !*place) {		/* update scanning pointer */
-		optreset = 0;
-		if (optind >= nargc || *(place = nargv[optind]) != '-') {
-			place = EMSG;
-			return(-1);
-		}
-		if (place[1] && *++place == '-') {	/* found "--" */
-			++optind;
-			place = EMSG;
-			return(-1);
-		}
-	}					/* option letter okay? */
-	if ((optopt = (int)*place++) == (int)':' ||
-	    !(oli = index(ostr, optopt))) {
-		/*
-		 * if the user didn't specify '-' as an option,
-		 * assume it means EOF.
-		 */
-		if (optopt == (int)'-')
-			return(-1);
-		if (!*place)
-			++optind;
-		if (opterr && *ostr != ':') {
-			if (!(p = rindex(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			(void)fprintf(stderr, "%s: illegal option -- %c\n",
-			    p, optopt);
-		}
-		return(BADCH);
-	}
-	if (*++oli != ':') {			/* don't need argument */
-		optarg = NULL;
-		if (!*place)
-			++optind;
-	}
-	else {					/* need an argument */
-		if (*place)			/* no white space */
-			optarg = place;
-		else if (nargc <= ++optind) {	/* no arg */
-			place = EMSG;
-			if (!(p = rindex(*nargv, '/')))
-				p = *nargv;
-			else
-				++p;
-			if (*ostr == ':')
-				return(BADARG);
-			if (opterr)
-				(void)fprintf(stderr,
-				    "%s: option requires an argument -- %c\n",
-				    p, optopt);
-			return(BADCH);
-		}
-	 	else				/* white space */
-			optarg = nargv[optind];
-		place = EMSG;
-		++optind;
-	}
-	return(optopt);				/* dump back option letter */
-}
diff --git a/src/appl/telnet/libtelnet/gettytab.c b/src/appl/telnet/libtelnet/gettytab.c
deleted file mode 100644
index d50f879..0000000
--- a/src/appl/telnet/libtelnet/gettytab.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 1980 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- */
-
-/* based on @(#)gettytab.c	5.1 (Berkeley) 4/29/85 */
-
-#include <ctype.h>
-
-#define	TABBUFSIZ	512
-
-static	char *tbuf;
-int	hopcount;	/* detect infinite loops in termcap, init 0 */
-char	*skip();
-char	*getstr();
-char	*decode();
-
-/*
- * Get an entry for terminal name in buffer bp,
- * from the termcap file.  Parse is very rudimentary;
- * we just notice escaped newlines.
- */
-getent(bp, name)
-	char *bp, *name;
-{
-	register char *cp;
-	register int c;
-	register int i = 0, cnt = 0;
-	char ibuf[TABBUFSIZ];
-	char *cp2;
-	int tf;
-
-	tbuf = bp;
-	tf = open("/etc/gettytab", 0);
-	if (tf < 0)
-		return (-1);
-	for (;;) {
-		cp = bp;
-		for (;;) {
-			if (i == cnt) {
-				cnt = read(tf, ibuf, TABBUFSIZ);
-				if (cnt <= 0) {
-					close(tf);
-					return (0);
-				}
-				i = 0;
-			}
-			c = ibuf[i++];
-			if (c == '\n') {
-				if (cp > bp && cp[-1] == '\\'){
-					cp--;
-					continue;
-				}
-				break;
-			}
-			if (cp >= bp+TABBUFSIZ) {
-				write(2,"Gettytab entry too long\n", 24);
-				break;
-			} else
-				*cp++ = c;
-		}
-		*cp = 0;
-
-		/*
-		 * The real work for the match.
-		 */
-		if (namatch(name)) {
-			close(tf);
-			return(nchktc());
-		}
-	}
-}
-
-/*
- * tnchktc: check the last entry, see if it's tc=xxx. If so,
- * recursively find xxx and append that entry (minus the names)
- * to take the place of the tc=xxx entry. This allows termcap
- * entries to say "like an HP2621 but doesn't turn on the labels".
- * Note that this works because of the left to right scan.
- */
-#define	MAXHOP	32
-nchktc()
-{
-	register char *p, *q;
-	char tcname[16];	/* name of similar terminal */
-	char tcbuf[TABBUFSIZ];
-	char *holdtbuf = tbuf;
-	int l;
-
-	p = tbuf + strlen(tbuf) - 2;	/* before the last colon */
-	while (*--p != ':')
-		if (p<tbuf) {
-			write(2, "Bad gettytab entry\n", 19);
-			return (0);
-		}
-	p++;
-	/* p now points to beginning of last field */
-	if (p[0] != 't' || p[1] != 'c')
-		return(1);
-	strncpy(tcname, p + 3, sizeof(tcname) - 1);
-	tcname[sizeof(tcname) - 1] = '\0';
-	q = tcname;
-	while (*q && *q != ':')
-		q++;
-	*q = 0;
-	if (++hopcount > MAXHOP) {
-		write(2, "Getty: infinite tc= loop\n", 25);
-		return (0);
-	}
-	if (getent(tcbuf, tcname) != 1)
-		return(0);
-	for (q=tcbuf; *q != ':'; q++)
-		;
-	l = p - holdtbuf + strlen(q);
-	if (l > TABBUFSIZ) {
-		write(2, "Gettytab entry too long\n", 24);
-		q[TABBUFSIZ - (p-tbuf)] = 0;
-	}
-	strlcpy(p, q+1, TABBUFSIZ - (p-tbuf));
-	tbuf = holdtbuf;
-	return(1);
-}
-
-/*
- * Tnamatch deals with name matching.  The first field of the termcap
- * entry is a sequence of names separated by |'s, so we compare
- * against each such name.  The normal : terminator after the last
- * name (before the first field) stops us.
- */
-namatch(np)
-	char *np;
-{
-	register char *Np, *Bp;
-
-	Bp = tbuf;
-	if (*Bp == '#')
-		return(0);
-	for (;;) {
-		for (Np = np; *Np && *Bp == *Np; Bp++, Np++)
-			continue;
-		if (*Np == 0 && (*Bp == '|' || *Bp == ':' || *Bp == 0))
-			return (1);
-		while (*Bp && *Bp != ':' && *Bp != '|')
-			Bp++;
-		if (*Bp == 0 || *Bp == ':')
-			return (0);
-		Bp++;
-	}
-}
-
-/*
- * Skip to the next field.  Notice that this is very dumb, not
- * knowing about \: escapes or any such.  If necessary, :'s can be put
- * into the termcap file in octal.
- */
-static char *
-skip(bp)
-	register char *bp;
-{
-
-	while (*bp && *bp != ':')
-		bp++;
-	if (*bp == ':')
-		bp++;
-	return (bp);
-}
-
-/*
- * Return the (numeric) option id.
- * Numeric options look like
- *	li#80
- * i.e. the option string is separated from the numeric value by
- * a # character.  If the option is not found we return -1.
- * Note that we handle octal numbers beginning with 0.
- */
-long
-getnum(id)
-	char *id;
-{
-	register long i, base;
-	register char *bp = tbuf;
-
-	for (;;) {
-		bp = skip(bp);
-		if (*bp == 0)
-			return (-1);
-		if (*bp++ != id[0] || *bp == 0 || *bp++ != id[1])
-			continue;
-		if (*bp == '@')
-			return(-1);
-		if (*bp != '#')
-			continue;
-		bp++;
-		base = 10;
-		if (*bp == '0')
-			base = 8;
-		i = 0;
-		while (isdigit(*bp))
-			i *= base, i += *bp++ - '0';
-		return (i);
-	}
-}
-
-/*
- * Handle a flag option.
- * Flag options are given "naked", i.e. followed by a : or the end
- * of the buffer.  Return 1 if we find the option, or 0 if it is
- * not given.
- */
-getflag(id)
-	char *id;
-{
-	register char *bp = tbuf;
-
-	for (;;) {
-		bp = skip(bp);
-		if (!*bp)
-			return (-1);
-		if (*bp++ == id[0] && *bp != 0 && *bp++ == id[1]) {
-			if (!*bp || *bp == ':')
-				return (1);
-			else if (*bp == '!')
-				return (0);
-			else if (*bp == '@')
-				return(-1);
-		}
-	}
-}
-
-/*
- * Get a string valued option.
- * These are given as
- *	cl=^Z
- * Much decoding is done on the strings, and the strings are
- * placed in area, which is a ref parameter which is updated.
- * No checking on area overflow.
- */
-char *
-getstr(id, area)
-	char *id, **area;
-{
-	register char *bp = tbuf;
-
-	for (;;) {
-		bp = skip(bp);
-		if (!*bp)
-			return (0);
-		if (*bp++ != id[0] || *bp == 0 || *bp++ != id[1])
-			continue;
-		if (*bp == '@')
-			return(0);
-		if (*bp != '=')
-			continue;
-		bp++;
-		return (decode(bp, area));
-	}
-}
-
-/*
- * Tdecode does the grung work to decode the
- * string capability escapes.
- */
-static char *
-decode(str, area)
-	register char *str;
-	char **area;
-{
-	register char *cp;
-	register int c;
-	register char *dp;
-	int i;
-
-	cp = *area;
-	while ((c = *str++) && c != ':') {
-		switch (c) {
-
-		case '^':
-			c = *str++ & 037;
-			break;
-
-		case '\\':
-			dp = "E\033^^\\\\::n\nr\rt\tb\bf\f";
-			c = *str++;
-nextc:
-			if (*dp++ == c) {
-				c = *dp++;
-				break;
-			}
-			dp++;
-			if (*dp)
-				goto nextc;
-			if (isdigit(c)) {
-				c -= '0', i = 2;
-				do
-					c <<= 3, c |= *str++ - '0';
-				while (--i && isdigit(*str));
-			}
-			break;
-		}
-		*cp++ = c;
-	}
-	*cp++ = 0;
-	str = *area;
-	*area = cp;
-	return (str);
-}
diff --git a/src/appl/telnet/libtelnet/gettytab.h b/src/appl/telnet/libtelnet/gettytab.h
deleted file mode 100644
index 02e5050..0000000
--- a/src/appl/telnet/libtelnet/gettytab.h
+++ /dev/null
@@ -1,120 +0,0 @@
-/*
- * Copyright (c) 1980 Regents of the University of California.
- * All rights reserved.  The Berkeley software License Agreement
- * specifies the terms and conditions for redistribution.
- *
- *	@(#)gettytab.h	5.2 (Berkeley) 1/7/86
- */
-
-/*
- * Getty description definitions.
- */
-struct	gettystrs {
-	char	*field;		/* name to lookup in gettytab */
-	char	*defalt;	/* value we find by looking in defaults */
-	char	*value;		/* value that we find there */
-};
-
-struct	gettynums {
-	char	*field;		/* name to lookup */
-	long	defalt;		/* number we find in defaults */
-	long	value;		/* number we find there */
-	int	set;		/* we actually got this one */
-};
-
-struct gettyflags {
-	char	*field;		/* name to lookup */
-	char	invrt;		/* name existing in gettytab --> false */
-	char	defalt;		/* true/false in defaults */
-	char	value;		/* true/false flag */
-	char	set;		/* we found it */
-};
-
-/*
- * String values.
- */
-#define	NX	gettystrs[0].value
-#define	CL	gettystrs[1].value
-#define IM	gettystrs[2].value
-#define	LM	gettystrs[3].value
-#define	ER	gettystrs[4].value
-#define	KL	gettystrs[5].value
-#define	ET	gettystrs[6].value
-#define	PC	gettystrs[7].value
-#define	TT	gettystrs[8].value
-#define	EV	gettystrs[9].value
-#define	LO	gettystrs[10].value
-#define HN	gettystrs[11].value
-#define HE	gettystrs[12].value
-#define IN	gettystrs[13].value
-#define QU	gettystrs[14].value
-#define XN	gettystrs[15].value
-#define XF	gettystrs[16].value
-#define BK	gettystrs[17].value
-#define SU	gettystrs[18].value
-#define DS	gettystrs[19].value
-#define RP	gettystrs[20].value
-#define FL	gettystrs[21].value
-#define WE	gettystrs[22].value
-#define LN	gettystrs[23].value
-
-/*
- * Numeric definitions.
- */
-#define	IS	gettynums[0].value
-#define	OS	gettynums[1].value
-#define	SP	gettynums[2].value
-#define	ND	gettynums[3].value
-#define	CD	gettynums[4].value
-#define	TD	gettynums[5].value
-#define	FD	gettynums[6].value
-#define	BD	gettynums[7].value
-#define	TO	gettynums[8].value
-#define	F0	gettynums[9].value
-#define	F0set	gettynums[9].set
-#define	F1	gettynums[10].value
-#define	F1set	gettynums[10].set
-#define	F2	gettynums[11].value
-#define	F2set	gettynums[11].set
-#define	PF	gettynums[12].value
-
-/*
- * Boolean values.
- */
-#define	HT	gettyflags[0].value
-#define	NL	gettyflags[1].value
-#define	EP	gettyflags[2].value
-#define	EPset	gettyflags[2].set
-#define	OP	gettyflags[3].value
-#define	OPset	gettyflags[2].set
-#define	AP	gettyflags[4].value
-#define	APset	gettyflags[2].set
-#define	EC	gettyflags[5].value
-#define	CO	gettyflags[6].value
-#define	CB	gettyflags[7].value
-#define	CK	gettyflags[8].value
-#define	CE	gettyflags[9].value
-#define	PE	gettyflags[10].value
-#define	RW	gettyflags[11].value
-#define	XC	gettyflags[12].value
-#define	LC	gettyflags[13].value
-#define	UC	gettyflags[14].value
-#define	IG	gettyflags[15].value
-#define	PS	gettyflags[16].value
-#define	HC	gettyflags[17].value
-#define UB	gettyflags[18].value
-#define AB	gettyflags[19].value
-#define DX	gettyflags[20].value
-#define RM	gettyflags[21].value
-
-int	getent (char *, char *);
-long	getnum();
-int	getflag();
-#ifndef SOLARIS
-char	*getstr(char *, char **);
-#endif
-
-extern	struct gettyflags gettyflags[];
-extern	struct gettynums gettynums[];
-extern	struct gettystrs gettystrs[];
-extern	int hopcount;
diff --git a/src/appl/telnet/libtelnet/herror.c b/src/appl/telnet/libtelnet/herror.c
deleted file mode 100644
index 3b20f80..0000000
--- a/src/appl/telnet/libtelnet/herror.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)herror.c	8.1 (Berkeley) 6/4/93 */
-
-#include <stdio.h>
-
-char	*h_errlist[] = {
-	"Error 0",
-	"Unknown host",				/* 1 HOST_NOT_FOUND */
-	"Host name lookup failure",		/* 2 TRY_AGAIN */
-	"Unknown server error",			/* 3 NO_RECOVERY */
-	"No address associated with name",	/* 4 NO_ADDRESS */
-};
-int	h_nerr = { sizeof(h_errlist)/sizeof(h_errlist[0]) };
-
-int h_errno;		/* In some version of SunOS this is necessary */
-
-/*
- * herror --
- *	print the error indicated by the h_errno value.
- */
-herror(s)
-	char *s;
-{
-	if (s && *s) {
-		fprintf(stderr, "%s: ", s);
-	}
-	if ((h_errno < 0) || (h_errno >= h_nerr)) {
-		fprintf(stderr, "Unknown error\n");
-	} else if (h_errno == 0) {
-#if	defined(sun)
-		fprintf(stderr, "Host unknown\n");
-#endif	/* defined(sun) */
-	} else {
-		fprintf(stderr, "%s\n", h_errlist[h_errno]);
-	}
-}
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
deleted file mode 100644
index bc3cecf..0000000
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ /dev/null
@@ -1,901 +0,0 @@
-/*
- *	appl/telnet/libtelnet/kerberos5.c
- */
-
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)kerberos5.c	8.1 (Berkeley) 6/4/93 */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#ifdef	KRB5
-#include <arpa/telnet.h>
-#include <errno.h>
-#include <stdio.h>
-#include "krb5.h"
-#include "k5-platform.h"
-
-#include "com_err.h"
-#include <netdb.h>
-#include <ctype.h>
-#include <syslog.h>
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc();
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern int auth_debug_mode;
-extern int net;
-
-#ifdef	FORWARD
-int forward_flags = 0;  /* Flags get set in telnet/main.c on -f and -F */
-
-static void kerberos5_forward(Authenticator *);
-
-#include "krb5forw.h"
-
-#endif	/* FORWARD */
-
-static unsigned char str_data[TELNET_BUFSIZE] = {IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_KERBEROS_V5, };
-/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };*/
-
-#define	KRB_AUTH		0	/* Authentication data follows */
-#define	KRB_REJECT		1	/* Rejected (reason might follow) */
-#define	KRB_ACCEPT		2	/* Accepted */
-#define	KRB_RESPONSE		3	/* Response for mutual auth. */
-
-#ifdef	FORWARD
-#define KRB_FORWARD     	4       /* Forwarded credentials follow */
-#define KRB_FORWARD_ACCEPT     	5       /* Forwarded credentials accepted */
-#define KRB_FORWARD_REJECT     	6       /* Forwarded credentials rejected */
-#endif	/* FORWARD */
-
-krb5_auth_context auth_context = 0;
-
-static	krb5_data auth;
-	/* telnetd gets session key from here */
-static	krb5_ticket * ticket = NULL;
-/* telnet matches the AP_REQ and AP_REP with this */
-
-/* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
-   which is either void * or char *, depending on the compiler. */
-
-#define Voidptr krb5_pointer
-
-krb5_keyblock	*session_key = 0;
-char *		telnet_srvtab = NULL;
-char *		telnet_krb5_realm = NULL;
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	Voidptr d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-	size_t spaceleft = sizeof(str_data) - 4;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (auth_debug_mode) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-	spaceleft -= 3;
-        while (c-- > 0) {
-		if ((*p++ = *cd++) == IAC) {
-			*p++ = IAC;
-			spaceleft--;
-		}
-		if ((--spaceleft < 4) && c) {
-			errno = ENOMEM;
-			return -1;
-		}
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - &str_data[2]);
-        return(net_write(str_data, p - str_data));
-}
-
-krb5_context telnet_context = 0;
-int
-kerberos5_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-	krb5_error_code retval;
-
-	if (server)
-		str_data[3] = TELQUAL_REPLY;
-	else
-		str_data[3] = TELQUAL_IS;
-	if (telnet_context == 0) {
-		retval = krb5_init_context(&telnet_context);
-		if (retval)
-			return 0;
-	}
-	return(1);
-}
-
-void
-kerberos5_cleanup()
-{
-    krb5_error_code retval;
-    krb5_ccache ccache;
-    char *ccname;
-
-    if (telnet_context == 0)
-	return;
-
-    ccname = getenv("KRB5CCNAME");
-    if (ccname) {
-	retval = krb5_cc_resolve(telnet_context, ccname, &ccache);
-	if (!retval)
-	    retval = krb5_cc_destroy(telnet_context, ccache);
-    }
-
-    krb5_free_context(telnet_context);
-    telnet_context = 0;
-}
-
-
-	int
-kerberos5_send(ap)
-	Authenticator *ap;
-{
-	krb5_error_code r;
-	krb5_ccache ccache;
-	krb5_creds creds;		/* telnet gets session key from here */
-	krb5_creds * new_creds = 0;
-	int ap_opts;
-	char type_check[2];
-	krb5_data check_data;
-
-#ifdef	ENCRYPTION
-	krb5_keyblock *newkey = 0;
-#endif	/* ENCRYPTION */
-
-        if (!UserNameRequested) {
-                if (auth_debug_mode) {
-                        printf(
-			"telnet: Kerberos V5: no user name supplied\r\n");
-                }
-                return(0);
-        }
-
-	if ((r = krb5_cc_default(telnet_context, &ccache))) {
-		if (auth_debug_mode) {
-		    printf(
-		    "telnet: Kerberos V5: could not get default ccache\r\n");
-		}
-		return(0);
-	}
-
-	memset(&creds, 0, sizeof(creds));
-	if (auth_debug_mode)
-	    printf("telnet: calling krb5_sname_to_principal\n");
-	if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName,
-					 "host", KRB5_NT_SRV_HST,
-					 &creds.server))) {
-	    if (auth_debug_mode)
-		printf("telnet: Kerberos V5: error while constructing service name: %s\r\n", error_message(r));
-	    return(0);
-	}
-	if (auth_debug_mode)
-	    printf("telnet: done calling krb5_sname_to_principal\n");
-
-	if (telnet_krb5_realm != NULL) {
-	    krb5_data rdata;
-
-	    rdata.magic = 0;
-	    rdata.length = strlen(telnet_krb5_realm);
-	    rdata.data = strdup(telnet_krb5_realm);
-	    if (rdata.data == NULL) {
-	        fprintf(stderr, "malloc failed\n");
-		return(0);
-	    }
-	    krb5_princ_set_realm(telnet_context, creds.server, &rdata);
-	}
-
-	if ((r = krb5_cc_get_principal(telnet_context, ccache,
-				       &creds.client))) {
-		if (auth_debug_mode) {
-			printf(
-			"telnet: Kerberos V5: failure on principal (%s)\r\n",
-				error_message(r));
-		}
-		krb5_free_cred_contents(telnet_context, &creds);
-		return(0);
-	}
-
-	creds.keyblock.enctype=ENCTYPE_DES_CBC_CRC;
-	if ((r = krb5_get_credentials(telnet_context, 0,
-				      ccache, &creds, &new_creds))) {
-		if (auth_debug_mode) {
-			printf(
-			"telnet: Kerberos V5: failure on credentials(%s)\r\n",
-			       error_message(r));
-		}
-		krb5_free_cred_contents(telnet_context, &creds);
-		return(0);
-	}
-
-	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-	    ap_opts = AP_OPTS_MUTUAL_REQUIRED;
-	else
-	    ap_opts = 0;
-
-#ifdef ENCRYPTION
-	ap_opts |= AP_OPTS_USE_SUBKEY;
-#endif	/* ENCRYPTION */
-
-	if (auth_context) {
-	    krb5_auth_con_free(telnet_context, auth_context);
-	    auth_context = 0;
-	}
-	if ((r = krb5_auth_con_init(telnet_context, &auth_context))) {
-	    if (auth_debug_mode) {
-		printf("Kerberos V5: failed to init auth_context (%s)\r\n",
-		       error_message(r));
-	    }
-	    return(0);
-	}
-
-	krb5_auth_con_setflags(telnet_context, auth_context,
-			       KRB5_AUTH_CONTEXT_RET_TIME);
-
-	type_check[0] = ap->type;
-	type_check[1] = ap->way;
-	check_data.magic = KV5M_DATA;
-	check_data.length = 2;
-	check_data.data = (char *) &type_check;
-
-	r = krb5_mk_req_extended(telnet_context, &auth_context, ap_opts,
-				 &check_data, new_creds, &auth);
-
-#ifdef	ENCRYPTION
-	krb5_auth_con_getsendsubkey(telnet_context, auth_context, &newkey);
-	if (session_key) {
-		krb5_free_keyblock(telnet_context, session_key);
-		session_key = 0;
-	}
-
-	if (newkey) {
-	    /* keep the key in our private storage, but don't use it
-	       yet---see kerberos5_reply() below */
-	    if ((newkey->enctype != ENCTYPE_DES_CBC_CRC) &&
-		(newkey-> enctype != ENCTYPE_DES_CBC_MD5)) {
-		if ((new_creds->keyblock.enctype == ENCTYPE_DES_CBC_CRC) ||
-		    (new_creds->keyblock.enctype == ENCTYPE_DES_CBC_MD5))
-		    /* use the session key in credentials instead */
-		    krb5_copy_keyblock(telnet_context,&new_creds->keyblock,
-				       &session_key);
-		else
-		    /* XXX ? */;
-	    } else {
-		krb5_copy_keyblock(telnet_context, newkey, &session_key);
-	    }
-	    krb5_free_keyblock(telnet_context, newkey);
-	}
-#endif	/* ENCRYPTION */
-	krb5_free_cred_contents(telnet_context, &creds);
-	krb5_free_creds(telnet_context, new_creds);
-	if (r) {
-		if (auth_debug_mode) {
-			printf("telnet: Kerberos V5: mk_req failed (%s)\r\n",
-			       error_message(r));
-		}
-		return(0);
-	}
-
-        if (!auth_sendname((unsigned char *) UserNameRequested,
-			   (int) strlen(UserNameRequested))) {
-                if (auth_debug_mode)
-                        printf("telnet: Not enough room for user name\r\n");
-                return(0);
-        }
-	if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
-		if (auth_debug_mode)
-		    printf(
-		    "telnet: Not enough room for authentication data\r\n");
-		return(0);
-	}
-	if (auth_debug_mode) {
-		printf("telnet: Sent Kerberos V5 credentials to server\r\n");
-	}
-	return(1);
-}
-
-	void
-kerberos5_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	int r = 0;
-	krb5_principal server;
-	krb5_keyblock *newkey = NULL;
-	krb5_keytab keytabid = 0;
-	krb5_data outbuf;
-#ifdef ENCRYPTION
-	Session_Key skey;
-#endif
-	char errbuf[320];
-	char *name;
-	char *getenv();
-	krb5_data inbuf;
-	krb5_authenticator *authenticator;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_AUTH:
-		auth.data = (char *)data;
-		auth.length = cnt;
-
-		if (!r && !auth_context)
-		    r = krb5_auth_con_init(telnet_context, &auth_context);
-		if (!r) {
-		    krb5_rcache rcache;
-
-		    r = krb5_auth_con_getrcache(telnet_context, auth_context,
-						&rcache);
-		    if (!r && !rcache) {
-			r = krb5_sname_to_principal(telnet_context, 0, 0,
-						    KRB5_NT_SRV_HST, &server);
-			if (!r) {
-			    r = krb5_get_server_rcache(telnet_context,
-					krb5_princ_component(telnet_context,
-							     server, 0),
-						       &rcache);
-			    krb5_free_principal(telnet_context, server);
-			}
-		    }
-		    if (!r)
-			r = krb5_auth_con_setrcache(telnet_context,
-						    auth_context, rcache);
-		}
-		if (!r && telnet_srvtab)
-		    r = krb5_kt_resolve(telnet_context,
-					telnet_srvtab, &keytabid);
-		if (!r)
-		    r = krb5_rd_req(telnet_context, &auth_context, &auth,
-				    NULL, keytabid, NULL, &ticket);
-		if (r) {
-			(void) snprintf(errbuf, sizeof(errbuf),
-					"krb5_rd_req failed: %s",
-					error_message(r));
-			goto errout;
-		}
-
-		/*
-		 * 256 bytes should be much larger than any reasonable
-		 * first component of a service name especially since
-		 * the default is of length 4.
-		 */
-		if (krb5_princ_size(telnet_context,ticket->server) < 1) {
-		    (void) strlcpy(errbuf, "malformed service name",
-				   sizeof(errbuf));
-		    goto errout;
-		}
-		if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) {
-		    char princ[256];
-		    strncpy(princ,
-			    krb5_princ_component(telnet_context, ticket->server,0)->data,
-			    krb5_princ_component(telnet_context, ticket->server,0)->length);
-		    princ[krb5_princ_component(telnet_context,
-					       ticket->server,0)->length] = '\0';
-		    if (strcmp("host", princ)) {
-                        if(strlen(princ) < sizeof(errbuf) - 39) {
-			    (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: \"%s\" != \"host\"",
-                                           princ);
-                        } else {
-                            (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: principal != \"host\"");
-                        }
-			goto errout;
-		    }
-		} else {
-		    (void) strlcpy(errbuf, "service name too long",
-				   sizeof(errbuf));
-		    goto errout;
-		}
-
-		r = krb5_auth_con_getauthenticator(telnet_context,
-						   auth_context,
-						   &authenticator);
-		if (r) {
-			(void) snprintf(errbuf, sizeof(errbuf),
-					"krb5_auth_con_getauthenticator failed: %s",
-					error_message(r));
-			goto errout;
-		}
-		if ((ap->way & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON &&
-		    !authenticator->checksum) {
-			(void) strlcpy(errbuf,
-				"authenticator is missing required checksum",
-				       sizeof(errbuf));
-			goto errout;
-		}
-		if (authenticator->checksum) {
-		    char type_check[2];
-		    krb5_checksum *cksum = authenticator->checksum;
-		    krb5_keyblock *key;
-
-		    type_check[0] = ap->type;
-		    type_check[1] = ap->way;
-
-		    r = krb5_auth_con_getkey(telnet_context, auth_context,
-					     &key);
-		    if (r) {
-			(void) snprintf(errbuf, sizeof(errbuf),
-					"krb5_auth_con_getkey failed: %s",
-					error_message(r));
-			goto errout;
-		    }
-		    r = krb5_verify_checksum(telnet_context,
-					     cksum->checksum_type, cksum,
-					     &type_check, 2, key->contents,
-					     key->length);
-		/*
-		 * Note that krb5_verify_checksum() will fail if a pre-
-		 * MIT Kerberos Beta 5 client is attempting to connect
-		 * to this server (Beta 6 or later). There is not way to
-		 * fix this without compromising encryption. It would be
-		 * reasonable to add a -i option to telnetd to ignore
-		 * checksums (like in klogind). Such an option is not
-		 * present at this time.
-		 */
-		    if (r) {
-			(void) snprintf(errbuf, sizeof(errbuf),
-					"checksum verification failed: %s",
-					error_message(r));
-			goto errout;
-		    }
-		    krb5_free_keyblock(telnet_context, key);
-		}
-		krb5_free_authenticator(telnet_context, authenticator);
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		    /* do ap_rep stuff here */
-		    if ((r = krb5_mk_rep(telnet_context, auth_context,
-					 &outbuf))) {
-			(void) snprintf(errbuf, sizeof(errbuf),
-					"Make reply failed: %s",
-					error_message(r));
-			goto errout;
-		    }
-
-		    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
-		}
-		if (krb5_unparse_name(telnet_context,
-				      ticket->enc_part2 ->client,
-				      &name))
-			name = 0;
-		Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
-		if (auth_debug_mode) {
-			printf(
-			"telnetd: Kerberos5 identifies him as ``%s''\r\n",
-							name ? name : "");
-		}
-                auth_finished(ap, AUTH_USER);
-
-		if (name)
-		    free(name);
-		krb5_auth_con_getrecvsubkey(telnet_context, auth_context,
-					      &newkey);
-		if (session_key) {
-		    krb5_free_keyblock(telnet_context, session_key);
-		    session_key = 0;
-		}
-	    	if (newkey) {
-		    krb5_copy_keyblock(telnet_context, newkey, &session_key);
-		    krb5_free_keyblock(telnet_context, newkey);
-		} else {
-		    krb5_copy_keyblock(telnet_context,
-				       ticket->enc_part2->session,
-				       &session_key);
-		}
-
-#ifdef ENCRYPTION
-		skey.type = SK_DES;
-		skey.length = 8;
-		skey.data = session_key->contents;
-		encrypt_session_key(&skey, 1);
-#endif
-		break;
-#ifdef	FORWARD
-	case KRB_FORWARD:
-		inbuf.length = cnt;
-		inbuf.data = (char *)data;
-		if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context,
-			net, KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR)) ||
-		    (r = rd_and_store_for_creds(telnet_context, auth_context,
-			   &inbuf, ticket))) {
-
-		    char kerrbuf[128];
-
-		    (void) snprintf(kerrbuf, sizeof(kerrbuf),
-				    "Read forwarded creds failed: %s",
-				    error_message(r));
-		    Data(ap, KRB_FORWARD_REJECT, kerrbuf, -1);
-		    if (auth_debug_mode)
-		      printf(
-			"telnetd: Could not read forwarded credentials\r\n");
-		}
-		else
-		  Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
-		  if (auth_debug_mode)
-		    printf("telnetd: Forwarded credentials obtained\r\n");
-		break;
-#endif	/* FORWARD */
-	default:
-		if (auth_debug_mode)
-			printf("telnetd: Unknown Kerberos option %d\r\n",
-			data[-1]);
-		Data(ap, KRB_REJECT, 0, 0);
-		break;
-	}
-	return;
-
-    errout:
-	{
-	    char eerrbuf[329];
-
-	    snprintf(eerrbuf, sizeof(eerrbuf), "telnetd: %s", errbuf);
-	    Data(ap, KRB_REJECT, eerrbuf, -1);
-	}
-	if (auth_debug_mode)
-	    printf("telnetd: %s\r\n", errbuf);
-	syslog(LOG_ERR, "%s", errbuf);
-	if (auth_context) {
-	    krb5_auth_con_free(telnet_context, auth_context);
-	    auth_context = 0;
-	}
-	return;
-}
-
-	void
-kerberos5_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-#ifdef ENCRYPTION
-        Session_Key skey;
-#endif
-	static int mutual_complete = 0;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case KRB_REJECT:
-		if (cnt > 0) {
-			printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ Kerberos V5 refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case KRB_ACCEPT:
-		if (!mutual_complete) {
-		    if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
-			auth_send_retry();
-			return;
-		    }
-#ifdef	ENCRYPTION
-		    if (session_key) {
-			skey.type = SK_DES;
-			skey.length = 8;
-			skey.data = session_key->contents;
-			encrypt_session_key(&skey, 0);
-		    }
-#endif	/* ENCRYPTION */
-		}
-		if (cnt)
-		    printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
-		else
-		    printf("[ Kerberos V5 accepts you ]\r\n");
-		auth_finished(ap, AUTH_USER);
-#ifdef	FORWARD
-		if (forward_flags & OPTS_FORWARD_CREDS)
-		  kerberos5_forward(ap);
-#endif	/* FORWARD */
-		break;
-	case KRB_RESPONSE:
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-		    /* the rest of the reply should contain a krb_ap_rep */
-		    krb5_ap_rep_enc_part *reply;
-		    krb5_data inbuf;
-		    krb5_error_code r;
-
-		    inbuf.length = cnt;
-		    inbuf.data = (char *)data;
-
-		    if ((r = krb5_rd_rep(telnet_context, auth_context, &inbuf,
-					 &reply))) {
-			printf("[ Mutual authentication failed: %s ]\r\n",
-			       error_message(r));
-			auth_send_retry();
-			return;
-		    }
-		    krb5_free_ap_rep_enc_part(telnet_context, reply);
-#ifdef	ENCRYPTION
-		    if (session_key) {
-			skey.type = SK_DES;
-			skey.length = 8;
-			skey.data = session_key->contents;
-			encrypt_session_key(&skey, 0);
-		      }
-#endif	/* ENCRYPTION */
-		    mutual_complete = 1;
-		}
-		return;
-#ifdef	FORWARD
-	case KRB_FORWARD_ACCEPT:
-		printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
-		return;
-	case KRB_FORWARD_REJECT:
-		printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
-				cnt, data);
-		return;
-#endif	/* FORWARD */
-	default:
-		if (auth_debug_mode)
-			printf("Unknown Kerberos option %d\r\n", data[-1]);
-		return;
-	}
-	return;
-}
-
-	int
-kerberos5_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-	if (level < AUTH_USER)
-		return(level);
-
-	/*
-	 * Always copy in UserNameRequested if the authentication
-	 * is valid, because the higher level routines need it.
-	 * the name buffer comes from telnetd/telnetd{-ktd}.c
-	 */
-	if (UserNameRequested) {
-		strncpy(name, UserNameRequested, 255);
-		name[255] = '\0';
-	}
-
-	if (UserNameRequested &&
-	    krb5_kuserok(telnet_context, ticket->enc_part2->client,
-			 UserNameRequested))
-	{
-		return(AUTH_VALID);
-	} else
-		return(AUTH_USER);
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-kerberos5_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt;
-	unsigned int buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case KRB_REJECT:		/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case KRB_ACCEPT:		/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-
-	case KRB_AUTH:			/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	case KRB_RESPONSE:
-		strncpy((char *)buf, " RESPONSE", buflen);
-		goto common2;
-
-#ifdef	FORWARD
-	case KRB_FORWARD:               /* Forwarded credentials follow */
-		strncpy((char *)buf, " FORWARD", buflen);
-		goto common2;
-
-	case KRB_FORWARD_ACCEPT:               /* Forwarded credentials accepted */
-		strncpy((char *)buf, " FORWARD_ACCEPT", buflen);
-		goto common2;
-
-	case KRB_FORWARD_REJECT:               /* Forwarded credentials rejected */
-					       /* (reason might follow) */
-		strncpy((char *)buf, " FORWARD_REJECT", buflen);
-		goto common2;
-#endif	/* FORWARD */
-
-	default:
-		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-
-#ifdef	FORWARD
-
-static void
-kerberos5_forward(ap)
-     Authenticator *ap;
-{
-    krb5_error_code r;
-    krb5_ccache ccache;
-    krb5_principal client = 0;
-    krb5_principal server = 0;
-    krb5_data forw_creds;
-
-    forw_creds.data = 0;
-
-    if ((r = krb5_cc_default(telnet_context, &ccache))) {
-	if (auth_debug_mode)
-	    printf("Kerberos V5: could not get default ccache - %s\r\n",
-		   error_message(r));
-	return;
-    }
-
-    if ((r = krb5_cc_get_principal(telnet_context, ccache, &client))) {
-	if (auth_debug_mode)
-	    printf("Kerberos V5: could not get default principal - %s\r\n",
-		   error_message(r));
-	goto cleanup;
-    }
-
-    if ((r = krb5_sname_to_principal(telnet_context, RemoteHostName, "host",
-				     KRB5_NT_SRV_HST, &server))) {
-	if (auth_debug_mode)
-	    printf("Kerberos V5: could not make server principal - %s\r\n",
-		   error_message(r));
-	goto cleanup;
-    }
-
-    if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context, net,
-			    KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))) {
-	if (auth_debug_mode)
-	    printf("Kerberos V5: could not gen local full address - %s\r\n",
-		    error_message(r));
-	goto cleanup;
-    }
-
-    if ((r = krb5_fwd_tgt_creds(telnet_context, auth_context, 0, client,
-				server, ccache,
-				forward_flags & OPTS_FORWARDABLE_CREDS,
-				&forw_creds))) {
-	if (auth_debug_mode)
-	    printf("Kerberos V5: error getting forwarded creds - %s\r\n",
-	  	   error_message(r));
-	goto cleanup;
-    }
-
-    /* Send forwarded credentials */
-    if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
-	if (auth_debug_mode)
-	    printf("Not enough room for authentication data\r\n");
-    } else {
-	if (auth_debug_mode)
-	    printf("Forwarded local Kerberos V5 credentials to server\r\n");
-    }
-
-cleanup:
-    if (client)
-	krb5_free_principal(telnet_context, client);
-    if (server)
-	krb5_free_principal(telnet_context, server);
-    if (forw_creds.data)
-	free(forw_creds.data);
-    krb5_cc_close(telnet_context, ccache);
-}
-#endif	/* FORWARD */
-
-#endif /* KRB5 */
diff --git a/src/appl/telnet/libtelnet/key-proto.h b/src/appl/telnet/libtelnet/key-proto.h
deleted file mode 100644
index 0a19c97..0000000
--- a/src/appl/telnet/libtelnet/key-proto.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)key-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__KEY_PROTO__
-#define	__KEY_PROTO__
-
-int key_file_exists (void);
-void key_lookup (unsigned char *, Block);
-void key_stream_init (Block, Block, int);
-unsigned char key_stream (int, int);
-#endif
diff --git a/src/appl/telnet/libtelnet/krb5forw.h b/src/appl/telnet/libtelnet/krb5forw.h
deleted file mode 100644
index 4984d35..0000000
--- a/src/appl/telnet/libtelnet/krb5forw.h
+++ /dev/null
@@ -1,3 +0,0 @@
-extern krb5_error_code
-rd_and_store_for_creds(krb5_context, krb5_auth_context, krb5_data *,
-		       krb5_ticket *);
diff --git a/src/appl/telnet/libtelnet/mem.c b/src/appl/telnet/libtelnet/mem.c
deleted file mode 100644
index 4a1239d..0000000
--- a/src/appl/telnet/libtelnet/mem.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/*-
- * Copyright (c) 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Chris Torek.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on:
-   @(#)memcmp.c	8.1 (Berkeley) 6/4/93
-   @(#)memset.c	8.1 (Berkeley) 6/4/93
-   @(#)memcpy.c	8.1 (Berkeley) 6/4/93
-   @(#)memmove.c	8.1 (Berkeley) 6/4/93
- */
-
-#ifndef	__STDC__
-#define	const
-#endif
-typedef int size_t;
-
-#include <sys/types.h>
-#include <sys/cdefs.h>
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-#include <limits.h>
-
-/*
- * Compare memory regions.
- */
-int
-memcmp(s1, s2, n)
-	const void *s1, *s2;
-	size_t n;
-{
-	if (n != 0) {
-		register const unsigned char *p1 = s1, *p2 = s2;
-
-		do {
-			if (*p1++ != *p2++)
-				return (*--p1 - *--p2);
-		} while (--n != 0);
-	}
-	return (0);
-}
-
-/*
- * Copy a block of memory.
- */
-void *
-memcpy(dst, src, n)
-	void *dst;
-	const void *src;
-	size_t n;
-{
-	bcopy((const char *)src, (char *)dst, n);
-	return(dst);
-}
-
-/*
- * Copy a block of memory, handling overlap.
- */
-void *
-memmove(dst, src, length)
-	void *dst;
-	const void *src;
-	register size_t length;
-{
-	bcopy((const char *)src, (char *)dst, length);
-	return(dst);
-}
-
-#define	wsize	sizeof(u_int)
-#define	wmask	(wsize - 1)
-
-#ifdef BZERO
-#define	RETURN	return
-#define	VAL	0
-#define	WIDEVAL	0
-
-void
-memset(dst0, 0, length)
-	void *dst0;
-	register size_t length;
-#else
-#define	RETURN	return (dst0)
-#define	VAL	c0
-#define	WIDEVAL	c
-
-void *
-memset(dst0, c0, length)
-	void *dst0;
-	register int c0;
-	register size_t length;
-#endif
-{
-	register size_t t;
-	register u_int c;
-	register u_char *dst;
-
-	dst = dst0;
-	/*
-	 * If not enough words, just fill bytes.  A length >= 2 words
-	 * guarantees that at least one of them is `complete' after
-	 * any necessary alignment.  For instance:
-	 *
-	 *	|-----------|-----------|-----------|
-	 *	|00|01|02|03|04|05|06|07|08|09|0A|00|
-	 *	          ^---------------------^
-	 *		 dst		 dst+length-1
-	 *
-	 * but we use a minimum of 3 here since the overhead of the code
-	 * to do word writes is substantial.
-	 */
-	if (length < 3 * wsize) {
-		while (length != 0) {
-			*dst++ = VAL;
-			--length;
-		}
-		RETURN;
-	}
-
-#ifndef BZERO
-	if ((c = (u_char)c0) != 0) {	/* Fill the word. */
-#ifndef UINT_MAX
-		UINT_MAX must be defined, try 0xFFFFFFFF;
-#endif
-		c = (c << 8) | c;	/* u_int is 16 bits. */
-#if UINT_MAX > 0xffff
-		c = (c << 16) | c;	/* u_int is 32 bits. */
-#endif
-#if UINT_MAX > 0xffffffff
-		c = (c << 32) | c;	/* u_int is 64 bits. */
-#endif
-	}
-#endif
-	/* Align destination by filling in bytes. */
-	if ((t = (int)dst & wmask) != 0) {
-		t = wsize - t;
-		length -= t;
-		do {
-			*dst++ = VAL;
-		} while (--t != 0);
-	}
-
-	/* Fill words.  Length was >= 2*words so we know t >= 1 here. */
-	t = length / wsize;
-	do {
-		*(u_int *)dst = WIDEVAL;
-		dst += wsize;
-	} while (--t != 0);
-
-	/* Mop up trailing bytes, if any. */
-	t = length & wmask;
-	if (t != 0)
-		do {
-			*dst++ = VAL;
-		} while (--t != 0);
-	RETURN;
-}
diff --git a/src/appl/telnet/libtelnet/misc-proto.h b/src/appl/telnet/libtelnet/misc-proto.h
deleted file mode 100644
index 66e9dd7..0000000
--- a/src/appl/telnet/libtelnet/misc-proto.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc-proto.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Copyright (C) 1990 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-#ifndef	__MISC_PROTO__
-#define	__MISC_PROTO__
-
-void auth_encrypt_init (char *, char *, char *, int);
-void auth_encrypt_user (const char *);
-void auth_encrypt_connect (int);
-void printd (const unsigned char *, int);
-
-/*
- * These functions are imported from the application
- */
-int net_write (unsigned char *, int);
-void net_encrypt (void);
-int telnet_spin (void);
-char *telnet_getenv (char *);
-char *telnet_gets (char *, char *, int, int);
-
-
-#ifdef NEED_PARSETOS
-int parsetos(char *, char *);
-#endif
-
-#ifdef NEED_SETENV
-int setenv(const char *, const char *, int);
-#ifndef HAVE_UNSETENV
-void unsetenv(const char *);
-#endif
-#endif
-
-#endif
diff --git a/src/appl/telnet/libtelnet/misc.c b/src/appl/telnet/libtelnet/misc.c
deleted file mode 100644
index 86e14cb..0000000
--- a/src/appl/telnet/libtelnet/misc.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)misc.c	8.1 (Berkeley) 6/4/93 */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "misc.h"
-#include "auth.h"
-#include "encrypt.h"
-
-char *RemoteHostName;
-char *LocalHostName;
-char *UserNameRequested = 0;
-int ConnectedCount = 0;
-
-	void
-auth_encrypt_init(local, remote, name, server)
-	char *local;
-	char *remote;
-	char *name;
-	int server;
-{
-	RemoteHostName = remote;
-	LocalHostName = local;
-#if	defined(AUTHENTICATION)
-	auth_init(name, server);
-#endif
-#ifdef	ENCRYPTION
-	encrypt_init(name, server);
-#endif	/* ENCRYPTION */
-	if (UserNameRequested) {
-		free(UserNameRequested);
-		UserNameRequested = 0;
-	}
-}
-
-	void
-auth_encrypt_user(name)
-	const char *name;
-{
-	extern char *strdup();
-
-	if (UserNameRequested)
-		free(UserNameRequested);
-	UserNameRequested = name ? strdup(name) : 0;
-}
-
-	void
-auth_encrypt_connect(cnt)
-	int cnt;
-{
-}
-
-	void
-printd(data, cnt)
-	const unsigned char *data;
-	int cnt;
-{
-	if (cnt > 16)
-		cnt = 16;
-	while (cnt-- > 0) {
-		printf(" %02x", *data);
-		++data;
-	}
-}
diff --git a/src/appl/telnet/libtelnet/misc.h b/src/appl/telnet/libtelnet/misc.h
deleted file mode 100644
index 8ae6038..0000000
--- a/src/appl/telnet/libtelnet/misc.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)misc.h	8.1 (Berkeley) 6/4/93
- */
-
-extern char *UserNameRequested;
-extern char *LocalHostName;
-extern char *RemoteHostName;
-extern int ConnectedCount;
-extern int ReservedPort;
-
-int isprefix (char *, char *);
-char **genget (char *, char **, int);
-int Ambiguous (void *);
-
-#include "misc-proto.h"
diff --git a/src/appl/telnet/libtelnet/parsetos.c b/src/appl/telnet/libtelnet/parsetos.c
deleted file mode 100644
index 92a3afc..0000000
--- a/src/appl/telnet/libtelnet/parsetos.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * The routine parsetos() for UNICOS 6.0/6.1, as well as more traditional
- * Unix systems.  This is part of UNICOS 7.0 and later.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <netdb.h>
-#include <errno.h>
-#define NEED_PARSETOS
-#include "misc-proto.h"
-
-#define	MIN_TOS	0
-#define	MAX_TOS	255
-
-int
-parsetos(name, proto)
-char	*name;
-char	*proto;
-{
-#if 0
-	register char	*c;
-#endif
-	int		tos;
-
-#ifdef HAVE_GETTOSBYNAME
-	struct tosent	*tosp;
-
-	tosp = gettosbyname(name, proto);
-	if (tosp)
-		tos = tosp->t_tos;
-	else
-#endif
-		tos = (int)strtol(name, (char **)NULL, 0);
-
-	if (tos < MIN_TOS || tos > MAX_TOS) {
-		return (-1);
-	}
-	return (tos);
-}
diff --git a/src/appl/telnet/libtelnet/setenv.c b/src/appl/telnet/libtelnet/setenv.c
deleted file mode 100644
index a917af1..0000000
--- a/src/appl/telnet/libtelnet/setenv.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)setenv.c	8.1 (Berkeley) 6/4/93 */
-/* based on @(#)getenv.c	8.1 (Berkeley) 6/4/93 */
-
-#ifndef __STDC__
-#define const
-#endif
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "misc-proto.h"
-
-static char *__findenv (const char *, int *);
-
-/*
- * setenv --
- *	Set the value of the environmental variable "name" to be
- *	"value".  If rewrite is set, replace any current value.
- */
-#ifndef HAVE_SETENV
-int
-setenv(name, value, rewrite)
-	register const char *name;
-	register const char *value;
-	int rewrite;
-{
-	extern char **environ;
-	static int alloced;			/* if allocated space before */
-	register char *c;
-	const char *c2;
-	int l_value, offset;
-
-	if (*value == '=')			/* no `=' in value */
-		++value;
-	l_value = strlen(value);
-	if ((c = __findenv(name, &offset))) {	/* find if already exists */
-		if (!rewrite)
-			return (0);
-		if (strlen(c) >= l_value) {	/* old larger; copy over */
-			while ((*c++ = *value++));
-			return (0);
-		}
-	} else {					/* create new slot */
-		register int cnt;
-		register char **p;
-
-		for (p = environ, cnt = 0; *p; ++p, ++cnt);
-		if (alloced) {			/* just increase size */
-			environ = (char **)realloc((char *)environ,
-			    (size_t)(sizeof(char *) * (cnt + 2)));
-			if (!environ)
-				return (-1);
-		}
-		else {				/* get new space */
-			alloced = 1;		/* copy old entries into it */
-			p = (char **)malloc((size_t)(sizeof(char *) * (cnt + 2)));
-			if (!p)
-				return (-1);
-			memcpy(p, environ, cnt * sizeof(char *));
-			environ = p;
-		}
-		environ[cnt + 1] = NULL;
-		offset = cnt;
-	}
-	for (c2 = name; *c2 && *c2 != '='; ++c2);	/* no `=' in name */
-	if (!(environ[offset] =			/* name + `=' + value */
-	    malloc((size_t)((int)(c2 - name) + l_value + 2))))
-		return (-1);
-	for (c = environ[offset]; (*c = *name++) && *c != '='; ++c);
-	for (*c++ = '='; (*c++ = *value++););
-	return (0);
-}
-#endif
-
-/*
- * unsetenv(name) --
- *	Delete environmental variable "name".
- */
-#ifndef HAVE_UNSETENV
-void
-unsetenv(name)
-	const char *name;
-{
-	extern char **environ;
-	register char **p;
-	int offset;
-
-	while (__findenv(name, &offset))	/* if set multiple times */
-		for (p = &environ[offset];; ++p)
-			if (!(*p = *(p + 1)))
-				break;
-}
-#endif
-
-/*
- * getenv --
- *	Returns ptr to value associated with name, if any, else NULL.
- */
-#ifndef HAVE_GETENV
-char *
-getenv(name)
-	const char *name;
-{
-	int offset;
-
-	return (__findenv(name, &offset));
-}
-#endif
-
-/*
- * __findenv --
- *	Returns pointer to value associated with name, if any, else NULL.
- *	Sets offset to be the offset of the name/value combination in the
- *	environmental array, for use by setenv(3) and unsetenv(3).
- *	Explicitly removes '=' in argument name.
- */
-static char *
-__findenv(name, offset)
-	register const char *name;
-	int *offset;
-{
-	extern char **environ;
-	register unsigned int len;
-	register const char *np;
-	register char **p, *c;
-
-	if (name == NULL || environ == NULL)
-		return (NULL);
-	for (np = name; *np && *np != '='; ++np)
-		continue;
-	len = np - name;
-	for (p = environ; (c = *p) != NULL; ++p)
-		if (strncmp(c, name, len) == 0 && c[len] == '=') {
-			*offset = p - environ;
-			return (c + len + 1);
-		}
-	return (NULL);
-}
diff --git a/src/appl/telnet/libtelnet/setsid.c b/src/appl/telnet/libtelnet/setsid.c
deleted file mode 100644
index 48c861c..0000000
--- a/src/appl/telnet/libtelnet/setsid.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)setsid.c	8.1 (Berkeley) 6/4/93 */
-
-/*
- * Emulate the functionality of setsid(), called when forking
- * and execing the new process.
- */
-
-extern char *line;
-setsid()
-{
-#ifndef	convex
-	if (setpgrp(0, 0) < 0)
-		return(-1);
-#endif
-	return(0);
-}
diff --git a/src/appl/telnet/libtelnet/spx.c b/src/appl/telnet/libtelnet/spx.c
deleted file mode 100644
index 449ddc4..0000000
--- a/src/appl/telnet/libtelnet/spx.c
+++ /dev/null
@@ -1,592 +0,0 @@
-/*-
- * Copyright (c) 1992, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)spx.c	8.1 (Berkeley) 6/4/93 */
-
-#ifdef	SPX
-/*
- * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
- * ALL RIGHTS RESERVED
- *
- * "Digital Equipment Corporation authorizes the reproduction,
- * distribution and modification of this software subject to the following
- * restrictions:
- *
- * 1.  Any partial or whole copy of this software, or any modification
- * thereof, must include this copyright notice in its entirety.
- *
- * 2.  This software is supplied "as is" with no warranty of any kind,
- * expressed or implied, for any purpose, including any warranty of fitness
- * or merchantibility.  DIGITAL assumes no responsibility for the use or
- * reliability of this software, nor promises to provide any form of
- * support for it on any basis.
- *
- * 3.  Distribution of this software is authorized only if no profit or
- * remuneration of any kind is received in exchange for such distribution.
- *
- * 4.  This software produces public key authentication certificates
- * bearing an expiration date established by DIGITAL and RSA Data
- * Security, Inc.  It may cease to generate certificates after the expiration
- * date.  Any modification of this software that changes or defeats
- * the expiration date or its effect is unauthorized.
- *
- * 5.  Software that will renew or extend the expiration date of
- * authentication certificates produced by this software may be obtained
- * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
- * 94065, (415)595-8782, or from DIGITAL"
- *
- */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <stdio.h>
-#include "gssapi_defs.h"
-#include "k5-platform.h"
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-#include <pwd.h>
-#include "encrypt.h"
-#include "auth.h"
-#include "misc.h"
-
-extern auth_debug_mode;
-
-static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
-			  		AUTHTYPE_SPX, };
-static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
-					TELQUAL_NAME, };
-
-#define	SPX_AUTH	0		/* Authentication data follows */
-#define	SPX_REJECT	1		/* Rejected (reason might follow) */
-#define SPX_ACCEPT	2		/* Accepted */
-
-#ifdef	ENCRYPTION
-static Block	session_key	= { 0 };
-#endif	/* ENCRYPTION */
-static Schedule sched;
-static Block	challenge	= { 0 };
-
-
-/*******************************************************************/
-
-gss_OID_set           actual_mechs;
-gss_OID               actual_mech_type, output_name_type;
-int                   major_status, status, msg_ctx = 0, new_status;
-int                   req_flags = 0, ret_flags, lifetime_rec;
-gss_cred_id_t         gss_cred_handle;
-gss_ctx_id_t          actual_ctxhandle, context_handle;
-gss_buffer_desc       output_token, input_token, input_name_buffer;
-gss_buffer_desc       status_string;
-gss_name_t            desired_targname, src_name;
-gss_channel_bindings  input_chan_bindings;
-char                  lhostname[GSS_C_MAX_PRINTABLE_NAME];
-char                  targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-int                   to_addr=0, from_addr=0;
-char                  *address;
-gss_buffer_desc       fullname_buffer;
-gss_OID               fullname_type;
-gss_cred_id_t         gss_delegated_cred_handle;
-
-/*******************************************************************/
-
-
-
-	static int
-Data(ap, type, d, c)
-	Authenticator *ap;
-	int type;
-	void *d;
-	int c;
-{
-        unsigned char *p = str_data + 4;
-	unsigned char *cd = (unsigned char *)d;
-
-	if (c == -1)
-		c = strlen((char *)cd);
-
-        if (0) {
-                printf("%s:%d: [%d] (%d)",
-                        str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
-                        str_data[3],
-                        type, c);
-                printd(d, c);
-                printf("\r\n");
-        }
-	*p++ = ap->type;
-	*p++ = ap->way;
-	*p++ = type;
-        while (c-- > 0) {
-                if ((*p++ = *cd++) == IAC)
-                        *p++ = IAC;
-        }
-        *p++ = IAC;
-        *p++ = SE;
-	if (str_data[3] == TELQUAL_IS)
-		printsub('>', &str_data[2], p - (&str_data[2]));
-        return(net_write(str_data, p - str_data));
-}
-
-	int
-spx_init(ap, server)
-	Authenticator *ap;
-	int server;
-{
-        gss_cred_id_t    tmp_cred_handle;
-
-	if (server) {
-		str_data[3] = TELQUAL_REPLY;
-		gethostname(lhostname, sizeof(lhostname));
-		snprintf(targ_printable, sizeof(targ_printable),
-			 "SERVICE:rcmd@%s", lhostname);
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-		major_status = gss_import_name(&status,
-                                       &input_name_buffer,
-                                       GSS_C_NULL_OID,
-                                       &desired_targname);
-		major_status = gss_acquire_cred(&status,
-                                        desired_targname,
-                                        0,
-                                        GSS_C_NULL_OID_SET,
-                                        GSS_C_ACCEPT,
-                                        &tmp_cred_handle,
-                                        &actual_mechs,
-                                        &lifetime_rec);
-		if (major_status != GSS_S_COMPLETE) return(0);
-	} else {
-		str_data[3] = TELQUAL_IS;
-	}
-	return(1);
-}
-
-	int
-spx_send(ap)
-	Authenticator *ap;
-{
-	Block enckey;
-	int r;
-
-	gss_OID  actual_mech_type, output_name_type;
-	int           msg_ctx = 0, new_status, status;
-	int           req_flags = 0, ret_flags, lifetime_rec, major_status;
-	gss_buffer_desc  output_token, input_token, input_name_buffer;
-	gss_buffer_desc  output_name_buffer, status_string;
-	gss_name_t    desired_targname;
-	gss_channel_bindings  input_chan_bindings;
-	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
-	int  from_addr=0, to_addr=0, myhostlen, j;
-	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
-	char *address;
-
-	printf("[ Trying SPX ... ]\n");
-	snprintf(targ_printable, sizeof(targ_printable), "SERVICE:rcmd@%s",
-		 RemoteHostName);
-
-	input_name_buffer.length = strlen(targ_printable);
-	input_name_buffer.value = targ_printable;
-
-	if (!UserNameRequested) {
-		return(0);
-	}
-
-	major_status = gss_import_name(&status,
-				       &input_name_buffer,
-				       GSS_C_NULL_OID,
-				       &desired_targname);
-
-
-	major_status = gss_display_name(&status,
-					desired_targname,
-					&output_name_buffer,
-					&output_name_type);
-
-	printf("target is '%s'\n", output_name_buffer.value); fflush(stdout);
-
-	major_status = gss_release_buffer(&status, &output_name_buffer);
-
-	input_chan_bindings = (gss_channel_bindings)
-	  malloc(sizeof(gss_channel_bindings_desc));
-
-	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->initiator_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->initiator_address.value = (char *) address;
-	address[0] = ((from_addr & 0xff000000) >> 24);
-	address[1] = ((from_addr & 0xff0000) >> 16);
-	address[2] = ((from_addr & 0xff00) >> 8);
-	address[3] = (from_addr & 0xff);
-	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-	input_chan_bindings->acceptor_address.length = 4;
-	address = (char *) malloc(4);
-	input_chan_bindings->acceptor_address.value = (char *) address;
-	address[0] = ((to_addr & 0xff000000) >> 24);
-	address[1] = ((to_addr & 0xff0000) >> 16);
-	address[2] = ((to_addr & 0xff00) >> 8);
-	address[3] = (to_addr & 0xff);
-	input_chan_bindings->application_data.length = 0;
-
-        req_flags = 0;
-        if (deleg_flag)  req_flags = req_flags | 1;
-        if (mutual_flag) req_flags = req_flags | 2;
-        if (replay_flag) req_flags = req_flags | 4;
-        if (seq_flag)    req_flags = req_flags | 8;
-
-        major_status = gss_init_sec_context(&status,         /* minor status */
-					GSS_C_NO_CREDENTIAL, /* cred handle */
-                                        &actual_ctxhandle,   /* ctx handle */
-                                        desired_targname,    /* target name */
-                                        GSS_C_NULL_OID,      /* mech type */
-                                        req_flags,           /* req flags */
-                                        0,                   /* time req */
-                                        input_chan_bindings, /* chan binding */
-                                        GSS_C_NO_BUFFER,     /* input token */
-                                        &actual_mech_type,   /* actual mech */
-                                        &output_token,       /* output token */
-                                        &ret_flags,          /* ret flags */
-                                        &lifetime_rec);      /* time rec */
-
-	if ((major_status != GSS_S_COMPLETE) &&
-	    (major_status != GSS_S_CONTINUE_NEEDED)) {
-          gss_display_status(&new_status,
-                             status,
-                             GSS_C_MECH_CODE,
-                             GSS_C_NULL_OID,
-                             &msg_ctx,
-                             &status_string);
-          printf("%s\n", status_string.value);
-	  return(0);
-	}
-
-	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
-		return(0);
-	}
-
-	if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) {
-		return(0);
-	}
-
-	return(1);
-}
-
-	void
-spx_is(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-	Block datablock;
-	int r;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_AUTH:
-	        input_token.length = cnt;
-		input_token.value = (char *) data;
-
-		gethostname(lhostname, sizeof(lhostname));
-
-		snprintf(targ_printable, sizeof(targ_printable),
-			 "SERVICE:rcmd@%s", lhostname);
-
-		input_name_buffer.length = strlen(targ_printable);
-		input_name_buffer.value = targ_printable;
-
-		major_status = gss_import_name(&status,
-                                       &input_name_buffer,
-                                       GSS_C_NULL_OID,
-                                       &desired_targname);
-
-		major_status = gss_acquire_cred(&status,
-                                        desired_targname,
-                                        0,
-                                        GSS_C_NULL_OID_SET,
-                                        GSS_C_ACCEPT,
-                                        &gss_cred_handle,
-                                        &actual_mechs,
-                                        &lifetime_rec);
-
-		major_status = gss_release_name(&status, desired_targname);
-
-		input_chan_bindings = (gss_channel_bindings)
-		  malloc(sizeof(gss_channel_bindings_desc));
-
-		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->initiator_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->initiator_address.value = (char *) address;
-		address[0] = ((from_addr & 0xff000000) >> 24);
-		address[1] = ((from_addr & 0xff0000) >> 16);
-		address[2] = ((from_addr & 0xff00) >> 8);
-		address[3] = (from_addr & 0xff);
-		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
-		input_chan_bindings->acceptor_address.length = 4;
-		address = (char *) malloc(4);
-		input_chan_bindings->acceptor_address.value = (char *) address;
-		address[0] = ((to_addr & 0xff000000) >> 24);
-		address[1] = ((to_addr & 0xff0000) >> 16);
-		address[2] = ((to_addr & 0xff00) >> 8);
-		address[3] = (to_addr & 0xff);
-		input_chan_bindings->application_data.length = 0;
-
-		major_status = gss_accept_sec_context(&status,
-					      &context_handle,
-                                              gss_cred_handle,
-                                              &input_token,
-                                              input_chan_bindings,
-                                              &src_name,
-                                              &actual_mech_type,
-                                              &output_token,
-                                              &ret_flags,
-                                              &lifetime_rec,
-                                              &gss_delegated_cred_handle);
-
-
-		if (major_status != GSS_S_COMPLETE) {
-
-		  major_status = gss_display_name(&status,
-					  src_name,
-                                          &fullname_buffer,
-                                          &fullname_type);
-			Data(ap, SPX_REJECT, (void *)"auth failed", -1);
-			auth_finished(ap, AUTH_REJECT);
-			return;
-		}
-
-		major_status = gss_display_name(&status,
-                                          src_name,
-                                          &fullname_buffer,
-                                          &fullname_type);
-
-
-		Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
-		auth_finished(ap, AUTH_USER);
-		break;
-
-	default:
-		Data(ap, SPX_REJECT, 0, 0);
-		break;
-	}
-}
-
-
-	void
-spx_reply(ap, data, cnt)
-	Authenticator *ap;
-	unsigned char *data;
-	int cnt;
-{
-	Session_Key skey;
-
-	if (cnt-- < 1)
-		return;
-	switch (*data++) {
-	case SPX_REJECT:
-		if (cnt > 0) {
-			printf("[ SPX refuses authentication because %.*s ]\r\n",
-				cnt, data);
-		} else
-			printf("[ SPX refuses authentication ]\r\n");
-		auth_send_retry();
-		return;
-	case SPX_ACCEPT:
-		printf("[ SPX accepts you ]\n");
-		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-			/*
-			 * Send over the encrypted challenge.
-		 	 */
-		  input_token.value = (char *) data;
-		  input_token.length = cnt;
-
-		  major_status = gss_init_sec_context(&status, /* minor stat */
-                                        GSS_C_NO_CREDENTIAL, /* cred handle */
-                                        &actual_ctxhandle,   /* ctx handle */
-                                        desired_targname,    /* target name */
-                                        GSS_C_NULL_OID,      /* mech type */
-                                        req_flags,           /* req flags */
-                                        0,                   /* time req */
-                                        input_chan_bindings, /* chan binding */
-                                        &input_token,        /* input token */
-                                        &actual_mech_type,   /* actual mech */
-                                        &output_token,       /* output token */
-                                        &ret_flags,          /* ret flags */
-                                        &lifetime_rec);      /* time rec */
-
-		  if (major_status != GSS_S_COMPLETE) {
-		    gss_display_status(&new_status,
-				       status,
-				       GSS_C_MECH_CODE,
-				       GSS_C_NULL_OID,
-				       &msg_ctx,
-				       &status_string);
-		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
-			 status_string.value);
-		    auth_send_retry();
-		    return;
-		  }
-		}
-		auth_finished(ap, AUTH_USER);
-		return;
-
-	default:
-		return;
-	}
-}
-
-	int
-spx_status(ap, name, level)
-	Authenticator *ap;
-	char *name;
-	int level;
-{
-
-	gss_buffer_desc  fullname_buffer, acl_file_buffer;
-	gss_OID          fullname_type;
-        char acl_file[MAXPATHLEN], fullname[160];
-        int major_status, status = 0;
-	struct passwd  *pwd;
-
-        /*
-         * hard code fullname to
-         *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
-         * and acl_file to "~kannan/.sphinx"
-         */
-
-	pwd = getpwnam(UserNameRequested);
-	if (pwd == NULL) {
-          return(AUTH_USER);   /*  not authenticated  */
-        }
-
-	acl_file[sizeof(acl_file) - 1] = '\0';
-	strncpy(acl_file, pwd->pw_dir, sizeof(acl_file) - 1);
-	strncat(acl_file, "/.sphinx", sizeof(acl_file) - 1 - strlen(acl_file));
-        acl_file_buffer.value = acl_file;
-        acl_file_buffer.length = strlen(acl_file);
-
-	major_status = gss_display_name(&status,
-					src_name,
-					&fullname_buffer,
-					&fullname_type);
-
-	if (level < AUTH_USER)
-		return(level);
-
-        major_status = gss__check_acl(&status, &fullname_buffer,
-                                      &acl_file_buffer);
-
-        if (major_status == GSS_S_COMPLETE) {
-          /* the name buffer comes from telnetd/telnetd{-ktd}.c */
-	  strncpy(name, UserNameRequested, 255);
-	  name[255] = '\0';
-	  return(AUTH_VALID);
-        } else {
-           return(AUTH_USER);
-        }
-
-}
-
-#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
-#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
-
-	void
-spx_printsub(data, cnt, buf, buflen)
-	unsigned char *data, *buf;
-	int cnt;
-	unsigned int buflen;
-{
-	char lbuf[32];
-	register int i;
-
-	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
-	buflen -= 1;
-
-	switch(data[3]) {
-	case SPX_REJECT:		/* Rejected (reason might follow) */
-		strncpy((char *)buf, " REJECT ", buflen);
-		goto common;
-
-	case SPX_ACCEPT:		/* Accepted (name might follow) */
-		strncpy((char *)buf, " ACCEPT ", buflen);
-	common:
-		BUMP(buf, buflen);
-		if (cnt <= 4)
-			break;
-		ADDC(buf, buflen, '"');
-		for (i = 4; i < cnt; i++)
-			ADDC(buf, buflen, data[i]);
-		ADDC(buf, buflen, '"');
-		ADDC(buf, buflen, '\0');
-		break;
-
-	case SPX_AUTH:			/* Authentication data follows */
-		strncpy((char *)buf, " AUTH", buflen);
-		goto common2;
-
-	default:
-		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
-		strncpy((char *)buf, lbuf, buflen);
-	common2:
-		BUMP(buf, buflen);
-		for (i = 4; i < cnt; i++) {
-			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
-			strncpy((char *)buf, lbuf, buflen);
-			BUMP(buf, buflen);
-		}
-		break;
-	}
-}
-#else
-#include "misc-proto.h"
-#endif
-
-#ifdef notdef
-
-prkey(msg, key)
-	char *msg;
-	unsigned char *key;
-{
-	register int i;
-	printf("%s:", msg);
-	for (i = 0; i < 8; i++)
-		printf(" %3d", key[i]);
-	printf("\r\n");
-}
-#endif
diff --git a/src/appl/telnet/libtelnet/strcasecmp.c b/src/appl/telnet/libtelnet/strcasecmp.c
deleted file mode 100644
index edd9f14..0000000
--- a/src/appl/telnet/libtelnet/strcasecmp.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Copyright (c) 1987, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef __STDC__
-#define const
-#endif
-
-#include <sys/types.h>
-#ifdef HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-/* based on @(#)strcasecmp.c	8.1 (Berkeley) 6/4/93 */
-
-typedef unsigned char u_char;
-
-/*
- * This array is designed for mapping upper and lower case letter
- * together for a case independent comparison.  The mappings are
- * based upon ascii character sequences.
- */
-static const u_char charmap[] = {
-	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
-	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
-	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
-	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
-	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
-	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
-	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
-	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
-	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
-	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
-	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
-	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
-	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
-	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
-	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
-	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
-	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
-	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
-	'\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307',
-	'\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317',
-	'\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327',
-	'\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337',
-	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
-};
-
-int
-strcasecmp(s1, s2)
-	const char *s1, *s2;
-{
-	register const u_char *cm = charmap,
-			*us1 = (const u_char *)s1,
-			*us2 = (const u_char *)s2;
-
-	while (cm[*us1] == cm[*us2++])
-		if (*us1++ == '\0')
-			return (0);
-	return (cm[*us1] - cm[*--us2]);
-}
-
-int
-strncasecmp(s1, s2, n)
-	const char *s1, *s2;
-	register size_t n;
-{
-	if (n != 0) {
-		register const u_char *cm = charmap,
-				*us1 = (const u_char *)s1,
-				*us2 = (const u_char *)s2;
-
-		do {
-			if (cm[*us1] != cm[*us2++])
-				return (cm[*us1] - cm[*--us2]);
-			if (*us1++ == '\0')
-				break;
-		} while (--n != 0);
-	}
-	return (0);
-}
diff --git a/src/appl/telnet/libtelnet/strchr.c b/src/appl/telnet/libtelnet/strchr.c
deleted file mode 100644
index 91f5612..0000000
--- a/src/appl/telnet/libtelnet/strchr.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)strchr.c	8.1 (Berkeley) 6/4/93 */
-
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-char *
-strchr(p, ch)
-	char *p, ch;
-{
-	return(index(p, ch));
-}
diff --git a/src/appl/telnet/libtelnet/strdup.c b/src/appl/telnet/libtelnet/strdup.c
deleted file mode 100644
index d501ed9..0000000
--- a/src/appl/telnet/libtelnet/strdup.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)strdup.c	8.1 (Berkeley) 6/4/93 */
-
-#ifndef __STDC__
-#define const
-#endif
-
-#include <sys/types.h>
-
-#include <stddef.h>
-#include <stdlib.h>
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-char *
-strdup(str)
-	const char *str;
-{
-	size_t len;
-	char *copy;
-
-	len = strlen(str) + 1;
-	if (!(copy = malloc((u_int)len)))
-		return (NULL);
-	memcpy(copy, str, len);
-	return (copy);
-}
diff --git a/src/appl/telnet/libtelnet/strerror.c b/src/appl/telnet/libtelnet/strerror.c
deleted file mode 100644
index 8bed9c6..0000000
--- a/src/appl/telnet/libtelnet/strerror.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)strerror.c	8.1 (Berkeley) 6/4/93 */
-
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-char *
-strerror(num)
-	int num;
-{
-	extern int sys_nerr;
-	extern char *sys_errlist[];
-#define	UPREFIX	"Unknown error: "
-	static char ebuf[40] = UPREFIX;		/* 64-bit number + slop */
-	register unsigned int errnum;
-	register char *p, *t;
-	char tmp[40];
-
-	errnum = num;				/* convert to unsigned */
-	if (errnum < sys_nerr)
-		return(sys_errlist[errnum]);
-
-	/* Do this by hand, so we don't include stdio(3). */
-	t = tmp;
-	do {
-		*t++ = "0123456789"[errnum % 10];
-	} while (errnum /= 10);
-	for (p = ebuf + sizeof(UPREFIX) - 1;;) {
-		*p++ = *--t;
-		if (t <= tmp)
-			break;
-	}
-	return(ebuf);
-}
diff --git a/src/appl/telnet/libtelnet/strftime.c b/src/appl/telnet/libtelnet/strftime.c
deleted file mode 100644
index f2bcc67..0000000
--- a/src/appl/telnet/libtelnet/strftime.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)strftime.c	8.1 (Berkeley) 6/4/93 */
-
-#ifndef __STDC__
-#define const
-#endif
-
-#include <sys/types.h>
-#include <sys/time.h>
-#ifdef notdef
-#include <tzfile.h>
-#else
-#define TM_YEAR_BASE	1900	/* from <tzfile.h> */
-#endif
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-static char *afmt[] = {
-	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat",
-};
-static char *Afmt[] = {
-	"Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday",
-	"Saturday",
-};
-static char *bfmt[] = {
-	"Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep",
-	"Oct", "Nov", "Dec",
-};
-static char *Bfmt[] = {
-	"January", "February", "March", "April", "May", "June", "July",
-	"August", "September", "October", "November", "December",
-};
-
-static size_t gsize;
-static char *pt;
-#ifndef	__P
-#define	__P(x)	()
-#endif
-static int _add __P((char *));
-static int _conv __P((int, int, int));
-static int _secs __P((const struct tm *));
-static size_t _fmt __P((const char *, const struct tm *));
-
-size_t
-strftime(s, maxsize, format, t)
-	char *s;
-	size_t maxsize;
-	const char *format;
-	const struct tm *t;
-{
-
-	pt = s;
-	if ((gsize = maxsize) < 1)
-		return(0);
-	if (_fmt(format, t)) {
-		*pt = '\0';
-		return(maxsize - gsize);
-	}
-	return(0);
-}
-
-static size_t
-_fmt(format, t)
-	register const char *format;
-	const struct tm *t;
-{
-	for (; *format; ++format) {
-		if (*format == '%')
-			switch(*++format) {
-			case '\0':
-				--format;
-				break;
-			case 'A':
-				if (t->tm_wday < 0 || t->tm_wday > 6)
-					return(0);
-				if (!_add(Afmt[t->tm_wday]))
-					return(0);
-				continue;
-			case 'a':
-				if (t->tm_wday < 0 || t->tm_wday > 6)
-					return(0);
-				if (!_add(afmt[t->tm_wday]))
-					return(0);
-				continue;
-			case 'B':
-				if (t->tm_mon < 0 || t->tm_mon > 11)
-					return(0);
-				if (!_add(Bfmt[t->tm_mon]))
-					return(0);
-				continue;
-			case 'b':
-			case 'h':
-				if (t->tm_mon < 0 || t->tm_mon > 11)
-					return(0);
-				if (!_add(bfmt[t->tm_mon]))
-					return(0);
-				continue;
-			case 'C':
-				if (!_fmt("%a %b %e %H:%M:%S %Y", t))
-					return(0);
-				continue;
-			case 'c':
-				if (!_fmt("%m/%d/%y %H:%M:%S", t))
-					return(0);
-				continue;
-			case 'D':
-				if (!_fmt("%m/%d/%y", t))
-					return(0);
-				continue;
-			case 'd':
-				if (!_conv(t->tm_mday, 2, '0'))
-					return(0);
-				continue;
-			case 'e':
-				if (!_conv(t->tm_mday, 2, ' '))
-					return(0);
-				continue;
-			case 'H':
-				if (!_conv(t->tm_hour, 2, '0'))
-					return(0);
-				continue;
-			case 'I':
-				if (!_conv(t->tm_hour % 12 ?
-				    t->tm_hour % 12 : 12, 2, '0'))
-					return(0);
-				continue;
-			case 'j':
-				if (!_conv(t->tm_yday + 1, 3, '0'))
-					return(0);
-				continue;
-			case 'k':
-				if (!_conv(t->tm_hour, 2, ' '))
-					return(0);
-				continue;
-			case 'l':
-				if (!_conv(t->tm_hour % 12 ?
-				    t->tm_hour % 12 : 12, 2, ' '))
-					return(0);
-				continue;
-			case 'M':
-				if (!_conv(t->tm_min, 2, '0'))
-					return(0);
-				continue;
-			case 'm':
-				if (!_conv(t->tm_mon + 1, 2, '0'))
-					return(0);
-				continue;
-			case 'n':
-				if (!_add("\n"))
-					return(0);
-				continue;
-			case 'p':
-				if (!_add(t->tm_hour >= 12 ? "PM" : "AM"))
-					return(0);
-				continue;
-			case 'R':
-				if (!_fmt("%H:%M", t))
-					return(0);
-				continue;
-			case 'r':
-				if (!_fmt("%I:%M:%S %p", t))
-					return(0);
-				continue;
-			case 'S':
-				if (!_conv(t->tm_sec, 2, '0'))
-					return(0);
-				continue;
-			case 's':
-				if (!_secs(t))
-					return(0);
-				continue;
-			case 'T':
-			case 'X':
-				if (!_fmt("%H:%M:%S", t))
-					return(0);
-				continue;
-			case 't':
-				if (!_add("\t"))
-					return(0);
-				continue;
-			case 'U':
-				if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7,
-				    2, '0'))
-					return(0);
-				continue;
-			case 'W':
-				if (!_conv((t->tm_yday + 7 -
-				    (t->tm_wday ? (t->tm_wday - 1) : 6))
-				    / 7, 2, '0'))
-					return(0);
-				continue;
-			case 'w':
-				if (!_conv(t->tm_wday, 1, '0'))
-					return(0);
-				continue;
-			case 'x':
-				if (!_fmt("%m/%d/%y", t))
-					return(0);
-				continue;
-			case 'y':
-				if (!_conv((t->tm_year + TM_YEAR_BASE)
-				    % 100, 2, '0'))
-					return(0);
-				continue;
-			case 'Y':
-				if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0'))
-					return(0);
-				continue;
-#ifdef notdef
-			case 'Z':
-				if (!t->tm_zone || !_add(t->tm_zone))
-					return(0);
-				continue;
-#endif
-			case '%':
-			/*
-			 * X311J/88-090 (4.12.3.5): if conversion char is
-			 * undefined, behavior is undefined.  Print out the
-			 * character itself as printf(3) does.
-			 */
-			default:
-				break;
-		}
-		if (!gsize--)
-			return(0);
-		*pt++ = *format;
-	}
-	return(gsize);
-}
-
-static int
-_secs(t)
-	const struct tm *t;
-{
-	static char buf[15];
-	register time_t s;
-	register char *p;
-	struct tm tmp;
-
-	/* Make a copy, mktime(3) modifies the tm struct. */
-	tmp = *t;
-	s = mktime(&tmp);
-	for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10)
-		*p-- = s % 10 + '0';
-	return(_add(++p));
-}
-
-static int
-_conv(n, digits, pad)
-	int n, digits, pad;
-{
-	static char buf[10];
-	register char *p;
-
-	for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits)
-		*p-- = n % 10 + '0';
-	while (p > buf && digits-- > 0)
-		*p-- = pad;
-	return(_add(++p));
-}
-
-static int
-_add(str)
-	register char *str;
-{
-	for (;; ++pt, --gsize) {
-		if (!gsize)
-			return(0);
-		if (!(*pt = *str++))
-			return(1);
-	}
-}
diff --git a/src/appl/telnet/libtelnet/strrchr.c b/src/appl/telnet/libtelnet/strrchr.c
deleted file mode 100644
index f65a7e8..0000000
--- a/src/appl/telnet/libtelnet/strrchr.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)strrchr.c	8.1 (Berkeley) 6/4/93 */
-
-#ifdef	HAVE_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-char *
-strrchr(p, ch)
-	char *p, ch;
-{
-	return(rindex(p, ch));
-}
diff --git a/src/appl/telnet/stty.diff b/src/appl/telnet/stty.diff
deleted file mode 100644
index 3c1b02a..0000000
--- a/src/appl/telnet/stty.diff
+++ /dev/null
@@ -1,72 +0,0 @@
-*** stty.c.old	Tue May 23 13:54:29 1989
---- stty.c	Wed Aug 23 13:42:32 1989
-***************
-*** 20,25 ****
---- 20,28 ----
-  
-  #include <stdio.h>
-  #include <sys/ioctl.h>
-+ #include <sys/types.h>
-+ #define	NO_T_CHARS_DEFINES
-+ #include <sys/tty.h>
-  
-  struct
-  {
-***************
-*** 145,150 ****
---- 148,156 ----
-  struct winsize win;
-  int	lmode;
-  int	oldisc, ldisc;
-+ #ifdef	TIOCGSTATE
-+ int	extproc;
-+ #endif
-  
-  struct	special {
-  	char	*name;
-***************
-*** 188,193 ****
---- 194,203 ----
-  	ioctl(1, TIOCLGET, &lmode);
-  	ioctl(1, TIOCGLTC, &ltc);
-  	ioctl(1, TIOCGWINSZ, &win);
-+ #ifdef	TIOCGSTATE
-+ 	ioctl(1, TIOCGSTATE, &extproc);
-+ 	extproc &= TS_EXTPROC;
-+ #endif
-  	if(argc == 1) {
-  		prmodes(0);
-  		exit(0);
-***************
-*** 292,297 ****
---- 302,316 ----
-  			printf("%d %d\n", win.ws_row, win.ws_col);
-  			exit(0);
-  		}
-+ #if	defined(TIOCEXT)
-+ 		if (eq("extproc") || eq("-extproc")) {
-+ 			if (**argv == '-')
-+ 				extproc = 0;
-+ 			else
-+ 				extproc = 1;
-+ 			ioctl(1, TIOCEXT, &extproc);
-+ 		}
-+ #endif
-  		for(i=0; speeds[i].string; i++)
-  			if(eq(speeds[i].string)) {
-  				mode.sg_ispeed = mode.sg_ospeed = speeds[i].speed;
-***************
-*** 438,443 ****
---- 457,468 ----
-  		lpit(LPENDIN, "-pendin ");
-  		lpit(LDECCTQ, "-decctlq ");
-  		lpit(LNOFLSH, "-noflsh ");
-+ #ifdef	TIOCGSTATE
-+ 		if (all==2||extproc) {
-+ 			fprintf(stderr,"-extproc"+(extproc!=0));
-+ 			any++;
-+ 		}
-+ #endif
-  		if (any || nothing)
-  			fprintf(stderr,"\n");
-  	} else if (!all)
diff --git a/src/appl/telnet/telnet.state b/src/appl/telnet/telnet.state
deleted file mode 100644
index 1927a2b..0000000
--- a/src/appl/telnet/telnet.state
+++ /dev/null
@@ -1,80 +0,0 @@
-
-   Three pieces of state need to be kept for each side of each option.
-   (You need the localside, sending WILL/WONT & receiving DO/DONT, and
-   the remoteside, sending DO/DONT and receiving WILL/WONT)
-
-	MY_STATE:	What state am I in?
-	WANT_STATE:	What state do I want?
-	WANT_RESP:	How many requests have I initiated?
-
-   Default values:
-	MY_STATE = WANT_STATE = DONT
-	WANT_RESP = 0
-
-   The local setup will change based on the state of the Telnet
-   variables.  When we are the originator, we can either make the
-   local setup changes at option request time (in which case if
-   the option is denied we need to change things back) or when
-   the option is acknowledged.
-
-   To initiate a switch to NEW_STATE:
-
-	if ((WANT_RESP == 0 && NEW_STATE == MY_STATE) ||
-			WANT_STATE == NEW_STATE) {
-	    do nothing;
-	} else {
-	    /*
-	     * This is where the logic goes to change the local setup
-	     * if we are doing so at request initiation
-	     */
-	    WANT_STATE = NEW_STATE;
-	    send NEW_STATE;
-	    WANT_RESP += 1;
-	}
-
-   When receiving NEW_STATE:
-
-	if (WANT_RESP) {
-	    --WANT_RESP;
-	    if (WANT_RESP && (NEW_STATE == MY_STATE))
-		--WANT_RESP;
-	}
-	if (WANT_RESP == 0) {
-	    if (NEW_STATE != WANT_STATE) {
-		/*
-		 * This is where the logic goes to decide if it is ok
-		 * to switch to NEW_STATE, and if so, do any necessary
-		 * local setup changes.
-		 */
-		if (ok_to_switch_to NEW_STATE)
-		    WANT_STATE = NEW_STATE;
-		else
-		    WANT_RESP++;
-*		if (MY_STATE != WANT_STATE)
-		    reply with WANT_STATE;
-	    } else {
-		/*
-		 * This is where the logic goes to change the local setup
-		 * if we are doing so at request acknowledgment
-		 */
-	    }
-	}
-	MY_STATE = NEW_STATE;
-
-* This if() line is not needed, it should be ok to always do the
-  "reply with WANT_STATE".  With the if() line, asking to turn on
-  an option that the other side doesn't understand is:
-		Send DO option
-		Recv WONT option
-  Without the if() line, it is:
-		Send DO option
-		Recv WONT option
-		Send DONT option
-  If the other side does not expect to receive the latter case,
-  but generates the latter case, then there is a potential for
-  option negotiation loops.  An implementation that does not expect
-  to get the second case should not generate it, an implementation
-  that does expect to get it may or may not generate it, and things
-  will still work.  Being conservative in what we send, we have the
-  if() statement in, but we expect the other side to generate the
-  last response.
diff --git a/src/appl/telnet/telnet/Makefile.in b/src/appl/telnet/telnet/Makefile.in
deleted file mode 100644
index 7fae8f7..0000000
--- a/src/appl/telnet/telnet/Makefile.in
+++ /dev/null
@@ -1,74 +0,0 @@
-thisconfigdir=..
-myfulldir=appl/telnet/telnet
-mydir=telnet
-BUILDTOP=$(REL)..$(S)..$(S)..
-# derived from the original Makefile.generic
-#
-# Copyright (c) 1991 The Regents of the University of California.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms are permitted provided
-# that: (1) source distributions retain this entire copyright notice and
-# comment, and (2) distributions including binaries display the following
-# acknowledgement:  ``This product includes software developed by the
-# University of California, Berkeley and its contributors'' in the
-# documentation or other materials provided with the distribution and in
-# all advertising materials mentioning features or use of this software.
-# Neither the name of the University nor the names of its contributors may
-# be used to endorse or promote products derived from this software without
-# specific prior written permission.
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-#
-#	@(#)Makefile.generic	5.5 (Berkeley) 3/1/91
-#
-
-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
-OTHERDEFS=-DLINEMODE -DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
-LOCALINCLUDES=-I.. -I$(srcdir)/..
-DEFINES = -DTELNET_BUFSIZE=65535 $(AUTH_DEF) $(OTHERDEFS)
-ARPA_TELNET= $(srcdir)/../arpa/telnet.h
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-LIBS=	@TELNET_LIBS@
-
-SRCS=	$(srcdir)/authenc.c $(srcdir)/commands.c $(srcdir)/main.c $(srcdir)/network.c $(srcdir)/ring.c \
-	$(srcdir)/sys_bsd.c $(srcdir)/telnet.c $(srcdir)/terminal.c \
-	$(srcdir)/utilities.c $(GETOPT_SRC)
-ALLHC=	$(SRCS) \
-	defines.h externs.h fdset.h general.h \
-	ring.h types.h
-
-OBJS=	authenc.o commands.o main.o network.o ring.o sys_bsd.o \
-	telnet.o terminal.o utilities.o $(GETOPT_OBJ)
-
-all:: telnet
-
-telnet:	$(OBJS) $(KRB5_BASE_DEPLIBS) ../libtelnet/libtelnet.a
-	$(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(KRB5_BASE_LIBS)
-
-clean::
-	$(RM) telnet
-
-install::
-	for f in telnet; do \
-	  $(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(CLIENT_BINDIR)/`echo $$f|sed '$(transform)'`; \
-	  $(INSTALL_DATA) $(srcdir)/$$f.1 \
-		${DESTDIR}$(CLIENT_MANDIR)/`echo $$f|sed '$(transform)'`.1; \
-	done
-	$(INSTALL_DATA) $(srcdir)/tmac.doc ${DESTDIR}$(CLIENT_MANDIR)/tmac.doc
-
-authenc.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
-commands.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
-main.o: defines.h externs.h ring.h
-network.o: defines.h externs.h fdset.h ring.h $(ARPA_TELNET)
-ring.o: general.h ring.h
-sys_bsd.o: defines.h externs.h fdset.h ring.h types.h $(ARPA_TELNET)
-telnet.o: defines.h externs.h general.h ring.h types.h $(ARPA_TELNET)
-terminal.o: externs.h ring.h types.h $(ARPA_TELNET)
-tn3270.o: defines.h externs.h fdset.h general.h ring.h $(ARPA_TELNET)
-utilities.o: defines.h externs.h fdset.h general.h ring.h $(ARPA_TELNET)
diff --git a/src/appl/telnet/telnet/authenc.c b/src/appl/telnet/telnet/authenc.c
deleted file mode 100644
index ee312df..0000000
--- a/src/appl/telnet/telnet/authenc.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)authenc.c	8.1 (Berkeley) 6/6/93 */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <sys/types.h>
-#include <arpa/telnet.h>
-#include <libtelnet/encrypt.h>
-#include <libtelnet/misc.h>
-
-#include "general.h"
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-	int
-net_write(str, len)
-	unsigned char *str;
-	int len;
-{
-	if (NETROOM() > len) {
-		ring_supply_data(&netoring, str, len);
-		if (str[0] == IAC && str[1] == SE)
-			printsub('>', &str[2], len-2);
-		return(len);
-	}
-	return(0);
-}
-
-	void
-net_encrypt()
-{
-#ifdef	ENCRYPTION
-	if (encrypt_output)
-		ring_encrypt(&netoring, encrypt_output);
-	else
-		ring_clearto(&netoring);
-#endif	/* ENCRYPTION */
-}
-
-	int
-telnet_spin()
-{
-    extern int scheduler_lockout_tty;
-
-    scheduler_lockout_tty = 1;
-    Scheduler(0);
-    scheduler_lockout_tty = 0;
-
-    return 0;
-}
-
-	char *
-telnet_getenv(val)
-	char *val;
-{
-	return((char *)env_getvalue((unsigned char *)val));
-}
-
-	char *
-telnet_gets(tprompt, result, length, echo)
-	char *tprompt;
-	char *result;
-	int length;
-	int echo;
-{
-	extern char *getpass();
-	extern int globalmode;
-	int om = globalmode;
-	char *res;
-
-	TerminalNewMode(-1);
-	if (echo) {
-		printf("%s", tprompt);
-		res = fgets(result, length, stdin);
-	} else if ((res = getpass(tprompt))) {
-		strncpy(result, res, (unsigned) length);
-		res = result;
-	}
-	TerminalNewMode(om);
-	return(res);
-}
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c
deleted file mode 100644
index 6af6c5b..0000000
--- a/src/appl/telnet/telnet/commands.c
+++ /dev/null
@@ -1,3188 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)commands.c	8.1 (Berkeley) 6/6/93 */
-
-#if	defined(unix)
-#include <sys/param.h>
-#if	defined(CRAY) || defined(sysV88)
-#include <sys/types.h>
-#endif
-#include <sys/file.h>
-#else
-#include <sys/types.h>
-#endif	/* defined(unix) */
-#include <sys/socket.h>
-#include <netinet/in.h>
-#ifdef HAVE_ARPA_INET_H
-#include <arpa/inet.h>
-#endif /* HAVE_ARPA_INET_H */
-#ifdef	CRAY
-#include <fcntl.h>
-#endif	/* CRAY */
-#include <sys/wait.h>
-
-#include <stdio.h>
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <signal.h>
-#include <netdb.h>
-#include <ctype.h>
-#include <pwd.h>
-#include <stdarg.h>
-#include <errno.h>
-#ifdef HAVE_VFORK_H
-#include <vfork.h>
-#endif
-
-#include <arpa/telnet.h>
-
-#include "general.h"
-
-#include "ring.h"
-
-#include "externs.h"
-#include "defines.h"
-#include "types.h"
-
-#if defined(AUTHENTICATION) || defined(FORWARD)
-#include <libtelnet/auth.h>
-#endif
-
-#ifdef	ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <libtelnet/misc-proto.h>
-#endif
-
-#if !defined(CRAY) && !defined(sysV88)
-#include <netinet/in_systm.h>
-# if (defined(vax) || defined(tahoe) || defined(hp300)) && !defined(ultrix)
-# include <machine/endian.h>
-# endif /* vax */
-#endif /* !defined(CRAY) && !defined(sysV88) */
-#include <netinet/ip.h>
-
-
-#if HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-#include <netdb.h>
-
-#ifndef MAXDNAME
-#define MAXDNAME 256 /*per the rfc*/
-#endif
-#ifndef INADDR_NONE
-#define INADDR_NONE 0xffffffff
-#endif
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-int tos = -1;
-static	unsigned long sourceroute(char *, char **, int *);
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-#include "fake-addrinfo.h"
-
-#include <k5-platform.h>
-
-char	*hostname;
-static char _hostname[MAXDNAME];
-static char hostaddrstring[NI_MAXHOST];
-
-extern char *getenv();
-
-extern int isprefix();
-extern char **genget();
-extern int Ambiguous();
-
-typedef int (*intrtn_t)();
-static int call (intrtn_t, ...);
-void cmdrc (char *, char *);
-static    int
-send_tncmd (void (*func)(), char *, char *);
-static int help(int, char **);
-
-#ifdef NEED_HERROR_PROTO
-extern void herror(const char *);
-#endif
-
-typedef struct {
-	char	*name;		/* command name */
-	char	*help;		/* help string (NULL for no help) */
-	int	(*handler)	/* routine which executes command */
-                        (int, char *[]);
-	int	needconnect;	/* Do we need to be connected to execute? */
-} Command;
-
-static char line[256];
-static char saveline[256];
-static int margc;
-static char *margv[20];
-
-    static void
-makeargv()
-{
-    register char *cp, *cp2, c;
-    register char **argp = margv;
-
-    margc = 0;
-    cp = line;
-    if (*cp == '!') {		/* Special case shell escape */
-	strncpy(saveline, line, sizeof(saveline) - 1);
-				/* save for shell command */
-	saveline[sizeof(saveline)  - 1] = '\0';
-	*argp++ = "!";		/* No room in string to get this */
-	margc++;
-	cp++;
-    }
-    while ((c = *cp)) {
-	register int inquote = 0;
-	while (isspace((int) c))
-	    c = *++cp;
-	if (c == '\0')
-	    break;
-	*argp++ = cp;
-	margc += 1;
-	for (cp2 = cp; c != '\0'; c = *++cp) {
-	    if (inquote) {
-		if (c == inquote) {
-		    inquote = 0;
-		    continue;
-		}
-	    } else {
-		if (c == '\\') {
-		    if ((c = *++cp) == '\0')
-			break;
-		} else if (c == '"') {
-		    inquote = '"';
-		    continue;
-		} else if (c == '\'') {
-		    inquote = '\'';
-		    continue;
-		} else if (isspace((int) c))
-		    break;
-	    }
-	    *cp2++ = c;
-	}
-	*cp2 = '\0';
-	if (c == '\0')
-	    break;
-	cp++;
-    }
-    *argp++ = 0;
-}
-
-/*
- * Make a character string into a number.
- *
- * Todo:  1.  Could take random integers (12, 0x12, 012, 0b1).
- */
-
-	static int
-special(s)
-	register char *s;
-{
-	register char c;
-	char b;
-
-	switch (*s) {
-	case '^':
-		b = *++s;
-		if (b == '?') {
-		    c = b | 0x40;		/* DEL */
-		} else {
-		    c = b & 0x1f;
-		}
-		break;
-	default:
-		c = *s;
-		break;
-	}
-	return c;
-}
-
-/*
- * Construct a control character sequence
- * for a special character.
- */
-	static char *
-control(c)
-	register cc_t c;
-{
-	static char buf[5];
-	/*
-	 * The only way I could get the Sun 3.5 compiler
-	 * to shut up about
-	 *	if ((unsigned int)c >= 0x80)
-	 * was to assign "c" to an unsigned int variable...
-	 * Arggg....
-	 */
-	register unsigned int uic = (unsigned int)c;
-
-	if (uic == 0x7f)
-		return ("^?");
-	if (c == (cc_t)_POSIX_VDISABLE) {
-		return "off";
-	}
-	if (uic >= 0x80) {
-		buf[0] = '\\';
-		buf[1] = ((c>>6)&07) + '0';
-		buf[2] = ((c>>3)&07) + '0';
-		buf[3] = (c&07) + '0';
-		buf[4] = 0;
-	} else if (uic >= 0x20) {
-		buf[0] = c;
-		buf[1] = 0;
-	} else {
-		buf[0] = '^';
-		buf[1] = '@'+c;
-		buf[2] = 0;
-	}
-	return (buf);
-}
-
-
-
-/*
- *	The following are data structures and routines for
- *	the "send" command.
- *
- */
-
-struct sendlist {
-    char	*name;		/* How user refers to it (case independent) */
-    char	*help;		/* Help information (0 ==> no help) */
-    int		needconnect;	/* Need to be connected */
-    int		narg;		/* Number of arguments */
-    int		(*handler)	/* Routine to perform (for special ops) */
-			(char *);
-    int		nbyte;		/* Number of bytes to send this command */
-    int		what;		/* Character to be sent (<0 ==> special) */
-};
-
-
-static int
-	send_esc (char *),
-	send_help (char *),
-	send_docmd (char *),
-	send_dontcmd (char *),
-	send_willcmd (char *),
-	send_wontcmd (char *);
-
-static struct sendlist Sendlist[] = {
-    { "ao",	"Send Telnet Abort output",		1, 0, 0, 2, AO },
-    { "ayt",	"Send Telnet 'Are You There'",		1, 0, 0, 2, AYT },
-    { "brk",	"Send Telnet Break",			1, 0, 0, 2, BREAK },
-    { "break",	0,					1, 0, 0, 2, BREAK },
-    { "ec",	"Send Telnet Erase Character",		1, 0, 0, 2, EC },
-    { "el",	"Send Telnet Erase Line",		1, 0, 0, 2, EL },
-    { "escape",	"Send current escape character",	1, 0, send_esc, 1, 0 },
-    { "ga",	"Send Telnet 'Go Ahead' sequence",	1, 0, 0, 2, GA },
-    { "ip",	"Send Telnet Interrupt Process",	1, 0, 0, 2, IP },
-    { "intp",	0,					1, 0, 0, 2, IP },
-    { "interrupt", 0,					1, 0, 0, 2, IP },
-    { "intr",	0,					1, 0, 0, 2, IP },
-    { "nop",	"Send Telnet 'No operation'",		1, 0, 0, 2, NOP },
-    { "eor",	"Send Telnet 'End of Record'",		1, 0, 0, 2, EOR },
-    { "abort",	"Send Telnet 'Abort Process'",		1, 0, 0, 2, ABORT },
-    { "susp",	"Send Telnet 'Suspend Process'",	1, 0, 0, 2, SUSP },
-    { "eof",	"Send Telnet End of File Character",	1, 0, 0, 2, xEOF },
-    { "synch",	"Perform Telnet 'Synch operation'",	1, 0, dosynch, 2, 0 },
-    { "getstatus", "Send request for STATUS",		1, 0, get_status, 6, 0 },
-    { "?",	"Display send options",			0, 0, send_help, 0, 0 },
-    { "help",	0,					0, 0, send_help, 0, 0 },
-    { "do",	0,					0, 1, send_docmd, 3, 0 },
-    { "dont",	0,					0, 1, send_dontcmd, 3, 0 },
-    { "will",	0,					0, 1, send_willcmd, 3, 0 },
-    { "wont",	0,					0, 1, send_wontcmd, 3, 0 },
-    { 0 }
-};
-
-#define	GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \
-				sizeof(struct sendlist)))
-
-    static int
-sendcmd(argc, argv)
-    int  argc;
-    char **argv;
-{
-    int count;		/* how many bytes we are going to need to send */
-    int i;
-    struct sendlist *s;	/* pointer to current command */
-    int success = 0;
-    int needconnect = 0;
-
-    if (argc < 2) {
-	printf("need at least one argument for 'send' command\r\n");
-	printf("'send ?' for help\n");
-	return 0;
-    }
-    /*
-     * First, validate all the send arguments.
-     * In addition, we see how much space we are going to need, and
-     * whether or not we will be doing a "SYNCH" operation (which
-     * flushes the network queue).
-     */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	s = GETSEND(argv[i]);
-	if (s == 0) {
-	    printf("Unknown send argument '%s'\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	} else if (Ambiguous(s)) {
-	    printf("Ambiguous send argument '%s'\n'send ?' for help.\r\n",
-			argv[i]);
-	    return 0;
-	}
-	if (i + s->narg >= argc) {
-	    fprintf(stderr,
-	    "Need %d argument%s to 'send %s' command.  'send %s ?' for help.\n",
-		s->narg, s->narg == 1 ? "" : "s", s->name, s->name);
-	    return 0;
-	}
-	count += s->nbyte;
-	if (s->handler == send_help) {
-	    send_help(NULL);
-	    return 0;
-	}
-
-	i += s->narg;
-	needconnect += s->needconnect;
-    }
-    if (!connected && needconnect) {
-	printf("?Need to be connected first.\r\n");
-	printf("'send ?' for help\r\n");
-	return 0;
-    }
-    /* Now, do we have enough room? */
-    if (NETROOM() < count) {
-	printf("There is not enough room in the buffer TO the network\r\n");
-	printf("to process your request.  Nothing will be done.\r\n");
-	printf("('send synch' will throw away most data in the network\r\n");
-	printf("buffer, if this might help.)\r\n");
-	return 0;
-    }
-    /* OK, they are all OK, now go through again and actually send */
-    count = 0;
-    for (i = 1; i < argc; i++) {
-	if ((s = GETSEND(argv[i])) == 0) {
-	    fprintf(stderr, "Telnet 'send' error - argument disappeared!\n");
-	    (void) quit(0, NULL);
-	    /*NOTREACHED*/
-	}
-	if (s->handler) {
-	    count++;
-	    success += (*s->handler)(argv[i+1]);
-	    i += s->narg;
-	} else {
-	    NET2ADD(IAC, s->what);
-	    printoption("SENT", IAC, s->what);
-	}
-    }
-    return (count == success);
-}
-
-    static int
-send_esc(s)
-    char *s;
-{
-    NETADD(escape);
-    return 1;
-}
-
-    static int
-send_docmd(name)
-    char *name;
-{
-    return(send_tncmd(send_do, "do", name));
-}
-
-    static int
-send_dontcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_dont, "dont", name));
-}
-    static int
-send_willcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_will, "will", name));
-}
-    static int
-send_wontcmd(name)
-    char *name;
-{
-    return(send_tncmd(send_wont, "wont", name));
-}
-
-static    int
-send_tncmd(func, cmd, name)
-    void	(*func)();
-    char	*cmd, *name;
-{
-    char **cpp;
-    extern char *telopts[];
-    register int val = 0;
-
-    if (isprefix(name, "help") || isprefix(name, "?")) {
-	register int col, len;
-
-	printf("Usage: send %s <value|option>\r\n", cmd);
-	printf("\"value\" must be from 0 to 255\r\n");
-	printf("Valid options are:\r\n\t");
-
-	col = 8;
-	for (cpp = telopts; *cpp; cpp++) {
-	    len = strlen(*cpp) + 3;
-	    if (col + len > 65) {
-		printf("\r\n\t");
-		col = 8;
-	    }
-	    printf(" \"%s\"", *cpp);
-	    col += len;
-	}
-	printf("\r\n");
-	return 0;
-    }
-    cpp = (char **)genget(name, telopts, sizeof(char *));
-    if (Ambiguous(cpp)) {
-	fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\n",
-					name, cmd);
-	return 0;
-    }
-    if (cpp) {
-	val = cpp - telopts;
-    } else {
-	register char *cp = name;
-
-	while (*cp >= '0' && *cp <= '9') {
-	    val *= 10;
-	    val += *cp - '0';
-	    cp++;
-	}
-	if (*cp != 0) {
-	    fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\n",
-					name, cmd);
-	    return 0;
-	} else if (val < 0 || val > 255) {
-	    fprintf(stderr, "'%s': bad value ('send %s ?' for help).\n",
-					name, cmd);
-	    return 0;
-	}
-    }
-    if (!connected) {
-	printf("?Need to be connected first.\r\n");
-	return 0;
-    }
-    (*func)(val, 1);
-    return 1;
-}
-
-    static int
-send_help(n)
-     char *n;
-{
-    struct sendlist *s;	/* pointer to current command */
-    for (s = Sendlist; s->name; s++) {
-	if (s->help)
-	    printf("%-15s %s\r\n", s->name, s->help);
-    }
-    return(0);
-}
-
-/*
- * The following are the routines and data structures referred
- * to by the arguments to the "toggle" command.
- */
-
-    static int
-lclchars(s)
-     int s;
-{
-    donelclchars = 1;
-    return 1;
-}
-
-    static int
-togdebug(s)
-     int s;
-{
-#ifndef	NOT43
-    if (net > 0 &&
-	(SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) {
-	    perror("setsockopt (SO_DEBUG)");
-    }
-#else	/* NOT43 */
-    if (debug) {
-	if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0)
-	    perror("setsockopt (SO_DEBUG)");
-    } else
-	printf("Cannot turn off socket debugging\r\n");
-#endif	/* NOT43 */
-    return 1;
-}
-
-
-    static int
-togcrlf(s)
-     int s;
-{
-    if (crlf) {
-	printf("Will send carriage returns as telnet <CR><LF>.\r\n");
-    } else {
-	printf("Will send carriage returns as telnet <CR><NUL>.\r\n");
-    }
-    return 1;
-}
-
-int binmode;
-
-    static int
-togbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val >= 0) {
-	binmode = val;
-    } else {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-				my_want_state_is_do(TELOPT_BINARY)) {
-	    binmode = 1;
-	} else if (my_want_state_is_wont(TELOPT_BINARY) &&
-				my_want_state_is_dont(TELOPT_BINARY)) {
-	    binmode = 0;
-	}
-	val = binmode ? 0 : 1;
-    }
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY) &&
-					my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already operating in binary mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating binary mode with remote host.\r\n");
-	    tel_enter_binary(3);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY) &&
-					my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already in network ascii mode with remote host.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode with remote host.\r\n");
-	    tel_leave_binary(3);
-	}
-    }
-    return 1;
-}
-
-    static int
-togrbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_do(TELOPT_BINARY)) {
-	    printf("Already receiving in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on input.\r\n");
-	    tel_enter_binary(1);
-	}
-    } else {
-	if (my_want_state_is_dont(TELOPT_BINARY)) {
-	    printf("Already receiving in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on input.\r\n");
-	    tel_leave_binary(1);
-	}
-    }
-    return 1;
-}
-
-    static int
-togxbinary(val)
-    int val;
-{
-    donebinarytoggle = 1;
-
-    if (val == -1)
-	val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1;
-
-    if (val == 1) {
-	if (my_want_state_is_will(TELOPT_BINARY)) {
-	    printf("Already transmitting in binary mode.\r\n");
-	} else {
-	    printf("Negotiating binary mode on output.\r\n");
-	    tel_enter_binary(2);
-	}
-    } else {
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    printf("Already transmitting in network ascii mode.\r\n");
-	} else {
-	    printf("Negotiating network ascii mode on output.\r\n");
-	    tel_leave_binary(2);
-	}
-    }
-    return 1;
-}
-
-
-static int togglehelp (int);
-#if	defined(AUTHENTICATION)
-extern int auth_togdebug (int);
-#endif
-
-struct togglelist {
-    char	*name;		/* name of toggle */
-    char	*help;		/* help message */
-    int		(*handler)	/* routine to do actual setting */
-			(int);
-    int		*variable;
-    char	*actionexplanation;
-};
-
-static struct togglelist Togglelist[] = {
-    { "autoflush",
-	"flushing of output when sending interrupt characters",
-	    0,
-		&autoflush,
-		    "flush output when sending interrupt characters" },
-    { "autosynch",
-	"automatic sending of interrupt characters in urgent mode",
-	    0,
-		&autosynch,
-		    "send interrupt characters in urgent mode" },
-#if	defined(AUTHENTICATION)
-    { "autologin",
-	"automatic sending of login and/or authentication info",
-	    0,
-		&autologin,
-		    "send login name and/or authentication information" },
-    { "authdebug",
-	"Toggle authentication debugging",
-	    auth_togdebug,
-		0,
-		     "print authentication debugging information" },
-#endif
-#ifdef	ENCRYPTION
-    { "autoencrypt",
-	"automatic encryption of data stream",
-	    EncryptAutoEnc,
-		0,
-		    "automatically encrypt output" },
-    { "autodecrypt",
-	"automatic decryption of data stream",
-	    EncryptAutoDec,
-		0,
-		    "automatically decrypt input" },
-    { "verbose_encrypt",
-	"Toggle verbose encryption output",
-	    EncryptVerbose,
-		0,
-		    "print verbose encryption output" },
-    { "encdebug",
-	"Toggle encryption debugging",
-	    EncryptDebug,
-		0,
-		    "print encryption debugging information" },
-#endif	/* ENCRYPTION */
-    { "skiprc",
-	"don't read ~/.telnetrc file",
-	    0,
-		&skiprc,
-		    "skip reading of ~/.telnetrc file" },
-    { "binary",
-	"sending and receiving of binary data",
-	    togbinary,
-		0,
-		    0 },
-    { "inbinary",
-	"receiving of binary data",
-	    togrbinary,
-		0,
-		    0 },
-    { "outbinary",
-	"sending of binary data",
-	    togxbinary,
-		0,
-		    0 },
-    { "crlf",
-	"sending carriage returns as telnet <CR><LF>",
-	    togcrlf,
-		&crlf,
-		    0 },
-    { "crmod",
-	"mapping of received carriage returns",
-	    0,
-		&crmod,
-		    "map carriage return on output" },
-    { "localchars",
-	"local recognition of certain control characters",
-	    lclchars,
-		&localchars,
-		    "recognize certain control characters" },
-    { " ", "", 0 },		/* empty line */
-#if	defined(unix) && defined(TN3270)
-    { "apitrace",
-	"(debugging) toggle tracing of API transactions",
-	    0,
-		&apitrace,
-		    "trace API transactions" },
-    { "cursesdata",
-	"(debugging) toggle printing of hexadecimal curses data",
-	    0,
-		&cursesdata,
-		    "print hexadecimal representation of curses data" },
-#endif	/* defined(unix) && defined(TN3270) */
-    { "debug",
-	"debugging",
-	    togdebug,
-		&debug,
-		    "turn on socket level debugging" },
-    { "netdata",
-	"printing of hexadecimal network data (debugging)",
-	    0,
-		&netdata,
-		    "print hexadecimal representation of network traffic" },
-    { "prettydump",
-	"output of \"netdata\" to user readable format (debugging)",
-	    0,
-		&prettydump,
-		    "print user readable output for \"netdata\"" },
-    { "options",
-	"viewing of options processing (debugging)",
-	    0,
-		&showoptions,
-		    "show option processing" },
-    { "termdata",
-	"(debugging) toggle printing of hexadecimal terminal data",
-	    0,
-		&termdata,
-		    "print hexadecimal representation of terminal traffic" },
-    { "?",
-	0,
-	    togglehelp },
-    { "help",
-	0,
-	    togglehelp },
-    { 0 }
-};
-
-    static int
-togglehelp(n)
-    int n;
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s toggle %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    printf("\r\n");
-    printf("%-15s %s\r\n", "?", "display help information");
-    return 0;
-}
-
-    static void
-settogglehelp(set)
-    int set;
-{
-    struct togglelist *c;
-
-    for (c = Togglelist; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s %s\r\n", c->name, set ? "enable" : "disable",
-						c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-#define	GETTOGGLE(name) (struct togglelist *) \
-		genget(name, (char **) Togglelist, sizeof(struct togglelist))
-
-    static int
-toggle(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    int retval = 1;
-    char *name;
-    struct togglelist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'toggle' command.  'toggle ?' for help.\n");
-	return 0;
-    }
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	c = GETTOGGLE(name);
-	if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\n",
-					name);
-	    return 0;
-	} else if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\n",
-					name);
-	    return 0;
-	} else {
-	    if (c->variable) {
-		*c->variable = !*c->variable;		/* invert it */
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler) {
-		retval &= (*c->handler)(-1);
-	    }
-	}
-    }
-    return retval;
-}
-
-/*
- * The following perform the "set" command.
- */
-
-#ifdef	USE_TERMIO
-struct termio new_tc = { 0 };
-#endif
-
-struct setlist {
-    char *name;				/* name */
-    char *help;				/* help information */
-    void (*handler)();
-    cc_t *charp;			/* where it is located at */
-};
-
-static struct setlist Setlist[] = {
-#ifdef	KLUDGELINEMODE
-    { "echo", 	"character to toggle local echoing on/off", 0, &echoc },
-#endif
-    { "escape",	"character to escape back to telnet command mode", 0, &escape },
-    { "rlogin", "rlogin escape character", 0, &rlogin },
-    { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile},
-    { " ", "" },
-    { " ", "The following need 'localchars' to be toggled true", 0, 0 },
-    { "flushoutput", "character to cause an Abort Output", 0, termFlushCharp },
-    { "interrupt", "character to cause an Interrupt Process", 0, termIntCharp },
-    { "quit",	"character to cause an Abort process", 0, termQuitCharp },
-    { "eof",	"character to cause an EOF ", 0, termEofCharp },
-    { " ", "" },
-    { " ", "The following are for local editing in linemode", 0, 0 },
-    { "erase",	"character to use to erase a character", 0, termEraseCharp },
-    { "kill",	"character to use to erase a line", 0, termKillCharp },
-    { "lnext",	"character to use for literal next", 0, termLiteralNextCharp },
-    { "susp",	"character to cause a Suspend Process", 0, termSuspCharp },
-    { "reprint", "character to use for line reprint", 0, termRprntCharp },
-    { "worderase", "character to use to erase a word", 0, termWerasCharp },
-    { "start",	"character to use for XON", 0, termStartCharp },
-    { "stop",	"character to use for XOFF", 0, termStopCharp },
-    { "forw1",	"alternate end of line character", 0, termForw1Charp },
-    { "forw2",	"alternate end of line character", 0, termForw2Charp },
-    { "ayt",	"alternate AYT character", 0, termAytCharp },
-    { 0 }
-};
-
-#if	defined(CRAY) && !defined(__STDC__)
-/* Work around compiler bug in pcc 4.1.5 */
-    void
-_setlist_init()
-{
-#ifndef	KLUDGELINEMODE
-#define	N 5
-#else
-#define	N 6
-#endif
-	Setlist[N+0].charp = &termFlushChar;
-	Setlist[N+1].charp = &termIntChar;
-	Setlist[N+2].charp = &termQuitChar;
-	Setlist[N+3].charp = &termEofChar;
-	Setlist[N+6].charp = &termEraseChar;
-	Setlist[N+7].charp = &termKillChar;
-	Setlist[N+8].charp = &termLiteralNextChar;
-	Setlist[N+9].charp = &termSuspChar;
-	Setlist[N+10].charp = &termRprntChar;
-	Setlist[N+11].charp = &termWerasChar;
-	Setlist[N+12].charp = &termStartChar;
-	Setlist[N+13].charp = &termStopChar;
-	Setlist[N+14].charp = &termForw1Char;
-	Setlist[N+15].charp = &termForw2Char;
-	Setlist[N+16].charp = &termAytChar;
-#undef	N
-}
-#endif	/* defined(CRAY) && !defined(__STDC__) */
-
-    static struct setlist *
-getset(name)
-    char *name;
-{
-    return (struct setlist *)
-		genget(name, (char **) Setlist, sizeof(struct setlist));
-}
-
-    void
-set_escape_char(s)
-    char *s;
-{
-	if (rlogin != _POSIX_VDISABLE) {
-		rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet rlogin escape character is '%s'.\r\n",
-					control(rlogin));
-	} else {
-		escape = (s && *s) ? special(s) : _POSIX_VDISABLE;
-		printf("Telnet escape character is '%s'.\r\n", control(escape));
-	}
-}
-
-    static int
-setcmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    int value;
-    struct setlist *ct;
-    struct togglelist *c;
-
-    if (argc < 2 || argc > 3) {
-	printf("Format is 'set Name Value'\n'set ?' for help.\r\n");
-	return 0;
-    }
-    if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(1);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    ct = getset(argv[1]);
-    if (ct == 0) {
-	c = GETTOGGLE(argv[1]);
-	if (c == 0) {
-	    fprintf(stderr, "'%s': unknown argument ('set ?' for help).\n",
-			argv[1]);
-	    return 0;
-	} else if (Ambiguous(c)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
-			argv[1]);
-	    return 0;
-	}
-	if (c->variable) {
-	    if ((argc == 2) || (strcmp("on", argv[2]) == 0))
-		*c->variable = 1;
-	    else if (strcmp("off", argv[2]) == 0)
-		*c->variable = 0;
-	    else {
-		printf("Format is 'set togglename [on|off]'\n'set ?' for help.\r\n");
-		return 0;
-	    }
-	    if (c->actionexplanation) {
-		printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-	    }
-	}
-	if (c->handler)
-	    (*c->handler)(1);
-    } else if (argc != 3) {
-	printf("Format is 'set Name Value'\n'set ?' for help.\r\n");
-	return 0;
-    } else if (Ambiguous(ct)) {
-	fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n",
-			argv[1]);
-	return 0;
-    } else if (ct->handler) {
-	(*ct->handler)(argv[2]);
-	printf("%s set to \"%s\".\r\n", ct->name, (char *)ct->charp);
-    } else {
-	if (strcmp("off", argv[2])) {
-	    value = special(argv[2]);
-	} else {
-	    value = _POSIX_VDISABLE;
-	}
-	*(ct->charp) = (cc_t)value;
-	printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-    }
-    slc_check();
-    return 1;
-}
-
-    static int
-unsetcmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct setlist *ct;
-    struct togglelist *c;
-    register char *name;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'unset' command.  'unset ?' for help.\n");
-	return 0;
-    }
-    if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) {
-	for (ct = Setlist; ct->name; ct++)
-	    printf("%-15s %s\r\n", ct->name, ct->help);
-	printf("\r\n");
-	settogglehelp(0);
-	printf("%-15s %s\r\n", "?", "display help information");
-	return 0;
-    }
-
-    argc--;
-    argv++;
-    while (argc--) {
-	name = *argv++;
-	ct = getset(name);
-	if (ct == 0) {
-	    c = GETTOGGLE(name);
-	    if (c == 0) {
-		fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\n",
-			name);
-		return 0;
-	    } else if (Ambiguous(c)) {
-		fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
-			name);
-		return 0;
-	    }
-	    if (c->variable) {
-		*c->variable = 0;
-		if (c->actionexplanation) {
-		    printf("%s %s.\r\n", *c->variable? "Will" : "Won't",
-							c->actionexplanation);
-		}
-	    }
-	    if (c->handler)
-		(*c->handler)(0);
-	} else if (Ambiguous(ct)) {
-	    fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n",
-			name);
-	    return 0;
-	} else if (ct->handler) {
-	    (*ct->handler)(0);
-	    printf("%s reset to \"%s\".\r\n", ct->name, (char *)ct->charp);
-	} else {
-	    *(ct->charp) = _POSIX_VDISABLE;
-	    printf("%s character is '%s'.\r\n", ct->name, control(*(ct->charp)));
-	}
-    }
-    return 1;
-}
-
-/*
- * The following are the data structures and routines for the
- * 'mode' command.
- */
-#ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
-
-    static int
-dokludgemode()
-{
-    kludgelinemode = 1;
-    send_wont(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_SGA, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;			/* I'm guessing here -- eichin -- XXX */
-}
-#endif
-
-    static int
-dolinemode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_dont(TELOPT_SGA, 1);
-#endif
-    send_will(TELOPT_LINEMODE, 1);
-    send_dont(TELOPT_ECHO, 1);
-    return 1;
-}
-
-    static int
-docharmode()
-{
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode)
-	send_do(TELOPT_SGA, 1);
-    else
-#endif
-    send_wont(TELOPT_LINEMODE, 1);
-    send_do(TELOPT_ECHO, 1);
-    return 1;
-}
-
-    static int
-dolmmode(bit, on)
-    int bit, on;
-{
-    unsigned char c;
-    extern int linemode;
-
-    if (my_want_state_is_wont(TELOPT_LINEMODE)) {
-	printf("?Need to have LINEMODE option enabled first.\r\n");
-	printf("'mode ?' for help.\r\n");
-	return 0;
-    }
-
-    if (on)
-	c = (linemode | bit);
-    else
-	c = (linemode & ~bit);
-    lm_mode(&c, 1, 1);
-    return 1;
-}
-
-static int
-tel_setmode(bit)
-    int bit;
-{
-    return dolmmode(bit, 1);
-}
-
-static int
-tel_clearmode(bit)
-    int bit;
-{
-    return dolmmode(bit, 0);
-}
-
-struct modelist {
-	char	*name;		/* command name */
-	char	*help;		/* help string */
-	int	(*handler)();	/* routine which executes command */
-	int	needconnect;	/* Do we need to be connected to execute? */
-	int	arg1;
-};
-
-static int modehelp(void);
-
-static struct modelist ModeList[] = {
-    { "character", "Disable LINEMODE option",	docharmode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or disable obsolete line-by-line mode)", 0 },
-#endif
-    { "line",	"Enable LINEMODE option",	dolinemode, 1 },
-#ifdef	KLUDGELINEMODE
-    { "",	"(or enable obsolete line-by-line mode)", 0 },
-#endif
-    { "", "", 0 },
-    { "",	"These require the LINEMODE option to be enabled", 0 },
-    { "isig",	"Enable signal trapping",	tel_setmode, 1, MODE_TRAPSIG },
-    { "+isig",	0,				tel_setmode, 1, MODE_TRAPSIG },
-    { "-isig",	"Disable signal trapping",	tel_clearmode, 1, MODE_TRAPSIG },
-    { "edit",	"Enable character editing",	tel_setmode, 1, MODE_EDIT },
-    { "+edit",	0,				tel_setmode, 1, MODE_EDIT },
-    { "-edit",	"Disable character editing",	tel_clearmode, 1, MODE_EDIT },
-    { "softtabs", "Enable tab expansion",	tel_setmode, 1, MODE_SOFT_TAB },
-    { "+softtabs", 0,				tel_setmode, 1, MODE_SOFT_TAB },
-    { "-softtabs", "Disable character editing",	tel_clearmode, 1, MODE_SOFT_TAB },
-    { "litecho", "Enable literal character echo", tel_setmode, 1, MODE_LIT_ECHO },
-    { "+litecho", 0,				tel_setmode, 1, MODE_LIT_ECHO },
-    { "-litecho", "Disable literal character echo", tel_clearmode, 1, MODE_LIT_ECHO },
-    { "help",	0,				modehelp, 0 },
-#ifdef	KLUDGELINEMODE
-    { "kludgeline", 0,				dokludgemode, 1 },
-#endif
-    { "", "", 0 },
-    { "?",	"Print help information",	modehelp, 0 },
-    { 0 },
-};
-
-
-static int
-modehelp()
-{
-    struct modelist *mt;
-
-    printf("format is:  'mode Mode', where 'Mode' is one of:\r\n\r\n");
-    for (mt = ModeList; mt->name; mt++) {
-	if (mt->help) {
-	    if (*mt->help)
-		printf("%-15s %s\r\n", mt->name, mt->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-#define	GETMODECMD(name) (struct modelist *) \
-		genget(name, (char **) ModeList, sizeof(struct modelist))
-
-    static int
-modecmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct modelist *mt;
-
-    if (argc != 2) {
-	printf("'mode' command requires an argument\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if ((mt = GETMODECMD(argv[1])) == 0) {
-	fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\n", argv[1]);
-    } else if (Ambiguous(mt)) {
-	fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\n", argv[1]);
-    } else if (mt->needconnect && !connected) {
-	printf("?Need to be connected first.\r\n");
-	printf("'mode ?' for help.\r\n");
-    } else if (mt->handler) {
-	return (*mt->handler)(mt->arg1);
-    }
-    return 0;
-}
-
-/*
- * The following data structures and routines implement the
- * "display" command.
- */
-
-    static int
-display(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct togglelist *tl;
-    struct setlist *sl;
-
-#define	dotog(tl)	if (tl->variable && tl->actionexplanation) { \
-			    if (*tl->variable) { \
-				printf("will"); \
-			    } else { \
-				printf("won't"); \
-			    } \
-			    printf(" %s.\r\n", tl->actionexplanation); \
-			}
-
-#define	doset(sl)   if (sl->name && *sl->name != ' ') { \
-			if (sl->handler == 0) \
-			    printf("%-15s [%s]\r\n", sl->name, control(*sl->charp)); \
-			else \
-			    printf("%-15s \"%s\"\r\n", sl->name, (char *)sl->charp); \
-		    }
-
-    if (argc == 1) {
-	for (tl = Togglelist; tl->name; tl++) {
-	    dotog(tl);
-	}
-	printf("\r\n");
-	for (sl = Setlist; sl->name; sl++) {
-	    doset(sl);
-	}
-    } else {
-	int i;
-
-	for (i = 1; i < argc; i++) {
-	    sl = getset(argv[i]);
-	    tl = GETTOGGLE(argv[i]);
-	    if (Ambiguous(sl) || Ambiguous(tl)) {
-		printf("?Ambiguous argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else if (!sl && !tl) {
-		printf("?Unknown argument '%s'.\r\n", argv[i]);
-		return 0;
-	    } else {
-		if (tl) {
-		    dotog(tl);
-		}
-		if (sl) {
-		    doset(sl);
-		}
-	    }
-	}
-    }
-    /*@*/optionstatus();
-#ifdef	ENCRYPTION
-    EncryptStatus();
-#endif	/* ENCRYPTION */
-    return 1;
-#undef	doset
-#undef	dotog
-}
-
-/*
- * The following are the data structures, and many of the routines,
- * relating to command processing.
- */
-
-/*
- * Set the escape character.
- */
-	static int
-setescape(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register char *arg;
-	char buf[50];
-
-	printf(
-	    "Deprecated usage - please use 'set escape%s%s' in the future.\r\n",
-				(argc > 2)? " ":"", (argc > 2)? argv[1]: "");
-	if (argc > 2)
-		arg = argv[1];
-	else {
-		printf("new escape character: ");
-		(void) fgets(buf, sizeof(buf), stdin);
-		arg = buf;
-	}
-	if (arg[0] != '\0')
-		escape = arg[0];
-	if (!In3270) {
-		printf("Escape character is '%s'.\r\n", control(escape));
-	}
-	(void) fflush(stdout);
-	return 1;
-}
-
-    /*VARARGS*/
-    static int
-togcrmod(argc, argv)
-     int argc;
-     char **argv;
-{
-    crmod = !crmod;
-    printf("Deprecated usage - please use 'toggle crmod' in the future.\r\n");
-    printf("%s map carriage return on output.\r\n", crmod ? "Will" : "Won't");
-    (void) fflush(stdout);
-    return 1;
-}
-
-    /*VARARGS*/
-static int
-suspend(argc, argv)
-     int argc;
-     char **argv;
-{
-#ifdef	SIGTSTP
-    setcommandmode();
-    {
-	long oldrows, oldcols, newrows, newcols, err;
-
-	err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-	(void) kill(0, SIGTSTP);
-	/*
-	 * If we didn't get the window size before the SUSPEND, but we
-	 * can get them now (???), then send the NAWS to make sure that
-	 * we are set up for the right window size.
-	 */
-	if (TerminalWindowSize(&newrows, &newcols) && connected &&
-	    (err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		sendnaws();
-	}
-    }
-    /* reget parameters in case they were changed */
-    TerminalSaveState();
-    setconnmode(0);
-#else
-    printf("Suspend is not supported.  Try the '!' command instead\r\n");
-#endif
-    return 1;
-}
-
-#if	!defined(TN3270)
-    /*ARGSUSED*/
-static int
-shell(argc, argv)
-    int argc;
-    char *argv[];
-{
-    long oldrows, oldcols, newrows, newcols, err;
-
-    setcommandmode();
-
-    err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0;
-    switch(vfork()) {
-    case -1:
-	perror("Fork failed");
-	break;
-
-    case 0:
-	{
-	    /*
-	     * Fire up the shell in the child.
-	     */
-	    register char *shellp, *shellname;
-
-	    shellp = getenv("SHELL");
-	    if (shellp == NULL)
-		shellp = "/bin/sh";
-	    if ((shellname = strrchr(shellp, '/')) == 0)
-		shellname = shellp;
-	    else
-		shellname++;
-	    if (argc > 1)
-		execl(shellp, shellname, "-c", &saveline[1], (char *)NULL);
-	    else
-		execl(shellp, shellname, (char *)NULL);
-	    perror("Execl");
-	    _exit(1);
-	}
-    default:
-	    (void)wait((int *)0);	/* Wait for the shell to complete */
-
-	    if (TerminalWindowSize(&newrows, &newcols) && connected &&
-		(err || ((oldrows != newrows) || (oldcols != newcols)))) {
-		    sendnaws();
-	    }
-	    break;
-    }
-    return 1;
-}
-#else	/* !defined(TN3270) */
-extern int shell();
-#endif	/* !defined(TN3270) */
-
-/*VARARGS*/
-static int
-bye(argc, argv)
-    int  argc;		/* Number of arguments */
-    char *argv[];	/* arguments */
-{
-    extern int resettermname;
-
-    if (connected) {
-	(void) shutdown(net, 2);
-	printf("Connection closed.\r\n");
-	(void) NetClose(net);
-	connected = 0;
-	resettermname = 1;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
-	/* reset options */
-	tninit();
-#if	defined(TN3270)
-	SetIn3270();		/* Get out of 3270 mode */
-#endif	/* defined(TN3270) */
-    }
-    if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) {
-	longjmp(toplevel, 1);
-	/* NOTREACHED */
-    }
-    return 1;			/* Keep lint, etc., happy */
-}
-
-/*VARARGS*/
-int
-quit(argc, argv)
-	int argc;
-	char *argv[];
-{
-	(void) call(bye, "bye", "fromquit", 0);
-	Exit(0);
-	/*NOTREACHED*/
-	return 0;
-}
-
-/*VARARGS*/
-static int
-logout(argc, argv)
-     int argc;
-     char **argv;
-{
-	send_do(TELOPT_LOGOUT, 1);
-	(void) netflush();
-	return 1;
-}
-
-
-/*
- * The SLC command.
- */
-
-struct slclist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	arg;
-};
-
-static void slc_help(void);
-
-struct slclist SlcList[] = {
-    { "export",	"Use local special character definitions",
-						slc_mode_export,	0 },
-    { "import",	"Use remote special character definitions",
-						slc_mode_import,	1 },
-    { "check",	"Verify remote special character definitions",
-						slc_mode_import,	0 },
-    { "help",	0,				slc_help,		0 },
-    { "?",	"Print help information",	slc_help,		0 },
-    { 0 },
-};
-
-    static void
-slc_help()
-{
-    struct slclist *c;
-
-    for (c = SlcList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-static struct slclist *
-getslc(name)
-    char *name;
-{
-    return (struct slclist *)
-		genget(name, (char **) SlcList, sizeof(struct slclist));
-}
-
-static int
-slccmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct slclist *c;
-
-    if (argc != 2) {
-	fprintf(stderr,
-	    "Need an argument to 'slc' command.  'slc ?' for help.\n");
-	return 0;
-    }
-    c = getslc(argv[1]);
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    (*c->handler)(c->arg);
-    slcstate();
-    return 1;
-}
-
-/*
- * The ENVIRON command.
- */
-
-struct envlist {
-	char	*name;
-	char	*help;
-	void	(*handler)();
-	int	narg;
-};
-
-extern struct env_lst *
-	env_define (unsigned char *, unsigned char *);
-extern void
-	env_undefine (unsigned char *),
-	env_export (unsigned char *),
-	env_unexport (unsigned char *),
-	env_send (unsigned char *),
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-	env_varval (unsigned char *),
-#endif
-	env_list (void);
-static void
-	env_help (void);
-
-struct envlist EnvList[] = {
-    { "define",	"Define an environment variable",
-						(void (*)())env_define,	2 },
-    { "undefine", "Undefine an environment variable",
-						env_undefine,	1 },
-    { "export",	"Mark an environment variable for automatic export",
-						env_export,	1 },
-    { "unexport", "Don't mark an environment variable for automatic export",
-						env_unexport,	1 },
-    { "send",	"Send an environment variable", env_send,	1 },
-    { "list",	"List the current environment variables",
-						env_list,	0 },
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-    { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)",
-						env_varval,    1 },
-#endif
-    { "help",	0,				env_help,		0 },
-    { "?",	"Print help information",	env_help,		0 },
-    { 0 },
-};
-
-    static void
-env_help()
-{
-    struct envlist *c;
-
-    for (c = EnvList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-}
-
-    static struct envlist *
-getenvcmd(name)
-    char *name;
-{
-    return (struct envlist *)
-		genget(name, (char **) EnvList, sizeof(struct envlist));
-}
-
-static int
-env_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct envlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'environ' command.  'environ ?' for help.\n");
-	return 0;
-    }
-    c = getenvcmd(argv[1]);
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'environ %s' command.  'environ ?' for help.\n",
-		c->narg < argc - 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    (*c->handler)(argv[2], argv[3]);
-    return 1;
-}
-
-struct env_lst {
-	struct env_lst *next;	/* pointer to next structure */
-	struct env_lst *prev;	/* pointer to previous structure */
-	unsigned char *var;	/* pointer to variable name */
-	unsigned char *value;	/* pointer to variable value */
-	int export;		/* 1 -> export with default list of variables */
-	int welldefined;	/* A well defined variable */
-};
-
-struct env_lst envlisthead;
-
-static	struct env_lst *
-env_find(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		if (strcmp((char *)ep->var, (char *)var) == 0)
-			return(ep);
-	}
-	return(NULL);
-}
-
-	void
-env_init()
-{
-	extern char **environ;
-	char **epp, *cp;
-	struct env_lst *ep;
-
-	for (epp = environ; *epp; epp++) {
-		if ((cp = strchr(*epp, '='))) {
-			*cp = '\0';
-			ep = env_define((unsigned char *)*epp,
-					(unsigned char *)cp+1);
-			ep->export = 0;
-			*cp = '=';
-		}
-	}
-	/*
-	 * Special case for DISPLAY variable.  If it is ":0.0" or
-	 * "unix:0.0", we have to get rid of "unix" and insert our
-	 * hostname.
-	 */
-	if ((ep = env_find("DISPLAY"))
-	    && ((*ep->value == ':')
-	        || (strncmp((char *)ep->value, "unix:", 5) == 0))) {
-		char hbuf[256+1];
-		char *cp2 = strchr((char *)ep->value, ':');
-
-		gethostname(hbuf, 256);
-		hbuf[256] = '\0';
-		asprintf(&cp, "%s%s", hbuf, cp2);
-		free(ep->value);
-		ep->value = (unsigned char *)cp;
-	}
-	/*
-	 * If USER is not defined, but LOGNAME is, then add
-	 * USER with the value from LOGNAME.  By default, we
-	 * don't export the USER variable.
-	 */
-	if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) {
-		env_define((unsigned char *)"USER", ep->value);
-		env_unexport((unsigned char *)"USER");
-	}
-	env_export((unsigned char *)"DISPLAY");
-	env_export((unsigned char *)"PRINTER");
-}
-
-	struct env_lst *
-env_define(var, value)
-	unsigned char *var, *value;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-	} else {
-		ep = (struct env_lst *)malloc(sizeof(struct env_lst));
-		ep->next = envlisthead.next;
-		envlisthead.next = ep;
-		ep->prev = &envlisthead;
-		if (ep->next)
-			ep->next->prev = ep;
-	}
-	ep->welldefined = opt_welldefined((char *)var);
-	ep->export = 1;
-	ep->var = (unsigned char *)strdup((char *)var);
-	ep->value = (unsigned char *)strdup((char *)value);
-	return(ep);
-}
-
-	void
-env_undefine(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var))) {
-		ep->prev->next = ep->next;
-		if (ep->next)
-			ep->next->prev = ep->prev;
-		if (ep->var)
-			free(ep->var);
-		if (ep->value)
-			free(ep->value);
-		free(ep);
-	}
-}
-
-	void
-env_export(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 1;
-}
-
-	void
-env_unexport(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		ep->export = 0;
-}
-
-	void
-env_send(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-        if (my_state_is_wont(TELOPT_NEW_ENVIRON)
-#ifdef	OLD_ENVIRON
-	    && my_state_is_wont(TELOPT_OLD_ENVIRON)
-#endif
-		) {
-		fprintf(stderr,
-		    "Cannot send '%s': Telnet ENVIRON option not enabled\n",
-									var);
-		return;
-	}
-	ep = env_find(var);
-	if (ep == 0) {
-		fprintf(stderr, "Cannot send '%s': variable not defined\n",
-									var);
-		return;
-	}
-	env_opt_start_info();
-	env_opt_add(ep->var);
-	env_opt_end(0);
-}
-
-	void
-env_list()
-{
-	register struct env_lst *ep;
-
-	for (ep = envlisthead.next; ep; ep = ep->next) {
-		printf("%c %-20s %s\r\n", ep->export ? '*' : ' ',
-					ep->var, ep->value);
-	}
-}
-
-	unsigned char *
-env_default(init, welldefined)
-	int init;
-{
-	static struct env_lst *nep = NULL;
-
-	if (init) {
-		nep = &envlisthead;
-		return NULL;	/* guessing here too -- eichin -- XXX */
-	}
-	if (nep) {
-		while ((nep = nep->next)) {
-			if (nep->export && (nep->welldefined == welldefined))
-				return(nep->var);
-		}
-	}
-	return(NULL);
-}
-
-	unsigned char *
-env_getvalue(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		return(ep->value);
-	return(NULL);
-}
-
-	int
-env_is_exported(var)
-	unsigned char *var;
-{
-	register struct env_lst *ep;
-
-	if ((ep = env_find(var)))
-		return ep->export;
-	return 0;
-}
-
-#if defined(OLD_ENVIRON) && defined(ENV_HACK)
-	void
-env_varval(what)
-	unsigned char *what;
-{
-	extern int old_env_var, old_env_value, env_auto;
-	unsigned int len = strlen((char *)what);
-
-	if (len == 0)
-		goto unknown;
-
-	if (strncasecmp((char *)what, "status", len) == 0) {
-		if (env_auto)
-			printf("%s%s", "VAR and VALUE are/will be ",
-					"determined automatically\r\n");
-		if (old_env_var == OLD_ENV_VAR)
-			printf("VAR and VALUE set to correct definitions\r\n");
-		else
-			printf("VAR and VALUE definitions are reversed\r\n");
-	} else if (strncasecmp((char *)what, "auto", len) == 0) {
-		env_auto = 1;
-		old_env_var = OLD_ENV_VALUE;
-		old_env_value = OLD_ENV_VAR;
-	} else if (strncasecmp((char *)what, "right", len) == 0) {
-		env_auto = 0;
-		old_env_var = OLD_ENV_VAR;
-		old_env_value = OLD_ENV_VALUE;
-	} else if (strncasecmp((char *)what, "wrong", len) == 0) {
-		env_auto = 0;
-		old_env_var = OLD_ENV_VALUE;
-		old_env_value = OLD_ENV_VAR;
-	} else {
-unknown:
-		printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\r\n");
-	}
-}
-#endif
-
-#if	defined(AUTHENTICATION)
-/*
- * The AUTHENTICATE command.
- */
-
-struct authlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	narg;
-};
-
-extern int
-	auth_enable (char *),
-	auth_disable (char *),
-	auth_status (void);
-static int
-	auth_help (void);
-
-struct authlist AuthList[] = {
-    { "status",	"Display current status of authentication information",
-						auth_status,	0 },
-    { "disable", "Disable an authentication type ('auth disable ?' for more)",
-						auth_disable,	1 },
-    { "enable", "Enable an authentication type ('auth enable ?' for more)",
-						auth_enable,	1 },
-    { "help",	0,				auth_help,		0 },
-    { "?",	"Print help information",	auth_help,		0 },
-    { 0 },
-};
-
-    static int
-auth_help()
-{
-    struct authlist *c;
-
-    for (c = AuthList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-int
-auth_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct authlist *c;
-
-    if (argc < 2) {
-      fprintf(stderr,
-          "Need an argument to 'auth' command.  'auth ?' for help.\n");
-      return 0;
-    }
-
-    c = (struct authlist *)
-		genget(argv[1], (char **) AuthList, sizeof(struct authlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (c->narg + 2 != argc) {
-	fprintf(stderr,
-	    "Need %s%d argument%s to 'auth %s' command.  'auth ?' for help.\n",
-		c->narg < argc + 2 ? "only " : "",
-		c->narg, c->narg == 1 ? "" : "s", c->name);
-	return 0;
-    }
-    return((*c->handler)(argv[2], argv[3]));
-}
-#endif
-
-#ifdef	ENCRYPTION
-/*
- * The ENCRYPT command.
- */
-
-struct encryptlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	needconnect;
-	int	minarg;
-	int	maxarg;
-};
-
-extern int
-	EncryptEnable (char *, char *),
-	EncryptDisable (char *, char *),
-	EncryptType (char *, char *),
-	EncryptStart (char *),
-	EncryptStartInput (void),
-	EncryptStartOutput (void),
-	EncryptStop (char *),
-	EncryptStopInput (void),
-	EncryptStopOutput (void),
-	EncryptStatus (void);
-static int
-	EncryptHelp (void);
-
-struct encryptlist EncryptList[] = {
-    { "enable", "Enable encryption. ('encrypt enable ?' for more)",
-						EncryptEnable, 1, 1, 2 },
-    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
-						EncryptDisable, 0, 1, 2 },
-    { "type", "Set encryption type. ('encrypt type ?' for more)",
-						EncryptType, 0, 1, 1 },
-    { "start", "Start encryption. ('encrypt start ?' for more)",
-						EncryptStart, 1, 0, 1 },
-    { "stop", "Stop encryption. ('encrypt stop ?' for more)",
-						EncryptStop, 1, 0, 1 },
-    { "input", "Start encrypting the input stream",
-						EncryptStartInput, 1, 0, 0 },
-    { "-input", "Stop encrypting the input stream",
-						EncryptStopInput, 1, 0, 0 },
-    { "output", "Start encrypting the output stream",
-						EncryptStartOutput, 1, 0, 0 },
-    { "-output", "Stop encrypting the output stream",
-						EncryptStopOutput, 1, 0, 0 },
-
-    { "status",	"Display current status of authentication information",
-						EncryptStatus,	0, 0, 0 },
-    { "help",	0,				EncryptHelp,	0, 0, 0 },
-    { "?",	"Print help information",	EncryptHelp,	0, 0, 0 },
-    { 0 },
-};
-
-    static int
-EncryptHelp()
-{
-    struct encryptlist *c;
-
-    for (c = EncryptList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\r\n", c->name, c->help);
-	    else
-		printf("\r\n");
-	}
-    }
-    return 0;
-}
-
-int
-encrypt_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct encryptlist *c;
-
-    if (argc < 2) {
-	fprintf(stderr,
-	    "Need an argument to 'encrypt' command.  'encrypt ?' for help.\n");
-	return 0;
-    }
-
-    c = (struct encryptlist *)
-		genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    argc -= 2;
-    if (argc < c->minarg || argc > c->maxarg) {
-	if (c->minarg == c->maxarg) {
-	    fprintf(stderr, "Need %s%d argument%s ",
-		c->minarg < argc ? "only " : "", c->minarg,
-		c->minarg == 1 ? "" : "s");
-	} else {
-	    fprintf(stderr, "Need %s%d-%d arguments ",
-		c->maxarg < argc ? "only " : "", c->minarg, c->maxarg);
-	}
-	fprintf(stderr, "to 'encrypt %s' command.  'encrypt ?' for help.\n",
-		c->name);
-	return 0;
-    }
-    if (c->needconnect && !connected) {
-	if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) {
-	    printf("?Need to be connected first.\r\n");
-	    return 0;
-	}
-    }
-    return ((*c->handler)(argc > 0 ? argv[2] : 0,
-			argc > 1 ? argv[3] : 0,
-			argc > 2 ? argv[4] : 0));
-}
-#endif	/* ENCRYPTION */
-
-#if	defined(FORWARD)
-
-/*
- * The FORWARD command.
- */
-
-
-extern int forward_flags;
-
-struct forwlist {
-	char	*name;
-	char	*help;
-	int	(*handler)();
-	int	f_flags;
-};
-
-static int
-	forw_status (void),
-	forw_set (int),
-	forw_help (void);
-
-struct forwlist ForwList[] = {
-    { "status",	"Display current status of credential forwarding",
-						forw_status,	0 },
-    { "disable", "Disable credential forwarding",
-						forw_set,	0 },
-    { "enable", "Enable credential forwarding",
-						forw_set,
-						OPTS_FORWARD_CREDS },
-    { "forwardable", "Enable credential forwarding of forwardable credentials",
-						forw_set,
-						OPTS_FORWARD_CREDS |
-						OPTS_FORWARDABLE_CREDS },
-    { "help",	0,				forw_help,		0 },
-    { "?",	"Print help information",	forw_help,		0 },
-    { 0 },
-};
-
-    static int
-forw_status()
-{
-    if (forward_flags & OPTS_FORWARD_CREDS) {
-	if (forward_flags & OPTS_FORWARDABLE_CREDS) {
-	    printf("Credential forwarding of forwardable credentials enabled\n");
-	} else {
-	    printf("Credential forwarding enabled\n");
-	}
-    } else {
-	printf("Credential forwarding disabled\n");
-    }
-    return(0);
-}
-
-int
-forw_set(f_flags)
-     int f_flags;
-{
-    forward_flags = f_flags;
-    return(0);
-}
-
-static int
-forw_help()
-{
-    struct forwlist *c;
-
-    for (c = ForwList; c->name; c++) {
-	if (c->help) {
-	    if (*c->help)
-		printf("%-15s %s\n", c->name, c->help);
-	    else
-		printf("\n");
-	}
-    }
-    return 0;
-}
-
-static int
-forw_cmd(argc, argv)
-    int  argc;
-    char *argv[];
-{
-    struct forwlist *c;
-
-    if (argc < 2) {
-      fprintf(stderr,
-          "Need an argument to 'forward' command.  'forward ?' for help.\n");
-      return 0;
-    }
-
-    c = (struct forwlist *)
-		genget(argv[1], (char **) ForwList, sizeof(struct forwlist));
-    if (c == 0) {
-        fprintf(stderr, "'%s': unknown argument ('forw ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (Ambiguous(c)) {
-        fprintf(stderr, "'%s': ambiguous argument ('forw ?' for help).\n",
-    				argv[1]);
-        return 0;
-    }
-    if (argc != 2) {
-	fprintf(stderr,
-       "No arguments needed to 'forward %s' command.  'forward ?' for help.\n",
-		c->name);
-	return 0;
-    }
-    return((*c->handler)(c->f_flags));
-}
-#endif
-
-#if	defined(unix) && defined(TN3270)
-    static void
-filestuff(fd)
-    int fd;
-{
-    int res;
-
-#ifdef	F_GETOWN
-    setconnmode(0);
-    res = fcntl(fd, F_GETOWN, 0);
-    setcommandmode();
-
-    if (res == -1) {
-	perror("fcntl");
-	return;
-    }
-    printf("\tOwner is %d.\r\n", res);
-#endif
-
-    setconnmode(0);
-    res = fcntl(fd, F_GETFL, 0);
-    setcommandmode();
-
-    if (res == -1) {
-	perror("fcntl");
-	return;
-    }
-#ifdef notdef
-    printf("\tFlags are 0x%x: %s\r\n", res, decodeflags(res));
-#endif
-}
-#endif /* defined(unix) && defined(TN3270) */
-
-/*
- * Print status about the connection.
- */
-    /*ARGSUSED*/
-static int
-status(argc, argv)
-    int	 argc;
-    char *argv[];
-{
-    if (connected) {
-	printf("Connected to %s (%s).\r\n", hostname, hostaddrstring);
-	if ((argc < 2) || strcmp(argv[1], "notmuch")) {
-	    int mode = getconnmode();
-
-	    if (my_want_state_is_will(TELOPT_LINEMODE)) {
-		printf("Operating with LINEMODE option\r\n");
-		printf("%s line editing\r\n", (mode&MODE_EDIT) ? "Local" : "No");
-		printf("%s catching of signals\r\n",
-					(mode&MODE_TRAPSIG) ? "Local" : "No");
-		slcstate();
-#ifdef	KLUDGELINEMODE
-	    } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) {
-		printf("Operating in obsolete linemode\r\n");
-#endif
-	    } else {
-		printf("Operating in single character mode\r\n");
-		if (localchars)
-		    printf("Catching signals locally\r\n");
-	    }
-	    printf("%s character echo\r\n", (mode&MODE_ECHO) ? "Local" : "Remote");
-	    if (my_want_state_is_will(TELOPT_LFLOW))
-		printf("%s flow control\r\n", (mode&MODE_FLOW) ? "Local" : "No");
-#ifdef	ENCRYPTION
-	    encrypt_display();
-#endif	/* ENCRYPTION */
-	}
-    } else {
-	printf("No connection.\r\n");
-    }
-#   if !defined(TN3270)
-    printf("Escape character is '%s'.\r\n", control(escape));
-    (void) fflush(stdout);
-#   else /* !defined(TN3270) */
-    if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) {
-	printf("Escape character is '%s'.\r\n", control(escape));
-    }
-#   if defined(unix)
-    if ((argc >= 2) && !strcmp(argv[1], "everything")) {
-	printf("SIGIO received %d time%s.\r\n",
-				sigiocount, (sigiocount == 1)? "":"s");
-	if (In3270) {
-	    printf("Process ID %d, process group %d.\r\n",
-					    getpid(), getpgrp(getpid()));
-	    printf("Terminal input:\r\n");
-	    filestuff(tin);
-	    printf("Terminal output:\r\n");
-	    filestuff(tout);
-	    printf("Network socket:\r\n");
-	    filestuff(net);
-	}
-    }
-    if (In3270 && transcom) {
-       printf("Transparent mode command is '%s'.\r\n", transcom);
-    }
-#   endif /* defined(unix) */
-    (void) fflush(stdout);
-    if (In3270) {
-	return 0;
-    }
-#   endif /* defined(TN3270) */
-    return 1;
-}
-
-#ifdef	SIGINFO
-/*
- * Function that gets called when SIGINFO is received.
- */
-#if	defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO))
-void
-ayt_status()
-{
-    (void) call(status, "status", "notmuch", 0);
-}
-#else
-int
-ayt_status()
-{
-    (void) call(status, "status", "notmuch", 0);
-    return 0;
-}
-#endif
-#endif
-
-    int
-tn(argc, argv)
-    int argc;
-    char *argv[];
-{
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    char *srp = 0;
-    int srlen;
-#endif
-    char *cmd, *hostp = 0, *portp = 0, *volatile user = 0;
-    struct addrinfo *addrs = 0, *addrp;
-    struct addrinfo hints;
-    int error;
-
-    if (connected) {
-	printf("?Already connected to %s\r\n", hostname);
-	return 0;
-    }
-    if (argc < 2) {
-	(void) strlcpy(line, "open ", sizeof(line));
-	printf("(to) ");
-	(void) fgets(&line[strlen(line)], (int) (sizeof(line) - strlen(line)),
-		     stdin);
-	makeargv();
-	argc = margc;
-	argv = margv;
-    }
-    cmd = *argv;
-    --argc; ++argv;
-    while (argc) {
-	if (isprefix(*argv, "?"))
-	    goto usage;
-	if (strcmp(*argv, "-l") == 0) {
-	    --argc; ++argv;
-	    if (argc == 0)
-		goto usage;
-	    user = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (strcmp(*argv, "-a") == 0) {
-	    --argc; ++argv;
-	    autologin = 1;
-	    continue;
-	}
-	if (hostp == 0) {
-	    hostp = *argv++;
-	    --argc;
-	    continue;
-	}
-	if (portp == 0) {
-	    portp = *argv++;
-	    --argc;
-	    continue;
-	}
-    usage:
-	printf("usage: %s [-l user] [-a] host-name [port]\r\n", cmd);
-	return 0;
-    }
-    if (hostp == 0)
-	goto usage;
-
-    if (portp) {
-	if (*portp == '-') {
-	    portp++;
-	    telnetport = 1;
-	} else
-	    telnetport = 0;
-    } else {
-	portp = "telnet";
-	telnetport = 1;
-    }
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    if (hostp[0] == '@' || hostp[0] == '!') {
-	static struct sockaddr_in sr_sin4;
-	static struct addrinfo sr_addr;
-	unsigned long temp;
-	if ((hostname = strrchr(hostp, ':')) == NULL)
-	    hostname = strrchr(hostp, '@');
-	hostname++;
-	srp = 0;
-	temp = sourceroute(hostp, &srp, &srlen);
-	if (temp == 0) {
-	    herror(srp);
-	    return 0;
-	} else if (temp == -1) {
-	    printf("Bad source route option: %s\r\n", hostp);
-	    return 0;
-	} else {
-	    sr_sin4.sin_addr.s_addr = temp;
-	    sr_sin4.sin_family = AF_INET;
-#ifdef HAVE_SA_LEN
-	    sr_sin4.sin_len = sizeof (sr_sin4);
-#endif
-	    sr_addr.ai_family = AF_INET;
-	    sr_addr.ai_addrlen = sizeof (sr_sin4);
-	    sr_addr.ai_addr = (struct sockaddr *) &sr_sin4;
-	    sr_addr.ai_next = 0;
-	    sr_addr.ai_canonname = hostname;
-	    addrs = &sr_addr;
-	}
-    } else {
-#endif
-	memset (&hints, 0, sizeof (hints));
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_family = PF_UNSPEC;
-
-
-	/* The GNU Libc (Red Hat Linux 6.1, on x86, which MIT is using
-	   at this time) implementation seems to completely ignore
-	   AI_NUMERICHOST, and contacts DNS anyways.  But other
-	   versions will not, and we do want to treat the two cases a
-	   little differently.  */
-#ifdef AF_INET6
-#define IS_NUMERIC_ADDR(P) \
-	('\0' == (P)[strspn((P), (strchr((P),':') ? "abcdefABCDEF:0123456789." : "0123456789."))])
-#else
-#define IS_NUMERIC_ADDR(P) \
-	('\0' == (P)[strspn((P), "0123456789.")])
-#endif
-	if (! IS_NUMERIC_ADDR (hostp))
-	    goto not_numeric;
-
-
-	hints.ai_flags = AI_NUMERICHOST;
-	error = getaddrinfo (hostp, portp, &hints, &addrs);
-	if (error == 0) {
-	    if (getnameinfo (addrs->ai_addr, addrs->ai_addrlen,
-			     _hostname, sizeof(_hostname), 0, 0, NI_NAMEREQD) != 0)
-		strncpy(_hostname, hostp, sizeof (_hostname));
-	    hostname = _hostname;
-	} else {
-	not_numeric:
-	    hints.ai_flags = AI_CANONNAME;
-	    error = getaddrinfo (hostp, portp, &hints, &addrs);
-	    if (error == 0) {
-
-		/* Stupid glibc lossage again.  */
-		if (! IS_NUMERIC_ADDR (addrs->ai_canonname)) {
-		    strncpy(_hostname, addrs->ai_canonname, sizeof(_hostname));
-		} else {
-		    fprintf (stderr,
-			     "telnet: system library bug? getaddrinfo returns numeric address\n"
-			     "\tas canonical name of %s\n",
-			     hostp);
-		    strncpy(_hostname, hostp, sizeof (_hostname));
-		}
-
-	    } else {
-		strncpy(_hostname, hostp, sizeof (_hostname));
-	    }
-	    hostname = _hostname;
-	}
-	if (error) {
-	    fprintf (stderr, "%s/%s: %s\n", hostp, portp, gai_strerror (error));
-	    return 0;
-	}
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-    }
-#endif
-    for (addrp = addrs; addrp && !connected; addrp = addrp->ai_next) {
-	error = getnameinfo (addrp->ai_addr, addrp->ai_addrlen,
-			     hostaddrstring, sizeof (hostaddrstring),
-			     (char *) NULL, 0, NI_NUMERICHOST);
-	if (error) {
-	    fprintf (stderr, "getnameinfo() error printing address: %s\n",
-		     gai_strerror (error));
-	    strlcpy (hostaddrstring, "[address unprintable]",
-		     sizeof(hostaddrstring));
-	}
-	printf("Trying %s...\r\n", hostaddrstring);
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-	if (srp && addrp->ai_family != AF_INET) {
-	    printf ("source routing not supported (yet) for address family,"
-		    " trying another address\n");
-	    continue;
-	}
-#endif
-	net = socket(addrp->ai_family, SOCK_STREAM, 0);
-	if (net < 0) {
-	    perror("telnet: socket");
-	    continue;
-	}
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-	if (srp) {
-	    if (addrp->ai_family != AF_INET)
-		printf ("source routing not supported (yet)"
-			" for address family\n");
-	    else if (setsockopt(net, IPPROTO_IP, IP_OPTIONS,
-				(char *)srp, srlen) < 0)
-		perror("setsockopt (IP_OPTIONS)");
-	}
-#endif
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	if (addrp->ai_family == AF_INET) {
-# if	defined(HAVE_GETTOSBYNAME)
-	    struct tosent *tp;
-	    if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-		tos = tp->t_tos;
-# endif
-	    if (tos < 0)
-		tos = 020;	/* Low Delay bit */
-	    if (tos
-		&& (setsockopt(net, IPPROTO_IP, IP_TOS,
-		    (char *)&tos, sizeof(int)) < 0)
-		&& (errno != ENOPROTOOPT))
-		    perror("telnet: setsockopt (IP_TOS) (ignored)");
-	}
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-
-	if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) {
-		perror("setsockopt (SO_DEBUG)");
-	}
-
-	if (connect(net, addrp->ai_addr, addrp->ai_addrlen) < 0) {
-	    if (hostaddrstring[0]) {
-		fprintf(stderr, "telnet: connect to address %s: %s\n",
-			hostaddrstring, strerror (errno));
-		(void) NetClose(net);
-		continue;
-	    }
-	}
-	connected++;
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
-    }
-    if (!connected) {
-	perror("telnet: Unable to connect to remote host");
-	return 0;
-    }
-    if (user)
-      user = strdup(user);
-    if (hostp)
-      hostp = strdup(hostp);
-    cmdrc(hostp, hostname);
-    if (hostp)
-      free(hostp);
-    if (autologin && user == NULL) {
-	struct passwd *pw;
-
-	user = getenv("USER");
-	if (user == NULL ||
-	    ((pw = getpwnam(user)) && pw->pw_uid != getuid())) {
-	        pw = getpwuid(getuid());
-		if (pw)
-			user = pw->pw_name;
-		else
-			user = NULL;
-	}
-	if (user)
-	  user = strdup(user);
-    }
-    if (user) {
-	env_define((unsigned char *)"USER", (unsigned char *)user);
-	env_export((unsigned char *)"USER");
-    }
-    (void) call(status, "status", "notmuch", 0);
-    if (setjmp(peerdied) == 0)
-	telnet(user);
-    if (user)
-      free(user);
-    (void) NetClose(net);
-    ExitString("Connection closed by foreign host.\r\n",1);
-    /*NOTREACHED*/
-    return 0;
-}
-
-#define HELPINDENT ((int) sizeof ("connect"))
-
-static char
-	openhelp[] =	"connect to a site",
-	closehelp[] =	"close current connection",
-	logouthelp[] =	"forcibly logout remote user and close the connection",
-	quithelp[] =	"exit telnet",
-	statushelp[] =	"print status information",
-	helphelp[] =	"print help information",
-	sendhelp[] =	"transmit special characters ('send ?' for more)",
-	sethelp[] = 	"set operating parameters ('set ?' for more)",
-	unsethelp[] = 	"unset operating parameters ('unset ?' for more)",
-	togglestring[] ="toggle operating parameters ('toggle ?' for more)",
-	slchelp[] =	"change state of special charaters ('slc ?' for more)",
-	displayhelp[] =	"display operating parameters",
-#if	defined(TN3270) && defined(unix)
-	transcomhelp[] = "specify Unix command for transparent mode pipe",
-#endif	/* defined(TN3270) && defined(unix) */
-#if	defined(AUTHENTICATION)
-	authhelp[] =	"turn on (off) authentication ('auth ?' for more)",
-#endif
-#ifdef	ENCRYPTION
-	encrypthelp[] =	"turn on (off) encryption ('encrypt ?' for more)",
-#endif	/* ENCRYPTION */
-#ifdef  FORWARD
-	forwardhelp[] = "turn on (off) credential forwarding ('forward ?' for more)",
-#endif
-#if	defined(unix)
-	zhelp[] =	"suspend telnet",
-#endif	/* defined(unix) */
-	shellhelp[] =	"invoke a subshell",
-	envhelp[] =	"change environment variables ('environ ?' for more)",
-	modestring[] = "try to enter line or character mode ('mode ?' for more)";
-
-static int	help();
-
-static Command cmdtab[] = {
-	{ "close",	closehelp,	bye,		1 },
-	{ "logout",	logouthelp,	logout,		1 },
-	{ "display",	displayhelp,	display,	0 },
-	{ "mode",	modestring,	modecmd,	0 },
-	{ "open",	openhelp,	tn,		0 },
-	{ "quit",	quithelp,	quit,		0 },
-	{ "send",	sendhelp,	sendcmd,	0 },
-	{ "set",	sethelp,	setcmd,		0 },
-	{ "unset",	unsethelp,	unsetcmd,	0 },
-	{ "status",	statushelp,	status,		0 },
-	{ "toggle",	togglestring,	toggle,		0 },
-	{ "slc",	slchelp,	slccmd,		0 },
-#if	defined(TN3270) && defined(unix)
-	{ "transcom",	transcomhelp,	settranscom,	0 },
-#endif	/* defined(TN3270) && defined(unix) */
-#if	defined(AUTHENTICATION)
-	{ "auth",	authhelp,	auth_cmd,	0 },
-#endif
-#ifdef	ENCRYPTION
-	{ "encrypt",	encrypthelp,	encrypt_cmd,	0 },
-#endif	/* ENCRYPTION */
-#ifdef  FORWARD
-	{ "forward",    forwardhelp,    forw_cmd,       0 },
-#endif
-#if	defined(unix)
-	{ "z",		zhelp,		suspend,	0 },
-#endif	/* defined(unix) */
-#if	defined(TN3270)
-	{ "!",		shellhelp,	shell,		1 },
-#else
-	{ "!",		shellhelp,	shell,		0 },
-#endif
-	{ "environ",	envhelp,	env_cmd,	0 },
-	{ "?",		helphelp,	help,		0 },
-	{  0,           0,              0,              0 }
-};
-
-static char	crmodhelp[] =	"deprecated command -- use 'toggle crmod' instead";
-static char	escapehelp[] =	"deprecated command -- use 'set escape' instead";
-
-static Command cmdtab2[] = {
-	{ "help",	0,		help,		0 },
-	{ "escape",	escapehelp,	setescape,	0 },
-	{ "crmod",	crmodhelp,	togcrmod,	0 },
-	{  0,           0,              0,              0 }
-};
-
-
-/*
- * Call routine with argc, argv set from args (terminated by 0).
- */
-
-    /*VARARGS1*/
-static int
-#ifdef HAVE_STDARG_H
-call(intrtn_t routine, ...)
-#else
-call(routine, va_alist)
-    intrtn_t routine;
-    va_dcl
-#endif
-{
-    va_list ap;
-    char *args[100];
-    int argno = 0;
-
-#ifdef HAVE_STDARG_H
-    va_start(ap, routine);
-#else
-    va_start(ap);
-#endif
-
-    while ((args[argno++] = va_arg(ap, char *)) != 0) {
-	;
-    }
-    va_end(ap);
-    return (*routine)(argno-1, args);
-}
-
-
-    static Command *
-getcmd(name)
-    char *name;
-{
-    Command *cm;
-
-    if ((cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))))
-	return cm;
-    return (Command *) genget(name, (char **) cmdtab2, sizeof(Command));
-}
-
-    void
-command(top, tbuf, cnt)
-    int top;
-    char *tbuf;
-    int cnt;
-{
-    register Command *c;
-
-    setcommandmode();
-    if (!top) {
-	putchar('\n');
-#if	defined(unix)
-    } else {
-	(void) signal(SIGINT, SIG_DFL);
-	(void) signal(SIGQUIT, SIG_DFL);
-#endif	/* defined(unix) */
-    }
-    for (;;) {
-	if (rlogin == _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	if (tbuf) {
-	    register char *cp;
-	    cp = line;
-	    while (cnt > 0 && (*cp++ = *tbuf++) != '\n')
-		cnt--;
-	    tbuf = 0;
-	    if (cp == line || *--cp != '\n' || cp == line)
-		goto getline;
-	    *cp = '\0';
-	    if (rlogin == _POSIX_VDISABLE)
-	        printf("%s\r\n", line);
-	} else {
-	getline:
-	    if (rlogin != _POSIX_VDISABLE)
-		printf("%s> ", prompt);
-	    if (fgets(line, sizeof(line), stdin) == NULL) {
-		if (feof(stdin) || ferror(stdin)) {
-		    (void) quit(0, NULL);
-		    /*NOTREACHED*/
-		}
-		break;
-	    }
-	}
-	if (line[0] == 0)
-	    break;
-	makeargv();
-	if (margv[0] == 0) {
-	    break;
-	}
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command\r\n");
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command\r\n");
-	    continue;
-	}
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first.\r\n");
-	    continue;
-	}
-	if ((*c->handler)(margc, margv)) {
-	    break;
-	}
-    }
-    if (!top) {
-	if (!connected) {
-	    longjmp(toplevel, 1);
-	    /*NOTREACHED*/
-	}
-#if	defined(TN3270)
-	if (shell_active == 0) {
-	    setconnmode(0);
-	}
-#else	/* defined(TN3270) */
-	setconnmode(0);
-#endif	/* defined(TN3270) */
-    }
-}
-
-/*
- * Help command.
- */
-static int
-help(argc, argv)
-	int argc;
-	char *argv[];
-{
-	register Command *c;
-
-	if (argc == 1) {
-		printf("Commands may be abbreviated.  Commands are:\r\n\r\n");
-		for (c = cmdtab; c->name; c++)
-			if (c->help) {
-				printf("%-*s\t%s\r\n", HELPINDENT, c->name,
-								    c->help);
-			}
-		return 0;
-	}
-	while (--argc > 0) {
-		register char *arg;
-		arg = *++argv;
-		c = getcmd(arg);
-		if (Ambiguous(c))
-			printf("?Ambiguous help command %s\r\n", arg);
-		else if (c == (Command *)0)
-			printf("?Invalid help command %s\r\n", arg);
-		else
-			printf("%s\r\n", c->help);
-	}
-	return 0;
-}
-
-static char *rcname = 0;
-static char rcbuf[128];
-
-void
-cmdrc(m1, m2)
-	char *m1, *m2;
-{
-    register Command *c;
-    FILE *rcfile;
-    int gotmachine = 0;
-    unsigned int l1 = strlen(m1);
-    unsigned int l2 = strlen(m2);
-    char m1save[64];
-
-    if (skiprc)
-	return;
-
-    strncpy(m1save, m1, sizeof(m1save) - 1);
-    m1save[sizeof(m1save) - 1] = '\0';
-    m1 = m1save;
-
-    if (rcname == 0) {
-	rcname = getenv("HOME");
-	if (rcname)
-	    strncpy(rcbuf, rcname, sizeof(rcbuf) - 1);
-	else
-	    rcbuf[0] = '\0';
-	rcbuf[sizeof(rcbuf) - 1] = '\0';
-	strncat(rcbuf, "/.telnetrc", sizeof(rcbuf) - 1 - strlen(rcbuf));
-	rcname = rcbuf;
-    }
-
-    if ((rcfile = fopen(rcname, "r")) == 0) {
-	return;
-    }
-
-    for (;;) {
-	if (fgets(line, sizeof(line), rcfile) == NULL)
-	    break;
-	if (line[0] == 0)
-	    break;
-	if (line[0] == '#')
-	    continue;
-	if (gotmachine) {
-	    if (!isspace((int) line[0]))
-		gotmachine = 0;
-	}
-	if (gotmachine == 0) {
-	    if (isspace((int) line[0]))
-		continue;
-	    if (strncasecmp(line, m1, l1) == 0)
-		strncpy(line, &line[l1], sizeof(line) - l1);
-	    else if (strncasecmp(line, m2, l2) == 0)
-		strncpy(line, &line[l2], sizeof(line) - l2);
-	    else if (strncasecmp(line, "DEFAULT", 7) == 0)
-		strncpy(line, &line[7], sizeof(line) - 7);
-	    else
-		continue;
-	    if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
-		continue;
-	    gotmachine = 1;
-	}
-	makeargv();
-	if (margv[0] == 0)
-	    continue;
-	c = getcmd(margv[0]);
-	if (Ambiguous(c)) {
-	    printf("?Ambiguous command: %s\r\n", margv[0]);
-	    continue;
-	}
-	if (c == 0) {
-	    printf("?Invalid command: %s\r\n", margv[0]);
-	    continue;
-	}
-	/*
-	 * This should never happen...
-	 */
-	if (c->needconnect && !connected) {
-	    printf("?Need to be connected first for %s.\r\n", margv[0]);
-	    continue;
-	}
-	(*c->handler)(margc, margv);
-    }
-    fclose(rcfile);
-}
-
-#if	defined(IP_OPTIONS) && defined(IPPROTO_IP)
-
-/*
- * Source route is handed in as
- *	[!]@hop1@hop2...[@|:]dst
- * If the leading ! is present, it is a
- * strict source route, otherwise it is
- * assmed to be a loose source route.
- *
- * We fill in the source route option as
- *	hop1,hop2,hop3...dest
- * and return a pointer to hop1, which will
- * be the address to connect() to.
- *
- * Arguments:
- *	arg:	pointer to route list to decipher
- *
- *	cpp: 	If *cpp is not equal to NULL, this is a
- *		pointer to a pointer to a character array
- *		that should be filled in with the option.
- *
- *	lenp:	pointer to an integer that contains the
- *		length of *cpp if *cpp != NULL.
- *
- * Return values:
- *
- *	Returns the address of the host to connect to.  If the
- *	return value is -1, there was a syntax error in the
- *	option, either unknown characters, or too many hosts.
- *	If the return value is 0, one of the hostnames in the
- *	path is unknown, and *cpp is set to point to the bad
- *	hostname.
- *
- *	*cpp:	If *cpp was equal to NULL, it will be filled
- *		in with a pointer to our static area that has
- *		the option filled in.  This will be 32bit aligned.
- *
- *	*lenp:	This will be filled in with how long the option
- *		pointed to by *cpp is.
- *
- */
-static	unsigned long
-sourceroute(arg, cpp, lenp)
-	char	*arg;
-	char	**cpp;
-	int	*lenp;
-{
-	static char lsr[44];
-#ifdef	sysV88
-	static IOPTN ipopt;
-#endif
-	char *cp, *cp2, *lsrp, *lsrep;
-	register int tmp;
-	struct in_addr sin_addr;
-	register struct hostent *host = 0;
-	register char c;
-
-	/*
-	 * Verify the arguments, and make sure we have
-	 * at least 7 bytes for the option.
-	 */
-	if (cpp == NULL || lenp == NULL)
-		return((unsigned long)-1);
-	if (*cpp != NULL && *lenp < 7)
-		return((unsigned long)-1);
-	/*
-	 * Decide whether we have a buffer passed to us,
-	 * or if we need to use our own static buffer.
-	 */
-	if (*cpp) {
-		lsrp = *cpp;
-		lsrep = lsrp + *lenp;
-	} else {
-		*cpp = lsrp = lsr;
-		lsrep = lsrp + 44;
-	}
-
-	cp = arg;
-
-	/*
-	 * Next, decide whether we have a loose source
-	 * route or a strict source route, and fill in
-	 * the begining of the option.
-	 */
-#ifndef	sysV88
-	if (*cp == '!') {
-		cp++;
-		*lsrp++ = IPOPT_SSRR;
-	} else
-		*lsrp++ = IPOPT_LSRR;
-#else
-	if (*cp == '!') {
-		cp++;
-		ipopt.io_type = IPOPT_SSRR;
-	} else
-		ipopt.io_type = IPOPT_LSRR;
-#endif
-
-	if (*cp != '@')
-		return((unsigned long)-1);
-
-#ifndef	sysV88
-	lsrp++;		/* skip over length, we'll fill it in later */
-	*lsrp++ = 4;
-#endif
-
-	cp++;
-
-	sin_addr.s_addr = 0;
-
-	for (c = 0;;) {
-		if (c == ':')
-			cp2 = 0;
-		else for (cp2 = cp; (c = *cp2); cp2++) {
-			if (c == ',') {
-				*cp2++ = '\0';
-				if (*cp2 == '@')
-					cp2++;
-			} else if (c == '@') {
-				*cp2++ = '\0';
-			} else if (c == ':') {
-				*cp2++ = '\0';
-			} else
-				continue;
-			break;
-		}
-		if (!c)
-			cp2 = 0;
-
-		if ((tmp = inet_addr(cp)) != -1) {
-			sin_addr.s_addr = tmp;
-		} else if ((host = gethostbyname(cp))) {
-#if	defined(h_addr)
-			memcpy(&sin_addr,
-			        host->h_addr_list[0], sizeof(sin_addr));
-#else
-			memcpy(&sin_addr, host->h_addr, sizeof(sin_addr));
-#endif
-		} else {
-			*cpp = cp;
-			return(0);
-		}
-		memcpy(lsrp, &sin_addr, 4);
-		lsrp += 4;
-		if (cp2)
-			cp = cp2;
-		else
-			break;
-		/*
-		 * Check to make sure there is space for next address
-		 */
-		if (lsrp + 4 > lsrep)
-			return((unsigned long)-1);
-	}
-#ifndef	sysV88
-	if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) {
-		*cpp = 0;
-		*lenp = 0;
-		return((unsigned long)-1);
-	}
-	*lsrp++ = IPOPT_NOP; /* 32 bit word align it */
-	*lenp = lsrp - *cpp;
-#else
-	ipopt.io_len = lsrp - *cpp;
-	if (ipopt.io_len <= 5) {		/* Is 3 better ? */
-		*cpp = 0;
-		*lenp = 0;
-		return((unsigned long)-1);
-	}
-	*lenp = sizeof(ipopt);
-	*cpp = (char *) &ipopt;
-#endif
-	return(sin_addr.s_addr);
-}
-#endif
diff --git a/src/appl/telnet/telnet/defines.h b/src/appl/telnet/telnet/defines.h
deleted file mode 100644
index 0978173..0000000
--- a/src/appl/telnet/telnet/defines.h
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defines.h	8.1 (Berkeley) 6/6/93
- */
-
-#define	settimer(x)	clocks.x = clocks.system++
-
-#if	!defined(TN3270)
-
-#define	SetIn3270()
-
-#endif	/* !defined(TN3270) */
-
-#define	NETADD(c)	{ *netoring.supply = c; ring_supplied(&netoring, 1); }
-#define	NET2ADD(c1,c2)	{ NETADD(c1); NETADD(c2); }
-#define	NETBYTES()	(ring_full_count(&netoring))
-#define	NETROOM()	(ring_empty_count(&netoring))
-
-#define	TTYADD(c)	if (!(SYNCHing||flushout)) { \
-				*ttyoring.supply = c; \
-				ring_supplied(&ttyoring, 1); \
-			}
-#define	TTYBYTES()	(ring_full_count(&ttyoring))
-#define	TTYROOM()	(ring_empty_count(&ttyoring))
-
-/*	Various modes */
-#define	MODE_LOCAL_CHARS(m)	((m)&(MODE_EDIT|MODE_TRAPSIG))
-#define	MODE_LOCAL_ECHO(m)	((m)&MODE_ECHO)
-#define	MODE_COMMAND_LINE(m)	((m)==-1)
-
-#define	CONTROL(x)	((x)&0x1f)		/* CTRL(x) is not portable */
diff --git a/src/appl/telnet/telnet/deps b/src/appl/telnet/telnet/deps
deleted file mode 100644
index 4015479..0000000
--- a/src/appl/telnet/telnet/deps
+++ /dev/null
@@ -1,39 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)authenc.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \
-  $(srcdir)/../libtelnet/misc-proto.h $(srcdir)/../libtelnet/misc.h \
-  authenc.c defines.h externs.h general.h ring.h types.h
-$(OUTPRE)commands.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../arpa/telnet.h \
-  $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/auth.h \
-  $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \
-  $(srcdir)/../libtelnet/misc-proto.h commands.c defines.h \
-  externs.h general.h ring.h types.h
-$(OUTPRE)main.$(OBJEXT): $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \
-  main.c ring.h
-$(OUTPRE)network.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  defines.h externs.h fdset.h network.c ring.h
-$(OUTPRE)ring.$(OBJEXT): general.h ring.c ring.h
-$(OUTPRE)sys_bsd.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  defines.h externs.h fdset.h ring.h sys_bsd.c types.h
-$(OUTPRE)telnet.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \
-  defines.h externs.h general.h ring.h telnet.c types.h
-$(OUTPRE)terminal.$(OBJEXT): $(srcdir)/../arpa/telnet.h \
-  $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/encrypt.h \
-  externs.h ring.h terminal.c types.h
-$(OUTPRE)utilities.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h defines.h externs.h \
-  fdset.h general.h ring.h utilities.c
diff --git a/src/appl/telnet/telnet/externs.h b/src/appl/telnet/telnet/externs.h
deleted file mode 100644
index 192663a..0000000
--- a/src/appl/telnet/telnet/externs.h
+++ /dev/null
@@ -1,530 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)externs.h	8.1 (Berkeley) 6/6/93
- */
-
-#include <sys/param.h>
-
-#ifndef	BSD
-# define BSD 43
-#endif
-
-/*
- * ucb stdio.h defines BSD as something wierd
- */
-#if defined(sun) && defined(__svr4__)
-#define BSD 43
-#endif
-
-#ifndef	USE_TERMIO
-# if BSD > 43 || defined(SYSV_TERMIO)
-#  define USE_TERMIO
-# endif
-#endif
-
-#include <stdio.h>
-#include <setjmp.h>
-#if defined(CRAY) && !defined(NO_BSD_SETJMP)
-#include <bsdsetjmp.h>
-#endif
-#include <sys/ioctl.h>
-#ifdef	HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-#ifdef CRAY
-# include <errno.h>
-#endif /* CRAY */
-#ifdef	USE_TERMIO
-# ifndef	VINTR
-#  ifdef SYSV_TERMIO
-#   include <sys/termio.h>
-#  else
-#   include <termios.h>
-#  endif
-# endif
-#endif
-#if defined(USE_TERMIO) && !defined(SYSV_TERMIO)
-# define termio termios
-#endif
-#if defined(NO_CC_T) || !defined(USE_TERMIO)
-# if !defined(USE_TERMIO)
-typedef char cc_t;
-# else
-typedef unsigned char cc_t;
-# endif
-#endif
-
-
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#else
-extern char *malloc(), *calloc(), *realloc();
-#endif
-
-#ifndef	HAVE_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#ifndef	_POSIX_VDISABLE
-# ifdef sun
-#  include <sys/param.h>	/* pick up VDISABLE definition, mayby */
-# endif
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((cc_t)'\377')
-# endif
-#endif
-
-#define	SUBBUFSIZE	256
-
-extern int
-    autologin,		/* Autologin enabled */
-    skiprc,		/* Don't process the ~/.telnetrc file */
-    eight,		/* use eight bit mode (binary in and/or out */
-    flushout,		/* flush output */
-    connected,		/* Are we connected to the other side? */
-    globalmode,		/* Mode tty should be in */
-    In3270,			/* Are we in 3270 mode? */
-    telnetport,		/* Are we connected to the telnet port? */
-    localflow,		/* Flow control handled locally */
-    restartany,		/* If flow control, restart output on any character */
-    localchars,		/* we recognize interrupt/quit */
-    donelclchars,		/* the user has set "localchars" */
-    showoptions,
-    wantencryption,	/* User has requested encryption */
-    net,		/* Network file descriptor */
-    tin,		/* Terminal input file descriptor */
-    tout,		/* Terminal output file descriptor */
-    crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-    autoflush,		/* flush output when interrupting? */
-    autosynch,		/* send interrupt characters with SYNCH? */
-    SYNCHing,		/* Is the stream in telnet SYNCH mode? */
-    donebinarytoggle,	/* the user has put us in binary */
-    dontlecho,		/* do we suppress local echoing right now? */
-    crmod,
-    netdata,		/* Print out network data flow */
-    prettydump,		/* Print "netdata" output in user readable format */
-#if	defined(TN3270)
-    cursesdata,		/* Print out curses data flow */
-    apitrace,		/* Trace API transactions */
-#endif	/* defined(TN3270) */
-    termdata,		/* Print out terminal data flow */
-    debug;			/* Debug level */
-
-extern int intr_happened, intr_waiting;	/* for interrupt handling */
-
-extern cc_t escape;	/* Escape to command mode */
-extern cc_t rlogin;	/* Rlogin mode escape character */
-#ifdef	KLUDGELINEMODE
-extern cc_t echoc;	/* Toggle local echoing */
-#endif
-
-extern char
-    *prompt;		/* Prompt for command. */
-
-extern char
-    doopt[],
-    dont[],
-    will[],
-    wont[],
-    options[],		/* All the little options */
-    *hostname;		/* Who are we connected to? */
-#ifdef	ENCRYPTION
-extern void (*encrypt_output) (unsigned char *, int);
-extern int (*decrypt_input) (int);
-#endif	/* ENCRYPTION */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		{options[opt] |= MY_STATE_DO;}
-#define	set_my_state_will(opt)		{options[opt] |= MY_STATE_WILL;}
-#define	set_my_want_state_do(opt)	{options[opt] |= MY_WANT_STATE_DO;}
-#define	set_my_want_state_will(opt)	{options[opt] |= MY_WANT_STATE_WILL;}
-
-#define	set_my_state_dont(opt)		{options[opt] &= ~MY_STATE_DO;}
-#define	set_my_state_wont(opt)		{options[opt] &= ~MY_STATE_WILL;}
-#define	set_my_want_state_dont(opt)	{options[opt] &= ~MY_WANT_STATE_DO;}
-#define	set_my_want_state_wont(opt)	{options[opt] &= ~MY_WANT_STATE_WILL;}
-
-/*
- * Make everything symetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-
-extern FILE
-    *NetTrace;		/* Where debugging output goes */
-extern unsigned char
-    NetTraceFile[];	/* Name of file where debugging output goes */
-extern void
-    SetNetTrace (char *);	/* Function to change where debugging goes */
-
-extern jmp_buf
-    peerdied,
-    toplevel;		/* For error conditions. */
-
-extern void
-    command (int, char *, int),
-    Dump (int, unsigned char *, int),
-    init_3270 (void),
-    init_terminal (void),
-    init_telnet (void),
-    init_network (void),
-    init_sys (void),
-    printoption (char *, int, int),
-    printsub (int, unsigned char *, int),
-    sendnaws (void),
-    sendabort (void),
-    sendeof (void),
-    sendayt (void),
-    sendsusp (void),
-    setconnmode (int),
-    setcommandmode (void),
-    setneturg (void),
-    set_escape_char (char *),
-    sys_telnet_init (void),
-    telnet (char *),
-    tel_enter_binary (int),
-    tel_leave_binary (int),
-    TerminalDefaultChars (void),
-    TerminalFlushOutput (void),
-    TerminalNewMode (int),
-    TerminalRestoreState (void),
-    TerminalSaveState (void),
-    TerminalSpeeds (long *, long *),
-    tninit (void),
-    upcase (char *),
-    willoption (int),
-    wontoption (int);
-
-extern void
-    send_do (int, int),
-    send_dont (int, int),
-    send_will (int, int),
-    send_wont (int, int);
-
-extern void
-    sendbrk (void),
-    intp (void),
-    xmitAO (void),
-    xmitEL (void),
-    xmitEC (void);
-
-extern void
-    lm_will (unsigned char *, int),
-    lm_wont (unsigned char *, int),
-    lm_do (unsigned char *, int),
-    lm_dont (unsigned char *, int),
-    lm_mode (unsigned char *, int, int);
-
-extern void
-    ExitString (char *, int),
-    Exit (int),
-    SetForExit (void),
-    EmptyTerminal (void),
-    slc_init (void),
-    slcstate (void),
-    slc_mode_export (void),
-    slc_mode_import (int),
-    slc_import (int),
-    slc_export (void),
-    slc (unsigned char *, int),
-    slc_check (void),
-    slc_start_reply (void),
-    slc_add_reply (int, int, int),
-    slc_end_reply (void);
-
-extern int
-    quit (int, char *[]),
-    ttyflush (int),
-    rlogin_susp (void),
-    tn (int, char **),
-    getconnmode (void),
-    netflush (void),
-    NetClose (int),
-    opt_welldefined (char *),
-    process_rings (int, int, int, int, int, int),
-    slc_update (void),
-    Scheduler (int),
-    SetSockOpt (int, int, int, int),
-    stilloob (void),
-    telrcv (void),
-    telnet_spin (void),
-    TerminalWrite (unsigned char *, int),
-    TerminalRead (unsigned char *, int),
-    TerminalAutoFlush (void),
-    TerminalSpecialChars (int),
-    TerminalWindowSize (long *, long *);
-
-
-extern void
-    env_init (void),
-    env_opt (unsigned char *, int),
-    env_opt_start (void),
-    env_opt_start_info (void),
-    env_opt_add (unsigned char *),
-    env_opt_end (int),
-    optionstatus (void);
-
-extern unsigned char
-    *env_default (int, int),
-    *env_getvalue (unsigned char *);
-
-extern int
-    env_is_exported (unsigned char *);
-
-extern int
-    get_status (char *),
-    dosynch (char *);
-
-extern cc_t
-    *tcval (int);
-
-#ifndef	USE_TERMIO
-
-extern struct	tchars ntc;
-extern struct	ltchars nltc;
-extern struct	sgttyb nttyb;
-
-# define termEofChar		ntc.t_eofc
-# define termEraseChar		nttyb.sg_erase
-# define termFlushChar		nltc.t_flushc
-# define termIntChar		ntc.t_intrc
-# define termKillChar		nttyb.sg_kill
-# define termLiteralNextChar	nltc.t_lnextc
-# define termQuitChar		ntc.t_quitc
-# define termSuspChar		nltc.t_suspc
-# define termRprntChar		nltc.t_rprntc
-# define termWerasChar		nltc.t_werasc
-# define termStartChar		ntc.t_startc
-# define termStopChar		ntc.t_stopc
-# define termForw1Char		ntc.t_brkc
-extern cc_t termForw2Char;
-extern cc_t termAytChar;
-
-# define termEofCharp		(cc_t *)&ntc.t_eofc
-# define termEraseCharp		(cc_t *)&nttyb.sg_erase
-# define termFlushCharp		(cc_t *)&nltc.t_flushc
-# define termIntCharp		(cc_t *)&ntc.t_intrc
-# define termKillCharp		(cc_t *)&nttyb.sg_kill
-# define termLiteralNextCharp	(cc_t *)&nltc.t_lnextc
-# define termQuitCharp		(cc_t *)&ntc.t_quitc
-# define termSuspCharp		(cc_t *)&nltc.t_suspc
-# define termRprntCharp		(cc_t *)&nltc.t_rprntc
-# define termWerasCharp		(cc_t *)&nltc.t_werasc
-# define termStartCharp		(cc_t *)&ntc.t_startc
-# define termStopCharp		(cc_t *)&ntc.t_stopc
-# define termForw1Charp		(cc_t *)&ntc.t_brkc
-# define termForw2Charp		(cc_t *)&termForw2Char
-# define termAytCharp		(cc_t *)&termAytChar
-
-# else
-
-extern struct	termio new_tc;
-
-# define termEofChar		new_tc.c_cc[VEOF]
-# define termEraseChar		new_tc.c_cc[VERASE]
-# define termIntChar		new_tc.c_cc[VINTR]
-# define termKillChar		new_tc.c_cc[VKILL]
-# define termQuitChar		new_tc.c_cc[VQUIT]
-
-# ifndef	VSUSP
-extern cc_t termSuspChar;
-# else
-#  define termSuspChar		new_tc.c_cc[VSUSP]
-# endif
-# if	defined(VFLUSHO) && !defined(VDISCARD)
-#  define VDISCARD VFLUSHO
-# endif
-# ifndef	VDISCARD
-extern cc_t termFlushChar;
-# else
-#  define termFlushChar		new_tc.c_cc[VDISCARD]
-# endif
-# ifndef VWERASE
-extern cc_t termWerasChar;
-# else
-#  define termWerasChar		new_tc.c_cc[VWERASE]
-# endif
-# ifndef	VREPRINT
-extern cc_t termRprntChar;
-# else
-#  define termRprntChar		new_tc.c_cc[VREPRINT]
-# endif
-# ifndef	VLNEXT
-extern cc_t termLiteralNextChar;
-# else
-#  define termLiteralNextChar	new_tc.c_cc[VLNEXT]
-# endif
-# ifndef	VSTART
-extern cc_t termStartChar;
-# else
-#  define termStartChar		new_tc.c_cc[VSTART]
-# endif
-# ifndef	VSTOP
-extern cc_t termStopChar;
-# else
-#  define termStopChar		new_tc.c_cc[VSTOP]
-# endif
-# ifndef	VEOL
-extern cc_t termForw1Char;
-# else
-#  define termForw1Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VEOL2
-extern cc_t termForw2Char;
-# else
-#  define termForw2Char		new_tc.c_cc[VEOL]
-# endif
-# ifndef	VSTATUS
-extern cc_t termAytChar;
-#else
-#  define termAytChar		new_tc.c_cc[VSTATUS]
-#endif
-
-# if !defined(CRAY) || defined(__STDC__)
-#  define termEofCharp		&termEofChar
-#  define termEraseCharp	&termEraseChar
-#  define termIntCharp		&termIntChar
-#  define termKillCharp		&termKillChar
-#  define termQuitCharp		&termQuitChar
-#  define termSuspCharp		&termSuspChar
-#  define termFlushCharp	&termFlushChar
-#  define termWerasCharp	&termWerasChar
-#  define termRprntCharp	&termRprntChar
-#  define termLiteralNextCharp	&termLiteralNextChar
-#  define termStartCharp	&termStartChar
-#  define termStopCharp		&termStopChar
-#  define termForw1Charp	&termForw1Char
-#  define termForw2Charp	&termForw2Char
-#  define termAytCharp		&termAytChar
-# else
-	/* Work around a compiler bug */
-#  define termEofCharp		0
-#  define termEraseCharp	0
-#  define termIntCharp		0
-#  define termKillCharp		0
-#  define termQuitCharp		0
-#  define termSuspCharp		0
-#  define termFlushCharp	0
-#  define termWerasCharp	0
-#  define termRprntCharp	0
-#  define termLiteralNextCharp	0
-#  define termStartCharp	0
-#  define termStopCharp		0
-#  define termForw1Charp	0
-#  define termForw2Charp	0
-#  define termAytCharp		0
-# endif
-#endif
-
-
-/* Ring buffer structures which are shared */
-
-extern Ring
-    netoring,
-    netiring,
-    ttyoring,
-    ttyiring;
-
-/* Tn3270 section */
-#if	defined(TN3270)
-
-extern int
-    HaveInput,		/* Whether an asynchronous I/O indication came in */
-    noasynchtty,	/* Don't do signals on I/O (SIGURG, SIGIO) */
-    noasynchnet,	/* Don't do signals on I/O (SIGURG, SIGIO) */
-    sigiocount,		/* Count of SIGIO receptions */
-    shell_active;	/* Subshell is active */
-
-extern char
-    *Ibackp,		/* Oldest byte of 3270 data */
-    Ibuf[],		/* 3270 buffer */
-    *Ifrontp,		/* Where next 3270 byte goes */
-    tline[200],
-    *transcom;		/* Transparent command */
-
-extern int
-    settranscom (int, char**);
-
-extern void
-    inputAvailable (int);
-#endif	/* defined(TN3270) */
diff --git a/src/appl/telnet/telnet/fdset.h b/src/appl/telnet/telnet/fdset.h
deleted file mode 100644
index 045bb72..0000000
--- a/src/appl/telnet/telnet/fdset.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)fdset.h	8.1 (Berkeley) 6/6/93
- */
-
-/*
- * The following is defined just in case someone should want to run
- * this telnet on a 4.2 system.
- *
- */
-
-#ifndef	FD_SETSIZE
-
-#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
-#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
-#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
-#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
-
-#endif
diff --git a/src/appl/telnet/telnet/general.h b/src/appl/telnet/telnet/general.h
deleted file mode 100644
index 88c29c6..0000000
--- a/src/appl/telnet/telnet/general.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)general.h	8.1 (Berkeley) 6/6/93
- */
-
-/*
- * Some general definitions.
- */
-
-
-#define	numberof(x)	(sizeof x/sizeof x[0])
-#define	highestof(x)	(numberof(x)-1)
-
-#define	ClearElement(x)		memset(&x, 0, sizeof x)
-#define	ClearArray(x)		memset(x, 0, sizeof x)
diff --git a/src/appl/telnet/telnet/main.c b/src/appl/telnet/telnet/main.c
deleted file mode 100644
index e0bdb18..0000000
--- a/src/appl/telnet/telnet/main.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright (c) 1988, 1990 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-char copyright[] =
-"@(#) Copyright (c) 1988, 1990 Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)main.c	5.5 (Berkeley) 12/18/92 */
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/types.h>
-#include <libtelnet/auth.h>
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-# include <netinet/in.h>
-
-#include "ring.h"
-#include "externs.h"
-#include "defines.h"
-
-#ifdef NEED_PARSETOS_PROTO
-extern int parsetos(char *, char *);
-#endif
-
-#if 0
-#define FORWARD
-#endif
-
-/*
- * Initialize variables.
- */
-    void
-tninit()
-{
-    init_terminal();
-
-    init_network();
-
-    init_telnet();
-
-    init_sys();
-
-#if defined(TN3270)
-    init_3270();
-#endif
-}
-
-static void
-usage()
-{
-	fprintf(stderr, "Usage: %s %s%s%s%s\n",
-	    prompt,
-#ifdef	AUTHENTICATION
-	    " [-8] [-E] [-K] [-L] [-X atype] [-a] [-d] [-e char] [-k realm]",
-	    "\n\t[-l user] [-f/-F] [-n tracefile] ",
-#else
-	    " [-8] [-E] [-L] [-a] [-d] [-e char] [-l user] [-n tracefile]",
-	    "\n\t",
-#endif
-#if defined(TN3270) && defined(unix)
-# ifdef AUTHENTICATION
-	    "[-noasynch] [-noasynctty] [-noasyncnet]\n\t[-r] [-t transcom] ",
-# else
-	    "[-noasynch] [-noasynctty] [-noasyncnet] [-r] [-t transcom]\n\t",
-# endif
-#else
-	    "[-r] ",
-#endif
-#ifdef	ENCRYPTION
-	    "[-x] [host-name [port]]"
-#else
-	    "[host-name [port]]"
-#endif
-	);
-	exit(1);
-}
-
-/*
- * main.  Parse arguments, invoke the protocol or command parser.
- */
-
-/* see forward.c -- indicate that we're in telnet, not telnetd. */
-char *line = 0;
-
-int
-main(argc, argv)
-	int argc;
-	char *argv[];
-{
-	extern char *optarg;
-	extern int optind;
-	int ch;
-	char *user;
-#ifdef	FORWARD
-	extern int forward_flags;
-#endif	/* FORWARD */
-#ifdef ENCRYPTION
-	extern int auth_enable_encrypt;
-#endif /* ENCRYPTION */
-
-	tninit();		/* Clear out things */
-#if	defined(CRAY) && !defined(__STDC__)
-	_setlist_init();	/* Work around compiler bug */
-#endif
-
-	TerminalSaveState();
-
-	if ((prompt = strrchr(argv[0], '/')))
-		++prompt;
-	else
-		prompt = argv[0];
-
-	user = NULL;
-
-	rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE;
-	autologin = -1;
-
-	while ((ch = getopt(argc, argv, "8EKLS:X:acde:fFk:l:n:rt:x")) != -1) {
-		switch(ch) {
-		case '8':
-			eight = 3;	/* binary output and input */
-			break;
-		case 'E':
-			rlogin = escape = _POSIX_VDISABLE;
-			break;
-		case 'K':
-#ifdef	AUTHENTICATION
-			autologin = 0;
-#endif
-			break;
-		case 'L':
-			eight |= 2;	/* binary output only */
-			break;
-		case 'S':
-		    {
-#if defined(HAVE_GETTOSBYNAME) || (defined(IPPROTO_IP) && defined(IP_TOS))
-			extern int tos;
-
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s%s\n",
-					prompt, ": Bad TOS argument '",
-					optarg,
-					"; will try to use default TOS");
-
-                      fprintf(stderr, "Setting TOS to 0x%x\n", tos);
-#else
-			fprintf(stderr,
-			   "%s: Warning: -S ignored, no parsetos() support.\n",
-								prompt);
-#endif
-		    }
-			break;
-		case 'X':
-#ifdef	AUTHENTICATION
-			auth_disable_name(optarg);
-#endif
-			break;
-		case 'a':
-			autologin = 1;
-			break;
-		case 'c':
-			skiprc = 1;
-			break;
-		case 'd':
-			debug = 1;
-			break;
-		case 'e':
-			set_escape_char(optarg);
-			break;
-		case 'f':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr,
-				    "%s: Only one of -f and -F allowed.\n",
-				    prompt);
-			    usage();
-			}
-			forward_flags |= OPTS_FORWARD_CREDS;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -f ignored, no Kerberos V5 support.\n",
-				prompt);
-#endif
-			break;
-		case 'F':
-#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
-			if (forward_flags & OPTS_FORWARD_CREDS) {
-			    fprintf(stderr,
-				    "%s: Only one of -f and -F allowed.\n",
-				    prompt);
-			    usage();
-			}
-			forward_flags |= OPTS_FORWARD_CREDS;
-			forward_flags |= OPTS_FORWARDABLE_CREDS;
-#else
-			fprintf(stderr,
-			 "%s: Warning: -F ignored, no Kerberos V5 support.\n",
-				prompt);
-#endif
-			break;
-		case 'k':
-#if defined(AUTHENTICATION) && defined(KRB5)
-		    {
-			extern char *telnet_krb5_realm;
-
-			telnet_krb5_realm = optarg;
-			break;
-		    }
-#else
-			fprintf(stderr,
-			   "%s: Warning: -k ignored, no Kerberos V4 support.\n",
-								prompt);
-#endif
-			break;
-		case 'l':
-			autologin = 1;
-			user = optarg;
-			break;
-		case 'n':
-#if defined(TN3270) && defined(unix)
-			/* distinguish between "-n oasynch" and "-noasynch" */
-			if (argv[optind - 1][0] == '-' && argv[optind - 1][1]
-			    == 'n' && argv[optind - 1][2] == 'o') {
-				if (!strcmp(optarg, "oasynch")) {
-					noasynchtty = 1;
-					noasynchnet = 1;
-				} else if (!strcmp(optarg, "oasynchtty"))
-					noasynchtty = 1;
-				else if (!strcmp(optarg, "oasynchnet"))
-					noasynchnet = 1;
-			} else
-#endif	/* defined(TN3270) && defined(unix) */
-				SetNetTrace(optarg);
-			break;
-		case 'r':
-			rlogin = '~';
-			break;
-		case 't':
-#if defined(TN3270) && defined(unix)
-			transcom = tline;
-			(void)strncpy(transcom, optarg, sizeof(tline) - 1);
-			tline[sizeof(tline) - 1] = '\0';
-#else
-			fprintf(stderr,
-			   "%s: Warning: -t ignored, no TN3270 support.\n",
-								prompt);
-#endif
-			break;
-		case 'x':
-#ifdef	ENCRYPTION
-			encrypt_auto(1);
-			decrypt_auto(1);
-			wantencryption = 1;
-			autologin = 1;
-			auth_enable_encrypt = 1;
-#else
-			fprintf(stderr,
-			    "%s: Warning: -x ignored, no ENCRYPT support.\n",
-								prompt);
-#endif
-			break;
-		case '?':
-		default:
-			usage();
-			/* NOTREACHED */
-		}
-	}
-	if (autologin == -1)
-		autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
-
-	argc -= optind;
-	argv += optind;
-
-	if (argc) {
-		char *args[7], **volatile argp = args;
-
-		if (argc > 2)
-			usage();
-		*argp++ = prompt;
-		if (user) {
-			*argp++ = "-l";
-			*argp++ = user;
-		}
-		*argp++ = argv[0];		/* host */
-		if (argc > 1)
-			*argp++ = argv[1];	/* port */
-		*argp = 0;
-
-		if (setjmp(toplevel) != 0)
-			Exit(0);
-		if (tn(argp - args, args) == 1)
-			return (0);
-		else
-			return (1);
-	}
-	(void)setjmp(toplevel);
-	for (;;) {
-#ifdef TN3270
-		if (shell_active)
-			shell_continue();
-		else
-#endif
-			command(1, 0, 0);
-	}
-}
diff --git a/src/appl/telnet/telnet/network.c b/src/appl/telnet/telnet/network.c
deleted file mode 100644
index 60dc3bd..0000000
--- a/src/appl/telnet/telnet/network.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)network.c	8.1 (Berkeley) 6/6/93 */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-
-#include <errno.h>
-
-#include <arpa/telnet.h>
-
-#include "ring.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "fdset.h"
-
-Ring		netoring, netiring;
-unsigned char	netobuf[2*TELNET_BUFSIZE], netibuf[TELNET_BUFSIZE];
-
-/*
- * Initialize internal network data structures.
- */
-
-    void
-init_network()
-{
-    if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) {
-	exit(1);
-    }
-    NetTrace = stdout;
-}
-
-
-/*
- * Check to see if any out-of-band data exists on a socket (for
- * Telnet "synch" processing).
- */
-
-    int
-stilloob()
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(net, &excepts);
-	value = select(net+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	perror("select");
-	(void) quit(0, NULL);
-	/* NOTREACHED */
-    }
-    if (FD_ISSET(net, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-
-/*
- *  setneturg()
- *
- *	Sets "neturg" to the current location.
- */
-
-    void
-setneturg()
-{
-    ring_mark(&netoring);
-}
-
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- *
- *		The return value indicates whether we did any
- *	useful work.
- */
-
-
-    int
-netflush()
-{
-    register int n, n1;
-
-#ifdef	ENCRYPTION
-    if (encrypt_output)
-	ring_encrypt(&netoring, encrypt_output);
-#endif	/* ENCRYPTION */
-    if ((n1 = n = ring_full_consecutive(&netoring)) > 0) {
-	if (!ring_at_mark(&netoring)) {
-	    n = send(net, (char *)netoring.consume, n, 0); /* normal write */
-	} else {
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */
-	}
-    }
-    if (n < 0) {
-	if (errno != ENOBUFS && errno != EWOULDBLOCK) {
-	    setcommandmode();
-	    perror(hostname);
-	    (void)NetClose(net);
-	    ring_clear_mark(&netoring);
-	    longjmp(peerdied, -1);
-	    /*NOTREACHED*/
-	}
-	n = 0;
-    }
-    if (netdata && n) {
-	Dump('>', netoring.consume, n);
-    }
-    if (n) {
-	ring_consumed(&netoring, n);
-	/*
-	 * If we sent all, and more to send, then recurse to pick
-	 * up the other half.
-	 */
-	if ((n1 == n) && ring_full_consecutive(&netoring)) {
-	    (void) netflush();
-	}
-	return 1;
-    } else {
-	return 0;
-    }
-}
diff --git a/src/appl/telnet/telnet/ring.c b/src/appl/telnet/telnet/ring.c
deleted file mode 100644
index 6ed596f..0000000
--- a/src/appl/telnet/telnet/ring.c
+++ /dev/null
@@ -1,367 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)ring.c	8.1 (Berkeley) 6/6/93 */
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-
-#include	<stdio.h>
-#include	<errno.h>
-
-#ifdef	size_t
-#undef	size_t
-#endif
-
-#include	<sys/types.h>
-#ifndef	HAVE_SYS_FILIO_H
-#include	<sys/ioctl.h>
-#endif
-#include	<sys/socket.h>
-
-#include	"ring.h"
-#include	"general.h"
-
-#ifndef	NO_STRING_H
-#include <string.h>
-#else
-#include <strings.h>
-#endif
-
-/* Internal macros */
-
-#if	!defined(MIN)
-#define	MIN(a,b)	(((a)<(b))? (a):(b))
-#endif	/* !defined(MIN) */
-
-#define	ring_subtract(d,a,b)	(((a)-(b) >= 0)? \
-					(a)-(b): (((a)-(b))+(d)->size))
-
-#define	ring_increment(d,a,c)	(((a)+(c) < (d)->top)? \
-					(a)+(c) : (((a)+(c))-(d)->size))
-
-#define	ring_decrement(d,a,c)	(((a)-(c) >= (d)->bottom)? \
-					(a)-(c) : (((a)-(c))-(d)->size))
-
-
-/*
- * The following is a clock, used to determine full, empty, etc.
- *
- * There is some trickiness here.  Since the ring buffers are initialized
- * to ZERO on allocation, we need to make sure, when interpreting the
- * clock, that when the times are EQUAL, then the buffer is FULL.
- */
-static u_long ring_clock = 0;
-
-
-#define	ring_empty(d) (((d)->consume == (d)->supply) && \
-				((d)->consumetime >= (d)->supplytime))
-#define	ring_full(d) (((d)->supply == (d)->consume) && \
-				((d)->supplytime > (d)->consumetime))
-
-
-
-
-
-/* Buffer state transition routines */
-
-int
-ring_init(ring, buffer, count)
-Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    memset(ring, 0, sizeof *ring);
-
-    ring->size = count;
-
-    ring->supply = ring->consume = ring->bottom = buffer;
-
-    ring->top = ring->bottom+ring->size;
-
-#ifdef	ENCRYPTION
-    ring->clearto = 0;
-#endif	/* ENCRYPTION */
-
-    return 1;
-}
-
-/* Mark routines */
-
-/*
- * Mark the most recently supplied byte.
- */
-
-    void
-ring_mark(ring)
-    Ring *ring;
-{
-    ring->mark = ring_decrement(ring, ring->supply, 1);
-}
-
-/*
- * Is the ring pointing to the mark?
- */
-
-    int
-ring_at_mark(ring)
-    Ring *ring;
-{
-    if (ring->mark == ring->consume) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-/*
- * Clear any mark set on the ring.
- */
-
-    void
-ring_clear_mark(ring)
-    Ring *ring;
-{
-    ring->mark = 0;
-}
-
-/*
- * Add characters from current segment to ring buffer.
- */
-    void
-ring_supplied(ring, count)
-    Ring *ring;
-    int count;
-{
-    ring->supply = ring_increment(ring, ring->supply, count);
-    ring->supplytime = ++ring_clock;
-}
-
-/*
- * We have just consumed "c" bytes.
- */
-    void
-ring_consumed(ring, count)
-    Ring *ring;
-    int count;
-{
-    if (count == 0)	/* don't update anything */
-	return;
-
-    if (ring->mark &&
-		(ring_subtract(ring, ring->mark, ring->consume) < count)) {
-	ring->mark = 0;
-    }
-#ifdef	ENCRYPTION
-    if (ring->consume < ring->clearto &&
-		ring->clearto <= ring->consume + count)
-	ring->clearto = 0;
-    else if (ring->consume + count > ring->top &&
-		ring->bottom <= ring->clearto &&
-		ring->bottom + ((ring->consume + count) - ring->top))
-	ring->clearto = 0;
-#endif	/* ENCRYPTION */
-    ring->consume = ring_increment(ring, ring->consume, count);
-    ring->consumetime = ++ring_clock;
-    /*
-     * Try to encourage "ring_empty_consecutive()" to be large.
-     */
-    if (ring_empty(ring)) {
-	ring->consume = ring->supply = ring->bottom;
-    }
-}
-
-
-
-/* Buffer state query routines */
-
-
-/* Number of bytes that may be supplied */
-    int
-ring_empty_count(ring)
-    Ring *ring;
-{
-    if (ring_empty(ring)) {	/* if empty */
-	    return ring->size;
-    } else {
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* number of CONSECUTIVE bytes that may be supplied */
-    int
-ring_empty_consecutive(ring)
-    Ring *ring;
-{
-    if ((ring->consume < ring->supply) || ring_empty(ring)) {
-			    /*
-			     * if consume is "below" supply, or empty, then
-			     * return distance to the top
-			     */
-	return ring_subtract(ring, ring->top, ring->supply);
-    } else {
-				    /*
-				     * else, return what we may.
-				     */
-	return ring_subtract(ring, ring->consume, ring->supply);
-    }
-}
-
-/* Return the number of bytes that are available for consuming
- * (but don't give more than enough to get to cross over set mark)
- */
-
-    int
-ring_full_count(ring)
-    Ring *ring;
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if (ring_full(ring)) {
-	    return ring->size;	/* nothing consumed, but full */
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	return ring_subtract(ring, ring->mark, ring->consume);
-    }
-}
-
-/*
- * Return the number of CONSECUTIVE bytes available for consuming.
- * However, don't return more than enough to cross over set mark.
- */
-    int
-ring_full_consecutive(ring)
-    Ring *ring;
-{
-    if ((ring->mark == 0) || (ring->mark == ring->consume)) {
-	if ((ring->supply < ring->consume) || ring_full(ring)) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {
-	    return ring_subtract(ring, ring->supply, ring->consume);
-	}
-    } else {
-	if (ring->mark < ring->consume) {
-	    return ring_subtract(ring, ring->top, ring->consume);
-	} else {	/* Else, distance to mark */
-	    return ring_subtract(ring, ring->mark, ring->consume);
-	}
-    }
-}
-
-/*
- * Move data into the "supply" portion of of the ring buffer.
- */
-    void
-ring_supply_data(ring, buffer, count)
-    Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    int i;
-
-    while (count) {
-	i = MIN(count, ring_empty_consecutive(ring));
-	memcpy(ring->supply, buffer, i);
-	ring_supplied(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-
-#ifdef notdef
-
-/*
- * Move data from the "consume" portion of the ring buffer
- */
-    void
-ring_consume_data(ring, buffer, count)
-    Ring *ring;
-    unsigned char *buffer;
-    int count;
-{
-    int i;
-
-    while (count) {
-	i = MIN(count, ring_full_consecutive(ring));
-	memcpy(buffer, ring->consume, i);
-	ring_consumed(ring, i);
-	count -= i;
-	buffer += i;
-    }
-}
-#endif
-
-#ifdef	ENCRYPTION
-    void
-ring_encrypt(ring, encryptor)
-    Ring *ring;
-    void (*encryptor)();
-{
-    unsigned char *s, *c;
-
-    if (ring_empty(ring) || ring->clearto == ring->supply)
-	return;
-
-    if (!(c = ring->clearto))
-	c = ring->consume;
-
-    s = ring->supply;
-
-    if (s <= c) {
-	(*encryptor)(c, ring->top - c);
-	(*encryptor)(ring->bottom, s - ring->bottom);
-    } else
-	(*encryptor)(c, s - c);
-
-    ring->clearto = ring->supply;
-}
-
-    void
-ring_clearto(ring)
-    Ring *ring;
-{
-    if (!ring_empty(ring))
-	ring->clearto = ring->supply;
-    else
-	ring->clearto = 0;
-}
-#endif	/* ENCRYPTION */
diff --git a/src/appl/telnet/telnet/ring.h b/src/appl/telnet/telnet/ring.h
deleted file mode 100644
index 87f0ab7..0000000
--- a/src/appl/telnet/telnet/ring.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ring.h	8.1 (Berkeley) 6/6/93
- */
-
-/*
- * This defines a structure for a ring buffer.
- *
- * The circular buffer has two parts:
- *(((
- *	full:	[consume, supply)
- *	empty:	[supply, consume)
- *]]]
- *
- */
-typedef struct {
-    unsigned char	*consume,	/* where data comes out of */
-			*supply,	/* where data comes in to */
-			*bottom,	/* lowest address in buffer */
-			*top,		/* highest address+1 in buffer */
-			*mark;		/* marker (user defined) */
-#ifdef	ENCRYPTION
-    unsigned char	*clearto;	/* Data to this point is clear text */
-    unsigned char	*encryyptedto;	/* Data is encrypted to here */
-#endif	/* ENCRYPTION */
-    int		size;		/* size in bytes of buffer */
-    u_long	consumetime,	/* help us keep straight full, empty, etc. */
-		supplytime;
-} Ring;
-
-/* Here are some functions and macros to deal with the ring buffer */
-
-/* Initialization routine */
-extern int
-	ring_init (Ring *ring, unsigned char *buffer, int count);
-
-/* Data movement routines */
-extern void
-	ring_supply_data (Ring *ring, unsigned char *buffer, int count);
-#ifdef notdef
-extern void
-	ring_consume_data (Ring *ring, unsigned char *buffer, int count);
-#endif
-
-/* Buffer state transition routines */
-extern void
-	ring_supplied (Ring *ring, int count),
-	ring_consumed (Ring *ring, int count);
-
-/* Buffer state query routines */
-extern int
-	ring_empty_count (Ring *ring),
-	ring_empty_consecutive (Ring *ring),
-	ring_full_count (Ring *ring),
-	ring_full_consecutive (Ring *ring);
-
-#ifdef	ENCRYPTION
-extern void
-	ring_encrypt (Ring *ring, void (*func)()),
-	ring_clearto (Ring *ring);
-#endif	/* ENCRYPTION */
-
-extern void
-    ring_clear_mark (Ring *ring),
-    ring_mark (Ring *ring);
-
-extern int
-    ring_at_mark (Ring *);
diff --git a/src/appl/telnet/telnet/sys_bsd.c b/src/appl/telnet/telnet/sys_bsd.c
deleted file mode 100644
index 07def19..0000000
--- a/src/appl/telnet/telnet/sys_bsd.c
+++ /dev/null
@@ -1,1208 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)sys_bsd.c	8.1 (Berkeley) 6/6/93 */
-
-/*
- * The following routines try to encapsulate what is system dependent
- * (at least between 4.x and dos) which is used in telnet.c.
- */
-
-
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/socket.h>
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
-#include <signal.h>
-#ifdef POSIX_SIGNALS
-#include <unistd.h>
-#endif /* POSIX_SIGNALS */
-#include <errno.h>
-#include <arpa/telnet.h>
-
-#include "ring.h"
-
-#include "fdset.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "types.h"
-
-#if	defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO))
-#define	SIG_FUNC_RET	void
-#else
-#define	SIG_FUNC_RET	int
-#endif
-
-#ifdef	SIGTSTP
-static SIG_FUNC_RET susp(int);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-SIG_FUNC_RET ayt(int);
-#endif
-#ifdef	SIGINFO
-extern SIG_FUNC_RET ayt_status();
-#endif
-
-#ifdef POSIX_SIGNALS
-static struct sigaction new_sa_rec, old_sa_rec;
-
-#ifdef SA_INTERRUPT
-#define SIGACTION_INTERRUPT SA_INTERRUPT
-#else
-#define SIGACTION_INTERRUPT 0
-#endif
-
-#ifdef SA_NOMASK
-#define SIGACTION_NOMASK SA_NOMASK
-#else
-#define SIGACTION_NOMASK 0
-#endif
-
-#define signal(sig, func) ((new_sa_rec.sa_handler = func), \
-			   sigemptyset(&new_sa_rec.sa_mask), \
-			   (new_sa_rec.sa_flags = SIGACTION_INTERRUPT | \
-			    SIGACTION_NOMASK), \
-			   sigaction(sig, &new_sa_rec, &old_sa_rec), \
-			   old_sa_rec.sa_handler)
-
-#endif /* POSIX_SIGNALS */
-
-int
-	tout,			/* Output file descriptor */
-	tin,			/* Input file descriptor */
-	net;
-
-#ifndef	USE_TERMIO
-struct	tchars otc = { 0 }, ntc = { 0 };
-struct	ltchars oltc = { 0 }, nltc = { 0 };
-struct	sgttyb ottyb = { 0 }, nttyb = { 0 };
-int	olmode = 0;
-# define cfgetispeed(ptr)	(ptr)->sg_ispeed
-# define cfgetospeed(ptr)	(ptr)->sg_ospeed
-# define old_tc ottyb
-
-#else	/* USE_TERMIO */
-struct	termio old_tc = { 0 };
-extern struct termio new_tc;
-
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t) ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t) ioctl(f, a, (char *)t)
-#  define	cfgetospeed(ptr)	((ptr)->c_cflag&CBAUD)
-#  ifdef CIBAUD
-#   define	cfgetispeed(ptr)	(((ptr)->c_cflag&CIBAUD) >> IBSHIFT)
-#  else
-#   define	cfgetispeed(ptr)	cfgetospeed(ptr)
-#  endif
-# endif /* TCSANOW */
-# ifdef	sysV88
-# define TIOCFLUSH TC_PX_DRAIN
-# endif
-#endif	/* USE_TERMIO */
-
-static fd_set ibits, obits, xbits;
-
-
-    void
-init_sys()
-{
-    tout = fileno(stdout);
-    tin = fileno(stdin);
-    FD_ZERO(&ibits);
-    FD_ZERO(&obits);
-    FD_ZERO(&xbits);
-
-    errno = 0;
-}
-
-
-    int
-TerminalWrite(buf, n)
-    unsigned char *buf;
-    int  n;
-{
-    return write(tout, buf, n);
-}
-
-    int
-TerminalRead(buf, n)
-    unsigned char *buf;
-    int  n;
-{
-    return read(tin, buf, n);
-}
-
-/*
- *
- */
-
-    int
-TerminalAutoFlush()
-{
-#if	defined(LNOFLSH)
-    int flush;
-
-    ioctl(0, TIOCLGET, (char *)&flush);
-    return !(flush&LNOFLSH);	/* if LNOFLSH, no autoflush */
-#else	/* LNOFLSH */
-    return 1;
-#endif	/* LNOFLSH */
-}
-
-#ifdef	KLUDGELINEMODE
-extern int kludgelinemode;
-#endif
-/*
- * TerminalSpecialChars()
- *
- * Look at an input character to see if it is a special character
- * and decide what to do.
- *
- * Output:
- *
- *	0	Don't add this character.
- *	1	Do add this character
- */
-
-    int
-TerminalSpecialChars(c)
-    int	c;
-{
-    if (c == termIntChar) {
-	intp();
-	return 0;
-    } else if (c == termQuitChar) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return 0;
-    } else if (c == termEofChar) {
-	if (my_want_state_is_will(TELOPT_LINEMODE)) {
-	    sendeof();
-	    return 0;
-	}
-	return 1;
-    } else if (c == termSuspChar) {
-	sendsusp();
-	return(0);
-    } else if (c == termFlushChar) {
-	xmitAO();		/* Transmit Abort Output */
-	return 0;
-    } else if (!MODE_LOCAL_CHARS(globalmode)) {
-	if (c == termKillChar) {
-	    xmitEL();
-	    return 0;
-	} else if (c == termEraseChar) {
-	    xmitEC();		/* Transmit Erase Character */
-	    return 0;
-	}
-    }
-    return 1;
-}
-
-
-/*
- * Flush output to the terminal
- */
-    void
-TerminalFlushOutput()
-{
-#ifdef	TIOCFLUSH
-    (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0);
-#else
-    (void) ioctl(fileno(stdout), TCFLSH, (char *) 0);
-#endif
-}
-
-    void
-TerminalSaveState()
-{
-#ifndef	USE_TERMIO
-    ioctl(0, TIOCGETP, (char *)&ottyb);
-    ioctl(0, TIOCGETC, (char *)&otc);
-    ioctl(0, TIOCGLTC, (char *)&oltc);
-    ioctl(0, TIOCLGET, (char *)&olmode);
-
-    ntc = otc;
-    nltc = oltc;
-    nttyb = ottyb;
-
-#else	/* USE_TERMIO */
-    tcgetattr(0, &old_tc);
-
-    new_tc = old_tc;
-
-#ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-#endif
-#ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-#endif
-#ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-#endif
-#ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-#endif
-#ifndef	VSTART
-    termStartChar = CONTROL('Q');
-#endif
-#ifndef	VSTOP
-    termStopChar = CONTROL('S');
-#endif
-#ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-#endif
-#endif	/* USE_TERMIO */
-}
-
-    cc_t *
-tcval(func)
-    register int func;
-{
-    switch(func) {
-    case SLC_IP:	return(&termIntChar);
-    case SLC_ABORT:	return(&termQuitChar);
-    case SLC_EOF:	return(&termEofChar);
-    case SLC_EC:	return(&termEraseChar);
-    case SLC_EL:	return(&termKillChar);
-    case SLC_XON:	return(&termStartChar);
-    case SLC_XOFF:	return(&termStopChar);
-    case SLC_FORW1:	return(&termForw1Char);
-#ifdef	USE_TERMIO
-    case SLC_FORW2:	return(&termForw2Char);
-# ifdef	VDISCARD
-    case SLC_AO:	return(&termFlushChar);
-# endif
-# ifdef	VSUSP
-    case SLC_SUSP:	return(&termSuspChar);
-# endif
-# ifdef	VWERASE
-    case SLC_EW:	return(&termWerasChar);
-# endif
-# ifdef	VREPRINT
-    case SLC_RP:	return(&termRprntChar);
-# endif
-# ifdef	VLNEXT
-    case SLC_LNEXT:	return(&termLiteralNextChar);
-# endif
-# ifdef	VSTATUS
-    case SLC_AYT:	return(&termAytChar);
-# endif
-#endif
-
-    case SLC_SYNCH:
-    case SLC_BRK:
-    case SLC_EOR:
-    default:
-	return((cc_t *)0);
-    }
-}
-
-    void
-TerminalDefaultChars()
-{
-#ifndef	USE_TERMIO
-    ntc = otc;
-    nltc = oltc;
-    nttyb.sg_kill = ottyb.sg_kill;
-    nttyb.sg_erase = ottyb.sg_erase;
-#else	/* USE_TERMIO */
-    memcpy(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc));
-# ifndef	VDISCARD
-    termFlushChar = CONTROL('O');
-# endif
-# ifndef	VWERASE
-    termWerasChar = CONTROL('W');
-# endif
-# ifndef	VREPRINT
-    termRprntChar = CONTROL('R');
-# endif
-# ifndef	VLNEXT
-    termLiteralNextChar = CONTROL('V');
-# endif
-# ifndef	VSTART
-    termStartChar = CONTROL('Q');
-# endif
-# ifndef	VSTOP
-    termStopChar = CONTROL('S');
-# endif
-# ifndef	VSTATUS
-    termAytChar = CONTROL('T');
-# endif
-#endif	/* USE_TERMIO */
-}
-
-#ifdef notdef
-void
-TerminalRestoreState()
-{
-}
-#endif
-
-/*
- * TerminalNewMode - set up terminal to a specific mode.
- *	MODE_ECHO: do local terminal echo
- *	MODE_FLOW: do local flow control
- *	MODE_TRAPSIG: do local mapping to TELNET IAC sequences
- *	MODE_EDIT: do local line editing
- *
- *	Command mode:
- *		MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG
- *		local echo
- *		local editing
- *		local xon/xoff
- *		local signal mapping
- *
- *	Linemode:
- *		local/no editing
- *	Both Linemode and Single Character mode:
- *		local/remote echo
- *		local/no xon/xoff
- *		local/no signal mapping
- */
-
-
-    void
-TerminalNewMode(f)
-    register int f;
-{
-    static int prevmode = 0;
-#ifndef	USE_TERMIO
-    struct tchars tc;
-    struct ltchars ltc;
-    struct sgttyb sb;
-    int lmode;
-#else	/* USE_TERMIO */
-    struct termio tmp_tc;
-#endif	/* USE_TERMIO */
-    int onoff;
-    int old;
-    cc_t esc;
-
-    globalmode = f&~MODE_FORCE;
-    if (prevmode == f)
-	return;
-
-    /*
-     * Write any outstanding data before switching modes
-     * ttyflush() returns 0 only when there is no more data
-     * left to write out, it returns -1 if it couldn't do
-     * anything at all, otherwise it returns 1 + the number
-     * of characters left to write.
-#ifndef	USE_TERMIO
-     * We would really like ask the kernel to wait for the output
-     * to drain, like we can do with the TCSADRAIN, but we don't have
-     * that option.  The only ioctl that waits for the output to
-     * drain, TIOCSETP, also flushes the input queue, which is NOT
-     * what we want (TIOCSETP is like TCSADFLUSH).
-#endif
-     */
-    old = ttyflush(SYNCHing|flushout);
-    if (old < 0 || old > 1) {
-#ifdef	USE_TERMIO
-	tcgetattr(tin, &tmp_tc);
-#endif	/* USE_TERMIO */
-	do {
-	    /*
-	     * Wait for data to drain, then flush again.
-	     */
-#ifdef	USE_TERMIO
-	    tcsetattr(tin, TCSADRAIN, &tmp_tc);
-#endif	/* USE_TERMIO */
-	    old = ttyflush(SYNCHing|flushout);
-	} while (old < 0 || old > 1);
-    }
-
-    old = prevmode;
-    prevmode = f&~MODE_FORCE;
-#ifndef	USE_TERMIO
-    sb = nttyb;
-    tc = ntc;
-    ltc = nltc;
-    lmode = olmode;
-#else
-    tmp_tc = new_tc;
-#endif
-
-    if (f&MODE_ECHO) {
-#ifndef	USE_TERMIO
-	sb.sg_flags |= ECHO;
-#else
-	tmp_tc.c_lflag |= ECHO;
-	tmp_tc.c_oflag |= ONLCR;
-	if (crlf)
-		tmp_tc.c_iflag |= ICRNL;
-#endif
-    } else {
-#ifndef	USE_TERMIO
-	sb.sg_flags &= ~ECHO;
-#else
-	tmp_tc.c_lflag &= ~ECHO;
-	tmp_tc.c_oflag &= ~ONLCR;
-# ifdef notdef
-	if (crlf)
-		tmp_tc.c_iflag &= ~ICRNL;
-# endif
-#endif
-    }
-
-    if ((f&MODE_FLOW) == 0) {
-#ifndef	USE_TERMIO
-	tc.t_startc = _POSIX_VDISABLE;
-	tc.t_stopc = _POSIX_VDISABLE;
-#else
-	tmp_tc.c_iflag &= ~(IXOFF|IXON);	/* Leave the IXANY bit alone */
-    } else {
-	if (restartany < 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON;	/* Leave the IXANY bit alone */
-	} else if (restartany > 0) {
-		tmp_tc.c_iflag |= IXOFF|IXON|IXANY;
-	} else {
-		tmp_tc.c_iflag |= IXOFF|IXON;
-		tmp_tc.c_iflag &= ~IXANY;
-	}
-#endif
-    }
-
-    if ((f&MODE_TRAPSIG) == 0) {
-#ifndef	USE_TERMIO
-	tc.t_intrc = _POSIX_VDISABLE;
-	tc.t_quitc = _POSIX_VDISABLE;
-	tc.t_eofc = _POSIX_VDISABLE;
-	ltc.t_suspc = _POSIX_VDISABLE;
-	ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
-	tmp_tc.c_lflag &= ~ISIG;
-#endif
-	localchars = 0;
-    } else {
-#ifdef	USE_TERMIO
-	tmp_tc.c_lflag |= ISIG;
-#endif
-	localchars = 1;
-    }
-
-    if (f&MODE_EDIT) {
-#ifndef	USE_TERMIO
-	sb.sg_flags &= ~CBREAK;
-	sb.sg_flags |= CRMOD;
-#else
-	tmp_tc.c_lflag |= ICANON;
-#endif
-    } else {
-#ifndef	USE_TERMIO
-	sb.sg_flags |= CBREAK;
-	if (f&MODE_ECHO)
-	    sb.sg_flags |= CRMOD;
-	else
-	    sb.sg_flags &= ~CRMOD;
-#else
-	tmp_tc.c_lflag &= ~ICANON;
-	tmp_tc.c_iflag &= ~ICRNL;
-	tmp_tc.c_cc[VMIN] = 1;
-	tmp_tc.c_cc[VTIME] = 0;
-#endif
-    }
-
-    if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) {
-#ifndef	USE_TERMIO
-	ltc.t_lnextc = _POSIX_VDISABLE;
-#else
-# ifdef VLNEXT
-	tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE);
-# endif
-#endif
-    }
-
-    if (f&MODE_SOFT_TAB) {
-#ifndef USE_TERMIO
-	sb.sg_flags |= XTABS;
-#else
-# ifdef	OXTABS
-	tmp_tc.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-	tmp_tc.c_oflag |= TAB3;
-# endif
-#endif
-    } else {
-#ifndef USE_TERMIO
-	sb.sg_flags &= ~XTABS;
-#else
-# ifdef	OXTABS
-	tmp_tc.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-	tmp_tc.c_oflag &= ~TABDLY;
-# endif
-#endif
-    }
-
-    if (f&MODE_LIT_ECHO) {
-#ifndef USE_TERMIO
-	lmode &= ~LCTLECH;
-#else
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag &= ~ECHOCTL;
-# endif
-#endif
-    } else {
-#ifndef USE_TERMIO
-	lmode |= LCTLECH;
-#else
-# ifdef	ECHOCTL
-	tmp_tc.c_lflag |= ECHOCTL;
-# endif
-#endif
-    }
-
-    if (f == -1) {
-	onoff = 0;
-    } else {
-#ifndef	USE_TERMIO
-	if (f & MODE_OUTBIN)
-		lmode |= LLITOUT;
-	else
-		lmode &= ~LLITOUT;
-
-	if (f & MODE_INBIN)
-		lmode |= LPASS8;
-	else
-		lmode &= ~LPASS8;
-#else
-	if (f & MODE_INBIN)
-		tmp_tc.c_iflag &= ~ISTRIP;
-	else
-		tmp_tc.c_iflag |= ISTRIP;
-	if (f & MODE_OUTBIN) {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= CS8;
-		tmp_tc.c_oflag &= ~OPOST;
-	} else {
-		tmp_tc.c_cflag &= ~(CSIZE|PARENB);
-		tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB);
-		tmp_tc.c_oflag |= OPOST;
-	}
-#endif
-	onoff = 1;
-    }
-
-    if (f != -1) {
-
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, susp);
-#endif	/* SIGTSTP */
-#ifdef	SIGINFO
-	(void) signal(SIGINFO, ayt);
-#endif
-#if	defined(USE_TERMIO) && defined(NOKERNINFO)
-	tmp_tc.c_lflag |= NOKERNINFO;
-#endif
-	/*
-	 * We don't want to process ^Y here.  It's just another
-	 * character that we'll pass on to the back end.  It has
-	 * to process it because it will be processed when the
-	 * user attempts to read it, not when we send it.
-	 */
-#ifndef	USE_TERMIO
-	ltc.t_dsuspc = _POSIX_VDISABLE;
-#else
-# ifdef	VDSUSP
-	tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE);
-# endif
-#endif
-#ifdef	USE_TERMIO
-	/*
-	 * If the VEOL character is already set, then use VEOL2,
-	 * otherwise use VEOL.
-	 */
-	esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape;
-	if ((tmp_tc.c_cc[VEOL] != esc)
-# ifdef	VEOL2
-	    && (tmp_tc.c_cc[VEOL2] != esc)
-# endif
-	    ) {
-		if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL] = esc;
-# ifdef	VEOL2
-		else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE))
-		    tmp_tc.c_cc[VEOL2] = esc;
-# endif
-	}
-#else
-	if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE))
-		tc.t_brkc = esc;
-#endif
-    } else {
-#ifdef	SIGINFO
-	SIG_FUNC_RET ayt_status();
-
-	(void) signal(SIGINFO, ayt_status);
-#endif
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, SIG_DFL);
-#ifdef POSIX_SIGNALS
-	{
-	  sigset_t tmask;
-	  sigemptyset(&tmask);
-	  sigaddset(&tmask, SIGTSTP);
-	  sigprocmask(SIG_UNBLOCK, &tmask, (sigset_t*)0);
-	}
-#else
-	(void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1)));
-#endif
-#endif	/* SIGTSTP */
-#ifndef USE_TERMIO
-	ltc = oltc;
-	tc = otc;
-	sb = ottyb;
-	lmode = olmode;
-#else
-	tmp_tc = old_tc;
-#endif
-    }
-#ifndef USE_TERMIO
-    ioctl(tin, TIOCLSET, (char *)&lmode);
-    ioctl(tin, TIOCSLTC, (char *)&ltc);
-    ioctl(tin, TIOCSETC, (char *)&tc);
-    ioctl(tin, TIOCSETN, (char *)&sb);
-#else
-    if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0)
-	tcsetattr(tin, TCSANOW, &tmp_tc);
-#endif
-
-#if	(!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR))
-# if	!defined(sysV88)
-    ioctl(tin, FIONBIO, (char *)&onoff);
-    ioctl(tout, FIONBIO, (char *)&onoff);
-# endif
-#endif	/* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */
-#if	defined(TN3270)
-    if (noasynchtty == 0) {
-	ioctl(tin, FIOASYNC, (char *)&onoff);
-    }
-#endif	/* defined(TN3270) */
-
-}
-
-#ifndef	B19200
-# define B19200 B9600
-#endif
-
-#ifndef	B38400
-# define B38400 B19200
-#endif
-
-/*
- * This code assumes that the values B0, B50, B75...
- * are in ascending order.  They do not have to be
- * contiguous.
- */
-struct termspeeds {
-	long speed;
-	long value;
-} termspeeds[] = {
-	{ 0,     B0 },     { 50,    B50 },   { 75,    B75 },
-	{ 110,   B110 },   { 134,   B134 },  { 150,   B150 },
-	{ 200,   B200 },   { 300,   B300 },  { 600,   B600 },
-	{ 1200,  B1200 },  { 1800,  B1800 }, { 2400,  B2400 },
-	{ 4800,  B4800 },  { 9600,  B9600 }, { 19200, B19200 },
-	{ 38400, B38400 }, { -1,    B38400 }
-};
-
-    void
-TerminalSpeeds(ispeed, ospeed)
-    long *ispeed;
-    long *ospeed;
-{
-    register struct termspeeds *tp;
-    register long in, out;
-
-    out = cfgetospeed(&old_tc);
-    in = cfgetispeed(&old_tc);
-    if (in == 0)
-	in = out;
-
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < in))
-	tp++;
-    *ispeed = tp->speed;
-
-    tp = termspeeds;
-    while ((tp->speed != -1) && (tp->value < out))
-	tp++;
-    *ospeed = tp->speed;
-}
-
-    int
-TerminalWindowSize(rows, cols)
-    long *rows, *cols;
-{
-#ifdef	TIOCGWINSZ
-    struct winsize ws;
-
-    if (ioctl(fileno(stdin), TIOCGWINSZ, (char *)&ws) >= 0) {
-	*rows = ws.ws_row;
-	*cols = ws.ws_col;
-	return 1;
-    }
-#endif	/* TIOCGWINSZ */
-    return 0;
-}
-
-    int
-NetClose(fd)
-    int	fd;
-{
-    return close(fd);
-}
-
-
-static void
-NetNonblockingIO(fd, onoff)
-    int fd;
-    int onoff;
-{
-    ioctl(fd, FIONBIO, (char *)&onoff);
-}
-
-#if	defined(TN3270)
-    void
-NetSigIO(fd, onoff)
-    int fd;
-    int onoff;
-{
-    ioctl(fd, FIOASYNC, (char *)&onoff);	/* hear about input */
-}
-
-    void
-NetSetPgrp(fd)
-    int fd;
-{
-    int myPid;
-
-    myPid = getpid();
-    fcntl(fd, F_SETOWN, myPid);
-}
-#endif	/*defined(TN3270)*/
-
-/*
- * Various signal handling routines.
- */
-
-    /* ARGSUSED */
-static  SIG_FUNC_RET
-deadpeer(sig)
-    int sig;
-{
-	setcommandmode();
-	longjmp(peerdied, -1);
-}
-
-int intr_happened = 0;
-int intr_waiting = 0;
-
-    /* ARGSUSED */
-static SIG_FUNC_RET
-intr(sig)
-    int sig;
-{
-    if (intr_waiting) {
-	intr_happened = 1;
-	return;
-    }
-    if (localchars) {
-	intp();
-	return;
-    }
-    setcommandmode();
-    longjmp(toplevel, -1);
-}
-
-    /* ARGSUSED */
-static SIG_FUNC_RET
-intr2(sig)
-    int sig;
-{
-    if (localchars) {
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode)
-	    sendbrk();
-	else
-#endif
-	    sendabort();
-	return;
-    }
-}
-
-#ifdef	SIGTSTP
-    /* ARGSUSED */
-static SIG_FUNC_RET
-susp(sig)
-    int sig;
-{
-    if ((rlogin != _POSIX_VDISABLE) && rlogin_susp())
-	return;
-    if (localchars)
-	sendsusp();
-}
-#endif
-
-#ifdef	SIGWINCH
-    /* ARGSUSED */
-static  SIG_FUNC_RET
-sendwin(sig)
-    int sig;
-{
-    if (connected) {
-	sendnaws();
-    }
-}
-#endif
-
-#ifdef	SIGINFO
-    /* ARGSUSED */
-    SIG_FUNC_RET
-ayt(sig)
-    int sig;
-{
-    if (connected)
-	sendayt();
-    else
-	ayt_status();
-}
-#endif
-
-
-    void
-sys_telnet_init()
-{
-    (void) signal(SIGINT, intr);
-    (void) signal(SIGQUIT, intr2);
-    (void) signal(SIGPIPE, deadpeer);
-#ifdef	SIGWINCH
-    (void) signal(SIGWINCH, sendwin);
-#endif
-#ifdef	SIGTSTP
-    (void) signal(SIGTSTP, susp);
-#endif
-#ifdef	SIGINFO
-    (void) signal(SIGINFO, ayt);
-#endif
-
-    setconnmode(0);
-
-    NetNonblockingIO(net, 1);
-
-#if	defined(TN3270)
-    if (noasynchnet == 0) {			/* DBX can't handle! */
-	NetSigIO(net, 1);
-	NetSetPgrp(net);
-    }
-#endif	/* defined(TN3270) */
-
-#if	defined(SO_OOBINLINE)
-    if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) {
-	perror("SetSockOpt");
-    }
-#endif	/* defined(SO_OOBINLINE) */
-}
-
-/*
- * Process rings -
- *
- *	This routine tries to fill up/empty our various rings.
- *
- *	The parameter specifies whether this is a poll operation,
- *	or a block-until-something-happens operation.
- *
- *	The return value is 1 if something happened, 0 if not.
- */
-
-    int
-process_rings(netin, netout, netex, ttyin, ttyout, poll)
-    int poll;		/* If 0, then block until something to do */
-{
-    register int c;
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue = 0;
-    static struct timeval TimeValue = { 0 };
-
-    if (netout) {
-	FD_SET(net, &obits);
-    }
-    if (ttyout) {
-	FD_SET(tout, &obits);
-    }
-#if	defined(TN3270)
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-#else	/* defined(TN3270) */
-    if (ttyin) {
-	FD_SET(tin, &ibits);
-    }
-#endif	/* defined(TN3270) */
-#if	defined(TN3270)
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#   else /* !defined(TN3270) */
-    if (netin) {
-	FD_SET(net, &ibits);
-    }
-#   endif /* !defined(TN3270) */
-    if (netex) {
-	FD_SET(net, &xbits);
-    }
-    if ((c = select(16, &ibits, &obits, &xbits,
-			(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
-	if (c == -1) {
-		    /*
-		     * we can get EINTR if we are in line mode,
-		     * and the user does an escape (TSTP), or
-		     * some other signal generator.
-		     */
-	    if (errno == EINTR) {
-		return 0;
-	    }
-#	    if defined(TN3270)
-		    /*
-		     * we can get EBADF if we were in transparent
-		     * mode, and the transcom process died.
-		    */
-	    if (errno == EBADF) {
-			/*
-			 * zero the bits (even though kernel does it)
-			 * to make sure we are selecting on the right
-			 * ones.
-			*/
-		FD_ZERO(&ibits);
-		FD_ZERO(&obits);
-		FD_ZERO(&xbits);
-		return 0;
-	    }
-#	    endif /* defined(TN3270) */
-		    /* I don't like this, does it ever happen? */
-	    printf("sleep(5) from telnet, after select\r\n");
-	    sleep(5);
-	}
-	return 0;
-    }
-
-    /*
-     * Any urgent data?
-     */
-    if (FD_ISSET(net, &xbits)) {
-	FD_CLR(net, &xbits);
-	SYNCHing = 1;
-	(void) ttyflush(1);	/* flush already enqueued data */
-    }
-
-    /*
-     * Something to read from the network...
-     */
-    if (FD_ISSET(net, &ibits)) {
-	int canread;
-
-	FD_CLR(net, &ibits);
-	canread = ring_empty_consecutive(&netiring);
-#if	!defined(SO_OOBINLINE)
-	    /*
-	     * In 4.2 (and some early 4.3) systems, the
-	     * OOB indication and data handling in the kernel
-	     * is such that if two separate TCP Urgent requests
-	     * come in, one byte of TCP data will be overlaid.
-	     * This is fatal for Telnet, but we try to live
-	     * with it.
-	     *
-	     * In addition, in 4.2 (and...), a special protocol
-	     * is needed to pick up the TCP Urgent data in
-	     * the correct sequence.
-	     *
-	     * What we do is:  if we think we are in urgent
-	     * mode, we look to see if we are "at the mark".
-	     * If we are, we do an OOB receive.  If we run
-	     * this twice, we will do the OOB receive twice,
-	     * but the second will fail, since the second
-	     * time we were "at the mark", but there wasn't
-	     * any data there (the kernel doesn't reset
-	     * "at the mark" until we do a normal read).
-	     * Once we've read the OOB data, we go ahead
-	     * and do normal reads.
-	     *
-	     * There is also another problem, which is that
-	     * since the OOB byte we read doesn't put us
-	     * out of OOB state, and since that byte is most
-	     * likely the TELNET DM (data mark), we would
-	     * stay in the TELNET SYNCH (SYNCHing) state.
-	     * So, clocks to the rescue.  If we've "just"
-	     * received a DM, then we test for the
-	     * presence of OOB data when the receive OOB
-	     * fails (and AFTER we did the normal mode read
-	     * to clear "at the mark").
-	     */
-	if (SYNCHing) {
-	    int atmark;
-	    static int bogus_oob = 0, first = 1;
-
-	    ioctl(net, SIOCATMARK, (char *)&atmark);
-	    if (atmark) {
-		c = recv(net, netiring.supply, canread, MSG_OOB);
-		if ((c == -1) && (errno == EINVAL)) {
-		    c = recv(net, netiring.supply, canread, 0);
-		    if (clocks.didnetreceive < clocks.gotDM) {
-			SYNCHing = stilloob(net);
-		    }
-		} else if (first && c > 0) {
-		    /*
-		     * Bogosity check.  Systems based on 4.2BSD
-		     * do not return an error if you do a second
-		     * recv(MSG_OOB).  So, we do one.  If it
-		     * succeeds and returns exactly the same
-		     * data, then assume that we are running
-		     * on a broken system and set the bogus_oob
-		     * flag.  (If the data was different, then
-		     * we probably got some valid new data, so
-		     * increment the count...)
-		     */
-		    int i;
-		    i = recv(net, netiring.supply + c, canread - c, MSG_OOB);
-		    if (i == c &&
-			memcmp(netiring.supply, netiring.supply + c, i) == 0) {
-			bogus_oob = 1;
-			first = 0;
-		    } else if (i < 0) {
-			bogus_oob = 0;
-			first = 0;
-		    } else
-			c += i;
-		}
-		if (bogus_oob && c > 0) {
-		    int i;
-		    /*
-		     * Bogosity.  We have to do the read
-		     * to clear the atmark to get out of
-		     * an infinate loop.
-		     */
-		    i = read(net, netiring.supply + c, canread - c);
-		    if (i > 0)
-			c += i;
-		}
-	    } else {
-		c = recv(net, netiring.supply, canread, 0);
-	    }
-	} else {
-	    c = recv(net, netiring.supply, canread, 0);
-	}
-	settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE) */
-	c = recv(net, (char *)netiring.supply, canread, 0);
-#endif	/* !defined(SO_OOBINLINE) */
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else if (c <= 0) {
-	    return -1;
-	}
-	if (netdata) {
-	    Dump('<', netiring.supply, c);
-	}
-	if (c)
-	    ring_supplied(&netiring, c);
-	returnValue = 1;
-    }
-
-    /*
-     * Something to read from the tty...
-     */
-    if (FD_ISSET(tin, &ibits)) {
-	FD_CLR(tin, &ibits);
-	c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring));
-	if (c < 0 && errno == EWOULDBLOCK) {
-	    c = 0;
-	} else {
-	    /* EOF detection for line mode!!!! */
-	    if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) {
-			/* must be an EOF... */
-		*ttyiring.supply = termEofChar;
-		c = 1;
-	    }
-	    if (c <= 0) {
-		return -1;
-	    }
-	    if (termdata) {
-		Dump('<', ttyiring.supply, c);
-	    }
-	    ring_supplied(&ttyiring, c);
-	}
-	returnValue = 1;		/* did something useful */
-    }
-
-    if (FD_ISSET(net, &obits)) {
-	FD_CLR(net, &obits);
-	returnValue |= netflush();
-    }
-    if (FD_ISSET(tout, &obits)) {
-	FD_CLR(tout, &obits);
-	returnValue |= (ttyflush(SYNCHing|flushout) > 0);
-    }
-
-    return returnValue;
-}
diff --git a/src/appl/telnet/telnet/telnet.0.ps b/src/appl/telnet/telnet/telnet.0.ps
deleted file mode 100644
index 9edd0b3..0000000
--- a/src/appl/telnet/telnet/telnet.0.ps
+++ /dev/null
@@ -1,1008 +0,0 @@
-%!PS-Adobe-3.0
-%%Creator: groff version 1.08
-%%DocumentNeededResources: font Times-Roman
-%%+ font Times-Bold
-%%+ font Courier-Bold
-%%+ font Courier-Oblique
-%%+ font Courier
-%%+ font Symbol
-%%+ font Times-Italic
-%%DocumentSuppliedResources: procset grops 1.08 0
-%%Pages: 10
-%%PageOrder: Ascend
-%%Orientation: Portrait
-%%EndComments
-%%BeginProlog
-%%BeginResource: procset grops 1.08 0
-/setpacking where{
-pop
-currentpacking
-true setpacking
-}if
-/grops 120 dict dup begin
-/SC 32 def
-/A/show load def
-/B{0 SC 3 -1 roll widthshow}bind def
-/C{0 exch ashow}bind def
-/D{0 exch 0 SC 5 2 roll awidthshow}bind def
-/E{0 rmoveto show}bind def
-/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
-/G{0 rmoveto 0 exch ashow}bind def
-/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/I{0 exch rmoveto show}bind def
-/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
-/K{0 exch rmoveto 0 exch ashow}bind def
-/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/M{rmoveto show}bind def
-/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
-/O{rmoveto 0 exch ashow}bind def
-/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/Q{moveto show}bind def
-/R{moveto 0 SC 3 -1 roll widthshow}bind def
-/S{moveto 0 exch ashow}bind def
-/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/SF{
-findfont exch
-[exch dup 0 exch 0 exch neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/MF{
-findfont
-[5 2 roll
-0 3 1 roll 
-neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/level0 0 def
-/RES 0 def
-/PL 0 def
-/LS 0 def
-/PLG{
-gsave newpath clippath pathbbox grestore
-exch pop add exch pop
-}bind def
-/BP{
-/level0 save def
-1 setlinecap
-1 setlinejoin
-72 RES div dup scale
-LS{
-90 rotate
-}{
-0 PL translate
-}ifelse
-1 -1 scale
-}bind def
-/EP{
-level0 restore
-showpage
-}bind def
-/DA{
-newpath arcn stroke
-}bind def
-/SN{
-transform
-.25 sub exch .25 sub exch
-round .25 add exch round .25 add exch
-itransform
-}bind def
-/DL{
-SN
-moveto
-SN
-lineto stroke
-}bind def
-/DC{
-newpath 0 360 arc closepath
-}bind def
-/TM matrix def
-/DE{
-TM currentmatrix pop
-translate scale newpath 0 0 .5 0 360 arc closepath
-TM setmatrix
-}bind def
-/RC/rcurveto load def
-/RL/rlineto load def
-/ST/stroke load def
-/MT/moveto load def
-/CL/closepath load def
-/FL{
-currentgray exch setgray fill setgray
-}bind def
-/BL/fill load def
-/LW/setlinewidth load def
-/RE{
-findfont
-dup maxlength 1 index/FontName known not{1 add}if dict begin
-{
-1 index/FID ne{def}{pop pop}ifelse
-}forall
-/Encoding exch def
-dup/FontName exch def
-currentdict end definefont pop
-}bind def
-/DEFS 0 def
-/EBEGIN{
-moveto
-DEFS begin
-}bind def
-/EEND/end load def
-/CNT 0 def
-/level1 0 def
-/PBEGIN{
-/level1 save def
-translate
-div 3 1 roll div exch scale
-neg exch neg exch translate
-0 setgray
-0 setlinecap
-1 setlinewidth
-0 setlinejoin
-10 setmiterlimit
-[]0 setdash
-/setstrokeadjust where{
-pop
-false setstrokeadjust
-}if
-/setoverprint where{
-pop
-false setoverprint
-}if
-newpath
-/CNT countdictstack def
-userdict begin
-/showpage{}def
-}bind def
-/PEND{
-clear
-countdictstack CNT sub{end}repeat
-level1 restore
-}bind def
-end def
-/setpacking where{
-pop
-setpacking
-}if
-%%EndResource
-%%IncludeResource: font Times-Roman
-%%IncludeResource: font Times-Bold
-%%IncludeResource: font Courier-Bold
-%%IncludeResource: font Courier-Oblique
-%%IncludeResource: font Courier
-%%IncludeResource: font Symbol
-%%IncludeResource: font Times-Italic
-grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 def/PL
-792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron/scaron/zcaron
-/Ydieresis/trademark/quotesingle/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/space
-/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft
-/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four
-/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C
-/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash
-/bracketright/circumflex/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q
-/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase
-/guillemotleft/guillemotright/bullet/florin/fraction/perthousand/dagger
-/daggerdbl/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
-/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
-/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen/brokenbar
-/section/dieresis/copyright/ordfeminine/guilsinglleft/logicalnot/minus
-/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu
-/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guilsinglright
-/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde
-/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute
-/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
-/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls
-/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute
-/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve
-/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex
-/udieresis/yacute/thorn/ydieresis]def/Times-Italic@0 ENC0/Times-Italic RE
-/Courier@0 ENC0/Courier RE/Courier-Oblique@0 ENC0/Courier-Oblique RE
-/Courier-Bold@0 ENC0/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE
-/Times-Roman@0 ENC0/Times-Roman RE
-%%EndProlog
-%%Page: 1 1
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Times-Bold@0 SF -.2(NA)72
-108 S(ME).2 E/F2 10/Courier-Bold@0 SF(telnet)102 120 Q F0 2.5<ad75>2.5 G
-(ser interf)153.64 120 Q(ace to the)-.1 E/F3 9/Times-Roman@0 SF(TELNET)2.5 E F0
-(protocol)2.5 E F1(SYNOPSIS)72 144 Q F2(telnet)102 156 Q F0([)3.333 E F2<ad38>
-2.499 E F0 3.333(][).833 G F2<ad45>-.834 E F0 3.333(][).833 G F2<ad46>-.834 E
-F0 3.333(][).833 G F2<ad4b>-.834 E F0 3.333(][).833 G F2<ad4c>-.834 E F0 3.333
-(][).833 G F2<ad53>-.834 E/F4 10/Courier-Oblique@0 SF(tos)6 E F0 3.333(][).833
-G F2<ad58>-.834 E F4(authtype)6 E F0 3.333(][).833 G F2<ad61>-.834 E F0 3.333
-(][).833 G F2<ad63>-.834 E F0 3.333(][).833 G F2<ad64>-.834 E F0 3.333(][).833
-G F2<ad65>-.834 E F4(escapechar)144 168 Q F0 3.333(][).833 G F2<ad66>-.834 E F0
-3.333(][).833 G F2<ad6b>-.834 E F4(realm)6 E F0 3.333(][).833 G F2<ad6c>-.834 E
-F4(user)6 E F0 3.333(][).833 G F2<ad6e>-.834 E F4(tracefile)6 E F0 3.333(][)
-.833 G F2<ad72>-.834 E F0 3.333(][).833 G F2<ad78>-.834 E F0 2.5(][).833 G F4
-(host)491.943 168 Q F0 .833([p)144.833 180 S -1.667(ort ]])-.833 F F1
-(DESCRIPTION)72 204 Q F0(The)102 216 Q F2(telnet)2.523 E F0 .023
-(command is used to communicate with another host using the)2.523 F F3(TELNET)
-2.523 E F0 2.523(protocol. If)2.523 F F2(telnet)2.523 E F0(is)2.522 E(in)102
-228 Q -.2(vo)-.4 G -.1(ke).2 G 2.693(dw).1 G .193(ithout the)143.433 228 R F4
-(host)2.693 E F0(ar)2.693 E .194
-(gument, it enters command mode, indicated by its prompt)-.18 F(\()4.36 E F2
-(telnet>)1.666 E F0 -3.138 1.666(\). I)1.666 H 2.694(nt)-1.666 G(his)528.33 228
-Q 1.07(mode, it accepts and e)102 240 R -.15(xe)-.15 G 1.07
-(cutes the commands listed belo).15 F 4.87 -.65(w. I)-.25 H 3.57(fi).65 G 3.57
-(ti)361.18 240 S 3.57(si)370.31 240 S -1.9 -.4(nv o)380.55 240 T -.1(ke).4 G
-3.57(dw).1 G 1.07(ith ar)420.08 240 R 1.07(guments, it performs an)-.18 F F2
-(open)102 252 Q F0(command with those ar)2.5 E(guments.)-.18 E(Options:)102 270
-Q F2<ad38>103.666 288 Q F0 .352(Speci\214es an 8-bit data path.)143 288 R .353
-(This causes an attempt to ne)5.352 F .353(gotiate the)-.15 F/F5 10/Courier@0
-SF .353(TELNET BINARY)2.853 F F0 .353(option on)2.853 F(both input and output.)
-143 300 Q F2<ad45>103.666 318 Q F0(Stops an)143 318 Q 2.5(yc)-.15 G
-(haracter from being recognized as an escape character)188.96 318 Q(.)-.55 E F2
-<ad46>103.666 336 Q F0 .691(If K)143 336 R .691
-(erberos V5 authentication is being used, the)-.25 F F2<ad46>4.856 E F0 .69
-(option allo)3.19 F .69(ws the local credentials to be for)-.25 F(-)-.2 E -.1
-(wa)143 348 S .615(rded to the remote system, including an).1 F 3.116(yc)-.15 G
-.616(redentials that ha)328.698 348 R .916 -.15(ve a)-.2 H .616
-(lready been forw).15 F .616(arded into the)-.1 F(local en)143 360 Q
-(vironment.)-.4 E F2<ad4b>103.666 378 Q F0
-(Speci\214es no automatic login to the remote system.)143 378 Q F2<ad4c>103.666
-396 Q F0 .147(Speci\214es an 8-bit data path on output.)143 396 R .146
-(This causes the BIN)5.146 F(AR)-.35 E 2.646(Yo)-.65 G .146(ption to be ne)
-409.42 396 R .146(gotiated on output.)-.15 F F2<ad53>103.666 414 Q F4(tos)6 E
-F0 .288(Sets the IP type-of-service \(T)143 426 R .288
-(OS\) option for the telnet connection to the v)-.18 F(alue)-.25 E F4(tos,)
-2.788 E F0 .289(which can be)2.788 F 3.12(an)143 438 S .62(umeric T)155.56 438
-R .62(OS v)-.18 F .62(alue or)-.25 F 3.12(,o)-.4 G 3.12(ns)251.36 438 S .619
-(ystems that support it, a symbolic T)263.37 438 R .619
-(OS name found in the /etc/iptos)-.18 F(\214le.)143 450 Q F2<ad58>103.666 468 Q
-F4(atype)6 E F0(Disables the)143 480 Q F4(atype)2.5 E F0
-(type of authentication.)2.5 E F2<ad61>103.666 498 Q F0 2.562
-(Attempt automatic login.)143 498 R(Currently)7.563 E 5.063(,t)-.65 G 2.563
-(his sends the user name via the)303.99 498 R F5(USER)5.063 E F0 -.25(va)5.063
-G 2.563(riable of the).25 F F5(ENVIRON)143 510 Q F0 .444
-(option if supported by the remote system.)2.945 F .444
-(The name used is that of the current user as)5.444 F .168(returned by)143 522
-R F5(getlogin)2.668 E F0 .168(\(2\) if it agrees with the current user ID, oth\
-erwise it is the name associated)B(with the user ID.)143 534 Q F2<ad63>103.666
-552 Q F0 .022(Disables the reading of the user')143 552 R(s)-.55 E F5
-(.telnetrc)2.522 E F0 2.522(\214le. \(See)2.522 F(the)2.522 E F2 .022
-(toggle skiprc)2.522 F F0 .022(command on this)2.522 F(man page.\))143 564 Q F2
-<ad64>103.666 582 Q F0(Sets the initial v)143 582 Q(alue of the)-.25 E F2
-(debug)2.5 E F0(toggle to)2.5 E F5(TRUE)2.5 E F2<ad65>103.666 600 Q F4
-(escape char)6 E F0 1.759(Sets the initial)143 612 R F2 -1.741(telnet telnet)
-4.259 F F0 1.759(escape character to)4.259 F F4 1.759(escape char.)4.259 F F0
-(If)4.259 E F4 1.76(escape char)4.26 F F0(is)4.26 E
-(omitted, then there will be no escape character)143 624 Q(.)-.55 E F2<ad66>
-103.666 642 Q F0 .691(If K)143 642 R .691
-(erberos V5 authentication is being used, the)-.25 F F2<ad66>4.856 E F0 .69
-(option allo)3.19 F .69(ws the local credentials to be for)-.25 F(-)-.2 E -.1
-(wa)143 654 S(rded to the remote system.).1 E F2<ad6b>103.666 672 Q F4(realm)6
-E F0 .008(If K)143 684 R .008(erberos authentication is being used, the)-.25 F
-F2<ad6b>4.174 E F0 .009(option requests that telnet obtain tick)2.508 F .009
-(ets for the re-)-.1 F 6.61
-(mote host in realm realm instead of the remote host')143 696 R 9.11(sr)-.55 G
-6.61(ealm, as determined by)427.41 696 R(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)
--.15 G(istrib)132.57 750 Q 95.71(ution February)-.2 F(3, 1994)2.5 E(1)535 750 Q
-EP
-%%Page: 2 2
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Courier@0 SF
-(krb_realmofhost)143 96 Q F0(\(3\).)A/F2 10/Courier-Bold@0 SF<ad6c>103.666 114
-Q/F3 10/Courier-Oblique@0 SF(user)6 E F0 1.135
-(When connecting to the remote system, if the remote system understands the)143
-126 R F1(ENVIRON)3.636 E F0(option,)3.636 E(then)143 138 Q F3(user)2.974 E F0
-.474(will be sent to the remote system as the v)2.974 F .474(alue for the v)
--.25 F .474(ariable USER.)-.25 F .473(This option im-)5.474 F(plies the)143 150
-Q F2<ad61>4.166 E F0 2.5(option. This)2.5 F(option may also be used with the)
-2.5 E F2(open)2.5 E F0(command.)2.5 E F2<ad6e>103.666 168 Q F3(tracefile)6 E F0
-(Opens)143 180 Q F3(tracefile)2.561 E F0 .062(for recording trace information.)
-2.561 F .062(See the)5.062 F F2 .062(set tracefile)2.562 F F0 .062
-(command belo)2.562 F -.65(w.)-.25 G F2<ad72>103.666 198 Q F0 .936
-(Speci\214es a user interf)143 198 R .936(ace similar to)-.1 F F1(rlogin)3.435
-E F0 4.37(\(1\). In)B .935(this mode, the escape character is set to the)3.435
-F(tilde \(~\) character)143 210 Q 2.5(,u)-.4 G
-(nless modi\214ed by the -e option.)222.01 210 Q F2<ad78>103.666 228 Q F0 -.45
-(Tu)143 228 S .123(rns on encryption of the data stream if possible.).45 F .124
-(This option is not a)5.124 F -.25(va)-.2 G .124(ilable outside of the Unit-)
-.25 F(ed States and Canada.)143 240 Q F3(host)102 258 Q F0(Indicates the of)143
-258 Q(\214cial name, an alias, or the Internet address of a remote host.)-.25 E
-F3(port)102 276 Q F0 1.96
-(Indicates a port number \(address of an application\).)143 276 R 1.96
-(If a number is not speci\214ed, the def)6.96 F(ault)-.1 E F2(telnet)143 288 Q
-F0(port is used.)2.5 E .237(When in rlogin mode, a line of the form ~.)102 306
-R .238(disconnects from the remote host; ~ is the telnet escape character)5.237
-F(.)-.55 E(Similarly)102 318 Q 2.5(,t)-.65 G
-(he line ~^Z suspends the telnet session.)146.36 318 Q
-(The line ~^] escapes to the normal telnet escape prompt.)5 E 1.008
-(Once a connection has been opened,)102 336 R F2(telnet)3.507 E F0 1.007
-(will attempt to enable the)3.507 F F1 1.007(TELNET LINEMODE)3.507 F F0 3.507
-(option. If)3.507 F .73(this f)102 348 R .73(ails, then)-.1 F F2(telnet)3.23 E
-F0 .73(will re)3.23 F -.15(ve)-.25 G .73(rt to one of tw).15 F 3.23(oi)-.1 G
-.731(nput modes: either `)308.3 348 R .731(`character at a time')-.74 F 3.231
-('o)-.74 G 3.231(r`)483.277 348 S .731(`old line by)492.428 348 R(line')102 360
-Q 2.5('d)-.74 G(epending on what the remote system supports.)130.42 360 Q(When)
-102 378 Q F1(LINEMODE)3.143 E F0 .642(is enabled, character processing is done\
- on the local system, under the control of the re-)3.143 F .123(mote system.)
-102 390 R .123(When input editing or character echoing is to be disabled, the \
-remote system will relay that in-)5.123 F 3.397(formation. The)102 402 R .897
-(remote system will also relay changes to an)3.397 F 3.397(ys)-.15 G .897
-(pecial characters that happen on the remote)361.34 402 R(system, so that the)
-102 414 Q 2.5(yc)-.15 G(an tak)187.68 414 Q 2.5(ee)-.1 G -.25(ff)223.12 414 S
-(ect on the local system.).25 E(In `)102 432 Q(`character at a time')-.74 E 2.5
-('m)-.74 G(ode, most te)208.53 432 Q
-(xt typed is immediately sent to the remote host for processing.)-.15 E .323
-(In `)102 450 R .323(`old line by line')-.74 F 2.823('m)-.74 G .323
-(ode, all te)196.845 450 R .323(xt is echoed locally)-.15 F 2.823(,a)-.65 G
-.323(nd \(normally\) only completed lines are sent to the re-)324.073 450 R
-.757(mote host.)102 462 R .757(The `)5.757 F .757(`local echo character')-.74 F
-3.257('\()-.74 G .756(initially `)268.892 462 R(`^E')-.74 E .756
-('\) may be used to turn of)-.74 F 3.256(fa)-.25 G .756
-(nd on the local echo \(this)435.4 462 R -.1(wo)102 474 S
-(uld mostly be used to enter passw).1 E(ords without the passw)-.1 E
-(ord being echoed\).)-.1 E 1.076(If the)102 492 R F1(LINEMODE)3.576 E F0 1.076
-(option is enabled, or if the)3.576 F F2(localchars)3.577 E F0 1.077(toggle is)
-3.577 F F1(TRUE)3.577 E F0 1.077(\(the def)3.577 F 1.077(ault for `)-.1 F 1.077
-(`old line by)-.74 F(line`)102 504 Q .866(`; see belo)-.74 F .866
-(w\), the user')-.25 F(s)-.55 E F2(quit)3.366 E F0(,)A F2(intr)3.366 E F0 3.366
-(,a)C(nd)285.042 504 Q F2(flush)3.365 E F0 .865(characters are trapped locally)
-3.365 F 3.365(,a)-.65 G .865(nd sent as)461.472 504 R/F4 9/Times-Roman@0 SF
-(TELNET)3.365 E F0 .368(protocol sequences to the remote side.)102 516 R(If)
-5.368 E F1(LINEMODE)2.868 E F0 .368(has e)2.868 F -.15(ve)-.25 G 2.868(rb).15 G
-.368(een enabled, then the user')363.23 516 R(s)-.55 E F2(susp)2.869 E F0(and)
-2.869 E F2(eof)2.869 E F0 1.308(are also sent as)102 528 R F4(TELNET)3.808 E F0
-1.308(protocol sequences, and)3.808 F F2(quit)3.808 E F0 1.307(is sent as a)
-3.807 F F1 1.307(TELNET ABORT)3.807 F F0 1.307(instead of)3.807 F F1(BREAK)
-3.807 E F0 .474(There are options \(see)102 540 R F2 -3.026(toggle autoflush)
-2.974 F F0(and)2.974 E F2 -3.026(toggle autosynch)2.974 F F0(belo)2.974 E .475
-(w\) which cause this action to)-.25 F .194
-(\215ush subsequent output to the terminal \(until the remote host ackno)102
-552 R .194(wledges the)-.25 F F4(TELNET)2.694 E F0 .193(sequence\) and \215ush)
-2.693 F(pre)102 564 Q(vious terminal input \(in the case of)-.25 E F2(quit)2.5
-E F0(and)2.5 E F2(intr)2.5 E F0(\).)A .235(While connected to a remote host,)
-102 582 R F2(telnet)2.735 E F0 .235(command mode may be entered by typing the)
-2.735 F F2(telnet)2.735 E F0 -.74(``)2.735 G(escape).74 E(character')102 594 Q
-2.5('\()-.74 G(initially `)150.39 594 Q(`^]')-.74 E 2.5('\). When)-.74 F
-(in command mode, the normal terminal editing con)2.5 E -.15(ve)-.4 G
-(ntions are a).15 E -.25(va)-.2 G(ilable.).25 E .018(The follo)102 612 R(wing)
--.25 E F2(telnet)2.518 E F0 .018(commands are a)2.518 F -.25(va)-.2 G 2.517
-(ilable. Only).25 F .017(enough of each command to uniquely identify it need)
-2.517 F 2.478(be typed \(this is also true for ar)102 624 R 2.478
-(guments to the)-.18 F F2(mode)4.978 E F0(,)A F2(set)4.978 E F0(,)A F2(toggle)
-4.978 E F0(,)A F2(unset)4.978 E F0(,)A F2(slc)4.978 E F0(,)A F2(environ)4.979 E
-F0 4.979(,a)C(nd)530 624 Q F2(display)102 636 Q F0(commands\).)2.5 E F2(auth)
-102 654 Q F3(argument ...)6 E F0 .308
-(The auth command manipulates the information sent through the)161 666 R F1
-.308(TELNET AUTHENTICATE)2.808 F F0 2.5(option. V)161 678 R(alid ar)-1.11 E
-(guments for the auth command are as follo)-.18 E(ws:)-.25 E(4.2 Berk)72 750 Q
-(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71(ution February)-.2 F
-(3, 1994)2.5 E(2)535 750 Q EP
-%%Page: 3 3
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Courier-Bold@0 SF(disable)
-161 96 Q/F2 10/Courier-Oblique@0 SF(type)6.76 E F0 .76
-(Disables the speci\214ed type of authentication.)5 F 2.36 -.8(To o)5.76 H .76
-(btain a list of a).8 F -.25(va)-.2 G(ilable).25 E(types, use the)238 108 Q F1
-(auth disable ?)2.5 E F0(command.)2.5 E F1(enable)161 126 Q F2(type)6.992 E F0
-.992(Enables the speci\214ed type of authentication.)238.992 126 R 2.592 -.8
-(To o)5.992 H .991(btain a list of a).8 F -.25(va)-.2 G(ilable).25 E
-(types, use the)238 138 Q F1(auth enable ?)2.5 E F0(command.)2.5 E F1(status)
-161 156 Q F0(Lists the current status of the v)238 156 Q
-(arious types of authentication.)-.25 E F1(close)102 174 Q F0(Close a)161 174 Q
-/F3 9/Times-Roman@0 SF(TELNET)2.5 E F0(session and return to command mode.)2.5
-E F1(display)102 192 Q F2(argument ...)6 E F0(Displays all, or some, of the)161
-204 Q F1(set)2.5 E F0(and)2.5 E F1(toggle)2.5 E F0 -.25(va)2.5 G
-(lues \(see belo).25 E(w\).)-.25 E F1(encrypt)102 222 Q F2(argument ...)6 E F0
-.407(The encrypt command manipulates the information sent through the)161 234 R
-/F4 10/Courier@0 SF .408(TELNET ENCRYPT)2.908 F F0(op-)2.908 E(tion.)161 246 Q
-2.856(Note: Because)161 264 R .356(of e)2.856 F .356(xport controls, the)-.15 F
-F4 .355(TELNET ENCRYPT)2.855 F F0 .355(option is not supported outside of)2.855
-F(the United States and Canada.)161 276 Q -1.11(Va)161 294 S(lid ar)1.11 E
-(guments for the encrypt command are as follo)-.18 E(ws:)-.25 E F1(disable)161
-312 Q F2(type)6 E F1([input|output])6 E F0 1.099
-(Disables the speci\214ed type of encryption.)226 324 R 1.099
-(If you omit the input and output,)6.099 F .357
-(both input and output are disabled.)226 336 R 1.957 -.8(To o)5.357 H .357
-(btain a list of a).8 F -.25(va)-.2 G .357(ilable types, use the).25 F F1
-(encrypt disable ?)226 348 Q F0(command.)2.5 E F1(enable)161 366 Q F2(type)6 E
-F1([input|output])6 E F0 .867(Enables the speci\214ed type of encryption.)226
-378 R .868(If you omit input and output, both)5.867 F 2.117
-(input and output are enabled.)226 390 R 3.716 -.8(To o)7.116 H 2.116
-(btain a list of a).8 F -.25(va)-.2 G 2.116(ilable types, use the).25 F F1
-(encrypt enable ?)226 402 Q F0(command.)2.5 E F1(input)161 420 Q F0
-(This is the same as the)226 420 Q F1(encrypt start input)2.5 E F0(command.)2.5
-E F1(-input)161 438 Q F0(This is the same as the)226 438 Q F1
-(encrypt stop input)2.5 E F0(command.)2.5 E F1(output)161 456 Q F0
-(This is the same as the)226 456 Q F1(encrypt start output)2.5 E F0(command.)
-2.5 E F1(-output)161 474 Q F0(This is the same as the)226 474 Q F1
-(encrypt stop output)2.5 E F0(command.)2.5 E F1(start [input|output])161 492 Q
-F0 1.116(Attempts to start encryption.)226 504 R 1.116(If you omit)6.116 F F1
-(input)3.616 E F0(and)3.617 E F1(output,)3.617 E F0 1.117(both input)3.617 F
-.467(and output are enabled.)226 516 R 2.067 -.8(To o)5.467 H .467
-(btain a list of a).8 F -.25(va)-.2 G .467(ilable types, use the).25 F F1
-(encrypt)2.966 E(enable ?)226 528 Q F0(command.)2.5 E F1(status)161 546 Q F0
-(Lists the current status of encryption.)226 546 Q F1(stop [input|output])161
-564 Q F0 1.096(Stops encryption.)226 576 R 1.097
-(If you omit input and output, encryption is on both input)6.096 F(and output.)
-226 588 Q F1(type)161 606 Q F2(type)6.121 E F0 .121(Sets the def)226.121 606 R
-.121(ault type of encryption to be used with later)-.1 F F1 .12(encrypt start)
-2.62 F F0(or)2.62 E F1(encrypt stop)226 618 Q F0(commands.)2.5 E F1(environ)102
-636 Q F2(arguments...)6 E F0(The)161 648 Q F1(environ)3.189 E F0 .689
-(command is used to manipulate the the v)3.189 F .69
-(ariables that my be sent through the)-.25 F F4 .552(TELNET ENVIRON)161 660 R
-F0 3.052(option. The)3.052 F .552(initial set of v)3.052 F .551
-(ariables is tak)-.25 F .551(en from the users en)-.1 F(vironment,)-.4 E .501
-(with only the)161 672 R F4(DISPLAY)3.001 E F0(and)3.001 E F4(PRINTER)3.001 E
-F0 -.25(va)3.001 G .502(riables being e).25 F .502(xported by def)-.15 F 3.002
-(ault. The)-.1 F F4(USER)3.002 E F0 -.25(va)3.002 G(ri-).25 E(able is also e)
-161 684 Q(xported if the)-.15 E F1<ad61>4.166 E F0(or)2.5 E F1<ad6c>4.166 E F0
-(options are used.)2.5 E(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)
-132.57 750 Q 95.71(ution February)-.2 F(3, 1994)2.5 E(3)535 750 Q EP
-%%Page: 4 4
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R -1.11(Va)161 96 S(lid ar)1.11 E
-(guments for the)-.18 E/F1 10/Courier-Bold@0 SF(environ)2.5 E F0(command are:)
-2.5 E F1(define)161 114 Q/F2 10/Courier-Oblique@0 SF(variable value)6 E F0
-1.082(De\214ne the v)216 126 R(ariable)-.25 E F2(variable)3.582 E F0 1.082
-(to ha)3.582 F 1.382 -.15(ve a v)-.2 H 1.082(alue of)-.1 F F2(value.)3.581 E F0
-(An)3.581 E 3.581(yv)-.15 G 1.081(ariables de-)492.549 126 R 1.922
-(\214ned by this command are automatically e)216 138 R 4.422(xported. The)-.15
-F F2(value)4.422 E F0 1.922(may be en-)4.422 F
-(closed in single or double quotes so that tabs and spaces may be included.)216
-150 Q F1(undefine)161 168 Q F2(variable)6 E F0(Remo)216 180 Q -.15(ve)-.15 G F2
-(variable)2.65 E F0(from the list of en)2.5 E(vironment v)-.4 E(ariables.)-.25
-E F1(export)161 198 Q F2(variable)6 E F0(Mark the v)216 210 Q(ariable)-.25 E F2
-(variable)2.5 E F0(to be e)2.5 E(xported to the remote side.)-.15 E F1
-(unexport)161 228 Q F2(variable)6 E F0 .697(Mark the v)216 240 R(ariable)-.25 E
-F2(variable)3.197 E F0 .697(to not be e)3.197 F .697(xported unless e)-.15 F
-.696(xplicitly ask)-.15 F .696(ed for by)-.1 F(the remote side.)216 252 Q F1
-(list)161 270 Q F0 1.416(List the current set of en)216 270 R 1.416
-(vironment v)-.4 F 3.916(ariables. Those)-.25 F(mark)3.916 E 1.416(ed with a)
--.1 F/F3 10/Symbol SF(*)3.916 E F0 1.417(will be)3.917 F(sent automatically)216
-282 Q 2.5(,o)-.65 G(ther v)298.4 282 Q(ariables will only be sent if e)-.25 E
-(xplicitly requested.)-.15 E F1(?)161 300 Q F0
-(Prints out help information for the)216 300 Q F1(environ)2.5 E F0(command.)2.5
-E F1(logout)102 318 Q F0 .104(Sends the)161 318 R/F4 10/Courier@0 SF .104
-(TELNET LOGOUT)2.604 F F0 .104(option to the remote side.)2.604 F .104
-(This command is similar to a)5.104 F F1(close)2.604 E F0 .228(command; ho)161
-330 R(we)-.25 E -.15(ve)-.25 G 1.028 -.4(r, i).15 H 2.728(ft).4 G .228
-(he remote side does not support the)256.174 330 R F4(LOGOUT)2.729 E F0 .229
-(option, nothing happens.)2.729 F .233(If, ho)161 342 R(we)-.25 E -.15(ve)-.25
-G 1.033 -.4(r, t).15 H .233(he remote side does support the).4 F F4(LOGOUT)
-2.733 E F0 .233(option, this command should cause the)2.733 F .652
-(remote side to close the)161 354 R/F5 9/Times-Roman@0 SF(TELNET)3.152 E F0
-3.152(connection. If)3.152 F .653(the remote side also supports the concept of)
-3.152 F 1.904(suspending a user')161 366 R 4.404(ss)-.55 G 1.903
-(ession for later reattachment, the logout ar)250.872 366 R 1.903
-(gument indicates that you)-.18 F(should terminate the session immediately)161
-378 Q(.)-.65 E F1(mode)102 396 Q F2 -1(type Type)6.889 F F0 .889(is one of se)
-3.389 F -.15(ve)-.25 G .889(ral options, depending on the state of the).15 F F5
-(TELNET)3.389 E F0 3.39(session. The)3.39 F(remote)3.39 E .882(host is ask)161
-408 R .881(ed for permission to go into the requested mode.)-.1 F .881
-(If the remote host is capable of)5.881 F
-(entering that mode, the requested mode will be entered.)161 420 Q F1
-(character)161 438 Q F0 .715(Disable the)226 438 R F4 .716(TELNET LINEMODE)
-3.215 F F0 .716(option, or)3.216 F 3.216(,i)-.4 G 3.216(ft)416.834 438 S .716
-(he remote side does not un-)426.16 438 R(derstand the)226 450 Q F4(LINEMODE)
-2.5 E F0(option, then enter `)2.5 E(`character at a time`)-.74 E 2.5(`m)-.74 G
-(ode.)496.07 450 Q F1(line)161 468 Q F0 .948(Enable the)226 468 R F4 .948
-(TELNET LINEMODE)3.448 F F0 .948(option, or)3.448 F 3.448(,i)-.4 G 3.447(ft)
-415.448 468 S .947(he remote side does not un-)425.005 468 R 2.78(derstand the)
-226 480 R F4(LINEMODE)5.28 E F0 2.78(option, then attempt to enter `)5.28 F
-(`old-line-by-line`)-.74 E(`)-.74 E(mode.)226 492 Q F1(isig)161 510 Q F0(\()
-7.666 E F1(\255isig)1.666 E F0(\))1.666 E 1.43
-(Attempt to enable \(disable\) the)226 522 R F4(TRAPSIG)3.93 E F0 1.43
-(mode of the)3.93 F F4(LINEMODE)3.93 E F0(option.)3.93 E
-(This requires that the)226 534 Q F4(LINEMODE)2.5 E F0(option be enabled.)2.5 E
-F1(edit)161 552 Q F0(\()7.666 E F1(\255edit)1.666 E F0(\))1.666 E .865
-(Attempt to enable \(disable\) the)226 564 R F4(EDIT)3.365 E F0 .866
-(mode of the)3.365 F F4(LINEMODE)3.366 E F0 3.366(option. This)3.366 F
-(requires that the)226 576 Q F4(LINEMODE)2.5 E F0(option be enabled.)2.5 E F1
-(softtabs)161 594 Q F0(\()7.666 E F1(\255softtabs)1.666 E F0(\))1.666 E .83
-(Attempt to enable \(disable\) the)226 606 R F4(SOFT_TAB)3.33 E F0 .83
-(mode of the)3.33 F F4(LINEMODE)3.33 E F0(option.)3.33 E
-(This requires that the)226 618 Q F4(LINEMODE)2.5 E F0(option be enabled.)2.5 E
-F1(litecho)161 636 Q F0(\()7.666 E F1(\255litecho)1.666 E F0(\))1.666 E .83
-(Attempt to enable \(disable\) the)226 648 R F4(LIT_ECHO)3.33 E F0 .83
-(mode of the)3.33 F F4(LINEMODE)3.33 E F0(option.)3.33 E
-(This requires that the)226 660 Q F4(LINEMODE)2.5 E F0(option be enabled.)2.5 E
-F1(?)161 678 Q F0(Prints out help information for the)226 678 Q F1(mode)2.5 E
-F0(command.)2.5 E(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q
-95.71(ution February)-.2 F(3, 1994)2.5 E(4)535 750 Q EP
-%%Page: 5 5
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Courier-Bold@0 SF(open)102
-102 Q/F2 10/Courier-Oblique@0 SF(host)6 E F0 .833([[)2.5 G F1<ad6c>1.666 E F0
-(]).833 E F2(user)6 E F0(][)A F1<ad>1.666 E F2(port)A F0(])A .207
-(Open a connection to the named host.)161 114 R .207
-(If no port number is speci\214ed,)5.207 F F1(telnet)2.707 E F0 .206
-(will attempt to)2.707 F .263(contact a)161 126 R/F3 9/Times-Roman@0 SF(TELNET)
-2.763 E F0(serv)2.763 E .263(er at the def)-.15 F .263(ault port.)-.1 F .264
-(The host speci\214cation may be either a host name)5.264 F(\(see)161 138 Q/F4
-10/Courier@0 SF(hosts)3.531 E F0 4.562(\(5\)\) or)B 1.031
-(an Internet address speci\214ed in the `)3.531 F 1.03(`dot notation')-.74 F
-3.53('\()-.74 G(see)459.6 138 Q F4(inet)3.53 E F0 4.56(\(3\)\). The)B([)161.833
-150 Q F1<ad6c>2.499 E F0 3.03(]o).833 G .531(ption may be used to specify the \
-user name to be passed to the remote system via the)191.855 150 R F4(ENVIRON)
-161 162 Q F0 3.971(option. When)3.971 F 1.471
-(connecting to a non-standard port,)3.971 F F1(telnet)3.971 E F0 1.471
-(omits an)3.971 F 3.97(ya)-.15 G(utomatic)505 162 Q .631(initiation of)161 174
-R F3(TELNET)3.131 E F0 3.131(options. When)3.131 F .631
-(the port number is preceded by a minus sign, the initial)3.131 F .441
-(option ne)161 186 R .441(gotiation is done.)-.15 F .441
-(After establishing a connection, the \214le)5.441 F F4(.telnetrc)2.941 E F0
-.44(in the users)2.94 F .928(home directory is opened.)161 198 R .928(Lines be)
-5.928 F .928(ginning with a # are comment lines.)-.15 F .928
-(Blank lines are ig-)5.928 F 3.255(nored. Lines)161 210 R .755(that be)3.255 F
-.755(gin without white space are the start of a machine entry)-.15 F 5.755(.T)
--.65 G .755(he \214rst thing)487.93 210 R .022
-(on the line is the name of the machine that is being connected to.)161 222 R
-.023(The rest of the line, and suc-)5.023 F(cessi)161 234 Q .856 -.15(ve l)-.25
-H .556(ines that be).15 F .556(gin with white space are assumed to be)-.15 F F1
-(telnet)3.056 E F0 .556(commands and are pro-)3.056 F(cessed as if the)161 246
-Q 2.5(yh)-.15 G(ad been typed in manually to the)233.61 246 Q F1(telnet)2.5 E
-F0(command prompt.)2.5 E F1(quit)102 264 Q F0 .114(Close an)161 264 R 2.614(yo)
--.15 G(pen)208.298 264 Q F3(TELNET)2.614 E F0 .115(session and e)2.615 F(xit)
--.15 E F1(telnet)2.615 E F0 2.615(.A)C 2.615(ne)376.32 264 S .115
-(nd of \214le \(in command mode\) will al-)388.375 264 R
-(so close a session and e)161 276 Q(xit.)-.15 E F1(send)102 294 Q F2(arguments)
-6 E F0 .024(Sends one or more special character sequences to the remote host.)
-161 306 R .024(The follo)5.024 F .024(wing are the ar)-.25 F(gu-)-.18 E
-(ments which may be speci\214ed \(more than one ar)161 318 Q
-(gument may be speci\214ed at a time\):)-.18 E F1(abort)161 336 Q F0(Sends the)
-202 336 Q F4(TELNET ABORT)2.5 E F0(\(Abort processes\) sequence.)2.5 E F1(ao)
-161 354 Q F0 1.15(Sends the)202 354 R F4 1.151(TELNET AO)3.651 F F0 1.151
-(\(Abort Output\) sequence, which should cause the remote)3.651 F
-(system to \215ush all output)202 366 Q/F5 10/Times-Italic@0 SF(fr)2.5 E(om)
--.45 E F0(the remote system)2.5 E F5(to)2.5 E F0(the user')2.5 E 2.5(st)-.55 G
-(erminal.)454.89 366 Q F1(ayt)161 384 Q F0 1.18(Sends the)202 384 R F4 1.18
-(TELNET AYT)3.68 F F0 1.18(\(Are Y)3.68 F 1.18
-(ou There\) sequence, to which the remote system)-1.1 F
-(may or may not choose to respond.)202 396 Q F1(brk)161 414 Q F0 .47(Sends the)
-202 414 R F4 .47(TELNET BRK)2.97 F F0 .47(\(Break\) sequence, which may ha)2.97
-F .77 -.15(ve s)-.2 H .47(igni\214cance to the re-).15 F(mote system.)202 426 Q
-F1(ec)161 444 Q F0 .245(Sends the)202 444 R F4 .245(TELNET EC)2.745 F F0 .244
-(\(Erase Character\) sequence, which should cause the remote)2.745 F
-(system to erase the last character entered.)202 456 Q F1(el)161 474 Q F0 .385
-(Sends the)202 474 R F4 .385(TELNET EL)2.885 F F0 .385
-(\(Erase Line\) sequence, which should cause the remote sys-)2.885 F
-(tem to erase the line currently being entered.)202 486 Q F1(eof)161 504 Q F0
-(Sends the)202 504 Q F4(TELNET EOF)2.5 E F0(\(End Of File\) sequence.)2.5 E F1
-(eor)161 522 Q F0(Sends the)202 522 Q F4(TELNET EOR)2.5 E F0
-(\(End of Record\) sequence.)2.5 E F1(escape)161 540 Q F0(Sends the current)5 E
-F1(telnet)2.5 E F0(escape character \(initially `)2.5 E(`^')-.74 E('\).)-.74 E
-F1(ga)161 558 Q F0 .855(Sends the)202 558 R F4 .855(TELNET GA)3.355 F F0 .855
-(\(Go Ahead\) sequence, which lik)3.355 F .855(ely has no signi\214cance to)-.1
-F(the remote system.)202 570 Q F1(getstatus)161 588 Q F0 1.713
-(If the remote side supports the)202 600 R F4 1.713(TELNET STATUS)4.213 F F0
-(command,)4.213 E F1(getstatus)4.213 E F0(will)4.213 E(send the subne)202 612 Q
-(gotiation to request that the serv)-.15 E(er send its current option status.)
--.15 E F1(ip)161 630 Q F0 1.355(Sends the)202 630 R F4 1.355(TELNET IP)3.855 F
-F0 1.354(\(Interrupt Process\) sequence, which should cause the re-)3.855 F
-(mote system to abort the currently running process.)202 642 Q F1(nop)161 660 Q
-F0(Sends the)202 660 Q F4(TELNET NOP)2.5 E F0(\(No OPeration\) sequence.)2.5 E
-F1(susp)161 678 Q F0(Sends the)202 678 Q F4(TELNET SUSP)2.5 E F0
-(\(SUSPend process\) sequence.)2.5 E(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G
-(istrib)132.57 750 Q 95.71(ution February)-.2 F(3, 1994)2.5 E(5)535 750 Q EP
-%%Page: 6 6
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Courier-Bold@0 SF(synch)
-161 96 Q F0 .65(Sends the)202 96 R/F2 10/Courier@0 SF .651(TELNET SYNCH)3.151 F
-F0 3.151(sequence. This)3.151 F .651(sequence causes the remote system to)3.151
-F .777(discard all pre)202 108 R .777(viously typed \(b)-.25 F .777
-(ut not yet read\) input.)-.2 F .776(This sequence is sent as)5.777 F/F3 9
-/Times-Roman@0 SF(TCP)3.276 E F0(ur)202 120 Q 1.665(gent data \(and may not w)
--.18 F 1.665(ork if the remote system is a 4.2)-.1 F F3(BSD)A F0 1.666
-(system -- if it)4.166 F(doesn')202 132 Q 2.5(tw)-.18 G(ork, a lo)240.88 132 Q
-(wer case `)-.25 E(`r')-.74 E 2.5('m)-.74 G(ay be echoed on the terminal\).)
-336.33 132 Q F1(do)161 150 Q/F4 10/Courier-Oblique@0 SF(cmd)6 E F1(dont)161 168
-Q F4(cmd)6 E F1(will)161 186 Q F4(cmd)6 E F1(wont)161 204 Q F4(cmd)6 E F0 1.134
-(Sends the)202 216 R F2 1.133(TELNET DO)3.633 F F4(cmd)3.633 E F0(sequence.)
-3.633 E F4(Cmd)6.133 E F0 1.133(can be either a decimal number be-)3.633 F .865
-(tween 0 and 255, or a symbolic name for a speci\214c)202 228 R F2(TELNET)3.365
-E F0(command.)3.365 E F4(Cmd)5.865 E F0(can)3.365 E 1.181(also be either)202
-240 R F1(help)3.681 E F0(or)3.681 E F1(?)3.681 E F0 1.18
-(to print out help information, including a list of kno)3.681 F(wn)-.25 E
-(symbolic names.)202 252 Q F1(?)161 270 Q F0
-(Prints out help information for the)202 270 Q F1(send)2.5 E F0(command.)2.5 E
-F1(set)102 288 Q F4(argument value)6 E F1(unset)102 306 Q F4(argument value)6 E
-F0(The)161 318 Q F1(set)2.601 E F0 .101(command will set an)2.601 F 2.601(yo)
--.15 G .101(ne of a number of)295.556 318 R F1(telnet)2.601 E F0 -.25(va)2.601
-G .101(riables to a speci\214c v).25 F .102(alue or to)-.25 F F2(TRUE)161 330 Q
-F0 2.722(.T)C .222(he special v)196.332 330 R(alue)-.25 E F1(off)2.722 E F0
-.222(turns of)2.722 F 2.722(ft)-.25 G .222(he function associated with the v)
-323.474 330 R .222(ariable, this is equi)-.25 F(v-)-.25 E .37
-(alent to using the)161 342 R F1(unset)2.87 E F0 2.871(command. The)2.87 F F1
-(unset)2.871 E F0 .371(command will disable or set to)2.871 F F2(FALSE)2.871 E
-F0(an)2.871 E(y)-.15 E 1.248(of the speci\214ed functions.)161 354 R 1.248
-(The v)6.248 F 1.248(alues of v)-.25 F 1.248(ariables may be interrog)-.25 F
-1.247(ated with the)-.05 F F1(display)3.747 E F0 2.886(command. The)161 366 R
--.25(va)2.886 G .386(riables which may be set or unset, b).25 F .386
-(ut not toggled, are listed here.)-.2 F .387(In addi-)5.387 F .763(tion, an)161
-378 R 3.263(yo)-.15 G 3.263(ft)204.876 378 S .763(he v)214.249 378 R .763
-(ariables for the)-.25 F F1(toggle)3.263 E F0 .762(command may be e)3.263 F
-.762(xplicitly set or unset using the)-.15 F F1(set)161 390 Q F0(and)2.5 E F1
-(unset)2.5 E F0(commands.)2.5 E F1(ayt)161 408 Q F0(If)202 408 Q F3(TELNET)
-2.689 E F0 .189(is in localchars mode, or)2.689 F F2(LINEMODE)2.689 E F0 .189
-(is enabled, and the status character)2.689 F 1.056(is typed, a)202 420 R F2
-1.056(TELNET AYT)3.556 F F0 1.056(sequence \(see)3.556 F F1 1.056(send ayt)
-3.556 F F0 1.055(preceding\) is sent to the re-)3.556 F .327(mote host.)202 432
-R .328(The initial v)5.327 F .328(alue for the "Are Y)-.25 F .328
-(ou There" character is the terminal')-1.1 F 2.828(ss)-.55 G(ta-)529.45 432 Q
-(tus character)202 444 Q(.)-.55 E F1(echo)161 462 Q F0 .805(This is the v)202
-462 R .805(alue \(initially `)-.25 F(`^E')-.74 E .804('\) which, when in `)-.74
-F .804(`line by line')-.74 F 3.304('m)-.74 G .804(ode, toggles be-)474.792 462
-R .988(tween doing local echoing of entered characters \(for normal processing\
-\), and sup-)202 474 R
-(pressing echoing of entered characters \(for entering, say)202 486 Q 2.5(,ap)
--.65 G(assw)442.66 486 Q(ord\).)-.1 E F1(eof)161 504 Q F0(If)202 504 Q F1
-(telnet)3.864 E F0 1.364(is operating in)3.864 F F2(LINEMODE)3.864 E F0 1.364
-(or `)3.864 F 1.364(`old line by line')-.74 F 3.864('m)-.74 G 1.363
-(ode, entering this)468.114 504 R .199(character as the \214rst character on a\
- line will cause this character to be sent to the re-)202 516 R .12
-(mote system.)202 528 R .12(The initial v)5.12 F .119
-(alue of the eof character is tak)-.25 F .119(en to be the terminal')-.1 F(s)
--.55 E F1(eof)2.619 E F0(character)202 540 Q(.)-.55 E F1(erase)161 558 Q F0(If)
-202 558 Q F1(telnet)3.12 E F0 .62(is in)3.12 F F1(localchars)3.12 E F0 .62
-(mode \(see)3.12 F F1 -2.88(toggle localchars)3.12 F F0(belo)3.12 E(w\),)-.25 E
-/F5 10/Times-Bold@0 SF(and)3.12 E F0(if)3.12 E F1(telnet)202 570 Q F0 1.385
-(is operating in `)3.885 F 1.385(`character at a time')-.74 F 3.885('m)-.74 G
-1.384(ode, then when this character is)407 570 R .417(typed, a)202 582 R F2
-.418(TELNET EC)2.917 F F0 .418(sequence \(see)2.918 F F1 -3.082(send ec)2.918 F
-F0(abo)2.918 E -.15(ve)-.15 G 2.918(\)i).15 G 2.918(ss)427.36 582 S .418
-(ent to the remote system.)438.058 582 R .325(The initial v)202 594 R .325
-(alue for the erase character is tak)-.25 F .325(en to be the terminal')-.1 F
-(s)-.55 E F1(erase)2.825 E F0(charac-)2.825 E(ter)202 606 Q(.)-.55 E F1(escape)
-161 624 Q F0 2.873(This is the)5 F F1(telnet)5.373 E F0 2.874
-(escape character \(initially `)5.373 F(`^[')-.74 E 2.874
-('\) which causes entry into)-.74 F F1(telnet)202 636 Q F0
-(command mode \(when connected to a remote system\).)2.5 E F1(flushoutput)161
-654 Q F0(If)202 666 Q F1(telnet)2.945 E F0 .445(is in)2.945 F F1(localchars)
-2.945 E F0 .445(mode \(see)2.945 F F1 -3.056(toggle localchars)2.944 F F0(belo)
-2.944 E .444(w\) and the)-.25 F F1(flushoutput)202 678 Q F0 .442
-(character is typed, a)2.942 F F2 .443(TELNET AO)2.943 F F0 .443
-(sequence \(see)2.943 F F1 -3.057(send ao)2.943 F F0(abo)2.943 E -.15(ve)-.15 G
-(\)).15 E .314(is sent to the remote host.)202 690 R .314(The initial v)5.314 F
-.314(alue for the \215ush character is tak)-.25 F .314(en to be the)-.1 F
-(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(6)535 750 Q EP
-%%Page: 7 7
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R(terminal')202 96 Q(s)-.55 E/F1
-10/Courier-Bold@0 SF(flush)2.5 E F0(character)2.5 E(.)-.55 E F1(forw1)161 114 Q
-(forw2)161 132 Q F0(If)202 132 Q/F2 9/Times-Roman@0 SF(TELNET)3.769 E F0 1.269
-(is operating in)3.769 F/F3 10/Courier@0 SF(LINEMODE)3.77 E F0 3.77(,t)C 1.27
-(hese are the characters that, when typed,)370.77 132 R .958
-(cause partial lines to be forw)202 144 R .958(arded to the remote system.)-.1
-F .958(The initial v)5.958 F .957(alue for the)-.25 F(forw)202 156 Q
-(arding characters are tak)-.1 E(en from the terminal')-.1 E 2.5(se)-.55 G
-(ol and eol2 characters.)414.23 156 Q F1(interrupt)161 174 Q F0(If)202 186 Q F1
-(telnet)2.944 E F0 .444(is in)2.944 F F1(localchars)2.944 E F0 .445(mode \(see)
-2.944 F F1 -3.055(toggle localchars)2.945 F F0(belo)2.945 E .445(w\) and the)
--.25 F F1(interrupt)202 198 Q F0 .642(character is typed, a)3.142 F F3 .642
-(TELNET IP)3.142 F F0 .642(sequence \(see)3.142 F F1 -2.859(send ip)3.141 F F0
-(abo)3.141 E -.15(ve)-.15 G 3.141(\)i).15 G(s)536.11 198 Q .949
-(sent to the remote host.)202 210 R .949(The initial v)5.949 F .949
-(alue for the interrupt character is tak)-.25 F .95(en to be)-.1 F
-(the terminal')202 222 Q(s)-.55 E F1(intr)2.5 E F0(character)2.5 E(.)-.55 E F1
-(kill)161 240 Q F0(If)202 240 Q F1(telnet)2.95 E F0 .449(is in)2.949 F F1
-(localchars)2.949 E F0 .449(mode \(see)2.949 F F1 -3.051(toggle localchars)
-2.949 F F0(belo)2.949 E(w\),)-.25 E F1(and)2.949 E F0(if)2.949 E F1(telnet)202
-252 Q F0 1.384(is operating in `)3.884 F 1.385(`character at a time')-.74 F
-3.885('m)-.74 G 1.385(ode, then when this character is)406.995 252 R .418
-(typed, a)202 264 R F3 .418(TELNET EL)2.918 F F0 .418(sequence \(see)2.918 F F1
--3.082(send el)2.918 F F0(abo)2.918 E -.15(ve)-.15 G 2.918(\)i).15 G 2.918(ss)
-427.362 264 S .418(ent to the remote system.)438.06 264 R(The initial v)202 276
-Q(alue for the kill character is tak)-.25 E(en to be the terminal')-.1 E(s)-.55
-E F1(kill)2.5 E F0(character)2.5 E(.)-.55 E F1(lnext)161 294 Q F0(If)202 294 Q
-F1(telnet)2.597 E F0 .097(is operating in)2.597 F F3(LINEMODE)2.597 E F0 .097
-(or `)2.597 F .097(`old line by line`)-.74 F 2.597(`m)-.74 G .098
-(ode, then this charac-)454.177 294 R 1.405(ter is tak)202 306 R 1.405
-(en to be the terminal')-.1 F(s)-.55 E F1(lnext)3.904 E F0(character)3.904 E
-6.404(.T)-.55 G 1.404(he initial v)422.56 306 R 1.404(alue for the lne)-.25 F
-(xt)-.15 E(character is tak)202 318 Q(en to be the terminal')-.1 E(s)-.55 E F1
-(lnext)2.5 E F0(character)2.5 E(.)-.55 E F1(quit)161 336 Q F0(If)202 336 Q F1
-(telnet)2.944 E F0 .444(is in)2.944 F F1(localchars)2.944 E F0 .445(mode \(see)
-2.944 F F1 -3.055(toggle localchars)2.945 F F0(belo)2.945 E .445(w\) and the)
--.25 F F1(quit)202 348 Q F0 .546(character is typed, a)3.046 F F3 .545
-(TELNET BRK)3.046 F F0 .545(sequence \(see)3.045 F F1 -2.955(send brk)3.045 F
-F0(abo)3.045 E -.15(ve)-.15 G 3.045(\)i).15 G 3.045(ss)516.955 348 S(ent)527.78
-348 Q .629(to the remote host.)202 360 R .629(The initial v)5.629 F .629
-(alue for the quit character is tak)-.25 F .63(en to be the termi-)-.1 F(nal')
-202 372 Q(s)-.55 E F1(quit)2.5 E F0(character)2.5 E(.)-.55 E F1(reprint)161 390
-Q F0(If)202 402 Q F1(telnet)2.598 E F0 .097(is operating in)2.598 F F3
-(LINEMODE)2.597 E F0 .097(or `)2.597 F .097(`old line by line`)-.74 F 2.597(`m)
--.74 G .097(ode, then this charac-)454.179 402 R .06(ter is tak)202 414 R .06
-(en to be the terminal')-.1 F(s)-.55 E F1(reprint)2.561 E F0(character)2.561 E
-5.061(.T)-.55 G .061(he initial v)422.465 414 R .061(alue for the reprint)-.25
-F(character is tak)202 426 Q(en to be the terminal')-.1 E(s)-.55 E F1(reprint)
-2.5 E F0(character)2.5 E(.)-.55 E F1(rlogin)161 444 Q F0 .956
-(This is the rlogin escape character)5 F 5.956(.I)-.55 G 3.456(fs)354.366 444 S
-.956(et, the normal)365.042 444 R F2(TELNET)3.456 E F0 .956
-(escape character is)3.456 F .357
-(ignored unless it is preceded by this character at the be)202 456 R .358
-(ginning of a line.)-.15 F .358(This char)5.358 F(-)-.2 E(acter)202 468 Q 3.14
-(,a)-.4 G 3.14(tt)231.11 468 S .64(he be)239.81 468 R .64
-(ginning of a line follo)-.15 F .639(wed by a ".")-.25 F .639
-(closes the connection; when fol-)5.639 F(lo)202 480 Q 1.31
-(wed by a ^Z it suspends the telnet command.)-.25 F 1.311
-(The initial state is to disable the)6.311 F(rlogin escape character)202 492 Q
-(.)-.55 E F1(start)161 510 Q F0 2.232(If the)202 510 R F3 2.231
-(TELNET TOGGLE-FLOW-CONTROL)4.731 F F0 2.231
-(option has been enabled, then this)4.731 F .005(character is tak)202 522 R
-.005(en to be the terminal')-.1 F(s)-.55 E F1(start)2.506 E F0(character)2.506
-E 5.006(.T)-.55 G .006(he initial v)436.06 522 R .006(alue for the kill)-.25 F
-(character is tak)202 534 Q(en to be the terminal')-.1 E(s)-.55 E F1(start)2.5
-E F0(character)2.5 E(.)-.55 E F1(stop)161 552 Q F0 2.232(If the)202 552 R F3
-2.231(TELNET TOGGLE-FLOW-CONTROL)4.731 F F0 2.231
-(option has been enabled, then this)4.731 F .434(character is tak)202 564 R
-.434(en to be the terminal')-.1 F(s)-.55 E F1(stop)2.934 E F0(character)2.934 E
-5.434(.T)-.55 G .434(he initial v)433.916 564 R .435(alue for the kill)-.25 F
-(character is tak)202 576 Q(en to be the terminal')-.1 E(s)-.55 E F1(stop)2.5 E
-F0(character)2.5 E(.)-.55 E F1(susp)161 594 Q F0(If)202 594 Q F1(telnet)2.576 E
-F0 .076(is in)2.576 F F1(localchars)2.576 E F0 .076(mode, or)2.576 F F3
-(LINEMODE)2.576 E F0 .076(is enabled, and the)2.576 F F1(suspend)2.575 E F0 .87
-(character is typed, a)202 606 R F3 .87(TELNET SUSP)3.37 F F0 .87
-(sequence \(see)3.37 F F1 -2.63(send susp)3.37 F F0(abo)3.37 E -.15(ve)-.15 G
-3.37(\)i).15 G 3.37(ss)505.48 606 S .87(ent to)516.63 606 R .246
-(the remote host.)202 618 R .246(The initial v)5.246 F .246
-(alue for the suspend character is tak)-.25 F .246(en to be the termi-)-.1 F
-(nal')202 630 Q(s)-.55 E F1(suspend)2.5 E F0(character)2.5 E(.)-.55 E F1
-(tracefile)161 648 Q F0 .537(This is the \214le to which the output, caused by)
-202 660 R F1(netdata)3.037 E F0(or)3.037 E F1(option)3.037 E F0 .538
-(tracing being)3.038 F F3(TRUE)202 672 Q F0 3.079(,w)C .579(ill be written.)
-238.799 672 R .579(If it is set to `)5.579 F(`)-.74 E F1<ad>1.666 E F0 -.74('')
-1.666 G 3.078(,t).74 G .578(hen tracing information will be written)381.85 672
-R(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(7)535 750 Q EP
-%%Page: 8 8
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R(to standard output \(the def)202
-96 Q(ault\).)-.1 E/F1 10/Courier-Bold@0 SF(worderase)161 114 Q F0(If)202 126 Q
-F1(telnet)2.597 E F0 .097(is operating in)2.597 F/F2 10/Courier@0 SF(LINEMODE)
-2.597 E F0 .097(or `)2.597 F .097(`old line by line`)-.74 F 2.597(`m)-.74 G
-.098(ode, then this charac-)454.177 126 R 1.386(ter is tak)202 138 R 1.386
-(en to be the terminal')-.1 F(s)-.55 E F1(worderase)3.885 E F0(character)3.885
-E 6.385(.T)-.55 G 1.385(he initial v)446.39 138 R 1.385(alue for the)-.25 F -.1
-(wo)202 150 S(rderase character is tak).1 E(en to be the terminal')-.1 E(s)-.55
-E F1(worderase)2.5 E F0(character)2.5 E(.)-.55 E F1(?)161 168 Q F0
-(Displays the le)202 168 Q -.05(ga)-.15 G(l).05 E F1(set)2.5 E F0(\()4.166 E F1
-(unset)1.666 E F0 4.166(\)c)1.666 G(ommands.)346.724 168 Q F1(slc)102 186 Q/F3
-10/Courier-Oblique@0 SF(state)6.383 E F0(The)5 E F1(slc)2.883 E F0 .384(comman\
-d \(Set Local Characters\) is used to set or change the state of the the speci\
-al)2.884 F 1.231(characters when the)161 198 R F2 1.231(TELNET LINEMODE)3.731 F
-F0 1.231(option has been enabled.)3.731 F 1.231(Special characters are)6.231 F
-.139(characters that get mapped to)161 210 R/F4 9/Times-Roman@0 SF(TELNET)2.639
-E F0 .139(commands sequences \(lik)2.639 F(e)-.1 E F1(ip)2.639 E F0(or)2.639 E
-F1(quit)2.639 E F0 2.639(\)o)C 2.639(rl)488.611 210 S .14(ine editing)497.36
-210 R(characters \(lik)161 222 Q(e)-.1 E F1(erase)2.5 E F0(and)2.5 E F1(kill)
-2.5 E F0(\). By def)A(ault, the local special characters are e)-.1 E(xported.)
--.15 E F1(check)161 240 Q F0 -1.11(Ve)216 240 S .526
-(rify the current settings for the current special characters.)1.11 F .525
-(The remote side is)5.526 F .925(requested to send all the current special cha\
-racter settings, and if there are an)216 252 R(y)-.15 E
-(discrepancies with the local side, the local side will switch to the remote v)
-216 264 Q(alue.)-.25 E F1(export)161 282 Q F0 .497(Switch to the local def)216
-282 R .497(aults for the special characters.)-.1 F .496(The local def)5.496 F
-.496(ault charac-)-.1 F(ters are those of the local terminal at the time when)
-216 294 Q F1(telnet)2.5 E F0 -.1(wa)2.5 G 2.5(ss).1 G(tarted.)483.8 294 Q F1
-(import)161 312 Q F0 1.929(Switch to the remote def)216 312 R 1.929
-(aults for the special characters.)-.1 F 1.929(The remote def)6.929 F(ault)-.1
-E .37(characters are those of the remote system at the time when the)216 324 R
-F4(TELNET)2.869 E F0(connec-)2.869 E(tion w)216 336 Q(as established.)-.1 E F1
-(?)161 354 Q F0(Prints out help information for the)216 354 Q F1(slc)2.5 E F0
-(command.)2.5 E F1(status)102 372 Q F0(Sho)161 372 Q 2.808(wt)-.25 G .308
-(he current status of)189.118 372 R F1(telnet)2.809 E F0 2.809(.T)C .309
-(his includes the peer one is connected to, as well as the)316.641 372 R
-(current mode.)161 384 Q F1(toggle)102 402 Q F3(arguments ...)6 E F0 -.8(To)161
-414 S 2.112(ggle \(between).8 F F2(TRUE)4.612 E F0(and)4.612 E F2(FALSE)4.612 E
-F0 4.612(\)v)C 2.112(arious \215ags that control ho)324.76 414 R(w)-.25 E F1
-(telnet)4.611 E F0 2.111(responds to)4.611 F -2.15 -.25(ev e)161 426 T 2.73
-(nts. These).25 F .23(\215ags may be set e)2.73 F .231(xplicitly to)-.15 F F2
-(TRUE)2.731 E F0(or)2.731 E F2(FALSE)2.731 E F0 .231(using the)2.731 F F1(set)
-2.731 E F0(and)2.731 E F1(unset)2.731 E F0(com-)2.731 E .544(mands listed abo)
-161 438 R -.15(ve)-.15 G 5.544(.M).15 G .544(ore than one ar)255.382 438 R .543
-(gument may be speci\214ed.)-.18 F .543(The state of these \215ags may)5.543 F
-(be interrog)161 450 Q(ated with the)-.05 E F1(display)2.5 E F0 2.5(command. V)
-2.5 F(alid ar)-1.11 E(guments are:)-.18 E F1(authdebug)161 468 Q F0 -.45(Tu)226
-468 S(rns on deb).45 E(ugging information for the authentication code.)-.2 E F1
-(autoflush)161 486 Q F0(If)226 486 Q F1(autoflush)4.407 E F0(and)4.407 E F1
-(localchars)4.407 E F0 1.907(are both)4.407 F F2(TRUE)4.407 E F0 4.407(,t)C
-1.907(hen when the)451.219 486 R F1(ao)4.408 E F0 4.408(,o)C(r)536.67 486 Q F1
-(quit)226 498 Q F0 1.803(characters are recognized \(and transformed into)4.304
-F F4(TELNET)4.303 E F0(sequences;)4.303 E(see)226 510 Q F1(set)2.966 E F0(abo)
-2.966 E .766 -.15(ve f)-.15 H .466(or details\),).15 F F1(telnet)2.966 E F0
-.466(refuses to display an)2.966 F 2.966(yd)-.15 G .467(ata on the user')473.89
-510 R(s)-.55 E 2.241(terminal until the remote system ackno)226 522 R 2.241
-(wledges \(via a)-.25 F F2 2.241(TELNET TIMING)4.741 F(MARK)226 534 Q F0 .496
-(option\) that it has processed those)2.996 F F4(TELNET)2.996 E F0 2.996
-(sequences. The)2.996 F .497(initial v)2.996 F(al-)-.25 E .754
-(ue for this toggle is)226 546 R F2(TRUE)3.254 E F0 .753
-(if the terminal user had not done an "stty no\215sh",)3.253 F(otherwise)226
-558 Q F2(FALSE)2.5 E F0(\(see)2.5 E F2(stty)2.5 E F0(\(1\)\).)A F1(autodecrypt)
-161 576 Q F0 .556(When the)226 588 R F2 .556(TELNET ENCRYPT)3.056 F F0 .556
-(option is ne)3.056 F .556(gotiated, by def)-.15 F .557(ault the actual en-)-.1
-F .403(cryption \(decryption\) of the data stream does not start automatically)
-226 600 R 5.402(.T)-.65 G .402(he au-)514.888 600 R .789(toencrypt \(autodecry\
-pt\) command states that encryption of the output \(input\))226 612 R
-(stream should be enabled as soon as possible.)226 624 Q 2.87(Note: Because)226
-642 R .369(of e)2.869 F .369(xport controls, the)-.15 F F2 .369(TELNET ENCRYPT)
-2.869 F F0 .369(option is not sup-)2.869 F
-(ported outside the United States and Canada.)226 654 Q F1(autologin)161 672 Q
-F0 4.509(If the remote side supports the)226 672 R F2 4.509
-(TELNET AUTHENTICATION)7.009 F F0(option)7.009 E F4(TELNET)226 684 Q F0 3.448
-(attempts to use it to perform automatic authentication.)5.948 F 3.447(If the)
-8.447 F F2(AUTHENTICATION)226 696 Q F0 .197(option is not supported, the user')
-2.697 F 2.697(sl)-.55 G .197(ogin name are propa-)454.159 696 R -.05(ga)226 708
-S .41(ted through the).05 F F2 .41(TELNET ENVIRON)2.91 F F0 2.91(option. This)
-2.91 F .41(command is the same as)2.91 F(4.2 Berk)72 756 Q(ele)-.1 E 2.5(yD)
--.15 G(istrib)132.57 756 Q 95.71(ution February)-.2 F(3, 1994)2.5 E(8)535 756 Q
-EP
-%%Page: 9 9
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R(specifying)226 96 Q/F1 10
-/Courier-Oblique@0 SF(a)2.5 E F0(option on the)2.5 E/F2 10/Courier-Bold@0 SF
-(open)2.5 E F0(command.)2.5 E F2(autosynch)161 114 Q F0(If)226 114 Q F2
-(autosynch)4.854 E F0(and)4.854 E F2(localchars)4.854 E F0 2.354(are both)4.854
-F/F3 10/Courier@0 SF(TRUE)4.854 E F0 4.854(,t)C 2.354(hen when either the)
-454.348 114 R F2(intr)226 126 Q F0(or)4.17 E F2(quit)4.17 E F0 1.669
-(characters is typed \(see)4.169 F F2(set)4.169 E F0(abo)4.169 E 1.969 -.15
-(ve f)-.15 H 1.669(or descriptions of the).15 F F2(intr)226 138 Q F0(and)2.925
-E F2(quit)2.925 E F0 .426(characters\), the resulting)2.925 F/F4 9
-/Times-Roman@0 SF(TELNET)2.926 E F0 .426(sequence sent is follo)2.926 F(wed)
--.25 E 1.634(by the)226 150 R F3 1.634(TELNET SYNCH)4.134 F F0 4.134
-(sequence. This)4.134 F(procedure)4.134 E F2(should)4.134 E F0 1.634
-(cause the re-)4.134 F .871(mote system to be)226 162 R .871(gin thro)-.15 F
-.872(wing a)-.25 F -.1(wa)-.15 G 3.372(ya).1 G .872(ll pre)385.008 162 R .872
-(viously typed input until both of)-.25 F(the)226 174 Q F4(TELNET)3.622 E F0
-1.122(sequences ha)3.622 F 1.422 -.15(ve b)-.2 H 1.121
-(een read and acted upon.).15 F 1.121(The initial v)6.121 F 1.121(alue of)-.25
-F(this toggle is)226 186 Q F3(FALSE)2.5 E F0(.)A F2(binary)161 204 Q F0
-(Enable or disable the)226 204 Q F3(TELNET BINARY)2.5 E F0
-(option on both input and output.)2.5 E F2(inbinary)161 222 Q F0
-(Enable or disable the)226 222 Q F3(TELNET BINARY)2.5 E F0(option on input.)2.5
-E F2(outbinary)161 240 Q F0(Enable or disable the)226 240 Q F3(TELNET BINARY)
-2.5 E F0(option on output.)2.5 E F2(crlf)161 258 Q F0 1.415(If this is)226 258
-R F3(TRUE)3.915 E F0 3.915(,t)C 1.415(hen carriage returns will be sent as)
-298.72 258 R F3(<CR><LF>)3.915 E F0 3.915(.I)C 3.915(ft)507.72 258 S 1.415
-(his is)517.745 258 R F3(FALSE)226 270 Q F0 3.26(,t)C .759
-(hen carriage returns will be send as)264.54 270 R F3(<CR><NUL>)3.259 E F0
-3.259(.T)C .759(he initial v)479.292 270 R(alue)-.25 E(for this toggle is)226
-282 Q F3(FALSE)2.5 E F0(.)A F2(crmod)161 300 Q F0 -.8(To)226 300 S 1.1
-(ggle carriage return mode.).8 F 1.1
-(When this mode is enabled, most carriage re-)6.1 F .745(turn characters recei)
-226 312 R -.15(ve)-.25 G 3.244(df).15 G .744
-(rom the remote host will be mapped into a carriage)329.174 312 R 1.492
-(return follo)226 324 R 1.492(wed by a line feed.)-.25 F 1.493
-(This mode does not af)6.492 F 1.493(fect those characters)-.25 F .207
-(typed by the user)226 336 R 2.707(,o)-.4 G .207(nly those recei)305.028 336 R
--.15(ve)-.25 G 2.706(df).15 G .206(rom the remote host.)383.838 336 R .206
-(This mode is not)5.206 F -.15(ve)226 348 S 1.026
-(ry useful unless the remote host only sends carriage return, b).15 F 1.026
-(ut ne)-.2 F -.15(ve)-.25 G 3.526(rl).15 G(ine)527.78 348 Q 2.5(feed. The)226
-360 R(initial v)2.5 E(alue for this toggle is)-.25 E F3(FALSE)2.5 E F0(.)A F2
-(debug)161 378 Q F0 -.8(To)226 378 S .073(ggles sock).8 F .073(et le)-.1 F -.15
-(ve)-.25 G 2.573(ld).15 G(eb)314.629 378 Q .073(ugging \(useful only to the)-.2
-F F2 .072(super user)2.573 F F0 .072(\). The initial)B -.25(va)226 390 S
-(lue for this toggle is).25 E F3(FALSE)2.5 E F0(.)A F2(encdebug)161 408 Q F0
--.45(Tu)226 408 S(rns on deb).45 E(ugging information for the encryption code.)
--.2 E F2(localchars)161 426 Q F0 1.485(If this is)5 F F3(TRUE)3.985 E F0 3.985
-(,t)C 1.485(hen the)299 426 R F2(flush)3.985 E F0(,)A F2(interrupt)3.986 E F0
-(,)A F2(quit)3.986 E F0(,)A F2(erase)3.986 E F0 3.986(,a)C(nd)502.014 426 Q F2
-(kill)3.986 E F0 2.944(characters \(see)226 438 R F2(set)5.444 E F0(abo)5.444 E
--.15(ve)-.15 G 5.443(\)a).15 G 2.943(re recognized locally)353.755 438 R 5.443
-(,a)-.65 G 2.943(nd transformed into)455.234 438 R 3.265
-(\(hopefully\) appropriate)226 450 R F4(TELNET)5.765 E F0 3.265
-(control sequences \(respecti)5.765 F -.15(ve)-.25 G(ly).15 E F2(ao)5.766 E F0
-(,)A F2(ip)5.766 E F0(,)A F2(brk)226 462 Q F0(,)A F2(ec)2.788 E F0 2.788(,a)C
-(nd)271.016 462 Q F2(el)2.787 E F0 2.787(;s)C(ee)305.26 462 Q F2(send)2.787 E
-F0(abo)2.787 E -.15(ve)-.15 G 2.787(\). The).15 F .287(initial v)2.787 F .287
-(alue for this toggle is)-.25 F F3(TRUE)2.787 E F0 .045(in `)226 474 R .045
-(`old line by line')-.74 F 2.546('m)-.74 G .046(ode, and)318.906 474 R F3
-(FALSE)2.546 E F0 .046(in `)2.546 F .046(`character at a time')-.74 F 2.546('m)
--.74 G 2.546(ode. When)494.134 474 R(the)226 486 Q F3(LINEMODE)2.894 E F0 .394
-(option is enabled, the v)2.894 F .394(alue of)-.25 F F2(localchars)2.893 E F0
-.393(is ignored, and)2.893 F 2.388(assumed to al)226 498 R -.1(wa)-.1 G 2.388
-(ys be).1 F F3(TRUE)4.888 E F0 4.888(.I)C(f)359.5 498 Q F3(LINEMODE)4.888 E F0
-2.388(has e)4.888 F -.15(ve)-.25 G 4.888(rb).15 G 2.389(een enabled, then)
-465.522 498 R F2(quit)226 510 Q F0 1.574(is sent as)4.074 F F2(abort)4.074 E F0
-4.074(,a)C(nd)338.42 510 Q F2 1.574(eof and)4.074 F F0 1.573(are sent as)4.074
-F F2 1.573(eof and)4.073 F(susp)4.073 E F0 4.073(,s)C(ee)531.12 510 Q F2(send)
-226 522 Q F0(abo)2.5 E -.15(ve)-.15 G(\).).15 E F2(netdata)161 540 Q F0 -.8(To)
-226 540 S .993(ggles the display of all netw).8 F .994(ork data \(in he)-.1 F
-.994(xadecimal format\).)-.15 F .994(The initial)5.994 F -.25(va)226 552 S
-(lue for this toggle is).25 E F3(FALSE)2.5 E F0(.)A F2(options)161 570 Q F0 -.8
-(To)226 570 S .625(ggles the display of some internal).8 F F2(telnet)3.125 E F0
-.625(protocol processing \(ha)3.125 F .625(ving to)-.2 F(do with)226 582 Q F4
-(TELNET)2.5 E F0 2.5(options\). The)2.5 F(initial v)2.5 E
-(alue for this toggle is)-.25 E F3(FALSE)2.5 E F0(.)A F2(prettydump)161 600 Q
-F0 .133(When the)5 F F2(netdata)2.633 E F0 .134(toggle is enabled, if)2.633 F
-F2(prettydump)2.634 E F0 .134(is enabled the output)2.634 F .745(from the)226
-612 R F2(netdata)3.245 E F0 .744
-(command will be formatted in a more user readable for)3.244 F(-)-.2 E 3.199
-(mat. Spaces)226 624 R .699
-(are put between each character in the output, and the be)3.199 F(ginning)-.15
-E(of an)226 636 Q(y)-.15 E F4(TELNET)2.5 E F0
-(escape sequence is preceded by a ')2.5 E/F5 10/Symbol SF(*)A F0 2.5('t)C 2.5
-(oa)442.553 636 S(id in locating them.)454.493 636 Q F2(skiprc)161 654 Q F0
-4.589(When the skiprc toggle is)226 654 R F3(TRUE)7.089 E F0(,)A F4(TELNET)
-7.089 E F0 4.589(skips the reading of the)7.089 F F3(.telnetrc)226 666 Q F0
-1.033(\214le in the users home directory when connections are opened.)3.533 F
-(The initial v)226 678 Q(alue for this toggle is)-.25 E F3(FALSE.)2.5 E F0
-(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(9)535 750 Q EP
-%%Page: 10 10
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNET \( 1 \))72 48 R(BSD Reference Manual)
-258.235 48 Q -.834(TELNET \( 1 \))485.572 48 R/F1 10/Courier-Bold@0 SF
-(termdata)161 96 Q F0 -.8(To)226 96 S .934
-(ggles the display of all terminal data \(in he).8 F .933(xadecimal format\).)
--.15 F .933(The initial)5.933 F -.25(va)226 108 S(lue for this toggle is).25 E
-/F2 10/Courier@0 SF(FALSE)2.5 E F0(.)A F1(verbose_encrypt)161 126 Q F0 1.129
-(When the)226 138 R F1(verbose_encrypt)3.629 E F0 1.13(toggle is)3.629 F F2
-(TRUE)3.63 E F0(,)A/F3 9/Times-Roman@0 SF(TELNET)3.63 E F0 1.13
-(prints out a mes-)3.63 F 1.377
-(sage each time encryption is enabled or disabled.)226 150 R 1.376
-(The initial v)6.377 F 1.376(alue for this)-.25 F 1.223(toggle is)226 162 R F2
-(FALSE.)3.723 E F0 3.723(Note: Because)3.723 F 1.224(of e)3.724 F 1.224
-(xport controls, data encryption is not)-.15 F
-(supported outside of the United States and Canada.)226 174 Q F1(?)161 192 Q F0
-(Displays the le)226 192 Q -.05(ga)-.15 G(l).05 E F1(toggle)2.5 E F0(commands.)
-2.5 E F1(z)102 210 Q F0(Suspend)161 210 Q F1(telnet)2.5 E F0 2.5(.T)C
-(his command only w)244.5 210 Q(orks when the user is using the)-.1 E F2(csh)
-2.5 E F0(\(1\).)A F1(!)102 228 Q F0([)6.833 E/F4 10/Courier-Oblique@0 SF
-(command).833 E F0(]).833 E(Ex)161 240 Q .293
-(ecute a single command in a subshell on the local system.)-.15 F(If)5.292 E F1
-(command)2.792 E F0 .292(is omitted, then an)2.792 F(interacti)161 252 Q .3
--.15(ve s)-.25 H(ubshell is in).15 E -.2(vo)-.4 G -.1(ke).2 G(d.).1 E F1(?)102
-270 Q F0([)6.833 E F4(command).833 E F0(]).833 E 1.177(Get help.)161 282 R -.4
-(Wi)6.177 G 1.178(th no ar).4 F(guments,)-.18 E F1(telnet)3.678 E F0 1.178
-(prints a help summary)3.678 F 6.178(.I)-.65 G 3.678(fac)433.358 282 S 1.178
-(ommand is speci\214ed,)452.924 282 R F1(telnet)161 294 Q F0
-(will print the help information for just that command.)2.5 E/F5 10
-/Times-Bold@0 SF(ENVIR)72 318 Q(ONMENT)-.3 E F1(Telnet)102 330 Q F0 .666
-(uses at least the)3.166 F F2(HOME)3.166 E F0(,)A F2(SHELL)3.165 E F0(,)A F2
-(DISPLAY)3.165 E F0 3.165(,a)C(nd)326.255 330 Q F2(TERM)3.165 E F0(en)3.165 E
-.665(vironment v)-.4 F 3.165(ariables. Other)-.25 F(en)3.165 E(vironment)-.4 E
--.25(va)102 342 S(riables may be propag).25 E(ated to the other side via the)
--.05 E F2(TELNET ENVIRON)2.5 E F0(option.)2.5 E F5(FILES)72 366 Q F2
-(~/.telnetrc)102 378 Q F0(user customized telnet startup v)5 E(alues)-.25 E F5
-(HIST)72 402 Q(OR)-.18 E(Y)-.35 E F0(The)102 414 Q F1(Telnet)2.5 E F0
-(command appeared in 4.2)2.5 E F3(BSD)A F0(.)A F5(NO)72 438 Q(TES)-.4 E F0
-(On some remote systems, echo has to be turned of)102 450 Q 2.5(fm)-.25 G
-(anually when in `)316.44 450 Q(`old line by line')-.74 E 2.5('m)-.74 G(ode.)
-465.22 450 Q .691(In `)102 468 R .691(`old line by line')-.74 F 3.191('m)-.74 G
-.691(ode or)198.685 468 R F2(LINEMODE)3.191 E F0 .691(the terminal')3.191 F(s)
--.55 E F1(eof)3.191 E F0 .691(character is only recognized \(and sent to the)
-3.191 F(remote system\) when it is the \214rst character on a line.)102 480 Q
-(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(10)530 750 Q EP
-%%Trailer
-end
-%%EOF
diff --git a/src/appl/telnet/telnet/telnet.0.txt b/src/appl/telnet/telnet/telnet.0.txt
deleted file mode 100644
index 41d410b..0000000
--- a/src/appl/telnet/telnet/telnet.0.txt
+++ /dev/null
@@ -1,718 +0,0 @@
-TELNET(1)                    BSD Reference Manual                    TELNET(1)
-
-NNAAMMEE
-     tteellnneett - user interface to the TELNET protocol
-
-SSYYNNOOPPSSIISS
-     tteellnneett [--88] [--EE] [--FF] [--KK] [--LL] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa] [--cc] [--dd] [--ee
-            _e_s_c_a_p_e_c_h_a_r] [--ff] [--kk _r_e_a_l_m] [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [--rr] [--xx]
-            [_h_o_s_t [port]]
-
-DDEESSCCRRIIPPTTIIOONN
-     The tteellnneett command is used to communicate with another host using the
-     TELNET protocol.  If tteellnneett is invoked without the _h_o_s_t argument, it en-
-     ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it
-     accepts and executes the commands listed below.  If it is invoked with
-     arguments, it performs an ooppeenn command with those arguments.
-
-     Options:
-
-     --88      Specifies an 8-bit data path.  This causes an attempt to negoti-
-             ate the TELNET BINARY option on both input and output.
-
-     --EE      Stops any character from being recognized as an escape character.
-
-     --FF      If Kerberos V5 authentication is being used, the --FF option allows
-             the local credentials to be forwarded to the remote system, in-
-             cluding any credentials that have already been forwarded into the
-             local environment.
-
-     --KK      Specifies no automatic login to the remote system.
-
-     --LL      Specifies an 8-bit data path on output.  This causes the BINARY
-             option to be negotiated on output.
-
-     --SS _t_o_s  Sets the IP type-of-service (TOS) option for the telnet connec-
-             tion to the value _t_o_s_, which can be a numeric TOS value or, on
-             systems that support it, a symbolic TOS name found in the
-             /etc/iptos file.
-
-     --XX _a_t_y_p_e
-             Disables the _a_t_y_p_e type of authentication.
-
-     --aa      Attempt automatic login.  Currently, this sends the user name via
-             the USER variable of the ENVIRON option if supported by the re-
-             mote system.  The name used is that of the current user as re-
-             turned by getlogin(2) if it agrees with the current user ID, oth-
-             erwise it is the name associated with the user ID.
-
-     --cc      Disables the reading of the user's _._t_e_l_n_e_t_r_c file.  (See the
-             ttooggggllee sskkiipprrcc command on this man page.)
-
-     --dd      Sets the initial value of the ddeebbuugg toggle to TRUE
-
-     --ee _e_s_c_a_p_e _c_h_a_r
-             Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r_.
-             If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac-
-             ter.
-
-     --ff      If Kerberos V5 authentication is being used, the --ff option allows
-             the local credentials to be forwarded to the remote system.
-
-     --kk _r_e_a_l_m
-             If Kerberos authentication is being used, the --kk option requests
-             that telnet obtain tickets for the remote host in realm realm in-
-             stead of the remote host's realm, as determined by
-
-             krb_realmofhost(3).
-
-     --ll _u_s_e_r
-             When connecting to the remote system, if the remote system under-
-             stands the ENVIRON option, then _u_s_e_r will be sent to the remote
-             system as the value for the variable USER.  This option implies
-             the --aa option.  This option may also be used with the ooppeenn com-
-             mand.
-
-     --nn _t_r_a_c_e_f_i_l_e
-             Opens _t_r_a_c_e_f_i_l_e for recording trace information.  See the sseett
-             ttrraacceeffiillee command below.
-
-     --rr      Specifies a user interface similar to rlogin(1).  In this mode,
-             the escape character is set to the tilde (~) character, unless
-             modified by the -e option.
-
-     --xx      Turns on encryption of the data stream if possible.  This option
-             is not available outside of the United States and Canada.
-
-     _h_o_s_t    Indicates the official name, an alias, or the Internet address of
-             a remote host.
-
-     _p_o_r_t    Indicates a port number (address of an application).  If a number
-             is not specified, the default tteellnneett port is used.
-
-     When in rlogin mode, a line of the form ~.  disconnects from the remote
-     host; ~ is the telnet escape character.  Similarly, the line ~^Z suspends
-     the telnet session.  The line ~^] escapes to the normal telnet escape
-     prompt.
-
-     Once a connection has been opened, tteellnneett will attempt to enable the
-     TELNET LINEMODE option.  If this fails, then tteellnneett will revert to one of
-     two input modes: either ``character at a time'' or ``old line by line''
-     depending on what the remote system supports.
-
-     When LINEMODE is enabled, character processing is done on the local sys-
-     tem, under the control of the remote system.  When input editing or char-
-     acter echoing is to be disabled, the remote system will relay that infor-
-     mation.  The remote system will also relay changes to any special charac-
-     ters that happen on the remote system, so that they can take effect on
-     the local system.
-
-     In ``character at a time'' mode, most text typed is immediately sent to
-     the remote host for processing.
-
-     In ``old line by line'' mode, all text is echoed locally, and (normally)
-     only completed lines are sent to the remote host.  The ``local echo char-
-     acter'' (initially ``^E'') may be used to turn off and on the local echo
-     (this would mostly be used to enter passwords without the password being
-     echoed).
-
-     If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE
-     (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr,
-     and fflluusshh characters are trapped locally, and sent as TELNET protocol se-
-     quences to the remote side.  If LINEMODE has ever been enabled, then the
-     user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt
-     is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee
-     aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush
-     subsequent output to the terminal (until the remote host acknowledges the
-     TELNET sequence) and flush previous terminal input (in the case of qquuiitt
-     and iinnttrr).
-
-     While connected to a remote host, tteellnneett command mode may be entered by
-     typing the tteellnneett ``escape character'' (initially ``^]'').  When in com-
-     mand mode, the normal terminal editing conventions are available.
-
-     The following tteellnneett commands are available.  Only enough of each command
-     to uniquely identify it need be typed (this is also true for arguments to
-     the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands).
-
-     aauutthh _a_r_g_u_m_e_n_t _._._.
-                The auth command manipulates the information sent through the
-                TELNET AUTHENTICATE option.  Valid arguments for the auth com-
-                mand are as follows:
-
-                ddiissaabbllee _t_y_p_e  Disables the specified type of authentication.
-                              To obtain a list of available types, use the
-                              aauutthh ddiissaabbllee ?? command.
-
-                eennaabbllee _t_y_p_e   Enables the specified type of authentication.
-                              To obtain a list of available types, use the
-                              aauutthh eennaabbllee ?? command.
-
-                ssttaattuuss        Lists the current status of the various types of
-                              authentication.
-
-     cclloossee      Close a TELNET session and return to command mode.
-
-     ddiissppllaayy _a_r_g_u_m_e_n_t _._._.
-                Displays all, or some, of the sseett and ttooggggllee values (see be-
-                low).
-
-     eennccrryypptt _a_r_g_u_m_e_n_t _._._.
-                The encrypt command manipulates the information sent through
-                the TELNET ENCRYPT option.
-
-                Note:  Because of export controls, the TELNET ENCRYPT option
-                is not supported outside of the United States and Canada.
-
-                Valid arguments for the encrypt command are as follows:
-
-                ddiissaabbllee _t_y_p_e [[iinnppuutt||oouuttppuutt]]
-                              Disables the specified type of encryption.  If
-                              you omit the input and output, both input and
-                              output are disabled.  To obtain a list of avail-
-                              able types, use the eennccrryypptt ddiissaabbllee ?? command.
-
-                eennaabbllee _t_y_p_e [[iinnppuutt||oouuttppuutt]]
-                              Enables the specified type of encryption.  If
-                              you omit input and output, both input and output
-                              are enabled.  To obtain a list of available
-                              types, use the eennccrryypptt eennaabbllee ?? command.
-
-                iinnppuutt         This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com-
-                              mand.
-
-                --iinnppuutt        This is the same as the eennccrryypptt ssttoopp iinnppuutt com-
-                              mand.
-
-                oouuttppuutt        This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt
-                              command.
-
-                --oouuttppuutt       This is the same as the eennccrryypptt ssttoopp oouuttppuutt com-
-                              mand.
-
-                ssttaarrtt [[iinnppuutt||oouuttppuutt]]
-                              Attempts to start encryption.  If you omit iinnppuutt
-                              and oouuttppuutt,, both input and output are enabled.
-                              To obtain a list of available types, use the
-
-                              eennccrryypptt eennaabbllee ?? command.
-
-                ssttaattuuss        Lists the current status of encryption.
-
-                ssttoopp [[iinnppuutt||oouuttppuutt]]
-                              Stops encryption.  If you omit input and output,
-                              encryption is on both input and output.
-
-                ttyyppee _t_y_p_e     Sets the default type of encryption to be used
-                              with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com-
-                              mands.
-
-     eennvviirroonn _a_r_g_u_m_e_n_t_s_._._.
-                The eennvviirroonn command is used to manipulate the the variables
-                that my be sent through the TELNET ENVIRON option.  The ini-
-                tial set of variables is taken from the users environment,
-                with only the DISPLAY and PRINTER variables being exported by
-                default.  The USER variable is also exported if the --aa or --ll
-                options are used.
-                Valid arguments for the eennvviirroonn command are:
-
-                ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e
-                            Define the variable _v_a_r_i_a_b_l_e to have a value of
-                            _v_a_l_u_e_. Any variables defined by this command are
-                            automatically exported.  The _v_a_l_u_e may be enclosed
-                            in single or double quotes so that tabs and spaces
-                            may be included.
-
-                uunnddeeffiinnee _v_a_r_i_a_b_l_e
-                            Remove _v_a_r_i_a_b_l_e from the list of environment vari-
-                            ables.
-
-                eexxppoorrtt _v_a_r_i_a_b_l_e
-                            Mark the variable _v_a_r_i_a_b_l_e to be exported to the
-                            remote side.
-
-                uunneexxppoorrtt _v_a_r_i_a_b_l_e
-                            Mark the variable _v_a_r_i_a_b_l_e to not be exported un-
-                            less explicitly asked for by the remote side.
-
-                lliisstt        List the current set of environment variables.
-                            Those marked with a ** will be sent automatically,
-                            other variables will only be sent if explicitly
-                            requested.
-
-                ??           Prints out help information for the eennvviirroonn com-
-                            mand.
-
-     llooggoouutt     Sends the TELNET LOGOUT option to the remote side.  This com-
-                mand is similar to a cclloossee command; however, if the remote
-                side does not support the LOGOUT option, nothing happens.  If,
-                however, the remote side does support the LOGOUT option, this
-                command should cause the remote side to close the TELNET con-
-                nection.  If the remote side also supports the concept of sus-
-                pending a user's session for later reattachment, the logout
-                argument indicates that you should terminate the session imme-
-                diately.
-
-     mmooddee _t_y_p_e  _T_y_p_e is one of several options, depending on the state of the
-                TELNET session.  The remote host is asked for permission to go
-                into the requested mode.  If the remote host is capable of en-
-                tering that mode, the requested mode will be entered.
-
-                cchhaarraacctteerr     Disable the TELNET LINEMODE option, or, if the
-                              remote side does not understand the LINEMODE op-
-
-                              tion, then enter ``character at a time`` mode.
-
-                lliinnee          Enable the TELNET LINEMODE option, or, if the
-                              remote side does not understand the LINEMODE op-
-                              tion, then attempt to enter ``old-line-by-line``
-                              mode.
-
-                iissiigg (--iissiigg)  Attempt to enable (disable) the TRAPSIG mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                eeddiitt (--eeddiitt)  Attempt to enable (disable) the EDIT mode of the
-                              LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                ssooffttttaabbss (--ssooffttttaabbss)
-                              Attempt to enable (disable) the SOFT_TAB mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                lliitteecchhoo (--lliitteecchhoo)
-                              Attempt to enable (disable) the LIT_ECHO mode of
-                              the LINEMODE option.  This requires that the
-                              LINEMODE option be enabled.
-
-                ??             Prints out help information for the mmooddee com-
-                              mand.
-
-     ooppeenn _h_o_s_t [[--ll] _u_s_e_r][--_p_o_r_t]
-                Open a connection to the named host.  If no port number is
-                specified, tteellnneett will attempt to contact a TELNET server at
-                the default port.  The host specification may be either a host
-                name (see hosts(5))  or an Internet address specified in the
-                ``dot notation'' (see inet(3)).  The [--ll] option may be used
-                to specify the user name to be passed to the remote system via
-                the ENVIRON option.  When connecting to a non-standard port,
-                tteellnneett omits any automatic initiation of TELNET options.  When
-                the port number is preceded by a minus sign, the initial op-
-                tion negotiation is done.  After establishing a connection,
-                the file _._t_e_l_n_e_t_r_c in the users home directory is opened.
-                Lines beginning with a # are comment lines.  Blank lines are
-                ignored.  Lines that begin without white space are the start
-                of a machine entry.  The first thing on the line is the name
-                of the machine that is being connected to.  The rest of the
-                line, and successive lines that begin with white space are as-
-                sumed to be tteellnneett commands and are processed as if they had
-                been typed in manually to the tteellnneett command prompt.
-
-     qquuiitt       Close any open TELNET session and exit tteellnneett. An end of file
-                (in command mode) will also close a session and exit.
-
-     sseenndd _a_r_g_u_m_e_n_t_s
-                Sends one or more special character sequences to the remote
-                host.  The following are the arguments which may be specified
-                (more than one argument may be specified at a time):
-
-                aabboorrtt   Sends the TELNET ABORT (Abort processes) sequence.
-
-                aaoo      Sends the TELNET AO (Abort Output) sequence, which
-                        should cause the remote system to flush all output
-                        _f_r_o_m the remote system _t_o the user's terminal.
-
-                aayytt     Sends the TELNET AYT (Are You There) sequence, to
-                        which the remote system may or may not choose to re-
-
-
-                        spond.
-
-                bbrrkk     Sends the TELNET BRK (Break) sequence, which may have
-                        significance to the remote system.
-
-                eecc      Sends the TELNET EC (Erase Character) sequence, which
-                        should cause the remote system to erase the last char-
-                        acter entered.
-
-                eell      Sends the TELNET EL (Erase Line) sequence, which
-                        should cause the remote system to erase the line cur-
-                        rently being entered.
-
-                eeooff     Sends the TELNET EOF (End Of File) sequence.
-
-                eeoorr     Sends the TELNET EOR (End of Record) sequence.
-
-                eessccaappee  Sends the current tteellnneett escape character (initially
-                        ``^'').
-
-                ggaa      Sends the TELNET GA (Go Ahead) sequence, which likely
-                        has no significance to the remote system.
-
-                ggeettssttaattuuss
-                        If the remote side supports the TELNET STATUS command,
-                        ggeettssttaattuuss will send the subnegotiation to request that
-                        the server send its current option status.
-
-                iipp      Sends the TELNET IP (Interrupt Process) sequence,
-                        which should cause the remote system to abort the cur-
-                        rently running process.
-
-                nnoopp     Sends the TELNET NOP (No OPeration) sequence.
-
-                ssuusspp    Sends the TELNET SUSP (SUSPend process) sequence.
-
-                ssyynncchh   Sends the TELNET SYNCH sequence.  This sequence causes
-                        the remote system to discard all previously typed (but
-                        not yet read) input.  This sequence is sent as TCP ur-
-                        gent data (and may not work if the remote system is a
-                        4.2BSD system -- if it doesn't work, a lower case
-                        ``r'' may be echoed on the terminal).
-
-                ddoo _c_m_d
-
-                ddoonntt _c_m_d
-
-                wwiillll _c_m_d
-
-                wwoonntt _c_m_d
-                        Sends the TELNET DO _c_m_d sequence.  _C_m_d can be either a
-                        decimal number between 0 and 255, or a symbolic name
-                        for a specific TELNET command.  _C_m_d can also be either
-                        hheellpp or ?? to print out help information, including a
-                        list of known symbolic names.
-
-                ??       Prints out help information for the sseenndd command.
-
-     sseett _a_r_g_u_m_e_n_t _v_a_l_u_e
-
-     uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e
-                The sseett command will set any one of a number of tteellnneett vari-
-                ables to a specific value or to TRUE. The special value ooffff
-                turns off the function associated with the variable, this is
-                equivalent to using the uunnsseett command.  The uunnsseett command will
-                disable or set to FALSE any of the specified functions.  The
-                values of variables may be interrogated with the ddiissppllaayy com-
-                mand.  The variables which may be set or unset, but not tog-
-                gled, are listed here.  In addition, any of the variables for
-                the ttooggggllee command may be explicitly set or unset using the
-                sseett and uunnsseett commands.
-
-                aayytt     If TELNET is in localchars mode, or LINEMODE is en-
-                        abled, and the status character is typed, a TELNET AYT
-                        sequence (see sseenndd aayytt preceding) is sent to the re-
-                        mote host.  The initial value for the "Are You There"
-                        character is the terminal's status character.
-
-                eecchhoo    This is the value (initially ``^E'') which, when in
-                        ``line by line'' mode, toggles between doing local
-                        echoing of entered characters (for normal processing),
-                        and suppressing echoing of entered characters (for en-
-                        tering, say, a password).
-
-                eeooff     If tteellnneett is operating in LINEMODE or ``old line by
-                        line'' mode, entering this character as the first
-                        character on a line will cause this character to be
-                        sent to the remote system.  The initial value of the
-                        eof character is taken to be the terminal's eeooff char-
-                        acter.
-
-                eerraassee   If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below), aanndd if tteellnneett is operating in ``character at a
-                        time'' mode, then when this character is typed, a
-                        TELNET EC sequence (see sseenndd eecc above) is sent to the
-                        remote system.  The initial value for the erase char-
-                        acter is taken to be the terminal's eerraassee character.
-
-                eessccaappee  This is the tteellnneett escape character (initially ``^['')
-                        which causes entry into tteellnneett command mode (when con-
-                        nected to a remote system).
-
-                fflluusshhoouuttppuutt
-                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the fflluusshhoouuttppuutt character is typed, a
-                        TELNET AO sequence (see sseenndd aaoo above) is sent to the
-                        remote host.  The initial value for the flush charac-
-                        ter is taken to be the terminal's fflluusshh character.
-
-                ffoorrww11
-
-                ffoorrww22   If TELNET is operating in LINEMODE, these are the
-                        characters that, when typed, cause partial lines to be
-                        forwarded to the remote system.  The initial value for
-                        the forwarding characters are taken from the termi-
-                        nal's eol and eol2 characters.
-
-                iinntteerrrruupptt
-                        If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the iinntteerrrruupptt character is typed, a TELNET
-                        IP sequence (see sseenndd iipp above) is sent to the remote
-                        host.  The initial value for the interrupt character
-                        is taken to be the terminal's iinnttrr character.
-
-                kkiillll    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below), aanndd if tteellnneett is operating in ``character at a
-                        time'' mode, then when this character is typed, a
-                        TELNET EL sequence (see sseenndd eell above) is sent to the
-                        remote system.  The initial value for the kill charac-
-                        ter is taken to be the terminal's kkiillll character.
-
-                llnneexxtt   If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's llnneexxtt character.  The initial value for the
-                        lnext character is taken to be the terminal's llnneexxtt
-                        character.
-
-                qquuiitt    If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss
-                        below) and the qquuiitt character is typed, a TELNET BRK
-                        sequence (see sseenndd bbrrkk above) is sent to the remote
-                        host.  The initial value for the quit character is
-                        taken to be the terminal's qquuiitt character.
-
-                rreepprriinntt
-                        If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's rreepprriinntt character.  The initial value for
-                        the reprint character is taken to be the terminal's
-                        rreepprriinntt character.
-
-                rrllooggiinn  This is the rlogin escape character.  If set, the nor-
-                        mal TELNET escape character is ignored unless it is
-                        preceded by this character at the beginning of a line.
-                        This character, at the beginning of a line followed by
-                        a "."  closes the connection; when followed by a ^Z it
-                        suspends the telnet command.  The initial state is to
-                        disable the rlogin escape character.
-
-                ssttaarrtt   If the TELNET TOGGLE-FLOW-CONTROL option has been en-
-                        abled, then this character is taken to be the termi-
-                        nal's ssttaarrtt character.  The initial value for the kill
-                        character is taken to be the terminal's ssttaarrtt charac-
-                        ter.
-
-                ssttoopp    If the TELNET TOGGLE-FLOW-CONTROL option has been en-
-                        abled, then this character is taken to be the termi-
-                        nal's ssttoopp character.  The initial value for the kill
-                        character is taken to be the terminal's ssttoopp charac-
-                        ter.
-
-                ssuusspp    If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en-
-                        abled, and the ssuussppeenndd character is typed, a TELNET
-                        SUSP sequence (see sseenndd ssuusspp above) is sent to the re-
-                        mote host.  The initial value for the suspend charac-
-                        ter is taken to be the terminal's ssuussppeenndd character.
-
-                ttrraacceeffiillee
-                        This is the file to which the output, caused by
-                        nneettddaattaa or ooppttiioonn tracing being TRUE, will be written.
-                        If it is set to ``--'', then tracing information will
-                        be written to standard output (the default).
-
-                wwoorrddeerraassee
-                        If tteellnneett is operating in LINEMODE or ``old line by
-                        line`` mode, then this character is taken to be the
-                        terminal's wwoorrddeerraassee character.  The initial value for
-                        the worderase character is taken to be the terminal's
-                        wwoorrddeerraassee character.
-
-                ??       Displays the legal sseett (uunnsseett) commands.
-
-     ssllcc _s_t_a_t_e  The ssllcc command (Set Local Characters) is used to set or
-                change the state of the the special characters when the TELNET
-                LINEMODE option has been enabled.  Special characters are
-                characters that get mapped to TELNET commands sequences (like
-                iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll).
-
-
-                By default, the local special characters are exported.
-
-                cchheecckk       Verify the current settings for the current spe-
-                            cial characters.  The remote side is requested to
-                            send all the current special character settings,
-                            and if there are any discrepancies with the local
-                            side, the local side will switch to the remote
-                            value.
-
-                eexxppoorrtt      Switch to the local defaults for the special char-
-                            acters.  The local default characters are those of
-                            the local terminal at the time when tteellnneett was
-                            started.
-
-                iimmppoorrtt      Switch to the remote defaults for the special
-                            characters.  The remote default characters are
-                            those of the remote system at the time when the
-                            TELNET connection was established.
-
-                ??           Prints out help information for the ssllcc command.
-
-     ssttaattuuss     Show the current status of tteellnneett. This includes the peer one
-                is connected to, as well as the current mode.
-
-     ttooggggllee _a_r_g_u_m_e_n_t_s _._._.
-                Toggle (between TRUE and FALSE) various flags that control how
-                tteellnneett responds to events.  These flags may be set explicitly
-                to TRUE or FALSE using the sseett and uunnsseett commands listed
-                above.  More than one argument may be specified.  The state of
-                these flags may be interrogated with the ddiissppllaayy command.
-                Valid arguments are:
-
-                aauutthhddeebbuugg     Turns on debugging information for the authenti-
-                              cation code.
-
-                aauuttoofflluusshh     If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then
-                              when the aaoo, or qquuiitt characters are recognized
-                              (and transformed into TELNET sequences; see sseett
-                              above for details), tteellnneett refuses to display
-                              any data on the user's terminal until the remote
-                              system acknowledges (via a TELNET TIMING MARK
-                              option) that it has processed those TELNET se-
-                              quences.  The initial value for this toggle is
-                              TRUE if the terminal user had not done an "stty
-                              noflsh", otherwise FALSE (see stty(1)).
-
-                aauuttooddeeccrryypptt   When the TELNET ENCRYPT option is negotiated, by
-                              default the actual encryption (decryption) of
-                              the data stream does not start automatically.
-                              The autoencrypt (autodecrypt) command states
-                              that encryption of the output (input) stream
-                              should be enabled as soon as possible.
-
-                              Note:  Because of export controls, the TELNET
-                              ENCRYPT option is not supported outside the
-                              United States and Canada.
-
-                aauuttoollooggiinn     If the remote side supports the TELNET
-                              AUTHENTICATION option TELNET attempts to use it
-                              to perform automatic authentication.  If the
-                              AUTHENTICATION option is not supported, the us-
-                              er's login name are propagated through the
-                              TELNET ENVIRON option.  This command is the same
-                              as specifying _a option on the ooppeenn command.
-
-                aauuttoossyynncchh     If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then
-                              when either the iinnttrr or qquuiitt characters is typed
-                              (see sseett above for descriptions of the iinnttrr and
-                              qquuiitt characters), the resulting TELNET sequence
-                              sent is followed by the TELNET SYNCH sequence.
-                              This procedure sshhoouulldd cause the remote system to
-                              begin throwing away all previously typed input
-                              until both of the TELNET sequences have been
-                              read and acted upon.  The initial value of this
-                              toggle is FALSE.
-
-                bbiinnaarryy        Enable or disable the TELNET BINARY option on
-                              both input and output.
-
-                iinnbbiinnaarryy      Enable or disable the TELNET BINARY option on
-                              input.
-
-                oouuttbbiinnaarryy     Enable or disable the TELNET BINARY option on
-                              output.
-
-                ccrrllff          If this is TRUE, then carriage returns will be
-                              sent as <CR><LF>. If this is FALSE, then car-
-                              riage returns will be send as <CR><NUL>. The
-                              initial value for this toggle is FALSE.
-
-                ccrrmmoodd         Toggle carriage return mode.  When this mode is
-                              enabled, most carriage return characters re-
-                              ceived from the remote host will be mapped into
-                              a carriage return followed by a line feed.  This
-                              mode does not affect those characters typed by
-                              the user, only those received from the remote
-                              host.  This mode is not very useful unless the
-                              remote host only sends carriage return, but nev-
-                              er line feed.  The initial value for this toggle
-                              is FALSE.
-
-                ddeebbuugg         Toggles socket level debugging (useful only to
-                              the ssuuppeerr uusseerr). The initial value for this tog-
-                              gle is FALSE.
-
-                eennccddeebbuugg      Turns on debugging information for the encryp-
-                              tion code.
-
-                llooccaallcchhaarrss    If this is TRUE, then the fflluusshh, iinntteerrrruupptt,
-                              qquuiitt, eerraassee, and kkiillll characters (see sseett above)
-                              are recognized locally, and transformed into
-                              (hopefully) appropriate TELNET control sequences
-                              (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd
-                              above).  The initial value for this toggle is
-                              TRUE in ``old line by line'' mode, and FALSE in
-                              ``character at a time'' mode.  When the LINEMODE
-                              option is enabled, the value of llooccaallcchhaarrss is
-                              ignored, and assumed to always be TRUE. If
-                              LINEMODE has ever been enabled, then qquuiitt is
-                              sent as aabboorrtt, and eeooff aanndd are sent as eeooff aanndd
-                              ssuusspp, see sseenndd above).
-
-                nneettddaattaa       Toggles the display of all network data (in hex-
-                              adecimal format).  The initial value for this
-                              toggle is FALSE.
-
-                ooppttiioonnss       Toggles the display of some internal tteellnneett pro-
-                              tocol processing (having to do with TELNET op-
-                              tions).  The initial value for this toggle is
-                              FALSE.
-
-                pprreettttyydduummpp    When the nneettddaattaa toggle is enabled, if
-                              pprreettttyydduummpp is enabled the output from the
-                              nneettddaattaa command will be formatted in a more user
-                              readable format.  Spaces are put between each
-                              character in the output, and the beginning of
-                              any TELNET escape sequence is preceded by a '*'
-                              to aid in locating them.
-
-                sskkiipprrcc        When the skiprc toggle is TRUE, TELNET skips the
-                              reading of the _._t_e_l_n_e_t_r_c file in the users home
-                              directory when connections are opened.  The ini-
-                              tial value for this toggle is FALSE.
-
-                tteerrmmddaattaa      Toggles the display of all terminal data (in
-                              hexadecimal format).  The initial value for this
-                              toggle is FALSE.
-
-                vveerrbboossee__eennccrryypptt
-                              When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET
-                              prints out a message each time encryption is en-
-                              abled or disabled.  The initial value for this
-                              toggle is FALSE. Note:  Because of export con-
-                              trols, data encryption is not supported outside
-                              of the United States and Canada.
-
-                ??             Displays the legal ttooggggllee commands.
-
-     zz          Suspend tteellnneett. This command only works when the user is using
-                the csh(1).
-
-     !! [_c_o_m_m_a_n_d]
-                Execute a single command in a subshell on the local system.
-                If ccoommmmaanndd is omitted, then an interactive subshell is in-
-                voked.
-
-     ?? [_c_o_m_m_a_n_d]
-                Get help.  With no arguments, tteellnneett prints a help summary.
-                If a command is specified, tteellnneett will print the help informa-
-                tion for just that command.
-
-EENNVVIIRROONNMMEENNTT
-     TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari-
-     ables.  Other environment variables may be propagated to the other side
-     via the TELNET ENVIRON option.
-
-FFIILLEESS
-     ~/.telnetrc  user customized telnet startup values
-
-HHIISSTTOORRYY
-     The TTeellnneett command appeared in 4.2BSD.
-
-NNOOTTEESS
-     On some remote systems, echo has to be turned off manually when in ``old
-     line by line'' mode.
-
-     In ``old line by line'' mode or LINEMODE the terminal's eeooff character is
-     only recognized (and sent to the remote system) when it is the first
-     character on a line.
-
-4.2 Berkeley Distribution      February 3, 1994                             11
diff --git a/src/appl/telnet/telnet/telnet.1 b/src/appl/telnet/telnet/telnet.1
deleted file mode 100644
index 0ed0037..0000000
--- a/src/appl/telnet/telnet/telnet.1
+++ /dev/null
@@ -1,1339 +0,0 @@
-.\" Copyright (c) 1983, 1990, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnet.1	8.4 (Berkeley) 2/3/94
-.\" "
-.TH TELNET 1
-.SH NAME
-telnet \- user interface to the TELNET protocol
-.SH SYNOPSIS
-.B telnet
-[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
-\fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP]
-[\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP
-\fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP]
-[\fB\-r\fP] [\fB\-x\fP] [\fIhost\fP [\fIport\fP]]
-.SH DESCRIPTION
-The 
-.B telnet
-command is used to communicate with another host using the
-.SM TELNET
-protocol.  If
-.B telnet
-is invoked without the
-.I host
-argument, it enters command mode, indicated by its prompt (
-.BR telnet\&> ).
-In this mode, it accepts and executes the commands listed below.  If it
-is invoked with arguments, it performs an
-.B open
-command with those arguments.
-.SH OPTIONS
-.TP
-.B \-8
-Specify an 8-bit data path.  This causes an attempt to negotiate the
-.SM TELNET BINARY
-option on both input and output.
-.TP
-.B \-E
-Stop any character from being recognized as an escape character.
-.TP
-\fB\-F\fP
-forward a
-.I forwardable
-copy of the local credentials to the remote system.
-.TP
-\fB\-K\fP
-Specify no automatic login to the remote system.
-.TP
-.B \-L
-Specify an 8-bit data path on output.  This causes the BINARY option to
-be negotiated on output.
-.TP
-\fB\-S\fP \fItos\fP
-Set the IP type-of-service (TOS) option for the telnet connection to the
-value
-.I tos,
-which can be a numeric TOS value (in decimal, or a hex value preceded
-by 0x, or an octal value preceded by a leading 0) or, on systems that support it, a
-symbolic TOS name found in the /etc/iptos file.
-.TP
-\fB\-X\fP \fIatype\fP
-Disable the
-.I atype
-type of authentication.
-.TP
-\fB\-a\fP
-Attempt automatic login.  This sends the user name via the
-.SM USER
-variable of the
-.SM ENVIRON
-option, if supported by the remote system.  The name used is that of the
-current user as returned by
-.IR getlogin (2)
-if it agrees with the current user ID; otherwise it is the name
-associated with the user ID.
-.TP
-.B \-c
-Disable the reading of the user's
-.B \&.telnetrc
-file.  (See the
-.B toggle skiprc
-command on this man page.)
-.TP
-.B \-d
-Set the initial value of the
-.B debug
-flag to TRUE
-.TP
-\fB\-e\fP \fIescape char\fP
-Set the initial
-.B telnet
-escape character to
-.I escape char.
-If
-.I escape char
-is omitted, then there will be no escape character.
-.TP
-\fB\-f\fP
-forward a copy of the local credentials to the remote system.
-.TP
-\fB\-k\fP \fIrealm\fP
-If Kerberos authentication is being used, request that telnet obtain
-tickets for the remote host in realm
-.I realm
-instead of the remote host's realm, as determined by
-.IR krb_realmofhost (3).
-.TP
-\fB\-l\fP \fIuser\fP
-If the remote system understands the
-.SM ENVIRON
-option, then
-.I user
-will be sent to the remote system as the value for the variable 
-.SM USER.
-This option implies the
-.B \-a
-option.  This option may also be used with the
-.B open
-command.
-.TP
-\fB\-n\fP \fItracefile\fP
-Open
-.I tracefile
-for recording trace information.  See the
-.B set tracefile
-command below.
-.TP
-.B \-r
-Specify a user interface similar to
-.IR rlogin (1).
-In this mode, the escape character is set to the tilde (~) character,
-unless modified by the
-.B \-e
-option.
-.TP
-\fB\-x\fP
-Turn on encryption of the data stream.  When this option is turned on,
-.B telnet
-will exit with an error if authentication cannot be negotiated or if
-encryption cannot be turned on.
-.TP
-.I host
-Indicates the name, alias, or Internet address of the remote host.
-.TP
-.I port
-Indicates a port number (address of an application).  If the port is not
-specified, the default
-.B telnet
-port (23) is used.
-.PP
-When in rlogin mode, ~ is the telnet escape character; a line of the
-form ~. disconnects from the remote host.  Similarly, the line ~^Z
-suspends the telnet session.  The line ~^] escapes to the normal telnet
-escape prompt.
-.PP
-Once a connection has been opened,
-.B telnet
-will attempt to enable the
-.SM TELNET LINEMODE
-option.  If this fails, then
-.B telnet
-will revert to one of two input modes: either ``character at a time'' or
-``old line by line,'' depending on what the remote system supports.
-.PP
-When
-.SM LINEMODE
-is enabled, character processing is done on the local system, under the
-control of the remote system.  When input editing or character echoing
-is to be disabled, the remote system will relay that information.  The
-remote system will also relay changes to any special characters that
-happen on the remote system, so that they can take effect on the local
-system.
-.PP
-In ``character at a time'' mode, most text typed is immediately sent to
-the remote host for processing.
-.PP
-In ``old line by line'' mode, all text is echoed locally, and (normally)
-only completed lines are sent to the remote host.  The ``local echo
-character'' (initially ``^E'') may be used to turn off and on the local
-echo.  (This would mostly be used to enter passwords without the
-password being echoed).
-.PP
-If the LINEMODE option is enabled, or if the
-.B localchars
-flag is TRUE (the default for ``old line by line''; see below), the
-user's
-.BR quit  ,
-.BR intr ,
-and
-.BR flush
-characters are trapped locally, and sent as
-.SM TELNET
-protocol sequences to the remote side.  If
-.SM LINEMODE
-has ever been enabled, then the user's
-.B susp
-and
-.B eof
-are also sent as
-.SM TELNET
-protocol sequences, and
-.B quit
-is sent as a
-.SM TELNET ABORT
-instead of
-.SM BREAK.
-There are options (see
-.B toggle autoflush
-and
-.B toggle autosynch
-below) which cause this action to flush subsequent output to the
-terminal (until the remote host acknowledges the 
-.SM TELNET
-sequence) and flush previous terminal input (in the case of
-.B quit
-and
-.BR intr  ).
-.PP
-While connected to a remote host,
-.B telnet
-command mode may be entered by typing the
-.B telnet
-``escape character'' (initially ``^]'').  When in command mode, the
-normal terminal editing conventions are available.
-.PP
-The following
-.B telnet
-commands are available.  Only enough of each command to uniquely
-identify it need be typed (this is also true for arguments to the
-.BR mode ,
-.BR set ,
-.BR toggle ,
-.BR unset ,
-.BR slc ,
-.BR environ ,
-and
-.B display
-commands).
-.PP
-.TP
-\fBauth\fP \fIargument ...\fP
-The auth command manipulates the information sent through the
-.SM TELNET AUTHENTICATE
-option.  Valid arguments for the auth command are as
-follows:
-.RS
-.TP
-\fBdisable\fP \fItype\fP 
-Disables the specified type of authentication.  To obtain a list of
-available types, use the
-.B auth disable \&?
-command.
-.TP
-\fBenable\fP \fItype\fP
-Enables the specified type of authentication.  To obtain a list of
-available types, use the
-.B auth enable \&?
-command.
-.TP
-.B status
-Lists the current status of the various types of authentication.
-.RE
-.TP
-.B close
-Close a
-.SM TELNET
-session and return to command mode.
-.TP
-\fBdisplay\fP \fIargument ...\fP
-Displays some or all of the
-.B set
-and
-.B toggle
-values (see below).
-.TP
-\fBencrypt\fP \fIargument ...\fP
-The encrypt command manipulates the information sent through the
-.SM TELNET ENCRYPT
-option.
-.PP
-Note:  Because of export controls, the
-.SM TELNET ENCRYPT
-option is not supported outside of the United States and Canada.
-.PP
-Valid arguments for the encrypt command are as follows:
-.RS
-.TP
-\fBdisable\fP \fItype\fP [\fBinput\fP|\fBoutput\fP]
-Disables the specified type of encryption.  If you omit the input and
-output, both input and output are disabled.  To obtain a list of
-available types, use the
-.B encrypt disable \&?
-command.
-.TP
-\fBenable\fP \fItype]fP [\fBinput\fP|\fBoutput\fP]
-Enables the specified type of encryption.  If you omit input and output,
-both input and output are enabled.  To obtain a list of available types,
-use the
-.B encrypt enable \&?
-command.
-.TP
-.B input
-This is the same as the
-.B encrypt start input
-command.
-.TP
-.B \-input
-This is the same as the
-.B encrypt stop input
-command.
-.TP
-.B output
-This is the same as the
-.B encrypt start output
-command.
-.TP
-.B \-output
-This is the same as the
-.B encrypt stop output
-command.
-.TP
-\fBstart\fP [\fBinput\fP|\fBoutput\fP]
-Attempts to start encryption.  If you omit
-.B input
-and
-.BR output ,
-both input and output are enabled.  To obtain a list of available types,
-use the
-.B encrypt enable \&?
-command.
-.TP
-.B status
-Lists the current status of encryption.
-.TP
-\fBstop\fP [\fBinput\fP|\fBoutput\fP]
-Stops encryption.  If you omit input and output, encryption is on both
-input and output.
-.TP
-\fBtype\fP \fItype\fP
-Sets the default type of encryption to be used with later
-.B encrypt start
-or
-.B encrypt stop
-commands.
-.RE
-.TP
-\fBenviron\fP \fIarguments ...\fP
-The
-.B environ
-command is used to manipulate the the variables that my be sent through
-the
-.SM TELNET ENVIRON
-option.  The initial set of variables is taken from the users
-environment, with only the
-.SM DISPLAY
-and
-.SM PRINTER
-variables being exported by default.  The
-.SM USER
-variable is also exported if the
-.B \-a
-or
-.B \-l
-options are used.
-.PP
-Valid arguments for the
-.B environ
-command are:
-.RS
-.TP
-\fBdefine\fP \fIvariable value\fP
-Define the variable
-.I variable
-to have a value of
-.IR value .
-Any variables defined by this command are automatically exported.  The
-.I value
-may be enclosed in single or double quotes so that tabs and spaces may
-be included.
-.TP
-\fBundefine\fP \fIvariable\fP
-Remove
-.I variable
-from the list of environment variables.
-.TP
-\fBexport\fP \fIvariable\fP
-Mark the variable
-.I variable
-to be exported to the remote side.
-.TP
-\fBunexport\fP \fIvariable\fP
-Mark the variable
-.I variable
-to not be exported unless explicitly asked for by the remote side.
-.TP
-.B list
-List the current set of environment variables.  Those marked with a \&*
-will be sent automatically; other variables will only be sent if
-explicitly requested.
-.TP
-.B \&?
-Prints out help information for the
-.B environ
-command.
-.RE
-.TP
-.B logout
-Sends the
-.SM TELNET LOGOUT
-option to the remote side.  This command is similar to a
-.B close
-command; however, if the remote side does not support the
-.SM LOGOUT
-option, nothing happens.  If, however, the remote side does support the
-.SM LOGOUT
-option, this command should cause the remote side to close the
-.SM TELNET
-connection.  If the remote side also supports the concept of suspending
-a user's session for later reattachment, the logout argument indicates
-that you should terminate the session immediately.
-.TP
-\fBmode\fP \fItype\fP
-.I Type
-is one of several options, depending on the state of the
-.SM TELNET
-session.  The remote host is asked for permission to go into the
-requested mode.  If the remote host is capable of entering that mode,
-the requested mode will be entered.
-.RS
-.TP
-.B character
-Disable the
-.SM TELNET LINEMODE
-option, or, if the remote side does not understand the
-.SM LINEMODE
-option, then enter ``character at a time'' mode.
-.TP
-.B line
-Enable the
-.SM TELNET LINEMODE
-option, or, if the remote side does not understand the
-.SM LINEMODE
-option, then attempt to enter ``old-line-by-line'' mode.
-.TP
-\fBisig\fP (\fI\-isig\fP)
-Attempt to enable (disable) the 
-.SM TRAPSIG
-mode of the 
-.SM LINEMODE
-option.  This requires that the
-.SM LINEMODE
-option be enabled.
-.TP
-\fBedit\fP (\fB\-edit\fP)
-Attempt to enable (disable) the
-.SM EDIT
-mode of the 
-.SM LINEMODE
-option.  This requires that the
-.SM LINEMODE
-option be enabled.
-.TP
-\fBsofttabs\fP (\fB\-softtabs\fP)
-Attempt to enable (disable) the
-.SM SOFT_TAB
-mode of the 
-.SM LINEMODE
-option.  This requires that the
-.SM LINEMODE
-option be enabled.
-.TP
-\fBlitecho\fP (\fB\-litecho\fP)
-Attempt to enable (disable) the 
-.SM LIT_ECHO
-mode of the 
-.SM LINEMODE
-option.  This requires that the
-.SM LINEMODE
-option be enabled.
-.TP
-.B \&?
-Prints out help information for the
-.B mode
-command.
-.RE
-.TP
-\fBopen\fP \fIhost\fP [\fB-a\fP] [[\fB\-l\fP] \fIuser\fP] [\fB\-\fP\fIport\fP]
-Open a connection to the named host.  If no port number is specified,
-.B telnet
-will attempt to contact a
-.SM TELNET
-server at the default port.  The host specification may be either a host
-name (see
-.IR hosts (5)
-or an Internet address specified in the ``dot notation'' (see
-.IR inet (3).
-After establishing a connection, the file
-.B \&.telnetrc
-in the user's home directory is opened.  Lines beginning with a # are
-comment lines.  Blank lines are ignored.  Lines that begin without white
-space are the start of a machine entry.  The first thing on the line is
-the name of the machine that is being connected to.  The rest of the
-line, and successive lines that begin with white space are assumed to be
-.B telnet
-commands and are processed as if they had been typed in manually to the
-.B telnet
-command prompt.
-.RS
-.TP
-.B \-a
-Attempt automatic login.  This sends the user name via the
-.SM USER
-variable of the
-.SM ENVIRON
-option, if supported by the remote system.  The name used is that of the
-current user as returned by
-.IR getlogin (2)
-if it agrees with the current user ID; otherwise it is the name
-associated with the user ID.  
-.TP
-[\fB\-l\fP] \fIuser\fP
-may be used to specify the user name to be passed to the remote system
-via the
-.SM ENVIRON
-option.
-.TP
-\fB\-\fP\fIport\fP
-When connecting to a non-standard port,
-.B telnet
-omits any automatic initiation of
-.SM TELNET
-options.  When the port number is preceded by a minus sign, the initial
-option negotiation is done.
-.RE
-.TP
-.B quit
-Close any open
-.SM TELNET
-session and exit
-.BR telnet .
-An end of file (in command mode) will also close a session and exit.
-.TP
-\fBsend\fP \fIarguments\fP
-Sends one or more special character sequences to the remote host.  The
-following are the arguments which may be specified (more than one
-argument may be specified at a time):
-.PP
-.RS
-.TP
-.B abort
-Sends the
-.SM TELNET ABORT
-(Abort processes) sequence.
-.TP
-.B ao
-Sends the
-.SM TELNET AO
-(Abort Output) sequence, which should cause the remote system to flush
-all output
-.I from
-the remote system
-.I to
-the user's terminal.
-.TP
-.B ayt
-Sends the
-.SM TELNET AYT
-(Are You There) sequence, to which the remote system may or may not
-choose to respond.
-.TP
-.B brk
-Sends the
-.SM TELNET BRK
-(Break) sequence, which may have significance to the remote system.
-.TP
-.B ec
-Sends the
-.SM TELNET EC
-(Erase Character) sequence, which should cause the remote system to
-erase the last character entered.
-.TP
-.B el
-Sends the
-.SM TELNET EL
-(Erase Line) sequence, which should cause the remote system to erase the
-line currently being entered.
-.TP
-.B eof
-Sends the
-.SM TELNET EOF
-(End Of File) sequence.
-.TP
-.B eor
-Sends the
-.SM TELNET EOR
-(End of Record) sequence.
-.TP
-.B escape
-Sends the current
-.B telnet
-escape character (initially ``^''.
-.TP
-.B ga
-Sends the
-.SM TELNET GA
-(Go Ahead) sequence, which likely has no significance to the remote
-system.
-.TP
-.B getstatus
-If the remote side supports the
-.SM TELNET STATUS
-command,
-.B getstatus
-will send the subnegotiation to request that the server send its current
-option status.
-.TP
-.B ip
-Sends the
-.SM TELNET IP
-(Interrupt Process) sequence, which should cause the remote system to
-abort the currently running process.
-.TP
-.B nop
-Sends the
-.SM TELNET NOP
-(No OPeration) sequence.
-.TP
-.B susp
-Sends the
-.SM TELNET SUSP
-(SUSPend process) sequence.
-.TP
-.B synch
-Sends the
-.SM TELNET SYNCH
-sequence.  This sequence causes the remote system to discard all
-previously typed (but not yet read) input.  This sequence is sent as
-.SM TCP
-urgent data (and may not work if the remote system is a 4.2BSD system --
-if it doesn't work, a lower case ``r'' may be echoed on the terminal).
-.TP
-\fBdo\fP \fIcmd\fP
-.TP
-\fBdont\fP \fIcmd\fP
-.TP
-\fBwill\fP \fIcmd\fP
-.TP
-\fBwont\fP \fIcmd\fP
-Sends the
-.SM TELNET DO
-.I cmd
-sequence.
-.I Cmd
-can be either a decimal number between 0 and 255, or a symbolic name for
-a specific
-.SM TELNET
-command.
-.I Cmd
-can also be either
-.B help
-or
-.B \&?
-to print out help information, including a list of known symbolic names.
-.TP
-.B \&?
-Prints out help information for the
-.B send
-command.
-.RE
-.TP
-\fBset\fP \fIargument value\fP 
-.TP
-\fBunset\fP \fIargument value\fP
-The
-.B set
-command will set any one of a number of
-.B telnet
-variables to a specific value or to
-.SM TRUE.
-The special value
-.B off
-turns off the function associated with the variable; this is equivalent
-to using the
-.B unset
-command.  The
-.B unset
-command will disable or set to
-.SM FALSE
-any of the specified functions.  The values of variables may be
-interrogated with the
-.B display
-command.  The variables which may be set or unset, but not toggled, are
-listed here.  In addition, any of the variables for the
-.B toggle
-command may be explicitly set or unset using the
-.B set
-and
-.B unset
-commands.
-.RS
-.TP
-.B ayt
-If
-.B telnet
-is in localchars mode, or
-.SM LINEMODE
-is enabled, and the status character is typed, a
-.SM TELNET AYT
-sequence (see
-.B send ayt
-preceding) is sent to the remote host.  The initial value for the "Are
-You There" character is the terminal's status character.
-.TP
-.B echo
-This is the value (initially ``^E'') which, when in ``line by line''
-mode, toggles between doing local echoing of entered characters (for
-normal processing), and suppressing echoing of entered characters (for
-entering, say, a password).
-.TP
-.B eof
-If
-.B telnet
-is operating in
-.SM LINEMODE
-or ``old line by line'' mode, entering this character as the first
-character on a line will cause this character to be sent to the remote
-system.  The initial value of the eof character is taken to be the
-terminal's
-.B eof
-character.
-.TP
-.B erase
-If
-.B telnet
-is in
-.B localchars
-mode (see
-.B toggle localchars
-below),
-.I and
-if
-.B telnet
-is operating in ``character at a time'' mode, then when this character
-is typed, a
-.SM TELNET EC
-sequence (see
-.B send ec
-above) is sent to the remote system.  The initial value for the erase
-character is taken to be the terminal's
-.B erase
-character.
-.TP
-.B escape
-This is the
-.B telnet
-escape character (initially ``^['') which causes entry into
-.B telnet
-command mode (when connected to a remote system).
-.TP
-.B flushoutput
-If
-.B telnet
-is in
-.B localchars
-mode (see
-.B toggle localchars
-below) and the
-.B flushoutput
-character is typed, a
-.SM TELNET AO
-sequence (see
-.B send ao
-above) is sent to the remote host.  The initial value for the flush
-character is taken to be the terminal's
-.B flush
-character.
-.TP
-.B forw1
-.TP
-.B forw2
-If
-.B telnet
-is operating in
-.SM LINEMODE,
-these are the characters that, when typed, cause partial lines to be
-forwarded to the remote system.  The initial value for the forwarding
-characters are taken from the terminal's eol and eol2 characters.
-.TP
-.B interrupt
-If
-.B telnet
-is in
-.B localchars
-mode (see
-.B toggle localchars
-below) and the
-.B interrupt
-character is typed, a
-.SM TELNET IP
-sequence (see
-.B send ip
-above) is sent to the remote host.  The initial value for the interrupt
-character is taken to be the terminal's
-.B intr
-character.
-.TP
-.B kill
-If
-.B telnet
-is in
-.B localchars
-mode (see
-.B toggle localchars
-below),
-.I and
-if
-.B telnet
-is operating in ``character at a time'' mode, then when this character
-is typed, a
-.SM TELNET EL
-sequence (see
-.B send el
-above) is sent to the remote system.  The initial value for the kill
-character is taken to be the terminal's
-.B kill
-character.
-.TP
-.B lnext
-If
-.B telnet
-is operating in
-.SM LINEMODE
-or ``old line by line'' mode, then this character is taken to be the
-terminal's
-.B lnext
-character.  The initial value for the lnext character is taken to be the
-terminal's
-.B lnext
-character.
-.TP
-.B quit
-If
-.B telnet
-is in
-.B localchars
-mode (see
-.B toggle localchars
-below) and the
-.B quit
-character is typed, a
-.SM TELNET BRK
-sequence (see
-.B send brk
-above) is sent to the remote host.  The initial value for the quit
-character is taken to be the terminal's
-.B quit
-character.
-.TP
-.B reprint
-If
-.B telnet
-is operating in
-.SM LINEMODE
-or ``old line by line'' mode, then this character is taken to be the
-terminal's
-.B reprint
-character.  The initial value for the reprint character is taken to be
-the terminal's
-.B reprint
-character.
-.TP
-.B rlogin
-This is the rlogin escape character.  If set, the normal
-.B TELNET
-escape character is ignored unless it is preceded by this character at
-the beginning of a line.  This character, at the beginning of a line
-followed by a "."  closes the connection; when followed by a ^Z it
-suspends the telnet command.  The initial state is to disable the rlogin
-escape character.
-.TP
-.B start
-If the
-.SM TELNET TOGGLE-FLOW-CONTROL
-option has been enabled, then this character is taken to be the
-terminal's
-.B start
-character.  The initial value for the kill character is taken to be the
-terminal's
-.B start
-character.
-.TP
-.B stop
-If the
-.SM TELNET TOGGLE-FLOW-CONTROL
-option has been enabled, then this character is taken to be the
-terminal's
-.B stop
-character.  The initial value for the kill character is taken to be the
-terminal's
-.B stop
-character.
-.TP
-.B susp
-If
-.B telnet
-is in
-.B localchars
-mode, or
-.SM LINEMODE
-is enabled, and the
-.B suspend
-character is typed, a
-.SM TELNET SUSP
-sequence (see
-.B send susp
-above) is sent to the remote host.  The initial value for the suspend
-character is taken to be the terminal's
-.B suspend
-character.
-.TP
-.B tracefile
-This is the file to which the output, caused by
-.B netdata
-or
-.B option
-tracing being
-.SM TRUE,
-will be written.  If it is set to ``\fB\-\fP'', then tracing information
-will be written to standard output (the default).
-.TP
-.B worderase
-If
-.B telnet
-is operating in
-.SM LINEMODE
-or ``old line by line'' mode, then this character is taken to be the
-terminal's
-.B worderase
-character.  The initial value for the worderase character is taken to be
-the terminal's
-.B worderase
-character.
-.TP
-.B \&?
-Displays the legal \fBset\fP (\fBunset\fP) commands.
-.RE
-.TP
-\fBslc\fP \fIstate\fP
-The
-.B slc
-command (Set Local Characters) is used to set or change the state of the
-the special characters when the
-.SM TELNET LINEMODE
-option has been enabled.  Special characters are characters that get
-mapped to
-.B telnet
-commands sequences (like
-.B ip
-or
-.B quit  )
-or line editing characters (like
-.B erase
-and
-.BR kill ).
-By default, the local special characters are exported.
-.RS
-.TP
-.B check
-Verify the current settings for the current special characters.  The
-remote side is requested to send all the current special character
-settings, and if there are any discrepancies with the local side, the
-local side will switch to the remote value.
-.TP
-.B export
-Switch to the local defaults for the special characters.  The local
-default characters are those of the local terminal at the time when
-.B telnet
-was started.
-.TP
-.B import
-Switch to the remote defaults for the special characters.  The remote
-default characters are those of the remote system at the time when the
-.SM TELNET
-connection was established.
-.TP
-.B \&?
-Prints out help information for the
-.B slc
-command.
-.RE
-.TP
-.B status
-Show the current status of
-.BR telnet  .
-This includes the peer one is connected to, as well as the current mode.
-.TP
-\fBtoggle\fP \fIarguments ...\fP
-Toggle (between
-.SM TRUE
-and
-.SM FALSE)
-various flags that control how
-.B telnet
-responds to events.  These flags may be set explicitly to
-.SM TRUE
-or
-.SM FALSE
-using the
-.B set
-and
-.B unset
-commands listed above.  More than one argument may be specified.  The
-state of these flags may be interrogated with the
-.B display
-command.  Valid arguments are:
-.RS
-.TP
-.B authdebug
-Turns on debugging information for the authentication code.
-.TP
-.B autoflush
-If
-.B autoflush
-and
-.B localchars
-are both
-.SM TRUE ,
-then when the
-.BR ao  ,
-or
-.B quit
-characters are recognized (and transformed into
-.SM TELNET
-sequences; see
-.B set
-above for details),
-.B telnet
-refuses to display any data on the user's terminal until the remote
-system acknowledges (via a
-.SM TELNET TIMING MARK
-option) that it has processed those
-.SM TELNET
-sequences.  The initial value for this toggle is
-.SM TRUE
-if the terminal user had not done an "stty noflsh", otherwise
-.SM FALSE
-(see
-.BR stty  (1).
-.TP
-.B autodecrypt
-When the
-.SM TELNET ENCRYPT
-option is negotiated, by default the actual encryption (decryption) of
-the data stream does not start automatically.  The autoencrypt
-(autodecrypt) command states that encryption of the output (input)
-stream should be enabled as soon as possible.
-.PP
-Note:  Because of export controls, the
-.SM TELNET ENCRYPT
-option is not supported outside the United States and Canada.
-.TP
-.B autologin
-If the remote side supports the
-.SM TELNET AUTHENTICATION
-option
-.B telnet
-attempts to use it to perform automatic authentication.  If the
-.SM AUTHENTICATION
-option is not supported, the user's login name are propagated through
-the
-.SM TELNET ENVIRON
-option.  This command is the same as specifying the
-.B \-a
-option on the
-.B open
-command.
-.TP
-.B autosynch
-If
-.B autosynch
-and
-.B localchars
-are both
-.SM TRUE,
-then when either the
-.B intr
-or
-.B quit
-characters is typed (see
-.B set
-above for descriptions of the
-.B intr
-and
-.B quit
-characters), the resulting
-.SM TELNET
-sequence sent is followed by the
-.SM TELNET SYNCH
-sequence.  This procedure
-.I should
-cause the remote system to begin throwing away all previously typed
-input until both of the
-.SM TELNET
-sequences have been read and acted upon.  The initial value of this
-toggle is
-.SM FALSE.
-.TP
-.B binary
-Enable or disable the
-.SM TELNET BINARY
-option on both input and output.
-.TP
-.B inbinary
-Enable or disable the
-.SM TELNET BINARY
-option on input.
-.TP
-.B outbinary
-Enable or disable the
-.SM TELNET BINARY
-option on output.
-.TP
-.B crlf
-If this is
-.SM TRUE,
-then carriage returns will be sent as <CR><LF>.  If this is
-.SM FALSE,
-then carriage returns will be send as <CR><NUL>.  The initial value for
-this toggle is
-.SM FALSE.
-.TP
-.B crmod
-Toggle carriage return mode.  When this mode is enabled, most carriage
-return characters received from the remote host will be mapped into a
-carriage return followed by a line feed.  This mode does not affect
-those characters typed by the user, only those received from the remote
-host.  This mode is not very useful unless the remote host only sends
-carriage return, but never line feed.  The initial value for this toggle
-is
-.SM FALSE .
-.TP
-.B debug
-Toggles socket level debugging (useful only to the \fBsuper user\fP).
-The initial value for this toggle is
-.SM FALSE .
-.TP
-.B encdebug
-Turns on debugging information for the encryption code.
-.TP
-.B localchars
-If this is
-.SM TRUE ,
-then the
-.BR flush ,
-.BR interrupt ,
-.BR quit ,
-.BR erase ,
-and
-.B kill
-characters (see
-.B set
-above) are recognized locally, and transformed into (hopefully)
-appropriate
-.SM TELNET
-control sequences (respectively
-.BR ao ,
-.BR ip ,
-.BR brk ,
-.BR ec ,
-and
-.BR el ;
-see
-.B send
-above).  The initial value for this toggle is
-.SM TRUE
-in ``old line by line'' mode, and
-.SM FALSE
-in ``character at a time'' mode.  When the
-.SM LINEMODE
-option is enabled, the value of
-.B localchars
-is ignored, and assumed to always be
-.SM TRUE.
-If
-.SM LINEMODE
-has ever been enabled, then
-.B quit
-is sent as
-.BR abort ,
-and
-.B eof
-and
-.B suspend
-are sent as
-.B eof
-and
-.BR susp ,
-see
-.B send
-above).
-.TP
-.B netdata
-Toggles the display of all network data (in hexadecimal format).  The
-initial value for this toggle is
-.SM FALSE.
-.TP
-.B options
-Toggles the display of some internal
-.B telnet
-protocol processing (having to do with
-.SM TELNET
-options).  The initial value for this flag is
-.SM FALSE .
-.TP
-.B prettydump
-When the
-.B netdata
-flag is enabled, if
-.B prettydump
-is enabled the output from the
-.B netdata
-command will be formatted in a more user-readable format.  Spaces are
-put between each character in the output, and the beginning of any
-.SM TELNET
-escape sequence is preceded by a '*' to aid in locating them.
-.TP
-.B skiprc
-When the skiprc flag is
-.SM TRUE,
-.SM TELNET
-skips the reading of the \&.telnetrc file in the user's home directory
-when connections are opened.  The initial value for this flag is
-.SM FALSE.
-.TP
-.B termdata
-Toggles the display of all terminal data (in hexadecimal format).  The
-initial value for this flag is
-.SM FALSE.
-.TP
-.B verbose_encrypt
-When the
-.B verbose_encrypt
-flag is
-.SM TRUE,
-.SM TELNET
-prints out a message each time encryption is enabled or disabled.  The
-initial value for this toggle is
-.SM FALSE.
-Note:  Because of export controls, data encryption is not supported
-outside of the United States and Canada.
-.TP
-.B \&?
-Displays the legal
-.B toggle
-commands.
-.RE
-.TP
-.B z
-Suspend
-.BR telnet .
-This command only works when the user's shell is
-.IR csh (1).
-.TP
-\fB\&!\fP [\fIcommand\fP]
-Execute a single command in a subshell on the local system.  If
-.B command
-is omitted, then an interactive subshell is invoked.
-.TP
-\fB\&?\fP \fIcommand\fP
-Get help.  With no arguments,
-.B telnet
-prints a help summary.  If a command is specified,
-.B telnet
-will print the help information for just that command.
-.SH ENVIRONMENT
-.B Telnet
-uses at least the
-.SM HOME,
-.SM SHELL,
-.SM DISPLAY,
-and
-.SM TERM
-environment variables.  Other environment variables may be propagated to
-the other side via the
-.SM TELNET ENVIRON
-option.
-.SH FILES
-.TP "\w'~/.telnetrc\ \ 'u"
-.TP
-~/.telnetrc
-user-customized telnet startup values
-.sp -1v
-.TP
-~/.k5login
-(on remote host) - file containing Kerberos principals that are allowed
-access.
-.SH HISTORY
-The
-.B Telnet
-command appeared in 4.2BSD.
-.SH NOTES
-.PP
-On some remote systems, echo has to be turned off manually when in ``old
-line by line'' mode.
-.PP
-In ``old line by line'' mode or
-.SM LINEMODE
-the terminal's
-.B eof
-character is only recognized (and sent to the remote system) when it is
-the first character on a line.
diff --git a/src/appl/telnet/telnet/telnet.c b/src/appl/telnet/telnet/telnet.c
deleted file mode 100644
index 0d05b8f..0000000
--- a/src/appl/telnet/telnet/telnet.c
+++ /dev/null
@@ -1,2760 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)telnet.c	8.1 (Berkeley) 6/6/93 */
-
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#include <sys/types.h>
-#include <time.h>
-
-#if	defined(unix)
-#include <signal.h>
-/* By the way, we need to include curses.h before telnet.h since,
- * among other things, telnet.h #defines 'DO', which is a variable
- * declared in curses.h.
- */
-#endif	/* defined(unix) */
-
-#ifdef HAVE_CURSES_H
-#include <curses.h>
-#endif
-
-#ifdef HAVE_TERM_H
-#include <term.h>
-#endif
-
-#include <arpa/telnet.h>
-
-#include <ctype.h>
-
-#include "ring.h"
-
-#include "defines.h"
-#include "externs.h"
-#include "types.h"
-#include "general.h"
-
-#ifdef AUTHENTICATION
-#include <libtelnet/auth.h>
-#endif
-
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <libtelnet/misc-proto.h>
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-
-#include <k5-platform.h>
-
-static int is_unique (char *, char **, char **);
-
-
-#define	strip(x)	((x)&0x7f)
-
-static unsigned char	subbuffer[SUBBUFSIZE],
-			*subpointer, *subend;	 /* buffer for sub-options */
-#define	SB_CLEAR()	subpointer = subbuffer;
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_PEEK()	((*subpointer)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-char	options[256];		/* The combined options */
-char	do_dont_resp[256];
-char	will_wont_resp[256];
-
-int
-	eight = 0,
-	autologin = 0,	/* Autologin anyone? */
-	skiprc = 0,
-	connected,
-	showoptions,
-	In3270,		/* Are we in 3270 mode? */
-	ISend,		/* trying to send network data in */
-	debug = 0,
-	crmod,
-	netdata,	/* Print out network data flow */
-	crlf,		/* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
-#if	defined(TN3270)
-	noasynchtty = 0,/* User specified "-noasynch" on command line */
-	noasynchnet = 0,/* User specified "-noasynch" on command line */
-	askedSGA = 0,	/* We have talked about suppress go ahead */
-#endif	/* defined(TN3270) */
-	telnetport,
-        wantencryption = 0,
-	SYNCHing,	/* we are in TELNET SYNCH mode */
-	flushout,	/* flush output */
-	autoflush = 0,	/* flush output when interrupting? */
-	autosynch,	/* send interrupt characters with SYNCH? */
-	localflow,	/* we handle flow control locally */
-	restartany,	/* if flow control enabled, restart on any character */
-	localchars,	/* we recognize interrupt/quit */
-	donelclchars,	/* the user has set "localchars" */
-	donebinarytoggle,	/* the user has put us in binary */
-	dontlecho,	/* do we suppress local echoing right now? */
-	globalmode;
-
-char *prompt = 0;
-
-int scheduler_lockout_tty = 0;
-
-cc_t escape;
-cc_t rlogin;
-#ifdef	KLUDGELINEMODE
-cc_t echoc;
-#endif
-
-/*
- * Telnet receiver states for fsm
- */
-#define	TS_DATA		0
-#define	TS_IAC		1
-#define	TS_WILL		2
-#define	TS_WONT		3
-#define	TS_DO		4
-#define	TS_DONT		5
-#define	TS_CR		6
-#define	TS_SB		7		/* sub-option collection */
-#define	TS_SE		8		/* looking for sub-option end */
-
-static int	telrcv_state;
-#ifdef	OLD_ENVIRON
-unsigned char telopt_environ = TELOPT_NEW_ENVIRON;
-#else
-# define telopt_environ TELOPT_NEW_ENVIRON
-#endif
-
-jmp_buf	toplevel = { 0 };
-jmp_buf	peerdied;
-
-int	flushline;
-int	linemode;
-
-#ifdef	KLUDGELINEMODE
-int	kludgelinemode = 1;
-#endif
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-Clocks clocks;
-
-#ifdef	notdef
-Modelist modelist[] = {
-	{ "telnet command mode", COMMAND_LINE },
-	{ "character-at-a-time mode", 0 },
-	{ "character-at-a-time mode (local echo)", LOCAL_ECHO|LOCAL_CHARS },
-	{ "line-by-line mode (remote echo)", LINE | LOCAL_CHARS },
-	{ "line-by-line mode", LINE | LOCAL_ECHO | LOCAL_CHARS },
-	{ "line-by-line mode (local echoing suppressed)", LINE | LOCAL_CHARS },
-	{ "3270 mode", 0 },
-};
-#endif
-
-
-/*
- * Initialize telnet environment.
- */
-
-    void
-init_telnet()
-{
-    env_init();
-
-    SB_CLEAR();
-    ClearArray(options);
-
-    connected = In3270 = ISend = localflow = donebinarytoggle = 0;
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    auth_encrypt_connect(connected);
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-    restartany = -1;
-
-    SYNCHing = 0;
-
-    /* Don't change NetTrace */
-
-    escape = CONTROL(']');
-    rlogin = _POSIX_VDISABLE;
-#ifdef	KLUDGELINEMODE
-    echoc = CONTROL('E');
-#endif
-
-    flushline = 1;
-    telrcv_state = TS_DATA;
-}
-
-
-#ifdef	notdef
-#include <varargs.h>
-
-    /*VARARGS*/
-    static void
-printring(va_alist)
-    va_dcl
-{
-    va_list ap;
-    char buffer[100];		/* where things go */
-    char *ptr;
-    char *format;
-    char *string;
-    Ring *ring;
-    int i;
-
-    va_start(ap);
-
-    ring = va_arg(ap, Ring *);
-    format = va_arg(ap, char *);
-    ptr = buffer;
-
-    while ((i = *format++) != 0) {
-	if (i == '%') {
-	    i = *format++;
-	    switch (i) {
-	    case 'c':
-		*ptr++ = va_arg(ap, int);
-		break;
-	    case 's':
-		string = va_arg(ap, char *);
-		ring_supply_data(ring, buffer, ptr-buffer);
-		ring_supply_data(ring, string, strlen(string));
-		ptr = buffer;
-		break;
-	    case 0:
-		ExitString("printring: trailing %%.\n", 1);
-		/*NOTREACHED*/
-	    default:
-		ExitString("printring: unknown format character.\n", 1);
-		/*NOTREACHED*/
-	    }
-	} else {
-	    *ptr++ = i;
-	}
-    }
-    ring_supply_data(ring, buffer, ptr-buffer);
-}
-#endif
-
-/*
- * These routines are in charge of sending option negotiations
- * to the other side.
- *
- * The basic idea is that we send the negotiation if either side
- * is in disagreement as to what the current state should be.
- */
-
-    void
-send_do(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_do(c)) ||
-				my_want_state_is_do(c))
-	    return;
-	set_my_want_state_do(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DO);
-    NETADD(c);
-    printoption("SENT", DO, c);
-}
-
-    void
-send_dont(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) ||
-				my_want_state_is_dont(c))
-	    return;
-	set_my_want_state_dont(c);
-	do_dont_resp[c]++;
-    }
-    NET2ADD(IAC, DONT);
-    NETADD(c);
-    printoption("SENT", DONT, c);
-}
-
-    void
-send_will(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_will(c)) ||
-				my_want_state_is_will(c))
-	    return;
-	set_my_want_state_will(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WILL);
-    NETADD(c);
-    printoption("SENT", WILL, c);
-}
-
-    void
-send_wont(c, init)
-    register int c, init;
-{
-    if (init) {
-	if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) ||
-				my_want_state_is_wont(c))
-	    return;
-	set_my_want_state_wont(c);
-	will_wont_resp[c]++;
-    }
-    NET2ADD(IAC, WONT);
-    NETADD(c);
-    printoption("SENT", WONT, c);
-}
-
-
-	void
-willoption(option)
-	int option;
-{
-	int new_state_ok = 0;
-
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_do(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_ECHO:
-#	    if defined(TN3270)
-		/*
-		 * The following is a pain in the rear-end.
-		 * Various IBM servers (some versions of Wiscnet,
-		 * possibly Fibronics/Spartacus, and who knows who
-		 * else) will NOT allow us to send "DO SGA" too early
-		 * in the setup proceedings.  On the other hand,
-		 * 4.2 servers (telnetd) won't set SGA correctly.
-		 * So, we are stuck.  Empirically (but, based on
-		 * a VERY small sample), the IBM servers don't send
-		 * out anything about ECHO, so we postpone our sending
-		 * "DO SGA" until we see "WILL ECHO" (which 4.2 servers
-		 * DO send).
-		  */
-		{
-		    if (askedSGA == 0) {
-			askedSGA = 1;
-			if (my_want_state_is_dont(TELOPT_SGA))
-			    send_do(TELOPT_SGA, 1);
-		    }
-		}
-		    /* Fall through */
-	    case TELOPT_EOR:
-#endif	    /* defined(TN3270) */
-	    case TELOPT_BINARY:
-	    case TELOPT_SGA:
-		settimer(modenegotiated);
-		/* FALL THROUGH */
-	    case TELOPT_STATUS:
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-#endif
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:
-#endif /* ENCRYPTION */
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		/*
-		 * Special case for TM.  If we get back a WILL,
-		 * pretend we got back a WONT.
-		 */
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;			/* Never reply to TM will's/wont's */
-
-	    case TELOPT_LINEMODE:
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_do(option);
-		send_do(option, 0);
-		setconnmode(0);		/* possibly set new tty mode */
-	    } else {
-		do_dont_resp[option]++;
-		send_dont(option, 0);
-	    }
-	}
-	set_my_state_do(option);
-#ifdef	ENCRYPTION
-	if (option == TELOPT_ENCRYPT)
-		encrypt_send_support();
-#endif	/* ENCRYPTION */
-}
-
-	void
-wontoption(option)
-	int option;
-{
-	if (do_dont_resp[option]) {
-	    --do_dont_resp[option];
-	    if (do_dont_resp[option] && my_state_is_dont(option))
-		--do_dont_resp[option];
-	}
-
-	if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) {
-
-	    switch (option) {
-
-#ifdef	KLUDGELINEMODE
-	    case TELOPT_SGA:
-		if (!kludgelinemode)
-		    break;
-		/* FALL THROUGH */
-#endif
-	    case TELOPT_ECHO:
-		settimer(modenegotiated);
-		break;
-
-	    case TELOPT_TM:
-		if (flushout)
-		    flushout = 0;
-		set_my_want_state_dont(option);
-		set_my_state_dont(option);
-		return;		/* Never reply to TM will's/wont's */
-
-	    default:
-		break;
-	    }
-	    set_my_want_state_dont(option);
-	    if (my_state_is_do(option))
-		send_dont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	} else if (option == TELOPT_TM) {
-	    /*
-	     * Special case for TM.
-	     */
-	    if (flushout)
-		flushout = 0;
-	    set_my_want_state_dont(option);
-	}
-	set_my_state_dont(option);
-}
-
-	static void
-dooption(option)
-	int option;
-{
-	int new_state_ok = 0;
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_will(option))
-		--will_wont_resp[option];
-	}
-
-	if (will_wont_resp[option] == 0) {
-	  if (my_want_state_is_wont(option)) {
-
-	    switch (option) {
-
-	    case TELOPT_TM:
-		/*
-		 * Special case for TM.  We send a WILL, but pretend
-		 * we sent WONT.
-		 */
-		send_will(option, 0);
-		set_my_want_state_wont(TELOPT_TM);
-		set_my_state_wont(TELOPT_TM);
-		return;
-
-#	if defined(TN3270)
-	    case TELOPT_EOR:		/* end of record */
-#	endif	/* defined(TN3270) */
-	    case TELOPT_BINARY:		/* binary mode */
-	    case TELOPT_NAWS:		/* window size */
-	    case TELOPT_TSPEED:		/* terminal speed */
-	    case TELOPT_LFLOW:		/* local flow control */
-	    case TELOPT_TTYPE:		/* terminal type option */
-	    case TELOPT_SGA:		/* no big deal */
-#ifdef	ENCRYPTION
-	    case TELOPT_ENCRYPT:	/* encryption variable option */
-#endif	/* ENCRYPTION */
-		new_state_ok = 1;
-		break;
-
-	    case TELOPT_NEW_ENVIRON:	/* New environment variable option */
-#ifdef	OLD_ENVIRON
-		if (my_state_is_will(TELOPT_OLD_ENVIRON))
-			send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */
-		goto env_common;
-	    case TELOPT_OLD_ENVIRON:	/* Old environment variable option */
-		if (my_state_is_will(TELOPT_NEW_ENVIRON))
-			break;		/* Don't enable if new one is in use! */
-	    env_common:
-		telopt_environ = option;
-#endif
-		new_state_ok = 1;
-		break;
-
-#if	defined(AUTHENTICATION)
-	    case TELOPT_AUTHENTICATION:
-		if (autologin)
-			new_state_ok = 1;
-		break;
-#endif
-
-	    case TELOPT_XDISPLOC:	/* X Display location */
-		if (env_getvalue((unsigned char *)"DISPLAY") &&
-		    env_is_exported((unsigned char *)"DISPLAY"))
-		    new_state_ok = 1;
-		break;
-
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_want_state_will(TELOPT_LINEMODE);
-		send_will(option, 0);
-		set_my_state_will(TELOPT_LINEMODE);
-		slc_init();
-		return;
-
-	    case TELOPT_ECHO:		/* We're never going to echo... */
-	    default:
-		break;
-	    }
-
-	    if (new_state_ok) {
-		set_my_want_state_will(option);
-		send_will(option, 0);
-		setconnmode(0);			/* Set new tty mode */
-	    } else {
-		will_wont_resp[option]++;
-		send_wont(option, 0);
-	    }
-	  } else {
-	    /*
-	     * Handle options that need more things done after the
-	     * other side has acknowledged the option.
-	     */
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-#ifdef	KLUDGELINEMODE
-		kludgelinemode = 0;
-		send_do(TELOPT_SGA, 1);
-#endif
-		set_my_state_will(option);
-		slc_init();
-		send_do(TELOPT_SGA, 0);
-		return;
-	    }
-	  }
-	}
-	set_my_state_will(option);
-}
-
-	static void
-dontoption(option)
-	int option;
-{
-
-	if (will_wont_resp[option]) {
-	    --will_wont_resp[option];
-	    if (will_wont_resp[option] && my_state_is_wont(option))
-		--will_wont_resp[option];
-	}
-
-	if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) {
-	    switch (option) {
-	    case TELOPT_LINEMODE:
-		linemode = 0;	/* put us back to the default state */
-		break;
-#ifdef	OLD_ENVIRON
-	    case TELOPT_NEW_ENVIRON:
-		/*
-		 * The new environ option wasn't recognized, try
-		 * the old one.
-		 */
-		send_will(TELOPT_OLD_ENVIRON, 1);
-		telopt_environ = TELOPT_OLD_ENVIRON;
-		break;
-#endif
-	    }
-	    /* we always accept a DONT */
-	    set_my_want_state_wont(option);
-	    if (my_state_is_will(option))
-		send_wont(option, 0);
-	    setconnmode(0);			/* Set new tty mode */
-	}
-	set_my_state_wont(option);
-}
-
-/*
- * Given a buffer returned by tgetent(), this routine will turn
- * the pipe seperated list of names in the buffer into an array
- * of pointers to null terminated names.  We toss out any bad,
- * duplicate, or verbose names (names with spaces).
- */
-
-static char *name_unknown = "UNKNOWN";
-static char *unknown[] = { 0, 0 };
-
-static	char **
-mklist(buf, name)
-	char *buf, *name;
-{
-	register int n;
-	register char c, *cp, **argvp, *cp2, **argv, **avt;
-
-	if (name) {
-		if (strlen(name) > 40) {
-			name = 0;
-			unknown[0] = name_unknown;
-		} else {
-			unknown[0] = name;
-			upcase(name);
-		}
-	} else
-		unknown[0] = name_unknown;
-	/*
-	 * Count up the number of names.
-	 */
-	for (n = 1, cp = buf; *cp && *cp != ':'; cp++) {
-		if (*cp == '|')
-			n++;
-	}
-	/*
-	 * Allocate an array to put the name pointers into
-	 */
-	argv = (char **)malloc((n+3)*sizeof(char *));
-	if (argv == 0)
-		return(unknown);
-	while (--n >= 0)
-	    argv[n] = 0;
-
-	/*
-	 * Fill up the array of pointers to names.
-	 */
-	*argv = 0;
-	argvp = argv+1;
-	n = 0;
-	for (cp = cp2 = buf; (c = *cp);  cp++) {
-		if (c == '|' || c == ':') {
-			*cp++ = '\0';
-			/*
-			 * Skip entries that have spaces or are over 40
-			 * characters long.  If this is our environment
-			 * name, then put it up front.  Otherwise, as
-			 * long as this is not a duplicate name (case
-			 * insensitive) add it to the list.
-			 */
-			if (n || (cp - cp2 > 41))
-				;
-			else if (name && (strncasecmp(name, cp2,
-						      (unsigned) (cp-cp2))
-					  == 0))
-				*argv = cp2;
-			else if (is_unique(cp2, argv+1, argvp))
-				*argvp++ = cp2;
-			if (c == ':')
-				break;
-			/*
-			 * Skip multiple delimiters. Reset cp2 to
-			 * the beginning of the next name. Reset n,
-			 * the flag for names with spaces.
-			 */
-			while ((c = *cp) == '|')
-				cp++;
-			cp2 = cp;
-			n = 0;
-		}
-		/*
-		 * Skip entries with spaces or non-ascii values.
-		 * Convert lower case letters to upper case.
-		 */
-		if ((c == ' ') || !isascii(c))
-			n = 1;
-		else if (islower((unsigned char) c))
-			*cp = toupper((unsigned char) c);
-	}
-
-	/*
-	 * Check for an old V6 2 character name.  If the second
-	 * name points to the beginning of the buffer, and is
-	 * only 2 characters long, move it to the end of the array.
-	 */
-	if ((argv[1] == buf) && (strlen(argv[1]) == 2)) {
-		--argvp;
-		for (avt = &argv[1]; avt < argvp; avt++)
-			*avt = *(avt+1);
-		*argvp++ = buf;
-	}
-
-	/*
-	 * Duplicate last name, for TTYPE option, and null
-	 * terminate the array.  If we didn't find a match on
-	 * our terminal name, put that name at the beginning.
-	 */
-	cp = *(argvp-1);
-	*argvp++ = cp;
-	*argvp = 0;
-
-	if (*argv == 0) {
-		if (name)
-			*argv = name;
-		else {
-			--argvp;
-			for (avt = argv; avt < argvp; avt++)
-				*avt = *(avt+1);
-		}
-	}
-	if (*argv)
-		return(argv);
-	else
-		return(unknown);
-}
-
-static int
-is_unique(name, as, ae)
-	register char *name, **as, **ae;
-{
-	register char **ap;
-	register unsigned int n;
-
-	n = strlen(name) + 1;
-	for (ap = as; ap < ae; ap++)
-		if (strncasecmp(*ap, name, n) == 0)
-			return(0);
-	return (1);
-}
-
-#ifndef	HAVE_SETUPTERM
-char termbuf[1024];
-
-	/*ARGSUSED*/
-static int
-setupterm(tname, fd, errp)
-	char *tname;
-	int fd, *errp;
-{
-	if (tgetent(termbuf, tname) == 1) {
-		termbuf[1023] = '\0';
-		if (errp)
-			*errp = 1;
-		return(0);
-	}
-	if (errp)
-		*errp = 0;
-	return(-1);
-}
-#else
-#define	termbuf	ttytype
-extern char ttytype[];
-#endif
-
-int resettermname = 1;
-
-static	char *
-gettermname()
-{
-	char *tname;
-	static char **tnamep = 0;
-	static char **next;
-	int err;
-
-	if (resettermname) {
-		resettermname = 0;
-		if (tnamep && tnamep != unknown)
-			free(tnamep);
-		if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) &&
-				(setupterm(tname, 1, &err) == 0)) {
-			tnamep = mklist(termbuf, tname);
-		} else {
-			if (tname && (strlen(tname) <= 40)) {
-				unknown[0] = tname;
-				upcase(tname);
-			} else
-				unknown[0] = name_unknown;
-			tnamep = unknown;
-		}
-		next = tnamep;
-	}
-	if (*next == 0)
-		next = tnamep;
-	return(*next++);
-}
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *		Terminal type, send request.
- *		Terminal speed (send request).
- *		Local flow control (is request).
- *		Linemode
- */
-
-    static void
-suboption()
-{
-    unsigned char subchar;
-
-    printsub('<', subbuffer, SB_LEN()+2);
-    switch (subchar = SB_GET()) {
-    case TELOPT_TTYPE:
-	if (my_want_state_is_wont(TELOPT_TTYPE))
-	    return;
-	if (SB_EOF() || SB_GET() != TELQUAL_SEND) {
-	    return;
-	} else {
-	    char *name;
-	    unsigned char temp[50];
-	    int len;
-
-#if	defined(TN3270)
-	    if (tn3270_ttype()) {
-		return;
-	    }
-#endif	/* defined(TN3270) */
-	    name = gettermname();
-	    len = strlen(name) + 4 + 2;
-	    if (len < NETROOM()) {
-		snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c",
-			 IAC, SB, TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE);
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', &temp[2], len-2);
-	    } else {
-		ExitString("No room in buffer for terminal type.\n", 1);
-		/*NOTREACHED*/
-	    }
-	}
-	break;
-    case TELOPT_TSPEED:
-	if (my_want_state_is_wont(TELOPT_TSPEED))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    long o_speed, ispeed;
-	    unsigned char temp[50];
-	    int len;
-
-	    TerminalSpeeds(&ispeed, &o_speed);
-
-	    snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC,
-		     SB, TELOPT_TSPEED, TELQUAL_IS, o_speed, ispeed, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-    case TELOPT_LFLOW:
-	if (my_want_state_is_wont(TELOPT_LFLOW))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch(SB_GET()) {
-	case LFLOW_RESTART_ANY:
-	    restartany = 1;
-	    break;
-	case LFLOW_RESTART_XON:
-	    restartany = 0;
-	    break;
-	case LFLOW_ON:
-	    localflow = 1;
-	    break;
-	case LFLOW_OFF:
-	    localflow = 0;
-	    break;
-	default:
-	    return;
-	}
-	setcommandmode();
-	setconnmode(0);
-	break;
-
-    case TELOPT_LINEMODE:
-	if (my_want_state_is_wont(TELOPT_LINEMODE))
-	    return;
-	if (SB_EOF())
-	    return;
-	switch (SB_GET()) {
-	case WILL:
-	    lm_will(subpointer, SB_LEN());
-	    break;
-	case WONT:
-	    lm_wont(subpointer, SB_LEN());
-	    break;
-	case DO:
-	    lm_do(subpointer, SB_LEN());
-	    break;
-	case DONT:
-	    lm_dont(subpointer, SB_LEN());
-	    break;
-	case LM_SLC:
-	    slc(subpointer, SB_LEN());
-	    break;
-	case LM_MODE:
-	    lm_mode(subpointer, SB_LEN(), 0);
-	    break;
-	default:
-	    break;
-	}
-	break;
-
-#ifdef	OLD_ENVIRON
-    case TELOPT_OLD_ENVIRON:
-#endif
-    case TELOPT_NEW_ENVIRON:
-	if (SB_EOF())
-	    return;
-	switch(SB_PEEK()) {
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-	    if (my_want_state_is_dont(subchar))
-		return;
-	    break;
-	case TELQUAL_SEND:
-	    if (my_want_state_is_wont(subchar)) {
-		return;
-	    }
-	    break;
-	default:
-	    return;
-	}
-	env_opt(subpointer, SB_LEN());
-	break;
-
-    case TELOPT_XDISPLOC:
-	if (my_want_state_is_wont(TELOPT_XDISPLOC))
-	    return;
-	if (SB_EOF())
-	    return;
-	if (SB_GET() == TELQUAL_SEND) {
-	    unsigned char temp[50], *dp;
-	    int len;
-
-	    if (((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) ||
-		(! env_is_exported((unsigned char *)"DISPLAY"))) {
-		/*
-		 * Something happened, we no longer have a DISPLAY
-		 * variable.  So, turn off the option.
-		 */
-		send_wont(TELOPT_XDISPLOC, 1);
-		break;
-	    }
-	    snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c",
-		     IAC, SB, TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE);
-	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
-
-	    if (len < NETROOM()) {
-		ring_supply_data(&netoring, temp, len);
-		printsub('>', temp+2, len - 2);
-	    }
-/*@*/	    else printf("lm_will: not enough room in buffer\n");
-	}
-	break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION: {
-		if (!autologin)
-			break;
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case TELQUAL_IS:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_is(subpointer, SB_LEN());
-			break;
-		case TELQUAL_SEND:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_send(subpointer, SB_LEN());
-			break;
-		case TELQUAL_REPLY:
-			if (my_want_state_is_wont(TELOPT_AUTHENTICATION))
-				return;
-			auth_reply(subpointer, SB_LEN());
-			break;
-		case TELQUAL_NAME:
-			if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
-				return;
-			auth_name(subpointer, SB_LEN());
-			break;
-		}
-	}
-	break;
-#endif
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-		if (SB_EOF())
-			return;
-		switch(SB_GET()) {
-		case ENCRYPT_START:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_END:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_end();
-			break;
-		case ENCRYPT_SUPPORT:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_support(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQSTART:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_request_start(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REQEND:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			/*
-			 * We can always send an REQEND so that we cannot
-			 * get stuck encrypting.  We should only get this
-			 * if we have been able to get in the correct mode
-			 * anyhow.
-			 */
-			encrypt_request_end();
-			break;
-		case ENCRYPT_IS:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_is(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_REPLY:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_reply(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_ENC_KEYID:
-			if (my_want_state_is_dont(TELOPT_ENCRYPT))
-				return;
-			encrypt_enc_keyid(subpointer, SB_LEN());
-			break;
-		case ENCRYPT_DEC_KEYID:
-			if (my_want_state_is_wont(TELOPT_ENCRYPT))
-				return;
-			encrypt_dec_keyid(subpointer, SB_LEN());
-			break;
-		default:
-			break;
-		}
-		break;
-#endif	/* ENCRYPTION */
-    default:
-	break;
-    }
-}
-
-static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE };
-
-    void
-lm_will(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_will: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	str_lm[3] = DONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_will: not enough room in buffer\n");
-	break;
-    }
-}
-
-    void
-lm_wont(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_wont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:	/* We shouldn't ever get this... */
-    default:
-	/* We are always DONT, so don't respond */
-	return;
-    }
-}
-
-    void
-lm_do(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_do: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	str_lm[3] = WONT;
-	str_lm[4] = cmd[0];
-	if (NETROOM() > sizeof(str_lm)) {
-	    ring_supply_data(&netoring, str_lm, sizeof(str_lm));
-	    printsub('>', &str_lm[2], sizeof(str_lm)-2);
-	}
-/*@*/	else printf("lm_do: not enough room in buffer\n");
-	break;
-    }
-}
-
-    void
-lm_dont(cmd, len)
-    unsigned char *cmd;
-    int len;
-{
-    if (len < 1) {
-/*@*/	printf("lm_dont: no command!!!\n");	/* Should not happen... */
-	return;
-    }
-    switch(cmd[0]) {
-    case LM_FORWARDMASK:
-    default:
-	/* we are always WONT, so don't respond */
-	break;
-    }
-}
-
-static unsigned char str_lm_mode[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE
-};
-
-	void
-lm_mode(cmd, len, init)
-	unsigned char *cmd;
-	int len, init;
-{
-	if (len != 1)
-		return;
-	if ((linemode&MODE_MASK&~MODE_ACK) == *cmd)
-		return;
-	if (*cmd&MODE_ACK)
-		return;
-	linemode = *cmd&(MODE_MASK&~MODE_ACK);
-	str_lm_mode[4] = linemode;
-	if (!init)
-	    str_lm_mode[4] |= MODE_ACK;
-	if (NETROOM() > sizeof(str_lm_mode)) {
-	    ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode));
-	    printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2);
-	}
-/*@*/	else printf("lm_mode: not enough room in buffer\n");
-	setconnmode(0);	/* set changed mode */
-}
-
-
-
-/*
- * slc()
- * Handle special character suboption of LINEMODE.
- */
-
-struct spc {
-	cc_t val;
-	cc_t *valp;
-	char flags;	/* Current flags & level */
-	char mylevel;	/* Maximum level & flags */
-} spc_data[NSLC+1];
-
-#define SLC_IMPORT	0
-#define	SLC_EXPORT	1
-#define SLC_RVALUE	2
-static int slc_mode = SLC_EXPORT;
-
-	void
-slc_init()
-{
-	register struct spc *spcp;
-
-	localchars = 1;
-	for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) {
-		spcp->val = 0;
-		spcp->valp = 0;
-		spcp->flags = spcp->mylevel = SLC_NOSUPPORT;
-	}
-
-#define	initfunc(func, flags) { \
-					spcp = &spc_data[func]; \
-					if ((spcp->valp = tcval(func)) != NULL) { \
-					    spcp->val = *spcp->valp; \
-					    spcp->mylevel = SLC_VARIABLE|flags; \
-					} else { \
-					    spcp->val = 0; \
-					    spcp->mylevel = SLC_DEFAULT; \
-					} \
-				    }
-
-	initfunc(SLC_SYNCH, 0);
-	/* No BRK */
-	initfunc(SLC_AO, 0);
-	initfunc(SLC_AYT, 0);
-	/* No EOR */
-	initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT);
-	initfunc(SLC_EOF, 0);
-#ifndef	SYSV_TERMIO
-	initfunc(SLC_SUSP, SLC_FLUSHIN);
-#endif
-	initfunc(SLC_EC, 0);
-	initfunc(SLC_EL, 0);
-#ifndef	SYSV_TERMIO
-	initfunc(SLC_EW, 0);
-	initfunc(SLC_RP, 0);
-	initfunc(SLC_LNEXT, 0);
-#endif
-	initfunc(SLC_XON, 0);
-	initfunc(SLC_XOFF, 0);
-#ifdef	SYSV_TERMIO
-	spc_data[SLC_XON].mylevel = SLC_CANTCHANGE;
-	spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE;
-#endif
-	initfunc(SLC_FORW1, 0);
-#ifdef	USE_TERMIO
-	initfunc(SLC_FORW2, 0);
-	/* No FORW2 */
-#endif
-
-	initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT);
-#undef	initfunc
-
-	if (slc_mode == SLC_EXPORT)
-		slc_export();
-	else
-		slc_import(1);
-
-}
-
-    void
-slcstate()
-{
-    printf("Special characters are %s values\n",
-		slc_mode == SLC_IMPORT ? "remote default" :
-		slc_mode == SLC_EXPORT ? "local" :
-					 "remote");
-}
-
-    void
-slc_mode_export()
-{
-    slc_mode = SLC_EXPORT;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_export();
-}
-
-    void
-slc_mode_import(def)
-    int def;
-{
-    slc_mode = def ? SLC_IMPORT : SLC_RVALUE;
-    if (my_state_is_will(TELOPT_LINEMODE))
-	slc_import(def);
-}
-
-unsigned char slc_import_val[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE
-};
-unsigned char slc_import_def[] = {
-	IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE
-};
-
-    void
-slc_import(def)
-    int def;
-{
-    if (NETROOM() > sizeof(slc_import_val)) {
-	if (def) {
-	    ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def));
-	    printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2);
-	} else {
-	    ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val));
-	    printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2);
-	}
-    }
-/*@*/ else printf("slc_import: not enough room\n");
-}
-
-    void
-slc_export()
-{
-    register struct spc *spcp;
-
-    TerminalDefaultChars();
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->mylevel != SLC_NOSUPPORT) {
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    if (spcp->valp)
-		spcp->val = *spcp->valp;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    (void)slc_update();
-    setconnmode(1);	/* Make sure the character values are set */
-}
-
-	void
-slc(cp, len)
-	register unsigned char *cp;
-	int len;
-{
-	register struct spc *spcp;
-	register int func,level;
-
-	slc_start_reply();
-
-	for (; len >= 3; len -=3, cp +=3) {
-
-		func = cp[SLC_FUNC];
-
-		if (func == 0) {
-			/*
-			 * Client side: always ignore 0 function.
-			 */
-			continue;
-		}
-		if (func > NSLC) {
-			if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT)
-				slc_add_reply(func, SLC_NOSUPPORT, 0);
-			continue;
-		}
-
-		spcp = &spc_data[func];
-
-		level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK);
-
-		if ((cp[SLC_VALUE] == (unsigned char)spcp->val) &&
-		    ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) {
-			continue;
-		}
-
-		if (level == (SLC_DEFAULT|SLC_ACK)) {
-			/*
-			 * This is an error condition, the SLC_ACK
-			 * bit should never be set for the SLC_DEFAULT
-			 * level.  Our best guess to recover is to
-			 * ignore the SLC_ACK bit.
-			 */
-			cp[SLC_FLAGS] &= ~SLC_ACK;
-		}
-
-		if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) {
-			spcp->val = (cc_t)cp[SLC_VALUE];
-			spcp->flags = cp[SLC_FLAGS];	/* include SLC_ACK */
-			continue;
-		}
-
-		level &= ~SLC_ACK;
-
-		if (level <= (spcp->mylevel&SLC_LEVELBITS)) {
-			spcp->flags = cp[SLC_FLAGS]|SLC_ACK;
-			spcp->val = (cc_t)cp[SLC_VALUE];
-		}
-		if (level == SLC_DEFAULT) {
-			if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT)
-				spcp->flags = spcp->mylevel;
-			else
-				spcp->flags = SLC_NOSUPPORT;
-		}
-		slc_add_reply(func, spcp->flags, spcp->val);
-	}
-	slc_end_reply();
-	if (slc_update())
-		setconnmode(1);	/* set the  new character values */
-}
-
-    void
-slc_check()
-{
-    register struct spc *spcp;
-
-    slc_start_reply();
-    for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-	if (spcp->valp && spcp->val != *spcp->valp) {
-	    spcp->val = *spcp->valp;
-	    if (spcp->val == (cc_t)(_POSIX_VDISABLE))
-		spcp->flags = SLC_NOSUPPORT;
-	    else
-		spcp->flags = spcp->mylevel;
-	    slc_add_reply(spcp - spc_data, spcp->flags, spcp->val);
-	}
-    }
-    slc_end_reply();
-    setconnmode(1);
-}
-
-
-unsigned char slc_reply[128];
-unsigned char *slc_replyp;
-
-	void
-slc_start_reply()
-{
-	slc_replyp = slc_reply;
-	*slc_replyp++ = IAC;
-	*slc_replyp++ = SB;
-	*slc_replyp++ = TELOPT_LINEMODE;
-	*slc_replyp++ = LM_SLC;
-}
-
-	void
-slc_add_reply(func, flags, value)
-	unsigned char func;
-	unsigned char flags;
-	cc_t value;
-{
-	if ((slc_replyp - slc_reply) + 6 > sizeof(slc_reply))
-		return;
-	if ((*slc_replyp++ = func) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = flags) == IAC)
-		*slc_replyp++ = IAC;
-	if ((*slc_replyp++ = (unsigned char)value) == IAC)
-		*slc_replyp++ = IAC;
-}
-
-    void
-slc_end_reply()
-{
-    register int len;
-
-    len = slc_replyp - slc_reply;
-    if (len <= 4 || (len + 2 > sizeof(slc_reply)))
-	return;
-    *slc_replyp++ = IAC;
-    *slc_replyp++ = SE;
-    len += 2;
-    if (NETROOM() > len) {
-	ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply);
-	printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2);
-    }
-/*@*/else printf("slc_end_reply: not enough room\n");
-}
-
-	int
-slc_update()
-{
-	register struct spc *spcp;
-	int need_update = 0;
-
-	for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) {
-		if (!(spcp->flags&SLC_ACK))
-			continue;
-		spcp->flags &= ~SLC_ACK;
-		if (spcp->valp && (*spcp->valp != spcp->val)) {
-			*spcp->valp = spcp->val;
-			need_update = 1;
-		}
-	}
-	return(need_update);
-}
-
-#ifdef	OLD_ENVIRON
-# ifdef	ENV_HACK
-/*
- * Earlier version of telnet/telnetd from the BSD code had
- * the definitions of VALUE and VAR reversed.  To ensure
- * maximum interoperability, we assume that the server is
- * an older BSD server, until proven otherwise.  The newer
- * BSD servers should be able to handle either definition,
- * so it is better to use the wrong values if we don't
- * know what type of server it is.
- */
-int env_auto = 1;
-int old_env_var = OLD_ENV_VAR;
-int old_env_value = OLD_ENV_VALUE;
-# else
-#  define old_env_var OLD_ENV_VAR
-#  define old_env_value OLD_ENV_VALUE
-# endif
-#endif
-
-	void
-env_opt(buf, len)
-	register unsigned char *buf;
-	register int len;
-{
-	register unsigned char *ep = 0, *epc = 0;
-	register int i;
-
-	switch(buf[0]&0xff) {
-	case TELQUAL_SEND:
-		env_opt_start();
-		if (len == 1) {
-			env_opt_add(NULL);
-		} else for (i = 1; i < len; i++) {
-			switch (buf[i]&0xff) {
-#ifdef	OLD_ENVIRON
-			case OLD_ENV_VAR:
-# ifdef	ENV_HACK
-				if (telopt_environ == TELOPT_OLD_ENVIRON
-				    && env_auto) {
-					/* Server has the same definitions */
-					old_env_var = OLD_ENV_VAR;
-					old_env_value = OLD_ENV_VALUE;
-				}
-				/* FALL THROUGH */
-# endif
-			case OLD_ENV_VALUE:
-				/*
-				 * Although OLD_ENV_VALUE is not legal, we will
-				 * still recognize it, just in case it is an
-				 * old server that has VAR & VALUE mixed up...
-				 */
-				/* FALL THROUGH */
-#else
-			case NEW_ENV_VAR:
-#endif
-			case ENV_USERVAR:
-				if (ep) {
-					*epc = 0;
-					env_opt_add(ep);
-				}
-				ep = epc = &buf[i+1];
-				break;
-			case ENV_ESC:
-				i++;
-				/*FALL THROUGH*/
-			default:
-				if (epc)
-					*epc++ = buf[i];
-				break;
-			}
-		}
-		if (ep) {
-			*epc = 0;
-			env_opt_add(ep);
-		}
-		env_opt_end(1);
-		break;
-
-	case TELQUAL_IS:
-	case TELQUAL_INFO:
-		/* Ignore for now.  We shouldn't get it anyway. */
-		break;
-
-	default:
-		break;
-	}
-}
-
-#define	OPT_REPLY_SIZE	256
-unsigned char *opt_reply;
-unsigned char *opt_replyp;
-unsigned char *opt_replyend;
-
-	void
-env_opt_start()
-{
-	if (opt_reply)
-		opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE);
-	else
-		opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE);
-	if (opt_reply == NULL) {
-/*@*/		printf("env_opt_start: malloc()/realloc() failed!!!\n");
-		opt_reply = opt_replyp = opt_replyend = NULL;
-		return;
-	}
-	opt_replyp = opt_reply;
-	opt_replyend = opt_reply + OPT_REPLY_SIZE;
-	*opt_replyp++ = IAC;
-	*opt_replyp++ = SB;
-	*opt_replyp++ = telopt_environ;
-	*opt_replyp++ = TELQUAL_IS;
-}
-
-	void
-env_opt_start_info()
-{
-	env_opt_start();
-	if (opt_replyp)
-	    opt_replyp[-1] = TELQUAL_INFO;
-}
-
-	void
-env_opt_add(ep)
-	register unsigned char *ep;
-{
-	register unsigned char *vp, c;
-	unsigned int len, olen, elen;
-
-	if (opt_reply == NULL)		/*XXX*/
-		return;			/*XXX*/
-
-	if (ep == NULL || *ep == '\0') {
-		/* Send user defined variables first. */
-		env_default(1, 0);
-		while ((ep = env_default(0, 0)) != NULL)
-			env_opt_add(ep);
-
-		/* Now add the list of well know variables.  */
-		env_default(1, 1);
-		while ((ep = env_default(0, 1)) != NULL)
-			env_opt_add(ep);
-		return;
-	}
-	vp = env_getvalue(ep);
-	elen = 2 * (vp ? strlen((char *)vp) : 0) +
-		2 * strlen((char *)ep) + 6;
-	if ((opt_replyend - opt_replyp) < elen)
-	{
-		len = opt_replyend - opt_reply + elen;
-		olen = opt_replyp - opt_reply;
-		opt_reply = (unsigned char *)realloc(opt_reply, len);
-		if (opt_reply == NULL) {
-/*@*/			printf("env_opt_add: realloc() failed!!!\n");
-			opt_reply = opt_replyp = opt_replyend = NULL;
-			return;
-		}
-		opt_replyp = opt_reply + olen;
-		opt_replyend = opt_reply + len;
-	}
-	if (opt_welldefined((char *) ep))
-#ifdef	OLD_ENVIRON
-		if (telopt_environ == TELOPT_OLD_ENVIRON)
-			*opt_replyp++ = old_env_var;
-		else
-#endif
-			*opt_replyp++ = NEW_ENV_VAR;
-	else
-		*opt_replyp++ = ENV_USERVAR;
-	for (;;) {
-		while ((c = *ep++)) {
-			switch(c&0xff) {
-			case IAC:
-				*opt_replyp++ = IAC;
-				break;
-			case NEW_ENV_VAR:
-			case NEW_ENV_VALUE:
-			case ENV_ESC:
-			case ENV_USERVAR:
-				*opt_replyp++ = ENV_ESC;
-				break;
-			}
-			*opt_replyp++ = c;
-		}
-		if ((ep = vp) != NULL) {
-#ifdef	OLD_ENVIRON
-			if (telopt_environ == TELOPT_OLD_ENVIRON)
-				*opt_replyp++ = old_env_value;
-			else
-#endif
-				*opt_replyp++ = NEW_ENV_VALUE;
-			vp = NULL;
-		} else
-			break;
-	}
-}
-
-	int
-opt_welldefined(ep)
-	char *ep;
-{
-	if ((strcmp(ep, "USER") == 0) ||
-	    (strcmp(ep, "DISPLAY") == 0) ||
-	    (strcmp(ep, "PRINTER") == 0) ||
-	    (strcmp(ep, "SYSTEMTYPE") == 0) ||
-	    (strcmp(ep, "JOB") == 0) ||
-	    (strcmp(ep, "ACCT") == 0))
-		return(1);
-	return(0);
-}
-	void
-env_opt_end(emptyok)
-	register int emptyok;
-{
-	register int len;
-
-	len = opt_replyp - opt_reply + 2;
-	if (emptyok || len > 6) {
-		*opt_replyp++ = IAC;
-		*opt_replyp++ = SE;
-		if (NETROOM() > len) {
-			ring_supply_data(&netoring, opt_reply, len);
-			printsub('>', &opt_reply[2], len - 2);
-		}
-/*@*/		else printf("slc_end_reply: not enough room\n");
-	}
-	if (opt_reply) {
-		free(opt_reply);
-		opt_reply = opt_replyp = opt_replyend = NULL;
-	}
-}
-
-
-
-    int
-telrcv()
-{
-    register int c;
-    register int scc;
-    register unsigned char *sbp = NULL;
-    int count;
-    int returnValue = 0;
-
-    scc = 0;
-    count = 0;
-    while (TTYROOM() > 2) {
-	if (scc == 0) {
-	    if (count) {
-		ring_consumed(&netiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    sbp = netiring.consume;
-	    scc = ring_full_consecutive(&netiring);
-	    if (scc == 0) {
-		/* No more data coming in */
-		break;
-	    }
-	}
-
-	c = *sbp++ & 0xff, scc--; count++;
-#ifdef	ENCRYPTION
-	if (decrypt_input)
-		c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-
-	switch (telrcv_state) {
-
-	case TS_CR:
-	    telrcv_state = TS_DATA;
-	    if (c == '\0') {
-		break;	/* Ignore \0 after CR */
-	    }
-	    else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) {
-		TTYADD(c);
-		break;
-	    }
-	    /* Else, fall through */
-
-	case TS_DATA:
-	    if (c == IAC) {
-		telrcv_state = TS_IAC;
-		break;
-	    }
-#	    if defined(TN3270)
-	    if (In3270) {
-		*Ifrontp++ = c;
-		while (scc > 0) {
-		    c = *sbp++ & 0377, scc--; count++;
-#ifdef	ENCRYPTION
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		    if (c == IAC) {
-			telrcv_state = TS_IAC;
-			break;
-		    }
-		    *Ifrontp++ = c;
-		}
-	    } else
-#	    endif /* defined(TN3270) */
-		    /*
-		     * The 'crmod' hack (see following) is needed
-		     * since we can't * set CRMOD on output only.
-		     * Machines like MULTICS like to send \r without
-		     * \n; since we must turn off CRMOD to get proper
-		     * input, the mapping is done here (sigh).
-		     */
-	    if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) {
-		if (scc > 0) {
-		    c = *sbp&0xff;
-#ifdef	ENCRYPTION
-		    if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		    if (c == 0) {
-			sbp++, scc--; count++;
-			/* a "true" CR */
-			TTYADD('\r');
-		    } else if (my_want_state_is_dont(TELOPT_ECHO) &&
-					(c == '\n')) {
-			sbp++, scc--; count++;
-			TTYADD('\n');
-		    } else {
-#ifdef	ENCRYPTION
-		        if (decrypt_input)
-			    (*decrypt_input)(-1);
-#endif	/* ENCRYPTION */
-
-			TTYADD('\r');
-			if (crmod) {
-				TTYADD('\n');
-			}
-		    }
-		} else {
-		    telrcv_state = TS_CR;
-		    TTYADD('\r');
-		    if (crmod) {
-			    TTYADD('\n');
-		    }
-		}
-	    } else {
-		TTYADD(c);
-	    }
-	    continue;
-
-	case TS_IAC:
-process_iac:
-	    switch (c) {
-
-	    case WILL:
-		telrcv_state = TS_WILL;
-		continue;
-
-	    case WONT:
-		telrcv_state = TS_WONT;
-		continue;
-
-	    case DO:
-		telrcv_state = TS_DO;
-		continue;
-
-	    case DONT:
-		telrcv_state = TS_DONT;
-		continue;
-
-	    case DM:
-		    /*
-		     * We may have missed an urgent notification,
-		     * so make sure we flush whatever is in the
-		     * buffer currently.
-		     */
-		printoption("RCVD", IAC, DM);
-		SYNCHing = 1;
-		(void) ttyflush(1);
-		SYNCHing = stilloob();
-		settimer(gotDM);
-		break;
-
-	    case SB:
-		SB_CLEAR();
-		telrcv_state = TS_SB;
-		continue;
-
-#	    if defined(TN3270)
-	    case EOR:
-		if (In3270) {
-		    if (Ibackp == Ifrontp) {
-			Ibackp = Ifrontp = Ibuf;
-			ISend = 0;	/* should have been! */
-		    } else {
-			Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1);
-			ISend = 1;
-		    }
-		}
-		printoption("RCVD", IAC, EOR);
-		break;
-#	    endif /* defined(TN3270) */
-
-	    case IAC:
-#	    if !defined(TN3270)
-		TTYADD(IAC);
-#	    else /* !defined(TN3270) */
-		if (In3270) {
-		    *Ifrontp++ = IAC;
-		} else {
-		    TTYADD(IAC);
-		}
-#	    endif /* !defined(TN3270) */
-		break;
-
-	    case NOP:
-	    case GA:
-	    default:
-		printoption("RCVD", IAC, c);
-		break;
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WILL:
-	    printoption("RCVD", WILL, c);
-	    willoption(c);
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_WONT:
-	    printoption("RCVD", WONT, c);
-	    wontoption(c);
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DO:
-	    printoption("RCVD", DO, c);
-	    dooption(c);
-	    SetIn3270();
-	    if (c == TELOPT_NAWS) {
-		sendnaws();
-	    } else if (c == TELOPT_LFLOW) {
-		localflow = 1;
-		setcommandmode();
-		setconnmode(0);
-	    }
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_DONT:
-	    printoption("RCVD", DONT, c);
-	    dontoption(c);
-	    flushline = 1;
-	    setconnmode(0);	/* set new tty mode (maybe) */
-	    SetIn3270();
-	    telrcv_state = TS_DATA;
-	    continue;
-
-	case TS_SB:
-	    if (c == IAC) {
-		telrcv_state = TS_SE;
-	    } else {
-		SB_ACCUM(c);
-	    }
-	    continue;
-
-	case TS_SE:
-	    if (c != SE) {
-		if (c != IAC) {
-		    /*
-		     * This is an error.  We only expect to get
-		     * "IAC IAC" or "IAC SE".  Several things may
-		     * have happend.  An IAC was not doubled, the
-		     * IAC SE was left off, or another option got
-		     * inserted into the suboption are all possibilities.
-		     * If we assume that the IAC was not doubled,
-		     * and really the IAC SE was left off, we could
-		     * get into an infinate loop here.  So, instead,
-		     * we terminate the suboption, and process the
-		     * partial suboption if we can.
-		     */
-		    SB_ACCUM(IAC);
-		    SB_ACCUM(c);
-		    subpointer -= 2;
-		    SB_TERM();
-
-		    printoption("In SUBOPTION processing, RCVD", IAC, c);
-		    suboption();	/* handle sub-option */
-		    SetIn3270();
-		    telrcv_state = TS_IAC;
-		    goto process_iac;
-		}
-		SB_ACCUM(c);
-		telrcv_state = TS_SB;
-	    } else {
-		SB_ACCUM(IAC);
-		SB_ACCUM(SE);
-		subpointer -= 2;
-		SB_TERM();
-		suboption();	/* handle sub-option */
-		SetIn3270();
-		telrcv_state = TS_DATA;
-	    }
-	}
-    }
-    if (count)
-	ring_consumed(&netiring, count);
-    return returnValue||count;
-}
-
-static int bol = 1, local = 0;
-
-    int
-rlogin_susp()
-{
-    if (local) {
-	local = 0;
-	bol = 1;
-	command(0, "z\n", 2);
-	return(1);
-    }
-    return(0);
-}
-
-    static int
-telsnd()
-{
-    int tcc;
-    int count;
-    int returnValue = 0;
-    unsigned char *tbp = NULL;
-
-    tcc = 0;
-    count = 0;
-    while (NETROOM() > 2) {
-	register int sc;
-	register int c;
-
-	if (tcc == 0) {
-	    if (count) {
-		ring_consumed(&ttyiring, count);
-		returnValue = 1;
-		count = 0;
-	    }
-	    tbp = ttyiring.consume;
-	    tcc = ring_full_consecutive(&ttyiring);
-	    if (tcc == 0) {
-		break;
-	    }
-	}
-	c = *tbp++ & 0xff, sc = strip(c), tcc--; count++;
-	if (rlogin != _POSIX_VDISABLE) {
-		if (bol) {
-			bol = 0;
-			if (sc == rlogin) {
-				local = 1;
-				continue;
-			}
-		} else if (local) {
-			local = 0;
-			if (sc == '.' || c == termEofChar) {
-				bol = 1;
-				command(0, "close\n", 6);
-				continue;
-			}
-			if (sc == termSuspChar) {
-				bol = 1;
-				command(0, "z\n", 2);
-				continue;
-			}
-			if (sc == escape) {
-				command(0, (char *)tbp, tcc);
-				bol = 1;
-				count += tcc;
-				tcc = 0;
-				flushline = 1;
-				break;
-			}
-			if (sc != rlogin) {
-				++tcc;
-				--tbp;
-				--count;
-				c = sc = rlogin;
-			}
-		}
-		if ((sc == '\n') || (sc == '\r'))
-			bol = 1;
-	} else if (sc == escape) {
-	    /*
-	     * Double escape is a pass through of a single escape character.
-	     */
-	    if (tcc && strip(*tbp) == escape) {
-		tbp++;
-		tcc--;
-		count++;
-		bol = 0;
-	    } else {
-		command(0, (char *)tbp, tcc);
-		bol = 1;
-		count += tcc;
-		tcc = 0;
-		flushline = 1;
-		break;
-	    }
-	} else
-	    bol = 0;
-#ifdef	KLUDGELINEMODE
-	if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) {
-	    if (tcc > 0 && strip(*tbp) == echoc) {
-		tcc--; tbp++; count++;
-	    } else {
-		dontlecho = !dontlecho;
-		settimer(echotoggle);
-		setconnmode(0);
-		flushline = 1;
-		break;
-	    }
-	}
-#endif
-	if (MODE_LOCAL_CHARS(globalmode)) {
-	    if (TerminalSpecialChars(sc) == 0) {
-		bol = 1;
-		break;
-	    }
-	}
-	if (my_want_state_is_wont(TELOPT_BINARY)) {
-	    switch (c) {
-	    case '\n':
-		    /*
-		     * If we are in CRMOD mode (\r ==> \n)
-		     * on our local machine, then probably
-		     * a newline (unix) is CRLF (TELNET).
-		     */
-		if (MODE_LOCAL_CHARS(globalmode)) {
-		    NETADD('\r');
-		}
-		NETADD('\n');
-		bol = flushline = 1;
-		break;
-	    case '\r':
-		if (!crlf) {
-		    NET2ADD('\r', '\0');
-		} else {
-		    NET2ADD('\r', '\n');
-		}
-		bol = flushline = 1;
-		break;
-	    case IAC:
-		NET2ADD(IAC, IAC);
-		break;
-	    default:
-		NETADD(c);
-		break;
-	    }
-	} else if (c == IAC) {
-	    NET2ADD(IAC, IAC);
-	} else {
-	    NETADD(c);
-	}
-    }
-    if (count)
-	ring_consumed(&ttyiring, count);
-    return returnValue||count;		/* Non-zero if we did anything */
-}
-
-/*
- * Scheduler()
- *
- * Try to do something.
- *
- * If we do something useful, return 1; else return 0.
- *
- */
-
-
-    int
-Scheduler(block)
-    int	block;			/* should we block in the select ? */
-{
-		/* One wants to be a bit careful about setting returnValue
-		 * to one, since a one implies we did some useful work,
-		 * and therefore probably won't be called to block next
-		 * time (TN3270 mode only).
-		 */
-    int returnValue;
-    int netin, netout, netex, ttyin, ttyout;
-
-    /* Decide which rings should be processed */
-
-    netout = ring_full_count(&netoring) &&
-	    (flushline ||
-		(my_want_state_is_wont(TELOPT_LINEMODE)
-#ifdef	KLUDGELINEMODE
-			&& (!kludgelinemode || my_want_state_is_do(TELOPT_SGA))
-#endif
-		) ||
-			my_want_state_is_will(TELOPT_BINARY));
-    ttyout = ring_full_count(&ttyoring);
-
-#if	defined(TN3270)
-    ttyin = ring_empty_count(&ttyiring) && (shell_active == 0);
-#else	/* defined(TN3270) */
-    ttyin = ring_empty_count(&ttyiring);
-#endif	/* defined(TN3270) */
-
-#if	defined(TN3270)
-    netin = ring_empty_count(&netiring);
-#   else /* !defined(TN3270) */
-    netin = !ISend && ring_empty_count(&netiring);
-#   endif /* !defined(TN3270) */
-
-    netex = !SYNCHing;
-
-    /* If we have seen a signal recently, reset things */
-#   if defined(TN3270) && defined(unix)
-    if (HaveInput) {
-	HaveInput = 0;
-	(void) signal(SIGIO, inputAvailable);
-    }
-#endif	/* defined(TN3270) && defined(unix) */
-
-    if (scheduler_lockout_tty) {
-	ttyin = ttyout = 0;
-    }
-
-    /* Call to system code to process rings */
-
-    returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
-
-    /* Now, look at the input rings, looking for work to do. */
-
-    if (ring_full_count(&ttyiring)) {
-#   if defined(TN3270)
-	if (In3270) {
-	    int c;
-
-	    c = DataFromTerminal(ttyiring.consume,
-					ring_full_consecutive(&ttyiring));
-	    if (c) {
-		returnValue = 1;
-	        ring_consumed(&ttyiring, c);
-	    }
-	} else {
-#   endif /* defined(TN3270) */
-	    returnValue |= telsnd();
-#   if defined(TN3270)
-	}
-#   endif /* defined(TN3270) */
-    }
-
-    if (ring_full_count(&netiring)) {
-#	if !defined(TN3270)
-	returnValue |= telrcv();
-#	else /* !defined(TN3270) */
-	returnValue = Push3270();
-#	endif /* !defined(TN3270) */
-    }
-    return returnValue;
-}
-
-/*
- * Select from tty and network...
- */
-    void
-telnet(user)
-    char *user;
-{
-    int printed_encrypt = 0;
-
-    sys_telnet_init();
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-    {
-	static char local_host[256] = { 0 };
-
-	if (!local_host[0]) {
-		gethostname(local_host, sizeof(local_host));
-		local_host[sizeof(local_host)-1] = 0;
-	}
-	auth_encrypt_init(local_host, hostname, "TELNET", 0);
-	auth_encrypt_user(user);
-    }
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION)  */
-#   if !defined(TN3270)
-#if	defined(AUTHENTICATION)
-    if (autologin)
-	send_will(TELOPT_AUTHENTICATION, 1);
-#endif
-#ifdef	ENCRYPTION
-    if (telnetport || wantencryption) {
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-    }
-#endif	/* ENCRYPTION */
-    if (telnetport) {
-	send_do(TELOPT_SGA, 1);
-	send_will(TELOPT_TTYPE, 1);
-	send_will(TELOPT_NAWS, 1);
-	send_will(TELOPT_TSPEED, 1);
-	send_will(TELOPT_LFLOW, 1);
-	send_will(TELOPT_LINEMODE, 1);
-	send_will(TELOPT_NEW_ENVIRON, 1);
-	send_do(TELOPT_STATUS, 1);
-	if (env_getvalue((unsigned char *)"DISPLAY") &&
-	    env_is_exported((unsigned char *)"DISPLAY"))
-	    send_will(TELOPT_XDISPLOC, 1);
-	if (eight)
-	    tel_enter_binary(eight);
-    }
-#   endif /* !defined(TN3270) */
-
-#ifdef ENCRYPTION
-    /*
-     * Note: we assume a tie to the authentication option here.  This
-     * is necessary so that authentication fails, we don't spin
-     * forever.
-     */
-    if (wantencryption) {
-	extern int auth_has_failed;
-	time_t time_out = time(0) + 60;
-
-	send_do(TELOPT_ENCRYPT, 1);
-	send_will(TELOPT_ENCRYPT, 1);
-	while (1) {
-	    if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
-		printf("\nServer refused to negotiate authentication, which is required\n");
-		printf("for encryption.  Good-bye.\n\r");
-		Exit(1);
-	    }
-	    if (auth_has_failed) {
-		printf("\nNegotiation of authentication, which is required for encryption,\n");
-		printf("has failed.  Good-bye.\n\r");
-		Exit(1);
-	    }
-	    if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
-		my_want_state_is_wont(TELOPT_ENCRYPT)) {
-		printf("\nServer refused to negotiate encryption.  Good-bye.\n\r");
-		Exit(1);
-	    }
-	    if (encrypt_is_encrypting())
-		break;
-	    if (time(0) > time_out) {
-		printf("\nEncryption could not be enabled.  Good-bye.\n\r");
-		Exit(1);
-	    }
-	    if (printed_encrypt == 0) {
-		    printed_encrypt = 1;
-		    printf("Waiting for encryption to be negotiated...\n");
-		    /*
-		     * Turn on MODE_TRAPSIG and then turn off localchars
-		     * so that ^C will cause telnet to exit.
-		     */
-		    TerminalNewMode(getconnmode()|MODE_TRAPSIG);
-		    intr_waiting = 1;
-	    }
-	    if (intr_happened) {
-		    printf("\nUser requested an interrupt.  Good-bye.\n\r");
-		    Exit(1);
-	    }
-	    telnet_spin();
-	}
-	if (printed_encrypt) {
-		printf("done.\n");
-		intr_waiting = 0;
-		setconnmode(0);
-	}
-    }
-#endif
-
-
-#   if !defined(TN3270)
-    for (;;) {
-	int schedValue;
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	if (Scheduler(1) == -1) {
-	    setcommandmode();
-	    return;
-	}
-    }
-#   else /* !defined(TN3270) */
-    for (;;) {
-	int schedValue;
-
-	while (!In3270 && !shell_active) {
-	    if (Scheduler(1) == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-
-	while ((schedValue = Scheduler(0)) != 0) {
-	    if (schedValue == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-		/* If there is data waiting to go out to terminal, don't
-		 * schedule any more data for the terminal.
-		 */
-	if (ring_full_count(&ttyoring)) {
-	    schedValue = 1;
-	} else {
-	    if (shell_active) {
-		if (shell_continue() == 0) {
-		    ConnectScreen();
-		}
-	    } else if (In3270) {
-		schedValue = DoTerminalOutput();
-	    }
-	}
-	if (schedValue && (shell_active == 0)) {
-	    if (Scheduler(1) == -1) {
-		setcommandmode();
-		return;
-	    }
-	}
-    }
-#   endif /* !defined(TN3270) */
-}
-
-#if	0	/* XXX - this not being in is a bug */
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-
-    static char *
-nextitem(current)
-    char *current;
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:		/* loop forever looking for the SE */
-	{
-	    register char *look = current+2;
-
-	    for (;;) {
-		if ((*look++&0xff) == IAC) {
-		    if ((*look++&0xff) == SE) {
-			return look;
-		    }
-		}
-	    }
-	}
-    default:
-	return current+2;
-    }
-}
-#endif	/* 0 */
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-
-    static void
-netclear()
-{
-#if	0	/* XXX */
-    register char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-    thisitem = netobuf;
-
-    while ((next = nextitem(thisitem)) <= netobuf.send) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-    good = netobuf;	/* where the good bytes go */
-
-    while (netoring.add > thisitem) {
-	if (wewant(thisitem)) {
-	    int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memcpy(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-#endif	/* 0 */
-}
-
-/*
- * These routines add various telnet commands to the data stream.
- */
-
-    static void
-doflush()
-{
-    NET2ADD(IAC, DO);
-    NETADD(TELOPT_TM);
-    flushline = 1;
-    flushout = 1;
-    (void) ttyflush(1);			/* Flush/drop output */
-    /* do printoption AFTER flush, otherwise the output gets tossed... */
-    printoption("SENT", DO, TELOPT_TM);
-}
-
-    void
-xmitAO()
-{
-    NET2ADD(IAC, AO);
-    printoption("SENT", IAC, AO);
-    if (autoflush) {
-	doflush();
-    }
-}
-
-
-    void
-xmitEL()
-{
-    NET2ADD(IAC, EL);
-    printoption("SENT", IAC, EL);
-}
-
-    void
-xmitEC()
-{
-    NET2ADD(IAC, EC);
-    printoption("SENT", IAC, EC);
-}
-
-
-    int
-dosynch(s)
-     char *s;
-{
-    netclear();			/* clear the path to the network */
-    NETADD(IAC);
-    setneturg();
-    NETADD(DM);
-    printoption("SENT", IAC, DM);
-    return 1;
-}
-
-int want_status_response = 0;
-
-    int
-get_status(s)
-    char *s;
-{
-    unsigned char tmp[16];
-    register unsigned char *cp;
-
-    if (my_want_state_is_dont(TELOPT_STATUS)) {
-	printf("Remote side does not support STATUS option\n");
-	return 0;
-    }
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_STATUS;
-    *cp++ = TELQUAL_SEND;
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-    ++want_status_response;
-    return 1;
-}
-
-    void
-intp()
-{
-    NET2ADD(IAC, IP);
-    printoption("SENT", IAC, IP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch(NULL);
-    }
-}
-
-    void
-sendbrk()
-{
-    NET2ADD(IAC, BREAK);
-    printoption("SENT", IAC, BREAK);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch(NULL);
-    }
-}
-
-    void
-sendabort()
-{
-    NET2ADD(IAC, ABORT);
-    printoption("SENT", IAC, ABORT);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch(NULL);
-    }
-}
-
-    void
-sendsusp()
-{
-    NET2ADD(IAC, SUSP);
-    printoption("SENT", IAC, SUSP);
-    flushline = 1;
-    if (autoflush) {
-	doflush();
-    }
-    if (autosynch) {
-	dosynch(NULL);
-    }
-}
-
-    void
-sendeof()
-{
-    NET2ADD(IAC, xEOF);
-    printoption("SENT", IAC, xEOF);
-}
-
-    void
-sendayt()
-{
-    NET2ADD(IAC, AYT);
-    printoption("SENT", IAC, AYT);
-}
-
-/*
- * Send a window size update to the remote system.
- */
-
-    void
-sendnaws()
-{
-    long rows, cols;
-    unsigned char tmp[16];
-    register unsigned char *cp;
-
-    if (my_state_is_wont(TELOPT_NAWS))
-	return;
-
-#define	PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
-			    if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
-
-    if (TerminalWindowSize(&rows, &cols) == 0) {	/* Failed */
-	return;
-    }
-
-    cp = tmp;
-
-    *cp++ = IAC;
-    *cp++ = SB;
-    *cp++ = TELOPT_NAWS;
-    PUTSHORT(cp, cols);
-    PUTSHORT(cp, rows);
-    *cp++ = IAC;
-    *cp++ = SE;
-    if (NETROOM() >= cp - tmp) {
-	ring_supply_data(&netoring, tmp, cp-tmp);
-	printsub('>', tmp+2, cp - tmp - 2);
-    }
-}
-
-    void
-tel_enter_binary(rw)
-    int rw;
-{
-    if (rw&1)
-	send_do(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_will(TELOPT_BINARY, 1);
-}
-
-    void
-tel_leave_binary(rw)
-    int rw;
-{
-    if (rw&1)
-	send_dont(TELOPT_BINARY, 1);
-    if (rw&2)
-	send_wont(TELOPT_BINARY, 1);
-}
diff --git a/src/appl/telnet/telnet/terminal.c b/src/appl/telnet/telnet/terminal.c
deleted file mode 100644
index 6112703..0000000
--- a/src/appl/telnet/telnet/terminal.c
+++ /dev/null
@@ -1,241 +0,0 @@
-/*
- * Copyright (c) 1988, 1990, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)terminal.c	8.1 (Berkeley) 6/6/93 */
-
-#include <arpa/telnet.h>
-#include <sys/types.h>
-
-#include "ring.h"
-
-#include "externs.h"
-#include "types.h"
-
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-Ring		ttyoring, ttyiring;
-unsigned char	ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ];
-
-int termdata;			/* Debugging flag */
-
-#ifdef	USE_TERMIO
-# ifndef VDISCARD
-cc_t termFlushChar;
-# endif
-# ifndef VLNEXT
-cc_t termLiteralNextChar;
-# endif
-# ifndef VSUSP
-cc_t termSuspChar;
-# endif
-# ifndef VWERASE
-cc_t termWerasChar;
-# endif
-# ifndef VREPRINT
-cc_t termRprntChar;
-# endif
-# ifndef VSTART
-cc_t termStartChar;
-# endif
-# ifndef VSTOP
-cc_t termStopChar;
-# endif
-# ifndef VEOL
-cc_t termForw1Char;
-# endif
-# ifndef VEOL2
-cc_t termForw2Char;
-# endif
-# ifndef VSTATUS
-cc_t termAytChar;
-# endif
-#else
-cc_t termForw2Char;
-cc_t termAytChar;
-#endif
-
-/*
- * initialize the terminal data structures.
- */
-
-    void
-init_terminal()
-{
-    if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) {
-	exit(1);
-    }
-    if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) {
-	exit(1);
-    }
-    autoflush = TerminalAutoFlush();
-}
-
-
-/*
- *		Send as much data as possible to the terminal.
- *
- *		Return value:
- *			-1: No useful work done, data waiting to go out.
- *			 0: No data was waiting, so nothing was done.
- *			 1: All waiting data was written out.
- *			 n: All data - n was written out.
- */
-
-
-    int
-ttyflush(drop)
-    int drop;
-{
-    register int n, n0, n1;
-
-    n0 = ring_full_count(&ttyoring);
-    if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) {
-	if (drop) {
-	    TerminalFlushOutput();
-	    /* we leave 'n' alone! */
-	} else {
-	    n = TerminalWrite(ttyoring.consume, n);
-	}
-    }
-    if (n > 0) {
-	if (termdata && n) {
-	    Dump('>', ttyoring.consume, n);
-	}
-	/*
-	 * If we wrote everything, and the full count is
-	 * larger than what we wrote, then write the
-	 * rest of the buffer.
-	 */
-	if (n1 == n && n0 > n) {
-		n1 = n0 - n;
-		if (!drop)
-			n1 = TerminalWrite(ttyoring.bottom, n1);
-		n += n1;
-	}
-	ring_consumed(&ttyoring, n);
-    }
-    if (n < 0)
-	return -1;
-    if (n == n0) {
-	if (n0)
-	    return -1;
-	return 0;
-    }
-    return n0 - n + 1;
-}
-
-
-/*
- * These routines decides on what the mode should be (based on the values
- * of various global variables).
- */
-
-
-    int
-getconnmode()
-{
-    extern int linemode;
-    int mode = 0;
-#ifdef	KLUDGELINEMODE
-    extern int kludgelinemode;
-#endif
-
-    if (In3270)
-	return(MODE_FLOW);
-
-    if (my_want_state_is_dont(TELOPT_ECHO))
-	mode |= MODE_ECHO;
-
-    if (localflow)
-	mode |= MODE_FLOW;
-
-    if (my_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_INBIN;
-
-    if (his_want_state_is_will(TELOPT_BINARY))
-	mode |= MODE_OUTBIN;
-
-#ifdef	KLUDGELINEMODE
-    if (kludgelinemode) {
-	if (my_want_state_is_dont(TELOPT_SGA)) {
-	    mode |= (MODE_TRAPSIG|MODE_EDIT);
-	    if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) {
-		mode &= ~MODE_ECHO;
-	    }
-	}
-	return(mode);
-    }
-#endif
-    if (my_want_state_is_will(TELOPT_LINEMODE))
-	mode |= linemode;
-    return(mode);
-}
-
-    void
-setconnmode(force)
-    int force;
-{
-#ifdef	ENCRYPTION
-    static int enc_passwd = 0;
-#endif	/* ENCRYPTION */
-    register int newmode;
-
-    newmode = getconnmode()|(force?MODE_FORCE:0);
-
-    TerminalNewMode(newmode);
-
-#ifdef  ENCRYPTION
-    if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
-	if (my_want_state_is_will(TELOPT_ENCRYPT)
-				&& (enc_passwd == 0) && !encrypt_output) {
-	    encrypt_request_start(0, 0);
-	    enc_passwd = 1;
-	}
-    } else {
-	if (enc_passwd) {
-	    encrypt_request_end();
-	    enc_passwd = 0;
-	}
-    }
-#endif	/* ENCRYPTION */
-
-}
-
-
-    void
-setcommandmode()
-{
-    TerminalNewMode(-1);
-}
diff --git a/src/appl/telnet/telnet/tmac.doc b/src/appl/telnet/telnet/tmac.doc
deleted file mode 100644
index 464023f..0000000
--- a/src/appl/telnet/telnet/tmac.doc
+++ /dev/null
@@ -1,4102 +0,0 @@
-.\" Copyright (c) 1991 The Regents of the University of California.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"     @(#)doc	5.8 (Berkeley) 8/5/91
-.\"
-.\" .mdoc-parse - attempt to parse troff request arguments
-.\" This version has had comments stripped; an unstripped version is available.
-.if \n(.g \{\
-.cp 0
-.ftr C CR
-.\}
-.if t \{\
-.\" tmac.mdoc-ditroff
-.ds aD \fI\s10
-.ds aR \f(CO\s10
-.ds cM \f(CB\s10
-.ds dF \fR\s10
-.ds eM \fI\s10
-.ds eR \fC\s10
-.ds eV \fC\s10
-.ds fA \f(CO\s10
-.ds fD \f(CB\s10
-.ds fL \f(CB\s10
-.ds fN \f(CB\s10
-.ds fP \fP\s0
-.ds fS \s0
-.ds fT \f(CO\s10
-.ds Hs \fR\s10
-.ds iC \f(CB\s10
-.ds lI \fC
-.ds lP \fR\|(\|\fP\s10
-.ds lp \fR(\fP\s10
-.ds rP \fR\|)\|\fP\s10
-.ds rp \fR)\fP\s10
-.ds lB \fR\^[\^\fP\s10
-.ds rB \fR\^]\fP\s10
-.ds mL \fB\s10
-.ds nM \f(CB\s10
-.ds nO \fR\s10
-.ds nT \s0
-.ds pA \fC\s10
-.ds Pu \fR{\ .\ ,\ :\ ;\ (\ )\ [\ ]\ \fR}
-.ds rA \fR\s10
-.ds rT \f(CO\s10
-.ds sH \fB\s10
-.ds sP \s0
-.ds sY \fB\s10
-.ds sX \fR\s10
-.ds tF \fR
-.ds tN \s9
-.ds vA \fI\s10
-.ds Vs \fR\s10
-.ds vT \f(CB\s10
-.ds xR \fC\s10
-.tr *\(**
-.nr sI \w\fC,u*5
-.nr Ti \n(sIu
-.nr Pp .5v
-.ds lS \0
-.nr lS \w'\0'u
-.nr dI 6n
-.de pL
-.nr Hm .5i
-.nr Fm .5i
-.nr ll 6.5i
-.ll 6.5i
-.nr lt 6.5i
-.lt 6.5i
-.nr po 1i
-.po 1.i
-.nr dV .5v
-..
-.ds <= \(<=
-.ds >= \(>=
-.ds Lq \&``
-.ds Rq \&''
-.ds ua \(ua
-.ds aa \(aa
-.ds ga \(ga
-.ds sR \&'
-.ds sL \&`
-.ds q \&"
-.ds Pi \(*p
-.ds Ne \(!=
-.ds Le \(<=
-.ds Ge \(>=
-.ds Lt <
-.ds Gt >
-.ds Pm \(+-
-.ds If \(if
-.ds Na \fINaN\fP
-.ds Ba \fR\&|\fP
-.nr gX 0
-.de hK
-.ds hT \\*(dT
-.if !"\\*(cH"Null" \{\
-.       ie !"\\*(gP"Null" .as hT \|(\|\\*(cH\\*(gP\|)
-.       el .as hT \\|(\\|\\*(cH\\|)
-.\}
-.if "\\*(cH"Null" \{\
-.	if !"\\*(gP"Null" .as hT \&\|(\|\\*(gP\|)
-.\}
-.wh 0 hM
-.wh -1.25i fM
-.ie \\n(gX==1 \{\
-.	rm n1
-.	if \\n(.g .br
-.	if !\\n(.g .bp
-.\}
-.el \{\
-.	if \\n(.g .br
-.	if !\\n(.g 'bp
-.\}
-.nr % 1
-.nr gX 0
-.em lM
-..
-.nr fW \w\fC0
-.de sW
-.nr sW \w\fC\\$1
-.ie \\n(sW>=\\n(fW \{\
-.       ie \\n(sW%\\n(fW .nr sW (\\n(sW/\\n(fW)+1
-.       el .nr sW \\n(sW/\\n(fW
-.\}
-.el \{\
-.	ie \\n(sW>0 .nr sW 1
-.	el .nr sW 0
-.\}
-..
-.de aW
-.nr sW \w\fC\\*(A\\$1
-.ie \\n(sW>=\\n(fW \{\
-.       ie \\n(sW%\\n(fW .nr sW (\\n(sW/\\n(fW)+1
-.       el .nr sW \\n(sW/\\n(fW
-.\}
-.el \{\
-.	ie \\n(sW>0 .nr sW 1
-.	el .nr sW 0
-.\}
-..
-.de Ql
-.if \\n(aC==0  \{\
-.	ds mN Ql
-.       ds A1 \\$1
-.       ds A2 \\$2
-.       ds A3 \\$3
-.       ds A4 \\$4
-.       ds A5 \\$5
-.       ds A6 \\$6
-.       ds A7 \\$7
-.       ds A8 \\$8
-. 	nr fV \\n(.$
-. 	fV
-.\}
-.nr aP \\n(aP+1
-.aW \\n(aP
-.nr aP \\n(aP-1
-.if \\n(sW>2 .Li
-.if \\n(sW<=2 \{\
-.	if (\\n(aP>0) \{\
-.		ds A\\n(aP Li
-.		nr aP \\n(aP -1
-.	\}		
-.	if (\\n(aP==0) \{\
-.		rm C0 C1 C2 C3 C4 C5 C6 C7 C8 C9
-.		rm S1 S2 S3 S4 S5 S6 S7 S8 S9
-.		rn A8 A9
-.		rn A7 A8
-.		rn A6 A7
-.		rn A5 A6
-.		rn A4 A5
-.		rn A3 A4
-.		rn A2 A3
-.		rn A1 A2
-.		ds A1 Li
-.	 	nr fV \\n(aC+1
-.		nr aC 0
-.		fV
-.	\}
-.	ds qL \&\\*(sL
-.	ds qR \&\\*(sR
-.	En
-.\}
-..
-.de Sh
-.nr nS 0
-.nr sE 0
-.nr iS 0
-'ad
-.ie "\\$1"NAME" \{\
-.       hK
-'       in 0
-.\}
-.el \{\
-.       nr nS 0
-.       nr nA 0
-.       nr nF 0
-.       nr nT 0
-.       nr nY 0
-.       nr oT 0
-.       if "\\$1"SYNOPSIS" \{\
-.		na
-.		nr nS 1
-.	\}
-.       if "\\$1"DESCRIPTION" \{\
-.		nr fY 0
-.		nr fZ 0
-.		nr fB 0
-.		nr Fb 0
-.		ds Fb
-.	\}
-.       if "\\$1"SEE" \{\
-.               nr nA 1
-.               na
-.       \}
-.       if "\\$1"FILES" .nr nF 1
-.       if "\\$1"STANDARDS" .nr nT 1
-.       if "\\$1"AUTHORS" .nr nY 1
-.	if "\\$1"SEE" .nr sE 1
-.       in 0
-.       nr aN 0
-.\}
-.pL
-'sp
-.ns
-.ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.if !\\n(cR .ne 3
-'fi
-\&\\*(sH\\$1 \|\\$2 \|\\$3 \|\\$4 \|\\$5 \|\\$6 \|\\$7 \|\\$8 \|\\$9
-\&\fP\s0\&
-.in \\n(.iu+\\n(Tiu
-.ns
-..
-.\}
-.if n \{\
-.\" tmac.mdoc-nroff
-.ds aD \fI
-.ds aR \fI
-.ds cM \fB
-.ds dF \fR
-.ds eM \fI
-.ds eR \fR
-.ds eV \fR
-.ds fA \fI
-.ds fD \fB
-.ds fL \fB
-.ds fN \fB
-.ds fP \fP
-.ds fS
-.ds fT \fI
-.ds Hs \fR
-.ds iC \fB
-.ds lI \fR
-.ds lP \fR\|(\fP
-.ds rP \fR\|)\fP
-.ds lp \fR\|(\fP
-.ds rp \fR\|)\fP
-.ds lB \fR\|[\|\fP
-.ds rB \fR\|]\fP
-.ds mL \fB
-.ds nM \fB
-.ds nO \fR
-.ds pA \fI
-.ds Pu {\ .\ ,\ ;\ :\ (\ )\ [\ ]}
-.ds rA \fR
-.ds rT \fI
-.ds sH \fB
-.ds sP
-.ds sY \fB
-.ds sX \fI
-.ds tF \fR
-.ds tN
-.ds vA \fI
-.ds Vs \fR
-.ds vT \fB
-.ds xR \fR
-.nr sI .5i
-.nr Ti .5i
-.nr cR 1
-.nr Pp 1v
-.ds lS \0\0
-.nr lS \w'\0\0'u
-.nr dI 6n
-.de pL
-.ie \\n(cR .nr Hm 0
-.el .nr Hm .5i
-.nr Fm .5i
-.nr ll 78n
-.ll 78n
-.nr lt 78n
-.lt 78n
-.nr po 0i
-.po 0i
-.nr dV 1v
-.ad l
-.na
-..
-.ds <= \&<\&=
-.ds >= \&>\&=
-.ds Rq ''
-.ds Lq ``
-.ds ua ^
-.ds aa \'
-.ds ga \`
-.ds sL `
-.ds sR '
-.ds q \&"
-.ds Pi pi
-.ds Ne !=
-.ds Le <=
-.ds Ge >=
-.ds Lt <
-.ds Gt >
-.ds Pm +-
-.ds If infinity
-.ds Na \fINaN\fP
-.ds Ba \fR\&|\fP
-.de hK
-.nr % 1
-.ds hT \\*(dT
-.if !"\\*(cH"Null" \{\
-.	ie !"\\*(gP"Null" .as hT \|(\|\\*(cH\\*(gP\|)
-.	el .as hT \\|(\\|\\*(cH\\|)
-.\}
-.if "\\*(cH"Null" .if !"\\*(gP"Null" .as hT \&\|(\|\\*(gP\|)
-.ie \\n(cR \{\
-.	hM
-.	wh -1v fM
-.\}
-.el \{\
-.	wh 0 hM
-.	wh -1.167i fM
-.\}
-.if \\n(nl==0:\\n(nl==-1 'bp
-.em lM
-..
-.nr fW \w'0'
-.de sW
-.nr sW \w\\$1
-.ie \\n(sW>=\\n(fW \{\
-.       ie \\n(sW%\\n(fW .nr sW (\\n(sW/\\n(fW)+1
-.       el .nr sW \\n(sW/\\n(fW
-.\}
-.el .nr sW 0
-..
-.de aW
-.nr sW \w\\*(A\\$1
-.ie \\n(sW>=\\n(fW \{\
-.       ie \\n(sW%\\n(fW .nr sW (\\n(sW/\\n(fW)+1
-.       el .nr sW \\n(sW/\\n(fW
-.\}
-.el .nr sW 0
-..
-.de Ql
-.if \\n(aC==0  \{\
-.	ds mN Ql
-.	ds A1 \\$1
-.	ds A2 \\$2
-.	ds A3 \\$3
-.	ds A4 \\$4
-.	ds A5 \\$5
-.	ds A6 \\$6
-.	ds A7 \\$7
-.	ds A8 \\$8
-.	ds A9 \\$9
-.	nr fV \\n(.$
-. 	fV
-.\}
-.ds qL \&\\*(sL
-.ds qR \&\\*(sR
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Sh
-.nr nS 0
-.nr sE 0
-.nr iS 0
-.ie "\\$1"NAME" \{\
-.       hK
-'       in 0
-.\}
-.el \{\
-.       nr nS 0
-.       nr nA 0
-.       nr nF 0
-.       nr nT 0
-.       nr nY 0
-.       nr aN 0
-.       nr oT 0
-.       if "\\$1"SEE" .nr nA 1
-.       if "\\$1"FILES" .nr nF 1
-.       if "\\$1"STANDARDS" .nr nT 1
-.       if "\\$1"SYNOPSIS" .nr nS 1
-.       if "\\$1"DESCRIPTION" \{\
-.               rr fB
-.               rr Fb
-.               ds Fb
-.               nr fY 0
-.               nr fZ 0
-.       \}
-.	if "\\$1"AUTHORS" .nr nY 1
-.       in 0
-.\}
-.pL
-'sp
-.ns
-.ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.if !\\n(cR .ne 3
-'fi
-\&\\*(sH\\$1 \|\\$2 \|\\$3 \|\\$4 \|\\$5 \|\\$6 \|\\$7 \|\\$8 \|\\$9
-\&\fP\s0\&
-.in \\n(.iu+\\n(Tiu
-.if "\\$1"SEE" .nr sE 1
-.ns
-..
-.\}
-.\"     @(#)doc-common	5.7 (Berkeley) 8/5/91
-.nr %A 1
-.nr %J 1
-.nr %N 1
-.nr %O 1
-.nr %R 1
-.nr %T 1
-.nr %V 1
-.nr Ad 12n
-.nr Ac 3
-.nr Ao 12n
-.nr Ap 2
-.nr An 12n
-.nr Aq 12n
-.nr Ar 12n
-.nr Bc 3
-.nr Bl 1
-.nr Bo 12n
-.nr Bq 12n
-.nr Bx 12n
-.nr Cd 12n
-.nr Cm 10n
-.nr Co 15n
-.nr Cx 20n
-.nr Dc 3
-.nr Do 10n
-.nr Dq 12n
-.nr Ds 6n
-.nr Dq 12n
-.nr Dv 12n
-.nr tI \n(Dsu
-.nr Ec 3
-.nr El 1
-.nr Eo 12n
-.nr Eq 12n
-.nr Em 10n
-.nr Er 12n
-.nr Ev 15n
-.nr Ex 10n
-.nr Fa 12n
-.nr Fl 10n
-.nr Fc 3
-.nr Fo 16n
-.nr Fn 16n
-.nr Hl 1
-.nr I1 6n
-.nr I2 12n
-.nr I3 18n
-.nr Ic 10n
-.nr Li 16n
-.nr Ms 6n
-.nr Nm 10n
-.nr No 12n
-.nr Ns 2
-.nr Oo 10n
-.nr Oc 3
-.nr Op 14n
-.nr Pa 32n
-.nr Pf 12n
-.nr Pc 3
-.nr Po 12n
-.nr Pq 12n
-.nr Ql 16n
-.nr Qc 3
-.nr Qo 12n
-.nr Qq 12n
-.nr Sc 3
-.nr So 12n
-.nr Sq 12n
-.nr Sy 6n
-.nr Sx 16n
-.nr Ra 1
-.nr Rj 1
-.nr Rn 1
-.nr Ro 1
-.nr Rr 1
-.nr Rt 1
-.nr Rv 1
-.nr Tn 10n
-.nr Ta 1
-.nr Tv 1
-.nr Tx 22n
-.nr Ux 10n
-.nr Va 12n
-.nr Xc 3
-.nr Xo 1
-.nr Xr 10n
-.ds sV \& \&
-.ds hV \&\ \&
-.ds iV \& \&
-.ds tV \&\\t\&
-.nr z. 3
-.nr z, 3
-.nr z: 3
-.nr z; 3
-.nr z( 4
-.nr z) 3
-.nr z[ 4
-.nr z] 3
-.ds z( z)
-.ds z[ z]
-.ds z< z>
-.nr z0 0
-.nr z1 0
-.nr z2 0
-.nr z3 0
-.nr z4 0
-.nr z5 0
-.nr z6 0
-.nr z7 0
-.nr z8 0
-.nr z9 0
-.nr z# 0
-.de Dt
-.ds dT UNTITLED
-.ds vT LOCAL
-.ds cH Null
-.if !"\\$1"" .ds dT \\$1
-.if !"\\$2"" \{\
-.	ds cH \\$2
-.		if \\$2>=1 .if \\$2<=8 \{\
-.			ds vT NetBSD Reference Manual
-.			if \\$2>1 .if \\$2<6 .ds vT NetBSD Programmer's Manual
-.			if "\\$2"8" .ds vT NetBSD System Manager's Manual
-.			nr sN \\$2
-.		\}
-.		if "\\$2"unass"  .ds vT DRAFT
-.		if "\\$2"draft"  .ds vT DRAFT
-.		if "\\$2"paper"  .ds vT UNTITLED
-.\}
-.if !"\\$3"" \{\
-.	if "\\$3"USD"   .ds vT NetBSD User's Supplementary Documents
-.	if "\\$3"PS1"   .ds vT NetBSD Programmers's Supplementary Documents
-.	if "\\$3"AMD"   .ds vT NetBSD Ancestral Manual Documents
-.	if "\\$3"SMM"   .ds vT NetBSD System Manager's Manual
-.	if "\\$3"URM"   .ds vT NetBSD Reference Manual
-.	if "\\$3"PRM"   .ds vT NetBSD Programmers's Manual
-.	if "\\$3"IND"   .ds vT NetBSD Manual Master Index
-.	if "\\$3"LOCAL" .ds vT NetBSD Local Manual
-.	if "\\$3"tahoe" .as vT \ (Tahoe Architecture)
-.	if "\\$3"vax" .as vT \ (VAX Architecture)
-.	if "\\$3"hp300" .as vT \ (HP300 Architecture)
-.	if "\\*(vT"LOCAL" .ds vT \\$3
-.\}
-..
-.de Os
-.ds oS Null
-.if "\\$1"" \{\
-.	ds oS BSD Experimental
-.\}
-.if "\\$2"" \{\
-.	ds aa Non-Null
-.\}
-.if "\\$1"ATT"   \{\
-.	ds oS AT&T
-.	if "\\$2""    .as oS \0UNIX
-.	if "\\$2"7th" .as oS \07th Edition
-.	if "\\$2"7"   .as oS \07th Edition
-.	if "\\$2"III" .as oS \0System III
-.	if "\\$2"3"   .as oS \0System III
-.	if "\\$2"V"   .as oS \0System V
-.	if "\\$2"V.2" .as oS \0System V Release 2
-.	if "\\$2"V.3" .as oS \0System V Release 3
-.	if "\\$2"V.4" .as oS \0System V Release 4
-.\}
-.if "\\$1"BSD" \{\
-.	if "\\$2"3"    .ds oS 3rd Berkeley Distribution
-.	if "\\$2"4"    .ds oS 4th Berkeley Distribution
-.	if "\\$2"4.1"  .ds oS 4.1 Berkeley Distribution
-.	if "\\$2"4.2"  .ds oS 4.2 Berkeley Distribution
-.	if "\\$2"4.3"  .ds oS 4.3 Berkeley Distribution
-.	if "\\$2"4.3T" .ds oS 4.3-Tahoe Berkeley Distribution
-.	if "\\$2"4.3R" .ds oS 4.3-Reno Berkeley Distribution
-.	if "\\$2"4.3t" .ds oS 4.3-Tahoe Berkeley Distribution
-.	if "\\$2"4.3r" .ds oS 4.3-Reno Berkeley Distribution
-.	if "\\$2"4.4"  .ds oS BSD Experimental
-.\}
-.if "\\$1"NetBSD" \{\
-.	ds oS NetBSD
-.	if "\\$2"0.8"  .as oS \00.8
-.	if "\\$2"0.8a" .as oS \00.8a
-.	if "\\$2"0.9"  .as oS \00.9
-.	if "\\$2"0.9a" .as oS \00.9a Experimental
-.	if "\\$2"1.0"  .as oS \01.0 Experimental
-.\}
-.if "\\*(oS"Null" .ds oS \0\\$1
-.if "\\*(aa"Non-Null" .as oS \0\\$2
-.rm aa
-..
-.de Dd
-.if !"\\*(dD"" .nr gX 1
-.ie \\n(.$>0 \{\
-.	ie \\n(.$==3 \{\
-.		ds dD \\$1 \\$2 \\$3
-.	\}
-.	el \{\
-.		if "\\n(mo"1"  .ds dD January
-.		if "\\n(mo"2"  .ds dD February
-.		if "\\n(mo"3"  .ds dD March
-.		if "\\n(mo"4"  .ds dD April
-.		if "\\n(mo"5"  .ds dD May
-.		if "\\n(mo"6"  .ds dD June
-.		if "\\n(mo"7"  .ds dD July
-.		if "\\n(mo"8"  .ds dD August
-.		if "\\n(mo"9"  .ds dD September
-.		if "\\n(mo"10" .ds dD October
-.		if "\\n(mo"11" .ds dD November
-.		if "\\n(mo"12" .ds dD December
-.		as dD \&\ \\n(dy, 19\\n(yr
-.	\}
-.\}
-.el \{\
-.	ds dD Epoch
-.\}
-..
-.de hM
-.ev 1
-.pL
-.if !\\n(cR 'sp \\n(Hmu
-.tl @\\*(Hs\\*(hT\fP@\\*(Vs\\*(vT\fP@\\*(Hs\\*(hT\fP@
-'sp \\n(Hmu
-.ev
-..
-.de fM
-.ie \\n(cR 'br
-.el \{\
-.	ev 1
-.	pL
-.	if !\\n(cR \{\
-'		sp \\n(Fmu
-.		tl @\\*(Hs\\*(oS\fP@\\*(Vs\\*(dD\fP@%@
-'		bp
-.	\}
-.	ev
-.\}
-..
-.de lM
-.fl
-.if \\n(cR \{\
-'	sp
-.	tl @\\*(Hs\\*(oS\fP@\\*(Vs\\*(dD\fP@%@
-.       pl \\n(nlu
-.\}
-..
-.de Pp
-.sp \\n(Ppu
-.ne 2
-.ns
-..
-.de Lp
-.Pp
-..
-.de LP
-.tm Not a \-mdoc command: .LP
-..
-.de PP
-.tm Not a \-mdoc command: .PP
-..
-.de pp
-.tm Not a \-mdoc command: .pp
-..
-.de Nd
-\&\-\& \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Ss
-.sp
-.ne 2
-.ti -.25i
-\&\\*(sH\\$1 \|\\$2 \|\\$3 \|\\$4 \|\\$5 \|\\$6 \|\\$7 \|\\$8 \|\\$9
-\&\fP\s0
-.ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.if !\\n(cR .ne 2
-.br
-..
-.de Rd
-.tm MDOC REGISTER DUMP
-.tm Db==\\n(Db register DEBUG MODE
-.tm L[0-9] registers - stack of list types
-.tm L0==\\n(L0
-.tm L1==\\n(L1
-.tm L2==\\n(L2
-.tm L3==\\n(L3
-.tm L4==\\n(L4
-.tm L5==\\n(L5
-.tm L6==\\n(L6
-.tm L7==\\n(L7
-.tm L8==\\n(L8
-.tm L9==\\n(L9
-.tm O[0-9] registers - stack of indent
-.tm O0==\\n(O0
-.tm O1==\\n(O1
-.tm O2==\\n(O2
-.tm O3==\\n(O3
-.tm O4==\\n(O4
-.tm O5==\\n(O5
-.tm O6==\\n(O6
-.tm O7==\\n(O7
-.tm O8==\\n(O8
-.tm O9==\\n(O9
-.tm aC==\\n(aC register argument counter (aV/fV)
-.tm aJ==\\n(aJ register (for vR)
-.tm aN==\\n(aN register
-.tm aP==\\n(aP register argument pointer (aV)
-.tm aT==\\n(aT register argument type
-.tm aa==\\n(aa local register
-.tm bK==\\n(bK register - Book Name flag
-.tm cF==\\n(cF register save current font
-.tm cI==\\n(cI register - column indent width
-.tm cZ==\\n(cZ register save current font size
-.tm dK==\\n(dK register - Date flag
-.tm d[0-9] registers - display-type stack
-.tm d0==\\n(d0
-.tm d1==\\n(d1
-.tm d2==\\n(d2
-.tm d3==\\n(d3
-.tm d4==\\n(d4
-.tm d5==\\n(d5
-.tm d6==\\n(d6
-.tm d7==\\n(d7
-.tm d8==\\n(d8
-.tm d9==\\n(d9
-.tm dZ==\\n(dZ register diversion count
-.tm fD==\\n(fD register subroutine test (in synopsis only)
-.tm fV==\\n(fV register argument counter (must set to \\n(.$ prior to
-.tm fY==\\n(fY register - dick with old style function declarations (fortran)
-.tm fZ==\\n(fZ register also subroutine count (in synopsis only)
-.tm h[0-9] register horizontal tag stack (continuous if 1, break if
-.tm h0==\\n(h0
-.tm h1==\\n(h1
-.tm h2==\\n(h2
-.tm h3==\\n(h3
-.tm h4==\\n(h4
-.tm h5==\\n(h5
-.tm h6==\\n(h6
-.tm h7==\\n(h7
-.tm h8==\\n(h8
-.tm h9==\\n(h9
-.tm iD==\\n(iD local register
-.tm iI==\\n(iI local register (indent for inline debug mode)
-.tm iN==\\n(iN register DEBUG MODE (inline if 1, to stderr if
-.tm iS==\\n(iS register - indent second command line in a synopsis
-.tm jK==\\n(jK register - [reference] Journal Name flag
-.tm jM==\\n(jM local register
-.tm jN==\\n(jN local register
-.tm lC==\\n(lC register - list type stack counter
-.tm lK==\\n(lK register count of lines read from input file
-.tm nK==\\n(nK register - [reference] issue number flag
-.tm nU==\\n(nU register count
-.tm oK==\\n(oK register - [reference] optional information flag
-.tm oM==\\n(oM register (extension possible)
-.tm o[0-9] register offset stack (nested tags)
-.tm o0==\\n(o0
-.tm o1==\\n(o1
-.tm o2==\\n(o2
-.tm o3==\\n(o3
-.tm o4==\\n(o4
-.tm o5==\\n(o5
-.tm o6==\\n(o6
-.tm o7==\\n(o7
-.tm o8==\\n(o8
-.tm o9==\\n(o9
-.tm oM==\\n(oM register open ended line flag
-.tm pK==\\n(pK register - [reference] page number flag
-.tm qK==\\n(qK register - Corporate or Foreign Author flag
-.tm rK==\\n(rK register - [reference] report flag
-.tm rS==\\n(rS register - Reference Start flag
-.tm sM==\\n(sM register - default is one (space mode on)
-.tm tK==\\n(tK register - reference title flag
-.tm tP==\\n(tP register tag flag (for diversions)
-.tm tX==\\n(tX register (initial class)
-.tm tY==\\n(tY register (next possible lC value)
-.tm t[0-9] register tag string stack (nested tags)
-.tm t0==\\n(t0
-.tm t1==\\n(t1
-.tm t2==\\n(t2
-.tm t3==\\n(t3
-.tm t4==\\n(t4
-.tm t5==\\n(t5
-.tm t6==\\n(t6
-.tm t7==\\n(t7
-.tm t8==\\n(t8
-.tm t9==\\n(t9
-.tm uK==\\n(uK register - reference author(s) counter
-.tm vK==\\n(vK register - reference volume flag
-.tm v[0-9] register vertical tag break stack
-.tm v0==\\n(v0
-.tm v1==\\n(v1
-.tm v2==\\n(v2
-.tm v3==\\n(v3
-.tm v4==\\n(v4
-.tm v5==\\n(v5
-.tm v6==\\n(v6
-.tm v7==\\n(v7
-.tm v8==\\n(v8
-.tm v9==\\n(v9
-.tm w[0-9] register tag stack (nested tags)
-.tm w0==\\n(w0
-.tm w1==\\n(w1
-.tm w2==\\n(w2
-.tm w3==\\n(w3
-.tm w4==\\n(w4
-.tm w5==\\n(w5
-.tm w6==\\n(w6
-.tm w7==\\n(w7
-.tm w8==\\n(w8
-.tm w9==\\n(w9
-.tm xX==\\n(xX local register
-.tm END OF REGISTER DUMP
-..
-.\"     @(#)doc-syms	5.6 (Berkeley) 8/5/91
-.de Ux
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ds aa \&\f\\n(cF\s\\n(cZ
-.as b1 \&\\*(tNUNIX\\*(aa
-.rm aa
-.if \\n(aC==0 \{\
-.       if \\n(.$>0 .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.\}
-.ie \\n(aC>\\n(aP \{\
-.       nr aP \\n(aP+1
-.       ie \\n(C\\n(aP==1 \{\
-.               \\*(A\\n(aP
-.       \}
-.       el .nR
-.\}
-.el .aZ
-..
-.de Bx
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ds aa \&\f\\n(cF\s\\n(cZ
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 \&\\*(tNBSD\\*(aa \\*(tNUNIX\\*(aa
-.       el .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.\}
-.if "\\$1"-alpha" \{\
-\&currently in alpha test.
-.	aY
-.\}
-.if "\\$1"-beta" \{\
-\&currently in beta test.
-.	aY
-.\}
-.if "\\$1"-devel" \{\
-\&currently under development.
-.	aY
-.\}
-.if \\n(aC>\\n(aP \{\
-.       nr aP \\n(aP+1
-.	ie \\n(C\\n(aP==2 \{\
-.		as b1 \&\\*(A\\n(aP\&\\*(tNBSD\\*(aa
-.		ie \\n(aC>\\n(aP \{\
-.			nr jj \\n(aP+1
-.			ie \\n(C\\n(jj==2 \{\
-.				if "\\*(A\\n(jj"Reno" \{\
-.					nr aP \\n(aP+1
-.					as b1 \&\-\\*(A\\n(jj
-.				\}
-.				if "\\*(A\\n(jj"reno" \{\
-.					nr aP \\n(aP+1
-.					as b1 \&\-Reno
-.				\}
-.				if "\\*(A\\n(jj"Tahoe" \{\
-.					nr aP \\n(aP+1
-.					as b1 \&\-\\*(A\\n(jj
-.				\}
-.				if "\\*(A\\n(jj"tahoe" \{\
-.					nr aP \\n(aP+1
-.					as b1 \&\-Tahoe
-.				\}
-.				ie \\n(aC>\\n(aP \{\
-.					nr aP \\n(aP+1
-.					nR
-.				\}
-.				el .aZ
-.			\}
-.			el \{\
-.				nr aP \\n(aP+1
-.				nR
-.			\}
-.			rr jj
-.		\}
-.		el .aZ
-.	\}
-.	el \{\
-.	       as b1 \&\\*(tNBSD\\*(aa U\\*(tNNIX\\*(aa
-.	       nR
-.	\}
-.\}
-..
-.de Ud
-\&currently under development.
-..
-.de Nx
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ds aa \&\f\\n(cF\s\\n(cZ
-.if \\n(.$==2 \{\
-.	if "\\$1"0.8"  \&\\*(tNNetBSD\\*(aa 0.8\\*(aa\\$2
-.	if "\\$1"0.8a"  \&\\*(tNNetBSD\\*(aa 0.8a\\*(aa\\$2
-.	if "\\$1"0.9"  \&\\*(tNNetBSD\\*(aa 0.9\\*(aa\\$2
-.	if "\\$1"0.9a"  \&\\*(tNNetBSD\\*(aa 0.9a\\*(aa\\$2
-.	if "\\$1"1.0"  \&\\*(tNNetBSD\\*(aa 1.0\\*(aa\\$2
-.	if "\\$1"1.0a"  \&\\*(tNNetBSD\\*(aa 1.0a\\*(aa\\$2
-.\}
-.if \\n(.$==1 \{\
-.	if "\\$1"0.8"  \&\\*(tNNetBSD\\*(aa 0.8\\*(aa
-.	if "\\$1"0.8a"  \&\\*(tNNetBSD\\*(aa 0.8a\\*(aa
-.	if "\\$1"0.9"  \&\\*(tNNetBSD\\*(aa 0.9\\*(aa
-.	if "\\$1"0.9a"  \&\\*(tNNetBSD\\*(aa 0.9a\\*(aa
-.	if "\\$1"1.0"  \&\\*(tNNetBSD\\*(aa 1.0\\*(aa
-.	if "\\$1"1.0a"  \&\\*(tNNetBSD\\*(aa 1.0a\\*(aa
-.\}
-..
-.de At
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ds aa \&\f\\n(cF\s\\n(cZ
-.if \\n(.$==2 \{\
-.	if "\\$1"32v" \&Version 32V \\*(tNAT&T UNIX\\*(aa\\$2
-.	if "\\$1"v6"  \&Version 6 \\*(tNAT&T UNIX\\*(aa\\$2
-.	if "\\$1"v7"  \&Version 7 \\*(tNAT&T UNIX\\*(aa\\$2
-.	if "\\$1"V"  \&\\*(tNAT&T\\*(aa System V \\*(tNUNIX\\*(aa\\$2
-.	if "\\$1"V.1"  \&\\*(tNAT&T\\*(aa System V.1 \\*(tNUNIX\\*(aa\\$2
-.	if "\\$1"V.2"  \&\\*(tNAT&T\\*(aa System V.2 \\*(tNUNIX\\*(aa\\$2
-.	if "\\$1"V.4"  \&\\*(tNAT&T\\*(aa System V.4 \\*(tNUNIX\\*(aa\\$2
-.\}
-.if \\n(.$==1 \{\
-.	if "\\$1"32v" \&Version 32V \\*(tNAT&T UNIX\\*(aa
-.	if "\\$1"v6"  \&Version 6 \\*(tNAT&T UNIX\\*(aa
-.	if "\\$1"v7"  \&Version 7 \\*(tNAT&T UNIX\\*(aa
-.	if "\\$1"V"  \&\\*(tNAT&T\\*(aa System V \\*(tNUNIX\\*(aa
-.	if "\\$1"V.1"  \&\\*(tNAT&T\\*(aa System V.1 \\*(tNUNIX\\*(aa
-.	if "\\$1"V.2"  \&\\*(tNAT&T\\*(aa System V.2 \\*(tNUNIX\\*(aa
-.	if "\\$1"V.4"  \&\\*(tNAT&T\\*(aa System V.4 \\*(tNUNIX\\*(aa
-.\}
-..
-.de Bt
-\&is currently in beta test.
-..
-.ds Px \\*(tNPOSIX
-.ds Ai \\*(tNANSI
-.de St
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.tm Usage: .St [-p1003.1-90 | -p1003.2 | -ansiC-89 | -iso ] \\*(Pu ... (#\\n(.c)
-.	\}
-.	el \{\
-.		ds mN St
-.		nr aP 0
-.		ds A1 \\$1
-.		ds A2 \\$2
-.		ds A3 \\$3
-.		ds A4 \\$4
-.		ds A5 \\$5
-.		ds A6 \\$6
-.		ds A7 \\$7
-.		ds A8 \\$8
-.		ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr cF \\n(.f
-.	nr cZ \\n(.s
-.	ds aa \&\f\\n(cF\s\\n(cZ
-.	nr aP \\n(aP+1
-.       if "\\*(A\\n(aP"-p1003.1-90" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1-1990\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1-1990\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-p1003.1-88" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1-1988\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1-1988\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-p1003.1" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.1\\*(sV
-.			as b1 (``\\*(tN\\*(Px\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-p1003.2-92" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.2-1992\\*(sV
-.			as b1 (``\\*(tN\\*(Px.2\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.2-1992\\*(sV
-.			as b1 (``\\*(tN\\*(Px.2\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-p1003.2" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.2\\*(sV
-.			as b1 (``\\*(tN\\*(Px.2\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa1003.2\\*(sV
-.			as b1 (``\\*(tN\\*(Px.2\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-ansiC" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNANSI \\*(aaX3.159-1989\\*(sV
-.			as b1 (``\\*(tNANSI C\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNANSI \\*(aaX3.159-1989\\*(sV
-.			as b1 (``\\*(tNANSI C\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-ansiC-89" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNANSI \\*(aaX3.159-1989\\*(sV
-.			as b1 (``\\*(tNANSI C\\*(aa'')
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNANSI \\*(aaX3.159-1989\\*(sV
-.			as b1 (``\\*(tNANSI C\\*(aa'')
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-ieee754" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa754-1985
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNIEEE Std\\*(aa754-1985
-.		\}
-.       \}
-.       if "\\*(A\\n(aP"-iso8802-3" \{\
-.		ie \\n(sT==1 \{\
-.			ds b1 \&\\*(tNISO \\*(aa8802-3: 1989\\*(sV
-.		\}
-.		el \{\
-.			ds b1 \&\\*(tNISO \\*(aa8802-3: 1989\\*(sV
-.		\}
-.       \}
-.	ie \\n(aC>\\n(aP \{\
-.		nr aP \\n(aP+1
-.		nR
-.	\}
-.	el .aZ
-.\}
-..
-.nr Db 0
-.de Db
-.ie \\n(.$==0 \{\
-.	ie \\n(Db==0 \{\
-.tm DEBUGGING ON
-.		nr Db 1
-.	\}
-.	el \{\
-.tm DEBUGGING OFF
-.		nr Db 0
-.	\}
-.\}
-.el \{\
-.	if "\\$1"on" \{\
-.tm DEBUGGING ON
-.		nr Db 1
-.	\}
-.	if "\\$1"off" \{\
-.tm DEBUGGING OFF
-.		nr Db 0
-.	\}
-.\}
-..
-.de aV
-.nr aC \\n(aC+1
-.ie "\\$1"|" \{\
-.	if "\\*(mN"Op" .ds A\\n(aC \fR\\$1\fP
-.	if "\\*(mN"Ar" .ds A\\n(aC \fR\\$1\fP
-.	if "\\*(mN"Fl" .ds A\\n(aC \fR\\$1\fP
-.	if "\\*(mN"Cm" .ds A\\n(aC \fR\\$1\fP
-.	if "\\*(mN"It" .ds A\\n(aC \fR\\$1\fP
-.\}
-.el .ds A\\n(aC \\$1
-.aU \\n(aC
-.nr C\\n(aC \\n(aT
-.s\\n(aT
-.if \\n(Db \{\
-.	if \\n(aT==1 .ds yU Executable
-.	if \\n(aT==2 .ds yU String
-.	if \\n(aT==3 .ds yU Closing Punctuation or suffix
-.	if \\n(aT==4 .ds yU Opening Punctuation or prefix
-.	if \\n(iN==1 \{\
-.		br
-.		nr iI \\n(.iu
-.		in -\\n(iIu
-.		if \\n(aC==1 \{\
-\&\fBDEBUG(argv) MACRO:\fP `.\\*(mN'  \fBLine #:\fP \\n(.c
-.		\}
-\&\t\fBArgc:\fP \\n(aC  \fBArgv:\fP `\\*(A\\n(aC'  \fBLength:\fP \\n(sW
-\&\t\fBSpace:\fP `\\*(S\\n(aC'  \fBClass:\fP \\*(yU
-.	\}
-.	if \\n(iN==0 \{\
-.		if \\n(aC==1 \{\
-.			tm DEBUG(argv) MACRO: `.\\*(mN'  Line #: \\n(.c
-.		\}
-.		tm \tArgc: \\n(aC  Argv: `\\*(A\\n(aC'  Length: \\n(sW
-.		tm \tSpace: `\\*(S\\n(aC'  Class: \\*(yU
-.	\}
-.\}
-.ie \\n(.$==1 \{\
-.	nr aP 0
-.	ie \\n(dZ==1 \{\
-.		if \\n(oM>1 .as b1 \\*(S0
-.	\}
-.	el \{\
-.		if \\n(oM>0 \{\
-.			if \\n(fC==0 .as b1 \\*(S0
-.		\}
-.	\}
-.	ds S0 \\*(S\\n(aC
-.	if \\n(Db \{\
-.		if \\n(iN==1 \{\
-\&MACRO REQUEST: \t.\\*(mN \\*(A1 \\*(A2 \\*(A3 \\*(A4 \\*(A5 \\*(A6 \\*(A7 \\*(A8 \\*(A9
-.			br
-.			in \\n(iIu
-.		\}
-.		if \\n(iN==0 \{\
-.tm \tMACRO REQUEST: .\\*(mN \\*(A1 \\*(A2 \\*(A3 \\*(A4 \\*(A5 \\*(A6 \\*(A7 \\*(A8 \\*(A9
-.		\}
-.	\}
-.\}
-.el .aV \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de fV
-.nr aC \\n(aC+1
-.if "\\*(A\\n(aC"|" \{\
-.	if "\\*(mN"Op" .ds A\\n(aC \fR\\*(A\\n(aC\fP
-.	if "\\*(mN"Ar" .ds A\\n(aC \fR\\*(A\\n(aC\fP
-.	if "\\*(mN"Fl" .ds A\\n(aC \fR\&\\*(A\\n(aC\fP
-.	if "\\*(mN"Cm" .ds A\\n(aC \fR\\*(A\\n(aC\fP
-.	if "\\*(mN"It" .ds A\\n(aC \fR\\*(A\\n(aC\fP
-.\}
-.aU \\n(aC
-.nr C\\n(aC \\n(aT
-.s\\n(aT
-.if \\n(Db \{\
-.	if \\n(aT==1 .ds yU Executable
-.	if \\n(aT==2 .ds yU String
-.	if \\n(aT==3 .ds yU Closing Punctuation or suffix
-.	if \\n(aT==4 .ds yU Opening Punctuation or prefix
-.	if \\n(iN==1 \{\
-.		br
-.		nr iI \\n(.iu
-.		in -\\n(iIu
-.		if \\n(aC==1 \{\
-\&\fBDEBUG(fargv) MACRO:\fP `.\\*(mN'  \fBLine #:\fP \\n(.c
-.		\}
-\&\t\fBArgc:\fP \\n(aC  \fBArgv:\fP `\\*(A\\n(aC'  \fBLength:\fP \\n(sW
-\&\t\fBSpace:\fP `\\*(S\\n(aC'  \fBClass:\fP \\*(yU
-.	\}
-.	if \\n(iN==0 \{\
-.		if \\n(aC==1 \{\
-.			tm DEBUG(fargv) MACRO: `.\\*(mN'  Line #: \\n(.c
-.		\}
-.		tm \tArgc: \\n(aC  Argv: `\\*(A\\n(aC'  Length: \\n(sW
-.		tm \tSpace: `\\*(S\\n(aC'  Class: \\*(yU
-.	\}
-.\}
-.ie \\n(fV==1 \{\
-.	nr aP 0
-.	ie \\n(dZ==1 \{\
-.		if \\n(oM>1 .as b1 \\*(S0
-.	\}
-.	el \{\
-.		if \\n(oM>0 \{\
-.			if \\n(fC==0 .as b1 \\*(S0
-.		\}
-.	\}
-.	ds S0 \\*(S\\n(aC
-.	nr fV 0
-.	if \\n(Db \{\
-.		ie \\n(iN \{\
-\&\tMACRO REQUEST: .\\*(mN \\*(A1 \\*(A2 \\*(A3 \\*(A4 \\*(A5 \\*(A6 \\*(A7 \\*(A8 \\*(A9
-.			br
-.			in \\n(iIu
-.		\}
-.		el \{\
-.tm \tMACRO REQUEST: .\\*(mN \\*(A1 \\*(A2 \\*(A3 \\*(A4 \\*(A5 \\*(A6 \\*(A7 \\*(A8 \\*(A9
-.		\}
-.	\}
-.\}
-.el \{\
-.	nr fV \\n(fV-1
-.	fV
-.\}
-..
-.de aX
-.nr aP \\n(aP+1
-.as b1 \&\\*(A\\n(aP
-.ie \\n(fV==1 \{\
-.	nr aP 0
-.	nr fV 0
-.\}
-.el \{\
-.	as b1 \&\\*(sV
-.	nr fV \\n(fV-1
-.	aX
-.\}
-..
-.de aI
-.ie \\n(aC<9 \{\
-.	nr aC \\n(aC+1
-.	ds A\\n(aC \\$1
-.	nr C\\n(aC \\$2
-.	s\\$2
-.	ds xV S\\n(aC
-.\}
-.el \{\
-.	tm Usage: Too many arguments (maximum of 8 accepted) (#\\n(.c)
-.	tm \\*(A1 \\*(A2 \\*(A3 \\*(A4 \\*(A5 \\*(A6 \\*(A7 \\*(A8 \\*(A9
-.\}
-..
-.de aZ
-.pB
-.aY
-..
-.de aY
-.rm C0 C1 C2 C3 C4 C5 C6 C7 C8 C9
-.rm A0 A1 A2 A3 A4 A5 A6 A7 A8 A9
-.rm S1 S2 S3 S4 S5 S6 S7 S8 S9
-.nr aC 0
-.nr aP 0
-..
-.de pB
-.ie \\n(dZ==1 \{\
-.	if \\n(oM==1 \{\&\\*(b1
-.		rm S0
-.		ds b1
-.	\}
-.	if \\n(oM==0 \{\
-.		x2
-.	\}
-.\}
-.el \{\
-.	ie \\n(oM==0 \{\&\\*(b1
-.		rm S0
-.		ds b1
-.	\}
-.	el \{\
-.		if ((\\n(sM==1)&(\\n(tP==0)) \{\
-.			x1
-.		\}
-.	\}
-.\}
-.hy
-..
-.de x1
-.nr dZ \\n(dZ+1
-.ds b2 \\*(b1
-.ds b1
-.nr lK \\n(.c
-.ev 2
-.fi
-.di eB
-..
-.de x2
-.br
-.di
-.ev
-.ie (\\n(.c-\\n(lK>1) \{\
-.	ds b0 \&\\*(eB\\
-.	ds b1 \\*(b2\\*(b0\\*(b1
-.\}
-.el .ds b1 \\*(b2\\*(b1
-\&\\*(b1
-.rm eB b2 b0 b1
-.nr dZ \\n(dZ-1
-..
-.de Fl
-.as b1 \&\\*(fL
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.		as b1 \&\|\-\|\fP\s0
-.		pB
-.	\}
-.	el \{\
-.		ds mN Fl
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>0 \{\
-.	ie (\\n(aC-\\n(aP)==0 \{\
-.		as b1 \&\|\-\fP\s0
-.		aZ
-.	\}
-.	el \{\
-.		nr aP \\n(aP+1
-.		ie \\n(C\\n(aP==1 \{\
-.			as b1 \&\|\-\fP\s0
-.			\\*(A\\n(aP
-.		\}
-.		el \{\
-.			nr cF \\n(.f
-.			nr cZ \\n(.s
-.			if \\n(C\\n(aP==3 \{\
-.				as b1 \&\|\-\|
-.			\}
-.			fR
-.		\}
-.	\}
-.\}
-..
-.de fR
-.hy 0
-.nr jM \\n(C\\n(aP
-.ie \\n(jM==1 \{\
-.	as b1 \&\fP\s0
-.	\\*(A\\n(aP
-.\}
-.el \{\
-.	nr jN \\n(aP
-.	ie \\n(jM==2 \{\
-.		ie !"\\*(A\\n(aP"\\*(Ba" \{\
-.			ie !"\\*(A\\n(aP"\fR|\fP" \{\
-.		               ie "\\*(A\\n(aP"-" .as b1 \&\|\-\^\-\|
-.		               el .as b1 \&\|\-\\*(A\\n(aP
-.			\}
-.			el .as b1 \&\\*(A\\n(aP
-.		\}
-.		el .as b1 \&\\*(A\\n(aP
-.	\}
-.	el .as b1 \&\f\\n(cF\s\\n(cZ\\*(A\\n(aP\fP\s0
-.	ie \\n(aC==\\n(aP \{\
-.		if \\n(jM==4 .as b1 \&\|\-
-.		as b1 \&\fP\s0
-.		aZ
-.	\}
-.	el \{\
-.		nr aP \\n(aP+1
-.		ie ((\\n(C\\n(aP==3)&(\\n(C\\n(jN==4)) .as b1 \&\|\-
-.		el .as b1 \&\\*(S\\n(jN
-.		fR \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.rr jM jN
-..
-.de nR
-.hy 0
-.nr jM \\n(C\\n(aP
-.ie \\n(jM==1 \{\
-.	as b1 \&\f\\n(cF\s\\n(cZ
-.	\\*(A\\n(aP
-.\}
-.el \{\
-.	nr jN \\n(aP
-.	ie \\n(jM==2 .as b1 \&\\*(A\\n(aP
-.	el .as b1 \&\f\\n(cF\s\\n(cZ\\*(A\\n(aP\fP\s0
-.	ie \\n(aC==\\n(aP \{\
-.		as b1 \&\f\\n(cF\s\\n(cZ
-.		aZ
-.	\}
-.	el \{\
-.		nr aP \\n(aP+1
-.		as b1 \&\\*(S\\n(jN
-.		nR
-.	\}
-.\}
-.rr jM jN
-..
-.de Ar
-.as b1 \\*(aR
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 \{\
-.		as b1 file\ ...\fP\s0
-.		pB
-.	\}
-.	el \{\
-.		ds mN Ar
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>0 \{\
-.	ie (\\n(aC-\\n(aP)==0 \{\
-.		as b1 \&file\ ...\fP\s0
-.		aZ
-.	\}
-.	el \{\
-.		nr aP \\n(aP+1
-.		ie \\n(C\\n(aP==1 \{\
-.			as b1 \&file\ ...\fP\s0
-.			\\*(A\\n(aP
-.               \}
-.               el \{\
-.                       nr cF \\n(.f
-.			nr cZ \\n(.s
-.			if \\n(C\\n(aP==3 \{\
-.				as b1 \&file\ ...
-.			\}
-.                       nR
-.		\}
-.       \}
-.\}
-..
-.de Ad
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Ad address ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Ad
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(aD
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Cd
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Cd Configuration file declaration (#\\n(.c)
-. 	el \{\
-.		ds mN Cd
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-. 		nr fV \\n(.$
-. 		fV
-.	\}
-.\}
-.br
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(nM
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.	ie \\n(nS \{\
-.		if "\\*(mN"Cd" \{\
-.			rs
-.			ie \\n(nS>1 .br
-.			el \{\
-.				if \\n(iS==0 .nr iS \\n(Dsu
-.			\}
-.			in +\\n(iSu
-.			ti -\\n(iSu
-.			nr nS \\n(nS+1
-.		\}
-.	nR
-.	in -\\n(iSu
-.	\}
-.	el .nR
-.\}
-..
-.de Cm
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Cm Interactive command modifier ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Cm
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(cM
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Dv
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Dv define_variable ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Dv
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(eR
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Em
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 \{\
-.		tm Usage: .Em text ... \\*(Pu (#\\n(.c)
-.	\}
-.	el \{\
-.		ds mN Em
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(eM
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Er
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Er ERRNOTYPE ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Er
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(eR
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Ev
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Ev ENVIRONMENT_VARIABLE ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Ev
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(eV
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Fd
-.ds mN Fd
-.if \\n(nS>0 \{\
-.	if \\n(fX>0 \{\
-.		Pp
-.		nr fX 0
-.	\}
-.	if \\n(fZ>0 \{\
-.		ie \\n(fD==0 \{\
-.			Pp
-.			rs
-.		\}
-.		el .br
-.	\}
-.	nr fD \\n(fD+1
-.\}
-.nr cF \\n(.f
-.nr cZ \\n(.s
-\&\\*(fD\\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.br
-.ft \\n(cF
-.fs \\n(cZ
-..
-.de Fr
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Fr Function_return_value... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Fr
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(aR
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Ic
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Ic Interactive command ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Ic
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(iC
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Li
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage .Li argument ... \\*(Pu (#\\n(.c)
-.       el \{\
-.		ds mN Li
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.               nr fV \\n(.$
-.               fV
-.       \}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(lI
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Or
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Or ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Or
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(iC
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Ms
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Ms Math symbol ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Ms
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(sY
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Nm
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.		ie "\\*(n1"" .tm Usage: .Nm Name(s) ... \\*(Pu (#\\n(.c)
-.		el \&\\*(nM\\*(n1\fP\s0
-.	\}
-.	el \{\
-.		ds mN Nm
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.               nr fV \\n(.$
-.               fV
-.       \}
-.\}
-.if \\n(aC>0 \{\
-.	ie \\n(aC==\\n(aP \{\
-.		as b1 \&\\*(nM\\*(n1\fP\s0
-.		aZ
-.	\}
-.	el \{\
-.		as b1 \\*(nM
-.		nr aP \\n(aP+1
-.		ie \\n(C\\n(aP==1 \{\
-.			as b1 \&\\*(n1\fP\s0
-.			\\*(A\\n(aP
-.		\}
-.		el \{\
-.			nr cF \\n(.f
-.			nr cZ \\n(.s
-.			if \\n(nS \{\
-.				if "\\*(mN"Nm" \{\
-.					rs
-.					in -\\n(iSu
-.					ie \\n(nS>1 .br
-.					el \{\
-.						if \\n(iS==0 \{\
-.							sw \\$1
-.					nr iS ((\\n(sWu+1)*\\n(fW)u
-.						\}
-.					\}
-.					in +\\n(iSu
-.					ti -\\n(iSu
-.					nr nS \\n(nS+1
-.				\}
-.			\}
-.			if "\\*(n1"" .ds n1 \\*(A\\n(aP
-.			nR
-.		\}
-.	\}
-.\}
-..
-.de Pa
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 \&\\*(pA~\fP\s0
-.	el \{\
-.		ds mN Pa
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(pA
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Sy
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Sy symbolic_text ... \\*(Pu (#\\n(.c)
-. 	el \{\
-.		ds mN Sy
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-. 		nr fV \\n(.$
-. 		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(sY
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Tn
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Tn Trade_name(s) ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Tn
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(tN\\*(tF
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de nN
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Tn Trade_name(s) ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Tn
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(tN
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de Va
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Va variable_name(s) ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Va
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	as b1 \\*(vA
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de No
-.as b1 \\*(nO
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm Usage: .No must be called with arguments (#\\n(.c)
-.	el \{\
-.		ds mN No
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       ie \\n(C\\n(aP==1 \{\
-.		\\*(A\\n(aP
-.       \}
-.       el \{\
-.		nr cF \\n(.f
-.		nr cZ \\n(.s
-.		nR
-.       \}
-.\}
-..
-.de Op
-.if \\n(aC==0 \{\
-.	ds mN Op
-.\}
-.ds qL \&\\*(lB
-.ds qR \&\\*(rB
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
-..
-.de Aq
-.if \\n(aC==0 .ds mN Aq
-.ds qL \&<
-.ds qR \&>
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Bq
-.if \\n(aC==0 .ds mN Bq
-.ds qL \&\\*(lB
-.ds qR \&\\*(rB
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Dq
-.if \\n(aC==0 .ds mN Dq
-.ds qL \&\\*(Lq
-.ds qR \&\\*(Rq
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Eq
-.if \\n(aC==0 .ds mN Eq
-.ds qL \\$1
-.ds qR \\$2
-.En \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Pq
-.if \\n(aC==0 .ds mN Pq
-.ds qL \&\\*(lP
-.ds qR \&\\*(rP
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Qq
-.if \\n(aC==0 .ds mN Qq
-.ds qL \&\\*q
-.ds qR \&\\*q
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Sq
-.if \\n(aC==0 .ds mN Sq
-.ds qL \&\\*(sL
-.ds qR \&\\*(sR
-.En \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Es
-.if \\n(aC==0 \{\
-.	ie \\n(.$>2 .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	el \{\
-.		ds qL \\$1
-.		ds qR \\$2
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	ds qL \\*(A\\n(aP
-.	nr aP \\n(aP+1
-.	ds qR \\*(A\\n(aP
-.	ie \\n(aC>\\n(aP .c\\n(C\\n(aP
-.	el .aZ
-.\}
-..
-.de En
-.ie \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.		as b1 \&\\*(qL\\*(qR
-.		pB
-.	\}
-.	el \{\
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.		as b1 \&\\*(qL
-.	\}
-.\}
-.el \{\
-.	as b1 \&\\*(qL
-.\}
-.if \\n(aC>0 \{\
-.	ie (\\n(aC-\\n(aP)==0 \{\
-.		as b1 \&\\*(qR
-.		aZ
-.	\}
-.	el \{\
-.		ie \\n(C\\n(aC==3 \{\
-.			nr aJ \\n(aC-1
-.			vR
-.			nr aJ \\n(aJ+1
-.			ds A\\n(aJ \&\\*(qR\\*(A\\n(aJ
-.			nr aJ 0
-.		\}
-.		el .aI \&\\*(qR 3
-.		nr aP \\n(aP+1
-.		if \\n(C\\n(aP==1 .\\*(A\\n(aP
-.		if \\n(C\\n(aP>1 \{\
-.			nr aP \\n(aP-1
-.			No
-.		\}
-.	\}
-.\}
-..
-.de vR
-.if \\n(C\\n(aJ==3 \{\
-.	nr aJ \\n(aJ-1
-.	vR
-.\}
-..
-.de Ao
-.if \\n(aC==0 .ds mN Ao
-.ds qL \&<
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Ac
-.if \\n(aC==0 .ds mN Ac
-.ds qR \&>
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Bo
-.if \\n(aC==0 .ds mN Bo
-.ds qL \&[
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Bc
-.if \\n(aC==0 .ds mN Bc
-.ds qR \&]
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Do
-.if \\n(aC==0 .ds mN Do
-.ds qL \&\\*(Lq
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Dc
-.if \\n(aC==0 .ds mN Dc
-.ds qR \&\\*(Rq
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Eo
-.if \\n(aC==0 .ds mN Eo
-.ds qL \\$1
-.eO \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Ec
-.if \\n(aC==0 .ds mN Ec
-.ds qR \\$1
-.eC \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Oo
-.if \\n(aC==0 .ds mN Oo
-.ds qL \&[
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Oc
-.if \\n(aC==0 .ds mN Oc
-.ds qR \&]
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Po
-.if \\n(aC==0 .ds mN Po
-.ds qL \&(
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Pc
-.if \\n(aC==0 .ds mN Pc
-.ds qR \&)
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Qo
-.if \\n(aC==0 .ds mN Qo
-.ds qL \&\\*q
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Qc
-.if \\n(aC==0 .ds mN Qc
-.ds qR \&\\*q
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de So
-.if \\n(aC==0 .ds mN So
-.ds qL \&\\*(sL
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Sc
-.if \\n(aC==0 .ds mN Sc
-.ds qR \&\\*(sR
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Xo
-.if \\n(aC==0 .ds mN Xo
-.ds qL
-.eO \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Xc
-.if \\n(aC==0 .ds mN Xc
-.ds qR
-.eC \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de eO
-.nr oM \\n(oM+1
-.ie \\n(aC==0 \{\
-.       ie \\n(.$>0 \{\
-.               aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.		as b1 \\*(qL
-.       \}
-.	el \{\
-.		as b1 \\*(qL
-.		if (\\n(dZ==0)&(\\n(sM==1) \{\
-.			nr dZ \\n(dZ+1
-.			ds b2 \\*(b1
-.			ds b1
-.			nr lK \\n(.c
-.			ev 2
-.			fi
-.			di eB
-.		\}
-.	\}
-.\}
-.el \{\
-.	as b1 \\*(qL
-.\}
-.ie \\n(aC>0 \{\
-.	if \\n(aC>\\n(aP \{\
-.		nr aP \\n(aP+1
-.		ie \\n(C\\n(aP==1 .\\*(A\\n(aP
-.		el  \{\
-.			nr aP \\n(aP-1
-.			No
-.		\}
-.	\}
-.	if \\n(aC==\\n(aP \{\
-.		if \\n(tP==1 \{\
-.			nr Xt 1
-.		\}
-.		aY
-.	\}
-.\}
-.el \{\
-.	if \\n(oM>1 .as b1 \\*(sV
-.\}
-..
-.de eC
-.nr oM \\n(oM-1
-.as b1 \\*(qR
-.if \\n(aC==0 \{\
-.       ie \\n(.$>0 \{\
-.               aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.       \}
-.	el \{\
-.		ie "\\*(xB"" \{\
-.			pB
-.		\}
-.		el \{\
-.			pB
-.\\*(L\\n(lC
-.			nr Xt 0
-.			ds xB
-.		\}
-.	\}
-.\}
-.if \\n(aC>0 \{\
-.	ie \\n(aC==\\n(aP \{\
-.		ie \\n(oM==0 \{\
-.			aZ
-.		\}
-.		el .aY
-.	\}
-.	el \{\
-.		nr aa \\n(aP+1
-.		if \\n(C\\n(aa==2 .as b1 \\*(S\\n(aC
-.		rr aa
-.		if \\n(tP>0 \{\
-.			if \\n(Xt>0 .nr Xt \\n(Xt-1
-.		\}
-.		No
-.	\}
-.\}
-..
-.de Pf
-.if \\n(aC==0 .ds mN Pf
-.ds qL \&\\$1
-.pF \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de pF
-.ie \\n(aC==0 \{\
-.	as b1 \&\\*(qL
-.	ie \\n(.$<2 \{\
-.		tm Warning: Missing arguments - prefix .Pf)
-.		pB
-.	\}
-.	el .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.\}
-.el \{\
-.	ie (\\n(aC-\\n(aP)>1 \{\
-.		nr aP \\n(aP+1
-.		as b1 \&\\*(A\\n(aP
-.	\}
-.	el .tm Warning: .Pf: trailing prefix (#\\n(.c)
-.\}
-.if \\n(aC>0 \{\
-.	ie (\\n(aC-\\n(aP)==0 .aZ
-.	el \{\
-.		nr aP \\n(aP+1
-.		c\\n(C\\n(aP
-.	\}
-.\}
-..
-.de Ns
-.if \\n(aC==0 \{\
-.	ds mN Ns
-.	ie \\n(.$>0 .aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	el .tm Usage: .Ns must be called with arguments (#\\n(.c)
-.\}
-.No
-..
-.de Ap
-.if \\n(aC==0 \{\
-.	ds mN Ap
-.	tm Usage: Ap "cannot be first request on a line (no .Ap)" (#\\n(.c)
-.\}
-.as b1 \&'
-.No
-..
-.de Hv
-.ds iV \\*(sV
-.ds sV \\*(hV
-..
-.de Sv
-.ds sV \\*(iV
-..
-.de Tv
-.ds sV \\*(tV
-..
-.nr sM 1
-.de Sm
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm "Usage: .Sm [off | on]" (#\\n(.c)
-.	el \{\
-.		ds mN Sm
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>0 \{\
-.	nr aP \\n(aP+1
-.	if "\\*(A\\n(aP"on" \{\
-.		ds sV \\*(iV
-.		nr sM 1
-.	\}
-.	if "\\*(A\\n(aP"off" \{\
-.		ds sV
-.		rm S0 S1 S2 S3 S4 S5 S6 S7 S8 S9
-.		nr sM 0
-.	\}
-.	ie \\n(aC>\\n(aP \{\
-.		No
-.	\}
-.	el .aY
-.\}
-..
-.if \n(.g \{\
-.de aT
-.nr aT 0
-.ie \\n(sW>2:(\A'\\$1'==0) \{\
-.	nr aT 2
-.\}
-.el \{\
-.	if \\n(sW==1 \{\
-.		ie \\n(z\\$1>2 \{\
-.			nr aT \\n(z\\$1
-.		\}
-.		el .nr aT 2
-.	\}
-.	if \\n(sW==2 \{\
-.		ie \\n(\\$1 \{\
-.			nr aT 1
-.		\}
-.		el .nr aT 2
-.	\}
-.\}
-..
-.de aU
-.nr aT 0
-.aW \\$1
-.ie \\n(sW>2:(\A'\\*(A\\$1'==0) .nr aT 2
-.el \{\
-.	if \\n(sW==1 \{\
-.		ie \\n(z\\*(A\\$1>2 \{\
-.			nr aT \\n(z\\*(A\\$1
-.		\}
-.		el .nr aT 2
-.	\}
-.	if \\n(sW==2 \{\
-.		ie (\\n(\\*(A\\$1) \{\
-.			nr aT 1
-.		\}
-.		el .nr aT 2
-.	\}
-.\}
-..
-.\}
-.if !\n(.g \{\
-.de aT
-.nr aT 0
-.ie \\n(sW>2 \{\
-.	nr aT 2
-.\}
-.el \{\
-.	if \\n(sW==1 \{\
-.		ie \\n(z\\$1>2 \{\
-.			nr aT \\n(z\\$1
-.		\}
-.		el .nr aT 2
-.	\}
-.	if \\n(sW==2 \{\
-.		ie \\n(\\$1 \{\
-.			nr aT 1
-.		\}
-.		el .nr aT 2
-.	\}
-.\}
-..
-.de aU
-.nr aT 0
-.aW \\$1
-.ie \\n(sW>2 .nr aT 2
-.el \{\
-.	if \\n(sW==1 \{\
-.		ie \\n(z\\*(A\\$1>2 \{\
-.			nr aT \\n(z\\*(A\\$1
-.		\}
-.		el .nr aT 2
-.	\}
-.	if \\n(sW==2 \{\
-.		ie (\\n(\\*(A\\$1) \{\
-.			nr aT 1
-.		\}
-.		el .nr aT 2
-.	\}
-.\}
-..
-.\}
-.de s0
-.tm MDOC-ERROR: bogus type 0 (can't set space '\\*(A\\n(aC') (#\\n(.c)
-..
-.de s1
-.if \\n(\\*(A\\n(aC==3 \{\
-.	nr xX \\n(aC-1
-.	rm S\\n(xX
-.	ds S\\n(aC \\*(sV
-.\}
-.if \\n(\\*(A\\n(aC==2 \{\
-.	nr xX \\n(aC-1
-.	ie "\\*(A\\n(aC"Nb" .ds S\\n(xX \\*(hV
-.	el .rm S\\n(xX
-.\}
-..
-.de s2
-.ds S\\n(aC \\*(sV
-..
-.de s3
-.if \\n(aC>1 \{\
-.	nr xX \\n(aC-1
-.	rm S\\n(xX
-.\}
-.ds S\\n(aC \\*(sV
-..
-.de s4
-.nr aa 0
-..
-.de c0
-.tm MDOC-ERROR: bogus class 0 (can't determine '\\*(A\\n(aC') (#\\n(.c)
-..
-.de c1
-.\\*(A\\n(aP
-..
-.de c2
-.nr aP \\n(aP-1
-.No
-..
-.de c3
-.nr aP \\n(aP-1
-.No
-..
-.de c4
-.nr aP \\n(aP-1
-.No
-..
-.de y1
-.nr aa 1
-..
-.de y2
-.nr aa 1
-..
-.de y3
-.as b1 \\*(A\\n(aP
-.nr aP \\n(aP+1
-.n\\C\\n(aP
-..
-.de y4
-.as b1 \\*(A\\n(aP
-.nr aP \\n(aP+1
-.n\\C\\n(aP
-..
-.de Bf
-.ds mN Bf
-.ie \\n(.$>0 \{\
-.	nr bF \\n(.f
-.	nr bZ \\n(.s
-.	if "\\$1"Em" \&\\*(eM\c
-.	if "\\$1"Li" \&\\*(lI\c
-.	if "\\$1"Sy" \&\\*(sY\c
-.	if "\\$1"-emphasis" \&\\*(eM\c
-.	if "\\$1"-literal" \&\\*(lI\c
-.	if "\\$1"-symbolic" \&\\*(sY\c
-.\}
-.el .tm Usage .Bf [Em | emphasis | Li | literal | Sy | symbolic] (#\\n(.c)
-..
-.de Ef
-.ds mN Ef
-.ie \\n(.$>0 .tm Usage .Ef (does not take arguments) (#\\n(.c)
-.el \&\f\\n(bF\s\\n(bZ
-..
-.de Bk
-.ds mN Bk
-.ie \\n(.$==0 \{\
-.tm Usage: .Bk [-lines | -words] (#\\n(.c)
-.\}
-.el \{\
-.	if !"\\*(kS"" .tm .Bk: nesting keeps not implemented yet. (#\\n(.c)
-.	if "\\$1"-lines" .tm .Bd -lines: Not implemented yet. (#\\n(.c)
-.	if "\\$1"-words" .Hv
-.	ds kS \\$1
-.\}
-..
-.de Ek
-.ds mN Ek
-.ie \\n(.$>0 .tm Usage .Ek (does not take arguments) (#\\n(.c)
-.el \{\
-.	if "\\*(kS"-lines" .tm .Bd -lines: Not implemented yet. (#\\n(.c)
-.	if "\\*(kS"-words" .Sv
-.	rm kS
-.\}
-..
-.de Bd
-.ds mN Bd
-.ie \\n(.$==0 \{\
-.tm Usage: .Bd [-literal | -filled | -ragged | -unfilled] [-offset [string]] [-compact] (#\\n(.c)
-.\}
-.el \{\
-.	ds aa
-.	nr bV 0
-.       nr iD 0
-.	nr dP \\n(dP+1
-.       if "\\$1"-literal" \{\
-.		nr iD \\n(iD+1
-.               ds d\\n(dP dL
-.		nr cF \\n(.f
-.		nr cZ \\n(.s
-.		ie t \{\&\\*(lI
-'			ta 9n 18n 27n 36n 45n 54n 63n 72n
-.		\}
-.		el \{\
-'			ta 8n 16n 24n 32n 40n 48n 56n 64n 72n
-.		\}
-.		nf
-.       \}
-.       if "\\$1"-filled" \{\
-.		nr iD \\n(iD+1
-.               ds d\\n(dP dF
-.		br
-.       \}
-.       if "\\$1"-ragged" \{\
-.		nr iD \\n(iD+1
-.               ds d\\n(dP dR
-.		na
-.       \}
-.       if "\\$1"-unfilled" \{\
-.		nr iD \\n(iD+1
-.               ds d\\n(dP dU
-.		nf
-.       \}
-.       if ((\\n(iD>=1)&(\\n(.$>\\n(iD)) \{\
-.		bV \\$2 \\$3 \\$4
-.	\}
-.	if \\n(O\\n(dP>0 'in \\n(.iu+\\n(O\\n(dPu
-.	if (\\n(bV==0) \{\
-.		if (\\n(nS==0) \{\
-.			ie "\\*(d\\n(dP"dR" .sp \\n(dVu
-.			el 'sp \\n(dVu
-.		\}
-.	\}
-.	if \\n(cR==0 .ne 2v
-.	nr bV 0
-.	nr iD 0
-.\}
-..
-.de bV
-.nr iD 1
-.ds bY
-.if "\\$1"-offset" \{\
-.	ds bY \\$2
-.	if "\\*(bY"left" \{\
-.		nr iD \\n(iD+1
-.		nr O\\n(dP 0
-.	\}
-.	if "\\*(bY"right" \{\
-.		nr iD \\n(iD+1
-.		nr O\\n(dP (\\n(.l/3)u
-.	\}
-.	if "\\*(bY"center" \{\
-.		nr iD \\n(iD+1
-.		nr O\\n(dP (\\n(.l-\\n(.i)/4u
-.	\}
-.	if "\\*(bY"indent" \{\
-.		nr iD \\n(iD+1
-.		nr O\\n(dP \\n(dIu
-.	\}
-.	if "\\*(bY"indent-two" \{\
-.		nr iD \\n(iD+1
-.		nr O\\n(dP \\n(dIu+\\n(dIu
-.	\}
-.	if \\n(iD==1 \{\
-.		nr iD \\n(iD+1
-.		sW "\\*(bY"
-.		ie \\n(sW>2 \{\
-.			ie ((\\*(bY>9n)&(\\*(bY<100n)) \{\
-.				nr O\\n(dP \\*(bY
-.			\}
-.			el .nr O\\n(dP (\\n(sW)*\\n(fWu
-.		\}
-.		el \{\
-.			if \\n(sW==2 .aT \\*(bY
-.			ie \\n(aT==1 \{\
-.				nr O\\n(dP \\n(\\*(bY
-.			\}
-.			el .nr O\\n(dP \\*(bY
-.		\}
-.	\}
-.\}
-.if "\\$1"-compact" \{\
-.	nr bV 1
-.\}
-.if \\n(iD<\\n(.$ \{\
-.	ie "\\*(bY"" \{\
-.		bV \\$2 \\$3
-.	\}
-.	el \{\
-.		bV \\$3
-.	\}
-.\}
-..
-.de Ed
-.ds mN Ed
-.br
-.if \\n(dP==0 .tm mdoc: Extraneous .Ed
-.if "\\*(d\\n(dP"dL" \{\
-.	ft \\n(cF
-.	fz \\n(cZ
-.\}
-.in \\n(.iu-\\n(O\\n(dPu
-.rr O\\n(dP
-.rm d\\n(dP
-.nr dP \\n(dP-1
-.fi
-.if t .ad
-..
-.de Bl
-.ie \\n(.$==0 \{\
-.tm Usage: .Bl [[-hang | -tag] [-width]] [ -item | -enum | -bullet | -diag] (#\\n(.c)
-.\}
-.el \{\
-.	ds mN Bl
-.	nr aP 0
-.	nr lC \\n(lC+1
-.	ds A1 \\$2
-.	ds A2 \\$3
-.	ds A3 \\$4
-.	ds A4 \\$5
-.	ds A5 \\$6
-.	ds A6 \\$7
-.	ds A7 \\$8
-.	ds A8 \\$9
-.	nr fV \\n(.$-1
-.	if "\\$1"-hang" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC hL
-.		nr w\\n(lC 6n
-.		nr tC  1
-.	\}
-.	if "\\$1"-tag" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC tL
-.		nr tC  1
-.	\}
-.	if "\\$1"-item" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC iT
-.		nr tC  1
-.	\}
-.	if "\\$1"-enum" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC nU
-.		nr w\\n(lC 3n
-.		nr tC  1
-.	\}
-.	if "\\$1"-bullet" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC bU
-.		nr w\\n(lC 2n
-.		nr tC  1
-.	\}
-.	if "\\$1"-dash" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC hU
-.		nr w\\n(lC 2n
-.		nr tC  1
-.	\}
-.	if "\\$1"-hyphen" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC hU
-.		nr w\\n(lC 2n
-.		nr tC  1
-.	\}
-.	if "\\$1"-inset" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC lL
-.		nr tC  1
-.	\}
-.	if "\\$1"-diag" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC mL
-.		nr mL 1
-.	\}
-.	if "\\$1"-ohang" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC oL
-.		nr tC 1
-.	\}
-.	if "\\$1"-column" \{\
-.		nr aP \\n(aP+1
-.		ds L\\n(lC cL
-.	\}
-.	ie \\n(aP==0 \{\
-.	tm \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	tm Usage: .Bl [[-inset|-tag] -width] [-item|-enum|-bullet|-diag] (#\\n(.c)
-.	\}
-.	el \{\
-.		tY
-.		if (\\n(aP==1)&(\\n(aP<\\n(.$) \{\
-.			nr aP 0
-.			lV
-.			if "\\*(L\\n(lC"cL" \{\
-.				W\\n(wV
-.				nr w\\n(lC 0
-'				in -\\n(eWu
-.				ie \\n(v\\n(lC==1 \{\
-.				       nr aa 0
-.				\}
-.				el \{\
-.					sp \\n(dVu
-.				\}
-.				nf
-.				nr wV 0
-.			\}
-.		\}
-.	\}
-.	nr aP 0
-.	aY
-.\}
-..
-.if \n(.g \{\
-.	nr i 10
-.	while \ni<100 \{\
-.	     nr num!\nin 1
-.	     nr i +1
-.	\}
-.\}
-.de lV
-.nr aP \\n(aP+1
-.if \\n(fV>=\\n(aP \{\
-.	nr iD 0
-.	if "\\*(A\\n(aP"-compact" \{\
-.		nr iD 1
-.		nr v\\n(lC 1
-.	\}
-.	if "\\*(A\\n(aP"-width" \{\
-.		nr iD 1
-.		nr aP \\n(aP+1
-.		nr tW 1
-.		ds t\\n(lC TagwidtH
-.		ds tS \\*(A\\n(aP
-.		aW \\n(aP
-.		ie \\n(sW>2 \{\
-.			nr w\\n(lC (\\n(sW)*\\n(fWu
-.			if \\n(sW==3 \{\
-.				ie \\n(.g \{\
-.					if \A'\\*(tS' .if r num!\\*(tS \{\
-.						nr w\\n(lC \\*(tS
-.					\}
-.				\}
-.				el \{\
-.					if (\\*(tS>9n)&(\\*(tS<99n) \{\
-.						nr w\\n(lC \\*(tSu
-.					\}
-.				\}
-.			\}
-.		\}
-.		el \{\
-.			aT \\*(tS
-.			ie \\n(aT==1 \{\
-.				nr w\\n(lC \\n(\\*(tS
-.			\}
-.			el \{\
-.				nr w\\n(lC \\*(tSu
-.			\}
-.		\}
-.	\}
-.	if "\\*(A\\n(aP"-offset" \{\
-.		nr iD 1
-.		nr aP \\n(aP+1
-.		ie "\\*(A\\n(aP"indent" \{\
-.			nr o\\n(lC \\n(Dsu
-.		\}
-.		el \{\
-.			ds tS \\*(A\\n(aP
-.			aW \\n(aP
-.			ie \\n(sW>2 \{\
-.				nr o\\n(lC (\\n(sW)*\\n(fWu
-.				ie \\n(.g \{\
-.					if \A'\\*(tS' .if r num!\\*(tS \{\
-.						nr o\\n(lC \\*(tS
-.					\}
-.				\}
-.				el \{\
-.					if (\\*(tS>9n)&(\\*(tS<100n) \{\
-.						nr o\\n(lC \\*(tS
-.					\}
-.				\}
-.			\}
-.			el \{\
-.				ie \\n(C\\n(aP==1 .nr o\\n(lC \\n(\\*(tS
-.				el .nr o\\n(lC \\*(tS
-.			\}
-.		\}
-.	\}
-.	if \\n(iD==0 \{\
-.		if "\\*(L\\n(lC"cL" \{\
-.			nr wV \\n(wV+1
-.			ds A\\n(wV \\*(A\\n(aP
-.		\}
-.	\}
-.	if \\n(fV>\\n(aP .lV
-.\}
-..
-.de El
-.ie \\n(.$>0 \{\
-.	tm Usage: .El (#\\n(.c)
-.\}
-.el \{\
-.	ds mN El
-.	nr iD 0
-.	if "\\*(L\\n(lC"cL" \{\
-.		nr iD 1
-.		cC
-.	\}
-.	if "\\*(L\\n(lC"nU" \{\
-.		nr nU 0
-.	\}
-.	if \\n(mL>0 \{\
-.		nr iD 1
-.		nr mL 0
-.		tZ
-.		nr lC \\n(lC-1
-.		tY
-.	\}
-.	if "\\*(L\\n(lC"iT" \{\
-'		in \\n(.iu-\\n(o\\n(lCu
-.		tZ
-.		nr lC \\n(lC-1
-.		tY
-.		nr iD 1
-.	\}
-.	if "\\*(L\\n(lC"oL" \{\
-'		in \\n(.iu-\\n(o\\n(lCu
-.		tZ
-.		nr lC \\n(lC-1
-.		tY
-.		nr iD 1
-.	\}
-.	if "\\*(L\\n(lC"lL" \{\
-'		in \\n(.iu-\\n(o\\n(lCu
-.		tZ
-.		nr lC \\n(lC-1
-.		tY
-.		nr iD 1
-.	\}
-.	if \\n(iD==0 \{\
-.		lE
-.	\}
-.	br
-.	nr iD 0
-.\}
-..
-.de It
-.if "\\*(L\\n(lC"" \{\
-.	tm Usage .Bl -list-type [-width [string] | -compact | -offset [string]] (#\\n(.c)
-.	tm .It \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8
-.\}
-.ne 3v
-.ie \\n(.$>0 \{\
-.	ds mN It
-.	ds b1
-.	nr iD 0
-.	ds A1 \\$1
-.	ds A2 \\$2
-.	ds A3 \\$3
-.	ds A4 \\$4
-.	ds A5 \\$5
-.	ds A6 \\$6
-.	ds A7 \\$7
-.	ds A8 \\$8
-.	ds A9 \\$9
-.	nr fV \\n(.$
-.	if "\\*(L\\n(lC"mL" \{\
-.		nr iD 1
-.		nr aP 0
-.		aX
-.		\\*(L\\n(lC
-.	\}
-.	if "\\*(L\\n(lC"cL" \{\
-.		ds b1
-.		nr aP 0
-.		nr iD 1
-.		\\*(L\\n(lC
-.	\}
-.	if "\\*(L\\n(lC"iT" \{\
-.		nr aP 0
-.		nr iD 1
-.		\\*(L\\n(lC
-.	\}
-.	if \\n(iD==0 \{\
-.		fV
-.		nr oM \\n(oM+1
-.		nr tP 1
-.		nr aP \\n(aP+1
-.		nr tX \\n(C\\n(aP
-.		ds tX \\*(A\\n(aP
-.		if \\n(nF==1 \{\
-.			ds aA \\*(pA
-.			if n .ds pA \\*(nO
-.		\}
-.		ie \\n(C\\n(aP==1 \{\
-.			\\*(A\\n(aP
-.		\}
-.		el \{\
-.			nr aP \\n(aP-1
-.			No
-.		\}
-.		ie \\n(Xt==1 .ds xB \&\\*(L\\n(lC
-.		el .\\*(L\\n(lC
-.	\}
-.	nr iD 0
-.\}
-.el .\\*(L\\n(lC
-..
-.de lL
-.lY
-.br
-\&\\*(b1
-.nr oM \\n(oM-1
-.nr tP 0
-.ds b1
-.aY
-'fi
-..
-.de hL
-.lX
-.nr bb \\n(w\\n(lCu+\\n(lSu
-.ti -\\n(bbu
-.ie \w\\*(b1u>=(\\n(w\\n(lCu) \&\\*(b1
-.el \&\\*(b1\h'|\\n(bbu'\c
-.nr oM \\n(oM-1
-.ds b1
-.nr tP 0
-.aY
-'fi
-..
-.de oL
-.lY
-\&\\*(b1
-.br
-.nr oM \\n(oM-1
-.ds b1
-.nr tP 0
-.aY
-'fi
-..
-.de iT
-.lY
-.br
-.aY
-'fi
-..
-.de nU
-.nr oM \\n(oM+1
-.nr nU \\n(nU+1
-.ds b1 \&\\n(nU.
-.uL
-..
-.de bU
-.nr oM \\n(oM+1
-.nr bU \\n(bU+1
-.ds b1 \&\\*(sY\&\(bu\fP
-.uL
-..
-.de hU
-.nr oM \\n(oM+1
-.nr bU \\n(bU+1
-.ds b1 \&\\*(sY\&\-\fP
-.uL
-..
-.de uL
-.lX
-.nr bb \\n(w\\n(lCu+\\n(lSu
-.ti -\\n(bbu
-.ie \w\\*(b1u>=(\\n(w\\n(lCu) \&\\*(b1
-.el \&\\*(b1\h'|\\n(bbu'\c
-.nr oM \\n(oM-1
-.ds b1
-.nr tP 0
-.aY
-'fi
-..
-.de mL
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ie \\n(mL==1 \{\
-.	nr zB \\n(.c
-.	ie (\\n(zB-\\n(zA)>1 .Pp
-.	el .br
-.	nr zA \\n(zB
-.	nr zB 0
-.\}
-.el \{\
-.	nr zA \\n(.c
-.	br
-.\}
-\&\\*(sY\\*(b1\f\\n(cF\s\\n(cZ\\*(lS\c
-.aY
-.ds b1
-'fi
-..
-.de tL
-.if \\n(tW==0 .lW
-.lX
-.nr bb \\n(w\\n(lCu+\\n(lSu
-.ti -\\n(bbu
-.ie (\w\\*(b1u)>(\\n(w\\n(lCu) \{\&\\*(b1
-.       br
-.\}
-.el \&\\*(b1\h'|\\n(bbu'\c
-.if \\n(nF==1 \{\
-.	if n .ds pA \\*(aA
-.\}
-.nr oM \\n(oM-1
-.nr tP 0
-.ds b1
-.aY
-'fi
-..
-.de lW
-.if !"TagwidtH"\\*(t\\n(lC" \{\
-.       ie \\n(tX==1 \{\
-.               ds t\\n(lN \\*(tX
-.               nr w\\n(lN \\n(\\*(tX
-.       \}
-.       el \{\
-.               ds t\\n(lN No
-.               nr w\\n(lN \\n(No
-.       \}
-.       if !"\\*(t\\n(lC"\\*(t\\n(lN" .nr tC 1
-.\}
-..
-.de lX
-.ie \\n(tC \{\
-.       nr tC 0
-.       nr tW 0
-.       if \\n(v\\n(lC==0 .sp \\n(dVu
-.       in \\n(.iu+\\n(w\\n(lCu+\\n(o\\n(lCu+\\n(lSu
-.\}
-.el \{\
-.	ie \\n(v\\n(lC==1 \{\
-.	       nr aa 0
-.	\}
-.	el \{\
-.		sp \\n(dVu
-.	\}
-.\}
-.if !\\n(cR .ne 2v
-..
-.de lY
-.ie \\n(tC \{\
-.       nr tC 0
-.       nr tW 0
-.       if \\n(v\\n(lC==0 .sp \\n(dVu
-.       in \\n(.iu+\\n(o\\n(lCu
-.\}
-.el \{\
-.	ie \\n(v\\n(lC==1 \{\
-.	       nr aa 0
-.	\}
-.	el \{\
-.		sp \\n(dVu
-.	\}
-.\}
-.if !\\n(cR .ne 2v
-..
-.nr lC 0
-.nr wV 0
-.nr w1 0
-.nr o1 0
-.nr v1 0
-.nr h1 0
-.ds t\n(lC
-.de lE
-.ie \\n(o\\n(lC>0 \{\
-'	in \\n(.iu-(\\n(w\\n(lCu)-(\\n(o\\n(lCu)-\\n(lSu
-.	rr o\\n(lC
-.\}
-.el 'in \\n(.iu-\\n(w\\n(lCu-\\n(lSu
-.if \\n(lC<=0 .tm Extraneous .El call (#\\n(.c)
-.tZ
-.nr lC \\n(lC-1
-.tY
-..
-.de tY
-.nr tY (\\n(lC+1)
-.nr w\\n(tY 0
-.nr h\\n(tY 0
-.nr o\\n(tY 0
-.ds t\\n(tY \\*(t\\n(lC
-.ds L\\n(tY
-.nr v\\n(tY 0
-..
-.de tZ
-.rm L\\n(tY
-.rr w\\n(tY
-.rr h\\n(tY
-.rr o\\n(tY
-.rm t\\n(tY
-.rr v\\n(tY
-.nr tY \\n(tY-1
-..
-.nr w1 0
-.nr o1 0
-.nr h1 0
-.ds t1
-.nr v1 0
-.nr tY 1
-.de Xr
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm Usage: .Xr manpage_name [section#] \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Xr
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	ie \\n(C\\n(aP==1 .tm Usage: .Xr manpage_name [section#] \\*(Pu (#\\n(.c)
-.	el \{\
-.		ie \\n(C\\n(aP>2 .y\\n(C\\n(aP
-.		el \{\
-.			as b1 \&\\*(xR\\*(A\\n(aP\fP\s0
-.			if \\n(aC>\\n(aP \{\
-.				nr aP \\n(aP+1
-.				if \\n(C\\n(aP==2 \{\
-.					as b1 \&(\\*(A\\n(aP)
-.					nr aP \\n(aP+1
-.				\}
-.				if \\n(aC>=\\n(aP \{\
-.					c\\n(C\\n(aP
-.				\}
-.			\}
-.		\}
-.		aZ
-.       \}
-.\}
-..
-.de Sx
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm Sx Usage: .Sx Section Header \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Sx
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	as b1 \\*(sX
-.	nr cF \\n(.f
-.	nr cZ \\n(.s
-.	nR
-.\}
-..
-.de cC
-'in \\n(.iu-\\n(o\\n(lCu-\\n(w\\n(lCu
-.ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.fi
-.tZ
-.nr lC \\n(lC-1
-.tY
-..
-.de W1
-.ta \w\\*(A1    u
-.nr eW \w\\*(A1    u
-'in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de W2
-.ta \w\\*(A1    u +\w\\*(A2    u
-.nr eW \w\\*(A1    u+\w\\*(A2    u
-'in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de W3
-.ta \w\\*(A1    u +\w\\*(A2    u +\w\\*(A3    u
-.nr eW \w\\*(A1    u+\w\\*(A2    u+\w\\*(A3    u
-'in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de W4
-.ta \w\\*(A1    u +\w\\*(A2    u +\w\\*(A3    u +\w\\*(A4    u
-.nr eW \w\\*(A1    u+\w\\*(A2    u +\w\\*(A3    u +\w\\*(A4    u
-'in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de W5
-.ta \w\\*(A1   u +\w\\*(A2   u +\w\\*(A3   u +\w\\*(A4   u +\w\\*(A5   u
-.nr eW \w\\*(A1   u +\w\\*(A2   u +\w\\*(A3   u +\w\\*(A4   u +\w\\*(A5   u
-'	in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de W6
-.ta \w\\*(A1 u +\w\\*(A2 u +\w\\*(A3 u +\w\\*(A4 u +\w\\*(A5 u +\w\\*(A6
-.nr eW \w\\*(A1 u +\w\\*(A2 u +\w\\*(A3 u +\w\\*(A4 u +\w\\*(A5 u +\w\\*(A6
-'	in \\n(.iu+\\n(eWu+\\n(o\\n(lCu
-..
-.de cL
-.if \\n(w\\n(lC==0 .nr w\\n(lC \\n(eWu
-.if \\n(.u==0 \{\
-.	fi
-'	in \\n(.iu+\\n(eWu
-.\}
-.ti -\\n(eWu
-.fV
-.nr aP \\n(aP+1
-.ie \\n(aC>=\\n(aP  \{\
-.	if "\\*(A\\n(aP"Ta" \{\
-.		nr jJ \\n(aP-1
-.		rm S\\n(jJ
-.		rr jJ
-.	\}
-.	c\\n(C\\n(aP
-.\}
-.el .tm Usage: .It column_string [Ta [column_string ...] ] (#\\n(.c)
-..
-.de Ta
-.ie \\n(aC>0 \{\
-.	nr aP \\n(aP+1
-.	ie \\n(aC>=\\n(aP \{\
-.		if "\\*(A\\n(aP"Ta" \{\
-.			nr jJ \\n(aP-1
-.			rm S\\n(jJ
-.			rr jJ
-.		\}
-.		as b1 \\t
-.		c\\n(C\\n(aP
-.	\}
-.	el \{\
-.		as b1 \\t\\c
-.		rm S\\n(aP
-.		pB
-.		aY
-.	\}
-.\}
-.el \{\
-.	tm Usage: Ta must follow column entry: e.g. (#\\n(.c)
-.	tm .It column_string [Ta [column_string ...] ]
-.\}
-..
-.de Dl
-'ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.in \\n(.iu+\\n(Dsu
-.ie \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.		tm Usage: .Dl argument ... (#\\n(.c)
-.	\}
-.	el \{\
-.		ds mN Dl
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.		Li
-.	\}
-.\}
-.el \{\
-.	tm Usage: .Dl not callable by other macros (#\\n(.c)
-.\}
-.in \\n(.iu-\\n(Dsu
-..
-.de D1
-'ta .5i 1i 1.5i 2i 2.5i 3i 3.5i 4i 4.5i 5i 5.5i 6i 6.5i
-.in \\n(.iu+\\n(Dsu
-.ie \\n(aC==0 \{\
-.	ie \\n(.$==0 \{\
-.		tm Usage: .D1 argument ... (#\\n(.c)
-.	\}
-.	el \{\
-.		ds mN D1
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.		nr aP \\n(aP+1
-.		ie \\n(C\\n(aP==1 .\\*(A\\n(aP
-.		el .No
-.	\}
-.\}
-.el \{\
-.	tm Usage: .D1 not callable by other macros (#\\n(.c)
-.\}
-.in \\n(.iu-\\n(Dsu
-..
-.de Ex
-.tm Ex defunct, Use .D1: \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Ex
-.tm Ex defunct, Use .D1: \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-..
-.de Vt
-.if \\n(fD>0 \{\
-.	Pp
-.	nr fD 0
-.\}
-.if \\n(fZ>0 \{\
-.	ie \\n(fX==0 \{\
-.		Pp
-.		rs
-.	\}
-.	el .br
-.\}
-.nr fX \\n(fX+1
-.nr cF \\n(.f
-.nr cZ \\n(.s
-\\*(fT\&\\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.ie \\n(oT==0 .br
-.el \&\ \&
-.ft \\n(cF
-.fs \\n(cZ
-..
-.nr fZ 0
-.de Ft
-.if \\n(nS>0 \{\
-.	if \\n(fZ>0 \{\
-.		Pp
-.		nr fD 0
-.		nr fX 0
-.	\}
-.	if \\n(fD>0 \{\
-.		Pp
-.		nr fD 0
-.		nr fX 0
-.	\}
-.	if \\n(fX>0 \{\
-.		Pp
-.		nr fX 0
-.	\}
-.	nr fY 1
-.\}
-.nr cF \\n(.f
-.nr cZ \\n(.s
-\&\\*(fT\\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.ft \\n(cF
-.fs \\n(cZ
-..
-.nr oT 0
-.de Ot
-.nr oT 1
-.if \\n(nS>0 \{\
-.	if \\n(fZ>0 \{\
-.		Pp
-.		nr fD 0
-.		nr fX 0
-.	\}
-.	if \\n(fD>0 \{\
-.		Pp
-.		nr fD 0
-.		nr fX 0
-.	\}
-.	if \\n(fX>0 \{\
-.		Pp
-.		nr fX 0
-.	\}
-.	nr fY 1
-.\}
-.if \\n(.$==4 .as b1 \&\\*(fT\&\\$1 \\$2 \\$3 \\$4
-.if \\n(.$==3 .as b1 \&\\*(fT\&\\$1 \\$2 \\$3
-.if \\n(.$==2 .as b1 \&\\*(fT\&\\$1 \\$2
-.if \\n(.$==1 .as b1 \&\\*(fT\&\\$1
-.as b1 \&\ \fP
-..
-.de Fa
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .Fa Function Arguments ... \\*(Pu (#\\n(.c)
-.       el \{\
-.		ds mN Fa
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.ie \\n(fC>0 \{\
-.	fC
-.\}
-.el \{\
-.	if \\n(aC>\\n(aP \{\
-.		as b1 \\*(fA
-.		nr aP \\n(aP+1
-.		nr cF \\n(.f
-.		nr cZ \\n(.s
-.		nR
-.		if \\n(nS>0 \{\
-.			if \\n(fZ>0 .br
-.		\}
-.	\}
-.\}
-..
-.de fC
-.ie \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.		ds Fb
-.		nr fB 0
-.		nr Fb 0
-.		fB \\*(A\\n(aP
-.		if \\n(fB>1 \{\
-.			rm A\\n(aP
-.			rn Fb A\\n(aP
-.		\}
-.	if \\n(fC>1 \{\
-.		as b1 \&\f\\n(cF\s\\n(cZ,\\*(S\\n(aP\\*(fA\\*(A\\n(aP\fP\s0
-.	\}
-.	if \\n(fC==1 \{\
-.		as b1 \&\|\\*(fA\\*(A\\n(aP\fP\s0
-.	\}
-.	nr fC \\n(fC+1
-.	fC
-.\}
-.el  \{\
-.	aY
-.\}
-..
-.de Fn
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm Usage: .Fn function_name function_arg(s) ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN Fn
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(nS>0 \{\
-.	if \\n(fY==0 \{\
-.		if \\n(fZ>0 \{\
-.			Pp
-.			nr fX 0
-.			nr fD 0
-.		\}
-.	\}
-.	if \\n(fY==1 \{\
-.		br
-.		nr fX 0
-.		nr fD 0
-.		nr fY 0
-.	\}
-.	if \\n(fD>0 \{\
-.		Pp
-.		nr fX 0
-.	\}
-.	if \\n(fX>0 \{\
-.		Pp
-.		nr fD 0
-.	\}
-.	nr fZ \\n(fZ+1
-.	nr fY 0
-.	rs
-.	ie \\n(nS>1 .br
-.	el \{\
-.		if \\n(iS==0 \{\
-.			nr iS ((8)*\\n(fW)u
-.		\}
-.	\}
-.	in +\\n(iSu
-.	ti -\\n(iSu
-.	nr nS \\n(nS+1
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	nr cF \\n(.f
-.	nr cZ \\n(.s
-.	as b1 \\*(fN\\*(A\\n(aP\fP\s0\\*(lp
-.	ie \\n(aC>\\n(aP \{\
-.		as b1 \\*(fA
-.		nr aP \\n(aP+1
-.		f\\n(C\\n(aP
-.	\}
-.	el \{\
-.		as b1 \|\\*(rp
-.		aZ
-.	\}
-.	if \\n(nS>0 \{\
-. 		in -\\n(iSu
-.	\}
-.\}
-..
-.de f1
-.as b1 \\*(rp\f\\n(cF\s\\n(cZ
-.\\*(A\\n(aP
-..
-.de f2
-.if \\n(nS>0 \{\
-.	ds Fb
-.	nr fB 0
-.	nr Fb 0
-.	fB \\*(A\\n(aP
-.	if \\n(fB>1 \{\
-.		rm A\\n(aP
-.		rn Fb A\\n(aP
-.	\}
-.\}
-.as b1 \\*(A\\n(aP
-.ie \\n(aC>\\n(aP \{\
-.	nr aa \\n(aP
-.	nr aP \\n(aP+1
-.	if \\n(C\\n(aP==2 \{\
-.		as b1 \&\|\f\\n(cF\s\\n(cZ,\\*(S\\n(aa\fP\s0\|
-.	\}
-.	f\\n(C\\n(aP
-.\}
-.el  \{\
-.	as b1 \\*(rp\f\\n(cF\s\\n(cZ
-.	aZ
-.\}
-..
-.de f3
-.as b1 \\*(rp\f\\n(cF\s\\n(cZ\\*(A\\n(aP
-.ie \\n(aC>\\n(aP \{\
-.	No
-.\}
-.el .aZ
-..
-.de f4
-.as b1 \\*(rp\f\\n(cF\s\\n(cZ\\*(S\\n(aP\\*(A\\n(aP
-.ie \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	No
-.\}
-.el .aZ
-..
-.de Fo
-.hy 0
-.if \\n(aC==0 \{\
-.	ie \\n(.$==0 .tm Usage: .Fo function_name
-.	el \{\
-.		ds mN Fo
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(nS>0 \{\
-.	if \\n(fY==0 \{\
-.		if \\n(fZ>0 \{\
-.			Pp
-.			nr fX 0
-.			nr fD 0
-.		\}
-.	\}
-.	if \\n(fY==1 \{\
-.		br
-.		nr fX 0
-.		nr fD 0
-.		nr fY 0
-.	\}
-.	if \\n(fD>0 \{\
-.		Pp
-.		nr fX 0
-.	\}
-.	if \\n(fX>0 \{\
-.		Pp
-.		nr fD 0
-.	\}
-.	nr fZ \\n(fZ+1
-.	nr fY 0
-.	rs
-.	ie \\n(nS>1 .br
-.	el \{\
-.		if \\n(iS==0 \{\
-.			nr iS ((8)*\\n(fW)u
-.		\}
-.	\}
-.	in +\\n(iSu
-.	ti -\\n(iSu
-.	nr nS \\n(nS+1
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr oM \\n(oM+1
-.	nr fC 1
-.	nr aP \\n(aP+1
-.	nr cF \\n(.f
-.	nr cZ \\n(.s
-.	as b1 \\*(fN\\*(A\\n(aP\fP\s0\\*(lp
-.	aY
-.\}
-..
-.de Fc
-.if \\n(aC==0 \{\
-.	if \\n(.$>0 \{\
-.		ds mN Fo
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.nr fC 0
-.nr oM \\n(oM-1
-.as b1 \|\\*(rp
-.ie \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.	\\*(A\\n(aP
-.\}
-.el \{\
-.	aZ
-.\}
-.if \\n(nS>0 \{\
-.	in -\\n(iSu
-.\}
-.hy
-..
-.de fB
-.if \\n(fB==0 \{\
-.	nr fB \\n(.$
-.	nr Fb 0
-.	ds Fb
-.\}
-.nr Fb \\n(Fb+1
-.as Fb \&\\$1
-.if \\n(Fb<\\n(fB \{\
-.	as Fb \&\\*(hV
-.	fB \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.\}
-..
-.de Rs
-.nr rS 1
-.rC
-.if \\n(nA==1 .Pp
-.nr Kl 0
-..
-.de Re
-.rZ
-.rC
-.nr rS 0
-..
-.de rC
-.nr uK 0
-.nr jK 0
-.nr nK 0
-.nr oK 0
-.nr qK 0
-.nr rK 0
-.nr tK 0
-.nr vK 0
-.nr dK 0
-.nr pK 0
-.nr bK 0
-.ds rS
-.rm U1 U2 U3 U4 U5 U6 U7 U8
-.rm uK jK nK oK rK qK tK vK dK pK bK
-..
-.de rZ
-.if \\n(uK \{\&\\*(U1,
-.	nr aK 1
-.	if (\\n(uK>1 \{\
-.		aK
-.	\}
-.	nr Kl -\\n(uK
-.\}
-.if \\n(tK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \{\
-.		ie (\\n(jK==1):(\\n(bK==1) \{\&\\*q\\*(tK\\*q.
-.		\}
-.		el \{\&\\*(eM\\*(tK\\*(nO.
-.		\}
-.	\}
-.	if \\n(Kl>0 \{\
-.		ie (\\n(jK==1):(\\n(bK==1) \{\&\\*q\\*(tK\\*q,
-.		\}
-.		el \{\&\\*(eM\\*(tK\\*(nO,
-.		\}
-.	\}
-.\}
-.if \\n(bK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(eM\\*(bK\\*(nO.
-.	if \\n(Kl>0 \&\\*(eM\\*(bK\\*(nO,
-.\}
-.if \\n(jK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(eM\\*(jK\\*(nO.
-.	if \\n(Kl>0 \&\\*(eM\\*(jK\\*(nO,
-.\}
-.if \\n(rK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(rK.
-.	if \\n(Kl>0 \&\\*(rK,
-.\}
-.if \\n(nK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(nK.
-.	if \\n(Kl>0 \&\\*(nK,
-.\}
-.if \\n(vK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(vK.
-.	if \\n(Kl>0 \&\\*(vK,
-.\}
-.if \\n(pK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(pK.
-.	if \\n(Kl>0 \&\\*(pK,
-.\}
-.if \\n(qK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(qK.
-.	if \\n(Kl>0 \&\\*(qK,
-.\}
-.if \\n(dK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(dK.
-.	if \\n(Kl>0 \&\\*(dK,
-.\}
-.if \\n(oK \{\
-.	nr Kl \\n(Kl-1
-.	if \\n(Kl==0 \&\\*(oK.
-.	if \\n(Kl>0 \&\\*(oK,
-.\}
-.if \\n(Kl>0 .tm unresolved reference problem
-..
-.de aK
-.nr aK \\n(aK+1
-.ie (\\n(uK-\\n(aK)==0 \{\&and \\*(U\\n(aK,
-.\}
-.el \{\&\\*(U\\n(aK,
-.	aK
-.\}
-..
-.de %A
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%A Author_name (#\\n(.c)
-.	el \{\
-.		nr uK \\n(uK+1
-.		nr Kl \\n(Kl+1
-.		ds rS U\\n(uK
-.		ds mN %A
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %B
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%B Book Name (#\\n(.c)
-.       el \{\
-.		ds mN %B
-.		if \\n(rS>0 \{\
-.			nr bK \\n(bK+1
-.			nr Kl \\n(Kl+1
-.			ds rS bK
-.		\}
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.	ie \\n(rS==0 \{\
-.		as b1 \&\\*(eM
-.		nR
-.	\}
-.	el .rR
-.\}
-..
-.de %D
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%D Date (#\\n(.c)
-.       el \{\
-.		ds mN %D
-.		nr dK \\n(dK+1
-.		nr Kl \\n(Kl+1
-.		ds rS dK
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %J
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%J Journal Name (#\\n(.c)
-.       el \{\
-.		ds mN %J
-.		nr jK \\n(jK+1
-.		ds rS jK
-.		nr Kl \\n(Kl+1
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %N
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%N issue number (#\\n(.c)
-.	el \{\
-.		nr nK \\n(nK+1
-.		nr Kl \\n(Kl+1
-.		ds rS nK
-.		ds mN %N
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %O
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%O optional information ... \\*(Pu (#\\n(.c)
-.       el \{\
-.		ds mN %O
-.		nr oK \\n(oK+1
-.		nr Kl \\n(Kl+1
-.		ds rS oK
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %P
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%P page numbers ... \\*(Pu (#\\n(.c)
-.       el \{\
-.		ds mN %P
-.		nr pK \\n(pK+1
-.		nr Kl \\n(Kl+1
-.		ds rS pK
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %Q
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%Q Corporate or Foreign Author (#\\n(.c)
-.       el \{\
-.		ds mN %Q
-.		nr qK \\n(qK+1
-.		nr Kl \\n(Kl+1
-.		ds rS qK
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %R
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%R reference report (#\\n(.c)
-.       el \{\
-.		ds mN %R
-.		nr rK \\n(rK+1
-.		nr Kl \\n(Kl+1
-.		ds rS rK
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de %T
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%T (#\\n(.c)
-.       el \{\
-.		ds mN %T
-.		if \\n(rS>0 \{\
-.			nr tK \\n(tK+1
-.			nr Kl \\n(Kl+1
-.			ds rS tK
-.		\}
-.               ds A1 \\$1
-.               ds A2 \\$2
-.               ds A3 \\$3
-.               ds A4 \\$4
-.               ds A5 \\$5
-.               ds A6 \\$6
-.               ds A7 \\$7
-.               ds A8 \\$8
-.               ds A9 \\$9
-.		nr fV \\n(.$
-.		fV
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.		nr aP \\n(aP+1
-.		nr cF \\n(.f
-.		nr cZ \\n(.s
-.		ie \\n(rS==0 \{\
-.			as b1 \&\\*(eM
-.			nR
-.		\}
-.		el .rR
-.\}
-..
-.de %V
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .%V Volume , ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN %V
-.		nr vK \\n(vK+1
-.		nr Kl \\n(Kl+1
-.		ds rS vK
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       rR
-.\}
-..
-.de rR
-.hy 0
-.nr jM \\n(C\\n(aP
-.ie \\n(jM==1 \{\
-.	ie "\\*(A\\n(aP"Tn" \{\
-.		nN
-.	\}
-.	el \{\
-.		if \\n(aC>8 .tm Usage: \\*(mN - maximum 8 arguments (#\\n(.c)
-.		aI rR 1
-.		\\*(A\\n(aP
-.	\}
-.\}
-.el \{\
-.	nr jN \\n(aP
-.	ie \\n(jM==2 .as b1 \&\\*(A\\n(aP
-.	el .as b1 \&\\*(A\\n(aP
-.	ie \\n(aC==\\n(aP \{\
-.		rD
-.	\}
-.	el \{\
-.		nr aP \\n(aP+1
-.		as b1 \&\\*(S\\n(jN
-.		rR
-.	\}
-.\}
-.rr jM jN
-..
-.de rD
-.as \\*(rS \\*(b1
-.ds b1
-.ds rS
-.aY
-..
-.de Hf
-.Pp
-File:
-.Pa \\$1
-.Pp
-.nr cF \\n(.f
-.nr cZ \\n(.s
-.ie t \{\
-\&\\*(lI
-.br
-.ta +9n 18n 27n 36n 45n 54n 63n 72n
-.\}
-.el \{\
-.ta +8n 16n 24n 32n 40n 48n 56n 64n 72n
-.\}
-.nf
-.so  \\$1
-.fi
-.ft \\n(cF
-.fz \\n(cZ
-.Pp
-..
-.nr aN 0
-.de An
-.if \\n(nY==1 \{\
-.	ie \\n(aN==1 \{\
-.		br
-.	\}
-.	el \{\
-.		nr aN 1
-.	\}
-.\}
-.if \\n(aC==0 \{\
-.       ie \\n(.$==0 .tm Usage: .An author_name ... \\*(Pu (#\\n(.c)
-.	el \{\
-.		ds mN An
-.		aV \\$1 \\$2 \\$3 \\$4 \\$5 \\$6 \\$7 \\$8 \\$9
-.	\}
-.\}
-.if \\n(aC>\\n(aP \{\
-.	nr aP \\n(aP+1
-.       nr cF \\n(.f
-.	nr cZ \\n(.s
-.       nR
-.\}
-..
-.de Sf
-.tm .Sf defunct, use prefix or Ns
-..
-.ds rV "function returns the value 0 if successful; otherwise the value -1 is returned and the global variable \\*(vAerrno\fP is set to indicate the error.
-.de Rv
-.ie \\n(.$==0 \{\
-.tm Usage: .Rv [-std] (#\\n(.c)
-.\}
-.el \{\
-.	ds mN Rv
-.	if "\\$1"-std" \{\
-.	nr cH \\*(cH
-.	if (\\n(cH<2):(\\n(cH>3) .tm Usage: .Rv -std sections 2 and 3 only
-.		br
-\&The
-.Fn \\$2
-\&\\*(rV
-.	\}
-.\}
-..
diff --git a/src/appl/telnet/telnet/tn3270.c b/src/appl/telnet/telnet/tn3270.c
deleted file mode 100644
index c46ae7e..0000000
--- a/src/appl/telnet/telnet/tn3270.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)tn3270.c	8.1 (Berkeley) 6/6/93 */
-
-#include <sys/types.h>
-#include <arpa/telnet.h>
-
-#include "general.h"
-
-#include "defines.h"
-#include "ring.h"
-#include "externs.h"
-#include "fdset.h"
-
-#if	defined(TN3270)
-
-#include "../ctlr/screen.h"
-#include "../general/globals.h"
-
-#include "../sys_curses/telextrn.h"
-#include "../ctlr/externs.h"
-
-#if	defined(unix)
-int
-	HaveInput,		/* There is input available to scan */
-	cursesdata,		/* Do we dump curses data? */
-	sigiocount;		/* Number of times we got a SIGIO */
-
-char	tline[200];
-char	*transcom = 0;	/* transparent mode command (default: none) */
-#endif	/* defined(unix) */
-
-char	Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp;
-
-static char	sb_terminal[] = { IAC, SB,
-			TELOPT_TTYPE, TELQUAL_IS,
-			'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2',
-			IAC, SE };
-#define	SBTERMMODEL	13
-
-static int
-	Sent3270TerminalType;	/* Have we said we are a 3270? */
-
-#endif	/* defined(TN3270) */
-
-
-    void
-init_3270()
-{
-#if	defined(TN3270)
-#if	defined(unix)
-    HaveInput = 0;
-    sigiocount = 0;
-#endif	/* defined(unix) */
-    Sent3270TerminalType = 0;
-    Ifrontp = Ibackp = Ibuf;
-    init_ctlr();		/* Initialize some things */
-    init_keyboard();
-    init_screen();
-    init_system();
-#endif	/* defined(TN3270) */
-}
-
-
-#if	defined(TN3270)
-
-/*
- * DataToNetwork - queue up some data to go to network.  If "done" is set,
- * then when last byte is queued, we add on an IAC EOR sequence (so,
- * don't call us with "done" until you want that done...)
- *
- * We actually do send all the data to the network buffer, since our
- * only client needs for us to do that.
- */
-
-    int
-DataToNetwork(buffer, count, done)
-    register char *buffer;	/* where the data is */
-    register int  count;	/* how much to send */
-    int		  done;		/* is this the last of a logical block */
-{
-    register int loop, c;
-    int origCount;
-
-    origCount = count;
-
-    while (count) {
-	/* If not enough room for EORs, IACs, etc., wait */
-	if (NETROOM() < 6) {
-	    fd_set o;
-
-	    FD_ZERO(&o);
-	    netflush();
-	    while (NETROOM() < 6) {
-		FD_SET(net, &o);
-		(void) select(net+1, (fd_set *) 0, &o, (fd_set *) 0,
-						(struct timeval *) 0);
-		netflush();
-	    }
-	}
-	c = ring_empty_count(&netoring);
-	if (c > count) {
-	    c = count;
-	}
-	loop = c;
-	while (loop) {
-	    if (((unsigned char)*buffer) == IAC) {
-		break;
-	    }
-	    buffer++;
-	    loop--;
-	}
-	if ((c = c-loop)) {
-	    ring_supply_data(&netoring, buffer-c, c);
-	    count -= c;
-	}
-	if (loop) {
-	    NET2ADD(IAC, IAC);
-	    count--;
-	    buffer++;
-	}
-    }
-
-    if (done) {
-	NET2ADD(IAC, EOR);
-	netflush();		/* try to move along as quickly as ... */
-    }
-    return(origCount - count);
-}
-
-
-#if	defined(unix)
-    void
-inputAvailable(signo)
-	int signo;
-{
-    HaveInput = 1;
-    sigiocount++;
-}
-#endif	/* defined(unix) */
-
-    void
-outputPurge()
-{
-    (void) ttyflush(1);
-}
-
-
-/*
- * The following routines are places where the various tn3270
- * routines make calls into telnet.c.
- */
-
-/*
- * DataToTerminal - queue up some data to go to terminal.
- *
- * Note: there are people who call us and depend on our processing
- * *all* the data at one time (thus the select).
- */
-
-    int
-DataToTerminal(buffer, count)
-    register char	*buffer;		/* where the data is */
-    register int	count;			/* how much to send */
-{
-    register int c;
-    int origCount;
-
-    origCount = count;
-
-    while (count) {
-	if (TTYROOM() == 0) {
-#if	defined(unix)
-	    fd_set o;
-
-	    FD_ZERO(&o);
-#endif	/* defined(unix) */
-	    (void) ttyflush(0);
-	    while (TTYROOM() == 0) {
-#if	defined(unix)
-		FD_SET(tout, &o);
-		(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-						(struct timeval *) 0);
-#endif	/* defined(unix) */
-		(void) ttyflush(0);
-	    }
-	}
-	c = TTYROOM();
-	if (c > count) {
-	    c = count;
-	}
-	ring_supply_data(&ttyoring, buffer, c);
-	count -= c;
-	buffer += c;
-    }
-    return(origCount);
-}
-
-
-/*
- * Push3270 - Try to send data along the 3270 output (to screen) direction.
- */
-
-    int
-Push3270()
-{
-    int save = ring_full_count(&netiring);
-
-    if (save) {
-	if (Ifrontp+save > Ibuf+sizeof Ibuf) {
-	    if (Ibackp != Ibuf) {
-		memcpy(Ibuf, Ibackp, Ifrontp-Ibackp);
-		Ifrontp -= (Ibackp-Ibuf);
-		Ibackp = Ibuf;
-	    }
-	}
-	if (Ifrontp+save < Ibuf+sizeof Ibuf) {
-	    (void)telrcv();
-	}
-    }
-    return save != ring_full_count(&netiring);
-}
-
-
-/*
- * Finish3270 - get the last dregs of 3270 data out to the terminal
- *		before quitting.
- */
-
-    void
-Finish3270()
-{
-    while (Push3270() || !DoTerminalOutput()) {
-#if	defined(unix)
-	HaveInput = 0;
-#endif	/* defined(unix) */
-	;
-    }
-}
-
-
-/* StringToTerminal - output a null terminated string to the terminal */
-
-    void
-StringToTerminal(s)
-    char *s;
-{
-    int count;
-
-    count = strlen(s);
-    if (count) {
-	(void) DataToTerminal(s, count);	/* we know it always goes... */
-    }
-}
-
-
-#if	((!defined(NOT43)) || defined(PUTCHAR))
-/* _putchar - output a single character to the terminal.  This name is so that
- *	curses(3x) can call us to send out data.
- */
-
-    void
-_putchar(c)
-    char c;
-{
-#if	defined(sun)		/* SunOS 4.0 bug */
-    c &= 0x7f;
-#endif	/* defined(sun) */
-    if (cursesdata) {
-	Dump('>', &c, 1);
-    }
-    if (!TTYROOM()) {
-	(void) DataToTerminal(&c, 1);
-    } else {
-	TTYADD(c);
-    }
-}
-#endif	/* ((!defined(NOT43)) || defined(PUTCHAR)) */
-
-    void
-SetIn3270()
-{
-    if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY)
-		&& my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) {
-	if (!In3270) {
-	    In3270 = 1;
-	    Init3270();		/* Initialize 3270 functions */
-	    /* initialize terminal key mapping */
-	    InitTerminal();	/* Start terminal going */
-	    setconnmode(0);
-	}
-    } else {
-	if (In3270) {
-	    StopScreen(1);
-	    In3270 = 0;
-	    Stop3270();		/* Tell 3270 we aren't here anymore */
-	    setconnmode(0);
-	}
-    }
-}
-
-/*
- * tn3270_ttype()
- *
- *	Send a response to a terminal type negotiation.
- *
- *	Return '0' if no more responses to send; '1' if a response sent.
- */
-
-    int
-tn3270_ttype()
-{
-    /*
-     * Try to send a 3270 type terminal name.  Decide which one based
-     * on the format of our screen, and (in the future) color
-     * capaiblities.
-     */
-    InitTerminal();		/* Sets MaxNumberColumns, MaxNumberLines */
-    if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) {
-	Sent3270TerminalType = 1;
-	if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) {
-	    MaxNumberLines = 27;
-	    MaxNumberColumns = 132;
-	    sb_terminal[SBTERMMODEL] = '5';
-	} else if (MaxNumberLines >= 43) {
-	    MaxNumberLines = 43;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '4';
-	} else if (MaxNumberLines >= 32) {
-	    MaxNumberLines = 32;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '3';
-	} else {
-	    MaxNumberLines = 24;
-	    MaxNumberColumns = 80;
-	    sb_terminal[SBTERMMODEL] = '2';
-	}
-	NumberLines = 24;		/* before we start out... */
-	NumberColumns = 80;
-	ScreenSize = NumberLines*NumberColumns;
-	if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) {
-	    ExitString("Programming error:  MAXSCREENSIZE too small.\n",
-								1);
-	    /*NOTREACHED*/
-	}
-	printsub('>', sb_terminal+2, sizeof sb_terminal-2);
-	ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal);
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-#if	defined(unix)
-	int
-settranscom(argc, argv)
-	int argc;
-	char *argv[];
-{
-	int i;
-
-	if (argc == 1 && transcom) {
-	   transcom = 0;
-	}
-	if (argc == 1) {
-	   return 1;
-	}
-	transcom = tline;
-	(void) strncpy(transcom, argv[1], sizeof(tline) - 1);
-	tline[sizeof(tline) - 1] = '\0';
-	for (i = 2; i < argc; ++i) {
-	    (void) strncat(transcom, " ", sizeof(tline) - 1 - (transcom - tline));
-	    (void) strncat(transcom, argv[i], sizeof(tline) - 1 - (transcom - tline));
-	}
-	return 1;
-}
-#endif	/* defined(unix) */
-
-#endif	/* defined(TN3270) */
diff --git a/src/appl/telnet/telnet/types.h b/src/appl/telnet/telnet/types.h
deleted file mode 100644
index 191d311..0000000
--- a/src/appl/telnet/telnet/types.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)types.h	8.1 (Berkeley) 6/6/93
- */
-
-typedef struct {
-    char *modedescriptions;
-    char modetype;
-} Modelist;
-
-extern Modelist modelist[];
-
-typedef struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	gotDM;			/* when did we last see a data mark */
-} Clocks;
-
-extern Clocks clocks;
diff --git a/src/appl/telnet/telnet/utilities.c b/src/appl/telnet/telnet/utilities.c
deleted file mode 100644
index dc9f3bc..0000000
--- a/src/appl/telnet/telnet/utilities.c
+++ /dev/null
@@ -1,951 +0,0 @@
-/*
- * Copyright (c) 1988, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)utilities.c	8.1 (Berkeley) 6/6/93 */
-
-#define	TELOPTS
-#define	TELCMDS
-#define	SLC_NAMES
-#include <arpa/telnet.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#include <ctype.h>
-
-#include "general.h"
-
-#include "fdset.h"
-
-#include "ring.h"
-
-#include "defines.h"
-
-#include "externs.h"
-
-#ifdef AUTHENTICATION
-#include <libtelnet/auth.h>
-#endif
-
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-#include <k5-platform.h>
-
-FILE	*NetTrace = 0;		/* Not in bss, since needs to stay */
-int	prettydump;
-
-/*
- * upcase()
- *
- *	Upcase (in place) the argument.
- */
-
-    void
-upcase(argument)
-    register char *argument;
-{
-    register int c;
-
-    while ((c = *argument) != 0) {
-	if (islower(c)) {
-	    *argument = toupper(c);
-	}
-	argument++;
-    }
-}
-
-/*
- * SetSockOpt()
- *
- * Compensate for differences in 4.2 and 4.3 systems.
- */
-
-    int
-SetSockOpt(fd, level, option, yesno)
-    int fd, level, option, yesno;
-{
-#ifndef	NOT43
-    return setsockopt(fd, level, option,
-				(char *)&yesno, sizeof yesno);
-#else	/* NOT43 */
-    if (yesno == 0) {		/* Can't do that in 4.2! */
-	fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n",
-				option);
-	return -1;
-    }
-    return setsockopt(fd, level, option, 0, 0);
-#endif	/* NOT43 */
-}
-
-/*
- * The following are routines used to print out debugging information.
- */
-
-unsigned char NetTraceFile[256] = "(standard output)";
-
-    void
-SetNetTrace(file)
-    register char *file;
-{
-    if (NetTrace && NetTrace != stdout)
-	fclose(NetTrace);
-    if (file  && (strcmp(file, "-") != 0)) {
-	NetTrace = fopen(file, "w");
-	if (NetTrace) {
-	    strncpy((char *)NetTraceFile, file, sizeof(NetTraceFile) - 1);
-	    NetTraceFile[sizeof(NetTraceFile) - 1] = '\0';
-	    return;
-	}
-	fprintf(stderr, "Cannot open %s.\n", file);
-    }
-    NetTrace = stdout;
-    strncpy((char *)NetTraceFile, "(standard output)", sizeof(NetTraceFile) - 1);
-    NetTraceFile[sizeof(NetTraceFile) - 1] = '\0';
-}
-
-    void
-Dump(direction, buffer, length)
-    char direction;
-    unsigned char *buffer;
-    int length;
-{
-#   define BYTES_PER_LINE	32
-#   define min(x,y)	((x<y)? x:y)
-    unsigned char *pThis;
-    int offset;
-
-    offset = 0;
-
-    while (length) {
-	/* print one line */
-	fprintf(NetTrace, "%c 0x%x\t", direction, offset);
-	pThis = buffer;
-	if (prettydump) {
-	    buffer = buffer + min(length, BYTES_PER_LINE/2);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%c%.2x",
-		    (((*pThis)&0xff) == 0xff) ? '*' : ' ',
-		    (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE/2;
-	    offset += BYTES_PER_LINE/2;
-	} else {
-	    buffer = buffer + min(length, BYTES_PER_LINE);
-	    while (pThis < buffer) {
-		fprintf(NetTrace, "%.2x", (*pThis)&0xff);
-		pThis++;
-	    }
-	    length -= BYTES_PER_LINE;
-	    offset += BYTES_PER_LINE;
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	if (length < 0) {
-	    fflush(NetTrace);
-	    return;
-	}
-	/* find next unique line */
-    }
-    fflush(NetTrace);
-}
-
-
-	void
-printoption(direction, cmd, option)
-	char *direction;
-	int cmd, option;
-{
-	if (!showoptions)
-		return;
-	if (cmd == IAC) {
-		if (TELCMD_OK(option))
-		    fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option));
-		else
-		    fprintf(NetTrace, "%s IAC %d", direction, option);
-	} else {
-		register char *fmt;
-		fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" :
-			(cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0;
-		if (fmt) {
-		    fprintf(NetTrace, "%s %s ", direction, fmt);
-		    if (TELOPT_OK(option))
-			fprintf(NetTrace, "%s", TELOPT(option));
-		    else if (option == TELOPT_EXOPL)
-			fprintf(NetTrace, "EXOPL");
-		    else
-			fprintf(NetTrace, "%d", option);
-		} else
-		    fprintf(NetTrace, "%s %d %d", direction, cmd, option);
-	}
-	if (NetTrace == stdout) {
-	    fprintf(NetTrace, "\r\n");
-	    fflush(NetTrace);
-	} else {
-	    fprintf(NetTrace, "\n");
-	}
-	return;
-}
-
-    void
-optionstatus()
-{
-    register int i;
-    extern char will_wont_resp[], do_dont_resp[];
-
-    for (i = 0; i < 256; i++) {
-	if (do_dont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]);
-	    else
-		printf("resp DO_DONT %d: %d\n", i,
-				do_dont_resp[i]);
-	    if (my_want_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("want DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DO   %s\n", TELCMD(i));
-		else
-		    printf("want DO   %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want DONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want DONT %s\n", TELCMD(i));
-		else
-		    printf("want DONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_do(i)) {
-		if (TELOPT_OK(i))
-		    printf("     DO   %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     DO   %s\n", TELCMD(i));
-		else
-		    printf("     DO   %d\n", i);
-	    }
-	}
-	if (will_wont_resp[i]) {
-	    if (TELOPT_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]);
-	    else if (TELCMD_OK(i))
-		printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]);
-	    else
-		printf("resp WILL_WONT %d: %d\n",
-				i, will_wont_resp[i]);
-	    if (my_want_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("want WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WILL %s\n", TELCMD(i));
-		else
-		    printf("want WILL %d\n", i);
-	    } else {
-		if (TELOPT_OK(i))
-		    printf("want WONT %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("want WONT %s\n", TELCMD(i));
-		else
-		    printf("want WONT %d\n", i);
-	    }
-	} else {
-	    if (my_state_is_will(i)) {
-		if (TELOPT_OK(i))
-		    printf("     WILL %s\n", TELOPT(i));
-		else if (TELCMD_OK(i))
-		    printf("     WILL %s\n", TELCMD(i));
-		else
-		    printf("     WILL %d\n", i);
-	    }
-	}
-    }
-
-}
-
-    void
-printsub(direction, pointer, length)
-    char direction;	/* '<' or '>' */
-    unsigned char *pointer;	/* where suboption data sits */
-    int		  length;	/* length of suboption data */
-{
-    register int i;
-    unsigned char buf[512];
-    extern int want_status_response;
-
-    if (showoptions || direction == 0 ||
-	(want_status_response && (pointer[0] == TELOPT_STATUS))) {
-	if (direction) {
-	    fprintf(NetTrace, "%s IAC SB ",
-				(direction == '<')? "RCVD":"SENT");
-	    if (length >= 3) {
-		register int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    fprintf(NetTrace, "(terminated by ");
-		    if (TELOPT_OK(i))
-			fprintf(NetTrace, "%s ", TELOPT(i));
-		    else if (TELCMD_OK(i))
-			fprintf(NetTrace, "%s ", TELCMD(i));
-		    else
-			fprintf(NetTrace, "%d ", i);
-		    if (TELOPT_OK(j))
-			fprintf(NetTrace, "%s", TELOPT(j));
-		    else if (TELCMD_OK(j))
-			fprintf(NetTrace, "%s", TELCMD(j));
-		    else
-			fprintf(NetTrace, "%d", j);
-		    fprintf(NetTrace, ", not IAC SE!) ");
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    fprintf(NetTrace, "(Empty suboption??\?)");
-	    if (NetTrace == stdout)
-		fflush(NetTrace);
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    fprintf(NetTrace, "TERMINAL-TYPE ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace,
-				"- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-	case TELOPT_TSPEED:
-	    fprintf(NetTrace, "TERMINAL-SPEED");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " IS ");
-		fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2);
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    fprintf(NetTrace, "TOGGLE-FLOW-CONTROL");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		fprintf(NetTrace, " OFF"); break;
-	    case LFLOW_ON:
-		fprintf(NetTrace, " ON"); break;
-	    case LFLOW_RESTART_ANY:
-		fprintf(NetTrace, " RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		fprintf(NetTrace, " RESTART-XON"); break;
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    }
-	    for (i = 2; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_NAWS:
-	    fprintf(NetTrace, "NAWS");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    if (length == 2) {
-		fprintf(NetTrace, " ?%d?", pointer[1]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    if (length == 4) {
-		fprintf(NetTrace, " ?%d?", pointer[3]);
-		break;
-	    }
-	    fprintf(NetTrace, " %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    for (i = 5; i < length; i++)
-		fprintf(NetTrace, " ?%d?", pointer[i]);
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    fprintf(NetTrace, "AUTHENTICATION");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ?
-							"IS" : "REPLY");
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, "%d ", pointer[2]);
-		if (length < 3) {
-		    fprintf(NetTrace, "(partial suboption??\?)");
-		    break;
-		}
-		fprintf(NetTrace, "%s|%s%s",
-			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-			"CLIENT" : "SERVER",
-			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-			"MUTUAL" : "ONE-WAY",
-			((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
-			"|ENCRYPT" : "");
-		auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		fprintf(NetTrace, " SEND ");
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    if (++i >= length) {
-			fprintf(NetTrace, "(partial suboption??\?)");
-			break;
-		    }
-		    fprintf(NetTrace, "%s|%s%s ",
-			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
-							"CLIENT" : "SERVER",
-			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
-							"MUTUAL" : "ONE-WAY",
-			((pointer[i] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
-							"|ENCRYPT" : "");
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		fprintf(NetTrace, " NAME \"");
-		while (i < length)
-		    putc(pointer[i++], NetTrace);
-		putc('"', NetTrace);
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++)
-			fprintf(NetTrace, " ?%d?", pointer[i]);
-		    break;
-	    }
-	    break;
-#endif
-
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    fprintf(NetTrace, "ENCRYPT");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		fprintf(NetTrace, " START");
-		break;
-
-	    case ENCRYPT_END:
-		fprintf(NetTrace, " END");
-		break;
-
-	    case ENCRYPT_REQSTART:
-		fprintf(NetTrace, " REQUEST-START");
-		break;
-
-	    case ENCRYPT_REQEND:
-		fprintf(NetTrace, " REQUEST-END");
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		if (length < 3) {
-		    fprintf(NetTrace, " (partial suboption??\?)");
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[2]);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		fprintf(NetTrace, "%s", buf);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		fprintf(NetTrace, " SUPPORT ");
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			fprintf(NetTrace, "%d ", pointer[i]);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		fprintf(NetTrace, " ENC_KEYID ");
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		fprintf(NetTrace, " DEC_KEYID ");
-		goto encommon;
-
-	    default:
-		fprintf(NetTrace, " %d (unknown)", pointer[1]);
-	    encommon:
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-		break;
-	    }
-	    break;
-#endif	/* ENCRYPTION */
-
-	case TELOPT_LINEMODE:
-	    fprintf(NetTrace, "LINEMODE ");
-	    if (length < 2) {
-		fprintf(NetTrace, " (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		fprintf(NetTrace, "WILL ");
-		goto common;
-	    case WONT:
-		fprintf(NetTrace, "WONT ");
-		goto common;
-	    case DO:
-		fprintf(NetTrace, "DO ");
-		goto common;
-	    case DONT:
-		fprintf(NetTrace, "DONT ");
-	    common:
-		if (length < 3) {
-		    fprintf(NetTrace, "(no option??\?)");
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    fprintf(NetTrace, "Forward Mask");
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %x", pointer[i]);
-		    break;
-		default:
-		    fprintf(NetTrace, "%d (unknown)", pointer[2]);
-		    for (i = 3; i < length; i++)
-			fprintf(NetTrace, " %d", pointer[i]);
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		fprintf(NetTrace, "SLC");
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
-			fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
-		    else
-			fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			fprintf(NetTrace, " NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			fprintf(NetTrace, " CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			fprintf(NetTrace, " VARIABLE"); break;
-		    case SLC_DEFAULT:
-			fprintf(NetTrace, " DEFAULT"); break;
-		    }
-		    fprintf(NetTrace, "%s%s%s",
-			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
-			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS))
-			fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]);
-		    fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-
-	    case LM_MODE:
-		fprintf(NetTrace, "MODE ");
-		if (length < 3) {
-		    fprintf(NetTrace, "(no mode??\?)");
-		    break;
-		}
-		{
-		    char tbuf[64];
-		    snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s",
-			pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
-			pointer[2]&MODE_ACK ? "|ACK" : "");
-		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
-		}
-		if (pointer[2]&~(MODE_MASK))
-		    fprintf(NetTrace, " (0x%x)", pointer[2]);
-		for (i = 3; i < length; i++)
-		    fprintf(NetTrace, " ?0x%x?", pointer[i]);
-		break;
-	    default:
-		fprintf(NetTrace, "%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " %d", pointer[i]);
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    register char *cp;
-	    register int j, k;
-
-	    fprintf(NetTrace, "STATUS");
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    fprintf(NetTrace, " SEND");
-		else
-		    fprintf(NetTrace, " %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    fprintf(NetTrace, " ?%d?", pointer[i]);
-		break;
-	    case TELQUAL_IS:
-		if (--want_status_response < 0)
-		    want_status_response = 0;
-		if (NetTrace == stdout)
-		    fprintf(NetTrace, " IS\r\n");
-		else
-		    fprintf(NetTrace, " IS\n");
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			if (TELOPT_OK((int)pointer[i]))
-			    fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i]));
-			else
-			    fprintf(NetTrace, " %s %d", cp, pointer[i]);
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-			break;
-
-		    case SB:
-			fprintf(NetTrace, " SB ");
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    fprintf(NetTrace, " SE");
-			    i = j;
-			} else
-			    i = j - 1;
-
-			if (NetTrace == stdout)
-			    fprintf(NetTrace, "\r\n");
-			else
-			    fprintf(NetTrace, "\n");
-
-			break;
-
-		    default:
-			fprintf(NetTrace, " %d", pointer[i]);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    fprintf(NetTrace, "X-DISPLAY-LOCATION ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
-		break;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND");
-		break;
-	    default:
-		fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
-				pointer[1], pointer[1]);
-	    }
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    fprintf(NetTrace, "NEW-ENVIRON ");
-#ifdef	OLD_ENVIRON
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    fprintf(NetTrace, "OLD-ENVIRON");
-	env_common1:
-#endif
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		fprintf(NetTrace, "IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		fprintf(NetTrace, "SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		fprintf(NetTrace, "INFO ");
-	    env_common:
-		{
-		    register int noquote = 2;
-#if defined(ENV_HACK) && defined(OLD_ENVIRON)
-		    extern int old_env_var, old_env_value;
-#endif
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VALUE:
-#ifdef OLD_ENVIRON
-		     /*	case NEW_ENV_OVAR: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef	ENV_HACK
-				if (old_env_var == OLD_ENV_VALUE)
-				    fprintf(NetTrace, "\" (VALUE) " + noquote);
-				else
-# endif
-				    fprintf(NetTrace, "\" VAR " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VALUE " + noquote);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VAR:
-#ifdef OLD_ENVIRON
-		     /* case OLD_ENV_VALUE: */
-			    if (pointer[0] == TELOPT_OLD_ENVIRON) {
-# ifdef	ENV_HACK
-				if (old_env_value == OLD_ENV_VAR)
-				    fprintf(NetTrace, "\" (VAR) " + noquote);
-				else
-# endif
-				    fprintf(NetTrace, "\" VALUE " + noquote);
-			    } else
-#endif /* OLD_ENVIRON */
-				fprintf(NetTrace, "\" VAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    fprintf(NetTrace, "\" ESC " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    fprintf(NetTrace, "\" USERVAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			default:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    putc('"', NetTrace);
-				    noquote = 0;
-				}
-				putc(pointer[i], NetTrace);
-			    } else {
-				fprintf(NetTrace, "\" %03o " + noquote,
-							pointer[i]);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			putc('"', NetTrace);
-		    break;
-		}
-	    }
-	    break;
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-		fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0]));
-	    else
-		fprintf(NetTrace, "%d (unknown)", pointer[0]);
-	    for (i = 1; i < length; i++)
-		fprintf(NetTrace, " %d", pointer[i]);
-	    break;
-	}
-	if (direction) {
-	    if (NetTrace == stdout)
-		fprintf(NetTrace, "\r\n");
-	    else
-		fprintf(NetTrace, "\n");
-	}
-	if (NetTrace == stdout)
-	    fflush(NetTrace);
-    }
-}
-
-/* EmptyTerminal - called to make sure that the terminal buffer is empty.
- *			Note that we consider the buffer to run all the
- *			way to the kernel (thus the select).
- */
-
-    void
-EmptyTerminal()
-{
-#if	defined(unix)
-    fd_set	o;
-
-    FD_ZERO(&o);
-#endif	/* defined(unix) */
-
-    if (TTYBYTES() == 0) {
-#if	defined(unix)
-	FD_SET(tout, &o);
-	(void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-			(struct timeval *) 0);	/* wait for TTLOWAT */
-#endif	/* defined(unix) */
-    } else {
-	while (TTYBYTES()) {
-	    (void) ttyflush(0);
-#if	defined(unix)
-	    FD_SET(tout, &o);
-	    (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0,
-				(struct timeval *) 0);	/* wait for TTLOWAT */
-#endif	/* defined(unix) */
-	}
-    }
-}
-
-    void
-SetForExit()
-{
-    setconnmode(0);
-#if	defined(TN3270)
-    if (In3270) {
-	Finish3270();
-    }
-#else	/* defined(TN3270) */
-    do {
-	(void)telrcv();			/* Process any incoming data */
-	EmptyTerminal();
-    } while (ring_full_count(&netiring));	/* While there is any */
-#endif	/* defined(TN3270) */
-    setcommandmode();
-    fflush(stdout);
-    fflush(stderr);
-#if	defined(TN3270)
-    if (In3270) {
-	StopScreen(1);
-    }
-#endif	/* defined(TN3270) */
-    setconnmode(0);
-    EmptyTerminal();			/* Flush the path to the tty */
-    setcommandmode();
-}
-
-    void
-Exit(returnCode)
-    int returnCode;
-{
-    SetForExit();
-    exit(returnCode);
-}
-
-    void
-ExitString(string, returnCode)
-    char *string;
-    int returnCode;
-{
-    SetForExit();
-    fwrite(string, 1, strlen(string), stderr);
-    exit(returnCode);
-}
diff --git a/src/appl/telnet/telnetd/ISSUES b/src/appl/telnet/telnetd/ISSUES
deleted file mode 100644
index 5b61997..0000000
--- a/src/appl/telnet/telnetd/ISSUES
+++ /dev/null
@@ -1,7 +0,0 @@
-Issues to be dealt with in telnetd:
-
-Debug mode won't do ipv6.
-
-FIX: Rewrite listener setup code in main after argument parsing.
-
-Needs auditing.
diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in
deleted file mode 100644
index ac27b78..0000000
--- a/src/appl/telnet/telnetd/Makefile.in
+++ /dev/null
@@ -1,84 +0,0 @@
-thisconfigdir=..
-myfulldir=appl/telnet/telnetd
-mydir=telnetd
-BUILDTOP=$(REL)..$(S)..$(S)..
-# derived from the original Makefile.generic
-#
-# Copyright (c) 1991 The Regents of the University of California.
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms are permitted provided
-# that: (1) source distributions retain this entire copyright notice and
-# comment, and (2) distributions including binaries display the following
-# acknowledgement:  ``This product includes software developed by the
-# University of California, Berkeley and its contributors'' in the
-# documentation or other materials provided with the distribution and in
-# all advertising materials mentioning features or use of this software.
-# Neither the name of the University nor the names of its contributors may
-# be used to endorse or promote products derived from this software without
-# specific prior written permission.
-# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-#
-#	@(#)Makefile.generic	5.5 (Berkeley) 3/1/91
-#
-
-AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -ULOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
-OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
-LOCALINCLUDES=-I.. -I$(srcdir)/..
-DEFINES = -DTELNET_BUFSIZE=65535 $(AUTH_DEF) $(OTHERDEFS)
-ARPA_TELNET= $(srcdir)/../arpa/telnet.h
-
-PROG_LIBPATH=-L$(TOPLIBD)
-PROG_RPATH=$(KRB5_LIBDIR)
-
-LIBS=	@TELNETD_LIBS@
-
-SRCS=	$(srcdir)/telnetd.c \
-	$(srcdir)/termio-tn.c \
-	$(srcdir)/termios-tn.c \
-	$(srcdir)/state.c \
-	$(srcdir)/termstat.c \
-	$(srcdir)/slc.c \
-	$(srcdir)/sys_term.c \
-	$(srcdir)/utility.c \
-	$(srcdir)/global.c \
-	$(srcdir)/authenc.c \
-	$(GETTYSRC)
-OBJS=	telnetd.o \
-	termio-tn.o \
-	termios-tn.o \
-	state.o \
-	termstat.o \
-	slc.o \
-	sys_term.o \
-	utility.o \
-	global.o \
-	authenc.o \
-	$(GETTYOBJ)
-
-all:: telnetd
-
-telnetd: $(OBJS) $(PTY_DEPLIB) $(KRB5_BASE_DEPLIBS) ../libtelnet/libtelnet.a
-	$(CC_LINK) -o $@ $(OBJS) ../libtelnet/libtelnet.a $(PTY_LIB) $(UTIL_LIB) $(KRB5_BASE_LIBS)
-
-clean::
-	$(RM) telnetd
-
-install::
-	for f in telnetd; do \
-	  $(INSTALL_PROGRAM) $$f \
-		$(DESTDIR)$(SERVER_BINDIR)/`echo $$f|sed '$(transform)'`; \
-	  $(INSTALL_DATA) $(srcdir)/$$f.8 \
-		${DESTDIR}$(SERVER_MANDIR)/`echo $$f|sed '$(transform)'`.8; \
-	done
-
-authenc.o: telnetd.h
-global.o: defs.h ext.h $(ARPA_TELNET)
-slc.o: telnetd.h defs.h ext.h $(ARPA_TELNET)
-state.o: telnetd.h defs.h ext.h $(ARPA_TELNET)
-sys_term.o: telnetd.h pathnames.h defs.h ext.h $(ARPA_TELNET)
-telnetd.o: telnetd.h defs.h ext.h $(ARPA_TELNET)
-termstat.o: telnetd.h defs.h ext.h $(ARPA_TELNET)
-utility.o: telnetd.h defs.h ext.h $(ARPA_TELNET)
diff --git a/src/appl/telnet/telnetd/authenc.c b/src/appl/telnet/telnetd/authenc.c
deleted file mode 100644
index 6d8b04c..0000000
--- a/src/appl/telnet/telnetd/authenc.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*-
- * Copyright (c) 1991, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)authenc.c	8.1 (Berkeley) 6/4/93 */
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include "telnetd.h"
-#include <libtelnet/misc.h>
-
-int
-net_write(str, len)
-	unsigned char *str;
-	int len;
-{
-	if (len < 0)
-		return 0;
-	return netwrite(str, (size_t) len);
-}
-
-void
-net_encrypt()
-{
-#ifdef	ENCRYPTION
-	char *s = (nclearto > nbackp) ? nclearto : nbackp;
-	if (s < nfrontp && encrypt_output) {
-		(*encrypt_output)((unsigned char *)s, nfrontp - s);
-	}
-	nclearto = nfrontp;
-#endif /* ENCRYPTION */
-}
-
-	int
-telnet_spin()
-{
-	ttloop();
-	return(0);
-}
-
-	char *
-telnet_getenv(val)
-	char *val;
-{
-	extern char *getenv();
-	return(getenv(val));
-}
-
-	char *
-telnet_gets(prompt, result, length, echo)
-	char *prompt;
-	char *result;
-	int length;
-	int echo;
-{
-	return((char *)0);
-}
-#endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
diff --git a/src/appl/telnet/telnetd/defs.h b/src/appl/telnet/telnetd/defs.h
deleted file mode 100644
index ab653a3..0000000
--- a/src/appl/telnet/telnetd/defs.h
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)defs.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server defines
- */
-#include <sys/types.h>
-#include <sys/param.h>
-
-#ifndef	BSD
-# define	BSD 43
-#endif
-
-#if	defined(CRAY) && !defined(LINEMODE)
-# define SYSV_TERMIO
-# define LINEMODE
-# define KLUDGELINEMODE
-# define DIAGNOSTICS
-# if defined(UNICOS50) && !defined(UNICOS5)
-#  define UNICOS5
-# endif
-# if !defined(UNICOS5)
-#  define BFTPDAEMON
-#  define HAS_IP_TOS
-# endif
-#endif /* CRAY */
-#if defined(UNICOS5) && !defined(NO_SETSID)
-# define NO_SETSID
-#endif
-
-#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS)
-#define TELOPTS
-#define TELCMDS
-#define	SLC_NAMES
-#endif
-
-#if	defined(SYSV_TERMIO) && !defined(USE_TERMIO)
-# define	USE_TERMIO
-#endif
-
-#include <sys/socket.h>
-#ifndef	CRAY
-#include <sys/wait.h>
-#endif	/* CRAY */
-#include <fcntl.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-
-#if TIME_WITH_SYS_TIME
-# include <sys/time.h>
-# include <time.h>
-#else
-# if HAVE_SYS_TIME_H
-#  include <sys/time.h>
-# else
-#  include <time.h>
-# endif
-#endif
-
-#include <sys/ioctl.h>
-#ifdef	HAVE_SYS_FILIO_H
-#include <sys/filio.h>
-#endif
-
-#include <netinet/in.h>
-
-#include <arpa/telnet.h>
-
-/* for socklen() */
-#include "socket-utils.h"
-
-#include <stdio.h>
-#ifdef	__STDC__
-#include <stdlib.h>
-#endif
-#include <signal.h>
-#include <errno.h>
-#include <netdb.h>
-#include <syslog.h>
-#ifndef	LOG_DAEMON
-#define	LOG_DAEMON	0
-#endif
-#ifndef	LOG_ODELAY
-#define	LOG_ODELAY	0
-#endif
-#include <ctype.h>
-#ifndef HAVE_STRING_H
-#include <strings.h>
-#else
-#include <string.h>
-#endif
-
-#ifndef	USE_TERMIO
-#include <sgtty.h>
-#else
-# ifdef	SYSV_TERMIO
-# include <termio.h>
-# else
-# include <termios.h>
-# endif
-#endif
-#if !defined(USE_TERMIO) || defined(NO_CC_T)
-typedef unsigned char cc_t;
-#endif
-
-#ifdef	__STDC__
-#include <unistd.h>
-#endif
-
-#ifndef _POSIX_VDISABLE
-# ifdef VDISABLE
-#  define _POSIX_VDISABLE VDISABLE
-# else
-#  define _POSIX_VDISABLE ((unsigned char)'\377')
-# endif
-#endif
-
-
-#ifdef	CRAY
-# ifdef	CRAY1
-# include <sys/pty.h>
-#  ifndef FD_ZERO
-# include <sys/select.h>
-#  endif /* FD_ZERO */
-# endif	/* CRAY1 */
-
-#ifdef HAVE_MEMORY_H
-#include <memory.h>
-#endif
-#endif	/* CRAY */
-
-#ifdef __hpux
-#include <sys/ptyio.h>
-#endif
-
-#if defined(__alpha) && defined(STREAMSPTY)
-#undef STREAMSPTY
-#endif
-
-#if	!defined(TIOCSCTTY) && defined(TCSETCTTY)
-# define	TIOCSCTTY TCSETCTTY
-#endif
-
-#ifndef	FD_SET
-#ifndef	HAVE_fd_set
-typedef struct fd_set { int fds_bits[1]; } fd_set;
-#endif
-
-#define	FD_SET(n, p)	((p)->fds_bits[0] |= (1<<(n)))
-#define	FD_CLR(n, p)	((p)->fds_bits[0] &= ~(1<<(n)))
-#define	FD_ISSET(n, p)	((p)->fds_bits[0] & (1<<(n)))
-#define FD_ZERO(p)	((p)->fds_bits[0] = 0)
-#endif	/* FD_SET */
-
-/*
- * I/O data buffers defines
- */
-#define	NETSLOP	64
-#ifdef CRAY
-#undef BUFSIZ
-#define BUFSIZ  2048
-#endif
-
-#define	NIACCUM(c)	{   *netip++ = c; \
-			    ncc++; \
-			}
-
-/* clock manipulations */
-#define	settimer(x)	(clocks.x = ++clocks.system)
-#define	sequenceIs(x,y)	(clocks.x < clocks.y)
-
-/*
- * Linemode support states, in decreasing order of importance
- */
-#define REAL_LINEMODE	0x04
-#define KLUDGE_OK	0x03
-#define	NO_AUTOKLUDGE	0x02
-#define KLUDGE_LINEMODE	0x01
-#define NO_LINEMODE	0x00
-
-/*
- * Structures of information for each special character function.
- */
-typedef struct {
-	unsigned char	flag;		/* the flags for this function */
-	cc_t		val;		/* the value of the special character */
-} slcent, *Slcent;
-
-typedef struct {
-	slcent		defset;		/* the default settings */
-	slcent		current;	/* the current settings */
-	cc_t		*sptr;		/* a pointer to the char in */
-					/* system data structures */
-} slcfun, *Slcfun;
-
-#ifdef DIAGNOSTICS
-/*
- * Diagnostics capabilities
- */
-#define	TD_REPORT	0x01	/* Report operations to client */
-#define TD_EXERCISE	0x02	/* Exercise client's implementation */
-#define TD_NETDATA	0x04	/* Display received data stream */
-#define TD_PTYDATA	0x08	/* Display data passed to pty */
-#define	TD_OPTIONS	0x10	/* Report just telnet options */
-#endif /* DIAGNOSTICS */
-
-/*
- * We keep track of each side of the option negotiation.
- */
-
-#define	MY_STATE_WILL		0x01
-#define	MY_WANT_STATE_WILL	0x02
-#define	MY_STATE_DO		0x04
-#define	MY_WANT_STATE_DO	0x08
-
-/*
- * Macros to check the current state of things
- */
-
-#define	my_state_is_do(opt)		(options[opt]&MY_STATE_DO)
-#define	my_state_is_will(opt)		(options[opt]&MY_STATE_WILL)
-#define my_want_state_is_do(opt)	(options[opt]&MY_WANT_STATE_DO)
-#define my_want_state_is_will(opt)	(options[opt]&MY_WANT_STATE_WILL)
-
-#define	my_state_is_dont(opt)		(!my_state_is_do(opt))
-#define	my_state_is_wont(opt)		(!my_state_is_will(opt))
-#define my_want_state_is_dont(opt)	(!my_want_state_is_do(opt))
-#define my_want_state_is_wont(opt)	(!my_want_state_is_will(opt))
-
-#define	set_my_state_do(opt)		(options[opt] |= MY_STATE_DO)
-#define	set_my_state_will(opt)		(options[opt] |= MY_STATE_WILL)
-#define	set_my_want_state_do(opt)	(options[opt] |= MY_WANT_STATE_DO)
-#define	set_my_want_state_will(opt)	(options[opt] |= MY_WANT_STATE_WILL)
-
-#define	set_my_state_dont(opt)		(options[opt] &= ~MY_STATE_DO)
-#define	set_my_state_wont(opt)		(options[opt] &= ~MY_STATE_WILL)
-#define	set_my_want_state_dont(opt)	(options[opt] &= ~MY_WANT_STATE_DO)
-#define	set_my_want_state_wont(opt)	(options[opt] &= ~MY_WANT_STATE_WILL)
-
-/*
- * Tricky code here.  What we want to know is if the MY_STATE_WILL
- * and MY_WANT_STATE_WILL bits have the same value.  Since the two
- * bits are adjacent, a little arithmatic will show that by adding
- * in the lower bit, the upper bit will be set if the two bits were
- * different, and clear if they were the same.
- */
-#define my_will_wont_is_changing(opt) \
-			((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL)
-
-#define my_do_dont_is_changing(opt) \
-			((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO)
-
-/*
- * Make everything symetrical
- */
-
-#define	HIS_STATE_WILL			MY_STATE_DO
-#define	HIS_WANT_STATE_WILL		MY_WANT_STATE_DO
-#define HIS_STATE_DO			MY_STATE_WILL
-#define HIS_WANT_STATE_DO		MY_WANT_STATE_WILL
-
-#define	his_state_is_do			my_state_is_will
-#define	his_state_is_will		my_state_is_do
-#define his_want_state_is_do		my_want_state_is_will
-#define his_want_state_is_will		my_want_state_is_do
-
-#define	his_state_is_dont		my_state_is_wont
-#define	his_state_is_wont		my_state_is_dont
-#define his_want_state_is_dont		my_want_state_is_wont
-#define his_want_state_is_wont		my_want_state_is_dont
-
-#define	set_his_state_do		set_my_state_will
-#define	set_his_state_will		set_my_state_do
-#define	set_his_want_state_do		set_my_want_state_will
-#define	set_his_want_state_will		set_my_want_state_do
-
-#define	set_his_state_dont		set_my_state_wont
-#define	set_his_state_wont		set_my_state_dont
-#define	set_his_want_state_dont		set_my_want_state_wont
-#define	set_his_want_state_wont		set_my_want_state_dont
-
-#define his_will_wont_is_changing	my_do_dont_is_changing
-#define his_do_dont_is_changing		my_will_wont_is_changing
-
-extern char	*line;
-
-#ifdef	ENCRYPTION
-extern void	(*encrypt_output) (unsigned char *, int);
-extern int	(*decrypt_input) (int);
-#endif	/* ENCRYPTION */
diff --git a/src/appl/telnet/telnetd/deps b/src/appl/telnet/telnetd/deps
deleted file mode 100644
index c79f8cf..0000000
--- a/src/appl/telnet/telnetd/deps
+++ /dev/null
@@ -1,59 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-$(OUTPRE)telnetd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/misc-proto.h \
-  defs.h ext.h pathnames.h telnetd.c telnetd.h
-$(OUTPRE)termio-tn.$(OBJEXT): termio-tn.c
-$(OUTPRE)termios-tn.$(OBJEXT): termios-tn.c
-$(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h defs.h ext.h state.c \
-  telnetd.h
-$(OUTPRE)termstat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h defs.h ext.h telnetd.h termstat.c
-$(OUTPRE)slc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h defs.h ext.h slc.c telnetd.h
-$(OUTPRE)sys_term.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h defs.h ext.h pathnames.h \
-  sys_term.c telnetd.h
-$(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/auth-proto.h \
-  $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/enc-proto.h \
-  $(srcdir)/../libtelnet/encrypt.h defs.h ext.h telnetd.h \
-  utility.c
-$(OUTPRE)global.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h defs.h ext.h global.c
-$(OUTPRE)authenc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../arpa/telnet.h $(srcdir)/../libtelnet/misc-proto.h \
-  $(srcdir)/../libtelnet/misc.h authenc.c defs.h ext.h \
-  telnetd.h
diff --git a/src/appl/telnet/telnetd/ext.h b/src/appl/telnet/telnetd/ext.h
deleted file mode 100644
index c85eb85..0000000
--- a/src/appl/telnet/telnetd/ext.h
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)ext.h	8.1 (Berkeley) 6/4/93
- */
-
-/*
- * Telnet server variable declarations
- */
-extern char	options[256];
-extern char	do_dont_resp[256];
-extern char	will_wont_resp[256];
-extern int	linemode;	/* linemode on/off */
-#ifdef	LINEMODE
-extern int	uselinemode;	/* what linemode to use (on/off) */
-extern int	editmode;	/* edit modes in use */
-extern int	useeditmode;	/* edit modes to use */
-extern int	alwayslinemode;	/* command line option */
-# ifdef	KLUDGELINEMODE
-extern int	lmodetype;	/* Client support for linemode */
-# endif	/* KLUDGELINEMODE */
-#endif	/* LINEMODE */
-extern int	flowmode;	/* current flow control state */
-extern int	restartany;	/* restart output on any character state */
-#ifdef DIAGNOSTICS
-extern int	diagnostic;	/* telnet diagnostic capabilities */
-#endif /* DIAGNOSTICS */
-#ifdef BFTPDAEMON
-extern int	bftpd;		/* behave as bftp daemon */
-#endif /* BFTPDAEMON */
-#if	defined(SecurID)
-extern int	require_SecurID;
-#endif
-#if	defined(AUTHENTICATION)
-extern int	auth_level;
-#endif
-extern int auth_negotiated; /* Have we finished all authentication negotiation we plan to finish?*/
-extern slcfun	slctab[NSLC + 1];	/* slc mapping table */
-
-extern char	terminaltype[41];
-
-/*
- * I/O data buffers, pointers, and counters.
- */
-extern char	ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp;
-
-extern char	netibuf[BUFSIZ], *netip;
-
-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
-extern char	*neturg;		/* one past last bye of urgent data */
-
-extern int	pcc, ncc;
-
-#if defined(CRAY2) && defined(UNICOS5)
-extern int unpcc;  /* characters left unprocessed by CRAY-2 terminal routine */
-extern char *unptyip;  /* pointer to remaining characters in buffer */
-#endif
-
-extern int	pty, net;
-extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
-
-#ifdef ENCRYPTION
-extern int	must_encrypt;
-#endif
-
-extern void
-	_termstat (void),
-	add_slc (int, int, int),
-	check_slc (void),
-	change_slc (int, int, int),
-	cleanup (int),
-	clientstat (int, int, int),
-	copy_termbuf (char *, int),
-	deferslc (void),
-	defer_terminit (void),
-	do_opt_slc (unsigned char *, int),
-	doeof (void),
-	dooption (int),
-	dontoption (int),
-	edithost (char *, char *),
-	fatal (int, const char *),
-	fatalperror (int, const char *),
-	get_slc_defaults (void),
-	init_env (void),
-	init_termbuf (void),
-	interrupt (void),
-	localstat (void),
-	flowstat (void),
-	netclear (void),
-	netflush (void),
-#ifdef DIAGNOSTICS
-	printoption (char *, int),
-	printdata (char *, char *, int),
-	printsub (int, unsigned char *, int),
-#endif
-	ptyflush (void),
-	putchr (int),
-	putf (char *, char *),
-	recv_ayt (void),
-	send_do (int, int),
-	send_dont (int, int),
-	send_slc (void),
-	send_status (void),
-	send_will (int, int),
-	send_wont (int, int),
-	sendbrk (void),
-	sendsusp (void),
-	set_termbuf (void),
-	start_login (char *, int, char *),
-	start_slc (int),
-	startslave (char *, int, char *),
-	suboption (void),
-	telrcv (void),
-	ttloop (void),
-#if	defined(AUTHENTICATION)
-        ttsuck (void),
-#endif
-	tty_binaryin (int),
-	tty_binaryout (int);
-
-extern int
-	end_slc (unsigned char **),
-	getnpty (void),
-#ifndef convex
-	getpty (int *),
-#endif
-	login_tty (int),
-	spcset (int, cc_t *, cc_t **),
-	stilloob (int),
-	terminit (void),
-	termstat (void),
-	tty_flowmode (void),
-	tty_restartany (void),
-	tty_isbinaryin (void),
-	tty_isbinaryout (void),
-	tty_iscrnl (void),
-	tty_isecho (void),
-	tty_isediting (void),
-	tty_islitecho (void),
-	tty_isnewmap (void),
-	tty_israw (void),
-	tty_issofttab (void),
-	tty_istrapsig (void),
-	tty_linemode (void),
-	readstream_termio(int, char *, char *, char *, int *),
-	readstream_termios(int, char *, char *, char *, int *);
-
-extern void
-	tty_rspeed (int),
-	tty_setecho (int),
-	tty_setedit (int),
-	tty_setlinemode (int),
-	tty_setlitecho (int),
-	tty_setsig (int),
-	tty_setsofttab (int),
-	tty_tspeed (int),
-	willoption (int),
-	wontoption (int);
-
-extern void netprintf (const char *, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
-extern void netprintf_urg (const char *fmt, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
-extern void netprintf_noflush (const char *fmt, ...)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 1, 2)))
-#endif
-    ;
-extern int netwrite (const unsigned char *, size_t);
-extern void netputs (const char *);
-
-#ifdef	ENCRYPTION
-extern char	*nclearto;
-#endif	/* ENCRYPTION */
-
-
-/*
- * The following are some clocks used to decide how to interpret
- * the relationship between various variables.
- */
-
-extern struct {
-    int
-	system,			/* what the current time is */
-	echotoggle,		/* last time user entered echo character */
-	modenegotiated,		/* last time operating mode negotiated */
-	didnetreceive,		/* last time we read data from network */
-	ttypesubopt,		/* ttype subopt is received */
-	tspeedsubopt,		/* tspeed subopt is received */
-	environsubopt,		/* environ subopt is received */
-	oenvironsubopt,		/* old environ subopt is received */
-	xdisplocsubopt,		/* xdisploc subopt is received */
-	baseline,		/* time started to do timed action */
-	gotDM;			/* when did we last see a data mark */
-} clocks;
-
-
-#if	defined(CRAY2) && defined(UNICOS5)
-extern int	needtermstat;
-#endif
-
-#ifdef NEED_UNSETENV_PROTO
-extern void unsetenv(const char *);
-#endif
-#ifdef NEED_SETENV_PROTO
-extern void setenv(const char *, const char *, int);
-#endif
diff --git a/src/appl/telnet/telnetd/global.c b/src/appl/telnet/telnetd/global.c
deleted file mode 100644
index c141283..0000000
--- a/src/appl/telnet/telnetd/global.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)global.c	8.1 (Berkeley) 6/4/93 */
-
-/*
- * Allocate global variables.  We do this
- * by including the header file that defines
- * them all as externs, but first we define
- * the keyword "extern" to be nothing, so that
- * we will actually allocate the space.
- */
-
-#include "defs.h"
-#define extern
-#include "ext.h"
diff --git a/src/appl/telnet/telnetd/pathnames.h b/src/appl/telnet/telnetd/pathnames.h
deleted file mode 100644
index 4e14a88..0000000
--- a/src/appl/telnet/telnetd/pathnames.h
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)pathnames.h	8.1 (Berkeley) 6/4/93
- */
-
-#if BSD > 43
-
-# include <paths.h>
-
-# ifndef _PATH_LOGIN
-#  define	_PATH_LOGIN	"/usr/bin/login"
-# endif
-
-#else
-
-# define	_PATH_TTY	"/dev/tty"
-# ifndef _PATH_LOGIN
-#  define	_PATH_LOGIN	"/bin/login"
-# endif
-
-#endif
-
-#ifdef BFTPDAEMON
-#define		BFTPPATH	"/usr/ucb/bftp"
-#endif  /* BFTPDAEMON */
diff --git a/src/appl/telnet/telnetd/slc.c b/src/appl/telnet/telnetd/slc.c
deleted file mode 100644
index d5e2713..0000000
--- a/src/appl/telnet/telnetd/slc.c
+++ /dev/null
@@ -1,492 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)slc.c	8.1 (Berkeley) 6/4/93 */
-
-#include "telnetd.h"
-
-#ifdef	LINEMODE
-/*
- * local varibles
- */
-static unsigned char	*def_slcbuf = (unsigned char *)0;
-static int		def_slclen = 0;
-static int		slcchange;	/* change to slc is requested */
-static unsigned char	*slcptr;	/* pointer into slc buffer */
-static unsigned char	slcbuf[NSLC*6];	/* buffer for slc negotiation */
-
-/*
- * send_slc
- *
- * Write out the current special characters to the client.
- */
-	void
-send_slc()
-{
-	register int i;
-
-	/*
-	 * Send out list of triplets of special characters
-	 * to client.  We only send info on the characters
-	 * that are currently supported.
-	 */
-	for (i = 1; i <= NSLC; i++) {
-		if ((slctab[i].defset.flag & SLC_LEVELBITS) == SLC_NOSUPPORT)
-			continue;
-		add_slc((unsigned char)i, slctab[i].current.flag,
-							slctab[i].current.val);
-	}
-
-}  /* end of send_slc */
-
-/*
- * default_slc
- *
- * Set pty special characters to all the defaults.
- */
-	void
-default_slc()
-{
-	register int i;
-
-	for (i = 1; i <= NSLC; i++) {
-		slctab[i].current.val = slctab[i].defset.val;
-		if (slctab[i].current.val == (cc_t)(_POSIX_VDISABLE))
-			slctab[i].current.flag = SLC_NOSUPPORT;
-		else
-			slctab[i].current.flag = slctab[i].defset.flag;
-		if (slctab[i].sptr) {
-			*(slctab[i].sptr) = slctab[i].defset.val;
-		}
-	}
-	slcchange = 1;
-
-}  /* end of default_slc */
-#endif	/* LINEMODE */
-
-/*
- * get_slc_defaults
- *
- * Initialize the slc mapping table.
- */
-	void
-get_slc_defaults()
-{
-	register int i;
-
-	init_termbuf();
-
-	for (i = 1; i <= NSLC; i++) {
-		slctab[i].defset.flag =
-			spcset(i, &slctab[i].defset.val, &slctab[i].sptr);
-		slctab[i].current.flag = SLC_NOSUPPORT;
-		slctab[i].current.val = 0;
-	}
-
-}  /* end of get_slc_defaults */
-
-#ifdef	LINEMODE
-/*
- * add_slc
- *
- * Add an slc triplet to the slc buffer.
- */
-	void
-add_slc(func, flag, val)
-	register char func, flag;
-	register cc_t val;
-{
-
-	if ((*slcptr++ = (unsigned char)func) == 0xff)
-		*slcptr++ = 0xff;
-
-	if ((*slcptr++ = (unsigned char)flag) == 0xff)
-		*slcptr++ = 0xff;
-
-	if ((*slcptr++ = (unsigned char)val) == 0xff)
-		*slcptr++ = 0xff;
-
-}  /* end of add_slc */
-
-/*
- * start_slc
- *
- * Get ready to process incoming slc's and respond to them.
- *
- * The parameter getit is non-zero if it is necessary to grab a copy
- * of the terminal control structures.
- */
-	void
-start_slc(getit)
-	register int getit;
-{
-
-	slcchange = 0;
-	if (getit)
-		init_termbuf();
-	(void) snprintf((char *)slcbuf, sizeof(slcbuf), "%c%c%c%c",
-			IAC, SB, TELOPT_LINEMODE, LM_SLC);
-	slcptr = slcbuf + 4;
-
-}  /* end of start_slc */
-
-/*
- * end_slc
- *
- * Finish up the slc negotiation.  If something to send, then send it.
- */
-	int
-end_slc(bufp)
-	register unsigned char **bufp;
-{
-	register int len;
-	void netflush();
-
-	/*
-	 * If a change has occured, store the new terminal control
-	 * structures back to the terminal driver.
-	 */
-	if (slcchange) {
-		set_termbuf();
-	}
-
-	/*
-	 * If the pty state has not yet been fully processed and there is a
-	 * deferred slc request from the client, then do not send any
-	 * sort of slc negotiation now.  We will respond to the client's
-	 * request very soon.
-	 */
-	if (def_slcbuf && (terminit() == 0)) {
-		return(0);
-	}
-
-	if (slcptr > (slcbuf + 4)) {
-		if (bufp) {
-			*bufp = &slcbuf[4];
-			return(slcptr - slcbuf - 4);
-		} else {
-			*slcptr++ = IAC;
-			*slcptr++ = SE;
-			*slcptr = 0;
-			len = slcptr - slcbuf;
-			netwrite(slcbuf, len);
-			netflush();  /* force it out immediately */
-			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
-		}
-	}
-	return (0);
-
-}  /* end of end_slc */
-
-/*
- * process_slc
- *
- * Figure out what to do about the client's slc
- */
-	void
-process_slc(func, flag, val)
-	register unsigned char func, flag;
-	register cc_t val;
-{
-	register int hislevel, mylevel, ack;
-
-	/*
-	 * Ensure that we know something about this function
-	 */
-	if (func > NSLC) {
-		add_slc(func, SLC_NOSUPPORT, 0);
-		return;
-	}
-
-	/*
-	 * Process the special case requests of 0 SLC_DEFAULT 0
-	 * and 0 SLC_VARIABLE 0.  Be a little forgiving here, don't
-	 * worry about whether the value is actually 0 or not.
-	 */
-	if (func == 0) {
-		if ((flag = flag & SLC_LEVELBITS) == SLC_DEFAULT) {
-			default_slc();
-			send_slc();
-		} else if (flag == SLC_VARIABLE) {
-			send_slc();
-		}
-		return;
-	}
-
-	/*
-	 * Appears to be a function that we know something about.  So
-	 * get on with it and see what we know.
-	 */
-
-	hislevel = flag & SLC_LEVELBITS;
-	mylevel = slctab[func].current.flag & SLC_LEVELBITS;
-	ack = flag & SLC_ACK;
-	/*
-	 * ignore the command if:
-	 * the function value and level are the same as what we already have;
-	 * or the level is the same and the ack bit is set
-	 */
-	if (hislevel == mylevel && (val == slctab[func].current.val || ack)) {
-		return;
-	} else if (ack) {
-		/*
-		 * If we get here, we got an ack, but the levels don't match.
-		 * This shouldn't happen.  If it does, it is probably because
-		 * we have sent two requests to set a variable without getting
-		 * a response between them, and this is the first response.
-		 * So, ignore it, and wait for the next response.
-		 */
-		return;
-	} else {
-		change_slc(func, flag, val);
-	}
-
-}  /* end of process_slc */
-
-/*
- * change_slc
- *
- * Process a request to change one of our special characters.
- * Compare client's request with what we are capable of supporting.
- */
-	void
-change_slc(func, flag, val)
-	register char func, flag;
-	register cc_t val;
-{
-	register int hislevel, mylevel;
-
-	hislevel = flag & SLC_LEVELBITS;
-	mylevel = slctab[func].defset.flag & SLC_LEVELBITS;
-	/*
-	 * If client is setting a function to NOSUPPORT
-	 * or DEFAULT, then we can easily and directly
-	 * accomodate the request.
-	 */
-	if (hislevel == SLC_NOSUPPORT) {
-		slctab[func].current.flag = flag;
-		slctab[func].current.val = (cc_t)_POSIX_VDISABLE;
-		flag |= SLC_ACK;
-		add_slc(func, flag, val);
-		return;
-	}
-	if (hislevel == SLC_DEFAULT) {
-		/*
-		 * Special case here.  If client tells us to use
-		 * the default on a function we don't support, then
-		 * return NOSUPPORT instead of what we may have as a
-		 * default level of DEFAULT.
-		 */
-		if (mylevel == SLC_DEFAULT) {
-			slctab[func].current.flag = SLC_NOSUPPORT;
-		} else {
-			slctab[func].current.flag = slctab[func].defset.flag;
-		}
-		slctab[func].current.val = slctab[func].defset.val;
-		add_slc(func, slctab[func].current.flag,
-						slctab[func].current.val);
-		return;
-	}
-
-	/*
-	 * Client wants us to change to a new value or he
-	 * is telling us that he can't change to our value.
-	 * Some of the slc's we support and can change,
-	 * some we do support but can't change,
-	 * and others we don't support at all.
-	 * If we can change it then we have a pointer to
-	 * the place to put the new value, so change it,
-	 * otherwise, continue the negotiation.
-	 */
-	if (slctab[func].sptr) {
-		/*
-		 * We can change this one.
-		 */
-		slctab[func].current.val = val;
-		*(slctab[func].sptr) = val;
-		slctab[func].current.flag = flag;
-		flag |= SLC_ACK;
-		slcchange = 1;
-		add_slc(func, flag, val);
-	} else {
-		/*
-		* It is not possible for us to support this
-		* request as he asks.
-		*
-		* If our level is DEFAULT, then just ack whatever was
-		* sent.
-		*
-		* If he can't change and we can't change,
-		* then degenerate to NOSUPPORT.
-		*
-		* Otherwise we send our level back to him, (CANTCHANGE
-		* or NOSUPPORT) and if CANTCHANGE, send
-		* our value as well.
-		*/
-		if (mylevel == SLC_DEFAULT) {
-			slctab[func].current.flag = flag;
-			slctab[func].current.val = val;
-			flag |= SLC_ACK;
-		} else if (hislevel == SLC_CANTCHANGE &&
-				    mylevel == SLC_CANTCHANGE) {
-			flag &= ~SLC_LEVELBITS;
-			flag |= SLC_NOSUPPORT;
-			slctab[func].current.flag = flag;
-		} else {
-			flag &= ~SLC_LEVELBITS;
-			flag |= mylevel;
-			slctab[func].current.flag = flag;
-			if (mylevel == SLC_CANTCHANGE) {
-				slctab[func].current.val =
-					slctab[func].defset.val;
-				val = slctab[func].current.val;
-			}
-
-		}
-		add_slc(func, flag, val);
-	}
-
-}  /* end of change_slc */
-
-#if	defined(USE_TERMIO) && (VEOF == VMIN)
-cc_t oldeofc = '\004';
-#endif
-
-/*
- * check_slc
- *
- * Check the special characters in use and notify the client if any have
- * changed.  Only those characters that are capable of being changed are
- * likely to have changed.  If a local change occurs, kick the support level
- * and flags up to the defaults.
- */
-	void
-check_slc()
-{
-	register int i;
-
-	for (i = 1; i <= NSLC; i++) {
-#if	defined(USE_TERMIO) && (VEOF == VMIN)
-		/*
-		 * In a perfect world this would be a neat little
-		 * function.  But in this world, we should not notify
-		 * client of changes to the VEOF char when
-		 * ICANON is off, because it is not representing
-		 * a special character.
-		 */
-		if (i == SLC_EOF) {
-			if (!tty_isediting())
-				continue;
-			else if (slctab[i].sptr)
-				oldeofc = *(slctab[i].sptr);
-		}
-#endif	/* defined(USE_TERMIO) && defined(SYSV_TERMIO) */
-		if (slctab[i].sptr &&
-				(*(slctab[i].sptr) != slctab[i].current.val)) {
-			slctab[i].current.val = *(slctab[i].sptr);
-			if (*(slctab[i].sptr) == (cc_t)_POSIX_VDISABLE)
-				slctab[i].current.flag = SLC_NOSUPPORT;
-			else
-				slctab[i].current.flag = slctab[i].defset.flag;
-			add_slc((unsigned char)i, slctab[i].current.flag,
-						slctab[i].current.val);
-		}
-	}
-
-}  /* check_slc */
-
-/*
- * do_opt_slc
- *
- * Process an slc option buffer.  Defer processing of incoming slc's
- * until after the terminal state has been processed.  Save the first slc
- * request that comes along, but discard all others.
- *
- * ptr points to the beginning of the buffer, len is the length.
- */
-	void
-do_opt_slc(ptr, len)
-	register unsigned char *ptr;
-	register int len;
-{
-	register unsigned char func, flag;
-	cc_t val;
-	register unsigned char *end = ptr + len;
-
-	if (terminit()) {  /* go ahead */
-		while (ptr < end) {
-			func = *ptr++;
-			if (ptr >= end) break;
-			flag = *ptr++;
-			if (ptr >= end) break;
-			val = (cc_t)*ptr++;
-
-			process_slc(func, flag, val);
-
-		}
-	} else {
-		/*
-		 * save this slc buffer if it is the first, otherwise dump
-		 * it.
-		 */
-		if (def_slcbuf == (unsigned char *)0) {
-			def_slclen = len;
-			def_slcbuf = (unsigned char *)malloc((unsigned)len);
-			if (def_slcbuf == (unsigned char *)0)
-				return;  /* too bad */
-			memcpy(def_slcbuf, ptr, len);
-		}
-	}
-
-}  /* end of do_opt_slc */
-
-/*
- * deferslc
- *
- * Do slc stuff that was deferred.
- */
-	void
-deferslc()
-{
-	if (def_slcbuf) {
-		start_slc(1);
-		do_opt_slc(def_slcbuf, def_slclen);
-		(void) end_slc(0);
-		free(def_slcbuf);
-		def_slcbuf = (unsigned char *)0;
-		def_slclen = 0;
-	}
-
-}  /* end of deferslc */
-
-#endif	/* LINEMODE */
diff --git a/src/appl/telnet/telnetd/state.c b/src/appl/telnet/telnetd/state.c
deleted file mode 100644
index 17d6fb6..0000000
--- a/src/appl/telnet/telnetd/state.c
+++ /dev/null
@@ -1,1676 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)state.c	8.1 (Berkeley) 6/4/93 */
-
-#include "telnetd.h"
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#endif
-#if defined(ENCRYPTION)
-#include <libtelnet/encrypt.h>
-#endif
-
-unsigned char	doopt[] = { IAC, DO, '%', 'c', 0 };
-unsigned char	dont[] = { IAC, DONT, '%', 'c', 0 };
-unsigned char	will[] = { IAC, WILL, '%', 'c', 0 };
-unsigned char	wont[] = { IAC, WONT, '%', 'c', 0 };
-int	not42 = 1;
-
-static int envvarok (char *);
-
-/*
- * Buffer for sub-options, and macros
- * for suboptions buffer manipulations
- */
-unsigned char subbuffer[TELNET_BUFSIZE], *subpointer= subbuffer, *subend= subbuffer;
-
-#define	SB_CLEAR()	subpointer = subbuffer
-#define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
-#define	SB_ACCUM(c)	if (subpointer < (subbuffer+sizeof subbuffer)) { \
-				*subpointer++ = (c); \
-			}
-#define	SB_GET()	((*subpointer++)&0xff)
-#define	SB_EOF()	(subpointer >= subend)
-#define	SB_LEN()	(subend - subpointer)
-
-#ifdef	ENV_HACK
-unsigned char *subsave;
-#define SB_SAVE()	subsave = subpointer;
-#define	SB_RESTORE()	subpointer = subsave;
-#endif
-
-
-/*
- * State for recv fsm
- */
-#define	TS_DATA		0	/* base state */
-#define	TS_IAC		1	/* look for double IAC's */
-#define	TS_CR		2	/* CR-LF ->'s CR */
-#define	TS_SB		3	/* throw away begin's... */
-#define	TS_SE		4	/* ...end's (suboption negotiation) */
-#define	TS_WILL		5	/* will option negotiation */
-#define	TS_WONT		6	/* wont " */
-#define	TS_DO		7	/* do " */
-#define	TS_DONT		8	/* dont " */
-
-static void sb_auth_complete()
-{
-  if (!auth_negotiated) {
-    static char *error =
-      "An environment option was sent before authentication negotiation completed.\r\nThis may create a security hazard. Connection dropped.\r\n";
-    netputs(error);
-    netflush();
-    exit(1);
-  }
-}
-
-	void
-telrcv()
-{
-	register int c;
-	static int state = TS_DATA;
-#if	defined(CRAY2) && defined(UNICOS5)
-	char *opfrontp = pfrontp;
-#endif
-
-	while (ncc > 0) {
-		if ((&ptyobuf[BUFSIZ] - pfrontp) < 1)
-			break;
-		c = *netip++ & 0377, ncc--;
-#ifdef	ENCRYPTION
-		if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
-		switch (state) {
-
-		case TS_CR:
-			state = TS_DATA;
-			/* Strip off \n or \0 after a \r */
-			if ((c == 0) || (c == '\n')) {
-				break;
-			}
-			/* FALL THROUGH */
-
-		case TS_DATA:
-			if (c == IAC) {
-				state = TS_IAC;
-				break;
-			}
-			/*
-			 * We now map \r\n ==> \r for pragmatic reasons.
-			 * Many client implementations send \r\n when
-			 * the user hits the CarriageReturn key.
-			 *
-			 * We USED to map \r\n ==> \n, since \r\n says
-			 * that we want to be in column 1 of the next
-			 * printable line, and \n is the standard
-			 * unix way of saying that (\r is only good
-			 * if CRMOD is set, which it normally is).
-			 */
-			if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
-				int nc = *netip;
-#ifdef	ENCRYPTION
-				if (decrypt_input)
-					nc = (*decrypt_input)(nc & 0xff);
-#endif	/* ENCRYPTION */
-#ifdef	LINEMODE
-				/*
-				 * If we are operating in linemode,
-				 * convert to local end-of-line.
-				 */
-				if (linemode && (ncc > 0) && (('\n' == nc) ||
-					 ((0 == nc) && tty_iscrnl())) ) {
-					netip++; ncc--;
-					c = '\n';
-				} else
-#endif
-				{
-#ifdef	ENCRYPTION
-					if (decrypt_input)
-						(void)(*decrypt_input)(-1);
-#endif	/* ENCRYPTION */
-					state = TS_CR;
-				}
-			}
-			*pfrontp++ = c;
-			break;
-
-		case TS_IAC:
-gotiac:			switch (c) {
-
-			/*
-			 * Send the process on the pty side an
-			 * interrupt.  Do this with a NULL or
-			 * interrupt char; depending on the tty mode.
-			 */
-			case IP:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				interrupt();
-				break;
-
-			case BREAK:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				sendbrk();
-				break;
-
-			/*
-			 * Are You There?
-			 */
-			case AYT:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				recv_ayt();
-				break;
-
-			/*
-			 * Abort Output
-			 */
-			case AO:
-			    {
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				ptyflush();	/* half-hearted */
-				init_termbuf();
-
-				if (slctab[SLC_AO].sptr &&
-				    *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) {
-				    *pfrontp++ =
-					(unsigned char)*slctab[SLC_AO].sptr;
-				}
-
-				netclear();	/* clear buffer back */
-				netprintf_urg("%c%c", IAC, DM);
-				DIAG(TD_OPTIONS,
-					printoption("td: send IAC", DM));
-				break;
-			    }
-
-			/*
-			 * Erase Character and
-			 * Erase Line
-			 */
-			case EC:
-			case EL:
-			    {
-				cc_t ch;
-
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				ptyflush();	/* half-hearted */
-				init_termbuf();
-				if (c == EC)
-					ch = *slctab[SLC_EC].sptr;
-				else
-					ch = *slctab[SLC_EL].sptr;
-				if (ch != (cc_t)(_POSIX_VDISABLE))
-					*pfrontp++ = (unsigned char)ch;
-				break;
-			    }
-
-			/*
-			 * Check for urgent data...
-			 */
-			case DM:
-				DIAG(TD_OPTIONS,
-					printoption("td: recv IAC", c));
-				SYNCHing = stilloob(net);
-				settimer(gotDM);
-				break;
-
-
-			/*
-			 * Begin option subnegotiation...
-			 */
-			case SB:
-				state = TS_SB;
-				SB_CLEAR();
-				continue;
-
-			case WILL:
-				state = TS_WILL;
-				continue;
-
-			case WONT:
-				state = TS_WONT;
-				continue;
-
-			case DO:
-				state = TS_DO;
-				continue;
-
-			case DONT:
-				state = TS_DONT;
-				continue;
-			case EOR:
-				if (his_state_is_will(TELOPT_EOR))
-					doeof();
-				break;
-
-			/*
-			 * Handle RFC 10xx Telnet linemode option additions
-			 * to command stream (EOF, SUSP, ABORT).
-			 */
-			case xEOF:
-				doeof();
-				break;
-
-			case SUSP:
-				sendsusp();
-				break;
-
-			case ABORT:
-				sendbrk();
-				break;
-
-			case IAC:
-				*pfrontp++ = c;
-				break;
-			}
-			state = TS_DATA;
-			break;
-
-		case TS_SB:
-			if (c == IAC) {
-				state = TS_SE;
-			} else {
-				SB_ACCUM(c);
-			}
-			break;
-
-		case TS_SE:
-			if (c != SE) {
-				if (c != IAC) {
-					/*
-					 * bad form of suboption negotiation.
-					 * handle it in such a way as to avoid
-					 * damage to local state.  Parse
-					 * suboption buffer found so far,
-					 * then treat remaining stream as
-					 * another command sequence.
-					 */
-
-					/* for DIAGNOSTICS */
-					SB_ACCUM(IAC);
-					SB_ACCUM(c);
-					subpointer -= 2;
-
-					SB_TERM();
-					suboption();
-					state = TS_IAC;
-					goto gotiac;
-				}
-				SB_ACCUM(c);
-				state = TS_SB;
-			} else {
-				/* for DIAGNOSTICS */
-				SB_ACCUM(IAC);
-				SB_ACCUM(SE);
-				subpointer -= 2;
-
-				SB_TERM();
-				suboption();	/* handle sub-option */
-				state = TS_DATA;
-			}
-			break;
-
-		case TS_WILL:
-			willoption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_WONT:
-			wontoption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_DO:
-			dooption(c);
-			state = TS_DATA;
-			continue;
-
-		case TS_DONT:
-			dontoption(c);
-			state = TS_DATA;
-			continue;
-
-		default:
-			syslog(LOG_ERR, "telnetd: panic state=%d", state);
-			printf("telnetd: panic state=%d\n", state);
-			exit(1);
-		}
-	}
-#if	defined(CRAY2) && defined(UNICOS5)
-	if (!linemode) {
-		char	xptyobuf[BUFSIZ+NETSLOP];
-		char	xbuf2[BUFSIZ];
-		register char *cp;
-		int n = pfrontp - opfrontp, oc;
-		memcpy(xptyobuf, opfrontp, n);
-		pfrontp = opfrontp;
-		pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP,
-					xbuf2, &oc, BUFSIZ);
-		for (cp = xbuf2; oc > 0; --oc) {
-			if (*cp == IAC)
-				netprintf("%c%c", *cp++, IAC);
-			else
-				netprintf("%c", *cp++);
-		}
-	}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-}  /* end of telrcv */
-
-/*
- * The will/wont/do/dont state machines are based on Dave Borman's
- * Telnet option processing state machine.
- *
- * These correspond to the following states:
- *	my_state = the last negotiated state
- *	want_state = what I want the state to go to
- *	want_resp = how many requests I have sent
- * All state defaults are negative, and resp defaults to 0.
- *
- * When initiating a request to change state to new_state:
- *
- * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) {
- *	do nothing;
- * } else {
- *	want_state = new_state;
- *	send new_state;
- *	want_resp++;
- * }
- *
- * When receiving new_state:
- *
- * if (want_resp) {
- *	want_resp--;
- *	if (want_resp && (new_state == my_state))
- *		want_resp--;
- * }
- * if ((want_resp == 0) && (new_state != want_state)) {
- *	if (ok_to_switch_to new_state)
- *		want_state = new_state;
- *	else
- *		want_resp++;
- *	send want_state;
- * }
- * my_state = new_state;
- *
- * Note that new_state is implied in these functions by the function itself.
- * will and do imply positive new_state, wont and dont imply negative.
- *
- * Finally, there is one catch.  If we send a negative response to a
- * positive request, my_state will be the positive while want_state will
- * remain negative.  my_state will revert to negative when the negative
- * acknowlegment arrives from the peer.  Thus, my_state generally tells
- * us not only the last negotiated state, but also tells us what the peer
- * wants to be doing as well.  It is important to understand this difference
- * as we may wish to be processing data streams based on our desired state
- * (want_state) or based on what the peer thinks the state is (my_state).
- *
- * This all works fine because if the peer sends a positive request, the data
- * that we receive prior to negative acknowlegment will probably be affected
- * by the positive state, and we can process it as such (if we can; if we
- * can't then it really doesn't matter).  If it is that important, then the
- * peer probably should be buffering until this option state negotiation
- * is complete.
- *
- */
-	void
-send_do(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((do_dont_resp[option] == 0 && his_state_is_will(option)) ||
-		    his_want_state_is_will(option))
-			return;
-		/*
-		 * Special case for TELOPT_TM:  We send a DO, but pretend
-		 * that we sent a DONT, so that we can send more DOs if
-		 * we want to.
-		 */
-		if (option == TELOPT_TM)
-			set_his_want_state_wont(option);
-		else
-			set_his_want_state_will(option);
-		do_dont_resp[option]++;
-	}
-	netprintf((char *)doopt, option);
-
-	DIAG(TD_OPTIONS, printoption("td: send do", option));
-}
-
-#ifdef	AUTHENTICATION
-extern void auth_request();
-#endif
-#ifdef	LINEMODE
-static void doclientstat(void);
-#endif
-#ifdef	ENCRYPTION
-extern void encrypt_send_support();
-#endif	/* ENCRYPTION */
-
-	void
-willoption(option)
-	int option;
-{
-	int changeok = 0;
-	void (*func)() = 0;
-
-	/*
-	 * process input from peer.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv will", option));
-
-	if (do_dont_resp[option]) {
-		do_dont_resp[option]--;
-		if (do_dont_resp[option] && his_state_is_will(option))
-			do_dont_resp[option]--;
-	}
-	if (do_dont_resp[option] == 0) {
-	    if (his_want_state_is_wont(option)) {
-		switch (option) {
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryin(1);
-			set_termbuf();
-			changeok++;
-			break;
-
-		case TELOPT_ECHO:
-			/*
-			 * See comments below for more info.
-			 */
-			not42 = 0;	/* looks like a 4.2 system */
-			break;
-
-		case TELOPT_TM:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * This telnetd implementation does not really
-			 * support timing marks, it just uses them to
-			 * support the kludge linemode stuff.  If we
-			 * receive a will or wont TM in response to our
-			 * do TM request that may have been sent to
-			 * determine kludge linemode support, process
-			 * it, otherwise TM should get a negative
-			 * response back.
-			 */
-			/*
-			 * Handle the linemode kludge stuff.
-			 * If we are not currently supporting any
-			 * linemode at all, then we assume that this
-			 * is the client telling us to use kludge
-			 * linemode in response to our query.  Set the
-			 * linemode type that is to be supported, note
-			 * that the client wishes to use linemode, and
-			 * eat the will TM as though it never arrived.
-			 */
-			if (lmodetype < KLUDGE_LINEMODE) {
-				lmodetype = KLUDGE_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WILL, 0);
-				send_wont(TELOPT_SGA, 1);
-			} else if (lmodetype == NO_AUTOKLUDGE) {
-				lmodetype = KLUDGE_OK;
-			}
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			/*
-			 * We never respond to a WILL TM, and
-			 * we leave the state WONT.
-			 */
-			return;
-
-		case TELOPT_LFLOW:
-			/*
-			 * If we are going to support flow control
-			 * option, then don't worry peer that we can't
-			 * change the flow control characters.
-			 */
-			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XON].defset.flag |= SLC_DEFAULT;
-			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT;
-		case TELOPT_TTYPE:
-		case TELOPT_SGA:
-		case TELOPT_NAWS:
-		case TELOPT_TSPEED:
-		case TELOPT_XDISPLOC:
-		case TELOPT_NEW_ENVIRON:
-		case TELOPT_OLD_ENVIRON:
-			changeok++;
-			break;
-
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * Note client's desire to use linemode.
-			 */
-			lmodetype = REAL_LINEMODE;
-# endif	/* KLUDGELINEMODE */
-			func = doclientstat;
-			changeok++;
-			break;
-#endif	/* LINEMODE */
-
-#ifdef	AUTHENTICATION
-		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			changeok++;
-			break;
-#endif
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
-
-		default:
-			break;
-		}
-		if (changeok) {
-			set_his_want_state_will(option);
-			send_do(option, 0);
-		} else {
-			do_dont_resp[option]++;
-			send_dont(option, 0);
-		}
-	    } else {
-		/*
-		 * Option processing that should happen when
-		 * we receive conformation of a change in
-		 * state that we had requested.
-		 */
-		switch (option) {
-		case TELOPT_ECHO:
-			not42 = 0;	/* looks like a 4.2 system */
-			/*
-			 * Egads, he responded "WILL ECHO".  Turn
-			 * it off right now!
-			 */
-			send_dont(option, 1);
-			/*
-			 * "WILL ECHO".  Kludge upon kludge!
-			 * A 4.2 client is now echoing user input at
-			 * the tty.  This is probably undesireable and
-			 * it should be stopped.  The client will
-			 * respond WONT TM to the DO TM that we send to
-			 * check for kludge linemode.  When the WONT TM
-			 * arrives, linemode will be turned off and a
-			 * change propogated to the pty.  This change
-			 * will cause us to process the new pty state
-			 * in localstat(), which will notice that
-			 * linemode is off and send a WILL ECHO
-			 * so that we are properly in character mode and
-			 * all is well.
-			 */
-			break;
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * Note client's desire to use linemode.
-			 */
-			lmodetype = REAL_LINEMODE;
-# endif	/* KLUDGELINEMODE */
-			func = doclientstat;
-			break;
-#endif	/* LINEMODE */
-
-#ifdef	AUTHENTICATION
-		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			break;
-#endif
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			break;
-#endif	/* ENCRYPTION */
-		case TELOPT_LFLOW:
-			func = flowstat;
-			break;
-		}
-	    }
-	}
-	set_his_state_will(option);
-	if (func)
-		(*func)();
-}  /* end of willoption */
-
-	void
-send_dont(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) ||
-		    his_want_state_is_wont(option))
-			return;
-		set_his_want_state_wont(option);
-		do_dont_resp[option]++;
-	}
-	netprintf((char *)dont, option);
-
-	DIAG(TD_OPTIONS, printoption("td: send dont", option));
-}
-
-	void
-wontoption(option)
-	int option;
-{
-	/*
-	 * Process client input.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv wont", option));
-
-	if (do_dont_resp[option]) {
-		do_dont_resp[option]--;
-		if (do_dont_resp[option] && his_state_is_wont(option))
-			do_dont_resp[option]--;
-	}
-	if (do_dont_resp[option] == 0) {
-	    if (his_want_state_is_will(option)) {
-		/* it is always ok to change to negative state */
-		switch (option) {
-		case TELOPT_ECHO:
-			not42 = 1; /* doesn't seem to be a 4.2 system */
-			break;
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryin(0);
-			set_termbuf();
-			break;
-
-#ifdef	LINEMODE
-		case TELOPT_LINEMODE:
-# ifdef	KLUDGELINEMODE
-			/*
-			 * If real linemode is supported, then client is
-			 * asking to turn linemode off.
-			 */
-			if (lmodetype != REAL_LINEMODE)
-				break;
-			lmodetype = KLUDGE_LINEMODE;
-# endif	/* KLUDGELINEMODE */
-			clientstat(TELOPT_LINEMODE, WONT, 0);
-			break;
-#endif	/* LINEMODE */
-
-		case TELOPT_TM:
-			/*
-			 * If we get a WONT TM, and had sent a DO TM,
-			 * don't respond with a DONT TM, just leave it
-			 * as is.  Short circut the state machine to
-			 * achive this.
-			 */
-			set_his_want_state_wont(TELOPT_TM);
-			return;
-
-		case TELOPT_LFLOW:
-			/*
-			 * If we are not going to support flow control
-			 * option, then let peer know that we can't
-			 * change the flow control characters.
-			 */
-			slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE;
-			slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS;
-			slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE;
-			break;
-
-#if	defined(AUTHENTICATION)
-		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
-			break;
-#endif
-
-		/*
-		 * For options that we might spin waiting for
-		 * sub-negotiation, if the client turns off the
-		 * option rather than responding to the request,
-		 * we have to treat it here as if we got a response
-		 * to the sub-negotiation, (by updating the timers)
-		 * so that we'll break out of the loop.
-		 */
-		case TELOPT_TTYPE:
-			settimer(ttypesubopt);
-			break;
-
-		case TELOPT_TSPEED:
-			settimer(tspeedsubopt);
-			break;
-
-		case TELOPT_XDISPLOC:
-			settimer(xdisplocsubopt);
-			break;
-
-		case TELOPT_OLD_ENVIRON:
-			settimer(oenvironsubopt);
-			break;
-
-		case TELOPT_NEW_ENVIRON:
-			settimer(environsubopt);
-			break;
-
-		default:
-			break;
-		}
-		set_his_want_state_wont(option);
-		if (his_state_is_will(option))
-			send_dont(option, 0);
-	    } else {
-		switch (option) {
-		case TELOPT_TM:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			if (lmodetype < NO_AUTOKLUDGE) {
-				lmodetype = NO_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WONT, 0);
-				send_will(TELOPT_SGA, 1);
-				send_will(TELOPT_ECHO, 1);
-			}
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			break;
-
-#if	defined(AUTHENTICATION)
-		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
-			break;
-#endif
-		default:
-			break;
-		}
-	    }
-	}
-	set_his_state_wont(option);
-
-}  /* end of wontoption */
-
-	void
-send_will(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((will_wont_resp[option] == 0 && my_state_is_will(option))||
-		    my_want_state_is_will(option))
-			return;
-		set_my_want_state_will(option);
-		will_wont_resp[option]++;
-	}
-	netprintf((char *)will, option);
-
-	DIAG(TD_OPTIONS, printoption("td: send will", option));
-}
-
-#if	!defined(LINEMODE) || !defined(KLUDGELINEMODE)
-/*
- * When we get a DONT SGA, we will try once to turn it
- * back on.  If the other side responds DONT SGA, we
- * leave it at that.  This is so that when we talk to
- * clients that understand KLUDGELINEMODE but not LINEMODE,
- * we'll keep them in char-at-a-time mode.
- */
-int turn_on_sga = 0;
-#endif
-
-	void
-dooption(option)
-	int option;
-{
-	int changeok = 0;
-
-	/*
-	 * Process client input.
-	 */
-
-	DIAG(TD_OPTIONS, printoption("td: recv do", option));
-
-	if (will_wont_resp[option]) {
-		will_wont_resp[option]--;
-		if (will_wont_resp[option] && my_state_is_will(option))
-			will_wont_resp[option]--;
-	}
-	if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) {
-		switch (option) {
-		case TELOPT_ECHO:
-#ifdef	LINEMODE
-# ifdef	KLUDGELINEMODE
-			if (lmodetype == NO_LINEMODE)
-# else
-			if (his_state_is_wont(TELOPT_LINEMODE))
-# endif
-#endif
-			{
-				init_termbuf();
-				tty_setecho(1);
-				set_termbuf();
-			}
-			changeok++;
-			break;
-
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryout(1);
-			set_termbuf();
-			changeok++;
-			break;
-
-		case TELOPT_SGA:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * If kludge linemode is in use, then we must
-			 * process an incoming do SGA for linemode
-			 * purposes.
-			 */
-			if (lmodetype == KLUDGE_LINEMODE) {
-				/*
-				 * Receipt of "do SGA" in kludge
-				 * linemode is the peer asking us to
-				 * turn off linemode.  Make note of
-				 * the request.
-				 */
-				clientstat(TELOPT_LINEMODE, WONT, 0);
-				/*
-				 * If linemode did not get turned off
-				 * then don't tell peer that we did.
-				 * Breaking here forces a wont SGA to
-				 * be returned.
-				 */
-				if (linemode)
-					break;
-			}
-#else
-			turn_on_sga = 0;
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			changeok++;
-			break;
-
-		case TELOPT_STATUS:
-			changeok++;
-			break;
-
-		case TELOPT_TM:
-			/*
-			 * Special case for TM.  We send a WILL, but
-			 * pretend we sent a WONT.
-			 */
-			send_will(option, 0);
-			set_my_want_state_wont(option);
-			set_my_state_wont(option);
-			return;
-
-		case TELOPT_LOGOUT:
-			/*
-			 * When we get a LOGOUT option, respond
-			 * with a WILL LOGOUT, make sure that
-			 * it gets written out to the network,
-			 * and then just go away...
-			 */
-			set_my_want_state_will(TELOPT_LOGOUT);
-			send_will(TELOPT_LOGOUT, 0);
-			set_my_state_will(TELOPT_LOGOUT);
-			(void)netflush();
-			(void)signal(SIGCHLD, SIG_DFL);
-			cleanup(0);
-			/* NOT REACHED */
-			break;
-
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
-		case TELOPT_LINEMODE:
-		case TELOPT_TTYPE:
-		case TELOPT_NAWS:
-		case TELOPT_TSPEED:
-		case TELOPT_LFLOW:
-		case TELOPT_XDISPLOC:
-#ifdef	TELOPT_ENVIRON
-		case TELOPT_NEW_ENVIRON:
-#endif
-		case TELOPT_OLD_ENVIRON:
-		default:
-			break;
-		}
-		if (changeok) {
-			set_my_want_state_will(option);
-			send_will(option, 0);
-		} else {
-			will_wont_resp[option]++;
-			send_wont(option, 0);
-		}
-	}
-	set_my_state_will(option);
-
-}  /* end of dooption */
-
-	void
-send_wont(option, init)
-	int option, init;
-{
-	if (init) {
-		if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) ||
-		    my_want_state_is_wont(option))
-			return;
-		set_my_want_state_wont(option);
-		will_wont_resp[option]++;
-	}
-	netprintf((char *)wont, option);
-
-	DIAG(TD_OPTIONS, printoption("td: send wont", option));
-}
-
-	void
-dontoption(option)
-	int option;
-{
-	/*
-	 * Process client input.
-	 */
-
-
-	DIAG(TD_OPTIONS, printoption("td: recv dont", option));
-
-	if (will_wont_resp[option]) {
-		will_wont_resp[option]--;
-		if (will_wont_resp[option] && my_state_is_wont(option))
-			will_wont_resp[option]--;
-	}
-	if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) {
-		switch (option) {
-		case TELOPT_BINARY:
-			init_termbuf();
-			tty_binaryout(0);
-			set_termbuf();
-			break;
-
-		case TELOPT_ECHO:	/* we should stop echoing */
-#ifdef	LINEMODE
-# ifdef	KLUDGELINEMODE
-			if ((lmodetype != REAL_LINEMODE) &&
-			    (lmodetype != KLUDGE_LINEMODE))
-# else
-			if (his_state_is_wont(TELOPT_LINEMODE))
-# endif
-#endif
-			{
-				init_termbuf();
-				tty_setecho(0);
-				set_termbuf();
-			}
-			break;
-
-		case TELOPT_SGA:
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			/*
-			 * If kludge linemode is in use, then we
-			 * must process an incoming do SGA for
-			 * linemode purposes.
-			 */
-			if ((lmodetype == KLUDGE_LINEMODE) ||
-			    (lmodetype == KLUDGE_OK)) {
-				/*
-				 * The client is asking us to turn
-				 * linemode on.
-				 */
-				lmodetype = KLUDGE_LINEMODE;
-				clientstat(TELOPT_LINEMODE, WILL, 0);
-				/*
-				 * If we did not turn line mode on,
-				 * then what do we say?  Will SGA?
-				 * This violates design of telnet.
-				 * Gross.  Very Gross.
-				 */
-			}
-			break;
-#else
-			set_my_want_state_wont(option);
-			if (my_state_is_will(option))
-				send_wont(option, 0);
-			set_my_state_wont(option);
-			if (turn_on_sga ^= 1)
-				send_will(option, 1);
-			return;
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-
-		default:
-			break;
-		}
-
-		set_my_want_state_wont(option);
-		if (my_state_is_will(option))
-			send_wont(option, 0);
-	}
-	set_my_state_wont(option);
-
-}  /* end of dontoption */
-
-#ifdef	ENV_HACK
-int env_ovar = -1;
-int env_ovalue = -1;
-#else	/* ENV_HACK */
-# define env_ovar OLD_ENV_VAR
-# define env_ovalue OLD_ENV_VALUE
-#endif	/* ENV_HACK */
-
-/*
- * suboption()
- *
- *	Look at the sub-option buffer, and try to be helpful to the other
- * side.
- *
- *	Currently we recognize:
- *
- *	Terminal type is
- *	Linemode
- *	Window size
- *	Terminal speed
- */
-	void
-suboption()
-{
-    register int subchar;
-
-    DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);});
-
-    subchar = SB_GET();
-    switch (subchar) {
-    case TELOPT_TSPEED: {
-	register int xspeed, rspeed;
-
-	if (his_state_is_wont(TELOPT_TSPEED))	/* Ignore if option disabled */
-		break;
-
-	sb_auth_complete();
-
-	settimer(tspeedsubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-		return;
-
-	xspeed = atoi((char *)subpointer);
-
-	while (SB_GET() != ',' && !SB_EOF());
-	if (SB_EOF())
-		return;
-
-	rspeed = atoi((char *)subpointer);
-	clientstat(TELOPT_TSPEED, xspeed, rspeed);
-
-	break;
-
-    }  /* end of case TELOPT_TSPEED */
-
-    case TELOPT_TTYPE: {		/* Yaaaay! */
-	char *tt;
-
-	if (his_state_is_wont(TELOPT_TTYPE))	/* Ignore if option disabled */
-		break;
-	sb_auth_complete();
-	settimer(ttypesubopt);
-
-	if (SB_EOF() || SB_GET() != TELQUAL_IS) {
-	    return;		/* ??? XXX but, this is the most robust */
-	}
-
-	tt = terminaltype;
-
-	while ((tt < (terminaltype + sizeof(terminaltype) - 1)) && !SB_EOF()) {
-	    register int c;
-
-	    c = SB_GET();
-	    if (isupper(c)) {
-		c = tolower(c);
-	    }
-	    *tt++ = c;    /* accumulate name */
-	}
-	*tt = 0;
-	break;
-    }  /* end of case TELOPT_TTYPE */
-
-    case TELOPT_NAWS: {
-	register int xwinsize, ywinsize;
-
-	if (his_state_is_wont(TELOPT_NAWS))	/* Ignore if option disabled */
-		break;
-
-	if (SB_EOF())
-		return;
-	xwinsize = SB_GET() << 8;
-	if (SB_EOF())
-		return;
-	xwinsize |= SB_GET();
-	if (SB_EOF())
-		return;
-	ywinsize = SB_GET() << 8;
-	if (SB_EOF())
-		return;
-	ywinsize |= SB_GET();
-	clientstat(TELOPT_NAWS, xwinsize, ywinsize);
-
-	break;
-
-    }  /* end of case TELOPT_NAWS */
-
-#ifdef	LINEMODE
-    case TELOPT_LINEMODE: {
-	register int request;
-
-	if (his_state_is_wont(TELOPT_LINEMODE))	/* Ignore if option disabled */
-		break;
-	/*
-	 * Process linemode suboptions.
-	 */
-	if (SB_EOF())
-	    break;		/* garbage was sent */
-	request = SB_GET();	/* get will/wont */
-
-	if (SB_EOF())
-	    break;		/* another garbage check */
-
-	if (request == LM_SLC) {  /* SLC is not preceeded by WILL or WONT */
-		/*
-		 * Process suboption buffer of slc's
-		 */
-		start_slc(1);
-		do_opt_slc(subpointer, subend - subpointer);
-		(void) end_slc(0);
-		break;
-	} else if (request == LM_MODE) {
-		if (SB_EOF())
-		    return;
-		useeditmode = SB_GET();  /* get mode flag */
-		clientstat(LM_MODE, 0, 0);
-		break;
-	}
-
-	if (SB_EOF())
-	    break;
-	switch (SB_GET()) {  /* what suboption? */
-	case LM_FORWARDMASK:
-		/*
-		 * According to spec, only server can send request for
-		 * forwardmask, and client can only return a positive response.
-		 * So don't worry about it.
-		 */
-
-	default:
-		break;
-	}
-	break;
-    }  /* end of case TELOPT_LINEMODE */
-#endif
-    case TELOPT_STATUS: {
-	int mode;
-
-	if (SB_EOF())
-	    break;
-	mode = SB_GET();
-	switch (mode) {
-	case TELQUAL_SEND:
-	    if (my_state_is_will(TELOPT_STATUS))
-		send_status();
-	    break;
-
-	case TELQUAL_IS:
-	    break;
-
-	default:
-	    break;
-	}
-	break;
-    }  /* end of case TELOPT_STATUS */
-
-    case TELOPT_XDISPLOC: {
-	if (SB_EOF() || SB_GET() != TELQUAL_IS)
-		return;
-	sb_auth_complete();
-	settimer(xdisplocsubopt);
-	subpointer[SB_LEN()] = '\0';
-	(void)setenv("DISPLAY", (char *)subpointer, 1);
-	break;
-    }  /* end of case TELOPT_XDISPLOC */
-
-#ifdef	TELOPT_NEW_ENVIRON
-    case TELOPT_NEW_ENVIRON:
-#endif
-    case TELOPT_OLD_ENVIRON: {
-	register int c;
-	register char *cp, *varp, *valp;
-
-	if (SB_EOF())
-		return;
-	sb_auth_complete();
-	c = SB_GET();
-	if (c == TELQUAL_IS) {
-		if (subchar == TELOPT_OLD_ENVIRON)
-			settimer(oenvironsubopt);
-		else
-			settimer(environsubopt);
-	} else if (c != TELQUAL_INFO) {
-		return;
-	}
-
-#ifdef	TELOPT_NEW_ENVIRON
-	if (subchar == TELOPT_NEW_ENVIRON) {
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR))
-			break;
-	    }
-	} else
-#endif
-	{
-#ifdef	ENV_HACK
-	    /*
-	     * We only want to do this if we haven't already decided
-	     * whether or not the other side has its VALUE and VAR
-	     * reversed.
-	     */
-	    if (env_ovar < 0) {
-		register int last = -1;		/* invalid value */
-		int empty = 0;
-		int got_var = 0, got_value = 0, got_uservar = 0;
-
-		/*
-		 * The other side might have its VALUE and VAR values
-		 * reversed.  To be interoperable, we need to determine
-		 * which way it is.  If the first recognized character
-		 * is a VAR or VALUE, then that will tell us what
-		 * type of client it is.  If the fist recognized
-		 * character is a USERVAR, then we continue scanning
-		 * the suboption looking for two consecutive
-		 * VAR or VALUE fields.  We should not get two
-		 * consecutive VALUE fields, so finding two
-		 * consecutive VALUE or VAR fields will tell us
-		 * what the client is.
-		 */
-		SB_SAVE();
-		while (!SB_EOF()) {
-			c = SB_GET();
-			switch(c) {
-			case OLD_ENV_VAR:
-				if (last < 0 || last == OLD_ENV_VAR
-				    || (empty && (last == OLD_ENV_VALUE)))
-					goto env_ovar_ok;
-				got_var++;
-				last = OLD_ENV_VAR;
-				break;
-			case OLD_ENV_VALUE:
-				if (last < 0 || last == OLD_ENV_VALUE
-				    || (empty && (last == OLD_ENV_VAR)))
-					goto env_ovar_wrong;
-				got_value++;
-				last = OLD_ENV_VALUE;
-				break;
-			case ENV_USERVAR:
-				/* count strings of USERVAR as one */
-				if (last != ENV_USERVAR)
-					got_uservar++;
-				if (empty) {
-					if (last == OLD_ENV_VALUE)
-						goto env_ovar_ok;
-					if (last == OLD_ENV_VAR)
-						goto env_ovar_wrong;
-				}
-				last = ENV_USERVAR;
-				break;
-			case ENV_ESC:
-				if (!SB_EOF())
-					c = SB_GET();
-				/* FALL THROUGH */
-			default:
-				empty = 0;
-				continue;
-			}
-			empty = 1;
-		}
-		if (empty) {
-			if (last == OLD_ENV_VALUE)
-				goto env_ovar_ok;
-			if (last == OLD_ENV_VAR)
-				goto env_ovar_wrong;
-		}
-		/*
-		 * Ok, the first thing was a USERVAR, and there
-		 * are not two consecutive VAR or VALUE commands,
-		 * and none of the VAR or VALUE commands are empty.
-		 * If the client has sent us a well-formed option,
-		 * then the number of VALUEs received should always
-		 * be less than or equal to the number of VARs and
-		 * USERVARs received.
-		 *
-		 * If we got exactly as many VALUEs as VARs and
-		 * USERVARs, the client has the same definitions.
-		 *
-		 * If we got exactly as many VARs as VALUEs and
-		 * USERVARS, the client has reversed definitions.
-		 */
-		if (got_uservar + got_var == got_value) {
-	    env_ovar_ok:
-			env_ovar = OLD_ENV_VAR;
-			env_ovalue = OLD_ENV_VALUE;
-		} else if (got_uservar + got_value == got_var) {
-	    env_ovar_wrong:
-			env_ovar = OLD_ENV_VALUE;
-			env_ovalue = OLD_ENV_VAR;
-			DIAG(TD_OPTIONS,
-			     netputs("ENVIRON VALUE and VAR are reversed!\r\n"));
-		}
-	    }
-	    SB_RESTORE();
-#endif
-
-	    while (!SB_EOF()) {
-		c = SB_GET();
-		if ((c == env_ovar) || (c == ENV_USERVAR))
-			break;
-	    }
-	}
-
-	if (SB_EOF())
-		return;
-
-	cp = varp = (char *)subpointer;
-	valp = 0;
-
-	while (!SB_EOF()) {
-		c = SB_GET();
-		if (subchar == TELOPT_OLD_ENVIRON) {
-			if (c == env_ovar)
-				c = NEW_ENV_VAR;
-			else if (c == env_ovalue)
-				c = NEW_ENV_VALUE;
-		}
-		switch (c) {
-
-		case NEW_ENV_VALUE:
-			*cp = '\0';
-			cp = valp = (char *)subpointer;
-			break;
-
-		case NEW_ENV_VAR:
-		case ENV_USERVAR:
-			*cp = '\0';
-			if (envvarok(varp)) {
-				if (valp)
-					(void)setenv(varp, valp, 1);
-				else
-					unsetenv(varp);
-			}
-			cp = varp = (char *)subpointer;
-			valp = 0;
-			break;
-
-		case ENV_ESC:
-			if (SB_EOF())
-				break;
-			c = SB_GET();
-			/* FALL THROUGH */
-		default:
-			*cp++ = c;
-			break;
-		}
-	}
-	*cp = '\0';
-	if (envvarok(varp)) {
-		if (valp)
-			(void)setenv(varp, valp, 1);
-		else
-			unsetenv(varp);
-	}
-	break;
-    }  /* end of case TELOPT_NEW_ENVIRON */
-#if	defined(AUTHENTICATION)
-    case TELOPT_AUTHENTICATION:
-	if (SB_EOF())
-		break;
-	switch(SB_GET()) {
-	case TELQUAL_SEND:
-	case TELQUAL_REPLY:
-		/*
-		 * These are sent by us and cannot be sent by
-		 * the client.
-		 */
-		break;
-	case TELQUAL_IS:
-		if (!auth_negotiated)
-			auth_is(subpointer, SB_LEN());
-		break;
-	case TELQUAL_NAME:
-		if (!auth_negotiated)
-			auth_name(subpointer, SB_LEN());
-		break;
-	}
-	break;
-#endif
-#ifdef	ENCRYPTION
-    case TELOPT_ENCRYPT:
-	if (SB_EOF())
-		break;
-	switch(SB_GET()) {
-	case ENCRYPT_SUPPORT:
-		encrypt_support(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_IS:
-		encrypt_is(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REPLY:
-		encrypt_reply(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_START:
-		encrypt_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_END:
-		encrypt_end();
-		break;
-	case ENCRYPT_REQSTART:
-		encrypt_request_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REQEND:
-		/*
-		 * We can always send an REQEND so that we cannot
-		 * get stuck encrypting.  We should only get this
-		 * if we have been able to get in the correct mode
-		 * anyhow.
-		 */
-		encrypt_request_end();
-		break;
-	case ENCRYPT_ENC_KEYID:
-		encrypt_enc_keyid(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_DEC_KEYID:
-		encrypt_dec_keyid(subpointer, SB_LEN());
-		break;
-	default:
-		break;
-	}
-	break;
-#endif	/* ENCRYPTION */
-
-    default:
-	break;
-    }  /* end of switch */
-
-}  /* end of suboption */
-
-#ifdef	LINEMODE
-static	void
-doclientstat()
-{
-	clientstat(TELOPT_LINEMODE, WILL, 0);
-}
-#endif
-
-#define	ADD(c)	 *ncp++ = c;
-#define	ADD_DATA(c) { *ncp++ = c; if (c == SE) *ncp++ = c; }
-	void
-send_status()
-{
-	unsigned char statusbuf[256];
-	register unsigned char *ncp;
-	register unsigned char i;
-
-	ncp = statusbuf;
-
-	netflush();	/* get rid of anything waiting to go out */
-
-	ADD(IAC);
-	ADD(SB);
-	ADD(TELOPT_STATUS);
-	ADD(TELQUAL_IS);
-
-	/*
-	 * We check the want_state rather than the current state,
-	 * because if we received a DO/WILL for an option that we
-	 * don't support, and the other side didn't send a DONT/WONT
-	 * in response to our WONT/DONT, then the "state" will be
-	 * WILL/DO, and the "want_state" will be WONT/DONT.  We
-	 * need to go by the latter.
-	 */
-	for (i = 0; i < (unsigned char)NTELOPTS; i++) {
-		if (my_want_state_is_will(i)) {
-			ADD(WILL);
-			ADD_DATA(i);
-			if (i == IAC)
-				ADD(IAC);
-		}
-		if (his_want_state_is_will(i)) {
-			ADD(DO);
-			ADD_DATA(i);
-			if (i == IAC)
-				ADD(IAC);
-		}
-	}
-
-	if (his_want_state_is_will(TELOPT_LFLOW)) {
-		ADD(SB);
-		ADD(TELOPT_LFLOW);
-		if (flowmode) {
-			ADD(LFLOW_ON);
-		} else {
-			ADD(LFLOW_OFF);
-		}
-		ADD(SE);
-
-		if (restartany >= 0) {
-			ADD(SB)
-			ADD(TELOPT_LFLOW);
-			if (restartany) {
-				ADD(LFLOW_RESTART_ANY);
-			} else {
-				ADD(LFLOW_RESTART_XON);
-			}
-			ADD(SE)
-			ADD(SB);
-		}
-	}
-
-#ifdef	LINEMODE
-	if (his_want_state_is_will(TELOPT_LINEMODE)) {
-		unsigned char *cp, *cpe;
-		int len;
-
-		ADD(SB);
-		ADD(TELOPT_LINEMODE);
-		ADD(LM_MODE);
-		ADD_DATA(editmode);
-		if (editmode == IAC)
-			ADD(IAC);
-		ADD(SE);
-
-		ADD(SB);
-		ADD(TELOPT_LINEMODE);
-		ADD(LM_SLC);
-		start_slc(0);
-		send_slc();
-		len = end_slc(&cp);
-		for (cpe = cp + len; cp < cpe; cp++)
-			ADD_DATA(*cp);
-		ADD(SE);
-	}
-#endif	/* LINEMODE */
-
-	ADD(IAC);
-	ADD(SE);
-
-	netwrite(statusbuf, (unsigned) (ncp - statusbuf));
-	netflush();	/* Send it on its way */
-
-	DIAG(TD_OPTIONS,
-		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
-}
-
-static int envvarok(varp)
-	char *varp;
-{
-	if (!strchr(varp, '=') &&
-	    strcmp(varp, "TERMCAP") && /* to prevent a security hole  */
-	    strcmp(varp, "TERMINFO") &&	/* with tgetent */
-	    strcmp(varp, "TERMPATH") &&
-	    strcmp(varp, "HOME") && /* to prevent the tegetent bug  */
-	    strncmp(varp, "LD_", strlen("LD_")) && /* most systems */
-	    strncmp(varp, "_RLD_", strlen("_RLD_")) && /* irix */
-	    strncmp(varp, "KRB5", strlen("KRB5")) && /* v5 */
-	    /* The above is a catch-all for now.  Here are some of the
-	       specific ones we must avoid passing, at least until we
-	       can prove it can be done safely.  Keep this list around
-	       in case someone wants to remove the catch-all.  */
-	    strcmp(varp, "KRB5_CONFIG") && /* v5 */
-	    strcmp(varp, "KRB5CCNAME") &&  /* v5 */
-	    strcmp(varp, "KRB5_KTNAME") && /* v5 */
-	    strcmp(varp, "KRBTKFILE") &&   /* v4 */
-	    strcmp(varp, "KRB_CONF") &&	   /* cns v4 */
-	    strcmp(varp, "KRB_REALMS") &&  /* cns v4 */
-	    strcmp(varp, "LIBPATH") &&     /* AIX */
-	    strcmp(varp, "RESOLV_HOST_CONF") && /* linux */
-	    strcmp(varp, "NLSPATH") && /* locale stuff */
-	    strncmp(varp, "LC_", strlen("LC_")) && /* locale stuff */
-	    strcmp(varp, "IFS") &&
-	    (varp[0] != '-')) {
-		return 1;
-	} else {
-		syslog(LOG_INFO, "Rejected the attempt to modify the environment variable \"%s\"", varp);
-		return 0;
-	}
-
-}
diff --git a/src/appl/telnet/telnetd/sys_term.c b/src/appl/telnet/telnetd/sys_term.c
deleted file mode 100644
index 1535ac8..0000000
--- a/src/appl/telnet/telnetd/sys_term.c
+++ /dev/null
@@ -1,1489 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* baesd on @(#)sys_term.c	8.1 (Berkeley) 6/4/93 */
-
-#include "telnetd.h"
-#include "pathnames.h"
-#include <com_err.h>
-
-#ifndef LOGIN_PROGRAM
-#define LOGIN_PROGRAM _PATH_LOGIN
-#endif
-
-#include <libpty.h>
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#endif
-
-#if	defined(KRB5)
-#include "k5-int.h"
-#endif
-
-char *login_program = LOGIN_PROGRAM;
-
-#ifdef	NEWINIT
-#include <initreq.h>
-int	utmp_len = MAXHOSTNAMELEN;	/* sizeof(init_request.host) */
-#else	/* NEWINIT*/
-
-#ifdef HAVE_UTMP_H
-#include <utmp.h>
-#endif
-
-#ifdef _PATH_WTMP
-char	wtmpf[] = _PATH_WTMP;
-#else
-char	wtmpf[]	= "/usr/adm/wtmp";
-#endif
-
-#ifdef _PATH_UTMP
-char 	utmpf[] = _PATH_UTMP;
-#else
-char	utmpf[] = "/etc/utmp";
-#endif
-
-# ifdef CRAY
-#include <tmpdir.h>
-#include <sys/wait.h>
-#  if defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY)
-   /*
-    * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can
-    * use it to tell us to turn off all the socket security code,
-    * since that is only used in UNICOS 7.0 and later.
-    */
-#   undef _SC_CRAY_SECURE_SYS
-#  endif
-
-#  if defined(_SC_CRAY_SECURE_SYS)
-#include <sys/sysv.h>
-#include <sys/secstat.h>
-extern int secflag;
-extern struct sysv sysv;
-#  endif /* _SC_CRAY_SECURE_SYS */
-# endif	/* CRAY */
-#endif	/* NEWINIT */
-
-#ifdef	STREAMSPTY
-#ifdef HAVE_SAC_H
-#include <sac.h>
-#endif
-#include <sys/stropts.h>
-#endif
-
-#define SCPYN(a, b)	(void) strncpy(a, b, sizeof(a))
-#define SCMPN(a, b)	strncmp(a, b, sizeof(a))
-
-#ifdef	HAVE_SYS_STREAM_H
-#include <sys/stream.h>
-#endif
-#ifdef __hpux
-#include <sys/resource.h>
-#include <sys/proc.h>
-#endif
-	/* For what platforms do we really need sys/tty.h? */
-#ifdef HAVE_SYS_TTY_H
-#include <sys/tty.h>
-#endif
-
-#ifdef	t_erase
-#undef	t_erase
-#undef	t_kill
-#undef	t_intrc
-#undef	t_quitc
-#undef	t_startc
-#undef	t_stopc
-#undef	t_eofc
-#undef	t_brkc
-#undef	t_suspc
-#undef	t_dsuspc
-#undef	t_rprntc
-#undef	t_flushc
-#undef	t_werasc
-#undef	t_lnextc
-#endif
-
-#if defined(UNICOS5) && defined(CRAY2) && !defined(EXTPROC)
-# define EXTPROC 0400
-#endif
-
-#ifndef	USE_TERMIO
-struct termbuf {
-	struct sgttyb sg;
-	struct tchars tc;
-	struct ltchars ltc;
-	int state;
-	int lflags;
-} termbuf, termbuf2;
-# define	cfsetospeed(tp, val)	(tp)->sg.sg_ospeed = (val)
-# define	cfsetispeed(tp, val)	(tp)->sg.sg_ispeed = (val)
-# define	cfgetospeed(tp)		(tp)->sg.sg_ospeed
-# define	cfgetispeed(tp)		(tp)->sg.sg_ispeed
-#else	/* USE_TERMIO */
-# ifdef	SYSV_TERMIO
-#	define termios termio
-# endif
-# ifndef	TCSANOW
-#  ifdef TCSETS
-#   define	TCSANOW		TCSETS
-#   define	TCSADRAIN	TCSETSW
-#   define	tcgetattr(f, t)	ioctl(f, TCGETS, (char *)t)
-#  else
-#   ifdef TCSETA
-#    define	TCSANOW		TCSETA
-#    define	TCSADRAIN	TCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TCGETA, (char *)t)
-#   else
-#    define	TCSANOW		TIOCSETA
-#    define	TCSADRAIN	TIOCSETAW
-#    define	tcgetattr(f, t)	ioctl(f, TIOCGETA, (char *)t)
-#   endif
-#  endif
-#  define	tcsetattr(f, a, t)	ioctl(f, a, t)
-#  define	cfsetospeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-					(tp)->c_cflag |= (val)
-#  define	cfgetospeed(tp)		((tp)->c_cflag & CBAUD)
-#  ifdef CIBAUD
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CIBAUD; \
-					(tp)->c_cflag |= ((val)<<IBSHIFT)
-#   define	cfgetispeed(tp)		(((tp)->c_cflag & CIBAUD)>>IBSHIFT)
-#  else
-#   define	cfsetispeed(tp, val)	(tp)->c_cflag &= ~CBAUD; \
-					(tp)->c_cflag |= (val)
-#   define	cfgetispeed(tp)		((tp)->c_cflag & CBAUD)
-#  endif
-# endif /* TCSANOW */
-struct termios termbuf, termbuf2;	/* pty control structure */
-# ifdef  STREAMSPTY
-int ttyfd = -1;
-# endif
-#endif	/* USE_TERMIO */
-
-#ifndef SETPGRP_TWOARG
-#define setpgrp(a,b) setpgrp()
-#endif
-
-int dup_tty(int);
-static char **addarg(char **, char *);
-
-/*
- * init_termbuf()
- * copy_termbuf(cp)
- * set_termbuf()
- *
- * These three routines are used to get and set the "termbuf" structure
- * to and from the kernel.  init_termbuf() gets the current settings.
- * copy_termbuf() hands in a new "termbuf" to write to the kernel, and
- * set_termbuf() writes the structure into the kernel.
- */
-
-	void
-init_termbuf()
-{
-#ifndef	USE_TERMIO
-	(void) ioctl(pty, TIOCGETP, (char *)&termbuf.sg);
-	(void) ioctl(pty, TIOCGETC, (char *)&termbuf.tc);
-	(void) ioctl(pty, TIOCGLTC, (char *)&termbuf.ltc);
-# ifdef	TIOCGSTATE
-	(void) ioctl(pty, TIOCGSTATE, (char *)&termbuf.state);
-# endif
-#else
-# ifdef  STREAMSPTY
-	(void) tcgetattr(ttyfd, &termbuf);
-# else
-	(void) tcgetattr(pty, &termbuf);
-# endif
-#endif
-	termbuf2 = termbuf;
-}
-
-#if	defined(LINEMODE) && defined(TIOCPKT_IOCTL)
-	void
-copy_termbuf(cp, len)
-	char *cp;
-	int len;
-{
-	if (len > sizeof(termbuf))
-		len = sizeof(termbuf);
-	memcpy(&termbuf, cp, len);
-	termbuf2 = termbuf;
-}
-#endif	/* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */
-
-	void
-set_termbuf()
-{
-	/*
-	 * Only make the necessary changes.
-	 */
-#ifndef	USE_TERMIO
-	if (memcmp((char *)&termbuf.sg, (char *)&termbuf2.sg, sizeof(termbuf.sg)))
-		(void) ioctl(pty, TIOCSETN, (char *)&termbuf.sg);
-	if (memcmp((char *)&termbuf.tc, (char *)&termbuf2.tc, sizeof(termbuf.tc)))
-		(void) ioctl(pty, TIOCSETC, (char *)&termbuf.tc);
-	if (memcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc,
-							sizeof(termbuf.ltc)))
-		(void) ioctl(pty, TIOCSLTC, (char *)&termbuf.ltc);
-	if (termbuf.lflags != termbuf2.lflags)
-		(void) ioctl(pty, TIOCLSET, (char *)&termbuf.lflags);
-#else	/* USE_TERMIO */
-	if (memcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf)))
-# ifdef  STREAMSPTY
-		(void) tcsetattr(ttyfd, TCSANOW, &termbuf);
-# else
-		(void) tcsetattr(pty, TCSANOW, &termbuf);
-# endif
-# if	defined(CRAY2) && defined(UNICOS5)
-	needtermstat = 1;
-# endif
-#endif	/* USE_TERMIO */
-}
-
-
-/*
- * spcset(func, valp, valpp)
- *
- * This function takes various special characters (func), and
- * sets *valp to the current value of that character, and
- * *valpp to point to where in the "termbuf" structure that
- * value is kept.
- *
- * It returns the SLC_ level of support for this function.
- */
-
-#ifndef	USE_TERMIO
-	int
-spcset(func, valp, valpp)
-	int func;
-	cc_t *valp;
-	cc_t **valpp;
-{
-	switch(func) {
-	case SLC_EOF:
-		*valp = termbuf.tc.t_eofc;
-		*valpp = (cc_t *)&termbuf.tc.t_eofc;
-		return(SLC_VARIABLE);
-	case SLC_EC:
-		*valp = termbuf.sg.sg_erase;
-		*valpp = (cc_t *)&termbuf.sg.sg_erase;
-		return(SLC_VARIABLE);
-	case SLC_EL:
-		*valp = termbuf.sg.sg_kill;
-		*valpp = (cc_t *)&termbuf.sg.sg_kill;
-		return(SLC_VARIABLE);
-	case SLC_IP:
-		*valp = termbuf.tc.t_intrc;
-		*valpp = (cc_t *)&termbuf.tc.t_intrc;
-		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_ABORT:
-		*valp = termbuf.tc.t_quitc;
-		*valpp = (cc_t *)&termbuf.tc.t_quitc;
-		return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_XON:
-		*valp = termbuf.tc.t_startc;
-		*valpp = (cc_t *)&termbuf.tc.t_startc;
-		return(SLC_VARIABLE);
-	case SLC_XOFF:
-		*valp = termbuf.tc.t_stopc;
-		*valpp = (cc_t *)&termbuf.tc.t_stopc;
-		return(SLC_VARIABLE);
-	case SLC_AO:
-		*valp = termbuf.ltc.t_flushc;
-		*valpp = (cc_t *)&termbuf.ltc.t_flushc;
-		return(SLC_VARIABLE);
-	case SLC_SUSP:
-		*valp = termbuf.ltc.t_suspc;
-		*valpp = (cc_t *)&termbuf.ltc.t_suspc;
-		return(SLC_VARIABLE);
-	case SLC_EW:
-		*valp = termbuf.ltc.t_werasc;
-		*valpp = (cc_t *)&termbuf.ltc.t_werasc;
-		return(SLC_VARIABLE);
-	case SLC_RP:
-		*valp = termbuf.ltc.t_rprntc;
-		*valpp = (cc_t *)&termbuf.ltc.t_rprntc;
-		return(SLC_VARIABLE);
-	case SLC_LNEXT:
-		*valp = termbuf.ltc.t_lnextc;
-		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
-		return(SLC_VARIABLE);
-	case SLC_FORW1:
-		*valp = termbuf.tc.t_brkc;
-		*valpp = (cc_t *)&termbuf.ltc.t_lnextc;
-		return(SLC_VARIABLE);
-	case SLC_BRK:
-	case SLC_SYNCH:
-	case SLC_AYT:
-	case SLC_EOR:
-		*valp = (cc_t)0;
-		*valpp = (cc_t *)0;
-		return(SLC_DEFAULT);
-	default:
-		*valp = (cc_t)0;
-		*valpp = (cc_t *)0;
-		return(SLC_NOSUPPORT);
-	}
-}
-
-#else	/* USE_TERMIO */
-
-	int
-spcset(func, valp, valpp)
-	int func;
-	cc_t *valp;
-	cc_t **valpp;
-{
-
-#define	setval(a, b)	*valp = termbuf.c_cc[a]; \
-			*valpp = &termbuf.c_cc[a]; \
-			return(b);
-#define	defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT);
-
-	switch(func) {
-	case SLC_EOF:
-		setval(VEOF, SLC_VARIABLE);
-	case SLC_EC:
-		setval(VERASE, SLC_VARIABLE);
-	case SLC_EL:
-		setval(VKILL, SLC_VARIABLE);
-	case SLC_IP:
-		setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_ABORT:
-		setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT);
-	case SLC_XON:
-#ifdef	VSTART
-		setval(VSTART, SLC_VARIABLE);
-#else
-		defval(0x13);
-#endif
-	case SLC_XOFF:
-#ifdef	VSTOP
-		setval(VSTOP, SLC_VARIABLE);
-#else
-		defval(0x11);
-#endif
-	case SLC_EW:
-#ifdef	VWERASE
-		setval(VWERASE, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_RP:
-#ifdef	VREPRINT
-		setval(VREPRINT, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_LNEXT:
-#ifdef	VLNEXT
-		setval(VLNEXT, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-	case SLC_AO:
-#if	!defined(VDISCARD) && defined(VFLUSHO)
-# define VDISCARD VFLUSHO
-#endif
-#ifdef	VDISCARD
-		setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT);
-#else
-		defval(0);
-#endif
-	case SLC_SUSP:
-#ifdef	VSUSP
-		setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN);
-#else
-		defval(0);
-#endif
-#ifdef	VEOL
-	case SLC_FORW1:
-		setval(VEOL, SLC_VARIABLE);
-#endif
-#ifdef	VEOL2
-	case SLC_FORW2:
-		setval(VEOL2, SLC_VARIABLE);
-#endif
-	case SLC_AYT:
-#ifdef	VSTATUS
-		setval(VSTATUS, SLC_VARIABLE);
-#else
-		defval(0);
-#endif
-
-	case SLC_BRK:
-	case SLC_SYNCH:
-	case SLC_EOR:
-		defval(0);
-
-	default:
-		*valp = 0;
-		*valpp = 0;
-		return(SLC_NOSUPPORT);
-	}
-}
-#endif	/* USE_TERMIO */
-
-#ifdef CRAY
-/*
- * getnpty()
- *
- * Return the number of pty's configured into the system.
- */
-	int
-getnpty()
-{
-#ifdef _SC_CRAY_NPTY
-	int numptys;
-
-	if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1)
-		return numptys;
-	else
-#endif /* _SC_CRAY_NPTY */
-		return 128;
-}
-#endif /* CRAY */
-
-#ifndef	convex
-/*
- * getpty()
- *
- * Allocate a pty.  As a side effect, the external character
- * array "line" contains the name of the slave side.
- *
- * Returns the file descriptor of the opened pty.
- */
-static char Xline[17];
-char *line = Xline;
-
-#ifdef	CRAY
-char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
-#endif	/* CRAY */
-
-
-#endif	/* convex */
-
-static pid_t slavepid = 0;
-
-#ifdef	LINEMODE
-/*
- * tty_flowmode()	Find out if flow control is enabled or disabled.
- * tty_linemode()	Find out if linemode (external processing) is enabled.
- * tty_setlinemod(on)	Turn on/off linemode.
- * tty_isecho()		Find out if echoing is turned on.
- * tty_setecho(on)	Enable/disable character echoing.
- * tty_israw()		Find out if terminal is in RAW mode.
- * tty_binaryin(on)	Turn on/off BINARY on input.
- * tty_binaryout(on)	Turn on/off BINARY on output.
- * tty_isediting()	Find out if line editing is enabled.
- * tty_istrapsig()	Find out if signal trapping is enabled.
- * tty_setedit(on)	Turn on/off line editing.
- * tty_setsig(on)	Turn on/off signal trapping.
- * tty_issofttab()	Find out if tab expansion is enabled.
- * tty_setsofttab(on)	Turn on/off soft tab expansion.
- * tty_islitecho()	Find out if typed control chars are echoed literally
- * tty_setlitecho()	Turn on/off literal echo of control chars
- * tty_tspeed(val)	Set transmit speed to val.
- * tty_rspeed(val)	Set receive speed to val.
- */
-
-#ifdef convex
-static int linestate;
-#endif
-
-	int
-tty_linemode()
-{
-#ifndef convex
-#ifndef	USE_TERMIO
-	return(termbuf.state & TS_EXTPROC);
-#else
-	return(termbuf.c_lflag & EXTPROC);
-#endif
-#else
-	return(linestate);
-#endif
-}
-
-	void
-tty_setlinemode(on)
-	int on;
-{
-#ifdef	TIOCEXT
-# ifndef convex
-	set_termbuf();
-# else
-	linestate = on;
-# endif
-	(void) ioctl(pty, TIOCEXT, (char *)&on);
-# ifndef convex
-	init_termbuf();
-# endif
-#else	/* !TIOCEXT */
-# ifdef	EXTPROC
-	if (on)
-		termbuf.c_lflag |= EXTPROC;
-	else
-		termbuf.c_lflag &= ~EXTPROC;
-# endif
-#endif	/* TIOCEXT */
-}
-#endif	/* LINEMODE */
-
-	int
-tty_isecho()
-{
-#ifndef USE_TERMIO
-	return (termbuf.sg.sg_flags & ECHO);
-#else
-	return (termbuf.c_lflag & ECHO);
-#endif
-}
-
-	int
-tty_flowmode()
-{
-#ifndef USE_TERMIO
-	return(((termbuf.tc.t_startc) > 0 && (termbuf.tc.t_stopc) > 0) ? 1 : 0);
-#else
-	return((termbuf.c_iflag & IXON) ? 1 : 0);
-#endif
-}
-
-	int
-tty_restartany()
-{
-#ifndef USE_TERMIO
-# ifdef	DECCTQ
-	return((termbuf.lflags & DECCTQ) ? 0 : 1);
-# else
-	return(-1);
-# endif
-#else
-	return((termbuf.c_iflag & IXANY) ? 1 : 0);
-#endif
-}
-
-	void
-tty_setecho(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= ECHO|CRMOD;
-	else
-		termbuf.sg.sg_flags &= ~(ECHO|CRMOD);
-#else
-	if (on)
-		termbuf.c_lflag |= ECHO;
-	else
-		termbuf.c_lflag &= ~ECHO;
-#endif
-}
-
-	int
-tty_israw()
-{
-#ifndef USE_TERMIO
-	return(termbuf.sg.sg_flags & RAW);
-#else
-	return(!(termbuf.c_lflag & ICANON));
-#endif
-}
-
-#if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	int
-tty_setraw(on)
-{
-#  ifndef USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= RAW;
-	else
-		termbuf.sg.sg_flags &= ~RAW;
-#  else
-	if (on)
-		termbuf.c_lflag &= ~ICANON;
-	else
-		termbuf.c_lflag |= ICANON;
-#  endif
-}
-#endif
-
-	void
-tty_binaryin(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags |= LPASS8;
-	else
-		termbuf.lflags &= ~LPASS8;
-#else
-	if (on) {
-		termbuf.c_iflag &= ~ISTRIP;
-	} else {
-		termbuf.c_iflag |= ISTRIP;
-	}
-#endif
-}
-
-	void
-tty_binaryout(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags |= LLITOUT;
-	else
-		termbuf.lflags &= ~LLITOUT;
-#else
-	if (on) {
-		termbuf.c_cflag &= ~(CSIZE|PARENB);
-		termbuf.c_cflag |= CS8;
-		termbuf.c_oflag &= ~OPOST;
-	} else {
-		termbuf.c_cflag &= ~CSIZE;
-		termbuf.c_cflag |= CS7|PARENB;
-		termbuf.c_oflag |= OPOST;
-	}
-#endif
-}
-
-	int
-tty_isbinaryin()
-{
-#ifndef	USE_TERMIO
-	return(termbuf.lflags & LPASS8);
-#else
-	return(!(termbuf.c_iflag & ISTRIP));
-#endif
-}
-
-	int
-tty_isbinaryout()
-{
-#ifndef	USE_TERMIO
-	return(termbuf.lflags & LLITOUT);
-#else
-	return(!(termbuf.c_oflag&OPOST));
-#endif
-}
-
-#ifdef	LINEMODE
-	int
-tty_isediting()
-{
-#ifndef USE_TERMIO
-	return(!(termbuf.sg.sg_flags & (CBREAK|RAW)));
-#else
-	return(termbuf.c_lflag & ICANON);
-#endif
-}
-
-	int
-tty_istrapsig()
-{
-#ifndef USE_TERMIO
-	return(!(termbuf.sg.sg_flags&RAW));
-#else
-	return(termbuf.c_lflag & ISIG);
-#endif
-}
-
-	void
-tty_setedit(on)
-	int on;
-{
-#ifndef USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags &= ~CBREAK;
-	else
-		termbuf.sg.sg_flags |= CBREAK;
-#else
-	if (on)
-		termbuf.c_lflag |= ICANON;
-	else
-		termbuf.c_lflag &= ~ICANON;
-#endif
-}
-
-	void
-tty_setsig(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		;
-#else
-	if (on)
-		termbuf.c_lflag |= ISIG;
-	else
-		termbuf.c_lflag &= ~ISIG;
-#endif
-}
-#endif	/* LINEMODE */
-
-	int
-tty_issofttab()
-{
-#ifndef	USE_TERMIO
-	return (termbuf.sg.sg_flags & XTABS);
-#else
-# ifdef	OXTABS
-	return (termbuf.c_oflag & OXTABS);
-# endif
-# ifdef	TABDLY
-	return ((termbuf.c_oflag & TABDLY) == TAB3);
-# endif
-#endif
-}
-
-	void
-tty_setsofttab(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.sg.sg_flags |= XTABS;
-	else
-		termbuf.sg.sg_flags &= ~XTABS;
-#else
-	if (on) {
-# ifdef	OXTABS
-		termbuf.c_oflag |= OXTABS;
-# endif
-# ifdef	TABDLY
-		termbuf.c_oflag &= ~TABDLY;
-		termbuf.c_oflag |= TAB3;
-# endif
-	} else {
-# ifdef	OXTABS
-		termbuf.c_oflag &= ~OXTABS;
-# endif
-# ifdef	TABDLY
-		termbuf.c_oflag &= ~TABDLY;
-		termbuf.c_oflag |= TAB0;
-# endif
-	}
-#endif
-}
-
-	int
-tty_islitecho()
-{
-#ifndef	USE_TERMIO
-	return (!(termbuf.lflags & LCTLECH));
-#else
-# ifdef	ECHOCTL
-	return (!(termbuf.c_lflag & ECHOCTL));
-# endif
-# ifdef	TCTLECH
-	return (!(termbuf.c_lflag & TCTLECH));
-# endif
-# if	!defined(ECHOCTL) && !defined(TCTLECH)
-	return (0);	/* assumes ctl chars are echoed '^x' */
-# endif
-#endif
-}
-
-	void
-tty_setlitecho(on)
-	int on;
-{
-#ifndef	USE_TERMIO
-	if (on)
-		termbuf.lflags &= ~LCTLECH;
-	else
-		termbuf.lflags |= LCTLECH;
-#else
-# ifdef	ECHOCTL
-	if (on)
-		termbuf.c_lflag &= ~ECHOCTL;
-	else
-		termbuf.c_lflag |= ECHOCTL;
-# endif
-# ifdef	TCTLECH
-	if (on)
-		termbuf.c_lflag &= ~TCTLECH;
-	else
-		termbuf.c_lflag |= TCTLECH;
-# endif
-#endif
-}
-
-	int
-tty_iscrnl()
-{
-#ifndef	USE_TERMIO
-	return (termbuf.sg.sg_flags & CRMOD);
-#else
-	return (termbuf.c_iflag & ICRNL);
-#endif
-}
-
-/*
- * A table of available terminal speeds
- */
-struct termspeeds {
-	int	speed;
-	speed_t	value;
-} termspeeds[] = {
-	{ 0,     B0 },    { 50,    B50 },   { 75,    B75 },
-	{ 110,   B110 },  { 134,   B134 },  { 150,   B150 },
-	{ 200,   B200 },  { 300,   B300 },  { 600,   B600 },
-	{ 1200,  B1200 }, { 1800,  B1800 }, { 2400,  B2400 },
-	{ 4800,  B4800 }, { 9600,  B9600 }, { 19200, B9600 },
-	{ 38400, B9600 }, { -1,    B9600 }
-};
-
-	void
-tty_tspeed(val)
-	int val;
-{
-	register struct termspeeds *tp;
-
-	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-		;
-	cfsetospeed(&termbuf, tp->value);
-}
-
-	void
-tty_rspeed(val)
-	int val;
-{
-	register struct termspeeds *tp;
-
-	for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++)
-		;
-	cfsetispeed(&termbuf, tp->value);
-}
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	int
-tty_isnewmap()
-{
-	return((termbuf.c_oflag & OPOST) && (termbuf.c_oflag & ONLCR) &&
-			!(termbuf.c_oflag & ONLRET));
-}
-#endif
-
-
-#ifndef	NEWINIT
-#endif
-
-/*
- * getptyslave()
- *
- * Open the slave side of the pty, and do any initialization
- * that is necessary.  The return value is a file descriptor
- * for the slave side.
- */
-static void
-getptyslave()
-{
-     int t = -1;
-     long retval;
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-# ifdef	LINEMODE
-	int waslm;
-# endif
-# ifdef	TIOCGWINSZ
-	struct winsize ws;
-	extern int def_row, def_col;
-# endif
-	extern int def_tspeed, def_rspeed;
-	/*
-	 * Opening the slave side may cause initilization of the
-	 * kernel tty structure.  We need remember the state of
-	 * 	if linemode was turned on
-	 *	terminal window size
-	 *	terminal speed
-	 * so that we can re-set them if we need to.
-	 */
-# ifdef	LINEMODE
-	waslm = tty_linemode();
-# endif
-
-	if ( (retval = pty_open_slave (line, &t)) != 0 )
-	    {
-		fatalperror(net,  error_message(retval));
-	    }
-
-#ifdef  STREAMSPTY
-#ifdef	USE_TERMIO
-	ttyfd = t;
-#endif
-	if (ioctl(pty, I_PUSH, "pckt") < 0) {
-#ifndef _AIX
-		fatal(net, "I_PUSH pckt");
-#endif
-	}
-#endif
-
-	/*
-	 * set up the tty modes as we like them to be.
-	 */
-	init_termbuf();
-# ifdef	TIOCGWINSZ
-	if (def_row || def_col) {
-		memset(&ws, 0, sizeof(ws));
-		ws.ws_col = def_col;
-		ws.ws_row = def_row;
-		(void)ioctl(t, TIOCSWINSZ, (char *)&ws);
-	}
-# endif
-
-	/*
-	 * Settings for sgtty based systems
-	 */
-# ifndef	USE_TERMIO
-	termbuf.sg.sg_flags |= CRMOD|ANYP|ECHO|XTABS;
-# endif	/* USE_TERMIO */
-
-	/*
-	 * Settings for UNICOS (and HPUX)
-	 */
-# if defined(CRAY) || defined(__hpux)
-	termbuf.c_oflag = OPOST|ONLCR|TAB3;
-	termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON;
-	termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK;
-	termbuf.c_cflag = EXTB|HUPCL|CS8;
-# endif
-
-	/*
-	 * Settings for all other termios/termio based
-	 * systems, other than 4.4BSD.  In 4.4BSD the
-	 * kernel does the initial terminal setup.
-	 */
-# if defined(USE_TERMIO) && !(defined(CRAY) || defined(__hpux)) && (BSD <= 43)
-#  ifndef	OXTABS
-#   define OXTABS	0
-#  endif
-	termbuf.c_lflag |= ECHO|ICANON|IEXTEN|ISIG;
-	termbuf.c_oflag |= ONLCR|OXTABS|OPOST;
-	termbuf.c_iflag |= ICRNL|IGNPAR;
-termbuf.c_cflag |= HUPCL;
-	termbuf.c_iflag &= ~IXOFF;
-# endif /* defined(USE_TERMIO) && !defined(CRAY) && (BSD <= 43) */
-	tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600);
-	tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600);
-# ifdef	LINEMODE
-	if (waslm)
-		tty_setlinemode(1);
-# endif	/* LINEMODE */
-
-	/*
-	 * Set the tty modes, and make this our controlling tty.
-	 */
-	set_termbuf();
-	if (dup_tty(t) == -1)
-		fatalperror(net, "dup_tty");
-#endif	/* !defined(CRAY) || !defined(NEWINIT) */
-	if (net > 2)
-		(void) close(net);
-#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	/*
-	 * Leave the pty open so that we can write out the rlogin
-	 * protocol for /bin/login, if the authentication works.
-	 */
-#else
-	if (pty > 2) {
-		(void) close(pty);
-		pty = -1;
-	}
-#endif
-}
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-#ifndef	O_NOCTTY
-#define	O_NOCTTY	0
-#endif
-#endif	/* !defined(CRAY) || !defined(NEWINIT) */
-
-
-
-	int
-dup_tty(t)
-	int t;
-{
-	if (t != 0)
-		(void) dup2(t, 0);
-	if (t != 1)
-		(void) dup2(t, 1);
-	if (t != 2)
-		(void) dup2(t, 2);
-	if (t > 2)
-		close(t);
-	return(0);
-}
-
-
-#ifdef	NEWINIT
-char *gen_id = "fe";
-#endif
-
-/*
- * startslave(host)
- *
- * Given a hostname, do whatever
- * is necessary to startup the login process on the slave side of the pty.
- */
-
-
-/* ARGSUSED */
-	void
-startslave(host, autologin, autoname)
-	char *host;
-	int autologin;
-	char *autoname;
-{
-	int syncpipe[2];
-	register int i;
-#ifdef	NEWINIT
-	extern char *ptyip;
-	struct init_request request;
-	void nologinproc();
-	register int n;
-#endif	/* NEWINIT */
-
-	if ( pipe(syncpipe) < 0 )
-		fatal(net, "failed getting synchronization pipe");
-
-#if	defined(AUTHENTICATION)
-	if (!autoname || !autoname[0])
-		autologin = 0;
-
-	if (autologin < auth_level) {
-		fatal(net, "Authorization failed");
-		exit(1);
-	}
-#endif
-
-#ifndef	NEWINIT
-
-	if ((i = fork()) < 0)
-		fatalperror(net, "fork");
-	if (i) {
-		char c;
-
-		void sigjob (int);
-		slavepid = i; /* So we can clean it up later */
-#ifdef	CRAY
-		(void) signal(WJSIGNAL, sigjob);
-#endif
-
-		/* Wait for child before writing to parent side of pty.*/
-		(void) close(syncpipe[1]);
-		if ( read(syncpipe[0], &c, 1) == 0 ) {
-			/* Slave side died */
-			fatal ( net, "Slave failed to initialize");
-		}
-
-		close(syncpipe[0]);
-
-	} else {
-
-		pty_update_utmp (PTY_LOGIN_PROCESS, getpid(), "LOGIN", line,
-				 host, PTY_TTYSLOT_USABLE);
-		getptyslave();
-
-		/* Notify our parent we're ready to continue.*/
-		write(syncpipe[1],"y",1);
-		close(syncpipe[0]);
-		close(syncpipe[1]);
-
-		start_login(host, autologin, autoname);
-		/*NOTREACHED*/
-	}
-#else	/* NEWINIT */
-
-	/*
-	 * Init will start up login process if we ask nicely.  We only wait
-	 * for it to start up and begin normal telnet operation.
-	 */
-	if ((i = open(INIT_FIFO, O_WRONLY)) < 0) {
-		char tbuf[128];
-		(void) snprintf(tbuf, sizeof(tbuf), "Can't open %s\n",
-				INIT_FIFO);
-		fatalperror(net, tbuf);
-	}
-	memset(&request, 0, sizeof(request));
-	request.magic = INIT_MAGIC;
-	SCPYN(request.gen_id, gen_id);
-	SCPYN(request.tty_id, &line[8]);
-	SCPYN(request.host, host);
-	SCPYN(request.term_type, *terminaltype ? terminaltype : "network");
-#if	!defined(UNICOS5)
-	request.signal = SIGCLD;
-	request.pid = getpid();
-#endif
-#ifdef BFTPDAEMON
-	/*
-	 * Are we working as the bftp daemon?
-	 */
-	if (bftpd) {
-		SCPYN(request.exec_name, BFTPPATH);
-	}
-#endif /* BFTPDAEMON */
-	if (write(i, (char *)&request, sizeof(request)) < 0) {
-		char tbuf[128];
-		(void) snprintf(tbuf, sizeof(tbuf), "Can't write to %s\n",
-				INIT_FIFO);
-		fatalperror(net, tbuf);
-	}
-	(void) close(i);
-	(void) signal(SIGALRM, nologinproc);
-	for (i = 0; ; i++) {
-		char tbuf[128];
-		alarm(15);
-		n = read(pty, ptyip, BUFSIZ);
-		if (i == 3 || n >= 0 || !gotalarm)
-			break;
-		gotalarm = 0;
-		snprintf(tbuf, sizeof(tbuf), "telnetd: waiting for /etc/init to start login process on %s\r\n", line);
-		(void) write(net, tbuf, strlen(tbuf));
-	}
-	if (n < 0 && gotalarm)
-		fatal(net, "/etc/init didn't start login process");
-	pcc += n;
-	alarm(0);
-	(void) signal(SIGALRM, SIG_DFL);
-
-	return;
-#endif	/* NEWINIT */
-}
-
-char	*envinit[3];
-extern char **environ;
-
-	void
-init_env()
-{
-	extern char *getenv();
-	char **envp;
-
-	envp = envinit;
-	if ((*envp = getenv("TZ")))
-		*envp++ -= 3;
-#if	defined(CRAY) || defined(__hpux)
-	else
-		*envp++ = "TZ=GMT0";
-#endif
-	*envp = 0;
-	environ = envinit;
-}
-
-#ifndef	NEWINIT
-
-/*
- * start_login(host)
- *
- * Assuming that we are now running as a child processes, this
- * function will turn us into the login process.
- */
-
-	void
-start_login(host, autologin, name)
-	char *host;
-	int autologin;
-	char *name;
-{
-	register char **argv;
-	extern char *getenv();
-
-#ifdef SOLARIS
-	char *term;
-	char termbuf[64];
-#endif
-
-
-	/*
-	 * -h : pass on name of host.
-	 *		WARNING:  -h is accepted by login if and only if
-	 *			getuid() == 0.
-	 * -p : don't clobber the environment (so terminal type stays set).
-	 *
-	 * -f : force this login, he has already been authenticated
-	 */
-	argv = addarg(0, "login");
-
-#if	!defined(NO_LOGIN_H)
-
-# if	defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	/*
-	 * Don't add the "-h host" option if we are going
-	 * to be adding the "-r host" option down below...
-	 */
-	if ((auth_level < 0) || (autologin != AUTH_VALID))
-# endif
-	{
-		argv = addarg(argv, "-h");
-		argv = addarg(argv, host);
-#ifdef	SOLARIS
-		/*
-		 * SVR4 version of -h takes TERM= as second arg, or -
-		 */
-		term = getenv("TERM");
-		if (term == NULL || term[0] == 0) {
-			term = "-";
-		} else {
-			snprintf(termbuf, sizeof(termbuf), "TERM=%s", term);
-			term = termbuf;
-		}
-		argv = addarg(argv, term);
-#endif
-	}
-#endif
-#if	!defined(NO_LOGIN_P)
-	argv = addarg(argv, "-p");
-#endif
-#ifdef	BFTPDAEMON
-	/*
-	 * Are we working as the bftp daemon?  If so, then ask login
-	 * to start bftp instead of shell.
-	 */
-	if (bftpd) {
-		argv = addarg(argv, "-e");
-		argv = addarg(argv, BFTPPATH);
-	} else
-#endif
-#if	defined (SecurID)
-	/*
-	 * don't worry about the -f that might get sent.
-	 * A -s is supposed to override it anyhow.
-	 */
-	if (require_SecurID)
-		argv = addarg(argv, "-s");
-#endif
-#if	defined (AUTHENTICATION)
-	if (auth_level >= 0 && autologin == AUTH_VALID) {
-		if (name[0] == '-') {
-		    /*
-		     * Authenticated and authorized to log in to an
-		     * account starting with '-'?  Even if that
-		     * unlikely case comes to pass, the current login
-		     * program will not parse the resulting command
-		     * line properly.
-		     */
-		    syslog(LOG_ERR, "user name cannot start with '-'");
-		    fatal(net, "user name cannot start with '-'");
-		    exit(1);
-		}
-# if	!defined(NO_LOGIN_F)
-#if	defined(LOGIN_CAP_F)
-		argv = addarg(argv, "-F");
-#else
-		argv = addarg(argv, "-f");
-#endif
-		argv = addarg(argv, "--");
-		argv = addarg(argv, name);
-# else
-#  if defined(LOGIN_R)
-		/*
-		 * We don't have support for "login -f", but we
-		 * can fool /bin/login into thinking that we are
-		 * rlogind, and allow us to log in without a
-		 * password.  The rlogin protocol expects
-		 *	local-user\0remote-user\0term/speed\0
-		 */
-
-		if (pty > 2) {
-			register char *cp;
-			char speed[1024];
-			int isecho, israw, xpty, len;
-			extern int def_rspeed;
-#  ifndef LOGIN_HOST
-			/*
-			 * Tell login that we are coming from "localhost".
-			 * If we passed in the real host name, then the
-			 * user would have to allow .rhost access from
-			 * every machine that they want authenticated
-			 * access to work from, which sort of defeats
-			 * the purpose of an authenticated login...
-			 * So, we tell login that the session is coming
-			 * from "localhost", and the user will only have
-			 * to have "localhost" in their .rhost file.
-			 */
-#			define LOGIN_HOST "localhost"
-#  endif
-			argv = addarg(argv, "-r");
-			argv = addarg(argv, LOGIN_HOST);
-
-			xpty = pty;
-# ifndef  STREAMSPTY
-			pty = 0;
-# else
-			ttyfd = 0;
-# endif
-			init_termbuf();
-			isecho = tty_isecho();
-			israw = tty_israw();
-			if (isecho || !israw) {
-				tty_setecho(0);		/* Turn off echo */
-				tty_setraw(1);		/* Turn on raw */
-				set_termbuf();
-			}
-			len = strlen(name)+1;
-			write(xpty, name, len);
-			write(xpty, name, len);
-			memset(speed, 0, sizeof(speed));
-			snprintf(speed, sizeof(speed), "%s/%d",
-				 (cp = getenv("TERM")) ? cp : "",
-				 (def_rspeed > 0) ? def_rspeed : 9600);
-			len = strlen(speed)+1;
-			write(xpty, speed, len);
-
-			if (isecho || !israw) {
-				init_termbuf();
-				tty_setecho(isecho);
-				tty_setraw(israw);
-				set_termbuf();
-				if (!israw) {
-					/*
-					 * Write a newline to ensure
-					 * that login will be able to
-					 * read the line...
-					 */
-					write(xpty, "\n", 1);
-				}
-			}
-			pty = xpty;
-		}
-#  else
-		argv = addarg(argv, "--");
-		argv = addarg(argv, name);
-#  endif
-# endif
-	} else
-#endif
-	if (getenv("USER")) {
-		char *user = getenv("USER");
-		if (user[0] == '-') {
-		    /* "telnet -l-x ..." */
-		    syslog(LOG_ERR, "user name cannot start with '-'");
-		    fatal(net, "user name cannot start with '-'");
-		    exit(1);
-		}
-		argv = addarg(argv, "--");
-		argv = addarg(argv, user);
-#if	defined(LOGIN_ARGS) && defined(NO_LOGIN_P)
-		{
-			register char **cpp;
-			for (cpp = environ; *cpp; cpp++)
-			    if ((*cpp)[0] != '-')
-				argv = addarg(argv, *cpp);
-		}
-#endif
-		/*
-		 * Assume that login will set the USER variable
-		 * correctly.  For SysV systems, this means that
-		 * USER will no longer be set, just LOGNAME by
-		 * login.  (The problem is that if the auto-login
-		 * fails, and the user then specifies a different
-		 * account name, he can get logged in with both
-		 * LOGNAME and USER in his environment, but the
-		 * USER value will be wrong.
-		 */
-		unsetenv("USER");
-	}
-#if	defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R)
-	if (pty > 2)
-		close(pty);
-#endif
-	closelog();
-	execv(login_program, argv);
-
-	syslog(LOG_ERR, "%s: %m", login_program);
-	fatalperror(net, login_program);
-	/*NOTREACHED*/
-}
-
-/*
- * This code returns a pointer to the first element of the array and
- * expects the same to be called with.
- * Therefore the -1 reference is legal.
- */
-
-static char **
-addarg(argv, val)
-	register char **argv;
-	register char *val;
-{
-	register char **cpp;
-
-	if (argv == NULL) {
-		/*
-		 * 10 entries, a leading length, and a null
-		 */
-		argv = (char **)malloc(sizeof(*argv) * 12);
-		if (argv == NULL)
-			return(NULL);
-		*argv++ = (char *)10;
-		*argv = (char *)0;
-	}
-	for (cpp = argv; *cpp; cpp++)
-		;
-	if (cpp == &argv[(long)argv[-1]]) {
-		--argv;
-		*argv = (char *)((long)(*argv) + 10);
-		argv = (char **)realloc(argv, sizeof(*argv) * ((long)(*argv) + 2));
-		if (argv == NULL)
-			return(NULL);
-		argv++;
-		cpp = &argv[(long)argv[-1] - 10];
-	}
-	*cpp++ = val;
-	*cpp = 0;
-	return(argv);
-}
-#endif	/* NEWINIT */
-
-/*
- * cleanup()
- *
- * This is the routine to call when we are all through, to
- * clean up anything that needs to be cleaned up.
- */
-	/* ARGSUSED */
-	void
-cleanup(sig)
-	int sig;
-{
-	pty_cleanup(line,slavepid,1);
-#ifdef KRB5
-	kerberos5_cleanup();
-#endif
-
-	(void) shutdown(net, 2);
-	exit(1);
-}
diff --git a/src/appl/telnet/telnetd/telnetd-ktd.c b/src/appl/telnet/telnetd/telnetd-ktd.c
deleted file mode 100644
index 86a594c..0000000
--- a/src/appl/telnet/telnetd/telnetd-ktd.c
+++ /dev/null
@@ -1,1462 +0,0 @@
-/*
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-char copyright[] =
-"@(#) Copyright (c) 1989 Regents of the University of California.\n\
- All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)telnetd.c	5.51 (Berkeley) 1/21/93 */
-
-#include "telnetd.h"
-#include "pathnames.h"
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-#include <sys/sysv.h>
-#include <libpty.h>
-#include <sys/secdev.h>
-int	secflag;
-char	tty_dev[16];
-struct	secdev dv;
-struct	sysv sysv;
-struct	socket_security ss;
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-int	auth_level = 0;
-#endif
-#if	defined(SecurID)
-int	require_SecurID = 0;
-#endif
-
-extern	int utmp_len;
-int	registerd_host_only = 0;
-
-#ifdef	STREAMSPTY
-# include <stropts.h>
-# include <termio.h>
-/* make sure we don't get the bsd version */
-# include "/usr/include/sys/tty.h"
-# include <sys/ptyvar.h>
-
-/*
- * Because of the way ptyibuf is used with streams messages, we need
- * ptyibuf+1 to be on a full-word boundary.  The following wierdness
- * is simply to make that happen.
- */
-char	ptyibufbuf[BUFSIZ+4];
-char	*ptyibuf = ptyibufbuf+3;
-char	*ptyip = ptyibufbuf+3;
-char	ptyibuf2[BUFSIZ];
-unsigned char ctlbuf[BUFSIZ];
-struct	strbuf strbufc, strbufd;
-
-int readstream();
-
-#else	/* ! STREAMPTY */
-
-/*
- * I/O data buffers,
- * pointers, and counters.
- */
-char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
-char	ptyibuf2[BUFSIZ];
-
-#endif /* ! STREAMPTY */
-
-int	hostinfo = 1;			/* do we print login banner? */
-
-#ifdef	CRAY
-extern int      newmap; /* nonzero if \n maps to ^M^J */
-int	lowpty = 0, highpty;	/* low, high pty numbers */
-#endif /* CRAY */
-
-int debug = 0;
-int keepalive = 1;
-char *progname;
-
-extern void usage (void);
-
-main(argc, argv)
-	char *argv[];
-{
-	struct sockaddr_in from;
-	int on = 1, fromlen;
-	register int ch;
-	extern char *optarg;
-	extern int optind;
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	int tos = -1;
-#endif
-
-	pfrontp = pbackp = ptyobuf;
-	netip = netibuf;
-	nfrontp = nbackp = netobuf;
-#if	defined(ENCRYPTION)
-	nclearto = 0;
-#endif
-
-	progname = *argv;
-
-#ifdef CRAY
-	/*
-	 * Get number of pty's before trying to process options,
-	 * which may include changing pty range.
-	 */
-	highpty = getnpty();
-#endif /* CRAY */
-
-	while ((ch = getopt(argc, argv, "d:a:e:klhnr:u:UI:D:B:sS:a:X:")) != -1) {
-		switch(ch) {
-
-#ifdef	AUTHENTICATION
-		case 'a':
-			/*
-			 * Check for required authentication level
-			 */
-			if (strcmp(optarg, "debug") == 0) {
-				extern int auth_debug_mode;
-				auth_debug_mode = 1;
-			} else if (strcasecmp(optarg, "none") == 0) {
-				auth_level = 0;
-			} else if (strcasecmp(optarg, "other") == 0) {
-				auth_level = AUTH_OTHER;
-			} else if (strcasecmp(optarg, "user") == 0) {
-				auth_level = AUTH_USER;
-			} else if (strcasecmp(optarg, "valid") == 0) {
-				auth_level = AUTH_VALID;
-			} else if (strcasecmp(optarg, "off") == 0) {
-				/*
-				 * This hack turns off authentication
-				 */
-				auth_level = -1;
-			} else {
-				fprintf(stderr,
-			    "telnetd: unknown authorization level for -a\n");
-			}
-			break;
-#endif	/* AUTHENTICATION */
-
-#ifdef BFTPDAEMON
-		case 'B':
-			bftpd++;
-			break;
-#endif /* BFTPDAEMON */
-
-		case 'd':
-			if (strcmp(optarg, "ebug") == 0) {
-				debug++;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-
-#ifdef DIAGNOSTICS
-		case 'D':
-			/*
-			 * Check for desired diagnostics capabilities.
-			 */
-			if (!strcmp(optarg, "report")) {
-				diagnostic |= TD_REPORT|TD_OPTIONS;
-			} else if (!strcmp(optarg, "exercise")) {
-				diagnostic |= TD_EXERCISE;
-			} else if (!strcmp(optarg, "netdata")) {
-				diagnostic |= TD_NETDATA;
-			} else if (!strcmp(optarg, "ptydata")) {
-				diagnostic |= TD_PTYDATA;
-			} else if (!strcmp(optarg, "options")) {
-				diagnostic |= TD_OPTIONS;
-			} else {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-#endif /* DIAGNOSTICS */
-
-#ifdef	ENCRYPTION
-		case 'e':
-			if (strcmp(optarg, "debug") == 0) {
-				extern int encrypt_debug_mode;
-				encrypt_debug_mode = 1;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-#endif	/* ENCRYPTION */
-
-		case 'h':
-			hostinfo = 0;
-			break;
-
-#if	defined(CRAY) && defined(NEWINIT)
-		case 'I':
-		    {
-			extern char *gen_id;
-			gen_id = optarg;
-			break;
-		    }
-#endif	/* defined(CRAY) && defined(NEWINIT) */
-
-#ifdef	LINEMODE
-		case 'l':
-			alwayslinemode = 1;
-			break;
-#endif	/* LINEMODE */
-
-		case 'k':
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			lmodetype = NO_AUTOKLUDGE;
-#else
-			/* ignore -k option if built without kludge linemode */
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			break;
-
-		case 'n':
-			keepalive = 0;
-			break;
-
-#ifdef CRAY
-		case 'r':
-		    {
-			char *strchr();
-			char *c;
-
-			/*
-			 * Allow the specification of alterations
-			 * to the pty search range.  It is legal to
-			 * specify only one, and not change the
-			 * other from its default.
-			 */
-			c = strchr(optarg, '-');
-			if (c) {
-				*c++ = '\0';
-				highpty = atoi(c);
-			}
-			if (*optarg != '\0')
-				lowpty = atoi(optarg);
-			if ((lowpty > highpty) || (lowpty < 0) ||
-							(highpty > 32767)) {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-		    }
-#endif	/* CRAY */
-
-#ifdef	SecurID
-		case 's':
-			/* SecurID required */
-			require_SecurID = 1;
-			break;
-#endif	/* SecurID */
-		case 'S':
-#ifdef	HAVE_GETTOSBYNAME
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s\n",
-					"telnetd: Bad TOS argument '", optarg,
-					"'; will try to use default TOS");
-#else
-			fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
-						"-S flag not supported\n");
-#endif
-			break;
-
-		case 'u':
-			utmp_len = atoi(optarg);
-			break;
-
-		case 'U':
-			registerd_host_only = 1;
-			break;
-
-#ifdef	AUTHENTICATION
-		case 'X':
-			/*
-			 * Check for invalid authentication types
-			 */
-			auth_disable_name(optarg);
-			break;
-#endif	/* AUTHENTICATION */
-
-		default:
-			fprintf(stderr, "telnetd: %s: unknown option\n", ch);
-			/* FALLTHROUGH */
-		case '?':
-			usage();
-			/* NOTREACHED */
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	if (debug) {
-	    int s, ns, foo;
-	    struct servent *sp;
-	    static struct sockaddr_in sin = { AF_INET };
-
-	    if (argc > 1) {
-		usage();
-		/* NOT REACHED */
-	    } else if (argc == 1) {
-		    if (sp = getservbyname(*argv, "tcp")) {
-			sin.sin_port = sp->s_port;
-		    } else {
-			sin.sin_port = atoi(*argv);
-			if ((int)sin.sin_port <= 0) {
-			    fprintf(stderr, "telnetd: %s: bad port #\n", *argv);
-			    usage();
-			    /* NOT REACHED */
-			}
-			sin.sin_port = htons((u_short)sin.sin_port);
-		   }
-	    } else {
-		sp = getservbyname("ktelnet", "tcp");
-		if (sp == 0) {
-		    fprintf(stderr, "telnetd: tcp/ktelnet: unknown service\n");
-		    exit(1);
-		}
-		sin.sin_port = sp->s_port;
-	    }
-
-	    s = socket(AF_INET, SOCK_STREAM, 0);
-	    if (s < 0) {
-		    perror("telnetd: socket");;
-		    exit(1);
-	    }
-	    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-				(char *)&on, sizeof(on));
-	    if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
-		perror("bind");
-		exit(1);
-	    }
-	    if (listen(s, 1) < 0) {
-		perror("listen");
-		exit(1);
-	    }
-	    foo = sizeof(sin);
-	    ns = accept(s, (struct sockaddr *)&sin, &foo);
-	    if (ns < 0) {
-		perror("accept");
-		exit(1);
-	    }
-	    (void) dup2(ns, 0);
-	    (void) close(ns);
-	    (void) close(s);
-#ifdef convex
-	} else if (argc == 1) {
-		; /* VOID*/		/* Just ignore the host/port name */
-#endif
-	} else if (argc > 0) {
-		usage();
-		/* NOT REACHED */
-	}
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	secflag = sysconf(_SC_CRAY_SECURE_SYS);
-
-	/*
-	 *      Get socket's security label
-	 */
-	if (secflag)  {
-		int sz = sizeof(ss);
-
-		memset(&dv, 0, sizeof(dv));
-
-		if (getsysv(&sysv, sizeof(struct sysv)) != 0) {
-			perror("getsysv");
-			exit(1);
-		}
-
-		/*
-		 *      Get socket security label and set device values
-		 *         {security label to be set on ttyp device}
-		 */
-		if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
-				(char *)&ss, &sz) >= 0) {
-
-			dv.dv_actlvl = ss.ss_slevel;
-			dv.dv_actcmp = ss.ss_compart;
-			dv.dv_minlvl = ss.ss_minlvl;
-			dv.dv_maxlvl = ss.ss_maxlvl;
-			dv.dv_valcmp = ss.ss_maxcmp;
-		}
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-	fromlen = sizeof (from);
-	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
-		fprintf(stderr, "%s: ", progname);
-		perror("getpeername");
-		_exit(1);
-	}
-	if (keepalive &&
-	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
-			(char *)&on, sizeof (on)) < 0) {
-		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-	}
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	{
-# if	defined(HAVE_GETTOSBYNAME)
-		struct tosent *tp;
-		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-			tos = tp->t_tos;
-# endif
-		if (tos < 0)
-			tos = 020;	/* Low Delay bit */
-		if (tos
-		   && (setsockopt(0, IPPROTO_IP, IP_TOS,
-				  (char *)&tos, sizeof(tos)) < 0)
-		   && (errno != ENOPROTOOPT) )
-			syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-	}
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-	net = 0;
-	doit(&from);
-	/* NOTREACHED */
-}  /* end of main */
-
-	void
-usage()
-{
-	fprintf(stderr, "Usage: telnetd");
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-a (debug|other|user|valid|off)]\n\t");
-#endif
-#ifdef BFTPDAEMON
-	fprintf(stderr, " [-B]");
-#endif
-	fprintf(stderr, " [-debug]");
-#ifdef DIAGNOSTICS
-	fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-edebug]");
-#endif
-	fprintf(stderr, " [-h]");
-#if	defined(CRAY) && defined(NEWINIT)
-	fprintf(stderr, " [-Iinitid]");
-#endif
-#ifdef LINEMODE
-	fprintf(stderr, " [-l]");
-#endif
-	fprintf(stderr, " [-n]");
-#ifdef	CRAY
-	fprintf(stderr, " [-r[lowpty]-[highpty]]");
-#endif
-#ifdef	SecurID
-	fprintf(stderr, " [-s]");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-X auth-type]");
-#endif
-	fprintf(stderr, " [-u utmp_hostname_length] [-U]");
-	fprintf(stderr, " [port]\n");
-	exit(1);
-}
-
-/*
- * getterminaltype
- *
- *	Ask the other end to send along its terminal type and speed.
- * Output is the variable terminaltype filled in.
- */
-static char ttytype_sbbuf[] = { IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE };
-
-    int
-getterminaltype(name)
-    char *name;
-{
-    int retval = -1;
-    void _gettermname();
-
-    settimer(baseline);
-#if	defined(AUTHENTICATION)
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name);
-    }
-#endif
-
-#if	defined(ENCRYPTION)
-    send_will(TELOPT_ENCRYPT, 1);
-#endif
-    send_do(TELOPT_TTYPE, 1);
-    send_do(TELOPT_TSPEED, 1);
-    send_do(TELOPT_XDISPLOC, 1);
-    send_do(TELOPT_ENVIRON, 1);
-    while (
-#if	defined(ENCRYPTION)
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-#endif
-	   his_will_wont_is_changing(TELOPT_TTYPE) ||
-	   his_will_wont_is_changing(TELOPT_TSPEED) ||
-	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
-	   his_will_wont_is_changing(TELOPT_ENVIRON)) {
-	ttloop();
-    }
-#if	defined(ENCRYPTION)
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-#endif
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	static char sbbuf[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
-
-	if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
-		memcpy(nfrontp, sbbuf, sizeof(sbbuf));
-		nfrontp += sizeof(sbbuf);
-	}
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	static char sbbuf[] = { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
-
-	if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
-		memcpy(nfrontp, sbbuf, sizeof(sbbuf));
-		nfrontp += sizeof(sbbuf);
-	}
-    }
-    if (his_state_is_will(TELOPT_ENVIRON)) {
-	static char sbbuf[] = { IAC, SB, TELOPT_ENVIRON, TELQUAL_SEND, IAC, SE };
-
-	if(nfrontp - netobuf + sizeof(sbbuf) < sizeof(netobuf)) {
-		memcpy(nfrontp, sbbuf, sizeof(sbbuf));
-		nfrontp += sizeof(sbbuf);
-	}
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-
-	if(nfrontp - netobuf + sizeof(ttytype_sbbuf) < sizeof(netobuf)) {
-		memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
-		nfrontp += sizeof(ttytype_sbbuf);
-	}
-    }
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	while (sequenceIs(tspeedsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	while (sequenceIs(xdisplocsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_ENVIRON)) {
-	while (sequenceIs(environsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-	char first[256], last[256];
-
-	while (sequenceIs(ttypesubopt, baseline))
-	    ttloop();
-
-	/*
-	 * If the other side has already disabled the option, then
-	 * we have to just go with what we (might) have already gotten.
-	 */
-	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    (void) strncpy(first, terminaltype, sizeof(first) - 1);
-	    first[sizeof(first) - 1] = '\0';
-	    for(;;) {
-		/*
-		 * Save the unknown name, and request the next name.
-		 */
-		(void) strncpy(last, terminaltype, sizeof(last) - 1);
-	    	last[sizeof(last) - 1] = '\0';
-		_gettermname();
-		if (terminaltypeok(terminaltype))
-		    break;
-		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
-		    his_state_is_wont(TELOPT_TTYPE)) {
-		    /*
-		     * We've hit the end.  If this is the same as
-		     * the first name, just go with it.
-		     */
-		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
-			break;
-		    /*
-		     * Get the terminal name one more time, so that
-		     * RFC1091 compliant telnets will cycle back to
-		     * the start of the list.
-		     */
-		     _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0)
-			(void) strncpy(terminaltype, first, sizeof(terminaltype) - 1);
-		    terminaltype[sizeof(terminaltype) - 1] = '\0';
-		    break;
-		}
-	    }
-	}
-    }
-    return(retval);
-}  /* end of getterminaltype */
-
-    void
-_gettermname()
-{
-    /*
-     * If the client turned off the option,
-     * we can't send another request, so we
-     * just return.
-     */
-    if (his_state_is_wont(TELOPT_TTYPE))
-	return;
-    settimer(baseline);
-    memcpy(nfrontp, ttytype_sbbuf, sizeof(ttytype_sbbuf));
-    nfrontp += sizeof(ttytype_sbbuf);
-    while (sequenceIs(ttypesubopt, baseline))
-	ttloop();
-}
-
-    int
-terminaltypeok(s)
-    char *s;
-{
-    char buf[1024];
-
-    if (terminaltype == NULL)
-	return(1);
-
-    /*
-     * tgetent() will return 1 if the type is known, and
-     * 0 if it is not known.  If it returns -1, it couldn't
-     * open the database.  But if we can't open the database,
-     * it won't help to say we failed, because we won't be
-     * able to verify anything else.  So, we treat -1 like 1.
-     */
-    if (tgetent(buf, s) == 0)
-	return(0);
-    return(1);
-}
-
-#ifndef	MAXHOSTNAMELEN
-#define	MAXHOSTNAMELEN 64
-#endif	/* MAXHOSTNAMELEN */
-
-char *hostname;
-char host_name[MAXHOSTNAMELEN];
-char remote_host_name[MAXHOSTNAMELEN];
-
-#ifndef	convex
-extern void telnet (int, int);
-#else
-extern void telnet (int, int, char *);
-#endif
-
-/*
- * Get a pty, scan input lines.
- */
-doit(who)
-	struct sockaddr_in *who;
-{
-	char *host, *inet_ntoa();
-	int t;
-	struct hostent *hp;
-	int level;
-	char user_name[256];
-
-	/*
-	 * Find an available pty to use.
-	 */
-	if ( (retval = pty_getpty(&pty, line, sizeof(line)) < 0 ) {
-	    com_err(retval, "telnetd", "");
-
-	if (pty < 0)
-		fatal(net, "All network ports in use");
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	/*
-	 *	set ttyp line security label
-	 */
-	if (secflag) {
-		extern char *myline;
-		if (setdevs(myline, &dv) < 0)
-			fatal(net, "cannot set pty security");
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	/* get name of connected client */
-	hp = gethostbyaddr((char *)&who->sin_addr, sizeof (struct in_addr),
-		who->sin_family);
-
-	if (hp == NULL && registerd_host_only) {
-		fatal(net, "Couldn't resolve your address into a host name.\r\n\
-         Please contact your net administrator");
-	} else if (hp &&
-	    (strlen(hp->h_name) <= ((utmp_len < 0) ? -utmp_len : utmp_len))) {
-		host = hp->h_name;
-	} else {
-		host = inet_ntoa(who->sin_addr);
-	}
-	/*
-	 * We must make a copy because Kerberos is probably going
-	 * to also do a gethost* and overwrite the static data...
-	 */
-	strncpy(remote_host_name, host, sizeof(remote_host_name)-1);
-	remote_host_name[sizeof(remote_host_name)-1] = 0;
-	host = remote_host_name;
-
-	(void) gethostname(host_name, sizeof (host_name));
-	hostname = host_name;
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_init(hostname, host, "TELNETD", 1);
-#endif
-
-	init_env();
-	/*
-	 * get terminal type.
-	 */
-	*user_name = 0;
-	level = getterminaltype(user_name);
-	setenv("TERM", terminaltype ? terminaltype : "network", 1);
-
-	/*
-	 * Start up the login process on the slave side of the terminal
-	 */
-
-	startslave(host, level, user_name);
-	telnet(net, pty);  /* begin server processing */
-	/*NOTREACHED*/
-}  /* end of doit */
-
-#if	defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50)
-	int
-Xterm_output(ibufp, obuf, icountp, ocount)
-	char **ibufp, *obuf;
-	int *icountp, ocount;
-{
-	int ret;
-	ret = term_output(*ibufp, obuf, *icountp, ocount);
-	*ibufp += *icountp;
-	*icountp = 0;
-	return(ret);
-}
-#define	term_output	Xterm_output
-#endif	/* defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) */
-
-/*
- * Main loop.  Select from pty and network, and
- * hand data to telnet receiver finite state machine.
- */
-	void
-#ifndef	convex
-telnet(f, p)
-#else
-telnet(f, p, host)
-#endif
-	int f, p;
-#ifdef convex
-	char *host;
-#endif
-{
-	int on = 1;
-#define	TABBUFSIZ	512
-	char	defent[TABBUFSIZ];
-	char	defstrs[TABBUFSIZ];
-#undef	TABBUFSIZ
-	char *HE;
-	char *HN;
-	char *IM;
-	void netflush();
-
-	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
-	/*
-	 * Do some tests where it is desireable to wait for a response.
-	 * Rather than doing them slowly, one at a time, do them all
-	 * at once.
-	 */
-	if (my_state_is_wont(TELOPT_SGA))
-		send_will(TELOPT_SGA, 1);
-	/*
-	 * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
-	 * because 4.2 clients are unable to deal with TCP urgent data.
-	 *
-	 * To find out, we send out a "DO ECHO".  If the remote system
-	 * answers "WILL ECHO" it is probably a 4.2 client, and we note
-	 * that fact ("WILL ECHO" ==> that the client will echo what
-	 * WE, the server, sends it; it does NOT mean that the client will
-	 * echo the terminal input).
-	 */
-	send_do(TELOPT_ECHO, 1);
-
-#ifdef	LINEMODE
-	if (his_state_is_wont(TELOPT_LINEMODE)) {
-		/* Query the peer for linemode support by trying to negotiate
-		 * the linemode option.
-		 */
-		linemode = 0;
-		editmode = 0;
-		send_do(TELOPT_LINEMODE, 1);  /* send do linemode */
-	}
-#endif	/* LINEMODE */
-
-	/*
-	 * Send along a couple of other options that we wish to negotiate.
-	 */
-	send_do(TELOPT_NAWS, 1);
-	send_will(TELOPT_STATUS, 1);
-	flowmode = 1;		/* default flow control state */
-	restartany = -1;	/* uninitialized... */
-	send_do(TELOPT_LFLOW, 1);
-
-	/*
-	 * Spin, waiting for a response from the DO ECHO.  However,
-	 * some REALLY DUMB telnets out there might not respond
-	 * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
-	 * telnets so far seem to respond with WONT for a DO that
-	 * they don't understand...) because by the time we get the
-	 * response, it will already have processed the DO ECHO.
-	 * Kludge upon kludge.
-	 */
-	while (his_will_wont_is_changing(TELOPT_NAWS))
-		ttloop();
-
-	/*
-	 * But...
-	 * The client might have sent a WILL NAWS as part of its
-	 * startup code; if so, we'll be here before we get the
-	 * response to the DO ECHO.  We'll make the assumption
-	 * that any implementation that understands about NAWS
-	 * is a modern enough implementation that it will respond
-	 * to our DO ECHO request; hence we'll do another spin
-	 * waiting for the ECHO option to settle down, which is
-	 * what we wanted to do in the first place...
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO) &&
-	    his_state_is_will(TELOPT_NAWS)) {
-		while (his_will_wont_is_changing(TELOPT_ECHO))
-			ttloop();
-	}
-	/*
-	 * On the off chance that the telnet client is broken and does not
-	 * respond to the DO ECHO we sent, (after all, we did send the
-	 * DO NAWS negotiation after the DO ECHO, and we won't get here
-	 * until a response to the DO NAWS comes back) simulate the
-	 * receipt of a will echo.  This will also send a WONT ECHO
-	 * to the client, since we assume that the client failed to
-	 * respond because it believes that it is already in DO ECHO
-	 * mode, which we do not want.
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO)) {
-		DIAG(TD_OPTIONS,
-			{sprintf(nfrontp, "td: simulating recv\r\n");
-			 nfrontp += strlen(nfrontp);});
-		willoption(TELOPT_ECHO);
-	}
-
-	/*
-	 * Finally, to clean things up, we turn on our echo.  This
-	 * will break stupid 4.2 telnets out of local terminal echo.
-	 */
-
-	if (my_state_is_wont(TELOPT_ECHO))
-		send_will(TELOPT_ECHO, 1);
-
-#ifndef	STREAMSPTY
-	/*
-	 * Turn on packet mode
-	 */
-	(void) ioctl(p, TIOCPKT, (char *)&on);
-#endif
-
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-	/*
-	 * Continuing line mode support.  If client does not support
-	 * real linemode, attempt to negotiate kludge linemode by sending
-	 * the do timing mark sequence.
-	 */
-	if (lmodetype < REAL_LINEMODE)
-		send_do(TELOPT_TM, 1);
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-
-	/*
-	 * Call telrcv() once to pick up anything received during
-	 * terminal type negotiation, 4.2/4.3 determination, and
-	 * linemode negotiation.
-	 */
-	telrcv();
-
-	(void) ioctl(f, FIONBIO, (char *)&on);
-	(void) ioctl(p, FIONBIO, (char *)&on);
-#if	defined(CRAY2) && defined(UNICOS5)
-	init_termdriver(f, p, interrupt, sendbrk);
-#endif
-
-#if	defined(SO_OOBINLINE)
-	(void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-				(char *)&on, sizeof(on));
-#endif	/* defined(SO_OOBINLINE) */
-
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, SIG_IGN);
-#endif
-#ifdef	SIGTTOU
-	/*
-	 * Ignoring SIGTTOU keeps the kernel from blocking us
-	 * in ttioct() in /sys/tty.c.
-	 */
-	(void) signal(SIGTTOU, SIG_IGN);
-#endif
-
-	(void) signal(SIGCHLD, cleanup);
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Cray-2 will send a signal when pty modes are changed by slave
-	 * side.  Set up signal handler now.
-	 */
-	if ((int)signal(SIGUSR1, termstat) < 0)
-		perror("signal");
-	else if (ioctl(p, TCSIGME, (char *)SIGUSR1) < 0)
-		perror("ioctl:TCSIGME");
-	/*
-	 * Make processing loop check terminal characteristics early on.
-	 */
-	termstat();
-#endif
-
-#ifdef  TIOCNOTTY
-	{
-		register int t;
-		t = open(_PATH_TTY, O_RDWR);
-		if (t >= 0) {
-			(void) ioctl(t, TIOCNOTTY, (char *)0);
-			(void) close(t);
-		}
-	}
-#endif
-
-#if	defined(CRAY) && defined(NEWINIT) && defined(TIOCSCTTY)
-	(void) setsid();
-	ioctl(p, TIOCSCTTY, 0);
-#endif
-
-	/*
-	 * Show banner that getty never gave.
-	 *
-	 * We put the banner in the pty input buffer.  This way, it
-	 * gets carriage return null processing, etc., just like all
-	 * other pty --> client data.
-	 */
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-	if (getenv("USER"))
-		hostinfo = 0;
-#endif
-
-	if (getent(defent, "default") == 1) {
-		char *getstr();
-		char *cp=defstrs;
-
-		HE = getstr("he", &cp);
-		HN = getstr("hn", &cp);
-		IM = getstr("im", &cp);
-		if (HN && *HN) {
-			(void) strncpy(host_name, HN, sizeof(host_name) - 1);
-			host_name[sizeof(host_name) - 1] = '\0';
-		}
-		if (IM == 0)
-			IM = "";
-	} else {
-		IM = DEFAULT_IM;
-		HE = 0;
-	}
-	edithost(HE, host_name);
-	if (hostinfo && *IM)
-		putf(IM, ptyibuf2);
-
-	if (pcc)
-		(void) strncat(ptyibuf2, ptyip, pcc+1);
-	ptyip = ptyibuf2;
-	pcc = strlen(ptyip);
-#ifdef	LINEMODE
-	/*
-	 * Last check to make sure all our states are correct.
-	 */
-	init_termbuf();
-	localstat();
-#endif	/* LINEMODE */
-
-	DIAG(TD_REPORT,
-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
-		 nfrontp += strlen(nfrontp);});
-
-#ifdef	convex
-	startslave(host);
-#endif
-
-	for (;;) {
-		fd_set ibits, obits, xbits;
-		register int c;
-
-		if (ncc < 0 && pcc < 0)
-			break;
-
-#if	defined(CRAY2) && defined(UNICOS5)
-		if (needtermstat)
-			_termstat();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-		FD_ZERO(&ibits);
-		FD_ZERO(&obits);
-		FD_ZERO(&xbits);
-		/*
-		 * Never look for input if there's still
-		 * stuff in the corresponding output buffer
-		 */
-		if (nfrontp - nbackp || pcc > 0) {
-			FD_SET(f, &obits);
-		} else {
-			FD_SET(p, &ibits);
-		}
-		if (pfrontp - pbackp || ncc > 0) {
-			FD_SET(p, &obits);
-		} else {
-			FD_SET(f, &ibits);
-		}
-		if (!SYNCHing) {
-			FD_SET(f, &xbits);
-		}
-		if ((c = select(16, &ibits, &obits, &xbits,
-						(struct timeval *)0)) < 1) {
-			if (c == -1) {
-				if (errno == EINTR) {
-					continue;
-				}
-			}
-			sleep(5);
-			continue;
-		}
-
-		/*
-		 * Any urgent data?
-		 */
-		if (FD_ISSET(net, &xbits)) {
-		    SYNCHing = 1;
-		}
-
-		/*
-		 * Something to read from the network...
-		 */
-		if (FD_ISSET(net, &ibits)) {
-#if	!defined(SO_OOBINLINE)
-			/*
-			 * In 4.2 (and 4.3 beta) systems, the
-			 * OOB indication and data handling in the kernel
-			 * is such that if two separate TCP Urgent requests
-			 * come in, one byte of TCP data will be overlaid.
-			 * This is fatal for Telnet, but we try to live
-			 * with it.
-			 *
-			 * In addition, in 4.2 (and...), a special protocol
-			 * is needed to pick up the TCP Urgent data in
-			 * the correct sequence.
-			 *
-			 * What we do is:  if we think we are in urgent
-			 * mode, we look to see if we are "at the mark".
-			 * If we are, we do an OOB receive.  If we run
-			 * this twice, we will do the OOB receive twice,
-			 * but the second will fail, since the second
-			 * time we were "at the mark", but there wasn't
-			 * any data there (the kernel doesn't reset
-			 * "at the mark" until we do a normal read).
-			 * Once we've read the OOB data, we go ahead
-			 * and do normal reads.
-			 *
-			 * There is also another problem, which is that
-			 * since the OOB byte we read doesn't put us
-			 * out of OOB state, and since that byte is most
-			 * likely the TELNET DM (data mark), we would
-			 * stay in the TELNET SYNCH (SYNCHing) state.
-			 * So, clocks to the rescue.  If we've "just"
-			 * received a DM, then we test for the
-			 * presence of OOB data when the receive OOB
-			 * fails (and AFTER we did the normal mode read
-			 * to clear "at the mark").
-			 */
-		    if (SYNCHing) {
-			int atmark;
-
-			(void) ioctl(net, SIOCATMARK, (char *)&atmark);
-			if (atmark) {
-			    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
-			    if ((ncc == -1) && (errno == EINVAL)) {
-				ncc = read(net, netibuf, sizeof (netibuf));
-				if (sequenceIs(didnetreceive, gotDM)) {
-				    SYNCHing = stilloob(net);
-				}
-			    }
-			} else {
-			    ncc = read(net, netibuf, sizeof (netibuf));
-			}
-		    } else {
-			ncc = read(net, netibuf, sizeof (netibuf));
-		    }
-		    settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE)) */
-		    ncc = read(net, netibuf, sizeof (netibuf));
-#endif	/* !defined(SO_OOBINLINE)) */
-		    if (ncc < 0 && errno == EWOULDBLOCK)
-			ncc = 0;
-		    else {
-			if (ncc <= 0) {
-			    break;
-			}
-			netip = netibuf;
-		    }
-		    DIAG((TD_REPORT | TD_NETDATA),
-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
-			     nfrontp += strlen(nfrontp);});
-		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
-		}
-
-		/*
-		 * Something to read from the pty...
-		 */
-		if (FD_ISSET(p, &ibits)) {
-#ifndef	STREAMSPTY
-			pcc = read(p, ptyibuf, BUFSIZ);
-#else
-			pcc = readstream(p, ptyibuf, BUFSIZ);
-#endif
-			/*
-			 * On some systems, if we try to read something
-			 * off the master side before the slave side is
-			 * opened, we get EIO.
-			 */
-			if (pcc < 0 && (errno == EWOULDBLOCK ||
-#ifdef	EAGAIN
-					errno == EAGAIN ||
-#endif
-					errno == EIO)) {
-				pcc = 0;
-			} else {
-				if (pcc <= 0)
-					break;
-#if	!defined(CRAY2) || !defined(UNICOS5)
-#ifdef	LINEMODE
-				/*
-				 * If ioctl from pty, pass it through net
-				 */
-				if (ptyibuf[0] & TIOCPKT_IOCTL) {
-					copy_termbuf(ptyibuf+1, pcc-1);
-					localstat();
-					pcc = 1;
-				}
-#endif	/* LINEMODE */
-				if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
-					netclear();	/* clear buffer back */
-#ifndef	NO_URGENT
-					/*
-					 * There are client telnets on some
-					 * operating systems get screwed up
-					 * royally if we send them urgent
-					 * mode data.
-					 */
-					*nfrontp++ = IAC;
-					*nfrontp++ = DM;
-					neturg = nfrontp-1; /* off by one XXX */
-#endif
-				}
-				if (his_state_is_will(TELOPT_LFLOW) &&
-				    (ptyibuf[0] &
-				     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
-					int newflow =
-					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
-					if (newflow != flowmode) {
-						flowmode = newflow;
-						(void) sprintf(nfrontp,
-							"%c%c%c%c%c%c",
-							IAC, SB, TELOPT_LFLOW,
-							flowmode ? LFLOW_ON
-								 : LFLOW_OFF,
-							IAC, SE);
-						nfrontp += 6;
-					}
-				}
-				pcc--;
-				ptyip = ptyibuf+1;
-#else	/* defined(CRAY2) && defined(UNICOS5) */
-				if (!uselinemode) {
-					unpcc = pcc;
-					unptyip = ptyibuf;
-					pcc = term_output(&unptyip, ptyibuf2,
-								&unpcc, BUFSIZ);
-					ptyip = ptyibuf2;
-				} else
-					ptyip = ptyibuf;
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			}
-		}
-
-		while (pcc > 0) {
-			if ((&netobuf[BUFSIZ] - nfrontp) < 2)
-				break;
-			c = *ptyip++ & 0377, pcc--;
-			if (c == IAC)
-				*nfrontp++ = c;
-#if	defined(CRAY2) && defined(UNICOS5)
-			else if (c == '\n' &&
-				     my_state_is_wont(TELOPT_BINARY) && newmap)
-				*nfrontp++ = '\r';
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			*nfrontp++ = c;
-			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
-				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
-					*nfrontp++ = *ptyip++ & 0377;
-					pcc--;
-				} else
-					*nfrontp++ = '\0';
-			}
-		}
-#if	defined(CRAY2) && defined(UNICOS5)
-		/*
-		 * If chars were left over from the terminal driver,
-		 * note their existence.
-		 */
-		if (!uselinemode && unpcc) {
-			pcc = unpcc;
-			unpcc = 0;
-			ptyip = unptyip;
-		}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-		if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
-			netflush();
-		if (ncc > 0)
-			telrcv();
-		if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
-			ptyflush();
-	}
-	cleanup(0);
-}  /* end of telnet */
-
-#ifndef	TCSIG
-# ifdef	TIOCSIG
-#  define TCSIG TIOCSIG
-# endif
-#endif
-
-#ifdef	STREAMSPTY
-
-int flowison = -1;  /* current state of flow: -1 is unknown */
-
-int readstream(p, ibuf, bufsize)
-	int p;
-	char *ibuf;
-	int bufsize;
-{
-	int flags = 0;
-	int ret = 0;
-	struct termios *tsp;
-	struct termio *tp;
-	struct iocblk *ip;
-	char vstop, vstart;
-	int ixon;
-	int newflow;
-
-	strbufc.maxlen = BUFSIZ;
-	strbufc.buf = ctlbuf;
-	strbufd.maxlen = bufsize-1;
-	strbufd.len = 0;
-	strbufd.buf = ibuf+1;
-	ibuf[0] = 0;
-
-	ret = getmsg(p, &strbufc, &strbufd, &flags);
-	if (ret < 0)  /* error of some sort -- probably EAGAIN */
-		return(-1);
-
-	if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
-		/* data message */
-		if (strbufd.len > 0) {			/* real data */
-			return(strbufd.len + 1);	/* count header char */
-		} else {
-			/* nothing there */
-			errno = EAGAIN;
-			return(-1);
-		}
-	}
-
-	/*
-	 * It's a control message.  Return 1, to look at the flag we set
-	 */
-
-	switch (ctlbuf[0]) {
-	case M_FLUSH:
-		if (ibuf[1] & FLUSHW)
-			ibuf[0] = TIOCPKT_FLUSHWRITE;
-		return(1);
-
-	case M_IOCTL:
-		ip = (struct iocblk *) (ibuf+1);
-
-		switch (ip->ioc_cmd) {
-		case TCSETS:
-		case TCSETSW:
-		case TCSETSF:
-			tsp = (struct termios *)
-					(ibuf+1 + sizeof(struct iocblk));
-			vstop = tsp->c_cc[VSTOP];
-			vstart = tsp->c_cc[VSTART];
-			ixon = tsp->c_iflag & IXON;
-			break;
-		case TCSETA:
-		case TCSETAW:
-		case TCSETAF:
-			tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
-			vstop = tp->c_cc[VSTOP];
-			vstart = tp->c_cc[VSTART];
-			ixon = tp->c_iflag & IXON;
-			break;
-		default:
-			errno = EAGAIN;
-			return(-1);
-		}
-
-		newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
-		if (newflow != flowison) {  /* it's a change */
-			flowison = newflow;
-			ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
-			return(1);
-		}
-	}
-
-	/* nothing worth doing anything about */
-	errno = EAGAIN;
-	return(-1);
-}
-#endif /* STREAMSPTY */
-
-/*
- * Send interrupt to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write intr char.
- */
-	void
-interrupt()
-{
-	ptyflush();	/* half-hearted */
-
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGINT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_IP].sptr ?
-			(unsigned char)*slctab[SLC_IP].sptr : '\177';
-#endif	/* TCSIG */
-}
-
-/*
- * Send quit to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write quit char.
- */
-	void
-sendbrk()
-{
-	ptyflush();	/* half-hearted */
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGQUIT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_ABORT].sptr ?
-			(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
-#endif	/* TCSIG */
-}
-
-	void
-sendsusp()
-{
-#ifdef	SIGTSTP
-	ptyflush();	/* half-hearted */
-# ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGTSTP);
-# else	/* TCSIG */
-	*pfrontp++ = slctab[SLC_SUSP].sptr ?
-			(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
-# endif	/* TCSIG */
-#endif	/* SIGTSTP */
-}
-
-/*
- * When we get an AYT, if ^T is enabled, use that.  Otherwise,
- * just send back "[Yes]".
- */
-	void
-recv_ayt()
-{
-#if	defined(SIGINFO) && defined(TCSIG)
-	if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
-		(void) ioctl(pty, TCSIG, (char *)SIGINFO);
-		return;
-	}
-#endif
-	(void) strncpy(nfrontp, "\r\n[Yes]\r\n",
-		       sizeof(netobuf) - 1 - (nfrontp - netobuf));
-	nfrontp += 9;
-	*nfrontp = '\0';
-}
-
-	void
-doeof()
-{
-	init_termbuf();
-
-#if	defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN)
-	if (!tty_isediting()) {
-		extern char oldeofc;
-		*pfrontp++ = oldeofc;
-		return;
-	}
-#endif
-	*pfrontp++ = slctab[SLC_EOF].sptr ?
-			(unsigned char)*slctab[SLC_EOF].sptr : '\004';
-}
diff --git a/src/appl/telnet/telnetd/telnetd.0.ps b/src/appl/telnet/telnetd/telnetd.0.ps
deleted file mode 100644
index bbbdbd0..0000000
--- a/src/appl/telnet/telnetd/telnetd.0.ps
+++ /dev/null
@@ -1,555 +0,0 @@
-%!PS-Adobe-3.0
-%%Creator: groff version 1.08
-%%DocumentNeededResources: font Times-Roman
-%%+ font Times-Bold
-%%+ font Courier-Bold
-%%+ font Courier-Oblique
-%%+ font Courier
-%%DocumentSuppliedResources: procset grops 1.08 0
-%%Pages: 5
-%%PageOrder: Ascend
-%%Orientation: Portrait
-%%EndComments
-%%BeginProlog
-%%BeginResource: procset grops 1.08 0
-/setpacking where{
-pop
-currentpacking
-true setpacking
-}if
-/grops 120 dict dup begin
-/SC 32 def
-/A/show load def
-/B{0 SC 3 -1 roll widthshow}bind def
-/C{0 exch ashow}bind def
-/D{0 exch 0 SC 5 2 roll awidthshow}bind def
-/E{0 rmoveto show}bind def
-/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
-/G{0 rmoveto 0 exch ashow}bind def
-/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/I{0 exch rmoveto show}bind def
-/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
-/K{0 exch rmoveto 0 exch ashow}bind def
-/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/M{rmoveto show}bind def
-/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
-/O{rmoveto 0 exch ashow}bind def
-/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/Q{moveto show}bind def
-/R{moveto 0 SC 3 -1 roll widthshow}bind def
-/S{moveto 0 exch ashow}bind def
-/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
-/SF{
-findfont exch
-[exch dup 0 exch 0 exch neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/MF{
-findfont
-[5 2 roll
-0 3 1 roll 
-neg 0 0]makefont
-dup setfont
-[exch/setfont cvx]cvx bind def
-}bind def
-/level0 0 def
-/RES 0 def
-/PL 0 def
-/LS 0 def
-/PLG{
-gsave newpath clippath pathbbox grestore
-exch pop add exch pop
-}bind def
-/BP{
-/level0 save def
-1 setlinecap
-1 setlinejoin
-72 RES div dup scale
-LS{
-90 rotate
-}{
-0 PL translate
-}ifelse
-1 -1 scale
-}bind def
-/EP{
-level0 restore
-showpage
-}bind def
-/DA{
-newpath arcn stroke
-}bind def
-/SN{
-transform
-.25 sub exch .25 sub exch
-round .25 add exch round .25 add exch
-itransform
-}bind def
-/DL{
-SN
-moveto
-SN
-lineto stroke
-}bind def
-/DC{
-newpath 0 360 arc closepath
-}bind def
-/TM matrix def
-/DE{
-TM currentmatrix pop
-translate scale newpath 0 0 .5 0 360 arc closepath
-TM setmatrix
-}bind def
-/RC/rcurveto load def
-/RL/rlineto load def
-/ST/stroke load def
-/MT/moveto load def
-/CL/closepath load def
-/FL{
-currentgray exch setgray fill setgray
-}bind def
-/BL/fill load def
-/LW/setlinewidth load def
-/RE{
-findfont
-dup maxlength 1 index/FontName known not{1 add}if dict begin
-{
-1 index/FID ne{def}{pop pop}ifelse
-}forall
-/Encoding exch def
-dup/FontName exch def
-currentdict end definefont pop
-}bind def
-/DEFS 0 def
-/EBEGIN{
-moveto
-DEFS begin
-}bind def
-/EEND/end load def
-/CNT 0 def
-/level1 0 def
-/PBEGIN{
-/level1 save def
-translate
-div 3 1 roll div exch scale
-neg exch neg exch translate
-0 setgray
-0 setlinecap
-1 setlinewidth
-0 setlinejoin
-10 setmiterlimit
-[]0 setdash
-/setstrokeadjust where{
-pop
-false setstrokeadjust
-}if
-/setoverprint where{
-pop
-false setoverprint
-}if
-newpath
-/CNT countdictstack def
-userdict begin
-/showpage{}def
-}bind def
-/PEND{
-clear
-countdictstack CNT sub{end}repeat
-level1 restore
-}bind def
-end def
-/setpacking where{
-pop
-setpacking
-}if
-%%EndResource
-%%IncludeResource: font Times-Roman
-%%IncludeResource: font Times-Bold
-%%IncludeResource: font Courier-Bold
-%%IncludeResource: font Courier-Oblique
-%%IncludeResource: font Courier
-grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 def/PL
-792 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron/Zcaron/scaron/zcaron
-/Ydieresis/trademark/quotesingle/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
-/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/space
-/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright/parenleft
-/parenright/asterisk/plus/comma/hyphen/period/slash/zero/one/two/three/four
-/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C
-/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash
-/bracketright/circumflex/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q
-/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase
-/guillemotleft/guillemotright/bullet/florin/fraction/perthousand/dagger
-/daggerdbl/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
-/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
-/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen/brokenbar
-/section/dieresis/copyright/ordfeminine/guilsinglleft/logicalnot/minus
-/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu
-/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guilsinglright
-/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde
-/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute
-/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
-/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls
-/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute
-/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve
-/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex
-/udieresis/yacute/thorn/ydieresis]def/Courier@0 ENC0/Courier RE
-/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier-Bold@0 ENC0/Courier-Bold RE
-/Times-Bold@0 ENC0/Times-Bold RE/Times-Roman@0 ENC0/Times-Roman RE
-%%EndProlog
-%%Page: 1 1
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNETD \( 8 \))72 48 R(BSD System Manager')
-241.42 48 Q 2.5(sM)-.55 G 105.272(anual TELNETD)348.92 48 R 1.666(\(8\))1.666 G
-/F1 10/Times-Bold@0 SF -.2(NA)72 108 S(ME).2 E/F2 10/Courier-Bold@0 SF(telnetd)
-102 120 Q F0 2.5<ad44>2.5 G(ARP)161.46 120 Q(A)-.92 E/F3 9/Times-Roman@0 SF
-(TELNET)2.5 E F0(protocol serv)2.5 E(er)-.15 E F1(SYNOPSIS)72 144 Q F2
-(/usr/libexec/telnetd)102 156 Q F0([)3.333 E F2<ad61>2.499 E/F4 10
-/Courier-Oblique@0 SF(authmode)6 E F0 3.333(][).833 G F2<ad42>-.834 E F0 3.333
-(][).833 G F2<ad44>-.834 E F4(debugmode)6 E F0 3.333(][).833 G F2(\255edebug)
--.834 E F0 3.333(][).833 G F2<ad68>-.834 E F0(]).833 E([)228.833 168 Q F2<ad49>
-2.499 E F4(initid)A F0 3.333(][).833 G F2<ad6c>-.834 E F0 3.333(][).833 G F2
-<ad6b>-.834 E F0 3.333(][).833 G F2<ad6e>-.834 E F0 3.333(][).833 G F2<ad72>
--.834 E F4(lowpty-highpty)A F0 3.333(][).833 G F2<ad73>-.834 E F0 3.333(][).833
-G F2<ad53>-.834 E F4(tos)228 180 Q F0 3.333(][).833 G F2<ad75>-.834 E F4(len)6
-E F0 3.333(][).833 G F2<ad55>-.834 E F0 3.333(][).833 G F2<ad58>-.834 E F4
-(authtype)6 E F0 3.333(][).833 G F2(\255debug)-.834 E F0([)6.833 E F4(port).833
-E F0 .833(]]).833 G F1(DESCRIPTION)72 204 Q F0(The)102 216 Q F2(telnetd)3.044 E
-F0 .544(command is a serv)3.044 F .544(er which supports the)-.15 F F3 -.36(DA)
-3.044 G(RP).36 E(A)-.828 E F0(standard)3.044 E F3(TELNET)3.044 E F0 .543
-(virtual terminal protocol.)3.044 F F2(Telnetd)102 228 Q F0 .221
-(is normally in)2.721 F -.2(vo)-.4 G -.1(ke).2 G 2.721(db).1 G 2.721(yt)234.184
-228 S .221(he internet serv)244.685 228 R .221(er \(see)-.15 F/F5 10/Courier@0
-SF(inetd)2.721 E F0 2.942(\(8\)\) for)B .221(requests to connect to the)2.721 F
-F3(TELNET)2.721 E F0 .673(port as indicated by the)102 240 R F5(/etc/services)
-3.173 E F0 .673(\214le \(see)3.173 F F5(services)3.173 E F0 3.846(\(5\)\). The)
-B F2(\255debug)4.839 E F0 .672(option may be used to)3.173 F .145(start up)102
-252 R F2(telnetd)2.645 E F0(manually)2.645 E 2.645(,i)-.65 G .145
-(nstead of through)223.65 252 R F5(inetd)2.645 E F0 2.79(\(8\). If)B .145
-(started up this w)2.645 F(ay)-.1 E(,)-.65 E F4(port)2.645 E F0 .145
-(may be speci\214ed to)2.645 F(run)102 264 Q F2(telnetd)2.5 E F0
-(on an alternate)2.5 E F3(TCP)2.5 E F0(port number)2.5 E(.)-.55 E(The)102 282 Q
-F2(telnetd)2.5 E F0(command accepts the follo)2.5 E(wing options:)-.25 E F2
-<ad61>103.666 300 Q F4(authmode)6 E F0 .106(This option may be used for specif\
-ying what mode should be used for authentication.)173 312 R(Note)5.106 E 2.778
-(that this option is only useful if)173 324 R F2(telnetd)5.279 E F0 2.779
-(has been compiled with support for the)5.279 F F5(AUTHENTICATION)173 336 Q F0
-2.5(option. There)2.5 F(are se)2.5 E -.15(ve)-.25 G(ral v).15 E(alid v)-.25 E
-(alues for)-.25 E F4(authmode:)2.5 E F0(deb)173 354 Q 8.26(ug T)-.2 F
-(urns on authentication deb)-.45 E(ugging code.)-.2 E 15.84(user Only)173 372 R
-(allo)2.923 E 2.923(wc)-.25 G .423(onnections when the remote user can pro)
-260.256 372 R .422(vide v)-.15 F .422(alid authentication in-)-.25 F 1.277
-(formation to identify the remote user)208 384 R 3.777(,a)-.4 G 1.277
-(nd is allo)372.181 384 R 1.277(wed access to the speci\214ed ac-)-.25 F
-(count without pro)208 396 Q(viding a passw)-.15 E(ord.)-.1 E -.25(va)173 414 S
-12.75(lid Only).25 F(allo)2.923 E 2.923(wc)-.25 G .423
-(onnections when the remote user can pro)260.256 414 R .422(vide v)-.15 F .422
-(alid authentication in-)-.25 F .742(formation to identify the remote user)208
-426 R 5.743(.T)-.55 G(he)372.995 426 Q F5(login)3.243 E F0 .743
-(\(1\) command will pro)B .743(vide an)-.15 F(y)-.15 E .53(additional user v)
-208 438 R .529(eri\214cation needed if the remote user is not allo)-.15 F .529
-(wed automatic ac-)-.25 F(cess to the speci\214ed account.)208 450 Q 11.95
-(other Only)173 468 R(allo)3.028 E 3.029(wc)-.25 G .529
-(onnections that supply some authentication information.)260.467 468 R .529
-(This option)5.529 F .079(is currently not supported by an)208 480 R 2.578(yo)
--.15 G 2.578(ft)347.752 480 S .078(he e)356.44 480 R .078
-(xisting authentication mechanisms, and is)-.15 F(thus the same as specifying)
-208 492 Q F2 -3.5(\255a valid)4.166 F F0(.)A 13.06(none This)173 510 R .869
-(is the def)3.369 F .869(ault state.)-.1 F .869
-(Authentication information is not required.)5.869 F .87(If no or in-)5.869 F
-(suf)208 522 Q .394(\214cient authentication information is pro)-.25 F .393
-(vided, then the)-.15 F F5(login)2.893 E F0 .393(\(1\) program will)B(pro)208
-534 Q(vide the necessary user v)-.15 E(eri\214cation.)-.15 E(of)173 552 Q 23.59
-(fT)-.25 G 1.385(his disables the authentication code.)214.11 552 R 1.385
-(All user v)6.385 F 1.385(eri\214cation will happen through)-.15 F(the)208 564
-Q F5(login)2.5 E F0(\(1\) program.)A F2<ad42>103.666 582 Q F0 .82
-(Speci\214es bftp serv)173 582 R .82(er mode.)-.15 F .819(In this mode,)5.82 F
-F2(telnetd)3.319 E F0 .819(causes login to start a)3.319 F F5(bftp)3.319 E F0
-.819(\(1\) ses-)B .747(sion rather than the user')173 594 R 3.247(sn)-.55 G
-.747(ormal shell.)286.995 594 R .748
-(In bftp daemon mode normal logins are not sup-)5.747 F
-(ported, and it must be used on a port other than the normal)173 606 Q F3
-(TELNET)2.5 E F0(port.)2.5 E F2<ad44>103.666 624 Q F4(debugmode)6 E F0 .827
-(This option may be used for deb)173 636 R .827(ugging purposes.)-.2 F .827
-(This allo)5.827 F(ws)-.25 E F2(telnetd)3.327 E F0 .827(to print out de-)3.327
-F -.2(bu)173 648 S .827(gging information to the connection, allo).2 F .827
-(wing the user to see what)-.25 F F2(telnetd)3.327 E F0 .827(is doing.)3.327 F
-(There are se)173 660 Q -.15(ve)-.25 G(ral possible v).15 E(alues for)-.25 E F4
-(debugmode:)2.5 E F2(options)173 678 Q F0(Prints information about the ne)226
-678 Q(gotiation of)-.15 E F3(TELNET)2.5 E F0(options.)2.5 E(4.2 Berk)72 750 Q
-(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71(ution February)-.2 F
-(3, 1994)2.5 E(1)535 750 Q EP
-%%Page: 2 2
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNETD \( 8 \))72 48 R(BSD System Manager')
-241.42 48 Q 2.5(sM)-.55 G 105.272(anual TELNETD)348.92 48 R 1.666(\(8\))1.666 G
-/F1 10/Courier-Bold@0 SF(report)173 96 Q F0 2.438(Prints the)226 96 R F1
-(options)4.938 E F0 2.437(information, plus some additional information about)
-4.938 F(what processing is going on.)226 108 Q F1(netdata)173 126 Q F0
-(Displays the data stream recei)226 126 Q -.15(ve)-.25 G 2.5(db).15 G(y)367.51
-126 Q F1(telnetd.)2.5 E(ptydata)173 144 Q F0(Displays data written to the pty)
-226 144 Q(.)-.65 E F1(exercise)173 162 Q F0(Has not been implemented yet.)5 E
-F1(\255debug)103.666 180 Q F0(Enables deb)173 180 Q(ugging on each sock)-.2 E
-(et created by)-.1 E F1(telnetd)2.5 E F0(\(see)2.5 E/F2 10/Courier@0 SF
-(SO_DEBUG)2.5 E F0(in)2.5 E F2(socket)2.5 E F0(\(2\)\).)A F1(\255edebug)103.666
-198 Q F0(If)173 198 Q F1(telnetd)3.161 E F0 .662
-(has been compiled with support for data encryption, then the)3.161 F F1
-(\255edebug)4.828 E F0(op-)3.162 E(tion may be used to enable encryption deb)
-173 210 Q(ugging code.)-.2 E F1<ad68>103.666 228 Q F0(Disables the printing of\
- host-speci\214c information before login has been completed.)173 228 Q F1
-<ad49>103.666 246 Q/F3 10/Courier-Oblique@0 SF(initid)7.171 E F0 1.171
-(This option is only applicable to)174.171 246 R/F4 9/Times-Roman@0 SF(UNICOS)
-3.671 E F0 1.171(systems prior to 7.0.)3.671 F 1.17(It speci\214es the)6.171 F
-F2(ID)3.67 E F0(from)3.67 E F2(/etc/inittab)173 258 Q F0
-(to use when init starts login sessions.)2.5 E(The def)5 E(ault)-.1 E F2(ID)2.5
-E F0(is)2.5 E F2(fe.)2.5 E F1<ad6b>103.666 276 Q F0 .556
-(This option is only useful if)173 276 R F1(telnetd)3.056 E F0 .557
-(has been compiled with both linemode and kludge)3.056 F .521
-(linemode support.)173 288 R .521(If the)5.521 F F1<ad6b>4.687 E F0 .52
-(option is speci\214ed, then if the remote client does not support)3.02 F(the)
-173 300 Q F2(LINEMODE)3.697 E F0 1.197(option, then)3.697 F F1(telnetd)3.697 E
-F0 1.197(will operate in character at a time mode.)3.697 F 1.198(It will)6.198
-F .148(still support kludge linemode, b)173 312 R .147
-(ut will only go into kludge linemode if the remote client re-)-.2 F 2.06
-(quests it.)173 324 R 2.061(\(This is done by by the client sending)7.06 F F2
-2.061(DONT SUPPRESS-GO-AHEAD)4.561 F F0(and)4.561 E F2 .1(DONT ECHO)173 336 R
-F0 .1(.\) The)B F1<ad6b>4.266 E F0 .1
-(option is most useful when there are remote clients that do not sup-)2.6 F .67
-(port kludge linemode, b)173 348 R .67(ut pass the heuristic \(if the)-.2 F
-3.17(yr)-.15 G .67(espond with)390.88 348 R F2 .67(WILL TIMING-MARK)3.17 F F0
-(in response to a)173 360 Q F2(DO TIMING-MARK\))2.5 E F0
-(for kludge linemode support.)2.5 E F1<ad6c>103.666 378 Q F0 .672
-(Speci\214es line mode.)173 378 R -.35(Tr)5.672 G .671
-(ies to force clients to use line- at-a-time mode.).35 F .671(If the)5.671 F F2
-(LINEMODE)3.171 E F0(option is not supported, it will go into kludge linemode.)
-173 390 Q F1<ad6e>103.666 408 Q F0(Disable)173 408 Q F2(TCP)3.488 E F0 -.1(ke)
-3.488 G(ep-ali).1 E -.15(ve)-.25 G 3.488(s. Normally).15 F F1(telnetd)3.488 E
-F0 .988(enables the)3.488 F F4(TCP)3.489 E F0 -.1(ke)3.489 G(ep-ali).1 E 1.289
--.15(ve m)-.25 H .989(echanism to).15 F .602(probe connections that ha)173 420
-R .902 -.15(ve b)-.2 H .602
-(een idle for some period of time to determine if the client is).15 F 1.124
-(still there, so that idle connections from machines that ha)173 432 R 1.424
--.15(ve c)-.2 H 1.124(rashed or can no longer be).15 F
-(reached may be cleaned up.)173 444 Q F1<ad72>103.666 462 Q F3(lowpty-highpty)6
-E F0 .772(This option is only enabled when)173 474 R F1(telnetd)3.272 E F0 .771
-(is compiled for)3.271 F F2(UNICOS.)3.271 E F0 .771(It speci\214es an in-)3.271
-F(clusi)173 486 Q 3.232 -.15(ve r)-.25 H 2.932(ange of pseudo-terminal de).15 F
-2.932(vices to use.)-.25 F 2.933(If the system has sysconf v)7.933 F(ariable)
--.25 E F2(_SC_CRAY_NPTY)173 498 Q F0 1.486(con\214gured, the def)3.986 F 1.486
-(ault pty search range is 0 to)-.1 F F2(_SC_CRAY_NPTY;)3.986 E F0 .72
-(otherwise, the def)173 510 R .72(ault range is 0 to 128.)-.1 F(Either)5.72 E
-F3(lowpty)3.22 E F0(or)3.22 E F3(highpty)3.22 E F0 .72(may be omitted to)3.22 F
-(allo)173 522 Q 2.6(wc)-.25 G .1(hanging either end of the search range.)202.01
-522 R(If)5.1 E F3(lowpty)2.6 E F0 .1(is omitted, the - character is still)2.6 F
-(required so that)173 534 Q F1(telnetd)2.5 E F0(can dif)2.5 E(ferentiate)-.25 E
-F3(highpty)2.5 E F0(from)2.5 E F3(lowpty)2.5 E F0(.)A F1<ad73>103.666 552 Q F0
-1.391(This option is only enabled if)173 552 R F1(telnetd)3.891 E F0 1.391
-(is compiled with support for)3.891 F F4(SecurID)3.891 E F0 3.891(cards. It)
-3.891 F .787(causes the)173 564 R F1<ad73>4.953 E F0 .786
-(option to be passed on to)3.286 F F2(login)3.286 E F0 4.072(\(1\), and)B .786
-(thus is only useful if)3.286 F F2(login)3.286 E F0(\(1\))A .48(supports the)
-173 576 R F1<ad73>4.646 E F0 .48(\215ag to indicate that only)2.98 F F4
-(SecurID)2.98 E F0 -.25(va)2.98 G .481(lidated logins are allo).25 F .481
-(wed, and is usu-)-.25 F
-(ally useful for controlling remote logins from outside of a \214re)173 588 Q
--.1(wa)-.25 G(ll.).1 E F1<ad53>103.666 606 Q F3(tos)6 E F1<ad75>103.666 624 Q
-F3(len)6.628 E F0 .628
-(This option is used to specify the size of the \214eld in the)173.628 624 R F2
-(utmp)3.127 E F0 .627(structure that holds the re-)3.127 F 1(mote host name.)
-173 636 R 1(If the resolv)6 F 1(ed host name is longer than)-.15 F F3(len)3.5 E
-F0 3.5(,t)C 1(he dotted decimal v)441.99 636 R(alue)-.25 E .046
-(will be used instead.)173 648 R .046(This allo)5.046 F .046(ws hosts with v)
--.25 F .045(ery long host names that o)-.15 F -.15(ve)-.15 G(r\215o).15 E 2.545
-(wt)-.25 G .045(his \214eld to)497.68 648 R .996
-(still be uniquely identi\214ed.)173 660 R(Specifying)5.997 E F1(\255u0)5.163 E
-F0 .997(indicates that only dotted decimal addresses)3.497 F
-(should be put into the)173 672 Q F2(utmp)2.5 E F0(\214le.)2.5 E F1<ad55>
-103.666 690 Q F0 .422(This option causes)173 690 R F1(telnetd)2.922 E F0 .422
-(to refuse connections from addresses that cannot be mapped)2.922 F(4.2 Berk)72
-750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71(ution February)-.2 F
-(3, 1994)2.5 E(2)535 750 Q EP
-%%Page: 3 3
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNETD \( 8 \))72 48 R(BSD System Manager')
-241.42 48 Q 2.5(sM)-.55 G 105.272(anual TELNETD)348.92 48 R 1.666(\(8\))1.666 G
-(back into a symbolic name via the)173 96 Q/F1 10/Courier@0 SF(gethostbyaddr)
-2.5 E F0(\(3\) routine.)A/F2 10/Courier-Bold@0 SF<ad58>103.666 114 Q/F3 10
-/Courier-Oblique@0 SF(authtype)6 E F0 .123(This option is only v)173 126 R .123
-(alid if)-.25 F F2(telnetd)2.623 E F0 .123(has been b)2.623 F .124
-(uilt with support for the authentication op-)-.2 F 2.968(tion. It)173 138 R
-.467(disables the use of)2.968 F F3(authtype)2.967 E F0 .467
-(authentication, and can be used to temporarily dis-)2.967 F
-(able a speci\214c authentication type without ha)173 150 Q(ving to recompile)
--.2 E F2(telnetd)2.5 E F0(.)A F2(Telnetd)102 168 Q F0 .851
-(operates by allocating a pseudo-terminal de)3.351 F .851(vice \(see)-.25 F F1
-(pty)3.351 E F0 4.202(\(4\)\) for)B 3.351(ac)3.351 G .852
-(lient, then creating a login)431.882 168 R .757(process which has the sla)102
-180 R 1.057 -.15(ve s)-.2 H .757(ide of the pseudo-terminal as).15 F F1(stdin)
-3.257 E F0(,)A F1(stdout)3.256 E F0(and)3.256 E F1(stderr)3.256 E F0(.)A F2
-(Telnetd)3.256 E F0(ma-)3.256 E .483
-(nipulates the master side of the pseudo-terminal, implementing the)102 192 R
-/F4 9/Times-Roman@0 SF(TELNET)2.984 E F0 .484(protocol and passing characters)
-2.984 F(between the remote client and the login process.)102 204 Q .538(When a)
-102 222 R F4(TELNET)3.038 E F0 .538(session is started up,)3.038 F F2(telnetd)
-3.038 E F0(sends)3.038 E F4(TELNET)3.038 E F0 .538
-(options to the client side indicating a will-)3.038 F(ingness to do the follo)
-102 234 Q(wing)-.25 E F4(TELNET)2.5 E F0
-(options, which are described in more detail belo)2.5 E(w:)-.25 E F1
-(DO AUTHENTICATION)132 252 Q(WILL ENCRYPT)132 264 Q(DO TERMINAL TYPE)132 276 Q
-(DO TSPEED)132 288 Q(DO XDISPLOC)132 300 Q(DO NEW-ENVIRON)132 312 Q(DO ENVIRON)
-132 324 Q(WILL SUPPRESS GO AHEAD)132 336 Q(DO ECHO)132 348 Q(DO LINEMODE)132
-360 Q(DO NAWS)132 372 Q(WILL STATUS)132 384 Q(DO LFLOW)132 396 Q
-(DO TIMING-MARK)132 408 Q F0 .468(The pseudo-terminal allocated to the client \
-is con\214gured to operate in cook)102 426 R .468(ed mode, and with)-.1 F F1
-.469(XTABS and)2.969 F(CRMOD)102 438 Q F0(enabled \(see)2.5 E F1(tty)2.5 E F0
-(\(4\)\).)A F2(Telnetd)102 456 Q F0(has support for enabling locally the follo)
-2.5 E(wing)-.25 E F4(TELNET)2.5 E F0(options:)2.5 E .558(WILL ECHO)102 474 R
-.558(When the)209.558 474 R F1(LINEMODE)3.057 E F0 .557(option is enabled, a)
-3.057 F F1 .557(WILL ECHO)3.057 F F0(or)3.057 E F1 .557(WONT ECHO)3.057 F F0
-.557(will be)3.057 F .487
-(sent to the client to indicate the current state of terminal echoing.)209 486
-R .487(When terminal)5.487 F .409(echo is not desired, a)209 498 R F1 .408
-(WILL ECHO)2.908 F F0 .408(is sent to indicate that)2.908 F F4(telnetd)2.908 E
-F0 .408(will tak)2.908 F 2.908(ec)-.1 G .408(are of)516.552 498 R 1.811
-(echoing an)209 510 R 4.311(yd)-.15 G 1.811
-(ata that needs to be echoed to the terminal, and then nothing is)268.572 510 R
-3.876(echoed. When)209 522 R 1.376(terminal echo is desired, a)3.876 F F1 1.375
-(WONT ECHO)3.875 F F0 1.375(is sent to indicate that)3.875 F F4(telnetd)209 534
-Q F0 .11(will not be doing an)2.61 F 2.61(yt)-.15 G .11
-(erminal echoing, so the client should do an)326.788 534 R 2.611(yt)-.15 G
-(erminal)509.45 534 Q(echoing that is needed.)209 546 Q .243(WILL BIN)102 564 R
-(AR)-.35 E 42.18(YI)-.65 G .243(ndicates that the client is willing to send a \
-8 bits of data, rather than the normal 7)212.573 564 R(bits of the Netw)209 576
-Q(ork V)-.1 E(irtual T)-.6 E(erminal.)-.7 E(WILL SGA)102 594 Q
-(Indicates that it will not be sending)209 594 Q F1(IAC GA,)2.5 E F0
-(go ahead, commands.)2.5 E .366(WILL ST)102 612 R -1.11(AT)-.93 G 41.27
-(US Indicates)1.11 F 2.866(aw)2.866 G .366
-(illingness to send the client, upon request, of the current status of all)
-262.858 612 R F4(TELNET)209 624 Q F0(options.)2.5 E .51(WILL TIMING-MARK)102
-642 R(Whene)209.51 642 Q -.15(ve)-.25 G 3.01(ra).15 G F1 .509(DO TIMING-MARK)
--.001 F F0 .509(command is recei)3.009 F -.15(ve)-.25 G .509(d, it is al).15 F
--.1(wa)-.1 G .509(ys responded to).1 F(with a)209 654 Q F1(WILL TIMING-MARK)2.5
-E F0 .726(WILL LOGOUT)102 672 R .726(When a)209.726 672 R F1 .726(DO LOGOUT)
-3.226 F F0 .726(is recei)3.226 F -.15(ve)-.25 G .726(d, a).15 F F1 .726
-(WILL LOGOUT)3.226 F F0 .726(is sent in response, and the)3.226 F(4.2 Berk)72
-750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71(ution February)-.2 F
-(3, 1994)2.5 E(3)535 750 Q EP
-%%Page: 4 4
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNETD \( 8 \))72 48 R(BSD System Manager')
-241.42 48 Q 2.5(sM)-.55 G 105.272(anual TELNETD)348.92 48 R 1.666(\(8\))1.666 G
-/F1 9/Times-Roman@0 SF(TELNET)209 96 Q F0(session is shut do)2.5 E(wn.)-.25 E
-.118(WILL ENCR)102 114 R 32.1(YPT Only)-.65 F .118(sent if)2.618 F/F2 10
-/Courier-Bold@0 SF(telnetd)2.618 E F0 .118
-(is compiled with support for data encryption, and indicates)2.618 F 2.5(aw)209
-126 S(illingness to decrypt the data stream.)223.16 126 Q F2(Telnetd)102 144 Q
-F0(has support for enabling remotely the follo)2.5 E(wing)-.25 E F1(TELNET)2.5
-E F0(options:)2.5 E(DO BIN)102 162 Q(AR)-.35 E 52.73(YS)-.65 G
-(ent to indicate that)214.56 162 Q F1(telnetd)2.5 E F0(is willing to recei)2.5
-E .3 -.15(ve a)-.25 H 2.5(n8b).15 G(it data stream.)423.918 162 Q(DO LFLO)102
-180 Q 55.97(WR)-.35 G(equests that the client handle \215o)215.67 180 Q 2.5(wc)
--.25 G(ontrol characters remotely)358.18 180 Q(.)-.65 E .967(DO ECHO)102 198 R
-.967(This is not really supported, b)209.967 198 R .967
-(ut is sent to identify a 4.2BSD)-.2 F/F3 10/Courier@0 SF(telnet)3.468 E F0
-.968(\(1\) client,)B .365(which will improperly respond with)209 210 R F3 .365
-(WILL ECHO.)2.865 F F0 .365(If a)2.865 F F3 .365(WILL ECHO)2.865 F F0 .365
-(is recei)2.865 F -.15(ve)-.25 G(d,).15 E(a)209 222 Q F3(DONT ECHO)2.5 E F0
-(will be sent in response.)2.5 E .445(DO TERMIN)102 240 R 7.92
-(AL-TYPE Indicates)-.35 F 2.945(ad)2.945 G .445
-(esire to be able to request the name of the type of terminal that is at-)
-260.875 240 R(tached to the client side of the connection.)209 252 Q(DO SGA)102
-270 Q(Indicates that it does not need to recei)209 270 Q -.15(ve)-.25 G F3
-(IAC GA,)2.65 E F0(the go ahead command.)2.5 E .006(DO N)102 288 R -.9(AW)-.35
-G 61.87(SR).9 G .006(equests that the client inform the serv)215.676 288 R .005
-(er when the windo)-.15 F 2.505(w\()-.25 G .005(display\) size changes.)452.51
-288 R(DO TERMIN)102 306 Q(AL-SPEED)-.35 E 1.029(Indicates a desire to be able \
-to request information about the speed of the serial)209 318 R
-(line to which the client is attached.)209 330 Q .469(DO XDISPLOC)102 348 R
-.469(Indicates a desire to be able to request the name of the X windo)209.469
-348 R .468(ws display that is)-.25 F(associated with the telnet client.)209 360
-Q 1.008(DO NEW)102 378 R(-ENVIR)-.65 E 17.52(ON Indicates)-.4 F 3.508(ad)3.508
-G 1.008(esire to be able to request en)262.564 378 R 1.009(vironment v)-.4 F
-1.009(ariable information, as de-)-.25 F(scribed in RFC 1572.)209 390 Q 1.009
-(DO ENVIR)102 408 R 42.97(ON Indicates)-.4 F 3.509(ad)3.509 G 1.009
-(esire to be able to request en)262.567 408 R 1.008(vironment v)-.4 F 1.008
-(ariable information, as de-)-.25 F(scribed in RFC 1408.)209 420 Q .886
-(DO LINEMODE)102 438 R .886(Only sent if)209.886 438 R F2(telnetd)3.386 E F0
-.886(is compiled with support for linemode, and requests that)3.386 F
-(the client do line by line processing.)209 450 Q 1.292(DO TIMING-MARK)102 468
-R 1.292(Only sent if)210.292 468 R F2(telnetd)3.792 E F0 1.291
-(is compiled with support for both linemode and kludge)3.792 F 2.029
-(linemode, and the client responded with)209 480 R F3 2.029(WONT LINEMODE.)
-4.529 F F0 2.029(If the client re-)4.529 F 3.375(sponds with)209 492 R F3 3.375
-(WILL TM,)5.875 F F0 3.375(the it is assumed that the client supports kludge)
-5.875 F 2.5(linemode. Note)209 504 R(that the)2.5 E([)3.333 E F2<ad6b>2.499 E
-F0 2.5(]o).833 G(ption can be used to disable this.)338.205 504 Q(DO A)102 522
-Q(UTHENTICA)-.55 E(TION)-1.11 E .618(Only sent if)209 534 R F2(telnetd)3.118 E
-F0 .618(is compiled with support for authentication, and indicates)3.118 F 2.5
-(aw)209 546 S(illingness to recei)223.16 546 Q .3 -.15(ve a)-.25 H
-(uthentication information for automatic login.).15 E .118(DO ENCR)102 564 R
-42.65(YPT Only)-.65 F .118(sent if)2.618 F F2(telnetd)2.618 E F0 .118
-(is compiled with support for data encryption, and indicates)2.618 F 2.5(aw)209
-576 S(illingness to decrypt the data stream.)223.16 576 Q/F4 10/Times-Bold@0 SF
-(ENVIR)72 600 Q(ONMENT)-.3 E(FILES)72 612 Q F3(/etc/services)102 624 Q
-(/etc/inittab)102 636 Q F0(\(UNICOS systems only\))2.5 E F3(/etc/iptos)102 648
-Q F0(\(if supported\))2.5 E F3(/usr/ucb/bftp)102 660 Q F0(\(if supported\))2.5
-E(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(4)535 750 Q EP
-%%Page: 5 5
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(TELNETD \( 8 \))72 48 R(BSD System Manager')
-241.42 48 Q 2.5(sM)-.55 G 105.272(anual TELNETD)348.92 48 R 1.666(\(8\))1.666 G
-/F1 10/Times-Bold@0 SF(SEE ALSO)72 96 Q/F2 10/Courier@0 SF(telnet)102 108 Q F0
-(\(1\),)A F2(login)5 E F0(\(1\),)A F2(bftp)5 E F0(\(1\) \(if supported\))A F1
-(ST)72 132 Q(AND)-.9 E(ARDS)-.35 E/F3 10/Courier-Bold@0 SF(RFC-854)102 144 Q/F4
-9/Times-Roman@0 SF(TELNET)155 144 Q F0(PR)2.5 E -1.88 -.4(OT O)-.4 H
-(COL SPECIFICA).4 E(TION)-1.11 E F3(RFC-855)102 156 Q F0
-(TELNET OPTION SPECIFICA)155 156 Q(TIONS)-1.11 E F3(RFC-856)102 168 Q F0
-(TELNET BIN)155 168 Q(AR)-.35 E 2.5(YT)-.65 G(RANSMISSION)241.21 168 Q F3
-(RFC-857)102 180 Q F0(TELNET ECHO OPTION)155 180 Q F3(RFC-858)102 192 Q F0
-(TELNET SUPPRESS GO AHEAD OPTION)155 192 Q F3(RFC-859)102 204 Q F0(TELNET ST)
-155 204 Q -1.11(AT)-.93 G(US OPTION)1.11 E F3(RFC-860)102 216 Q F0
-(TELNET TIMING MARK OPTION)155 216 Q F3(RFC-861)102 228 Q F0
-(TELNET EXTENDED OPTIONS - LIST OPTION)155 228 Q F3(RFC-885)102 240 Q F0
-(TELNET END OF RECORD OPTION)155 240 Q F3(RFC-1073)102 252 Q F0 -.7(Te)5 G
-(lnet W).7 E(indo)-.4 E 2.5(wS)-.25 G(ize Option)224.2 252 Q F3(RFC-1079)102
-264 Q F0 -.7(Te)5 G(lnet T).7 E(erminal Speed Option)-.7 E F3(RFC-1091)102 276
-Q F0 -.7(Te)5 G(lnet T).7 E(erminal-T)-.7 E(ype Option)-.8 E F3(RFC-1096)102
-288 Q F0 -.7(Te)5 G(lnet X Display Location Option).7 E F3(RFC-1123)102 300 Q
-F0(Requirements for Internet Hosts -- Application and Support)5 E F3(RFC-1184)
-102 312 Q F0 -.7(Te)5 G(lnet Linemode Option).7 E F3(RFC-1372)102 324 Q F0 -.7
-(Te)5 G(lnet Remote Flo).7 E 2.5(wC)-.25 G(ontrol Option)245.44 324 Q F3
-(RFC-1416)102 336 Q F0 -.7(Te)5 G(lnet Authentication Option).7 E F3(RFC-1411)
-102 348 Q F0 -.7(Te)5 G(lnet Authentication: K).7 E(erberos V)-.25 E(ersion 4)
--1.11 E F3(RFC-1412)102 360 Q F0 -.7(Te)5 G(lnet Authentication: SPX).7 E F3
-(RFC-1571)102 372 Q F0 -.7(Te)5 G(lnet En).7 E
-(vironment Option Interoperability Issues)-.4 E F3(RFC-1572)102 384 Q F0 -.7
-(Te)5 G(lnet En).7 E(vironment Option)-.4 E F1 -.1(BU)72 408 S(GS).1 E F0(Some)
-102 420 Q F4(TELNET)2.5 E F0(commands are only partially implemented.)2.5 E
-.082(Because of b)102 438 R .082(ugs in the original 4.2 BSD)-.2 F F2(telnet)
-2.582 E F0(\(1\),)A F3(telnetd)5.164 E F0 .082
-(performs some dubious protocol e)2.582 F(xchanges)-.15 E(to try to disco)102
-450 Q -.15(ve)-.15 G 2.5(ri).15 G 2.5(ft)175.03 450 S
-(he remote client is, in f)183.64 450 Q(act, a 4.2 BSD)-.1 E F2(telnet)2.5 E F0
-(\(1\).)A(Binary mode has no common interpretation e)102 468 Q
-(xcept between similar operating systems \(Unix in this case\).)-.15 E
-(The terminal type name recei)102 486 Q -.15(ve)-.25 G 2.5(df).15 G
-(rom the remote client is con)239.06 486 Q -.15(ve)-.4 G(rted to lo).15 E
-(wer case.)-.25 E F3(Telnetd)102 504 Q F0(ne)2.5 E -.15(ve)-.25 G 2.5(rs).15 G
-(ends)174.7 504 Q F4(TELNET)2.5 E F2(IAC GA)2.5 E F0(\(go ahead\) commands.)2.5
-E(4.2 Berk)72 750 Q(ele)-.1 E 2.5(yD)-.15 G(istrib)132.57 750 Q 95.71
-(ution February)-.2 F(3, 1994)2.5 E(5)535 750 Q EP
-%%Trailer
-end
-%%EOF
diff --git a/src/appl/telnet/telnetd/telnetd.0.txt b/src/appl/telnet/telnetd/telnetd.0.txt
deleted file mode 100644
index f13b699..0000000
--- a/src/appl/telnet/telnetd/telnetd.0.txt
+++ /dev/null
@@ -1,322 +0,0 @@
-TELNETD(8)                BSD System Manager's Manual               TELNETD(8)
-
-NNAAMMEE
-     tteellnneettdd - DARPA TELNET protocol server
-
-SSYYNNOOPPSSIISS
-     //uussrr//lliibbeexxeecc//tteellnneettdd [--aa _a_u_t_h_m_o_d_e] [--BB] [--DD _d_e_b_u_g_m_o_d_e] [--eeddeebbuugg] [--hh]
-                          [--II_i_n_i_t_i_d] [--ll] [--kk] [--nn] [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--ss]
-                          [--SS _t_o_s] [--uu _l_e_n] [--UU] [--XX _a_u_t_h_t_y_p_e] [--ddeebbuugg [_p_o_r_t]]
-
-DDEESSCCRRIIPPTTIIOONN
-     The tteellnneettdd command is a server which supports the DARPA standard TELNET
-     virtual terminal protocol.  TTeellnneettdd is normally invoked by the internet
-     server (see inetd(8))  for requests to connect to the TELNET port as in-
-     dicated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)).  The --ddeebbuugg option
-     may be used to start up tteellnneettdd manually, instead of through inetd(8).
-     If started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alter-
-     nate TCP port number.
-
-     The tteellnneettdd command accepts the following options:
-
-     --aa _a_u_t_h_m_o_d_e  This option may be used for specifying what mode should be
-                  used for authentication.  Note that this option is only use-
-                  ful if tteellnneettdd has been compiled with support for the
-                  AUTHENTICATION option.  There are several valid values for
-                  _a_u_t_h_m_o_d_e_:
-
-                  debug  Turns on authentication debugging code.
-
-                  user   Only allow connections when the remote user can pro-
-                         vide valid authentication information to identify the
-                         remote user, and is allowed access to the specified
-                         account without providing a password.
-
-                  valid  Only allow connections when the remote user can pro-
-                         vide valid authentication information to identify the
-                         remote user.  The login(1) command will provide any
-                         additional user verification needed if the remote us-
-                         er is not allowed automatic access to the specified
-                         account.
-
-                  other  Only allow connections that supply some authentica-
-                         tion information.  This option is currently not sup-
-                         ported by any of the existing authentication mecha-
-                         nisms, and is thus the same as specifying --aa vvaalliidd.
-
-                  none   This is the default state.  Authentication informa-
-                         tion is not required.  If no or insufficient authen-
-                         tication information is provided, then the login(1)
-                         program will provide the necessary user verification.
-
-                  off    This disables the authentication code.  All user ver-
-                         ification will happen through the login(1) program.
-
-     --BB           Specifies bftp server mode.  In this mode, tteellnneettdd causes
-                  login to start a bftp(1) session rather than the user's nor-
-                  mal shell.  In bftp daemon mode normal logins are not sup-
-                  ported, and it must be used on a port other than the normal
-                  TELNET port.
-
-     --DD _d_e_b_u_g_m_o_d_e
-                  This option may be used for debugging purposes.  This allows
-                  tteellnneettdd to print out debugging information to the connec-
-                  tion, allowing the user to see what tteellnneettdd is doing.  There
-
-                  are several possible values for _d_e_b_u_g_m_o_d_e_:
-
-                  ooppttiioonnss   Prints information about the negotiation of TELNET
-                            options.
-
-                  rreeppoorrtt    Prints the ooppttiioonnss information, plus some addi-
-                            tional information about what processing is going
-                            on.
-
-                  nneettddaattaa   Displays the data stream received by tteellnneettdd..
-
-                  ppttyyddaattaa   Displays data written to the pty.
-
-                  eexxeerrcciissee  Has not been implemented yet.
-
-     --ddeebbuugg       Enables debugging on each socket created by tteellnneettdd (see
-                  SO_DEBUG in socket(2)).
-
-     --eeddeebbuugg      If tteellnneettdd has been compiled with support for data encryp-
-                  tion, then the --eeddeebbuugg option may be used to enable encryp-
-                  tion debugging code.
-
-     --hh           Disables the printing of host-specific information before
-                  login has been completed.
-
-     --II _i_n_i_t_i_d    This option is only applicable to UNICOS systems prior to
-                  7.0.  It specifies the ID from _/_e_t_c_/_i_n_i_t_t_a_b to use when init
-                  starts login sessions.  The default ID is fe.
-
-     --kk           This option is only useful if tteellnneettdd has been compiled with
-                  both linemode and kludge linemode support.  If the --kk option
-                  is specified, then if the remote client does not support the
-                  LINEMODE option, then tteellnneettdd will operate in character at a
-                  time mode.  It will still support kludge linemode, but will
-                  only go into kludge linemode if the remote client requests
-                  it.  (This is done by by the client sending DONT SUPPRESS-
-                  GO-AHEAD and DONT ECHO.) The --kk option is most useful when
-                  there are remote clients that do not support kludge
-                  linemode, but pass the heuristic (if they respond with WILL
-                  TIMING-MARK in response to a DO TIMING-MARK) for kludge
-                  linemode support.
-
-     --ll           Specifies line mode.  Tries to force clients to use line-
-                  at-a-time mode.  If the LINEMODE option is not supported, it
-                  will go into kludge linemode.
-
-     --nn           Disable TCP keep-alives.  Normally tteellnneettdd enables the TCP
-                  keep-alive mechanism to probe connections that have been
-                  idle for some period of time to determine if the client is
-                  still there, so that idle connections from machines that
-                  have crashed or can no longer be reached may be cleaned up.
-
-     --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y
-                  This option is only enabled when tteellnneettdd is compiled for
-                  UNICOS. It specifies an inclusive range of pseudo-terminal
-                  devices to use.  If the system has sysconf variable
-                  _SC_CRAY_NPTY configured, the default pty search range is 0
-                  to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128.
-                  Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing
-                  either end of the search range.  If _l_o_w_p_t_y is omitted, the -
-                  character is still required so that tteellnneettdd can differenti-
-                  ate _h_i_g_h_p_t_y from _l_o_w_p_t_y.
-
-     --ss           This option is only enabled if tteellnneettdd is compiled with sup-
-                  port for SecurID cards.  It causes the --ss option to be
-                  passed on to login(1),  and thus is only useful if login(1)
-                  supports the --ss flag to indicate that only SecurID validated
-                  logins are allowed, and is usually useful for controlling
-                  remote logins from outside of a firewall.
-
-     --SS _t_o_s
-
-     --uu _l_e_n       This option is used to specify the size of the field in the
-                  utmp structure that holds the remote host name.  If the re-
-                  solved host name is longer than _l_e_n, the dotted decimal val-
-                  ue will be used instead.  This allows hosts with very long
-                  host names that overflow this field to still be uniquely
-                  identified.  Specifying --uu00 indicates that only dotted deci-
-                  mal addresses should be put into the _u_t_m_p file.
-
-     --UU           This option causes tteellnneettdd to refuse connections from ad-
-                  dresses that cannot be mapped back into a symbolic name via
-                  the gethostbyaddr(3) routine.
-
-     --XX _a_u_t_h_t_y_p_e  This option is only valid if tteellnneettdd has been built with
-                  support for the authentication option.  It disables the use
-                  of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily
-                  disable a specific authentication type without having to re-
-                  compile tteellnneettdd.
-
-     TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4))  for
-     a client, then creating a login process which has the slave side of the
-     pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the mas-
-     ter side of the pseudo-terminal, implementing the TELNET protocol and
-     passing characters between the remote client and the login process.
-
-     When a TELNET session is started up, tteellnneettdd sends TELNET options to the
-     client side indicating a willingness to do the following TELNET options,
-     which are described in more detail below:
-
-           DO AUTHENTICATION
-           WILL ENCRYPT
-           DO TERMINAL TYPE
-           DO TSPEED
-           DO XDISPLOC
-           DO NEW-ENVIRON
-           DO ENVIRON
-           WILL SUPPRESS GO AHEAD
-           DO ECHO
-           DO LINEMODE
-           DO NAWS
-           WILL STATUS
-           DO LFLOW
-           DO TIMING-MARK
-
-     The pseudo-terminal allocated to the client is configured to operate in
-     cooked mode, and with XTABS and CRMOD enabled (see tty(4)).
-
-     TTeellnneettdd has support for enabling locally the following TELNET options:
-
-     WILL ECHO          When the LINEMODE option is enabled, a WILL ECHO or
-                        WONT ECHO will be sent to the client to indicate the
-                        current state of terminal echoing.  When terminal echo
-                        is not desired, a WILL ECHO is sent to indicate that
-                        telnetd will take care of echoing any data that needs
-                        to be echoed to the terminal, and then nothing is
-                        echoed.  When terminal echo is desired, a WONT ECHO is
-                        sent to indicate that telnetd will not be doing any
-                        terminal echoing, so the client should do any terminal
-                        echoing that is needed.
-
-     WILL BINARY        Indicates that the client is willing to send a 8 bits
-                        of data, rather than the normal 7 bits of the Network
-                        Virtual Terminal.
-
-     WILL SGA           Indicates that it will not be sending IAC GA, go
-                        ahead, commands.
-
-     WILL STATUS        Indicates a willingness to send the client, upon re-
-                        quest, of the current status of all TELNET options.
-
-     WILL TIMING-MARK   Whenever a DO TIMING-MARK command is received, it is
-                        always responded to with a WILL TIMING-MARK
-
-     WILL LOGOUT        When a DO LOGOUT is received, a WILL LOGOUT is sent in
-                        response, and the TELNET session is shut down.
-
-     WILL ENCRYPT       Only sent if tteellnneettdd is compiled with support for data
-                        encryption, and indicates a willingness to decrypt the
-                        data stream.
-
-     TTeellnneettdd has support for enabling remotely the following TELNET options:
-
-     DO BINARY          Sent to indicate that telnetd is willing to receive an
-                        8 bit data stream.
-
-     DO LFLOW           Requests that the client handle flow control charac-
-                        ters remotely.
-
-     DO ECHO            This is not really supported, but is sent to identify
-                        a 4.2BSD telnet(1) client, which will improperly re-
-                        spond with WILL ECHO. If a WILL ECHO is received, a
-                        DONT ECHO will be sent in response.
-
-     DO TERMINAL-TYPE   Indicates a desire to be able to request the name of
-                        the type of terminal that is attached to the client
-                        side of the connection.
-
-     DO SGA             Indicates that it does not need to receive IAC GA, the
-                        go ahead command.
-
-     DO NAWS            Requests that the client inform the server when the
-                        window (display) size changes.
-
-     DO TERMINAL-SPEED  Indicates a desire to be able to request information
-                        about the speed of the serial line to which the client
-                        is attached.
-
-     DO XDISPLOC        Indicates a desire to be able to request the name of
-                        the X windows display that is associated with the tel-
-                        net client.
-
-     DO NEW-ENVIRON     Indicates a desire to be able to request environment
-                        variable information, as described in RFC 1572.
-
-     DO ENVIRON         Indicates a desire to be able to request environment
-                        variable information, as described in RFC 1408.
-
-     DO LINEMODE        Only sent if tteellnneettdd is compiled with support for
-                        linemode, and requests that the client do line by line
-                        processing.
-
-     DO TIMING-MARK     Only sent if tteellnneettdd is compiled with support for both
-                        linemode and kludge linemode, and the client responded
-                        with WONT LINEMODE. If the client responds with WILL
-                        TM, the it is assumed that the client supports kludge
-                        linemode.  Note that the [--kk] option can be used to
-
-                        disable this.
-
-     DO AUTHENTICATION  Only sent if tteellnneettdd is compiled with support for au-
-                        thentication, and indicates a willingness to receive
-                        authentication information for automatic login.
-
-     DO ENCRYPT         Only sent if tteellnneettdd is compiled with support for data
-                        encryption, and indicates a willingness to decrypt the
-                        data stream.
-
-EENNVVIIRROONNMMEENNTT
-FFIILLEESS
-     _/_e_t_c_/_s_e_r_v_i_c_e_s
-     _/_e_t_c_/_i_n_i_t_t_a_b (UNICOS systems only)
-     _/_e_t_c_/_i_p_t_o_s (if supported)
-     _/_u_s_r_/_u_c_b_/_b_f_t_p (if supported)
-
-SSEEEE AALLSSOO
-     telnet(1),  login(1),  bftp(1) (if supported)
-
-SSTTAANNDDAARRDDSS
-     RRFFCC--885544   TELNET PROTOCOL SPECIFICATION
-     RRFFCC--885555   TELNET OPTION SPECIFICATIONS
-     RRFFCC--885566   TELNET BINARY TRANSMISSION
-     RRFFCC--885577   TELNET ECHO OPTION
-     RRFFCC--885588   TELNET SUPPRESS GO AHEAD OPTION
-     RRFFCC--885599   TELNET STATUS OPTION
-     RRFFCC--886600   TELNET TIMING MARK OPTION
-     RRFFCC--886611   TELNET EXTENDED OPTIONS - LIST OPTION
-     RRFFCC--888855   TELNET END OF RECORD OPTION
-     RRFFCC--11007733  Telnet Window Size Option
-     RRFFCC--11007799  Telnet Terminal Speed Option
-     RRFFCC--11009911  Telnet Terminal-Type Option
-     RRFFCC--11009966  Telnet X Display Location Option
-     RRFFCC--11112233  Requirements for Internet Hosts -- Application and Support
-     RRFFCC--11118844  Telnet Linemode Option
-     RRFFCC--11337722  Telnet Remote Flow Control Option
-     RRFFCC--11441166  Telnet Authentication Option
-     RRFFCC--11441111  Telnet Authentication: Kerberos Version 4
-     RRFFCC--11441122  Telnet Authentication: SPX
-     RRFFCC--11557711  Telnet Environment Option Interoperability Issues
-     RRFFCC--11557722  Telnet Environment Option
-
-BBUUGGSS
-     Some TELNET commands are only partially implemented.
-
-     Because of bugs in the original 4.2 BSD telnet(1),  tteellnneettdd performs some
-     dubious protocol exchanges to try to discover if the remote client is, in
-     fact, a 4.2 BSD telnet(1).
-
-     Binary mode has no common interpretation except between similar operating
-     systems (Unix in this case).
-
-     The terminal type name received from the remote client is converted to
-     lower case.
-
-     TTeellnneettdd never sends TELNET IAC GA (go ahead) commands.
-
-4.2 Berkeley Distribution      February 3, 1994                              5
diff --git a/src/appl/telnet/telnetd/telnetd.8 b/src/appl/telnet/telnetd/telnetd.8
deleted file mode 100644
index 78700cb..0000000
--- a/src/appl/telnet/telnetd/telnetd.8
+++ /dev/null
@@ -1,631 +0,0 @@
-.\" Copyright (c) 1983, 1993
-.\"	The Regents of the University of California.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"	This product includes software developed by the University of
-.\"	California, Berkeley and its contributors.
-.\" 4. Neither the name of the University nor the names of its contributors
-.\"    may be used to endorse or promote products derived from this software
-.\"    without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\"	@(#)telnetd.8	8.2 (Berkeley) 2/3/94
-.\" "
-.TH TELNETD 8
-.SH NAME
-telnetd \-
-.SM DARPA TELNET
-protocol server
-.SH SYNOPSIS
-.B /usr/libexec/telnetd
-[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
-[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
-[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
-[\fB\-S\fP \fItos\fP] [\fB\-U\fP] [\fB\-X\fP \fIauthtype\fP]
-[\fB\-w\fP [\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]]
-[\fB\-debug\fP [\fIport\fP]]
-.SH DESCRIPTION
-The
-.B telnetd
-command is a server which supports the
-.SM DARPA
-standard
-.SM TELNET
-virtual terminal protocol.
-.B Telnetd
-is normally invoked by the internet server (see
-.BR inetd (8)
-for requests to connect to the
-.SM TELNET
-port as indicated by the
-.I /etc/services
-file (see
-.BR services (5)).
-The
-.B \-debug
-option may be used to start up
-.B telnetd
-manually, instead of through
-.IR inetd (8).
-If started up this way, 
-.I port
-may be specified to run
-.B telnetd
-on an alternate
-.SM TCP
-port number.
-.PP
-The
-.B telnetd
-command accepts the following options:
-.TP
-\fB\-a\fP \fIauthmode\fP
-This option may be used for specifying what mode should be used for
-authentication.  Note that this option is only useful if
-.B telnetd
-has been compiled with support for the
-.SM AUTHENTICATION
-option.  There are several valid values for
-.IR authmode :
-.RS
-.TP
-.B debug
-Turns on authentication debugging code.
-.TP
-.B valid
-Only allow connections when the remote user can provide valid
-authentication information to identify the remote user, and is allowed
-access to the specified account without providing a password.
-.TP
-.B user
-Only allow connections when the remote user can provide valid
-authentication information to identify the remote user.  The
-.IR login (1)
-command will provide any additional user verification needed if the
-remote user is not allowed automatic access to the specified account.
-.TP
-.B other
-Only allow connections that supply some authentication information.
-This option is currently not supported by any of the existing
-authentication mechanisms, and is thus the same as specifying
-.B \-a
-.BR valid .
-.TP
-.B none
-This is the default state.  Authentication information is not required.
-If no or insufficient authentication information is provided, then the
-.IR login (1)
-program will provide the necessary user verification.
-.TP
-.B off
-This disables the authentication code.  All user verification will
-happen through the
-.IR login (1)
-program.
-.RE
-.TP
-.B \-B
-Specifies bftp server mode.  In this mode,
-.B telnetd
-causes login to start a
-.IR bftp (1)
-session rather than the user's normal shell.  In bftp daemon mode,
-normal logins are not supported, and it must be used on a port other
-than the normal
-.SM TELNET
-port.
-.TP
-\fB\-D\fP \fIdebugmode\fP
-This option may be used for debugging purposes.  This allows
-.B telnetd
-to print out debugging information to the connection, allowing the user
-to see what
-.B telnetd
-is doing.  There are several possible values for
-.IR debugmode :
-.RS
-.TP
-.B options
-Prints information about the negotiation of
-.SM TELNET
-options.
-.TP
-.B report
-Prints the
-.B options
-information, plus some additional information about what processing is
-going on.
-.TP
-.B netdata
-Displays the data stream received by
-.B telnetd.
-.TP
-.B ptydata
-Displays data written to the pty.
-.TP
-.B encrypt
-Enables	encryption debugging code.
-.TP
-.B exercise
-Has not been implemented yet.
-.RE
-.TP
-.B \-debug
-Enables debugging on each socket created by
-.B telnetd
-(see
-.SM SO_DEBUG
-in
-.IR socket (2)).
-.TP
-.B \-e
-This option causes
-.B telnetd
-to refuse unencrypted connections.
-.TP
-.B \-h
-Disables the printing of host-specific information before login has been
-completed.
-.TP
-\fB\-I\fP \fIinitid\fP
-This option is only applicable to
-.SM UNICOS
-systems prior to 7.0.  It specifies the
-.SM ID
-from
-.I /etc/inittab
-to use when init starts login sessions.  The default
-.SM ID
-is fe.
-.TP
-.B \-k
-This option is only useful if
-.B telnetd
-has been compiled with both linemode and kludge linemode support.  If
-the
-.B \-k
-option is specified, then if the remote client does not support the
-.SM LINEMODE
-option, then
-.B telnetd
-will operate in character at a time mode.  It will still support kludge
-linemode, but will only go into kludge linemode if the remote client
-requests it.  (This is done by by the client sending
-.SM DONT SUPPRESS-GO-AHEAD
-and
-.SM DONT ECHO.)
-The
-.B \-k
-option is most useful when there are remote clients that do not support
-kludge linemode, but pass the heuristic (if they respond with
-.SM WILL TIMING-MARK
-in response to a
-.SM DO TIMING-MARK)
-for kludge linemode support.
-.TP
-.B \-l
-Specifies line mode.  Tries to force clients to use line-at-a-time
-mode.  If the
-.SM LINEMODE
-option is not supported, it will go into kludge linemode.
-.TP
-.B \-n
-Disable
-.SM TCP
-keep-alives.  Normally
-.B telnetd
-enables the
-.SM TCP
-keep-alive mechanism to probe connections that have been idle for some
-period of time to determine if the client is still there, so that idle
-connections from machines that have crashed or can no longer be reached
-may be cleaned up.
-.TP
-\fB\-r\fP \fIlowpty-highpty\fP
-This option is only enabled when
-.B telnetd
-is compiled for
-.SM UNICOS.
-It specifies an inclusive range of pseudo-terminal devices to use.  If
-the system has sysconf variable
-.SM _SC_CRAY_NPTY
-configured, the default pty search range is 0 to
-.SM _SC_CRAY_NPTY;
-otherwise, the default range is 0 to 128.  Either
-.I lowpty
-or
-.I highpty
-may be omitted to allow changing either end of the search range.  If
-.I lowpty
-is omitted, the - character is still required so that
-.B telnetd
-can differentiate
-.I highpty
-from
-.IR lowpty .
-.TP
-.B \-s
-This option is only enabled if
-.B telnetd
-is compiled with support for SecurID cards.  It causes the
-.B \-s
-option to be passed on to
-.IR login (1),
-and thus is only useful if
-.IR login (1)
-supports the
-.B \-s
-flag to indicate that only SecurID validated logins are allowed, and is
-usually useful for controlling remote logins from outside of a firewall.
-.TP
-\fB\-S\fP \fItos\fP
-.TP
-.B \-U
-This option causes
-.B telnetd
-to refuse connections from addresses that cannot be mapped back into a
-symbolic name via the
-.IR gethostbyaddr (3)
-routine.
-.TP
-.B \-w \fP[\fBip\fP|\fImaxhostlen\fP[\fB,\fP[\fBno\fP]\fBstriplocal\fP]]
-Controls the form of the remote hostname passed to login(1).
-Specifying \fBip\fP results in the numeric IP address always being
-passed to login(1).  Specifying a number, \fImaxhostlen\fP, sets the
-maximum length of the hostname passed to login(1) before it will be
-passed as a numeric IP address.  If \fImaxhostlen\fP is 0, then the
-system default, as determined by the utmp or utmpx structures, is
-used.  The \fBnostriplocal\fP and \fBstriplocal\fP options, which must
-be preceded by a comma, control whether or not the local host domain
-is stripped from the remote hostname.  By default, the equivalent of
-\fBstriplocal\fP is in effect.
-.TP
-\fB\-X\fP \fIauthtype\fP
-This option is only valid if
-.B telnetd
-has been built with support for the authentication option.  It disables
-the use of
-.I authtype
-authentication, and can be used to temporarily disable a specific
-authentication type without having to recompile
-.BR telnetd .
-.PP
-.B Telnetd
-operates by allocating a pseudo-terminal device (see
-.IR pty (4))
-for a client, then creating a login process which has the slave side of
-the pseudo-terminal as
-.IR stdin ,
-.I stdout
-and
-.IR stderr .
-.B Telnetd
-manipulates the master side of the pseudo-terminal, implementing the
-.SM TELNET
-protocol and passing characters between the remote client and the login
-process.
-.PP
-When a
-.SM TELNET
-session is started up, 
-.B telnetd
-sends
-.SM TELNET
-options to the client side indicating a willingness to do the following
-.SM TELNET
-options, which are described in more detail below:
-.sp
-.nf
-.in +0.5i
-DO AUTHENTICATION
-WILL ENCRYPT
-DO TERMINAL TYPE
-DO TSPEED
-DO XDISPLOC
-DO NEW-ENVIRON
-DO ENVIRON
-WILL SUPPRESS GO AHEAD
-DO ECHO
-DO LINEMODE
-DO NAWS
-WILL STATUS
-DO LFLOW
-DO TIMING-MARK
-.in 
-.fi
-.PP
-The pseudo-terminal allocated to the client is configured
-to operate in \*(lqcooked\*(rq mode, and with
-.SM XTABS
-and
-.SM CRMOD
-enabled (see
-.IR tty (4)).
-.PP
-.B Telnetd
-has support for enabling locally the following
-.SM TELNET
-options:
-.TP "\w'.SM WILL TIMING-MARK\ 'u"
-.SM WILL ECHO
-When the
-.SM LINEMODE
-option is enabled, a
-.SM WILL ECHO
-or
-.SM WONT ECHO
-will be sent to the client to indicate the current state of terminal
-echoing.  When terminal echo is not desired, a
-.SM WILL ECHO
-is sent to indicate that
-.B telnetd
-will take care of echoing any data that needs to be echoed to the
-terminal, and then nothing is echoed.  When terminal echo is desired, a
-.SM WONT ECHO
-is sent to indicate that
-.B telnetd
-will not be doing any terminal echoing, so the
-client should do any terminal echoing that is needed.
-.TP
-.SM WILL BINARY
-Indicates that the client is willing to send a 8 bits of data, rather
-than the normal 7 bits of the Network Virtual Terminal.
-.TP
-.SM WILL SGA
-Indicates that it will not be sending
-.SM IAC GA,
-go ahead, commands.
-.TP
-.SM WILL STATUS 
-Indicates a willingness to send the client, upon request, of the current
-status of all
-.SM TELNET
-options.
-.TP
-.SM WILL TIMING-MARK
-Whenever a
-.SM DO TIMING-MARK
-command is received, it is always responded to with a
-.SM WILL TIMING-MARK
-.TP
-.SM WILL LOGOUT
-When a
-.SM DO LOGOUT
-is received, a
-.SM WILL LOGOUT
-is sent in response, and the
-.SM TELNET
-session is shut down.
-.TP
-.SM WILL ENCRYPT
-Only sent if
-.B telnetd
-is compiled with support for data encryption, and indicates a
-willingness to decrypt the data stream.
-.PP
-.B Telnetd
-has support for enabling remotely the following
-.SM TELNET
-options:
-.TP "\w'.SM DO TERMINAL-SPEED\ 'u"
-.SM DO BINARY
-Sent to indicate that
-.B telnetd
-is willing to receive an 8 bit data stream.
-.TP
-.SM DO LFLOW
-Requests that the client handle flow control characters remotely.
-.TP
-.SM DO ECHO
-This is not really supported, but is sent to identify a 4.2BSD
-.IR telnet (1)
-client, which will improperly respond with
-.SM WILL ECHO.
-If a
-.SM WILL ECHO
-is received, a
-.SM DONT ECHO
-will be sent in response.
-.TP
-.SM DO TERMINAL-TYPE
-Indicates a desire to be able to request the name of the type of
-terminal that is attached to the client side of the connection.
-.TP
-.SM DO SGA
-Indicates that it does not need to receive
-.SM IAC GA,
-the go ahead command.
-.TP
-.SM DO NAWS
-Requests that the client inform the server when the window (display)
-size changes.
-.TP
-.SM DO TERMINAL-SPEED
-Indicates a desire to be able to request information about the speed of
-the serial line to which the client is attached.
-.TP
-.SM DO XDISPLOC
-Indicates a desire to be able to request the name of the X windows
-display that is associated with the telnet client.
-.TP
-.SM DO NEW-ENVIRON
-Indicates a desire to be able to request environment variable
-information, as described in RFC 1572.
-.TP
-.SM DO ENVIRON
-Indicates a desire to be able to request environment variable
-information, as described in RFC 1408.
-.TP
-.SM DO LINEMODE
-Only sent if
-.B telnetd
-is compiled with support for linemode, and requests that the client do
-line by line processing.
-.TP
-.SM DO TIMING-MARK
-Only sent if
-.B telnetd
-is compiled with support for both linemode and kludge linemode, and the
-client responded with
-.SM WONT LINEMODE.
-If the client responds with
-.SM WILL TM,
-the it is assumed that the client supports kludge linemode.  Note that
-the
-.B \-k
-option can be used to disable this.
-.TP
-.SM DO AUTHENTICATION
-Only sent if
-.B telnetd
-is compiled with support for authentication, and indicates a willingness
-to receive authentication information for automatic login.
-.TP
-.SM DO ENCRYPT
-Only sent if
-.B telnetd
-is compiled with support for data encryption, and indicates a
-willingness to decrypt the data stream.
-.SH FILES
-.I /etc/services
-.br
-.I /etc/inittab
-(UNICOS systems only)
-.br
-.I /etc/iptos
-(if supported)
-.br
-.I /usr/ucb/bftp
-(if supported)
-.SH "SEE ALSO"
-.IR telnet (1),
-.IR login (1),
-.IR bftp (1)
-(if supported)
-.SH STANDARDS
-.TP "\w'.B RFC-2000\ 'u"
-.B RFC-854
-TELNET PROTOCOL SPECIFICATION
-.sp -1
-.TP
-.B RFC-855
-TELNET OPTION SPECIFICATIONS
-.sp -1
-.TP
-.B RFC-856
-TELNET BINARY TRANSMISSION
-.sp -1
-.TP
-.B RFC-857
-TELNET ECHO OPTION
-.sp -1
-.TP
-.B RFC-858
-TELNET SUPPRESS GO AHEAD OPTION
-.sp -1
-.TP
-.B RFC-859
-TELNET STATUS OPTION
-.sp -1
-.TP
-.B RFC-860
-TELNET TIMING MARK OPTION
-.sp -1
-.TP
-.B RFC-861
-TELNET EXTENDED OPTIONS - LIST OPTION
-.sp -1
-.TP
-.B RFC-885
-TELNET END OF RECORD OPTION
-.sp -1
-.TP
-.B RFC-1073
-Telnet Window Size Option
-.sp -1
-.TP
-.B RFC-1079
-Telnet Terminal Speed Option
-.sp -1
-.TP
-.B RFC-1091
-Telnet Terminal-Type Option
-.sp -1
-.TP
-.B RFC-1096
-Telnet X Display Location Option
-.sp -1
-.TP
-.B RFC-1123
-Requirements for Internet Hosts -- Application and Support
-.sp -1
-.TP
-.B RFC-1184
-Telnet Linemode Option
-.sp -1
-.TP
-.B RFC-1372
-Telnet Remote Flow Control Option
-.sp -1
-.TP
-.B RFC-1416
-Telnet Authentication Option
-.sp -1
-.TP
-.B RFC-1411
-Telnet Authentication: Kerberos Version 4
-.sp -1
-.TP
-.B RFC-1412
-Telnet Authentication: SPX
-.sp -1
-.TP
-.B RFC-1571
-Telnet Environment Option Interoperability Issues
-.sp -1
-.TP
-.B RFC-1572
-Telnet Environment Option
-.SH BUGS
-Some
-.SM TELNET
-commands are only partially implemented.
-.PP
-Because of bugs in the original 4.2 BSD
-.IR telnet (1),
-.B telnetd
-performs some dubious protocol exchanges to try to discover if the
-remote client is, in fact, a 4.2 BSD
-.IR telnet (1).
-.PP
-Binary mode has no common interpretation except between similar
-operating systems (Unix in this case).
-.PP
-The terminal type name received from the remote client is converted to
-lower case.
-.PP
-.B Telnetd
-never sends
-.SM TELNET
-.SM IAC GA
-(go ahead) commands.
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
deleted file mode 100644
index 86280f3..0000000
--- a/src/appl/telnet/telnetd/telnetd.c
+++ /dev/null
@@ -1,1715 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef lint
-static char copyright[] =
-"@(#) Copyright (c) 1989, 1993\n\
-	The Regents of the University of California.  All rights reserved.\n";
-#endif /* not lint */
-
-/* based on @(#)telnetd.c	8.1 (Berkeley) 6/4/93 */
-
-#include "telnetd.h"
-#include "pathnames.h"
-
-extern int getent(char *, char *);
-extern int tgetent(char *, char *);
-
-#if	defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY)
-/*
- * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can
- * use it to tell us to turn off all the socket security code,
- * since that is only used in UNICOS 7.0 and later.
- */
-# undef _SC_CRAY_SECURE_SYS
-#endif
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <libpty.h>
-#include <com_err.h>
-#if	defined(_SC_CRAY_SECURE_SYS)
-#include <sys/sysv.h>
-#include <sys/secdev.h>
-# ifdef SO_SEC_MULTI		/* 8.0 code */
-#include <sys/secparm.h>
-#include <sys/usrv.h>
-# endif /* SO_SEC_MULTI */
-int	secflag;
-char	tty_dev[16];
-struct	secdev dv;
-struct	sysv sysv;
-# ifdef SO_SEC_MULTI		/* 8.0 code */
-struct	socksec ss;
-# else /* SO_SEC_MULTI */	/* 7.0 code */
-struct	socket_security ss;
-# endif /* SO_SEC_MULTI */
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-#include "fake-addrinfo.h"
-
-#ifdef KRB5
-#include "krb5.h"
-#endif
-
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#include <libtelnet/auth-proto.h>
-#endif
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#include <libtelnet/enc-proto.h>
-#endif
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-#include <libtelnet/misc-proto.h>
-#endif
-
-int	registerd_host_only = 0;
-
-#ifdef	STREAMSPTY
-#include <sys/stream.h>
-# include <stropts.h>
-# include <termio.h>
-/* make sure we don't get the bsd version */
-#ifdef HAVE_SYS_TTY_H
-# include "/usr/include/sys/tty.h"
-#endif
-#ifdef  HAVE_SYS_PTYVAR_H
-# include <sys/ptyvar.h>
-#endif
-
-/*
- * Because of the way ptyibuf is used with streams messages, we need
- * ptyibuf+1 to be on a full-word boundary.  The following wierdness
- * is simply to make that happen.
- */
-long	ptyibufbuf[BUFSIZ/sizeof(long)+1];
-char	*ptyibuf = ((char *)&ptyibufbuf[1])-1;
-char	*ptyip = ((char *)&ptyibufbuf[1])-1;
-char	ptyibuf2[BUFSIZ];
-unsigned char ctlbuf[BUFSIZ];
-struct	strbuf strbufc, strbufd;
-
-int readstream();
-
-#else	/* ! STREAMPTY */
-
-/*
- * I/O data buffers,
- * pointers, and counters.
- */
-char	ptyibuf[BUFSIZ], *ptyip = ptyibuf;
-char	ptyibuf2[BUFSIZ];
-
-#endif /* ! STREAMPTY */
-
-static void doit (struct sockaddr *);
-int terminaltypeok (char *);
-static void _gettermname(void);
-
-int	hostinfo = 1;			/* do we print login banner? */
-
-#ifdef	CRAY
-extern int      newmap; /* nonzero if \n maps to ^M^J */
-int	lowpty = 0, highpty;	/* low, high pty numbers */
-#endif /* CRAY */
-
-int debug = 0;
-int keepalive = 1;
-char *progname;
-
-int maxhostlen = 0;
-int always_ip = 0;
-int stripdomain = 1;
-
-extern void usage (void);
-
-/*
- * The string to pass to getopt().  We do it this way so
- * that only the actual options that we support will be
- * passed off to getopt().
- */
-char valid_opts[] = {
-	'd', ':', 'h', 'k', 'L', ':', 'n', 'S', ':', 'U',
-	'w', ':',
-#ifdef	AUTHENTICATION
-	'a', ':', 'X', ':',
-#endif
-#ifdef BFTPDAEMON
-	'B',
-#endif
-#ifdef DIAGNOSTICS
-	'D', ':',
-#endif
-#ifdef	ENCRYPTION
-	'e',
-#endif
-#if	defined(CRAY) && defined(NEWINIT)
-	'I', ':',
-#endif
-#ifdef	LINEMODE
-	'l',
-#endif
-#ifdef CRAY
-	'r', ':',
-#endif
-#ifdef	SecurID
-	's',
-#endif
-#ifdef KRB5
-	'R', ':', 't', ':',
-#endif
-	'\0'
-};
-
-#include <sys/utsname.h>
-static char *
-get_default_IM()
-{
-	struct utsname name;
-	static char banner[1024];
-
-	if (uname(&name) < 0)
-	    snprintf(banner, sizeof(banner),
-		     "\r\nError getting hostname: %s\r\n",
-		     strerror(errno));
-        else {
-#if defined(_AIX)
-	    snprintf(banner, sizeof(banner),
-		     "\r\n    %%h (%s release %s.%s) (%%t)\r\n\r\n",
-		     name.sysname, name.version, name.release);
-#else
-	    snprintf(banner, sizeof(banner),
-		     "\r\n    %%h (%s release %s %s) (%%t)\r\n\r\n",
-		     name.sysname, name.release, name.version);
-#endif
-	}
-	return banner;
-}
-
-int
-main(argc, argv)
-	int argc;
-	char *argv[];
-{
-	struct sockaddr_storage from;
-	int on = 1;
-	socklen_t fromlen;
-	register int ch;
-	extern char *optarg;
-	extern int optind;
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	int tos = -1;
-#endif
-
-	pfrontp = pbackp = ptyobuf;
-	netip = netibuf;
-	nfrontp = nbackp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-
-	progname = *argv;
-
-#ifdef CRAY
-	/*
-	 * Get number of pty's before trying to process options,
-	 * which may include changing pty range.
-	 */
-	highpty = getnpty();
-#endif /* CRAY */
-
-	while ((ch = getopt(argc, argv, valid_opts)) != -1) {
-		switch(ch) {
-
-#ifdef	AUTHENTICATION
-		case 'a':
-			/*
-			 * Check for required authentication level
-			 */
-			if (strcmp(optarg, "debug") == 0) {
-				extern int auth_debug_mode;
-				auth_debug_mode = 1;
-			} else if (strcasecmp(optarg, "none") == 0) {
-				auth_level = 0;
-			} else if (strcasecmp(optarg, "other") == 0) {
-				auth_level = AUTH_OTHER;
-			} else if (strcasecmp(optarg, "user") == 0) {
-				auth_level = AUTH_USER;
-			} else if (strcasecmp(optarg, "valid") == 0) {
-				auth_level = AUTH_VALID;
-			} else if (strcasecmp(optarg, "off") == 0) {
-				/*
-				 * This hack turns off authentication
-				 */
-				auth_level = -1;
-			} else {
-				fprintf(stderr,
-			    "telnetd: unknown authorization level for -a\n");
-			}
-			break;
-#endif	/* AUTHENTICATION */
-
-#ifdef BFTPDAEMON
-		case 'B':
-			bftpd++;
-			break;
-#endif /* BFTPDAEMON */
-
-		case 'd':
-			if (strcmp(optarg, "ebug") == 0) {
-				debug++;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-
-#ifdef DIAGNOSTICS
-		case 'D':
-			/*
-			 * Check for desired diagnostics capabilities.
-			 */
-			if (!strcmp(optarg, "report")) {
-				diagnostic |= TD_REPORT|TD_OPTIONS;
-			} else if (!strcmp(optarg, "exercise")) {
-				diagnostic |= TD_EXERCISE;
-			} else if (!strcmp(optarg, "netdata")) {
-				diagnostic |= TD_NETDATA;
-			} else if (!strcmp(optarg, "ptydata")) {
-				diagnostic |= TD_PTYDATA;
-			} else if (!strcmp(optarg, "options")) {
-				diagnostic |= TD_OPTIONS;
-			} else if (!strcmp(optarg, "encrypt")) {
-				extern int encrypt_debug_mode;
-				encrypt_debug_mode = 1;
-			} else {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-#endif /* DIAGNOSTICS */
-
-#ifdef	ENCRYPTION
-		case 'e':
-			must_encrypt = 1;
-			break;
-#endif	/* ENCRYPTION */
-
-		case 'h':
-			hostinfo = 0;
-			break;
-
-#if	defined(CRAY) && defined(NEWINIT)
-		case 'I':
-		    {
-			extern char *gen_id;
-			gen_id = optarg;
-			break;
-		    }
-#endif	/* defined(CRAY) && defined(NEWINIT) */
-
-#ifdef	LINEMODE
-		case 'l':
-			alwayslinemode = 1;
-			break;
-#endif	/* LINEMODE */
-
-		case 'k':
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-			lmodetype = NO_AUTOKLUDGE;
-#else
-			/* ignore -k option if built without kludge linemode */
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-			break;
-
-		case 'L':
-		    {
-		        extern char *login_program;
-
-			login_program = optarg;
-			break;
-		    }
-
-		case 'n':
-			keepalive = 0;
-			break;
-
-#ifdef CRAY
-		case 'r':
-		    {
-			char *strchr();
-			char *c;
-
-			/*
-			 * Allow the specification of alterations
-			 * to the pty search range.  It is legal to
-			 * specify only one, and not change the
-			 * other from its default.
-			 */
-			c = strchr(optarg, '-');
-			if (c) {
-				*c++ = '\0';
-				highpty = atoi(c);
-			}
-			if (*optarg != '\0')
-				lowpty = atoi(optarg);
-			if ((lowpty > highpty) || (lowpty < 0) ||
-							(highpty > 32767)) {
-				usage();
-				/* NOT REACHED */
-			}
-			break;
-		    }
-#endif	/* CRAY */
-
-#ifdef KRB5
-		case 'R':
-		    {
-			extern krb5_context telnet_context;
-			krb5_error_code retval;
-
-			if (telnet_context == 0) {
-				retval = krb5_init_context(&telnet_context);
-				if (retval) {
-					com_err("telnetd", retval,
-						"while initializing krb5");
-					exit(1);
-				}
-			}
-			krb5_set_default_realm(telnet_context, optarg);
-			break;
-		    }
-#endif	/* KRB5 */
-
-#ifdef	SecurID
-		case 's':
-			/* SecurID required */
-			require_SecurID = 1;
-			break;
-#endif	/* SecurID */
-		case 'S':
-#ifdef	HAVE_GETTOSBYNAME
-			if ((tos = parsetos(optarg, "tcp")) < 0)
-				fprintf(stderr, "%s%s%s\n",
-					"telnetd: Bad TOS argument '", optarg,
-					"'; will try to use default TOS");
-#else
-			fprintf(stderr, "%s%s\n", "TOS option unavailable; ",
-						"-S flag not supported\n");
-#endif
-			break;
-
-#ifdef KRB5
-		case 't':
-		    {
-			extern char *telnet_srvtab;
-
-			telnet_srvtab = optarg;
-			break;
-		    }
-#endif	/* KRB5 */
-
-
-		case 'U':
-			registerd_host_only = 1;
-			break;
-
-#ifdef	AUTHENTICATION
-		case 'X':
-			/*
-			 * Check for invalid authentication types
-			 */
-			auth_disable_name(optarg);
-			break;
-#endif	/* AUTHENTICATION */
-		case 'w':
-			if (!strcmp(optarg, "ip"))
-				always_ip = 1;
-			else {
-				char *cp;
-				cp = strchr(optarg, ',');
-				if (cp == NULL)
-					maxhostlen = atoi(optarg);
-				else if (*(++cp)) {
-					if (!strcmp(cp, "striplocal"))
-						stripdomain = 1;
-					else if (!strcmp(cp, "nostriplocal"))
-						stripdomain = 0;
-					else {
-						usage();
-					}
-					*(--cp) = '\0';
-					maxhostlen = atoi(optarg);
-				}
-			}
-			break;
-		default:
-			fprintf(stderr, "telnetd: %c: unknown option\n", ch);
-			/* FALLTHROUGH */
-		case '?':
-			usage();
-			/* NOTREACHED */
-		}
-	}
-
-	argc -= optind;
-	argv += optind;
-
-	/* XXX Convert this to support getaddrinfo, ipv6, etc.  */
-	if (debug) {
-	    int s, ns;
-	    socklen_t foo;
-	    struct servent *sp;
-	    static struct sockaddr_in sin4 = { AF_INET };
-
-	    if (argc > 1) {
-		usage();
-		/* NOT REACHED */
-	    } else if (argc == 1) {
-		    if ((sp = getservbyname(*argv, "tcp"))) {
-			sin4.sin_port = sp->s_port;
-		    } else {
-			sin4.sin_port = atoi(*argv);
-			if ((int)sin4.sin_port <= 0) {
-			    fprintf(stderr, "telnetd: %s: bad port #\n", *argv);
-			    usage();
-			    /* NOT REACHED */
-			}
-			sin4.sin_port = htons((u_short)sin4.sin_port);
-		   }
-	    } else {
-		sp = getservbyname("telnet", "tcp");
-		if (sp == 0) {
-		    fprintf(stderr, "telnetd: tcp/telnet: unknown service\n");
-		    exit(1);
-		}
-		sin4.sin_port = sp->s_port;
-	    }
-
-	    s = socket(AF_INET, SOCK_STREAM, 0);
-	    if (s < 0) {
-		    perror("telnetd: socket");;
-		    exit(1);
-	    }
-	    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-				(char *)&on, sizeof(on));
-	    if (bind(s, (struct sockaddr *)&sin4, sizeof(sin4)) < 0) {
-		perror("bind");
-		exit(1);
-	    }
-	    if (listen(s, 1) < 0) {
-		perror("listen");
-		exit(1);
-	    }
-	    foo = sizeof(sin4);
-	    ns = accept(s, (struct sockaddr *)&sin4, &foo);
-	    if (ns < 0) {
-		perror("accept");
-		exit(1);
-	    }
-	    (void) dup2(ns, 0);
-	    (void) close(ns);
-	    (void) close(s);
-#ifdef convex
-	} else if (argc == 1) {
-		; /* VOID*/		/* Just ignore the host/port name */
-#endif
-	} else if (argc > 0) {
-		usage();
-		/* NOT REACHED */
-	}
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	secflag = sysconf(_SC_CRAY_SECURE_SYS);
-
-	/*
-	 *	Get socket's security label
-	 */
-	if (secflag)  {
-		int szss = sizeof(ss);
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-		int sock_multi;
-		int szi = sizeof(int);
-#endif /* SO_SEC_MULTI */
-
-		memset(&dv, 0, sizeof(dv));
-
-		if (getsysv(&sysv, sizeof(struct sysv)) != 0) {
-			perror("getsysv");
-			exit(1);
-		}
-
-		/*
-		 *	Get socket security label and set device values
-		 *	   {security label to be set on ttyp device}
-		 */
-#ifdef SO_SEC_MULTI			/* 8.0 code */
-		if ((getsockopt(0, SOL_SOCKET, SO_SECURITY,
-			       (char *)&ss, &szss) < 0) ||
-		    (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI,
-				(char *)&sock_multi, &szi) < 0)) {
-			perror("getsockopt");
-			exit(1);
-		} else {
-			dv.dv_actlvl = ss.ss_actlabel.lt_level;
-			dv.dv_actcmp = ss.ss_actlabel.lt_compart;
-			if (!sock_multi) {
-				dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl;
-				dv.dv_valcmp = dv.dv_actcmp;
-			} else {
-				dv.dv_minlvl = ss.ss_minlabel.lt_level;
-				dv.dv_maxlvl = ss.ss_maxlabel.lt_level;
-				dv.dv_valcmp = ss.ss_maxlabel.lt_compart;
-			}
-			dv.dv_devflg = 0;
-		}
-#else /* SO_SEC_MULTI */		/* 7.0 code */
-		if (getsockopt(0, SOL_SOCKET, SO_SECURITY,
-				(char *)&ss, &szss) >= 0) {
-			dv.dv_actlvl = ss.ss_slevel;
-			dv.dv_actcmp = ss.ss_compart;
-			dv.dv_minlvl = ss.ss_minlvl;
-			dv.dv_maxlvl = ss.ss_maxlvl;
-			dv.dv_valcmp = ss.ss_maxcmp;
-		}
-#endif /* SO_SEC_MULTI */
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
-	fromlen = sizeof (from);
-	memset(&from, 0, sizeof(from));
-	if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
-		fprintf(stderr, "%s: ", progname);
-		perror("getpeername");
-		_exit(1);
-	}
-	if (keepalive &&
-	    setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
-			(char *)&on, sizeof (on)) < 0) {
-		syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
-	}
-
-#if	defined(IPPROTO_IP) && defined(IP_TOS)
-	if (fromlen == sizeof (struct in_addr)) {
-# if	defined(HAVE_GETTOSBYNAME)
-		struct tosent *tp;
-		if (tos < 0 && (tp = gettosbyname("telnet", "tcp")))
-			tos = tp->t_tos;
-# endif
-		if (tos < 0)
-			tos = 020;	/* Low Delay bit */
-		if (tos
-		   && (setsockopt(0, IPPROTO_IP, IP_TOS,
-				  (char *)&tos, sizeof(tos)) < 0)
-		   && (errno != ENOPROTOOPT) )
-			syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
-	}
-#endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
-	net = 0;
-	doit((struct sockaddr *)&from);
-
-	/* NOTREACHED */
-	return 0;
-}  /* end of main */
-
-	void
-usage()
-{
-	fprintf(stderr, "Usage: telnetd");
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-a (debug|other|user|valid|off|none)]\n\t");
-#endif
-#ifdef BFTPDAEMON
-	fprintf(stderr, " [-B]");
-#endif
-	fprintf(stderr, " [-debug]");
-#ifdef DIAGNOSTICS
-	fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-edebug]");
-#endif
-	fprintf(stderr, " [-h]");
-#if	defined(CRAY) && defined(NEWINIT)
-	fprintf(stderr, " [-Iinitid]");
-#endif
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-	fprintf(stderr, " [-k]");
-#endif
-#ifdef LINEMODE
-	fprintf(stderr, " [-l]");
-#endif
-	fprintf(stderr, " [-n]");
-#ifdef	CRAY
-	fprintf(stderr, " [-r[lowpty]-[highpty]]");
-#endif
-	fprintf(stderr, "\n\t");
-#ifdef	SecurID
-	fprintf(stderr, " [-s]");
-#endif
-#ifdef	HAVE_GETTOSBYNAME
-	fprintf(stderr, " [-S tos]");
-#endif
-#ifdef	AUTHENTICATION
-	fprintf(stderr, " [-X auth-type]");
-#endif
-	fprintf(stderr, " [-U]\n\t");
-	fprintf(stderr, " [-w [ip|maxhostlen[,[no]striplocal]]]\n\t");
-	fprintf(stderr, " [port]\n");
-	exit(1);
-}
-
-static void encrypt_failure()
-{
-    char *lerror_message;
-
-    if (auth_must_encrypt())
-	lerror_message = "Encryption was not successfully negotiated.  Goodbye.\r\n\r\n";
-    else
-	lerror_message = "Unencrypted connection refused. Goodbye.\r\n\r\n";
-
-    netputs(lerror_message);
-    netflush();
-    exit(1);
-}
-
-/*
- * getterminaltype
- *
- *	Ask the other end to send along its terminal type and speed.
- * Output is the variable terminaltype filled in.
- */
-static unsigned char ttytype_sbbuf[] = {
-	IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE
-};
-
-static int
-getterminaltype(name)
-    char *name;
-{
-    settimer(baseline);
-#if	defined(AUTHENTICATION)
-    ttsuck();
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	auth_wait(name);
-    }
-#endif
-
-#ifdef	ENCRYPTION
-    send_will(TELOPT_ENCRYPT, 1);
-    send_do(TELOPT_ENCRYPT, 1);
-#endif	/* ENCRYPTION */
-    send_do(TELOPT_TTYPE, 1);
-    send_do(TELOPT_TSPEED, 1);
-    send_do(TELOPT_XDISPLOC, 1);
-    send_do(TELOPT_NEW_ENVIRON, 1);
-    send_do(TELOPT_OLD_ENVIRON, 1);
-    while (
-#ifdef	ENCRYPTION
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-	   his_will_wont_is_changing(TELOPT_ENCRYPT) ||
-#endif	/* ENCRYPTION */
-	   his_will_wont_is_changing(TELOPT_TTYPE) ||
-	   his_will_wont_is_changing(TELOPT_TSPEED) ||
-	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
-	   his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
-	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
-	ttloop();
-    }
-#ifdef	ENCRYPTION
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-    if (must_encrypt || auth_must_encrypt()) {
-	time_t timeout = time(0) + 60;
-
-	if (my_state_is_dont(TELOPT_ENCRYPT) ||
-	    my_state_is_wont(TELOPT_ENCRYPT) ||
-	    his_state_is_wont(TELOPT_AUTHENTICATION))
-	    encrypt_failure();
-
-	while (!EncryptStartInput()) {
-	    if (time (0) > timeout)
-		encrypt_failure();
-	    ttloop();
-	}
-
-	while (!EncryptStartOutput()) {
-	    if (time (0) > timeout)
-		encrypt_failure();
-	    ttloop();
-	}
-
-	while (!encrypt_is_encrypting()) {
-	    if (time(0) > timeout)
-		encrypt_failure();
-	    ttloop();
-	}
-    }
-#endif	/* ENCRYPTION */
-    /* Options like environment require authentication and encryption
-       negotiation to be completed.*/
-    auth_negotiated = 1;
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
-	netwrite(sb, sizeof(sb));
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
-	netwrite(sb, sizeof(sb));
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
-	netwrite(sb, sizeof(sb));
-    }
-    else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	static unsigned char sb[] =
-			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
-	netwrite(sb, sizeof(sb));
-    }
-    if (his_state_is_will(TELOPT_TTYPE))
-	netwrite(ttytype_sbbuf, sizeof(ttytype_sbbuf));
-
-    if (his_state_is_will(TELOPT_TSPEED)) {
-	while (sequenceIs(tspeedsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_XDISPLOC)) {
-	while (sequenceIs(xdisplocsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
-	while (sequenceIs(environsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
-	while (sequenceIs(oenvironsubopt, baseline))
-	    ttloop();
-    }
-    if (his_state_is_will(TELOPT_TTYPE)) {
-	char first[256], last[256];
-
-	while (sequenceIs(ttypesubopt, baseline))
-	    ttloop();
-
-	/*
-	 * If the other side has already disabled the option, then
-	 * we have to just go with what we (might) have already gotten.
-	 */
-	if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
-	    (void) strncpy(first, terminaltype, sizeof(first) - 1);
-	    first[sizeof(first) - 1] = '\0';
-	    for(;;) {
-		/*
-		 * Save the unknown name, and request the next name.
-		 */
-		(void) strncpy(last, terminaltype, sizeof(last) - 1);
-		last[sizeof(last) - 1] = '\0';
-		_gettermname();
-		if (terminaltypeok(terminaltype))
-		    break;
-		if ((strncmp(last, terminaltype, sizeof(last)) == 0) ||
-		    his_state_is_wont(TELOPT_TTYPE)) {
-		    /*
-		     * We've hit the end.  If this is the same as
-		     * the first name, just go with it.
-		     */
-		    if (strncmp(first, terminaltype, sizeof(first)) == 0)
-			break;
-		    /*
-		     * Get the terminal name one more time, so that
-		     * RFC1091 compliant telnets will cycle back to
-		     * the start of the list.
-		     */
-		    _gettermname();
-		    if (strncmp(first, terminaltype, sizeof(first)) != 0) {
-			(void) strncpy(terminaltype, first,
-				       sizeof(terminaltype) - 1);
-			terminaltype[sizeof(terminaltype) - 1] = '\0';
-		    }
-		    break;
-		}
-	    }
-	}
-    }
-#ifdef AUTHENTICATION
-    return(auth_check(name));
-#else
-    return(-1);
-#endif
-}  /* end of getterminaltype */
-
-static void
-_gettermname()
-{
-    /*
-     * If the client turned off the option,
-     * we can't send another request, so we
-     * just return.
-     */
-    if (his_state_is_wont(TELOPT_TTYPE))
-	return;
-    settimer(baseline);
-    netwrite(ttytype_sbbuf, sizeof(ttytype_sbbuf));
-    while (sequenceIs(ttypesubopt, baseline))
-	ttloop();
-}
-
-    int
-terminaltypeok(s)
-    char *s;
-{
-    char buf[1024];
-
-    if (!*s)
-	return(1);
-
-    /*
-     * tgetent() will return 1 if the type is known, and
-     * 0 if it is not known.  If it returns -1, it couldn't
-     * open the database.  But if we can't open the database,
-     * it won't help to say we failed, because we won't be
-     * able to verify anything else.  So, we treat -1 like 1.
-     */
-    if (tgetent(buf, s) == 0)
-	return(0);
-    return(1);
-}
-#if HAVE_ARPA_NAMESER_H
-#include <arpa/nameser.h>
-#endif
-
-#ifndef MAXDNAME
-#define MAXDNAME 256 /*per the rfc*/
-#endif
-
-char *hostname;
-char host_name[MAXDNAME];
-char remote_host_name[MAXDNAME];
-char *rhost_sane;
-
-#ifndef	convex
-extern void telnet (int, int);
-#else
-extern void telnet (int, int, char *);
-#endif
-
-/*
- * Get a pty, scan input lines.
- */
-static void doit(who)
-	struct sockaddr *who;
-{
-	int level;
-#if	defined(_SC_CRAY_SECURE_SYS)
-	int ptynum;
-#endif
-	char user_name[256];
-	long retval;
-	/*
-	 * Find an available pty to use.
-	 */
-	pty_init();
-
-
-	if ((retval = pty_getpty(&pty, line, 17)) != 0) {
-		fatal(net, error_message(retval));
-	}
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	/*
-	 *	set ttyp line security label
-	 */
-	if (secflag) {
-		char slave_dev[16];
-/*xxx This code needs to be fixed to work without ptynum; I don't understand why they don't currently use line, so I don't really know how to fix.*/
-		snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
-		if (setdevs(tty_dev, &dv) < 0)
-		 	fatal(net, "cannot set pty security");
-		snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
-		if (setdevs(slave_dev, &dv) < 0)
-		 	fatal(net, "cannot set tty security");
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	retval = pty_make_sane_hostname((struct sockaddr *) who, maxhostlen,
-					stripdomain, always_ip,
-					&rhost_sane);
-	if (retval) {
-		fatal(net, error_message(retval));
-	}
-	if (registerd_host_only) {
-	    /* Get name of connected client -- but we don't actually
-	       use it.  Just confirm that we can get it.  */
-	    int aierror;
-	    char hostnamebuf[NI_MAXHOST];
-	    aierror = getnameinfo (who, socklen (who),
-				   hostnamebuf, sizeof (hostnamebuf), 0, 0,
-				   NI_NAMEREQD);
-	    if (aierror != 0) {
-		fatal(net,
-		      "Couldn't resolve your address into a host name.\r\n"
-		      "Please contact your net administrator");
-	    }
-	}
-
-	(void) gethostname(host_name, sizeof (host_name));
-	hostname = host_name;
-
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
-	auth_encrypt_init(hostname, rhost_sane, "TELNETD", 1);
-#endif
-
-	init_env();
-
-#ifdef	SIGTTOU
-	/*
-	 * Ignoring SIGTTOU keeps the kernel from blocking us.
-	 * we tweak the tty with an ioctl()
-	 * (in ttioct() in /sys/tty.c in a BSD kernel)
-	 */
-	(void) signal(SIGTTOU, SIG_IGN);
-#endif
-	/*
-	 * get terminal type.
-	 */
-	*user_name = 0;
-	level = getterminaltype(user_name);
-	setenv("TERM", *terminaltype ? terminaltype : "network", 1);
-
-#if defined (AUTHENTICATION)
-	if (level < 0 && auth_level > 0) {
-		fatal (net, "No authentication provided");
-		exit (-1);
-	}
-#endif
-	/*
-	 * Start up the login process on the slave side of the terminal
-	 */
-#ifndef	convex
-	startslave(rhost_sane, level, user_name);
-
-#if	defined(_SC_CRAY_SECURE_SYS)
-	if (secflag) {
-		if (setulvl(dv.dv_actlvl) < 0)
-			fatal(net,"cannot setulvl()");
-		if (setucmp(dv.dv_actcmp) < 0)
-			fatal(net, "cannot setucmp()");
-	}
-#endif	/* _SC_CRAY_SECURE_SYS */
-
-	telnet(net, pty);  /* begin server processing */
-#else
-	telnet(net, pty, rhost_sane);
-#endif
-	/*NOTREACHED*/
-}  /* end of doit */
-
-#if	defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50)
-	int
-Xterm_output(ibufp, obuf, icountp, ocount)
-	char **ibufp, *obuf;
-	int *icountp, ocount;
-{
-	int ret;
-	ret = term_output(*ibufp, obuf, *icountp, ocount);
-	*ibufp += *icountp;
-	*icountp = 0;
-	return(ret);
-}
-#define	term_output	Xterm_output
-#endif	/* defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) */
-
-/*
- * Main loop.  Select from pty and network, and
- * hand data to telnet receiver finite state machine.
- */
-	void
-#ifndef	convex
-telnet(f, p)
-#else
-telnet(f, p, host)
-#endif
-	int f, p;
-#ifdef convex
-	char *host;
-#endif
-{
-	int on = 1;
-#define	TABBUFSIZ	512
-	char	defent[TABBUFSIZ];
-	char	defstrs[TABBUFSIZ];
-#undef	TABBUFSIZ
-	char *HEstr;
-	char *HN;
-	char *IM;
-	void netflush();
-
-	/*
-	 * Initialize the slc mapping table.
-	 */
-	get_slc_defaults();
-
-	/*
-	 * Do some tests where it is desireable to wait for a response.
-	 * Rather than doing them slowly, one at a time, do them all
-	 * at once.
-	 */
-	if (my_state_is_wont(TELOPT_SGA))
-		send_will(TELOPT_SGA, 1);
-	/*
-	 * Is the client side a 4.2 (NOT 4.3) system?  We need to know this
-	 * because 4.2 clients are unable to deal with TCP urgent data.
-	 *
-	 * To find out, we send out a "DO ECHO".  If the remote system
-	 * answers "WILL ECHO" it is probably a 4.2 client, and we note
-	 * that fact ("WILL ECHO" ==> that the client will echo what
-	 * WE, the server, sends it; it does NOT mean that the client will
-	 * echo the terminal input).
-	 */
-	send_do(TELOPT_ECHO, 1);
-
-#ifdef	LINEMODE
-	if (his_state_is_wont(TELOPT_LINEMODE)) {
-		/* Query the peer for linemode support by trying to negotiate
-		 * the linemode option.
-		 */
-		linemode = 0;
-		editmode = 0;
-		send_do(TELOPT_LINEMODE, 1);  /* send do linemode */
-	}
-#endif	/* LINEMODE */
-
-	/*
-	 * Send along a couple of other options that we wish to negotiate.
-	 */
-	send_do(TELOPT_NAWS, 1);
-	send_will(TELOPT_STATUS, 1);
-	flowmode = 1;		/* default flow control state */
-	restartany = -1;	/* uninitialized... */
-	send_do(TELOPT_LFLOW, 1);
-
-	/*
-	 * Spin, waiting for a response from the DO ECHO.  However,
-	 * some REALLY DUMB telnets out there might not respond
-	 * to the DO ECHO.  So, we spin looking for NAWS, (most dumb
-	 * telnets so far seem to respond with WONT for a DO that
-	 * they don't understand...) because by the time we get the
-	 * response, it will already have processed the DO ECHO.
-	 * Kludge upon kludge.
-	 */
-	while (his_will_wont_is_changing(TELOPT_NAWS))
-		ttloop();
-
-	/*
-	 * But...
-	 * The client might have sent a WILL NAWS as part of its
-	 * startup code; if so, we'll be here before we get the
-	 * response to the DO ECHO.  We'll make the assumption
-	 * that any implementation that understands about NAWS
-	 * is a modern enough implementation that it will respond
-	 * to our DO ECHO request; hence we'll do another spin
-	 * waiting for the ECHO option to settle down, which is
-	 * what we wanted to do in the first place...
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO) &&
-	    his_state_is_will(TELOPT_NAWS)) {
-		while (his_will_wont_is_changing(TELOPT_ECHO))
-			ttloop();
-	}
-	/*
-	 * On the off chance that the telnet client is broken and does not
-	 * respond to the DO ECHO we sent, (after all, we did send the
-	 * DO NAWS negotiation after the DO ECHO, and we won't get here
-	 * until a response to the DO NAWS comes back) simulate the
-	 * receipt of a will echo.  This will also send a WONT ECHO
-	 * to the client, since we assume that the client failed to
-	 * respond because it believes that it is already in DO ECHO
-	 * mode, which we do not want.
-	 */
-	if (his_want_state_is_will(TELOPT_ECHO)) {
-		DIAG(TD_OPTIONS, netputs("td: simulating recv\r\n"));
-		willoption(TELOPT_ECHO);
-	}
-
-	/*
-	 * Finally, to clean things up, we turn on our echo.  This
-	 * will break stupid 4.2 telnets out of local terminal echo.
-	 */
-
-	if (my_state_is_wont(TELOPT_ECHO))
-		send_will(TELOPT_ECHO, 1);
-
-#ifndef	STREAMSPTY
-	/*
-	 * Turn on packet mode
-	 */
-	(void) ioctl(p, TIOCPKT, (char *)&on);
-#endif
-
-#if	defined(LINEMODE) && defined(KLUDGELINEMODE)
-	/*
-	 * Continuing line mode support.  If client does not support
-	 * real linemode, attempt to negotiate kludge linemode by sending
-	 * the do timing mark sequence.
-	 */
-	if (lmodetype < REAL_LINEMODE)
-		send_do(TELOPT_TM, 1);
-#endif	/* defined(LINEMODE) && defined(KLUDGELINEMODE) */
-
-	/*
-	 * Call telrcv() once to pick up anything received during
-	 * terminal type negotiation, 4.2/4.3 determination, and
-	 * linemode negotiation.
-	 */
-	telrcv();
-
-	(void) ioctl(f, FIONBIO, (char *)&on);
-	(void) ioctl(p, FIONBIO, (char *)&on);
-#if	defined(CRAY2) && defined(UNICOS5)
-	init_termdriver(f, p, interrupt, sendbrk);
-#endif
-
-#if	defined(SO_OOBINLINE)
-	(void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE,
-				(char *)&on, sizeof(on));
-#endif	/* defined(SO_OOBINLINE) */
-
-#ifdef	SIGTSTP
-	(void) signal(SIGTSTP, SIG_IGN);
-#endif
-
-	(void) signal(SIGCHLD, cleanup);
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Cray-2 will send a signal when pty modes are changed by slave
-	 * side.  Set up signal handler now.
-	 */
-	if ((int)signal(SIGUSR1, termstat) < 0)
-		perror("signal");
-	else if (ioctl(p, TCSIGME, (char *)SIGUSR1) < 0)
-		perror("ioctl:TCSIGME");
-	/*
-	 * Make processing loop check terminal characteristics early on.
-	 */
-	termstat();
-#endif
-
-#ifdef  TIOCNOTTY
-	{
-		register int t;
-		t = open(_PATH_TTY, O_RDWR);
-		if (t >= 0) {
-			(void) ioctl(t, TIOCNOTTY, (char *)0);
-			(void) close(t);
-		}
-	}
-#endif
-
-#if	defined(CRAY) && defined(NEWINIT) && defined(TIOCSCTTY)
-	(void) setsid();
-	ioctl(p, TIOCSCTTY, 0);
-#endif
-
-	/*
-	 * Show banner that getty never gave.
-	 *
-	 * We put the banner in the pty input buffer.  This way, it
-	 * gets carriage return null processing, etc., just like all
-	 * other pty --> client data.
-	 */
-
-#if	!defined(CRAY) || !defined(NEWINIT)
-	if (getenv("USER"))
-		hostinfo = 0;
-#endif
-
-	if (getent(defent, "default") == 1) {
-		char *getstr();
-		char *cp=defstrs;
-
-		HEstr = getstr("he", &cp);
-		HN = getstr("hn", &cp);
-		IM = getstr("im", &cp);
-		if (HN && *HN)
-			(void) strncpy(host_name, HN, sizeof(host_name) - 1);
-		host_name[sizeof(host_name) - 1] = '\0';
-		if (IM == 0)
-			IM = "";
-	} else {
-		IM = get_default_IM();
-		HEstr = 0;
-	}
-	edithost(HEstr, host_name);
-	if (hostinfo && *IM)
-		putf(IM, ptyibuf2);
-
-	if (pcc)
-		(void) strncat(ptyibuf2, ptyip, pcc+1);
-	ptyip = ptyibuf2;
-	pcc = strlen(ptyip);
-#ifdef	LINEMODE
-	/*
-	 * Last check to make sure all our states are correct.
-	 */
-	init_termbuf();
-	localstat();
-#endif	/* LINEMODE */
-
-	DIAG(TD_REPORT, netputs("td: Entering processing loop\r\n"));
-
-#ifdef	convex
-	startslave(host);
-#endif
-
-	for (;;) {
-		fd_set ibits, obits, xbits;
-		register int c;
-
-		if (ncc < 0 && pcc < 0)
-			break;
-
-#if	defined(CRAY2) && defined(UNICOS5)
-		if (needtermstat)
-			_termstat();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-		FD_ZERO(&ibits);
-		FD_ZERO(&obits);
-		FD_ZERO(&xbits);
-		/*
-		 * Never look for input if there's still
-		 * stuff in the corresponding output buffer
-		 */
-		if (nfrontp - nbackp || pcc > 0) {
-			FD_SET(f, &obits);
-		} else {
-			FD_SET(p, &ibits);
-		}
-		if (pfrontp - pbackp || ncc > 0) {
-			FD_SET(p, &obits);
-		} else {
-			FD_SET(f, &ibits);
-		}
-		if (!SYNCHing) {
-			FD_SET(f, &xbits);
-		}
-		if ((c = select(16, &ibits, &obits, &xbits,
-						(struct timeval *)0)) < 1) {
-			if (c == -1) {
-				if (errno == EINTR) {
-					continue;
-				}
-			}
-			sleep(5);
-			continue;
-		}
-
-		/*
-		 * Any urgent data?
-		 */
-		if (FD_ISSET(net, &xbits)) {
-		    SYNCHing = 1;
-		}
-
-		/*
-		 * Something to read from the network...
-		 */
-		if (FD_ISSET(net, &ibits)) {
-#if	!defined(SO_OOBINLINE)
-			/*
-			 * In 4.2 (and 4.3 beta) systems, the
-			 * OOB indication and data handling in the kernel
-			 * is such that if two separate TCP Urgent requests
-			 * come in, one byte of TCP data will be overlaid.
-			 * This is fatal for Telnet, but we try to live
-			 * with it.
-			 *
-			 * In addition, in 4.2 (and...), a special protocol
-			 * is needed to pick up the TCP Urgent data in
-			 * the correct sequence.
-			 *
-			 * What we do is:  if we think we are in urgent
-			 * mode, we look to see if we are "at the mark".
-			 * If we are, we do an OOB receive.  If we run
-			 * this twice, we will do the OOB receive twice,
-			 * but the second will fail, since the second
-			 * time we were "at the mark", but there wasn't
-			 * any data there (the kernel doesn't reset
-			 * "at the mark" until we do a normal read).
-			 * Once we've read the OOB data, we go ahead
-			 * and do normal reads.
-			 *
-			 * There is also another problem, which is that
-			 * since the OOB byte we read doesn't put us
-			 * out of OOB state, and since that byte is most
-			 * likely the TELNET DM (data mark), we would
-			 * stay in the TELNET SYNCH (SYNCHing) state.
-			 * So, clocks to the rescue.  If we've "just"
-			 * received a DM, then we test for the
-			 * presence of OOB data when the receive OOB
-			 * fails (and AFTER we did the normal mode read
-			 * to clear "at the mark").
-			 */
-		    if (SYNCHing) {
-			int atmark;
-
-			(void) ioctl(net, SIOCATMARK, (char *)&atmark);
-			if (atmark) {
-			    ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB);
-			    if ((ncc == -1) && (errno == EINVAL)) {
-				ncc = read(net, netibuf, sizeof (netibuf));
-				if (sequenceIs(didnetreceive, gotDM)) {
-				    SYNCHing = stilloob(net);
-				}
-			    }
-			} else {
-			    ncc = read(net, netibuf, sizeof (netibuf));
-			}
-		    } else {
-			ncc = read(net, netibuf, sizeof (netibuf));
-		    }
-		    settimer(didnetreceive);
-#else	/* !defined(SO_OOBINLINE)) */
-		    ncc = read(net, netibuf, sizeof (netibuf));
-#endif	/* !defined(SO_OOBINLINE)) */
-		    if (ncc < 0 && errno == EWOULDBLOCK)
-			ncc = 0;
-		    else {
-			if (ncc <= 0) {
-			    break;
-			}
-			netip = netibuf;
-		    }
-		    DIAG((TD_REPORT | TD_NETDATA),
-			 netprintf("td: netread %d chars\r\n", ncc));
-		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
-		}
-
-		/*
-		 * Something to read from the pty...
-		 */
-		if (FD_ISSET(p, &ibits)) {
-#ifndef	STREAMSPTY
-			pcc = read(p, ptyibuf, BUFSIZ);
-#else
-			pcc = readstream(p, ptyibuf, BUFSIZ);
-#endif
-			/*
-			 * On some systems, if we try to read something
-			 * off the master side before the slave side is
-			 * opened, we get EIO.
-			 */
-			if (pcc < 0 && (errno == EWOULDBLOCK ||
-#ifdef	EAGAIN
-					errno == EAGAIN ||
-#endif
-					errno == EIO)) {
-				pcc = 0;
-			} else {
-				if (pcc <= 0)
-					break;
-#if	!defined(CRAY2) || !defined(UNICOS5)
-#ifdef	LINEMODE
-				/*
-				 * If ioctl from pty, pass it through net
-				 */
-				if (ptyibuf[0] & TIOCPKT_IOCTL) {
-					copy_termbuf(ptyibuf+1, pcc-1);
-					localstat();
-					pcc = 1;
-				}
-#endif	/* LINEMODE */
-				if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) {
-					netclear();	/* clear buffer back */
-#ifndef	NO_URGENT
-					/*
-					 * There are client telnets on some
-					 * operating systems get screwed up
-					 * royally if we send them urgent
-					 * mode data.
-					 */
-					netprintf_urg("%c%c", IAC, DM);
-#endif
-				}
-				if (his_state_is_will(TELOPT_LFLOW) &&
-				    (ptyibuf[0] &
-				     (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) {
-					int newflow =
-					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
-					if (newflow != flowmode) {
-						flowmode = newflow;
-						netprintf("%c%c%c%c%c%c",
-							IAC, SB, TELOPT_LFLOW,
-							flowmode ? LFLOW_ON
-								 : LFLOW_OFF,
-							IAC, SE);
-					}
-				}
-				pcc--;
-				ptyip = ptyibuf+1;
-#else	/* defined(CRAY2) && defined(UNICOS5) */
-				if (!uselinemode) {
-					unpcc = pcc;
-					unptyip = ptyibuf;
-					pcc = term_output(&unptyip, ptyibuf2,
-								&unpcc, BUFSIZ);
-					ptyip = ptyibuf2;
-				} else
-					ptyip = ptyibuf;
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			}
-		}
-
-		while (pcc > 0) {
-			if ((&netobuf[BUFSIZ] - nfrontp) < 2)
-				break;
-			c = *ptyip++ & 0377, pcc--;
-			if (c == IAC)
-				netprintf("%c", c);
-#if	defined(CRAY2) && defined(UNICOS5)
-			else if (c == '\n' &&
-				     my_state_is_wont(TELOPT_BINARY) && newmap)
-				netputs("\r");
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-			netprintf("%c", c);
-			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
-				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
-					netprintf("%c", *ptyip++ & 0377);
-					pcc--;
-				} else
-					netprintf("%c", '\0');
-			}
-		}
-#if	defined(CRAY2) && defined(UNICOS5)
-		/*
-		 * If chars were left over from the terminal driver,
-		 * note their existence.
-		 */
-		if (!uselinemode && unpcc) {
-			pcc = unpcc;
-			unpcc = 0;
-			ptyip = unptyip;
-		}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-		if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0)
-			netflush();
-		if (ncc > 0)
-			telrcv();
-		if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0)
-			ptyflush();
-	}
-	(void) signal(SIGCHLD, SIG_DFL);
-	cleanup(0);
-}  /* end of telnet */
-
-#ifndef	TCSIG
-# ifdef	TIOCSIG
-#  define TCSIG TIOCSIG
-# endif
-#endif
-
-#ifdef	STREAMSPTY
-
-int flowison = -1;  /* current state of flow: -1 is unknown */
-
-int readstream(p, ibuf, bufsize)
-	int p;
-	char *ibuf;
-	int bufsize;
-{
-	int flags = 0;
-	int ret = 0;
-	struct termios *tsp;
-	struct termio *tp;
-	struct iocblk *ip;
-	char vstop, vstart;
-	int ixon;
-	int newflow;
-
-	strbufc.maxlen = BUFSIZ;
-	strbufc.buf = (char *)ctlbuf;
-	strbufd.maxlen = bufsize-1;
-	strbufd.len = 0;
-	strbufd.buf = ibuf+1;
-	ibuf[0] = 0;
-
-	ret = getmsg(p, &strbufc, &strbufd, &flags);
-	if (ret < 0)  /* error of some sort -- probably EAGAIN */
-		return(-1);
-
-	if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
-		/* data message */
-		if (strbufd.len > 0) {			/* real data */
-			return(strbufd.len + 1);	/* count header char */
-		} else {
-			/* nothing there */
-			errno = EAGAIN;
-			return(-1);
-		}
-	}
-
-	/*
-	 * It's a control message.  Return 1, to look at the flag we set
-	 */
-
-	switch (ctlbuf[0]) {
-	case M_FLUSH:
-		if (ibuf[1] & FLUSHW)
-			ibuf[0] = TIOCPKT_FLUSHWRITE;
-		return(1);
-
-	case M_IOCTL:
-		ip = (struct iocblk *) (ibuf+1);
-		if (readstream_termio(ip->ioc_cmd, ibuf,
-				      &vstop, &vstart, &ixon)) {
-		  if (readstream_termios(ip->ioc_cmd, ibuf,
-					 &vstop, &vstart, &ixon)) {
-		    errno = EAGAIN;
-		    return(-1);
-		  }
-		}
-
-		newflow =  (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
-		if (newflow != flowison) {  /* it's a change */
-			flowison = newflow;
-			ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
-			return(1);
-		}
-	}
-
-	/* nothing worth doing anything about */
-	errno = EAGAIN;
-	return(-1);
-}
-#endif /* STREAMSPTY */
-
-/*
- * Send interrupt to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write intr char.
- */
-	void
-interrupt()
-{
-	ptyflush();	/* half-hearted */
-
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGINT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_IP].sptr ?
-			(unsigned char)*slctab[SLC_IP].sptr : '\177';
-#endif	/* TCSIG */
-}
-
-/*
- * Send quit to process on other side of pty.
- * If it is in raw mode, just write NULL;
- * otherwise, write quit char.
- */
-	void
-sendbrk()
-{
-	ptyflush();	/* half-hearted */
-#ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGQUIT);
-#else	/* TCSIG */
-	init_termbuf();
-	*pfrontp++ = slctab[SLC_ABORT].sptr ?
-			(unsigned char)*slctab[SLC_ABORT].sptr : '\034';
-#endif	/* TCSIG */
-}
-
-	void
-sendsusp()
-{
-#ifdef	SIGTSTP
-	ptyflush();	/* half-hearted */
-# ifdef	TCSIG
-	(void) ioctl(pty, TCSIG, (char *)SIGTSTP);
-# else	/* TCSIG */
-	*pfrontp++ = slctab[SLC_SUSP].sptr ?
-			(unsigned char)*slctab[SLC_SUSP].sptr : '\032';
-# endif	/* TCSIG */
-#endif	/* SIGTSTP */
-}
-
-/*
- * When we get an AYT, if ^T is enabled, use that.  Otherwise,
- * just send back "[Yes]".
- */
-void
-recv_ayt()
-{
-#if	defined(SIGINFO) && defined(TCSIG)
-	if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) {
-		(void) ioctl(pty, TCSIG, (char *)SIGINFO);
-		return;
-	}
-#endif
-	netputs("\r\n[Yes]\r\n");
-}
-
-	void
-doeof()
-{
-	init_termbuf();
-
-#if	defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN)
-	if (!tty_isediting()) {
-		extern char oldeofc;
-		*pfrontp++ = oldeofc;
-		return;
-	}
-#endif
-	*pfrontp++ = slctab[SLC_EOF].sptr ?
-			(unsigned char)*slctab[SLC_EOF].sptr : '\004';
-}
diff --git a/src/appl/telnet/telnetd/telnetd.h b/src/appl/telnet/telnetd/telnetd.h
deleted file mode 100644
index 48980c5..0000000
--- a/src/appl/telnet/telnetd/telnetd.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *	@(#)telnetd.h	8.1 (Berkeley) 6/4/93
- */
-
-
-#include "defs.h"
-#include "ext.h"
-
-#ifdef	DIAGNOSTICS
-#define	DIAG(a,b)	if (diagnostic & (a)) b
-#else
-#define	DIAG(a,b)
-#endif
-
-/* other external variables */
-extern	char **environ;
diff --git a/src/appl/telnet/telnetd/termio-tn.c b/src/appl/telnet/telnetd/termio-tn.c
deleted file mode 100644
index 8f27d59..0000000
--- a/src/appl/telnet/telnetd/termio-tn.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* handle having mutually exclusive termio vs. termios */
-/* return 0 if handled */
-#ifdef	STREAMSPTY
-#include <sys/types.h>
-#include <sys/stream.h>
-#include <sys/ioctl.h>
-#include <termio.h>
-
-#include "defs.h"
-#include "ext.h"
-
-int readstream_termio(cmd, ibuf, vstop, vstart, ixon)
-     int cmd;
-     char *ibuf;
-     char *vstop, *vstart;
-     int *ixon;
-{
-  struct termio *tp;
-  switch (cmd) {
-  case TCSETA:
-  case TCSETAW:
-  case TCSETAF:
-    tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk));
-#if 0				/* VSTOP/VSTART only in termios!? */
-    *vstop = tp->c_cc[VSTOP];
-    *vstart = tp->c_cc[VSTART];
-#endif
-    *ixon = tp->c_iflag & IXON;
-    return 0;
-  }
-  return -1;
-}
-
-#else
-int silence_warnings_about_empty_source_file_termio = 42;
-#endif /* STREAMSPTY */
diff --git a/src/appl/telnet/telnetd/termios-tn.c b/src/appl/telnet/telnetd/termios-tn.c
deleted file mode 100644
index 1c26cac..0000000
--- a/src/appl/telnet/telnetd/termios-tn.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/* handle having mutually exclusive termio vs. termios */
-/* return 0 if handled */
-#ifdef	STREAMSPTY
-#include <sys/types.h>
-#include <sys/stream.h>
-#include <sys/ioctl.h>
-#include <termios.h>
-#if !defined(TCSETS) && defined(_AIX) /* kludge for AIX */
-#include <termio.h>
-#endif
-
-#include "defs.h"
-#include "ext.h"
-
-int readstream_termios(cmd, ibuf, vstop, vstart, ixon)
-     int cmd;
-     char *ibuf;
-     char *vstop, *vstart;
-     int *ixon;
-{
-  struct termios *tsp;
-  switch (cmd) {
-  case TCSETS:
-  case TCSETSW:
-  case TCSETSF:
-    tsp = (struct termios *)
-      (ibuf+1 + sizeof(struct iocblk));
-    *vstop = tsp->c_cc[VSTOP];
-    *vstart = tsp->c_cc[VSTART];
-    *ixon = tsp->c_iflag & IXON;
-    return 0;
-  }
-  return -1;
-}
-
-#else
-int silence_warnings_about_empty_source_file_termios = 42;
-#endif /* STREAMSPTY */
diff --git a/src/appl/telnet/telnetd/termstat.c b/src/appl/telnet/telnetd/termstat.c
deleted file mode 100644
index d620719..0000000
--- a/src/appl/telnet/telnetd/termstat.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)termstat.c	8.1 (Berkeley) 6/4/93 */
-
-#include "telnetd.h"
-
-/*
- * local variables
- */
-int def_tspeed = -1, def_rspeed = -1;
-#ifdef	TIOCSWINSZ
-int def_row = 0, def_col = 0;
-#endif
-#ifdef	LINEMODE
-static int _terminit = 0;
-#endif	/* LINEMODE */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-int	newmap = 1;	/* nonzero if \n maps to ^M^J */
-#endif
-
-#ifdef	LINEMODE
-/*
- * localstat
- *
- * This function handles all management of linemode.
- *
- * Linemode allows the client to do the local editing of data
- * and send only complete lines to the server.  Linemode state is
- * based on the state of the pty driver.  If the pty is set for
- * external processing, then we can use linemode.  Further, if we
- * can use real linemode, then we can look at the edit control bits
- * in the pty to determine what editing the client should do.
- *
- * Linemode support uses the following state flags to keep track of
- * current and desired linemode state.
- *	alwayslinemode : true if -l was specified on the telnetd
- * 	command line.  It means to have linemode on as much as
- *	possible.
- *
- * 	lmodetype: signifies whether the client can
- *	handle real linemode, or if use of kludgeomatic linemode
- *	is preferred.  It will be set to one of the following:
- *		REAL_LINEMODE : use linemode option
- *		NO_KLUDGE : don't initiate kludge linemode.
- *		KLUDGE_LINEMODE : use kludge linemode
- *		NO_LINEMODE : client is ignorant of linemode
- *
- *	linemode, uselinemode : linemode is true if linemode
- *	is currently on, uselinemode is the state that we wish
- *	to be in.  If another function wishes to turn linemode
- *	on or off, it sets or clears uselinemode.
- *
- *	editmode, useeditmode : like linemode/uselinemode, but
- *	these contain the edit mode states (edit and trapsig).
- *
- * The state variables correspond to some of the state information
- * in the pty.
- *	linemode:
- *		In real linemode, this corresponds to whether the pty
- *		expects external processing of incoming data.
- *		In kludge linemode, this more closely corresponds to the
- *		whether normal processing is on or not.  (ICANON in
- *		system V, or COOKED mode in BSD.)
- *		If the -l option was specified (alwayslinemode), then
- *		an attempt is made to force external processing on at
- *		all times.
- *
- * The following heuristics are applied to determine linemode
- * handling within the server.
- *	1) Early on in starting up the server, an attempt is made
- *	   to negotiate the linemode option.  If this succeeds
- *	   then lmodetype is set to REAL_LINEMODE and all linemode
- *	   processing occurs in the context of the linemode option.
- *	2) If the attempt to negotiate the linemode option failed,
- *	   and the "-k" (don't initiate kludge linemode) isn't set,
- *	   then we try to use kludge linemode.  We test for this
- *	   capability by sending "do Timing Mark".  If a positive
- *	   response comes back, then we assume that the client
- *	   understands kludge linemode (ech!) and the
- *	   lmodetype flag is set to KLUDGE_LINEMODE.
- *	3) Otherwise, linemode is not supported at all and
- *	   lmodetype remains set to NO_LINEMODE (which happens
- *	   to be 0 for convenience).
- *	4) At any time a command arrives that implies a higher
- *	   state of linemode support in the client, we move to that
- *	   linemode support.
- *
- * A short explanation of kludge linemode is in order here.
- *	1) The heuristic to determine support for kludge linemode
- *	   is to send a do timing mark.  We assume that a client
- *	   that supports timing marks also supports kludge linemode.
- *	   A risky proposition at best.
- *	2) Further negotiation of linemode is done by changing the
- *	   the server's state regarding SGA.  If server will SGA,
- *	   then linemode is off, if server won't SGA, then linemode
- *	   is on.
- */
-	void
-localstat()
-{
-	void netflush();
-	int need_will_echo = 0;
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Keep track of that ol' CR/NL mapping while we're in the
-	 * neighborhood.
-	 */
-	newmap = tty_isnewmap();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-	/*
-	 * Check for state of BINARY options.
-	 */
-	if (tty_isbinaryin()) {
-		if (his_want_state_is_wont(TELOPT_BINARY))
-			send_do(TELOPT_BINARY, 1);
-	} else {
-		if (his_want_state_is_will(TELOPT_BINARY))
-			send_dont(TELOPT_BINARY, 1);
-	}
-
-	if (tty_isbinaryout()) {
-		if (my_want_state_is_wont(TELOPT_BINARY))
-			send_will(TELOPT_BINARY, 1);
-	} else {
-		if (my_want_state_is_will(TELOPT_BINARY))
-			send_wont(TELOPT_BINARY, 1);
-	}
-
-	/*
-	 * Check for changes to flow control if client supports it.
-	 */
-	flowstat();
-
-	/*
-	 * Check linemode on/off state
-	 */
-	uselinemode = tty_linemode();
-
-	/*
-	 * If alwayslinemode is on, and pty is changing to turn it off, then
-	 * force linemode back on.
-	 */
-	if (alwayslinemode && linemode && !uselinemode) {
-		uselinemode = 1;
-		tty_setlinemode(uselinemode);
-	}
-
-#ifdef	ENCRYPTION
-	/*
-	 * If the terminal is not echoing, but editing is enabled,
-	 * something like password input is going to happen, so
-	 * if we the other side is not currently sending encrypted
-	 * data, ask the other side to start encrypting.
-	 */
-	if (his_state_is_will(TELOPT_ENCRYPT)) {
-		static int enc_passwd = 0;
-		if (uselinemode && !tty_isecho() && tty_isediting()
-		    && (enc_passwd == 0) && !decrypt_input) {
-			encrypt_send_request_start();
-			enc_passwd = 1;
-		} else if (enc_passwd) {
-			encrypt_send_request_end();
-			enc_passwd = 0;
-		}
-	}
-#endif	/* ENCRYPTION */
-
-	/*
-	 * Do echo mode handling as soon as we know what the
-	 * linemode is going to be.
-	 * If the pty has echo turned off, then tell the client that
-	 * the server will echo.  If echo is on, then the server
-	 * will echo if in character mode, but in linemode the
-	 * client should do local echoing.  The state machine will
-	 * not send anything if it is unnecessary, so don't worry
-	 * about that here.
-	 *
-	 * If we need to send the WILL ECHO (because echo is off),
-	 * then delay that until after we have changed the MODE.
-	 * This way, when the user is turning off both editing
-	 * and echo, the client will get editing turned off first.
-	 * This keeps the client from going into encryption mode
-	 * and then right back out if it is doing auto-encryption
-	 * when passwords are being typed.
-	 */
-	if (uselinemode) {
-		if (tty_isecho())
-			send_wont(TELOPT_ECHO, 1);
-		else
-			need_will_echo = 1;
-#ifdef	KLUDGELINEMODE
-		if (lmodetype == KLUDGE_OK)
-			lmodetype = KLUDGE_LINEMODE;
-#endif
-	}
-
-	/*
-	 * If linemode is being turned off, send appropriate
-	 * command and then we're all done.
-	 */
-	 if (!uselinemode && linemode) {
-# ifdef	KLUDGELINEMODE
-		if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-			send_dont(TELOPT_LINEMODE, 1);
-# ifdef	KLUDGELINEMODE
-		} else if (lmodetype == KLUDGE_LINEMODE)
-			send_will(TELOPT_SGA, 1);
-# endif	/* KLUDGELINEMODE */
-		send_will(TELOPT_ECHO, 1);
-		linemode = uselinemode;
-		goto done;
-	}
-
-# ifdef	KLUDGELINEMODE
-	/*
-	 * If using real linemode check edit modes for possible later use.
-	 * If we are in kludge linemode, do the SGA negotiation.
-	 */
-	if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-		useeditmode = 0;
-		if (tty_isediting())
-			useeditmode |= MODE_EDIT;
-		if (tty_istrapsig())
-			useeditmode |= MODE_TRAPSIG;
-		if (tty_issofttab())
-			useeditmode |= MODE_SOFT_TAB;
-		if (tty_islitecho())
-			useeditmode |= MODE_LIT_ECHO;
-# ifdef	KLUDGELINEMODE
-	} else if (lmodetype == KLUDGE_LINEMODE) {
-		if (tty_isediting() && uselinemode)
-			send_wont(TELOPT_SGA, 1);
-		else
-			send_will(TELOPT_SGA, 1);
-	}
-# endif	/* KLUDGELINEMODE */
-
-	/*
-	 * Negotiate linemode on if pty state has changed to turn it on.
-	 * Send appropriate command and send along edit mode, then all done.
-	 */
-	if (uselinemode && !linemode) {
-# ifdef	KLUDGELINEMODE
-		if (lmodetype == KLUDGE_LINEMODE) {
-			send_wont(TELOPT_SGA, 1);
-		} else if (lmodetype == REAL_LINEMODE) {
-# endif	/* KLUDGELINEMODE */
-			send_do(TELOPT_LINEMODE, 1);
-			/* send along edit modes */
-			netprintf("%c%c%c%c%c%c%c", IAC, SB,
-				TELOPT_LINEMODE, LM_MODE, useeditmode,
-				IAC, SE);
-			editmode = useeditmode;
-# ifdef	KLUDGELINEMODE
-		}
-# endif	/* KLUDGELINEMODE */
-		linemode = uselinemode;
-		goto done;
-	}
-
-# ifdef	KLUDGELINEMODE
-	/*
-	 * None of what follows is of any value if not using
-	 * real linemode.
-	 */
-	if (lmodetype < REAL_LINEMODE)
-		goto done;
-# endif	/* KLUDGELINEMODE */
-
-	if (linemode && his_state_is_will(TELOPT_LINEMODE)) {
-		/*
-		 * If edit mode changed, send edit mode.
-		 */
-		 if (useeditmode != editmode) {
-			/*
-			 * Send along appropriate edit mode mask.
-			 */
-			(void) netprintf("%c%c%c%c%c%c%c", IAC, SB,
-				TELOPT_LINEMODE, LM_MODE, useeditmode,
-				IAC, SE);
-			editmode = useeditmode;
-		}
-
-
-		/*
-		 * Check for changes to special characters in use.
-		 */
-		start_slc(0);
-		check_slc();
-		(void) end_slc(0);
-	}
-
-done:
-	if (need_will_echo)
-		send_will(TELOPT_ECHO, 1);
-	/*
-	 * Some things should be deferred until after the pty state has
-	 * been set by the local process.  Do those things that have been
-	 * deferred now.  This only happens once.
-	 */
-	if (_terminit == 0) {
-		_terminit = 1;
-		defer_terminit();
-	}
-
-	netflush();
-	set_termbuf();
-	return;
-
-}  /* end of localstat */
-#endif	/* LINEMODE */
-
-/*
- * flowstat
- *
- * Check for changes to flow control
- */
-	void
-flowstat()
-{
-	if (his_state_is_will(TELOPT_LFLOW)) {
-		if (tty_flowmode() != flowmode) {
-			flowmode = tty_flowmode();
-			netprintf("%c%c%c%c%c%c",
-					IAC, SB, TELOPT_LFLOW,
-					flowmode ? LFLOW_ON : LFLOW_OFF,
-					IAC, SE);
-		}
-		if (tty_restartany() != restartany) {
-			restartany = tty_restartany();
-			netprintf("%c%c%c%c%c%c",
-					IAC, SB, TELOPT_LFLOW,
-					restartany ? LFLOW_RESTART_ANY
-						   : LFLOW_RESTART_XON,
-					IAC, SE);
-		}
-	}
-}
-
-/*
- * clientstat
- *
- * Process linemode related requests from the client.
- * Client can request a change to only one of linemode, editmode or slc's
- * at a time, and if using kludge linemode, then only linemode may be
- * affected.
- */
-	void
-clientstat(code, parm1, parm2)
-	register int code, parm1, parm2;
-{
-	void netflush();
-
-	/*
-	 * Get a copy of terminal characteristics.
-	 */
-	init_termbuf();
-
-	/*
-	 * Process request from client. code tells what it is.
-	 */
-	switch (code) {
-#ifdef	LINEMODE
-	case TELOPT_LINEMODE:
-		/*
-		 * Don't do anything unless client is asking us to change
-		 * modes.
-		 */
-		uselinemode = (parm1 == WILL);
-		if (uselinemode != linemode) {
-# ifdef	KLUDGELINEMODE
-			/*
-			 * If using kludge linemode, make sure that
-			 * we can do what the client asks.
-			 * We can not turn off linemode if alwayslinemode
-			 * and the ICANON bit is set.
-			 */
-			if (lmodetype == KLUDGE_LINEMODE) {
-				if (alwayslinemode && tty_isediting()) {
-					uselinemode = 1;
-				}
-			}
-
-			/*
-			 * Quit now if we can't do it.
-			 */
-			if (uselinemode == linemode)
-				return;
-
-			/*
-			 * If using real linemode and linemode is being
-			 * turned on, send along the edit mode mask.
-			 */
-			if (lmodetype == REAL_LINEMODE && uselinemode)
-# else	/* KLUDGELINEMODE */
-			if (uselinemode)
-# endif	/* KLUDGELINEMODE */
-			{
-				useeditmode = 0;
-				if (tty_isediting())
-					useeditmode |= MODE_EDIT;
-				if (tty_istrapsig)
-					useeditmode |= MODE_TRAPSIG;
-				if (tty_issofttab())
-					useeditmode |= MODE_SOFT_TAB;
-				if (tty_islitecho())
-					useeditmode |= MODE_LIT_ECHO;
-				netprintf("%c%c%c%c%c%c%c", IAC,
-					SB, TELOPT_LINEMODE, LM_MODE,
-					useeditmode, IAC, SE);
-				editmode = useeditmode;
-			}
-
-
-			tty_setlinemode(uselinemode);
-
-			linemode = uselinemode;
-
-			if (!linemode)
-				send_will(TELOPT_ECHO, 1);
-		}
-		break;
-
-	case LM_MODE:
-	    {
-		register int ack, changed;
-
-		/*
-		 * Client has sent along a mode mask.  If it agrees with
-		 * what we are currently doing, ignore it; if not, it could
-		 * be viewed as a request to change.  Note that the server
-		 * will change to the modes in an ack if it is different from
-		 * what we currently have, but we will not ack the ack.
-		 */
-		 useeditmode &= MODE_MASK;
-		 ack = (useeditmode & MODE_ACK);
-		 useeditmode &= ~MODE_ACK;
-
-		 if (changed = (useeditmode ^ editmode)) {
-			/*
-			 * This check is for a timing problem.  If the
-			 * state of the tty has changed (due to the user
-			 * application) we need to process that info
-			 * before we write in the state contained in the
-			 * ack!!!  This gets out the new MODE request,
-			 * and when the ack to that command comes back
-			 * we'll set it and be in the right mode.
-			 */
-			if (ack)
-				localstat();
-			if (changed & MODE_EDIT)
-				tty_setedit(useeditmode & MODE_EDIT);
-
-			if (changed & MODE_TRAPSIG)
-				tty_setsig(useeditmode & MODE_TRAPSIG);
-
-			if (changed & MODE_SOFT_TAB)
-				tty_setsofttab(useeditmode & MODE_SOFT_TAB);
-
-			if (changed & MODE_LIT_ECHO)
-				tty_setlitecho(useeditmode & MODE_LIT_ECHO);
-
-			set_termbuf();
-
- 			if (!ack) {
- 				netprintf("%c%c%c%c%c%c%c", IAC,
-					SB, TELOPT_LINEMODE, LM_MODE,
- 					useeditmode|MODE_ACK,
- 					IAC, SE);
- 			}
-
-			editmode = useeditmode;
-		}
-
-		break;
-
-	    }  /* end of case LM_MODE */
-#endif	/* LINEMODE */
-
-	case TELOPT_NAWS:
-#ifdef	TIOCSWINSZ
-	    {
-		struct winsize ws;
-
-		def_col = parm1;
-		def_row = parm2;
-#ifdef	LINEMODE
-		/*
-		 * Defer changing window size until after terminal is
-		 * initialized.
-		 */
-		if (terminit() == 0)
-			return;
-#endif	/* LINEMODE */
-
-		/*
-		 * Change window size as requested by client.
-		 */
-
-		ws.ws_col = parm1;
-		ws.ws_row = parm2;
-		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
-	    }
-#endif	/* TIOCSWINSZ */
-
-		break;
-
-	case TELOPT_TSPEED:
-	    {
-		def_tspeed = parm1;
-		def_rspeed = parm2;
-#ifdef	LINEMODE
-		/*
-		 * Defer changing the terminal speed.
-		 */
-		if (terminit() == 0)
-			return;
-#endif	/* LINEMODE */
-		/*
-		 * Change terminal speed as requested by client.
-		 * We set the receive speed first, so that if we can't
-		 * store seperate receive and transmit speeds, the transmit
-		 * speed will take precedence.
-		 */
-		tty_rspeed(parm2);
-		tty_tspeed(parm1);
-		set_termbuf();
-
-		break;
-
-	    }  /* end of case TELOPT_TSPEED */
-
-	default:
-		/* What? */
-		break;
-	}  /* end of switch */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	/*
-	 * Just in case of the likely event that we changed the pty state.
-	 */
-	rcv_ioctl();
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-	netflush();
-
-}  /* end of clientstat */
-
-#if	defined(CRAY2) && defined(UNICOS5)
-	void
-termstat()
-{
-	needtermstat = 1;
-}
-
-	void
-_termstat()
-{
-	needtermstat = 0;
-	init_termbuf();
-	localstat();
-	rcv_ioctl();
-}
-#endif	/* defined(CRAY2) && defined(UNICOS5) */
-
-#ifdef	LINEMODE
-/*
- * defer_terminit
- *
- * Some things should not be done until after the login process has started
- * and all the pty modes are set to what they are supposed to be.  This
- * function is called when the pty state has been processed for the first time.
- * It calls other functions that do things that were deferred in each module.
- */
-	void
-defer_terminit()
-{
-
-	/*
-	 * local stuff that got deferred.
-	 */
-	if (def_tspeed != -1) {
-		clientstat(TELOPT_TSPEED, def_tspeed, def_rspeed);
-		def_tspeed = def_rspeed = 0;
-	}
-
-#ifdef	TIOCSWINSZ
-	if (def_col || def_row) {
-		struct winsize ws;
-
-		memset(&ws, 0, sizeof(ws));
-		ws.ws_col = def_col;
-		ws.ws_row = def_row;
-		(void) ioctl(pty, TIOCSWINSZ, (char *)&ws);
-	}
-#endif
-
-	/*
-	 * The only other module that currently defers anything.
-	 */
-	deferslc();
-
-}  /* end of defer_terminit */
-
-/*
- * terminit
- *
- * Returns true if the pty state has been processed yet.
- */
-	int
-terminit()
-{
-	return(_terminit);
-
-}  /* end of terminit */
-#endif	/* LINEMODE */
diff --git a/src/appl/telnet/telnetd/utility.c b/src/appl/telnet/telnetd/utility.c
deleted file mode 100644
index 7e53c48..0000000
--- a/src/appl/telnet/telnetd/utility.c
+++ /dev/null
@@ -1,1303 +0,0 @@
-/*
- * Copyright (c) 1989, 1993
- *	The Regents of the University of California.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* based on @(#)utility.c	8.1 (Berkeley) 6/4/93 */
-
-#include <stdarg.h>
-#define PRINTOPTIONS
-#include "telnetd.h"
-
-#ifdef HAVE_SYS_UTSNAME_H
-#include <sys/utsname.h>
-#endif
-
-#if	defined(AUTHENTICATION)
-#include <libtelnet/auth.h>
-#endif
-#ifdef ENCRYPTION
-#include <libtelnet/encrypt.h>
-#endif
-
-/*
- * utility functions performing io related tasks
- */
-
-/*
- * ttloop
- *
- *	A small subroutine to flush the network output buffer, get some data
- * from the network, and pass it through the telnet state machine.  We
- * also flush the pty input buffer (by dropping its data) if it becomes
- * too full.
- */
-
-    void
-ttloop()
-{
-    void netflush();
-
-    DIAG(TD_REPORT, netputs("td: ttloop\r\n"));
-    if (nfrontp-nbackp) {
-	netflush();
-    }
-read_again:
-    ncc = read(net, netibuf, sizeof netibuf);
-    if (ncc < 0) {
-	if (errno == EINTR)
-	    goto read_again;
-	syslog(LOG_INFO, "ttloop:  read: %m");
-	exit(1);
-    } else if (ncc == 0) {
-	syslog(LOG_INFO, "ttloop:  peer died: %m");
-	exit(1);
-    }
-    DIAG(TD_REPORT, netprintf("td: ttloop read %d chars\r\n", ncc));
-    netip = netibuf;
-    telrcv();			/* state machine */
-    if (ncc > 0) {
-	pfrontp = pbackp = ptyobuf;
-	telrcv();
-    }
-}  /* end of ttloop */
-
-/*
- * ttsuck - This is a horrible kludge to deal with a bug in
- * HostExplorer. HostExplorer thinks it knows how to do krb5 auth, but
- * it doesn't really. So if you offer it krb5 as an auth choice before
- * krb4, it will sabotage the connection. So we peek ahead into the
- * input stream to see if the client is a UNIX client, and then
- * (later) offer krb5 first only if it is. Since no Mac/PC telnet
- * clients do auto switching between krb4 and krb5 like the UNIX
- * client does, it doesn't matter what order they see the choices in
- * (except for HostExplorer).
- *
- * It is actually not possible to do this without looking ahead into
- * the input stream: the client and server both try to begin
- * auth/encryption negotiation as soon as possible, so if we let the
- * server process things normally, it will already have sent the list
- * of supported auth types before seeing the NEW-ENVIRON option. If
- * you change the code to hold off sending the list of supported auth
- * types until after it knows whether or not the remote side supports
- * NEW-ENVIRON, then the auth negotiation and encryption negotiation
- * race conditions won't interact properly, and encryption negotiation
- * will reliably fail.
- */
-
-    void
-ttsuck()
-{
-    extern int auth_client_non_unix;
-    int nread;
-    struct timeval tv;
-    fd_set fds;
-    char *p, match[] = {IAC, WILL, TELOPT_NEW_ENVIRON};
-
-    if (nfrontp-nbackp) {
-	netflush();
-    }
-    tv.tv_sec = 1;
-    tv.tv_usec = 0;
-    FD_SET(net, &fds);
-
-    while (select(net + 1, &fds, NULL, NULL, &tv) == 1)
-      {
-	nread = read(net, netibuf + ncc, sizeof(netibuf) - ncc);
-	if (nread <= 0)
-	  break;
-	ncc += nread;
-      }
-
-    auth_client_non_unix = 1;
-    for (p = netibuf; p < netibuf + ncc; p++)
-      {
-	if (!memcmp(p, match, sizeof(match)))
-	  {
-	    auth_client_non_unix = 0;
-	    break;
-	  }
-      }
-
-    if (ncc > 0)
-      telrcv();
-}
-
-/*
- * Check a descriptor to see if out of band data exists on it.
- */
-    int
-stilloob(s)
-    int	s;		/* socket number */
-{
-    static struct timeval timeout = { 0 };
-    fd_set	excepts;
-    int value;
-
-    do {
-	FD_ZERO(&excepts);
-	FD_SET(s, &excepts);
-	value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout);
-    } while ((value == -1) && (errno == EINTR));
-
-    if (value < 0) {
-	fatalperror(pty, "select");
-    }
-    if (FD_ISSET(s, &excepts)) {
-	return 1;
-    } else {
-	return 0;
-    }
-}
-
-	void
-ptyflush()
-{
-	int n;
-
-	if ((n = pfrontp - pbackp) > 0) {
-		DIAG((TD_REPORT | TD_PTYDATA),
-		     netprintf("td: ptyflush %d chars\r\n", n));
-		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
-		n = write(pty, pbackp, (unsigned) n);
-	}
-	if (n < 0) {
-		if (errno == EWOULDBLOCK || errno == EINTR)
-			return;
-		(void)signal(SIGCHLD, SIG_DFL);
-		cleanup(0);
-	}
-	pbackp += n;
-	if (pbackp == pfrontp)
-		pbackp = pfrontp = ptyobuf;
-}
-
-/*
- * nextitem()
- *
- *	Return the address of the next "item" in the TELNET data
- * stream.  This will be the address of the next character if
- * the current address is a user data character, or it will
- * be the address of the character following the TELNET command
- * if the current address is a TELNET IAC ("I Am a Command")
- * character.
- */
-static char *
-nextitem(current)
-    char	*current;
-{
-    if ((*current&0xff) != IAC) {
-	return current+1;
-    }
-    switch (*(current+1)&0xff) {
-    case DO:
-    case DONT:
-    case WILL:
-    case WONT:
-	return current+3;
-    case SB:		/* loop forever looking for the SE */
-	{
-	    register char *look = current+2;
-
-	    for (;;) {
-		if ((*look++&0xff) == IAC) {
-		    if ((*look++&0xff) == SE) {
-			return look;
-		    }
-		}
-	    }
-	}
-    default:
-	return current+2;
-    }
-}  /* end of nextitem */
-
-
-/*
- * netclear()
- *
- *	We are about to do a TELNET SYNCH operation.  Clear
- * the path to the network.
- *
- *	Things are a bit tricky since we may have sent the first
- * byte or so of a previous TELNET command into the network.
- * So, we have to scan the network buffer from the beginning
- * until we are up to where we want to be.
- *
- *	A side effect of what we do, just to keep things
- * simple, is to clear the urgent data pointer.  The principal
- * caller should be setting the urgent data pointer AFTER calling
- * us in any case.
- */
-    void
-netclear()
-{
-    register char *thisitem, *next;
-    char *good;
-#define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
-				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
-
-#ifdef	ENCRYPTION
-    thisitem = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
-    thisitem = netobuf;
-#endif	/* ENCRYPTION */
-
-    while ((next = nextitem(thisitem)) <= nbackp) {
-	thisitem = next;
-    }
-
-    /* Now, thisitem is first before/at boundary. */
-
-#ifdef	ENCRYPTION
-    good = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
-    good = netobuf;	/* where the good bytes go */
-#endif	/* ENCRYPTION */
-
-    while (nfrontp > thisitem) {
-	if (wewant(thisitem)) {
-	    unsigned int length;
-
-	    next = thisitem;
-	    do {
-		next = nextitem(next);
-	    } while (wewant(next) && (nfrontp > next));
-	    length = next-thisitem;
-	    memcpy(good, thisitem, length);
-	    good += length;
-	    thisitem = next;
-	} else {
-	    thisitem = nextitem(thisitem);
-	}
-    }
-
-    nbackp = netobuf;
-    nfrontp = good;		/* next byte to be sent */
-    neturg = 0;
-}  /* end of netclear */
-
-/*
- *  netflush
- *		Send as much data as possible to the network,
- *	handling requests for urgent data.
- */
-void
-netflush()
-{
-    int n;
-    extern int not42;
-
-    if ((n = nfrontp - nbackp) > 0) {
-	DIAG(TD_REPORT, {netprintf_noflush("td: netflush %d chars\r\n", n);
-			 n = nfrontp - nbackp;});
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		char *s = nclearto ? nclearto : nbackp;
-		if (nfrontp - s > 0) {
-			(*encrypt_output)((unsigned char *)s, nfrontp-s);
-			nclearto = nfrontp;
-		}
-	}
-#endif	/* ENCRYPTION */
-	/*
-	 * if no urgent data, or if the other side appears to be an
-	 * old 4.2 client (and thus unable to survive TCP urgent data),
-	 * write the entire buffer in non-OOB mode.
-	 */
-	if ((neturg == 0) || (not42 == 0)) {
-	    n = write(net, nbackp, (unsigned) n);	/* normal write */
-	} else {
-	    n = neturg - nbackp;
-	    /*
-	     * In 4.2 (and 4.3) systems, there is some question about
-	     * what byte in a sendOOB operation is the "OOB" data.
-	     * To make ourselves compatible, we only send ONE byte
-	     * out of band, the one WE THINK should be OOB (though
-	     * we really have more the TCP philosophy of urgent data
-	     * rather than the Unix philosophy of OOB data).
-	     */
-	    if (n > 1) {
-		n = send(net, nbackp, n-1, 0);	/* send URGENT all by itself */
-	    } else {
-		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
-	    }
-	}
-    }
-    if (n < 0) {
-	if (errno == EWOULDBLOCK || errno == EINTR)
-		return;
-	(void)signal(SIGCHLD, SIG_DFL);
-	cleanup(0);
-    }
-    nbackp += n;
-#ifdef	ENCRYPTION
-    if (nbackp > nclearto)
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-    if (nbackp >= neturg) {
-	neturg = 0;
-    }
-    if (nbackp == nfrontp) {
-	nbackp = nfrontp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
-    }
-    return;
-}  /* end of netflush */
-
-/*
- * L8_256(x) = log8(256**x), rounded up, including sign (for decimal
- * strings too).  log8(256) = 8/3, but we use integer math to round
- * up.
- */
-#define L8_256(x) (((x * 8 + 2) / 3) + 1)
-
-/*
- * netprintf
- *
- * Do the equivalent of printf() to the NETOBUF "ring buffer",
- * possibly calling netflush() if needed.
- *
- * Thou shalt not call this with a "%s" format; use netputs instead.
- * We also don't deal with floating point widths in here.
- */
-static void
-netprintf_ext(int noflush, int seturg, const char *fmt, va_list args)
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-    __attribute__((__format__(__printf__, 3, 0)))
-#endif
-    ;
-
-static void
-netprintf_ext(int noflush, int seturg, const char *fmt, va_list args)
-{
-	size_t remain;
-	size_t maxoutlen;
-	char buf[BUFSIZ];
-	const char *cp;
-	int len;
-
-	buf[0] = '\0';		/* nul-terminate */
-	remain = sizeof(netobuf) - (nfrontp - netobuf);
-	for (maxoutlen = 0, cp = fmt; *cp; cp++) {
-		if (*cp == '%')
-			/* Ok so this is slightly overkill... */
-			maxoutlen += L8_256(sizeof(long));
-		else
-			maxoutlen++;
-	}
-	if (maxoutlen >= sizeof(buf))
-		return;		/* highly unlikely */
-
-	len = vsnprintf(buf, sizeof(buf), fmt, args);
-
-	/*
-	 * The return value from sprintf()-like functions may be the
-	 * number of characters that *would* have been output, not the
-	 * number actually output.
-	 */
-	if (len <= 0 || len > sizeof(buf))
-		return;
-	if (remain < len && !noflush) {
-		netflush();
-		remain = sizeof(netobuf) - (nfrontp - netobuf);
-	}
-	if (remain < len)
-		return;		/* still not enough space? */
-	memcpy(nfrontp, buf, (size_t)len);
-	nfrontp += len;
-	if (seturg)
-		neturg = nfrontp - 1;
-}
-
-void
-netprintf(const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	netprintf_ext(0, 0, fmt, args);
-	va_end(args);
-}
-
-void
-netprintf_urg(const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	netprintf_ext(0, 1, fmt, args);
-	va_end(args);
-}
-
-void
-netprintf_noflush(const char *fmt, ...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	netprintf_ext(1, 0, fmt, args);
-	va_end(args);
-}
-
-/*
- * netwrite
- *
- * Copy BUF into the NETOBUF "ring buffer", possibly calling
- * netflush() if needed.
- */
-int
-netwrite(const unsigned char *buf, size_t len)
-{
-	size_t remain;
-
-	remain = sizeof(netobuf) - (nfrontp - netobuf);
-	if (remain < len) {
-		netflush();
-		remain = sizeof(netobuf) - (nfrontp - netobuf);
-	}
-	if (remain < len)
-		return 0;
-	memcpy(nfrontp, buf, len);
-	nfrontp += len;
-	return len;
-}
-
-/*
- * netputs
- *
- * Write S to the NETOBUF "ring buffer".  Does not write a '\n'.
- */
-void
-netputs(const char *s)
-{
-	netwrite((const unsigned char *) s, strlen(s));
-}
-
-/*
- * miscellaneous functions doing a variety of little jobs follow ...
- */
-
-
-	void
-fatal(f, msg)
-	int f;
-	const char *msg;
-{
-	char buf[BUFSIZ];
-
-	(void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		/*
-		 * Better turn off encryption first....
-		 * Hope it flushes...
-		 */
-		encrypt_send_end();
-		netflush();
-	}
-#endif	/* ENCRYPTION */
-	(void) write(f, buf, strlen(buf));
-	sleep(1);	/*XXX*/
-	exit(1);
-}
-
-	void
-fatalperror(f, msg)
-	int f;
-	const char *msg;
-{
-	char buf[BUFSIZ], *strerror();
-
-	(void) snprintf(buf, sizeof(buf), "%s: %s\r\n", msg, strerror(errno));
-	fatal(f, buf);
-}
-
-char editedhost[32];
-
-	void
-edithost(pat, host)
-	register char *pat;
-	register char *host;
-{
-	register char *res = editedhost;
-
-	if (!pat)
-		pat = "";
-	while (*pat) {
-		switch (*pat) {
-
-		case '#':
-			if (*host)
-				host++;
-			break;
-
-		case '@':
-			if (*host)
-				*res++ = *host++;
-			break;
-
-		default:
-			*res++ = *pat;
-			break;
-		}
-		if (res == &editedhost[sizeof editedhost - 1]) {
-			*res = '\0';
-			return;
-		}
-		pat++;
-	}
-	if (*host)
-		(void) strncpy(res, host,
-				sizeof editedhost - (res - editedhost) -1);
-	else
-		*res = '\0';
-	editedhost[sizeof editedhost - 1] = '\0';
-}
-
-static char *putlocation;
-
-static	void
-putstr(s)
-	register char *s;
-{
-
-	while (*s)
-		putchr(*s++);
-}
-
-	void
-putchr(cc)
-	int cc;
-{
-	*putlocation++ = cc;
-}
-
-/*
- * This is split on two lines so that SCCS will not see the M
- * between two % signs and expand it...
- */
-static char fmtstr[] = { "%l:%M\
-%P on %A, %d %B %Y" };
-
-	void
-putf(cp, where)
-	register char *cp;
-	char *where;
-{
-	char *slash;
-	time_t t;
-	char db[100];
-#ifdef HAVE_SYS_UTSNAME_H
-	struct utsname utsinfo;
-
-	(void) uname(&utsinfo);
-#endif
-
-	putlocation = where;
-
-	while (*cp) {
-		if (*cp != '%') {
-			putchr(*cp++);
-			continue;
-		}
-		switch (*++cp) {
-
-		case 't':
-#ifdef	STREAMSPTY
-			/* names are like /dev/pts/2 -- we want pts/2 */
-			slash = strchr(line+1, '/');
-#else
-			slash = strrchr(line, '/');
-#endif
-			if (slash == (char *) 0)
-				putstr(line);
-			else
-				putstr(&slash[1]);
-			break;
-
-		case 'h':
-			putstr(editedhost);
-			break;
-
-		case 'd':
-			(void)time(&t);
-			(void)strftime(db, sizeof(db), fmtstr, localtime(&t));
-			putstr(db);
-			break;
-
-#ifdef HAVE_SYS_UTSNAME_H
-		case 's':
-			putstr(utsinfo.sysname);
-			break;
-
-		case 'm':
-			putstr(utsinfo.machine);
-			break;
-
-		case 'r':
-			putstr(utsinfo.release);
-			break;
-
-		case 'v':
-			putstr(utsinfo.version);
-			break;
-#endif
-
-		case '%':
-			putchr('%');
-			break;
-		}
-		cp++;
-	}
-}
-
-#ifdef DIAGNOSTICS
-/*
- * Print telnet options and commands in plain text, if possible.
- */
-void
-printoption(fmt, option)
-	register char *fmt;
-	register int option;
-{
-	netputs(fmt);
-	netputs(" ");
-	if (TELOPT_OK(option)) {
-		netputs(TELOPT(option));
-		netputs("\r\n");
-	} else if (TELCMD_OK(option)) {
-		netputs(TELCMD(option));
-		netputs("\r\n");
-	} else {
-		netprintf("%d\r\n", option);
-	}
-	return;
-}
-
-void
-printsub(direction, pointer, length)
-    char		direction;	/* '<' or '>' */
-    unsigned char	*pointer;	/* where suboption data sits */
-    int			length;		/* length of suboption data */
-{
-    register int i = 0;
-    char buf[512];
-
-        if (!(diagnostic & TD_OPTIONS))
-		return;
-
-	if (direction) {
-	    netputs("td: ");
-	    netputs(direction == '<' ? "recv" : "send");
-	    netputs(" suboption ");
-	    if (length >= 3) {
-		register int j;
-
-		i = pointer[length-2];
-		j = pointer[length-1];
-
-		if (i != IAC || j != SE) {
-		    netputs("(terminated by ");
-		    if (TELOPT_OK(i))
-			netputs(TELOPT(i));
-		    else if (TELCMD_OK(i))
-			netputs(TELCMD(i));
-		    else
-			netprintf("%d", i);
-		    netputs(" ");
-		    if (TELOPT_OK(j))
-			netputs(TELOPT(j));
-		    else if (TELCMD_OK(j))
-			netputs(TELCMD(j));
-		    else
-			netprintf("%d", j);
-		    netputs(", not IAC SE!) ");
-		}
-	    }
-	    length -= 2;
-	}
-	if (length < 1) {
-	    netputs("(Empty suboption??\?)");
-	    return;
-	}
-	switch (pointer[0]) {
-	case TELOPT_TTYPE:
-	    netputs("TERMINAL-TYPE ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		netputs("IS \"");
-		netwrite(pointer + 2, (size_t)(length - 2));
-		netputs("\"");
-		break;
-	    case TELQUAL_SEND:
-		netputs("SEND");
-		break;
-	    default:
-		netprintf("- unknown qualifier %d (0x%x).",
-			  pointer[1], pointer[1]);
-	    }
-	    break;
-	case TELOPT_TSPEED:
-	    netputs("TERMINAL-SPEED ");
-	    if (length < 2) {
-		netputs("(empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		netputs("IS ");
-		netwrite(pointer + 2, (size_t)(length - 2));
-		break;
-	    default:
-		if (pointer[1] == 1)
-		    netputs("SEND");
-		else
-		    netprintf("%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    netprintf(" ?%d?", pointer[i]);
-		break;
-	    }
-	    break;
-
-	case TELOPT_LFLOW:
-	    netputs("TOGGLE-FLOW-CONTROL ");
-	    if (length < 2) {
-		netputs("(empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case LFLOW_OFF:
-		netputs("OFF"); break;
-	    case LFLOW_ON:
-		netputs("ON"); break;
-	    case LFLOW_RESTART_ANY:
-		netputs("RESTART-ANY"); break;
-	    case LFLOW_RESTART_XON:
-		netputs("RESTART-XON"); break;
-	    default:
-		netprintf("%d (unknown)", pointer[1]);
-	    }
-	    for (i = 2; i < length; i++)
-		netprintf(" ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_NAWS:
-	    netputs("NAWS");
-	    if (length < 2) {
-		netputs(" (empty suboption??\?)");
-		break;
-	    }
-	    if (length == 2) {
-		netprintf(" ?%d?", pointer[1]);
-		break;
-	    }
-	    netprintf(" %d %d (%d)",
-		pointer[1], pointer[2],
-		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
-	    if (length == 4) {
-		netprintf(" ?%d?", pointer[3]);
-		break;
-	    }
-	    netprintf(" %d %d (%d)",
-		pointer[3], pointer[4],
-		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
-	    for (i = 5; i < length; i++)
-		netprintf(" ?%d?", pointer[i]);
-	    break;
-
-	case TELOPT_LINEMODE:
-	    netputs("LINEMODE ");
-	    if (length < 2) {
-		netputs("(empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case WILL:
-		netputs("WILL ");
-		goto common;
-	    case WONT:
-		netputs("WONT ");
-		goto common;
-	    case DO:
-		netputs("DO ");
-		goto common;
-	    case DONT:
-		netputs("DONT ");
-	    common:
-		if (length < 3) {
-		    netputs("(no option??\?)");
-		    break;
-		}
-		switch (pointer[2]) {
-		case LM_FORWARDMASK:
-		    netputs("Forward Mask");
-		    for (i = 3; i < length; i++)
-			netprintf(" %x", pointer[i]);
-		    break;
-		default:
-		    netprintf("%d (unknown)", pointer[2]);
-		    for (i = 3; i < length; i++)
-			netprintf(" %d", pointer[i]);
-		    break;
-		}
-		break;
-
-	    case LM_SLC:
-		netputs("SLC");
-		for (i = 2; i < length - 2; i += 3) {
-		    if (SLC_NAME_OK(pointer[i+SLC_FUNC])) {
-			netputs(" ");
-			netputs(SLC_NAME(pointer[i+SLC_FUNC]));
-		    } else
-			netprintf(" %d", pointer[i+SLC_FUNC]);
-		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
-		    case SLC_NOSUPPORT:
-			netputs(" NOSUPPORT"); break;
-		    case SLC_CANTCHANGE:
-			netputs(" CANTCHANGE"); break;
-		    case SLC_VARIABLE:
-			netputs(" VARIABLE"); break;
-		    case SLC_DEFAULT:
-			netputs(" DEFAULT"); break;
-		    }
-		    netputs(pointer[i+SLC_FLAGS]&SLC_ACK
-			    ? "|ACK" : "");
-		    netputs(pointer[i+SLC_FLAGS]&SLC_FLUSHIN
-			    ? "|FLUSHIN" : "");
-		    netputs(pointer[i+SLC_FLAGS]&SLC_FLUSHOUT
-			    ? "|FLUSHOUT" : "");
-		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
-						SLC_FLUSHOUT| SLC_LEVELBITS)) {
-			netprintf("(0x%x)", pointer[i+SLC_FLAGS]);
-		    }
-		    netprintf(" %d;", pointer[i+SLC_VALUE]);
-		    if ((pointer[i+SLC_VALUE] == IAC) &&
-			(pointer[i+SLC_VALUE+1] == IAC))
-				i++;
-		}
-		for (; i < length; i++)
-		    netprintf(" ?%d?", pointer[i]);
-		break;
-
-	    case LM_MODE:
-		netputs("MODE ");
-		if (length < 3) {
-		    netputs("(no mode??\?)");
-		    break;
-		}
-		{
-		    int wrotemode = 0;
-
-#define NETPUTS_MODE(x)				\
-do {						\
-	if (pointer[2] & (MODE_##x)) {		\
-		if (wrotemode) netputs("|");	\
-		netputs(#x);			\
-		wrotemode++;			\
-	}					\
-} while (0)
-		    NETPUTS_MODE(EDIT);
-		    NETPUTS_MODE(TRAPSIG);
-		    NETPUTS_MODE(SOFT_TAB);
-		    NETPUTS_MODE(LIT_ECHO);
-		    NETPUTS_MODE(ACK);
-#undef NETPUTS_MODE
-		    if (!wrotemode)
-			netputs("0");
-		}
-		if (pointer[2] & ~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK))
-		    netprintf(" (0x%x)", pointer[2]);
-		for (i = 3; i < length; i++)
-		    netprintf(" ?0x%x?", pointer[i]);
-		break;
-	    default:
-		netprintf("%d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    netprintf(" %d", pointer[i]);
-	    }
-	    break;
-
-	case TELOPT_STATUS: {
-	    register char *cp;
-	    register int j, k;
-
-	    netputs("STATUS");
-
-	    switch (pointer[1]) {
-	    default:
-		if (pointer[1] == TELQUAL_SEND)
-		    netputs(" SEND");
-		else
-		    netprintf(" %d (unknown)", pointer[1]);
-		for (i = 2; i < length; i++)
-		    netprintf(" ?%d?", pointer[i]);
-		break;
-	    case TELQUAL_IS:
-		netputs(" IS\r\n");
-
-		for (i = 2; i < length; i++) {
-		    switch(pointer[i]) {
-		    case DO:	cp = "DO"; goto common2;
-		    case DONT:	cp = "DONT"; goto common2;
-		    case WILL:	cp = "WILL"; goto common2;
-		    case WONT:	cp = "WONT"; goto common2;
-		    common2:
-			i++;
-			netputs(" ");
-			netputs(cp);
-			netputs(" ");
-			if (TELOPT_OK(pointer[i]))
-			    netputs(TELOPT(pointer[i]));
-			else
-			    netprintf("%d", pointer[i]);
-
-			netputs("\r\n");
-			break;
-
-		    case SB:
-			netputs(" SB ");
-			i++;
-			j = k = i;
-			while (j < length) {
-			    if (pointer[j] == SE) {
-				if (j+1 == length)
-				    break;
-				if (pointer[j+1] == SE)
-				    j++;
-				else
-				    break;
-			    }
-			    pointer[k++] = pointer[j++];
-			}
-			printsub(0, &pointer[i], k - i);
-			if (i < length) {
-			    netputs(" SE");
-			    i = j;
-			} else
-			    i = j - 1;
-
-			netputs("\r\n");
-
-			break;
-
-		    default:
-			netprintf(" %d", pointer[i]);
-			break;
-		    }
-		}
-		break;
-	    }
-	    break;
-	  }
-
-	case TELOPT_XDISPLOC:
-	    netputs("X-DISPLAY-LOCATION ");
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		netputs("IS \"");
-		netwrite(pointer + 2, (size_t)(length - 2));
-		netputs("\"");
-		break;
-	    case TELQUAL_SEND:
-		netputs("SEND");
-		break;
-	    default:
-		netprintf("- unknown qualifier %d (0x%x).",
-			  pointer[1], pointer[1]);
-	    }
-	    break;
-
-	case TELOPT_NEW_ENVIRON:
-	    netputs("NEW-ENVIRON ");
-	    goto env_common1;
-	case TELOPT_OLD_ENVIRON:
-	    netputs("OLD-ENVIRON ");
-	env_common1:
-	    switch (pointer[1]) {
-	    case TELQUAL_IS:
-		netputs("IS ");
-		goto env_common;
-	    case TELQUAL_SEND:
-		netputs("SEND ");
-		goto env_common;
-	    case TELQUAL_INFO:
-		netputs("INFO ");
-	    env_common:
-		{
-		    register int noquote = 2;
-		    for (i = 2; i < length; i++ ) {
-			switch (pointer[i]) {
-			case NEW_ENV_VAR:
-			    netputs("\" VAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			case NEW_ENV_VALUE:
-			    netputs("\" VALUE " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_ESC:
-			    netputs("\" ESC " + noquote);
-			    noquote = 2;
-			    break;
-
-			case ENV_USERVAR:
-			    netputs("\" USERVAR " + noquote);
-			    noquote = 2;
-			    break;
-
-			default:
-			    if (isprint(pointer[i]) && pointer[i] != '"') {
-				if (noquote) {
-				    netputs("\"");
-				    noquote = 0;
-				}
-				netprintf("%c", pointer[i]);
-			    } else {
-				netprintf("\" %03o " + noquote,
-					  pointer[i]);
-				noquote = 2;
-			    }
-			    break;
-			}
-		    }
-		    if (!noquote)
-			netputs("\"");
-		    break;
-		}
-	    }
-	    break;
-
-#if	defined(AUTHENTICATION)
-	case TELOPT_AUTHENTICATION:
-	    netputs("AUTHENTICATION");
-
-	    if (length < 2) {
-		netputs(" (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case TELQUAL_REPLY:
-	    case TELQUAL_IS:
-		netputs((pointer[1] == TELQUAL_IS) ? " IS " : " REPLY ");
-		if (AUTHTYPE_NAME_OK(pointer[2]))
-		    netputs(AUTHTYPE_NAME(pointer[2]));
-		else
-		    netprintf(" %d ", pointer[2]);
-		if (length < 3) {
-		    netputs("(partial suboption??\?)");
-		    break;
-		}
-		netputs(((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT)
-			? "CLIENT|" : "SERVER|");
-		netputs(((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-			? "MUTUAL" : "ONE-WAY");
-		netputs(((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON)
-			? "|ENCRYPT" : "");
-
-		auth_printsub(&pointer[1], length - 1, (unsigned char *)buf,
-			      sizeof(buf));
-		netputs(buf);
-		break;
-
-	    case TELQUAL_SEND:
-		i = 2;
-		netputs(" SEND ");
-		while (i < length) {
-		    if (AUTHTYPE_NAME_OK(pointer[i]))
-			netputs(AUTHTYPE_NAME(pointer[i]));
-		    else
-			netprintf("%d", pointer[i]);
-		    netputs(" ");
-		    if (++i >= length) {
-			netputs("(partial suboption??\?)");
-			break;
-		    }
-		    netputs(((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT)
-			    ? "CLIENT|" : "SERVER|");
-		    netputs(((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
-			    ? "MUTUAL" : "ONE-WAY");
-		    if ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON)
-			netputs("|ENCRYPT");
-		    ++i;
-		}
-		break;
-
-	    case TELQUAL_NAME:
-		i = 2;
-		netputs(" NAME \"");
-		while (i < length) {
-		    if (isprint(pointer[i]))
-			netprintf("%c", pointer[i++]);
-		    else {
-			netprintf("\\%03o", pointer[i++]);
-		    }
-		}
-		netputs("\"");
-		break;
-
-	    default:
-		    for (i = 2; i < length; i++)
-			netprintf(" ?%d?", pointer[i]);
-		    break;
-	    }
-	    break;
-#endif
-
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    netputs("ENCRYPT");
-	    if (length < 2) {
-		netputs(" (empty suboption??\?)");
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		netputs(" START");
-		break;
-
-	    case ENCRYPT_END:
-		netputs(" END");
-		break;
-
-	    case ENCRYPT_REQSTART:
-		netputs(" REQUEST-START");
-		break;
-
-	    case ENCRYPT_REQEND:
-		netputs(" REQUEST-END");
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		netputs((pointer[1] == ENCRYPT_IS)
-			? " IS " : " REPLY ");
-		if (length < 3) {
-		    netputs(" (partial suboption??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    netputs(ENCTYPE_NAME(pointer[2]));
-		else
-		    netprintf("%d (unknown)", pointer[2]);
-		netputs(" ");
-
-		encrypt_printsub(&pointer[1], length - 1,
-				 (unsigned char *) buf, sizeof(buf));
-		netputs(buf);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		netputs(" SUPPORT ");
-		nfrontp += strlen(nfrontp);
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			netputs(ENCTYPE_NAME(pointer[i]));
-		    else
-			netprintf("%d", pointer[i]);
-		    netputs(" ");
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		netputs(" ENC_KEYID");
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		netputs(" DEC_KEYID");
-		goto encommon;
-
-	    default:
-		netprintf(" %d (unknown)", pointer[1]);
-	    encommon:
-		for (i = 2; i < length; i++)
-		    netprintf(" %d", pointer[i]);
-		break;
-	    }
-	    break;
-#endif	/* ENCRYPTION */
-
-	default:
-	    if (TELOPT_OK(pointer[0]))
-	        netputs(TELOPT(pointer[0]));
-	    else
-	        netprintf("%d", pointer[0]);
-	    netputs(" (unknown)");
-	    for (i = 1; i < length; i++)
-		netprintf(" %d", pointer[i]);
-	    break;
-	}
-	netputs("\r\n");
-}
-
-/*
- * Dump a data buffer in hex and ascii to the output data stream.
- */
-	void
-printdata(tag, ptr, cnt)
-	register char *tag;
-	register char *ptr;
-	register int cnt;
-{
-	register int i;
-	char xbuf[30];
-
-	while (cnt) {
-		/* add a line of output */
-		netputs(tag);
-		netputs(": ");
-		for (i = 0; i < 20 && cnt; i++) {
-			netprintf(nfrontp, "%02x", *ptr);
-			nfrontp += strlen(nfrontp);
-			if (isprint((int) *ptr)) {
-				xbuf[i] = *ptr;
-			} else {
-				xbuf[i] = '.';
-			}
-			if (i % 2)
-				netputs(" ");
-			cnt--;
-			ptr++;
-		}
-		xbuf[i] = '\0';
-		netputs(" ");
-		netputs(xbuf);
-		netputs("\r\n");
-	}
-}
-#endif /* DIAGNOSTICS */
diff --git a/src/appl/user_user/Makefile.in b/src/appl/user_user/Makefile.in
index b321cc5..0d45a18 100644
--- a/src/appl/user_user/Makefile.in
+++ b/src/appl/user_user/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=appl/user_user
 mydir=appl/user_user
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DDEBUG
diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c
index a2f8e7f..39bd188 100644
--- a/src/appl/user_user/client.c
+++ b/src/appl/user_user/client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/user_user/client.c
  *
@@ -39,239 +40,243 @@
 #include "k5-int.h"
 #include "com_err.h"
 
-int main (argc, argv)
-int argc;
-char *argv[];
+int main (int argc, char *argv[])
 {
-  int s;
-  register int retval, i;
-  char *hname;		/* full name of server */
-  char **srealms;	/* realm(s) of server */
-  char *princ;		/* principal in credentials cache */
-  struct servent *serv;
-  struct hostent *host;
-  struct sockaddr_in serv_net_addr, cli_net_addr;
-  krb5_ccache cc;
-  krb5_creds creds, *new_creds;
-  krb5_data reply, msg, princ_data;
-  krb5_auth_context auth_context = NULL;
-  krb5_ticket * ticket = NULL;
-  krb5_context context;
-  unsigned short port;
-
-  if (argc < 2 || argc > 4) {
-      fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
-      return 1;
-  }
-
-  retval = krb5_init_context(&context);
-  if (retval) {
-      com_err(argv[0], retval, "while initializing krb5");
-      exit(1);
-  }
-
-  if (argc == 4) {
-      port = htons(atoi(argv[3]));
-  }
-  else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
-  {
-      fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
-      return 2;
-  } else {
-      port = serv->s_port;
-  }
-
-  if ((host = gethostbyname (argv[1])) == NULL) {
-      fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
-	       argv[1]);
-      return 3;
-  }
-
-  if (host->h_addrtype != AF_INET) {
-      fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
-	       host->h_addrtype, argv[1]);
-      return 3;
-  }
-
-  hname = strdup (host->h_name);
+    int s;
+    register int retval, i;
+    char *hname;          /* full name of server */
+    char **srealms;       /* realm(s) of server */
+    char *princ;          /* principal in credentials cache */
+    struct servent *serv;
+    struct hostent *host;
+    struct sockaddr_in serv_net_addr, cli_net_addr;
+    krb5_ccache cc;
+    krb5_creds creds, *new_creds;
+    krb5_data reply, msg, princ_data;
+    krb5_auth_context auth_context = NULL;
+    krb5_ticket * ticket = NULL;
+    krb5_context context;
+    unsigned short port;
+
+    if (argc < 2 || argc > 4) {
+        fputs ("usage: uu-client <hostname> [message [port]]\n", stderr);
+        return 1;
+    }
+
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
+
+    if (argc == 4) {
+        port = htons(atoi(argv[3]));
+    }
+    else if ((serv = getservbyname ("uu-sample", "tcp")) == NULL)
+    {
+        fputs ("uu-client: unknown service \"uu-sample/tcp\"\n", stderr);
+        return 2;
+    } else {
+        port = serv->s_port;
+    }
+
+    if ((host = gethostbyname (argv[1])) == NULL) {
+        fprintf (stderr, "uu-client: can't get address of host \"%s\".\n",
+                 argv[1]);
+        return 3;
+    }
+
+    if (host->h_addrtype != AF_INET) {
+        fprintf (stderr, "uu-client: bad address type %d for \"%s\".\n",
+                 host->h_addrtype, argv[1]);
+        return 3;
+    }
+
+    hname = strdup (host->h_name);
 
 #ifndef USE_STDOUT
-  if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-      com_err ("uu-client", errno, "creating socket");
-      return 4;
-  } else {
-      cli_net_addr.sin_family = AF_INET;
-      cli_net_addr.sin_port = 0;
-      cli_net_addr.sin_addr.s_addr = 0;
-      if (bind (s, (struct sockaddr *)&cli_net_addr,
-		sizeof (cli_net_addr)) < 0) {
-	  com_err ("uu-client", errno, "binding socket");
-	  return 4;
-      }
-  }
-
-  serv_net_addr.sin_family = AF_INET;
-  serv_net_addr.sin_port = port;
-
-  i = 0;
-  while (1) {
-      if (host->h_addr_list[i] == 0) {
-	  fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
-	  return 5;
-      }
-
-      memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
-	      sizeof(serv_net_addr.sin_addr));
-
-      if (connect(s, (struct sockaddr *)&serv_net_addr,
-		  sizeof (serv_net_addr)) == 0)
-	  break;
-      com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
-	       hname, inet_ntoa(serv_net_addr.sin_addr));
-  }
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        com_err ("uu-client", errno, "creating socket");
+        return 4;
+    } else {
+        cli_net_addr.sin_family = AF_INET;
+        cli_net_addr.sin_port = 0;
+        cli_net_addr.sin_addr.s_addr = 0;
+        if (bind (s, (struct sockaddr *)&cli_net_addr,
+                  sizeof (cli_net_addr)) < 0) {
+            com_err ("uu-client", errno, "binding socket");
+            return 4;
+        }
+    }
+
+    serv_net_addr.sin_family = AF_INET;
+    serv_net_addr.sin_port = port;
+
+    i = 0;
+    while (1) {
+        if (host->h_addr_list[i] == 0) {
+            fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
+            return 5;
+        }
+
+        memcpy (&serv_net_addr.sin_addr, host->h_addr_list[i++],
+                sizeof(serv_net_addr.sin_addr));
+
+        if (connect(s, (struct sockaddr *)&serv_net_addr,
+                    sizeof (serv_net_addr)) == 0)
+            break;
+        com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
+                 hname, inet_ntoa(serv_net_addr.sin_addr));
+    }
 #else
-  s = 1;
+    s = 1;
 #endif
 
-  retval = krb5_cc_default(context, &cc);
-  if (retval) {
-      com_err("uu-client", retval, "getting credentials cache");
-      return 6;
-  }
-
-  memset (&creds, 0, sizeof(creds));
-
-  retval = krb5_cc_get_principal(context, cc, &creds.client);
-  if (retval) {
-      com_err("uu-client", retval, "getting principal name");
-      return 6;
-  }
-
-  retval = krb5_unparse_name(context, creds.client, &princ);
-  if (retval) {
-      com_err("uu-client", retval, "printing principal name");
-      return 7;
-  }
-  else
-      fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
-
-  retval = krb5_get_host_realm(context, hname, &srealms);
-  if (retval) {
-      com_err("uu-client", retval, "getting realms for \"%s\"", hname);
-      return 7;
-  }
-
-  retval =
-      krb5_build_principal_ext(context, &creds.server,
-			       krb5_princ_realm(context, creds.client)->length,
-			       krb5_princ_realm(context, creds.client)->data,
-			       6, "krbtgt",
-			       krb5_princ_realm(context, creds.client)->length,
-			       krb5_princ_realm(context, creds.client)->data,
-			       0);
-  if (retval) {
-      com_err("uu-client", retval, "setting up tgt server name");
-      return 7;
-  }
-
-  /* Get TGT from credentials cache */
-  retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
-				&creds, &new_creds);
-  if (retval) {
-      com_err("uu-client", retval, "getting TGT");
-      return 6;
-  }
-
-  i = strlen(princ) + 1;
-
-  fprintf(stderr, "uu-client: sending %d bytes\n",new_creds->ticket.length + i);
-  princ_data.data = princ;
-  princ_data.length = i;		/* include null terminator for
-					   server's convenience */
-  retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
-  if (retval) {
-      com_err("uu-client", retval, "sending principal name to server");
-      return 8;
-  }
-
-  free(princ);
-
-  retval = krb5_write_message(context, (krb5_pointer) &s, &new_creds->ticket);
-  if (retval) {
-      com_err("uu-client", retval, "sending ticket to server");
-      return 8;
-  }
-
-  retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
-  if (retval) {
-      com_err("uu-client", retval, "reading reply from server");
-      return 9;
-  }
-
-  retval = krb5_auth_con_init(context, &auth_context);
-  if (retval) {
-      com_err("uu-client", retval, "initializing the auth_context");
-      return 9;
-  }
-
-  retval =
-      krb5_auth_con_genaddrs(context, auth_context, s,
-			     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
-			     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
-  if (retval) {
-      com_err("uu-client", retval, "generating addrs for auth_context");
-      	return 9;
+    retval = krb5_cc_default(context, &cc);
+    if (retval) {
+        com_err("uu-client", retval, "getting credentials cache");
+        return 6;
+    }
+
+    memset (&creds, 0, sizeof(creds));
+
+    retval = krb5_cc_get_principal(context, cc, &creds.client);
+    if (retval) {
+        com_err("uu-client", retval, "getting principal name");
+        return 6;
+    }
+
+    retval = krb5_unparse_name(context, creds.client, &princ);
+    if (retval) {
+        com_err("uu-client", retval, "printing principal name");
+        return 7;
     }
+    else
+        fprintf(stderr, "uu-client: client principal is \"%s\".\n", princ);
 
-  retval = krb5_auth_con_setflags(context, auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-  if (retval) {
-      com_err("uu-client", retval, "initializing the auth_context flags");
-      return 9;
-  }
+    retval = krb5_get_host_realm(context, hname, &srealms);
+    if (retval) {
+        com_err("uu-client", retval, "getting realms for \"%s\"", hname);
+        return 7;
+    }
 
-  retval = krb5_auth_con_setuseruserkey(context, auth_context,
-					&new_creds->keyblock);
-  if (retval) {
-      com_err("uu-client", retval, "setting useruserkey for authcontext");
-      return 9;
-  }
+    retval =
+        krb5_build_principal_ext(context, &creds.server,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->length,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->data,
+                                 6, "krbtgt",
+                                 krb5_princ_realm(context,
+                                                  creds.client)->length,
+                                 krb5_princ_realm(context,
+                                                  creds.client)->data,
+                                 0);
+    if (retval) {
+        com_err("uu-client", retval, "setting up tgt server name");
+        return 7;
+    }
+
+    /* Get TGT from credentials cache */
+    retval = krb5_get_credentials(context, KRB5_GC_CACHED, cc,
+                                  &creds, &new_creds);
+    if (retval) {
+        com_err("uu-client", retval, "getting TGT");
+        return 6;
+    }
+
+    i = strlen(princ) + 1;
+
+    fprintf(stderr, "uu-client: sending %d bytes\n",
+            new_creds->ticket.length + i);
+    princ_data.data = princ;
+    princ_data.length = i;                /* include null terminator for
+                                             server's convenience */
+    retval = krb5_write_message(context, (krb5_pointer) &s, &princ_data);
+    if (retval) {
+        com_err("uu-client", retval, "sending principal name to server");
+        return 8;
+    }
+
+    free(princ);
+
+    retval = krb5_write_message(context, (krb5_pointer) &s,
+                                &new_creds->ticket);
+    if (retval) {
+        com_err("uu-client", retval, "sending ticket to server");
+        return 8;
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+    if (retval) {
+        com_err("uu-client", retval, "reading reply from server");
+        return 9;
+    }
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval) {
+        com_err("uu-client", retval, "initializing the auth_context");
+        return 9;
+    }
+
+    retval =
+        krb5_auth_con_genaddrs(context, auth_context, s,
+                               KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+                               KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+    if (retval) {
+        com_err("uu-client", retval, "generating addrs for auth_context");
+        return 9;
+    }
+
+    retval = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (retval) {
+        com_err("uu-client", retval, "initializing the auth_context flags");
+        return 9;
+    }
+
+    retval = krb5_auth_con_setuseruserkey(context, auth_context,
+                                          &new_creds->keyblock);
+    if (retval) {
+        com_err("uu-client", retval, "setting useruserkey for authcontext");
+        return 9;
+    }
 
 #if 1
-  /* read the ap_req to get the session key */
-  retval = krb5_rd_req(context, &auth_context, &reply,
-		       NULL, NULL, NULL, &ticket);
-  free(reply.data);
+    /* read the ap_req to get the session key */
+    retval = krb5_rd_req(context, &auth_context, &reply,
+                         NULL, NULL, NULL, &ticket);
+    free(reply.data);
 #else
-  retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
-			 0, /* server */, 0, NULL, &ticket);
+    retval = krb5_recvauth(context, &auth_context, (krb5_pointer)&s, "???",
+                           0, /* server */, 0, NULL, &ticket);
 #endif
 
-  if (retval) {
-      com_err("uu-client", retval, "reading AP_REQ from server");
-      return 9;
-  }
-
-  retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
-  if (retval)
-      com_err("uu-client", retval, "while unparsing client name");
-  else {
-      printf("server is named \"%s\"\n", princ);
-      free(princ);
-  }
-
-  retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
-  if (retval) {
-      com_err("uu-client", retval, "reading reply from server");
-      return 9;
-  }
-
-  retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
-  if (retval) {
-      com_err("uu-client", retval, "decoding reply from server");
-      return 10;
-  }
-
-  printf ("uu-client: server says \"%s\".\n", msg.data);
-  return 0;
+    if (retval) {
+        com_err("uu-client", retval, "reading AP_REQ from server");
+        return 9;
+    }
+
+    retval = krb5_unparse_name(context, ticket->enc_part2->client, &princ);
+    if (retval)
+        com_err("uu-client", retval, "while unparsing client name");
+    else {
+        printf("server is named \"%s\"\n", princ);
+        free(princ);
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &s, &reply);
+    if (retval) {
+        com_err("uu-client", retval, "reading reply from server");
+        return 9;
+    }
+
+    retval = krb5_rd_safe(context, auth_context, &reply, &msg, NULL);
+    if (retval) {
+        com_err("uu-client", retval, "decoding reply from server");
+        return 10;
+    }
+
+    printf ("uu-client: server says \"%s\".\n", msg.data);
+    return 0;
 }
diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c
index 8a66bbd..25c7b10 100644
--- a/src/appl/user_user/server.c
+++ b/src/appl/user_user/server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * appl/user_user/server.c
  *
@@ -45,187 +46,188 @@
 /* fd 0 is a tcp socket used to talk to the client */
 
 int main(argc, argv)
-int argc;
-char *argv[];
+    int argc;
+    char *argv[];
 {
-  krb5_data pname_data, tkt_data;
-  int sock = 0;
-  socklen_t l;
-  int retval;
-  struct sockaddr_in l_inaddr, f_inaddr;	/* local, foreign address */
-  krb5_creds creds, *new_creds;
-  krb5_ccache cc;
-  krb5_data msgtext, msg;
-  krb5_context context;
+    krb5_data pname_data, tkt_data;
+    int sock = 0;
+    socklen_t l;
+    int retval;
+    struct sockaddr_in l_inaddr, f_inaddr;        /* local, foreign address */
+    krb5_creds creds, *new_creds;
+    krb5_ccache cc;
+    krb5_data msgtext, msg;
+    krb5_context context;
     krb5_auth_context auth_context = NULL;
 
 #ifndef DEBUG
-  freopen("/tmp/uu-server.log", "w", stderr);
+    freopen("/tmp/uu-server.log", "w", stderr);
 #endif
 
-  retval = krb5_init_context(&context);
-  if (retval) {
-	  com_err(argv[0], retval, "while initializing krb5");
-	  exit(1);
-  }
+    retval = krb5_init_context(&context);
+    if (retval) {
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
+    }
 
 #ifdef DEBUG
-  {
-      int one = 1;
-      int acc;
-      struct servent *sp;
-      socklen_t namelen = sizeof(f_inaddr);
-
-      if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
-	  com_err("uu-server", errno, "creating socket");
-	  exit(3);
-      }
-
-      l_inaddr.sin_family = AF_INET;
-      l_inaddr.sin_addr.s_addr = 0;
-      if (!(sp = getservbyname("uu-sample", "tcp"))) {
-	  com_err("uu-server", 0, "can't find uu-sample/tcp service");
-	  exit(3);
-      }
-      (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
-      l_inaddr.sin_port = sp->s_port;
-      if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
-	  com_err("uu-server", errno, "binding socket");
-	  exit(3);
-      }
-      if (listen(sock, 1) == -1) {
-	  com_err("uu-server", errno, "listening");
-	  exit(3);
-      }
-      if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
-	  com_err("uu-server", errno, "accepting");
-	  exit(3);
-      }
-      dup2(acc, 0);
-      close(sock);
-      sock = 0;
-  }
+    {
+        int one = 1;
+        int acc;
+        struct servent *sp;
+        socklen_t namelen = sizeof(f_inaddr);
+
+        if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+            com_err("uu-server", errno, "creating socket");
+            exit(3);
+        }
+
+        l_inaddr.sin_family = AF_INET;
+        l_inaddr.sin_addr.s_addr = 0;
+        if (!(sp = getservbyname("uu-sample", "tcp"))) {
+            com_err("uu-server", 0, "can't find uu-sample/tcp service");
+            exit(3);
+        }
+        (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof (one));
+        l_inaddr.sin_port = sp->s_port;
+        if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+            com_err("uu-server", errno, "binding socket");
+            exit(3);
+        }
+        if (listen(sock, 1) == -1) {
+            com_err("uu-server", errno, "listening");
+            exit(3);
+        }
+        if ((acc = accept(sock, (struct sockaddr *)&f_inaddr, &namelen)) == -1) {
+            com_err("uu-server", errno, "accepting");
+            exit(3);
+        }
+        dup2(acc, 0);
+        close(sock);
+        sock = 0;
+    }
 #endif
 
-  retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
-  if (retval) {
-      com_err ("uu-server", retval, "reading pname");
-      return 2;
-  }
-
-  retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
-  if (retval) {
-      com_err ("uu-server", retval, "reading ticket data");
-      return 2;
-  }
-
-  retval = krb5_cc_default(context, &cc);
-  if (retval) {
-      com_err("uu-server", retval, "getting credentials cache");
-      return 4;
-  }
-
-  memset (&creds, 0, sizeof(creds));
-  retval = krb5_cc_get_principal(context, cc, &creds.client);
-  if (retval) {
-      com_err("uu-client", retval, "getting principal name");
-      return 6;
-  }
-
-  /* client sends it already null-terminated. */
-  printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
-
-  retval = krb5_parse_name(context, pname_data.data, &creds.server);
-  if (retval) {
-      com_err("uu-server", retval, "parsing client name");
-      return 3;
-  }
-
-  creds.second_ticket = tkt_data;
-  printf ("uu-server: client ticket is %d bytes.\n",
-	  creds.second_ticket.length);
-
-  retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
-				&creds, &new_creds);
-  if (retval) {
-      com_err("uu-server", retval, "getting user-user ticket");
-      return 5;
-  }
+    retval = krb5_read_message(context, (krb5_pointer) &sock, &pname_data);
+    if (retval) {
+        com_err ("uu-server", retval, "reading pname");
+        return 2;
+    }
+
+    retval = krb5_read_message(context, (krb5_pointer) &sock, &tkt_data);
+    if (retval) {
+        com_err ("uu-server", retval, "reading ticket data");
+        return 2;
+    }
+
+    retval = krb5_cc_default(context, &cc);
+    if (retval) {
+        com_err("uu-server", retval, "getting credentials cache");
+        return 4;
+    }
+
+    memset (&creds, 0, sizeof(creds));
+    retval = krb5_cc_get_principal(context, cc, &creds.client);
+    if (retval) {
+        com_err("uu-client", retval, "getting principal name");
+        return 6;
+    }
+
+    /* client sends it already null-terminated. */
+    printf ("uu-server: client principal is \"%s\".\n", pname_data.data);
+
+    retval = krb5_parse_name(context, pname_data.data, &creds.server);
+    if (retval) {
+        com_err("uu-server", retval, "parsing client name");
+        return 3;
+    }
+
+    creds.second_ticket = tkt_data;
+    printf ("uu-server: client ticket is %d bytes.\n",
+            creds.second_ticket.length);
+
+    retval = krb5_get_credentials(context, KRB5_GC_USER_USER, cc,
+                                  &creds, &new_creds);
+    if (retval) {
+        com_err("uu-server", retval, "getting user-user ticket");
+        return 5;
+    }
 
 #ifndef DEBUG
-  l = sizeof(f_inaddr);
-  if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1)
+    l = sizeof(f_inaddr);
+    if (getpeername(0, (struct sockaddr *)&f_inaddr, &l) == -1)
     {
-      com_err("uu-server", errno, "getting client address");
-      return 6;
+        com_err("uu-server", errno, "getting client address");
+        return 6;
     }
 #endif
-  l = sizeof(l_inaddr);
-  if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1)
+    l = sizeof(l_inaddr);
+    if (getsockname(0, (struct sockaddr *)&l_inaddr, &l) == -1)
     {
-      com_err("uu-server", errno, "getting local address");
-      return 6;
-    }
-
-  /* send a ticket/authenticator to the other side, so it can get the key
-     we're using for the krb_safe below. */
-
-  retval = krb5_auth_con_init(context, &auth_context);
-  if (retval) {
-      com_err("uu-server", retval, "making auth_context");
-      return 8;
-  }
-
-  retval = krb5_auth_con_setflags(context, auth_context,
-				  KRB5_AUTH_CONTEXT_DO_SEQUENCE);
-  if (retval) {
-      com_err("uu-server", retval, "initializing the auth_context flags");
-      return 8;
-  }
-
-  retval =
-      krb5_auth_con_genaddrs(context, auth_context, sock,
-			     KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
-			     KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
-  if (retval) {
-      com_err("uu-server", retval, "generating addrs for auth_context");
-      return 9;
-  }
+        com_err("uu-server", errno, "getting local address");
+        return 6;
+    }
+
+    /* send a ticket/authenticator to the other side, so it can get the key
+       we're using for the krb_safe below. */
+
+    retval = krb5_auth_con_init(context, &auth_context);
+    if (retval) {
+        com_err("uu-server", retval, "making auth_context");
+        return 8;
+    }
+
+    retval = krb5_auth_con_setflags(context, auth_context,
+                                    KRB5_AUTH_CONTEXT_DO_SEQUENCE);
+    if (retval) {
+        com_err("uu-server", retval, "initializing the auth_context flags");
+        return 8;
+    }
+
+    retval =
+        krb5_auth_con_genaddrs(context, auth_context, sock,
+                               KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR |
+                               KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR);
+    if (retval) {
+        com_err("uu-server", retval, "generating addrs for auth_context");
+        return 9;
+    }
 
 #if 1
-  retval = krb5_mk_req_extended(context, &auth_context,
-				AP_OPTS_USE_SESSION_KEY,
-				NULL, new_creds, &msg);
-  if (retval) {
-      com_err("uu-server", retval, "making AP_REQ");
-      return 8;
-  }
-  retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+    retval = krb5_mk_req_extended(context, &auth_context,
+                                  AP_OPTS_USE_SESSION_KEY,
+                                  NULL, new_creds, &msg);
+    if (retval) {
+        com_err("uu-server", retval, "making AP_REQ");
+        return 8;
+    }
+    retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
 #else
-  retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock,"???", 0,
-			 0, AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
-			 NULL, &creds, cc, NULL, NULL, NULL);
+    retval = krb5_sendauth(context, &auth_context, (krb5_pointer)&sock, "???",
+                           0, 0,
+                           AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SESSION_KEY,
+                           NULL, &creds, cc, NULL, NULL, NULL);
 #endif
-  if (retval)
-      goto cl_short_wrt;
+    if (retval)
+        goto cl_short_wrt;
 
-  free(msg.data);
+    free(msg.data);
 
-  msgtext.length = 32;
-  msgtext.data = "Hello, other end of connection.";
+    msgtext.length = 32;
+    msgtext.data = "Hello, other end of connection.";
 
-  retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
-  if (retval) {
-      com_err("uu-server", retval, "encoding message to client");
-      return 6;
-  }
+    retval = krb5_mk_safe(context, auth_context, &msgtext, &msg, NULL);
+    if (retval) {
+        com_err("uu-server", retval, "encoding message to client");
+        return 6;
+    }
 
-  retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
-  if (retval) {
-  cl_short_wrt:
-      com_err("uu-server", retval, "writing message to client");
-      return 7;
-  }
+    retval = krb5_write_message(context, (krb5_pointer) &sock, &msg);
+    if (retval) {
+    cl_short_wrt:
+        com_err("uu-server", retval, "writing message to client");
+        return 7;
+    }
 
-  return 0;
+    return 0;
 }
diff --git a/src/ccapi/Makefile.in b/src/ccapi/Makefile.in
index 85e81f6..43d5fc0 100644
--- a/src/ccapi/Makefile.in
+++ b/src/ccapi/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=ccapi
 mydir=ccapi
 BUILDTOP=$(REL)..
 
diff --git a/src/ccapi/common/Makefile.in b/src/ccapi/common/Makefile.in
index cc5d5c0..7693485 100644
--- a/src/ccapi/common/Makefile.in
+++ b/src/ccapi/common/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=ccapi/common
 mydir=ccapi/common
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS=unix
@@ -39,29 +37,29 @@ clean-unix:: clean-libobjs
 # the Makefile.in file
 #
 cci_array_internal.so cci_array_internal.po $(OUTPRE)cci_array_internal.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_array_internal.c cci_array_internal.h cci_common.h \
   cci_cred_union.h cci_debugging.h cci_identifier.h cci_message.h \
   cci_stream.h cci_types.h
 cci_cred_union.so cci_cred_union.po $(OUTPRE)cci_cred_union.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_common.h cci_cred_union.c cci_cred_union.h cci_debugging.h \
   cci_identifier.h cci_message.h cci_stream.h cci_types.h
 cci_debugging.so cci_debugging.po $(OUTPRE)cci_debugging.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_common.h cci_cred_union.h cci_debugging.c cci_debugging.h \
   cci_identifier.h cci_message.h cci_os_debugging.h cci_stream.h \
   cci_types.h
 cci_identifier.so cci_identifier.po $(OUTPRE)cci_identifier.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.c \
   cci_identifier.h cci_message.h cci_os_identifier.h \
   cci_stream.h cci_types.h
 cci_message.so cci_message.po $(OUTPRE)cci_message.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.h \
   cci_message.c cci_message.h cci_stream.h cci_types.h
 cci_stream.so cci_stream.po $(OUTPRE)cci_stream.$(OBJEXT): \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
   cci_common.h cci_cred_union.h cci_debugging.h cci_identifier.h \
   cci_message.h cci_stream.c cci_stream.h cci_types.h
diff --git a/src/ccapi/common/unix/Makefile.in b/src/ccapi/common/unix/Makefile.in
index 1c2aceb..4b176fc 100644
--- a/src/ccapi/common/unix/Makefile.in
+++ b/src/ccapi/common/unix/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=ccapi/common/unix
 mydir=ccapi/common/unix
 BUILDTOP=$(REL)..$(S)..$(S)..
 
diff --git a/src/ccapi/lib/Makefile.in b/src/ccapi/lib/Makefile.in
index 89cec5b..1e2e13d 100644
--- a/src/ccapi/lib/Makefile.in
+++ b/src/ccapi/lib/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=ccapi/lib
 mydir=ccapi/lib
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS=unix
diff --git a/src/ccapi/lib/deps b/src/ccapi/lib/deps
index 70c5269..ad996d9 100644
--- a/src/ccapi/lib/deps
+++ b/src/ccapi/lib/deps
@@ -2,27 +2,27 @@
 # Generated makefile dependencies follow.
 #
 ccapi_ccache.so ccapi_ccache.po $(OUTPRE)ccapi_ccache.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_ccache.c ccapi_ccache.h ccapi_credentials.h ccapi_credentials_iterator.h \
   ccapi_ipc.h ccapi_string.h
 ccapi_ccache_iterator.so ccapi_ccache_iterator.po $(OUTPRE)ccapi_ccache_iterator.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_ccache.h ccapi_ccache_iterator.c ccapi_ccache_iterator.h \
   ccapi_ipc.h
 ccapi_context.so ccapi_context.po $(OUTPRE)ccapi_context.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -31,26 +31,26 @@ ccapi_context.so ccapi_context.po $(OUTPRE)ccapi_context.$(OBJEXT): \
   ccapi_ipc.h ccapi_string.h
 ccapi_context_change_time.so ccapi_context_change_time.po \
   $(OUTPRE)ccapi_context_change_time.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_context_change_time.c ccapi_context_change_time.h
 ccapi_credentials.so ccapi_credentials.po $(OUTPRE)ccapi_credentials.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_credentials.c ccapi_credentials.h ccapi_string.h
 ccapi_credentials_iterator.so ccapi_credentials_iterator.po \
   $(OUTPRE)ccapi_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -59,25 +59,25 @@ ccapi_credentials_iterator.so ccapi_credentials_iterator.po \
 ccapi_err.so ccapi_err.po $(OUTPRE)ccapi_err.$(OBJEXT): \
   $(COM_ERR_DEPS) ccapi_err.c
 ccapi_ipc.so ccapi_ipc.po $(OUTPRE)ccapi_ipc.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_ipc.c ccapi_ipc.h ccapi_os_ipc.h
 ccapi_string.so ccapi_string.po $(OUTPRE)ccapi_string.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
   ccapi_string.c ccapi_string.h
 ccapi_v2.so ccapi_v2.po $(OUTPRE)ccapi_v2.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
diff --git a/src/ccapi/lib/unix/Makefile.in b/src/ccapi/lib/unix/Makefile.in
index 383159f..8a043c9 100644
--- a/src/ccapi/lib/unix/Makefile.in
+++ b/src/ccapi/lib/unix/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=ccapi/lib/unix
 mydir=ccapi/lib/unix
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES= -I$(srcdir)/.. -I$(srcdir)/../../common
diff --git a/src/ccapi/server/Makefile.in b/src/ccapi/server/Makefile.in
index 17c7959..0ca140b 100644
--- a/src/ccapi/server/Makefile.in
+++ b/src/ccapi/server/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=ccapi/server
 mydir=ccapi/server
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS=unix
diff --git a/src/ccapi/server/deps b/src/ccapi/server/deps
index 29d4244..31582f5 100644
--- a/src/ccapi/server/deps
+++ b/src/ccapi/server/deps
@@ -2,9 +2,9 @@
 # Generated makefile dependencies follow.
 #
 ccs_array.so ccs_array.po $(OUTPRE)ccs_array.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
   $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
   $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
@@ -14,9 +14,9 @@ ccs_array.so ccs_array.po $(OUTPRE)ccs_array.$(OBJEXT): \
   ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \
   ccs_pipe.h ccs_server.h ccs_types.h
 ccs_cache_collection.so ccs_cache_collection.po $(OUTPRE)ccs_cache_collection.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -26,9 +26,9 @@ ccs_cache_collection.so ccs_cache_collection.po $(OUTPRE)ccs_cache_collection.$(
   ccs_list.h ccs_lock.h ccs_lock_state.h ccs_os_notify.h \
   ccs_pipe.h ccs_server.h ccs_types.h
 ccs_callback.so ccs_callback.po $(OUTPRE)ccs_callback.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -38,9 +38,9 @@ ccs_callback.so ccs_callback.po $(OUTPRE)ccs_callback.$(OBJEXT): \
   ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
   ccs_types.h
 ccs_ccache.so ccs_ccache.po $(OUTPRE)ccs_ccache.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -50,9 +50,9 @@ ccs_ccache.so ccs_ccache.po $(OUTPRE)ccs_ccache.$(OBJEXT): \
   ccs_lock.h ccs_lock_state.h ccs_os_notify.h ccs_pipe.h \
   ccs_server.h ccs_types.h
 ccs_ccache_iterator.so ccs_ccache_iterator.po $(OUTPRE)ccs_ccache_iterator.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -62,9 +62,9 @@ ccs_ccache_iterator.so ccs_ccache_iterator.po $(OUTPRE)ccs_ccache_iterator.$(OBJ
   ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
   ccs_types.h
 ccs_client.so ccs_client.po $(OUTPRE)ccs_client.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -74,9 +74,9 @@ ccs_client.so ccs_client.po $(OUTPRE)ccs_client.$(OBJEXT): \
   ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
   ccs_types.h
 ccs_credentials.so ccs_credentials.po $(OUTPRE)ccs_credentials.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -87,9 +87,9 @@ ccs_credentials.so ccs_credentials.po $(OUTPRE)ccs_credentials.$(OBJEXT): \
   ccs_types.h
 ccs_credentials_iterator.so ccs_credentials_iterator.po \
   $(OUTPRE)ccs_credentials_iterator.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -99,9 +99,9 @@ ccs_credentials_iterator.so ccs_credentials_iterator.po \
   ccs_list.h ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
   ccs_types.h
 ccs_list.so ccs_list.po $(OUTPRE)ccs_list.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
   $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
   $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
@@ -111,9 +111,9 @@ ccs_list.so ccs_list.po $(OUTPRE)ccs_list.$(OBJEXT): \
   ccs_list.c ccs_list.h ccs_list_internal.h ccs_lock.h \
   ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
 ccs_list_internal.so ccs_list_internal.po $(OUTPRE)ccs_list_internal.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_array_internal.h $(srcdir)/../common/cci_common.h \
   $(srcdir)/../common/cci_cred_union.h $(srcdir)/../common/cci_debugging.h \
   $(srcdir)/../common/cci_identifier.h $(srcdir)/../common/cci_message.h \
@@ -124,9 +124,9 @@ ccs_list_internal.so ccs_list_internal.po $(OUTPRE)ccs_list_internal.$(OBJEXT):
   ccs_lock.h ccs_lock_state.h ccs_pipe.h ccs_server.h \
   ccs_types.h
 ccs_lock.so ccs_lock.po $(OUTPRE)ccs_lock.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -135,9 +135,9 @@ ccs_lock.so ccs_lock.po $(OUTPRE)ccs_lock.$(OBJEXT): \
   ccs_credentials_iterator.h ccs_list.h ccs_lock.c ccs_lock.h \
   ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
 ccs_lock_state.so ccs_lock_state.po $(OUTPRE)ccs_lock_state.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -146,9 +146,9 @@ ccs_lock_state.so ccs_lock_state.po $(OUTPRE)ccs_lock_state.$(OBJEXT): \
   ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.c \
   ccs_lock_state.h ccs_pipe.h ccs_server.h ccs_types.h
 ccs_pipe.so ccs_pipe.po $(OUTPRE)ccs_pipe.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
@@ -157,9 +157,9 @@ ccs_pipe.so ccs_pipe.po $(OUTPRE)ccs_pipe.$(OBJEXT): \
   ccs_credentials_iterator.h ccs_list.h ccs_lock.h ccs_lock_state.h \
   ccs_os_pipe.h ccs_pipe.c ccs_pipe.h ccs_server.h ccs_types.h
 ccs_server.so ccs_server.po $(OUTPRE)ccs_server.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/CredentialsCache2.h $(SRCTOP)/include/k5-ipc_stream.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(BUILDTOP)/include/autoconf.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/CredentialsCache2.h $(top_srcdir)/include/k5-ipc_stream.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   $(srcdir)/../common/cci_common.h $(srcdir)/../common/cci_cred_union.h \
   $(srcdir)/../common/cci_debugging.h $(srcdir)/../common/cci_identifier.h \
   $(srcdir)/../common/cci_message.h $(srcdir)/../common/cci_types.h \
diff --git a/src/ccapi/server/unix/Makefile.in b/src/ccapi/server/unix/Makefile.in
index 9f0ae74..5268260 100644
--- a/src/ccapi/server/unix/Makefile.in
+++ b/src/ccapi/server/unix/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=ccapi/server/unix
 mydir=ccapi/server/unix
 BUILDTOP=$(REL)..$(S)..$(S)..
 
diff --git a/src/ccapi/test/Makefile.in b/src/ccapi/test/Makefile.in
index 9edab53..175e06b 100644
--- a/src/ccapi/test/Makefile.in
+++ b/src/ccapi/test/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..$(S)..
-myfulldir=ccapi$(S)test
 mydir=ccapi$(S)test
 BUILDTOP=..$(S)..
 CCAPI=$(BUILDTOP)$(S)CCAPI
diff --git a/src/clients/Makefile.in b/src/clients/Makefile.in
index 3a6af6e..891da9e 100644
--- a/src/clients/Makefile.in
+++ b/src/clients/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=clients
 mydir=clients
 BUILDTOP=$(REL)..
 
diff --git a/src/clients/kcpytkt/Makefile.in b/src/clients/kcpytkt/Makefile.in
index 882b93d..38cc438 100644
--- a/src/clients/kcpytkt/Makefile.in
+++ b/src/clients/kcpytkt/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=clients/kcpytkt
 mydir=kcpytkt
 BUILDTOP=$(REL)..$(S)..
 
@@ -7,7 +5,7 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KCPYTKT=$(OUTPRE)kcpytkt.exe
 
diff --git a/src/clients/kdeltkt/Makefile.in b/src/clients/kdeltkt/Makefile.in
index fece6d8..c6ff57c 100644
--- a/src/clients/kdeltkt/Makefile.in
+++ b/src/clients/kdeltkt/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=clients/kdeltkt
 mydir=kvno
 BUILDTOP=$(REL)..$(S)..
 
@@ -7,7 +5,7 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KDELTKT=$(OUTPRE)kdeltkt.exe
 
diff --git a/src/clients/kdestroy/Makefile.in b/src/clients/kdestroy/Makefile.in
index 00b8f58..64a2dff 100644
--- a/src/clients/kdestroy/Makefile.in
+++ b/src/clients/kdestroy/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/kdestroy
 mydir=clients/kdestroy
 BUILDTOP=$(REL)..$(S)..
 DEFS=
@@ -10,7 +8,7 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KDESTROY=$(OUTPRE)kdestroy.exe
 
diff --git a/src/clients/kdestroy/deps b/src/clients/kdestroy/deps
index e0ec42e..8ce5aa5 100644
--- a/src/clients/kdestroy/deps
+++ b/src/clients/kdestroy/deps
@@ -2,5 +2,5 @@
 # Generated makefile dependencies follow.
 #
 $(OUTPRE)kdestroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   kdestroy.c
diff --git a/src/clients/kinit/Makefile.in b/src/clients/kinit/Makefile.in
index a2b928f..2787941 100644
--- a/src/clients/kinit/Makefile.in
+++ b/src/clients/kinit/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/kinit
 mydir=clients/kinit
 BUILDTOP=$(REL)..$(S)..
 DEFS=
@@ -13,7 +11,7 @@ SRCS=kinit.c
 ##WIN32##DEFINES=-DGETOPT_LONG
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KINIT=$(OUTPRE)kinit.exe
 
diff --git a/src/clients/kinit/deps b/src/clients/kinit/deps
index 144fe22..0b23bf3 100644
--- a/src/clients/kinit/deps
+++ b/src/clients/kinit/deps
@@ -2,6 +2,6 @@
 # Generated makefile dependencies follow.
 #
 $(OUTPRE)kinit.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
   kinit.c
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index 96bb9cd..fdfae88 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -629,6 +629,9 @@ k5_kinit(opts, k5)
             goto cleanup;
         }
     }
+    code = krb5_get_init_creds_opt_set_out_ccache(k5->ctx, options, k5->cc);
+    if (code)
+        goto cleanup;
 
     switch (opts->action) {
     case INIT_PW:
@@ -678,20 +681,21 @@ k5_kinit(opts, k5)
         goto cleanup;
     }
 
-    code = krb5_cc_initialize(k5->ctx, k5->cc,
-                              opts->canonicalize ? my_creds.client : k5->me);
-    if (code) {
-        com_err(progname, code, "when initializing cache %s",
-                opts->k5_cache_name?opts->k5_cache_name:"");
-        goto cleanup;
-    }
+    if ((opts->action != INIT_PW) && (opts->action != INIT_KT)) {
+        code = krb5_cc_initialize(k5->ctx, k5->cc, opts->canonicalize ?
+                                  my_creds.client : k5->me);
+        if (code) {
+            com_err(progname, code, "when initializing cache %s",
+                    opts->k5_cache_name?opts->k5_cache_name:"");
+            goto cleanup;
+        }
 
-    code = krb5_cc_store_cred(k5->ctx, k5->cc, &my_creds);
-    if (code) {
-        com_err(progname, code, "while storing credentials");
-        goto cleanup;
+        code = krb5_cc_store_cred(k5->ctx, k5->cc, &my_creds);
+        if (code) {
+            com_err(progname, code, "while storing credentials");
+            goto cleanup;
+        }
     }
-
     notix = 0;
 
 cleanup:
diff --git a/src/clients/klist/Makefile.in b/src/clients/klist/Makefile.in
index 56e9b39..af43750 100644
--- a/src/clients/klist/Makefile.in
+++ b/src/clients/klist/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/klist
 mydir=clients/klist
 BUILDTOP=$(REL)..$(S)..
 DEFS=
@@ -10,7 +8,7 @@ PROG_RPATH=$(KRB5_LIBDIR)
 SRCS = klist.c
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KLIST=$(OUTPRE)klist.exe
 
diff --git a/src/clients/klist/deps b/src/clients/klist/deps
index 6f211b1..b90ea22 100644
--- a/src/clients/klist/deps
+++ b/src/clients/klist/deps
@@ -2,7 +2,7 @@
 # Generated makefile dependencies follow.
 #
 $(OUTPRE)klist.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h klist.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h klist.c
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 1a6309e..df4dbd5 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -284,7 +284,7 @@ void do_keytab(name)
         if (show_keys) {
             printf(" (0x");
             {
-                int i;
+                unsigned int i;
                 for (i = 0; i < entry.key.length; i++)
                     printf("%02x", entry.key.contents[i]);
             }
@@ -382,6 +382,8 @@ void do_ccache(name)
         exit(1);
     }
     while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
+        if (krb5_is_config_principal(kcontext, creds.server))
+            continue;
         if (status_only) {
             if (exit_status && creds.server->length == 2 &&
                 strcmp(creds.server->realm.data, princ->realm.data) == 0 &&
diff --git a/src/clients/kpasswd/Makefile.in b/src/clients/kpasswd/Makefile.in
index aeed903..d53b922 100644
--- a/src/clients/kpasswd/Makefile.in
+++ b/src/clients/kpasswd/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/kpasswd
 mydir=clients/kpasswd
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
@@ -18,7 +16,7 @@ kpasswd.o:	$(srcdir)/kpasswd.c
 ksetpwd.o:	$(srcdir)/ksetpwd.c
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KPWD=$(OUTPRE)kpasswd.exe
 
diff --git a/src/clients/kpasswd/deps b/src/clients/kpasswd/deps
index 6a78931..653fca9 100644
--- a/src/clients/kpasswd/deps
+++ b/src/clients/kpasswd/deps
@@ -2,9 +2,9 @@
 # Generated makefile dependencies follow.
 #
 $(OUTPRE)kpasswd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   kpasswd.c
 $(OUTPRE)ksetpwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
   ksetpwd.c
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
index e919098..daf9059 100644
--- a/src/clients/ksu/Makefile.in
+++ b/src/clients/ksu/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/ksu
 mydir=clients/ksu
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
diff --git a/src/clients/ksu/deps b/src/clients/ksu/deps
index 0d5d34d..165fc1d 100644
--- a/src/clients/ksu/deps
+++ b/src/clients/ksu/deps
@@ -3,69 +3,69 @@
 #
 $(OUTPRE)krb_auth_su.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-util.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   krb_auth_su.c ksu.h
 $(OUTPRE)ccache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ccache.c ksu.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ccache.c ksu.h
 $(OUTPRE)authorization.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-util.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   authorization.c ksu.h
 $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ksu.h main.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-util.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ksu.h main.c
 $(OUTPRE)heuristic.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-util.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   heuristic.c ksu.h
 $(OUTPRE)xmalloc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-util.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ksu.h xmalloc.c
 $(OUTPRE)setenv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   setenv.c
diff --git a/src/clients/kvno/Makefile.in b/src/clients/kvno/Makefile.in
index 23841c0..bbbb79c 100644
--- a/src/clients/kvno/Makefile.in
+++ b/src/clients/kvno/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=clients/kvno
 mydir=clients/kvno
 BUILDTOP=$(REL)..$(S)..
 DEFS=
@@ -10,7 +8,7 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 ##WIN32##VERSIONRC = $(BUILDTOP)\windows\version.rc
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##KVNO=$(OUTPRE)kvno.exe
 
diff --git a/src/clients/kvno/deps b/src/clients/kvno/deps
index 8c698e3..4e0feac 100644
--- a/src/clients/kvno/deps
+++ b/src/clients/kvno/deps
@@ -3,11 +3,11 @@
 #
 $(OUTPRE)kvno.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kvno.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kvno.c
diff --git a/src/config-files/Makefile.in b/src/config-files/Makefile.in
index ad2b999..265a439 100644
--- a/src/config-files/Makefile.in
+++ b/src/config-files/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=config-files
 mydir=config-files
 BUILDTOP=$(REL)..
 all::
diff --git a/src/config/lib.in b/src/config/lib.in
index 22277cb..66422e0 100644
--- a/src/config/lib.in
+++ b/src/config/lib.in
@@ -153,8 +153,8 @@ install-profiled:
 	$(INSTALL_DATA) lib$(LIBBASE)$(PFLIBEXT) $(DESTDIR)$(KRB5_LIBDIR)
 	$(RANLIB) $(DESTDIR)$(KRB5_LIBDIR)/lib$(LIBBASE)$(PFLIBEXT)
 
-Makefile: $(SRCTOP)/config/lib.in
-$(thisconfigdir)/config.status: $(SRCTOP)/config/shlib.conf
+Makefile: $(top_srcdir)/config/lib.in
+$(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf
 
 # Use the following if links need to be made to $(TOPLIBD):
 # all-unix:: all-liblinks
diff --git a/src/config/libnover.in b/src/config/libnover.in
index 4aa419a..458bccc 100644
--- a/src/config/libnover.in
+++ b/src/config/libnover.in
@@ -111,8 +111,8 @@ install-plugin:
 	$(RM) $(DESTDIR)$(MODULE_INSTALL_DIR)/$(LIBBASE)$(DYNOBJEXT)
 	$(INSTALL_SHLIB) $(LIBBASE)$(DYNOBJEXT) $(DESTDIR)$(MODULE_INSTALL_DIR)
 
-Makefile: $(SRCTOP)/config/libnover.in
-$(thisconfigdir)/config.status: $(SRCTOP)/config/shlib.conf
+Makefile: $(top_srcdir)/config/libnover.in
+$(BUILDTOP)/config.status: $(top_srcdir)/config/shlib.conf
 
 # Use the following if links need to be made to $(TOPLIBD):
 # all-unix:: all-liblinks
diff --git a/src/config/libobj.in b/src/config/libobj.in
index 7d306cd..aa913f0 100644
--- a/src/config/libobj.in
+++ b/src/config/libobj.in
@@ -32,8 +32,8 @@ all-libobjs: $(OBJLISTS)
 clean-libobjs:
 	$(RM) OBJS.ST OBJS.SH OBJS.PF $(STLIBOBJS) $(SHLIBOBJS) $(PFLIBOBJS)
 
-Makefile: $(SRCTOP)/config/libobj.in
-config.status: $(SRCTOP)/config/shlib.conf
+Makefile: $(top_srcdir)/config/libobj.in
+config.status: $(top_srcdir)/config/shlib.conf
 
 # clean-unix:: clean-libobjs
 # all-unix:: all-libobjs
diff --git a/src/config/post.in b/src/config/post.in
index 023fd47..a279d04 100644
--- a/src/config/post.in
+++ b/src/config/post.in
@@ -87,25 +87,24 @@ depend-dependencies:
 # NOTE: This will also generate spurious $(OUTPRE) and $(OBJEXT)
 # references in rules for non-library objects in a directory where
 # library objects happen to be built.  It's mostly harmless.
-.depend: .d $(SRCTOP)/util/depfix.pl
-	x=`$(CC) -print-libgcc-file-name` ; \
-	perl $(SRCTOP)/util/depfix.pl \
-		'$(SRCTOP)' '$(myfulldir)' '$(srcdir)' '$(BUILDTOP)' "$$x" '$(STLIBOBJS)' \
-		< .d > .depend
+.depend: .d $(top_srcdir)/util/depfix.pl
+	perl $(top_srcdir)/util/depfix.pl '$(top_srcdir)' '$(mydir)' \
+		'$(srcdir)' '$(BUILDTOP)' '$(STLIBOBJS)' < .d > .depend
 
 # Temporarily keep the rule for removing the dependency line eater
 # until we're sure we've gotten everything converted and excised the
 # old stuff from Makefile.in files.
 depend-update-makefile: .depend depend-recurse
-	if test -n "$(SRCS)" ; then \
+	if test "$(ALL_DEP_SRCS)" != " " ; then \
 		$(CP) .depend $(srcdir)/deps.new ; \
 	else \
 		echo "# No dependencies here." > $(srcdir)/deps.new ; \
 	fi
-	$(SRCTOP)/config/move-if-changed $(srcdir)/deps.new $(srcdir)/deps
+	$(top_srcdir)/config/move-if-changed $(srcdir)/deps.new $(srcdir)/deps
 	sed -e '/^# +++ Dependency line eater +++/,$$d' \
 		< $(srcdir)/Makefile.in > $(srcdir)/Makefile.in.new
-	$(SRCTOP)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in
+	$(top_srcdir)/config/move-if-changed $(srcdir)/Makefile.in.new \
+		$(srcdir)/Makefile.in
 
 DEPTARGETS = .depend .d .dtmp $(DEP_VERIFY)
 DEPTARGETS_CLEAN = .depend .d .dtmp $(DEPTARGETS_@srcdir@_@CONFIG_RELTOPDIR@)
@@ -122,7 +121,7 @@ undepend-postrecurse: undepend-recurse
 			> $(srcdir)/Makefile.in.new ;\
 		echo "# +++ Dependency line eater +++" >> $(srcdir)/Makefile.in.new ;\
 		echo "# (dependencies temporarily removed)" >> $(srcdir)/Makefile.in.new ;\
-		$(SRCTOP)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in;\
+		$(top_srcdir)/config/move-if-changed $(srcdir)/Makefile.in.new $(srcdir)/Makefile.in;\
 	else :; fi
 
 #
@@ -133,7 +132,7 @@ clean:: clean-$(WHAT)
 
 clean-unix::
 	$(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES) et-[ch]-*.et et-[ch]-*.[ch]
-	-$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
+	-$(RM) -r $(top_srcdir)/autom4te.cache
 
 clean-windows::
 	$(RM) *.$(OBJEXT)
@@ -150,24 +149,23 @@ distclean-postrecurse: distclean-nuke-configure-state
 
 Makefiles-prerecurse: Makefile
 
-# thisconfigdir = relative path from this Makefile to config.status
-# mydir = relative path from config.status to this Makefile
-Makefile: $(srcdir)/Makefile.in $(srcdir)/deps $(thisconfigdir)/config.status \
-		$(SRCTOP)/config/pre.in $(SRCTOP)/config/post.in
-	cd $(thisconfigdir) && $(SHELL) config.status $(mydir)/Makefile
-$(thisconfigdir)/config.status: $(srcdir)/$(thisconfigdir)/configure
-	cd $(thisconfigdir) && $(SHELL) config.status --recheck
+# mydir = relative path from top to this Makefile
+Makefile: $(srcdir)/Makefile.in $(srcdir)/deps $(BUILDTOP)/config.status \
+		$(top_srcdir)/config/pre.in $(top_srcdir)/config/post.in
+	cd $(BUILDTOP) && $(SHELL) config.status $(mydir)/Makefile
+$(BUILDTOP)/config.status: $(top_srcdir)/configure
+	cd $(BUILDTOP) && $(SHELL) config.status --recheck
 # autom4te.cache supposedly improves performance with multiple runs, but
 # it breaks across versions, and around MIT we've got plenty of version
 # mixing.  So nuke it.
-$(srcdir)/$(thisconfigdir)/configure: @MAINT@ \
-		$(srcdir)/$(thisconfigdir)/configure.in \
-		$(SRCTOP)/patchlevel.h \
-		$(SRCTOP)/aclocal.m4
-	-$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
-	cd $(srcdir)/$(thisconfigdir) && \
+$(top_srcdir)/configure: @MAINT@ \
+		$(top_srcdir)/configure.in \
+		$(top_srcdir)/patchlevel.h \
+		$(top_srcdir)/aclocal.m4
+	-$(RM) -r $(top_srcdir)/autom4te.cache
+	cd $(top_srcdir) && \
 		$(AUTOCONF) --include=$(CONFIG_RELTOPDIR) $(AUTOCONFFLAGS)
-	-$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
+	-$(RM) -r $(top_srcdir)/autom4te.cache
 
 RECURSE_TARGETS=all-recurse clean-recurse distclean-recurse install-recurse \
 	generate-files-mac-recurse \
diff --git a/src/config/pre.in b/src/config/pre.in
index 4159824..34bb752 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -138,7 +138,6 @@ S=/
 
 #
 srcdir = @srcdir@
-SRCTOP = @srcdir@/$(BUILDTOP)
 top_srcdir = @top_srcdir@
 VPATH = @srcdir@
 CONFIG_RELTOPDIR = @CONFIG_RELTOPDIR@
@@ -175,7 +174,7 @@ CC = @CC@
 CXX = @CXX@
 LD = $(PURE) @LD@
 DEPLIBS = @DEPLIBS@
-KRB_INCLUDES = -I$(BUILDTOP)/include -I$(SRCTOP)/include
+KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
 LDFLAGS = @LDFLAGS@
 LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PREFIX@
 LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
@@ -229,7 +228,7 @@ KRB5_INCSUBDIRS = \
 # XXX check which of these are actually used!
 #
 TESTDIR		= $(BUILDTOP)/kadmin/testing
-STESTDIR	= $(SRCTOP)/kadmin/testing
+STESTDIR	= $(top_srcdir)/kadmin/testing
 COMPARE_DUMP	= $(TESTDIR)/scripts/compare_dump.pl
 INITDB		= $(STESTDIR)/scripts/init_db
 MAKE_KEYTAB	= $(TESTDIR)/scripts/make-host-keytab.pl
@@ -273,7 +272,7 @@ AUTOCONF = autoconf
 AUTOCONFFLAGS =
 AUTOHEADER = autoheader
 AUTOHEADERFLAGS =
-MOVEIFCHANGED = $(SRCTOP)/config/move-if-changed
+MOVEIFCHANGED = $(top_srcdir)/config/move-if-changed
 
 SHEXT = @SHEXT@
 STEXT=@STEXT@
@@ -413,7 +412,7 @@ TCL_INCLUDES	= @TCL_INCLUDES@
 ### /* these are invoked as $(...) foo.et, which works, but could be better */
 COMPILE_ET= $(COMPILE_ET-@COM_ERR_VERSION@)
 COMPILE_ET-sys= compile_et
-COMPILE_ET-k5= $(BUILDTOP)/util/et/compile_et -d $(SRCTOP)/util/et
+COMPILE_ET-k5= $(BUILDTOP)/util/et/compile_et -d $(top_srcdir)/util/et
 
 .SUFFIXES:  .h .c .et .ct
 
@@ -563,7 +562,7 @@ VALGRIND=
 # Need absolute paths here because under kshd or ftpd we may run programs
 # while in other directories.
 VALGRIND_LOGDIR = `cd $(BUILDTOP)&&pwd`
-VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg --trace-children=yes -v --leak-check=yes --suppressions=`cd $(SRCTOP)&&pwd`/util/valgrind-suppressions
+VALGRIND1 = valgrind --tool=memcheck --log-file=$(VALGRIND_LOGDIR)/vg --trace-children=yes -v --leak-check=yes --suppressions=`cd $(top_srcdir)&&pwd`/util/valgrind-suppressions
 
 ##
 ## end of pre.in
diff --git a/src/config/shlib.conf b/src/config/shlib.conf
index 6972ff0..d08b5df 100644
--- a/src/config/shlib.conf
+++ b/src/config/shlib.conf
@@ -411,7 +411,7 @@ mips-*-netbsd*)
 	# Use objdump -x to examine the fields of the library
 	LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT),--no-undefined $(LDFLAGS)'
 	# 
-	LDCOMBINE_TAIL='-Wl,--version-script binutils.versions && $(PERL) -w $(SRCTOP)/util/export-check.pl $(SHLIB_EXPORT_FILE) $@'
+	LDCOMBINE_TAIL='-Wl,--version-script binutils.versions && $(PERL) -w $(top_srcdir)/util/export-check.pl $(SHLIB_EXPORT_FILE) $@'
 	SHLIB_EXPORT_FILE_DEP=binutils.versions
 	# For cases where we do have dependencies on other libraries
 	# built in this tree...
diff --git a/src/config/win-pre.in b/src/config/win-pre.in
index 25dcaa9..52f0e5b 100644
--- a/src/config/win-pre.in
+++ b/src/config/win-pre.in
@@ -86,7 +86,7 @@ S=^\
 C=.^\
 
 srcdir = .
-SRCTOP = $(srcdir)\$(BUILDTOP)
+top_srcdir = $(srcdir)\$(BUILDTOP)
 
 !if defined(KRB5_USE_DNS) || defined(KRB5_USE_DNS_KDC) || defined(KRB5_USE_DNS_REALMS)
 !if defined(KRB5_NO_WSHELPER)
@@ -130,7 +130,7 @@ KFWFLAGS=-DUSE_LEASH=1
 CC=cl
 
 PDB_OPTS=-Fd$(OUTPRE)\ -FD
-CPPFLAGS=-I$(SRCTOP)\include -I$(SRCTOP)\include\krb5 $(DNSFLAGS) -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 -D_CRT_SECURE_NO_DEPRECATE $(KFWFLAGS) $(TIME_T_FLAGS)
+CPPFLAGS=-I$(top_srcdir)\include -I$(top_srcdir)\include\krb5 $(DNSFLAGS) -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 -D_CRT_SECURE_NO_DEPRECATE $(KFWFLAGS) $(TIME_T_FLAGS)
 CCOPTS=-nologo /W3 $(PDB_OPTS) $(DLL_FILE_DEF)
 LOPTS=-nologo -incremental:no
 
diff --git a/src/configure.in b/src/configure.in
index 5dbdf25..6f0ee6d 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -183,7 +183,7 @@ AC_SUBST(EXTRA_SUPPORT_SYMS)
 
 AC_HEADER_STDARG
 DECLARE_SYS_ERRLIST
-AC_CHECK_HEADERS(unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h sched.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h pthread.h semaphore.h krb_db.h kdc.h)
+AC_CHECK_HEADERS(unistd.h paths.h regex.h regexpr.h fcntl.h memory.h ifaddrs.h sys/filio.h byteswap.h machine/endian.h machine/byte_order.h sys/bswap.h endian.h pwd.h arpa/inet.h alloca.h dlfcn.h limits.h pthread.h semaphore.h)
 AC_CHECK_HEADER(regexp.h, [], [],
 [#define INIT char *sp = instring;
 #define GETC() (*sp++)
@@ -1051,8 +1051,6 @@ if test "$ac_cv_lib_socket" = "yes" -a "$ac_cv_lib_nsl" = "yes"; then
 	AC_DEFINE(BROKEN_STREAMS_SOCKETS,1,[Define if socket can't be bound to 0.0.0.0])
 fi
 
-AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
-
 AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
 V5_AC_OUTPUT_MAKEFILE(.
 
@@ -1062,11 +1060,11 @@ V5_AC_OUTPUT_MAKEFILE(.
 
 	lib/crypto lib/crypto/krb lib/crypto/krb/crc32 lib/crypto/$CRYPTO_IMPL/des
 	lib/crypto/krb/dk lib/crypto/$CRYPTO_IMPL/enc_provider
-	lib/crypto/$CRYPTO_IMPL/hash_provider lib/crypto/krb/keyhash_provider
+	lib/crypto/$CRYPTO_IMPL/hash_provider lib/crypto/krb/checksum
 	lib/crypto/krb/prf lib/crypto/krb/rand2key
 	lib/crypto/$CRYPTO_IMPL lib/crypto/$CRYPTO_IMPL/md4 lib/crypto/$CRYPTO_IMPL/md5
 	lib/crypto/krb/old lib/crypto/krb/raw lib/crypto/$CRYPTO_IMPL/sha1
-	lib/crypto/$CRYPTO_IMPL/arcfour lib/crypto/krb/yarrow lib/crypto/$CRYPTO_IMPL/aes
+	lib/crypto/krb/arcfour lib/crypto/krb/yarrow lib/crypto/$CRYPTO_IMPL/aes
 	lib/crypto/crypto_tests
 
 	lib/krb5 lib/krb5/error_tables lib/krb5/asn.1 lib/krb5/ccache
diff --git a/src/gen-manpages/Makefile.in b/src/gen-manpages/Makefile.in
index a005278..728a0d9 100644
--- a/src/gen-manpages/Makefile.in
+++ b/src/gen-manpages/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=gen-manpages
 mydir=gen-manpages
 BUILDTOP=$(REL)..
 all::
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index ec6a3f2..81cd6e1 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=include
 mydir=include
 BUILDTOP=$(REL)..
 KRB5RCTMPDIR= @KRB5_RCTMPDIR@
@@ -34,11 +32,11 @@ all-windows:: autoconf.h $(BUILT_HEADERS) verify-calling-conventions-krb5
 all-unix:: @MAINT@ verify-calling-conventions-krb5
 
 $(srcdir)/autoconf.h.in: @MAINT@ $(srcdir)/autoconf.stmp
-$(srcdir)/autoconf.stmp: $(srcdir)/$(thisconfigdir)/configure.in $(SRCTOP)/aclocal.m4
-	$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
-	cd $(srcdir)/$(thisconfigdir) && $(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS)
+$(srcdir)/autoconf.stmp: $(top_srcdir)/configure.in $(top_srcdir)/aclocal.m4
+	$(RM) -r $(top_srcdir)/autom4te.cache
+	cd $(top_srcdir) && $(AUTOHEADER) --include=$(CONFIG_RELTOPDIR) $(AUTOHEADERFLAGS)
 	touch $(srcdir)/autoconf.stmp
-	$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache
+	$(RM) -r $(top_srcdir)/autom4te.cache
 
 ##DOS##autoconf.h: win-mac.h
 ##DOS##	$(CP) win-mac.h $@
@@ -49,8 +47,8 @@ $(srcdir)/autoconf.stmp: $(srcdir)/$(thisconfigdir)/configure.in $(SRCTOP)/acloc
 ##DOS##!if 0
 # config.status will now update autoconf.stamp itself.
 autoconf.h: autoconf.stamp
-autoconf.stamp: $(srcdir)/autoconf.h.in $(thisconfigdir)/config.status
-	(cd $(thisconfigdir) && $(SHELL) config.status $(mydir)/autoconf.h)
+autoconf.stamp: $(srcdir)/autoconf.h.in $(BUILDTOP)/config.status
+	(cd $(BUILDTOP) && $(SHELL) config.status $(mydir)/autoconf.h)
 
 SYSCONFDIR = @sysconfdir@
 LOCALSTATEDIR = @localstatedir@
@@ -92,7 +90,7 @@ krb5.stamp: $(srcdir)/krb5/krb5.hin $(K5_ET_HEADERS)
 	touch krb5.stamp
 
 verify-calling-conventions-krb5: private-and-public-decls
-	$(PERL) -w $(SRCTOP)/util/def-check.pl private-and-public-decls $(SRCTOP)/lib/krb5_32.def
+	$(PERL) -w $(top_srcdir)/util/def-check.pl private-and-public-decls $(top_srcdir)/lib/krb5_32.def
 
 ##DOS##!if 0
 HEADERS_TO_CHECK = krb5/krb5.h $(srcdir)/k5-int.h $(srcdir)/krb5/preauth_plugin.h
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index dee37de..f1b48c0 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -257,6 +257,7 @@ typedef INT64_TYPE krb5_int64;
 #define KRB5_CONF_V4_INSTANCE_CONVERT         "v4_instance_convert"
 #define KRB5_CONF_V4_REALM                    "v4_realm"
 #define KRB5_CONF_ASTERISK                    "*"
+#define KRB5_CONF_FAST_AVAIL                  "fast_avail"
 
 /* Error codes used in KRB_ERROR protocol messages.
    Return values of library routines are based on a different error table
@@ -647,12 +648,16 @@ struct krb5_enc_provider {
        keylength is the output size */
     size_t block_size, keybytes, keylength;
 
-    /* cipher-state == 0 fresh state thrown away at end */
     krb5_error_code (*encrypt)(krb5_key key, const krb5_data *cipher_state,
-                               const krb5_data *input, krb5_data *output);
+                               krb5_crypto_iov *data, size_t num_data);
 
-    krb5_error_code (*decrypt)(krb5_key key, const krb5_data *ivec,
-                               const krb5_data *input, krb5_data *output);
+    krb5_error_code (*decrypt)(krb5_key key, const krb5_data *cipher_state,
+                               krb5_crypto_iov *data, size_t num_data);
+
+    /* May be NULL if the cipher is not used for a cbc-mac checksum. */
+    krb5_error_code (*cbc_mac)(krb5_key key, const krb5_crypto_iov *data,
+                               size_t num_data, const krb5_data *ivec,
+                               krb5_data *output);
 
     krb5_error_code (*make_key)(const krb5_data *randombits,
                                 krb5_keyblock *key);
@@ -662,65 +667,14 @@ struct krb5_enc_provider {
                                   krb5_data *out_state);
     krb5_error_code (*free_state)(krb5_data *state);
 
-    /* In-place encryption/decryption of multiple buffers */
-    krb5_error_code (*encrypt_iov)(krb5_key key, const krb5_data *cipher_state,
-                                   krb5_crypto_iov *data, size_t num_data);
-
-    krb5_error_code (*decrypt_iov)(krb5_key key, const krb5_data *cipher_state,
-                                   krb5_crypto_iov *data, size_t num_data);
-
 };
 
 struct krb5_hash_provider {
     char hash_name[8];
     size_t hashsize, blocksize;
 
-    /* this takes multiple inputs to avoid lots of copying. */
-    krb5_error_code (*hash)(unsigned int icount, const krb5_data *input,
-                            krb5_data *output);
-};
-
-struct krb5_keyhash_provider {
-    size_t hashsize;
-
-    krb5_error_code (*hash)(krb5_key key, krb5_keyusage keyusage,
-                            const krb5_data *ivec, const krb5_data *input,
+    krb5_error_code (*hash)(const krb5_crypto_iov *data, size_t num_data,
                             krb5_data *output);
-
-    krb5_error_code (*verify)(krb5_key key, krb5_keyusage keyusage,
-                              const krb5_data *ivec, const krb5_data *input,
-                              const krb5_data *hash, krb5_boolean *valid);
-
-    krb5_error_code (*hash_iov)(krb5_key key, krb5_keyusage keyusage,
-                                const krb5_data *ivec,
-                                const krb5_crypto_iov *data, size_t num_data,
-                                krb5_data *output);
-
-    krb5_error_code (*verify_iov)(krb5_key key, krb5_keyusage keyusage,
-                                  const krb5_data *ivec,
-                                  const krb5_crypto_iov *data,
-                                  size_t num_data, const krb5_data *hash,
-                                  krb5_boolean *valid);
-};
-
-struct krb5_aead_provider {
-    krb5_error_code (*crypto_length)(const struct krb5_aead_provider *aead,
-                                     const struct krb5_enc_provider *enc,
-                                     const struct krb5_hash_provider *hash,
-                                     krb5_cryptotype type,
-                                     unsigned int *length);
-    krb5_error_code (*encrypt_iov)(const struct krb5_aead_provider *aead,
-                                   const struct krb5_enc_provider *enc,
-                                   const struct krb5_hash_provider *hash,
-                                   krb5_key key, krb5_keyusage keyusage,
-                                   const krb5_data *ivec,
-                                   krb5_crypto_iov *data, size_t num_data);
-    krb5_error_code (*decrypt_iov)(const struct krb5_aead_provider *aead,
-                                   const struct krb5_enc_provider *enc,
-                                   const struct krb5_hash_provider *hash,
-                                   krb5_key key, krb5_keyusage keyusage,
-                                   const krb5_data *ivec,
-                                   krb5_crypto_iov *data, size_t num_data);
 };
 
 /*
@@ -731,40 +685,66 @@ void krb5int_nfold(unsigned int inbits, const unsigned char *in,
                    unsigned int outbits, unsigned char *out);
 
 krb5_error_code krb5int_hmac(const struct krb5_hash_provider *hash,
-                             krb5_key key, unsigned int icount,
-                             const krb5_data *input, krb5_data *output);
-
-krb5_error_code krb5int_hmac_iov(const struct krb5_hash_provider *hash,
-                                 krb5_key key, const krb5_crypto_iov *data,
-                                 size_t num_data, krb5_data *output);
+                             krb5_key key, const krb5_crypto_iov *data,
+                             size_t num_data, krb5_data *output);
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-                      const krb5_keyblock *key, unsigned int icount,
-                      const krb5_data *input, krb5_data *output);
-
-krb5_error_code
-krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
-                          const krb5_keyblock *key,
-                          const krb5_crypto_iov *data, size_t num_data,
-                          krb5_data *output);
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output);
 
 krb5_error_code krb5int_pbkdf2_hmac_sha1(const krb5_data *, unsigned long,
                                          const krb5_data *, const krb5_data *);
 
-/* Make this a function eventually?  */
+/* These crypto functions are used by GSSAPI via the accessor. */
+
+krb5_error_code
+krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
+                         const krb5_data *kd_data, krb5_crypto_iov *data,
+                         size_t num_data);
+
+/*
+ * Attempt to zero memory in a way that compilers won't optimize out.
+ *
+ * This mechanism should work even for heap storage about to be freed,
+ * or automatic storage right before we return from a function.
+ *
+ * Then, even if we leak uninitialized memory someplace, or UNIX
+ * "core" files get created with world-read access, some of the most
+ * sensitive data in the process memory will already be safely wiped.
+ *
+ * We're not going so far -- yet -- as to try to protect key data that
+ * may have been written into swap space....
+ */
 #ifdef _WIN32
-# define krb5int_zap_data(ptr, len) SecureZeroMemory(ptr, len)
+# define zap(ptr, len) SecureZeroMemory(ptr, len)
 #elif defined(__GNUC__)
-static inline void krb5int_zap_data(void *ptr, size_t len)
+static inline void zap(void *ptr, size_t len)
 {
     memset(ptr, 0, len);
+    /*
+     * Some versions of gcc have gotten clever enough to eliminate a
+     * memset call right before the block in question is released.
+     * This (empty) asm requires it to assume that we're doing
+     * something interesting with the stored (zero) value, so the
+     * memset can't be eliminated.
+     *
+     * An optimizer that looks at assembly or object code may not be
+     * fooled, and may still cause the memset to go away.  Address
+     * that problem if and when we encounter it.
+     *
+     * This also may not be enough if free() does something
+     * interesting like purge memory locations from a write-back cache
+     * that hasn't written back the zero bytes yet.  A memory barrier
+     * instruction would help in that case.
+     */
     asm volatile ("" : : "g" (ptr), "g" (len));
 }
 #else
-# define krb5int_zap_data(ptr, len) memset((volatile void *)ptr, 0, len)
-#endif /* WIN32 */
-#define zap(p,l) krb5int_zap_data(p,l)
+/* Use a function from libkrb5support to defeat inlining. */
+# define zap(ptr, len) krb5int_zap(ptr, len)
+#endif
 
 /* Convenience function: zap and free ptr if it is non-NULL. */
 static inline void
@@ -815,15 +795,6 @@ krb5_error_code krb5int_c_copy_keyblock_contents(krb5_context context,
 extern void krb5int_prng_cleanup(void);
 
 
-/*
- * These declarations are here, so both krb5 and k5crypto
- * can get to them.
- * krb5 needs to get to them so it can  make them available to libgssapi.
- */
-extern const struct krb5_enc_provider krb5int_enc_arcfour;
-extern const struct krb5_hash_provider krb5int_hash_md5;
-
-
 #ifdef KRB5_OLD_CRYPTO
 /* old provider api */
 
@@ -1159,6 +1130,8 @@ typedef struct _krb5_gic_opt_private {
     int num_preauth_data;
     krb5_gic_opt_pa_data *preauth_data;
     char * fast_ccache_name;
+    krb5_ccache out_ccache;
+    krb5_flags fast_flags;
 } krb5_gic_opt_private;
 
 /*
@@ -1214,15 +1187,15 @@ typedef krb5_error_code
                            krb5_keyblock *as_key, void *gak_data);
 
 krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context, krb5_creds *creds,
-                    krb5_principal client, krb5_prompter_fct prompter,
-                    void *prompter_data, krb5_deltat start_time,
-                    char *in_tkt_service, krb5_gic_opt_ext *gic_options,
-                    krb5_gic_get_as_key_fct gak, void *gak_data,
-                    int *master, krb5_kdc_rep **as_reply);
+krb5int_get_init_creds(krb5_context context, krb5_creds *creds,
+                       krb5_principal client, krb5_prompter_fct prompter,
+                       void *prompter_data, krb5_deltat start_time,
+                       char *in_tkt_service, krb5_get_init_creds_opt *options,
+                       krb5_gic_get_as_key_fct gak, void *gak_data,
+                       int *master, krb5_kdc_rep **as_reply);
 
 krb5_error_code
-krb5int_populate_gic_opt (krb5_context, krb5_gic_opt_ext **,
+krb5int_populate_gic_opt (krb5_context, krb5_get_init_creds_opt **,
                           krb5_flags options, krb5_address *const *addrs,
                           krb5_enctype *ktypes,
                           krb5_preauthtype *pre_auth_types, krb5_creds *creds);
@@ -1653,6 +1626,8 @@ encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_data **code);
 
 krb5_error_code
 encode_krb5_cred(const krb5_cred *rep, krb5_data **code);
+krb5_error_code
+encode_krb5_checksum(const krb5_checksum *, krb5_data **);
 
 krb5_error_code
 encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_data **code);
@@ -1881,6 +1856,8 @@ decode_krb5_priv(const krb5_data *output, krb5_priv **rep);
 
 krb5_error_code
 decode_krb5_enc_priv_part(const krb5_data *output, krb5_priv_enc_part **rep);
+krb5_error_code
+decode_krb5_checksum(const krb5_data *, krb5_checksum **);
 
 krb5_error_code
 decode_krb5_cred(const krb5_data *output, krb5_cred **rep);
@@ -2164,19 +2141,19 @@ void krb5int_free_srv_dns_data(struct srv_dns_entry *);
 /* To keep happy libraries which are (for now) accessing internal stuff */
 
 /* Make sure to increment by one when changing the struct */
-#define KRB5INT_ACCESS_STRUCT_VERSION 15
+#define KRB5INT_ACCESS_STRUCT_VERSION 16
 
 #ifndef ANAME_SZ
 struct ktext;                   /* from krb.h, for krb524 support */
 #endif
 typedef struct _krb5int_access {
     /* crypto stuff */
-    const struct krb5_hash_provider *md5_hash_provider;
-    const struct krb5_enc_provider *arcfour_enc_provider;
-    krb5_error_code (*hmac)(const struct krb5_hash_provider *hash,
-                            const krb5_keyblock *key,
-                            unsigned int icount, const krb5_data *input,
-                            krb5_data *output);
+    krb5_error_code (*arcfour_gsscrypt)(const krb5_keyblock *keyblock,
+                                        krb5_keyusage usage,
+                                        const krb5_data *kd_data,
+                                        krb5_crypto_iov *data,
+                                        size_t num_data);
+
     krb5_error_code (*auth_con_get_subkey_enctype)(krb5_context,
                                                    krb5_auth_context,
                                                    krb5_enctype *);
@@ -2549,11 +2526,12 @@ krb5_error_code KRB5_CALLCONV
 krb5int_clean_hostname(krb5_context, const char *, char *, size_t);
 
 krb5_error_code
-krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-                    const krb5_data *input, krb5_data *output);
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data);
+
 krb5_error_code
-krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-                    const krb5_data *input, krb5_data *output);
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data);
 
 struct _krb5_kt {       /* should move into k5-int.h */
     krb5_magic magic;
@@ -2809,6 +2787,20 @@ string2data(char *str)
     return make_data(str, strlen(str));
 }
 
+static inline krb5_error_code
+alloc_data(krb5_data *data, unsigned int len)
+{
+    /* Allocate at least one byte since zero-byte allocs may return NULL. */
+    char *ptr = (char *) calloc((len > 0) ? len : 1, 1);
+
+    if (ptr == NULL)
+        return ENOMEM;
+    data->magic = KV5M_DATA;
+    data->data = ptr;
+    data->length = len;
+    return 0;
+}
+
 static inline int
 data_eq_string (krb5_data d, char *s)
 {
@@ -2825,11 +2817,12 @@ authdata_eq(krb5_authdata a1, krb5_authdata a2)
 
 /* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */
 static inline void *
-k5alloc(size_t size, krb5_error_code *code)
+k5alloc(size_t len, krb5_error_code *code)
 {
     void *ptr;
 
-    ptr = calloc(size, 1);
+    /* Allocate at least one byte since zero-byte allocs may return NULL. */
+    ptr = calloc((len > 0) ? len : 1, 1);
     *code = (ptr == NULL) ? ENOMEM : 0;
     return ptr;
 }
diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
index 7c1c57d..fd3ceec 100644
--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
@@ -713,25 +713,43 @@ load_64_le (const void *cvp)
 #endif
 }
 
-static inline unsigned short
-load_16_n (const void *p)
-{
 #ifdef _WIN32
-    unsigned __int16 n;
+#define UINT16_TYPE unsigned __int16
+#define UINT32_TYPE unsigned __int32
 #else
-    uint16_t n;
+#define UINT16_TYPE uint16_t
+#define UINT32_TYPE uint32_t
 #endif
+
+static inline void
+store_16_n (unsigned int val, void *vp)
+{
+    UINT16_TYPE n = val;
+    memcpy(vp, &n, 2);
+}
+static inline void
+store_32_n (unsigned int val, void *vp)
+{
+    UINT32_TYPE n = val;
+    memcpy(vp, &n, 4);
+}
+static inline void
+store_64_n (UINT64_TYPE val, void *vp)
+{
+    UINT64_TYPE n = val;
+    memcpy(vp, &n, 8);
+}
+static inline unsigned short
+load_16_n (const void *p)
+{
+    UINT16_TYPE n;
     memcpy(&n, p, 2);
     return n;
 }
 static inline unsigned int
 load_32_n (const void *p)
 {
-#ifdef _WIN32
-    unsigned __int32 n;
-#else
-    uint32_t n;
-#endif
+    UINT32_TYPE n;
     memcpy(&n, p, 4);
     return n;
 }
@@ -742,6 +760,8 @@ load_64_n (const void *p)
     memcpy(&n, p, 8);
     return n;
 }
+#undef UINT16_TYPE
+#undef UINT32_TYPE
 
 /* Assume for simplicity that these swaps are identical.  */
 static inline UINT64_TYPE
@@ -976,6 +996,8 @@ extern int krb5int_mkstemp(char *);
 #define mkstemp krb5int_mkstemp
 #endif
 
+extern void krb5int_zap(void *ptr, size_t len);
+
 /* Fudge for future adoption of gettext or the like.  */
 #ifndef _
 #define _(X) (X)
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index 3b86b23..7f7b56d 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -636,8 +636,8 @@ krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
 #define KRB5_KEYUSAGE_FAST_FINISHED 53
 #define KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT 54
 #define KRB5_KEYUSAGE_ENC_CHALLENGE_KDC 55
+#define KRB5_KEYUSAGE_AS_REQ 56
 
-#define KRB5_KEYUSAGE_FAST_REP 52
 krb5_boolean KRB5_CALLCONV krb5_c_valid_enctype(krb5_enctype ktype);
 krb5_boolean KRB5_CALLCONV krb5_c_valid_cksumtype(krb5_cksumtype ctype);
 krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype);
@@ -744,6 +744,9 @@ krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype,
                            const krb5_crypto_iov *data, size_t num_data,
                            krb5_boolean *valid);
 
+krb5_error_code KRB5_CALLCONV
+krb5_k_prf(krb5_context context, krb5_key key, krb5_data *in, krb5_data *out);
+
 #ifdef KRB5_OLD_CRYPTO
 /*
  * old cryptosystem routine prototypes.  These are now layered
@@ -927,7 +930,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 #define TKT_FLG_TRANSIT_POLICY_CHECKED  0x00080000
 #define TKT_FLG_OK_AS_DELEGATE          0x00040000
 #define TKT_FLG_ANONYMOUS               0x00020000
-/* #define      TKT_FLG_RESERVED        0x00010000 */
+#define TKT_FLG_ENC_PA_REP              0x00010000
 /* #define      TKT_FLG_RESERVED        0x00008000 */
 /* #define      TKT_FLG_RESERVED        0x00004000 */
 /* #define      TKT_FLG_RESERVED        0x00002000 */
@@ -1030,6 +1033,7 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 #define KRB5_PADATA_FX_FAST  136
 #define KRB5_PADATA_FX_ERROR 137
 #define KRB5_PADATA_ENCRYPTED_CHALLENGE 138
+#define KRB5_ENCPADATA_REQ_ENC_PA_REP 149
 
 #define KRB5_SAM_USE_SAD_AS_KEY         0x80000000
 #define KRB5_SAM_SEND_ENCRYPTED_SAD     0x40000000
@@ -1832,6 +1836,20 @@ krb5_cc_default(krb5_context, krb5_ccache *);
 krb5_error_code KRB5_CALLCONV
 krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc);
 
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config(krb5_context, krb5_ccache,
+                   krb5_const_principal,
+                   const char *, krb5_data *);
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config(krb5_context, krb5_ccache,
+                   krb5_const_principal,
+                   const char *, krb5_data *);
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal(krb5_context,
+                         krb5_const_principal);
+
 /* krb5_free.c */
 void KRB5_CALLCONV krb5_free_principal(krb5_context, krb5_principal );
 void KRB5_CALLCONV krb5_free_authenticator(krb5_context,
@@ -2011,12 +2029,21 @@ krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getkey(krb5_context, krb5_auth_context, krb5_keyblock **);
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey_k(krb5_context, krb5_auth_context, krb5_key *);
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock **);
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey_k(krb5_context, krb5_auth_context, krb5_key *);
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getrecvsubkey(krb5_context, krb5_auth_context, krb5_keyblock **);
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey_k(krb5_context, krb5_auth_context, krb5_key *);
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_setsendsubkey(krb5_context, krb5_auth_context, krb5_keyblock *);
 
 krb5_error_code KRB5_CALLCONV
@@ -2243,17 +2270,47 @@ krb5_get_init_creds_opt_set_pa(krb5_context context,
                                krb5_get_init_creds_opt *opt, const char *attr,
                                const char *value);
 
+/**
+ * This API sets a ccache name that will contain some TGT on calls to
+ * t_init_creds functions.  If set, this ccache will be used for FAST
+ * (draft-ietf-krb-wg-preauth-framework) to protect the AS-REQ from observation
+ * and active attack.  If the fast_ccache_name is set, then FAST may be
+ * required by the client library.  In this and future versions, FAST will be
+ * used if available; krb5_get_init_creds_opt_set_fast_flags() may be used to
+ * require that the request fail is FAST is unavailable.  In MIT Kerberos 1.7
+ * setting the fast ccache at all required that FAST be present or the request
+ * would fail.
+ */
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context,
                                              krb5_get_init_creds_opt *opt,
                                              const char *fast_ccache_name);
 
-/*   This API sets a ccache name that will contain some TGT on
-     calls to get_init_creds functions.   If set, this ccache will
-     be used for FAST (draft-ietf-krb-wg-preauth-framework) to
-     protect the AS-REQ from observation and active attack.  If
-     the fast_ccache_name is set, then FAST may be required by the
-     client library.  In this version FAST is required.*/
+/**
+ * Set a ccache where resulting credentials will be stored.  If set, then the
+ * krb5_get_init_creds family of APIs will write out credentials to the given
+ * ccache.  Setting an output ccache is desirable both because it simplifies
+ * calling code and because it permits the krb5_get_init_creds APIs to write
+ * out configuration information about the realm to the ccache.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_ccache ccache);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags flags);
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags *out_flags);
+
+/* Fast flags*/
+#define KRB5_FAST_REQUIRED 1l<<0 /*!< Require KDC to support FAST*/
+
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_password(krb5_context context, krb5_creds *creds,
                              krb5_principal client, char *password,
@@ -2261,6 +2318,54 @@ krb5_get_init_creds_password(krb5_context context, krb5_creds *creds,
                              krb5_deltat start_time, char *in_tkt_service,
                              krb5_get_init_creds_opt *k5_gic_options);
 
+struct _krb5_init_creds_context;
+typedef struct _krb5_init_creds_context *krb5_init_creds_context;
+
+void KRB5_CALLCONV
+krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_creds *creds);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_error **error);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_init(krb5_context context, krb5_principal client,
+                     krb5_prompter_fct prompter, void *data,
+                     krb5_deltat start_time, krb5_get_init_creds_opt *options,
+                     krb5_init_creds_context *ctx);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_keyblock(krb5_context context, krb5_init_creds_context ctx,
+                             krb5_keyblock *keyblock);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx,
+                           krb5_keytab keytab);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx,
+                     krb5_data *in, krb5_data *out, krb5_data *realm,
+                     unsigned int *flags);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx,
+                             const char *password);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx,
+                            const char *service);
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx,
+                          krb5_ticket_times *times);
+
 krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds,
                            krb5_principal client, krb5_keytab arg_keytab,
diff --git a/src/kadmin/Makefile.in b/src/kadmin/Makefile.in
index f47be72..e39ead2 100644
--- a/src/kadmin/Makefile.in
+++ b/src/kadmin/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=kadmin
 mydir=kadmin
 BUILDTOP=$(REL)..
 SUBDIRS = cli dbutil ktutil server testing
diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in
index 25f1e73..b5f5428 100644
--- a/src/kadmin/cli/Makefile.in
+++ b/src/kadmin/cli/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=kadmin/cli
 mydir=kadmin/cli
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/kadmin/cli/deps b/src/kadmin/cli/deps
index 795b669..34d5358 100644
--- a/src/kadmin/cli/deps
+++ b/src/kadmin/cli/deps
@@ -5,57 +5,57 @@ $(OUTPRE)kadmin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h kadmin.c kadmin.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h kadmin.c kadmin.h
 $(OUTPRE)kadmin_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \
   kadmin_ct.c
 $(OUTPRE)ss_wrapper.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
-  $(SS_DEPS) kadmin.h ss_wrapper.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/krb5.h kadmin.h ss_wrapper.c
 $(OUTPRE)getdate.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   getdate.c
 $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kadmin.h keytab.c
 $(OUTPRE)keytab_local.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kadmin.h keytab.c keytab_local.c
diff --git a/src/kadmin/dbutil/Makefile.in b/src/kadmin/dbutil/Makefile.in
index d6eac78..829f85a 100644
--- a/src/kadmin/dbutil/Makefile.in
+++ b/src/kadmin/dbutil/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=kadmin/dbutil
 mydir=kadmin/dbutil
 BUILDTOP=$(REL)..$(S)..
 DEFS=
diff --git a/src/kadmin/dbutil/deps b/src/kadmin/dbutil/deps
index 737cd8b..eeb2c91 100644
--- a/src/kadmin/dbutil/deps
+++ b/src/kadmin/dbutil/deps
@@ -6,62 +6,63 @@ $(OUTPRE)kdb5_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kdb5_util.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_util.c kdb5_util.h
 $(OUTPRE)kdb5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kdb5_create.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_create.c \
+  kdb5_util.h
 $(OUTPRE)kadm5_create.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kadm5_create.c kdb5_util.h string_table.h
 $(OUTPRE)string_table.$(OBJEXT): string_table.c
 $(OUTPRE)kdb5_destroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
@@ -69,41 +70,42 @@ $(OUTPRE)kdb5_destroy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kdb5_destroy.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_destroy.c \
+  kdb5_util.h
 $(OUTPRE)kdb5_stash.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kdb5_stash.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_stash.c kdb5_util.h
 $(OUTPRE)import_err.$(OBJEXT): $(COM_ERR_DEPS) import_err.c
 $(OUTPRE)strtok.$(OBJEXT): nstrtok.h strtok.c
 $(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
@@ -112,60 +114,61 @@ $(OUTPRE)dump.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  dump.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dump.c kdb5_util.h
 $(OUTPRE)ovload.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  import_err.h kdb5_util.h nstrtok.h ovload.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h import_err.h kdb5_util.h \
+  nstrtok.h ovload.c
 $(OUTPRE)kdb5_mkey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kdb5_mkey.c kdb5_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_mkey.c kdb5_util.h
diff --git a/src/kadmin/kdbkeys/Makefile.in b/src/kadmin/kdbkeys/Makefile.in
index 741a9a7..c12c917 100644
--- a/src/kadmin/kdbkeys/Makefile.in
+++ b/src/kadmin/kdbkeys/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=.
-myfulldir=kadmin/kdbkeys
 mydir=.
 BUILDTOP=$(REL)..$(S)..
 
diff --git a/src/kadmin/ktutil/Makefile.in b/src/kadmin/ktutil/Makefile.in
index c9b7d48..607e58a 100644
--- a/src/kadmin/ktutil/Makefile.in
+++ b/src/kadmin/ktutil/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=kadmin/ktutil
 mydir=kadmin/ktutil
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/kadmin/ktutil/deps b/src/kadmin/ktutil/deps
index b6898a2..3923d04 100644
--- a/src/kadmin/ktutil/deps
+++ b/src/kadmin/ktutil/deps
@@ -3,24 +3,24 @@
 #
 $(OUTPRE)ktutil.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SS_DEPS) ktutil.c ktutil.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktutil.c ktutil.h
 $(OUTPRE)ktutil_ct.$(OBJEXT): $(COM_ERR_DEPS) $(SS_DEPS) \
   ktutil_ct.c
 $(OUTPRE)ktutil_funcs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ktutil.h ktutil_funcs.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktutil.h ktutil_funcs.c
diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
index 67f6ba8..ec30c77 100644
--- a/src/kadmin/server/Makefile.in
+++ b/src/kadmin/server/Makefile.in
@@ -1,13 +1,11 @@
-thisconfigdir=../..
-myfulldir=kadmin/server
 mydir=kadmin/server
 BUILDTOP=$(REL)..$(S)..
 KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
 DEFS=
 
-LOCALINCLUDES = -I$(SRCTOP)/lib/gssapi/generic -I$(SRCTOP)/lib/gssapi/krb5 \
-	-I$(BUILDTOP)/lib/gssapi/generic -I$(BUILDTOP)/lib/gssapi/krb5 \
-	-I$(SRCTOP)/lib/kadm5/srv
+LOCALINCLUDES = -I$(top_srcdir)/lib/gssapi/generic \
+	-I$(top_srcdir)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic \
+	-I$(BUILDTOP)/lib/gssapi/krb5 -I$(top_srcdir)/lib/kadm5/srv
 
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
diff --git a/src/kadmin/server/deps b/src/kadmin/server/deps
index 3fd0fe6..e306438 100644
--- a/src/kadmin/server/deps
+++ b/src/kadmin/server/deps
@@ -7,14 +7,14 @@ $(OUTPRE)kadm_rpc_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h kadm_rpc_svc.c \
-  misc.h
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  kadm_rpc_svc.c misc.h
 $(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -22,13 +22,13 @@ $(OUTPRE)server_stubs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_acl.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h misc.h server_stubs.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h misc.h server_stubs.c
 $(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
@@ -38,42 +38,43 @@ $(OUTPRE)ovsec_kadmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
   $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_kt.h \
-  $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/gssapi/generic/gssapiP_generic.h \
-  $(SRCTOP)/lib/gssapi/generic/gssapi_ext.h $(SRCTOP)/lib/gssapi/generic/gssapi_generic.h \
-  $(SRCTOP)/lib/gssapi/krb5/gssapiP_krb5.h misc.h ovsec_kadmd.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_kt.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/gssapi/generic/gssapiP_generic.h \
+  $(top_srcdir)/lib/gssapi/generic/gssapi_ext.h $(top_srcdir)/lib/gssapi/generic/gssapi_generic.h \
+  $(top_srcdir)/lib/gssapi/krb5/gssapiP_krb5.h misc.h \
+  ovsec_kadmd.c
 $(OUTPRE)schpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   misc.h schpw.c
 $(OUTPRE)misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -81,19 +82,19 @@ $(OUTPRE)misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_acl.h $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   misc.c misc.h
 $(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
@@ -102,35 +103,36 @@ $(OUTPRE)ipropd_svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_log.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/lib/kadm5/srv/server_acl.h ipropd_svc.c misc.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/lib/kadm5/srv/server_acl.h ipropd_svc.c \
+  misc.h
 $(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  misc.h network.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/cm.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/foreachaddr.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h misc.h network.c
diff --git a/src/kadmin/server/network.c b/src/kadmin/server/network.c
index 0b8880e..c8ce4f1 100644
--- a/src/kadmin/server/network.c
+++ b/src/kadmin/server/network.c
@@ -1146,10 +1146,24 @@ static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
     }
 }
 
+/*
+ * This holds whatever additional information might be needed to
+ * properly send back to the client from the correct local address.
+ *
+ * In this case, we only need one datum so far: On Mac OS X, the
+ * kernel doesn't seem to like sending from link-local addresses
+ * unless we specify the correct interface.
+ */
+
+union aux_addressing_info {
+    int ipv6_ifindex;
+};
+
 static int
 recv_from_to(int s, void *buf, size_t len, int flags,
              struct sockaddr *from, socklen_t *fromlen,
-             struct sockaddr *to, socklen_t *tolen)
+             struct sockaddr *to, socklen_t *tolen,
+             union aux_addressing_info *auxaddr)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     if (to && tolen) {
@@ -1219,6 +1233,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
                 ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
                 ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
                 *tolen = sizeof(struct sockaddr_in6);
+                auxaddr->ipv6_ifindex = pktinfo->ipi6_ifindex;
                 return r;
             }
 #endif
@@ -1234,7 +1249,8 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 static int
 send_to_from(int s, void *buf, size_t len, int flags,
              const struct sockaddr *to, socklen_t tolen,
-             const struct sockaddr *from, socklen_t fromlen)
+             const struct sockaddr *from, socklen_t fromlen,
+             union aux_addressing_info *auxaddr)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     return sendto(s, buf, len, flags, to, tolen);
@@ -1294,6 +1310,17 @@ send_to_from(int s, void *buf, size_t len, int flags,
             struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
             const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
             p->ipi6_addr = from6->sin6_addr;
+            /*
+             * Because of the possibility of asymmetric routing, we
+             * normally don't want to specify an interface.  However,
+             * Mac OS X doesn't like sending from a link-local address
+             * (which can come up in testing at least, if you wind up
+             * with a "foo.local" name) unless we do specify the
+             * interface.
+             */
+            if (IN6_IS_ADDR_LINKLOCAL(&from6->sin6_addr))
+                p->ipi6_ifindex = auxaddr->ipv6_ifindex;
+            /* otherwise, already zero */
         }
         msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
         break;
@@ -1376,14 +1403,17 @@ static void process_packet(void *handle,
     krb5_data *response;
     char pktbuf[MAX_DGRAM_SIZE];
     int port_fd = conn->fd;
+    union aux_addressing_info auxaddr;
     kadm5_server_handle_t server_handle = (kadm5_server_handle_t)handle;
 
     response = NULL;
     saddr_len = sizeof(saddr);
     daddr_len = sizeof(daddr);
+    memset(&auxaddr, 0, sizeof(auxaddr));
     cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0,
                       (struct sockaddr *)&saddr, &saddr_len,
-                      (struct sockaddr *)&daddr, &daddr_len);
+                      (struct sockaddr *)&daddr, &daddr_len,
+                      &auxaddr);
     if (cc == -1) {
         if (errno != EINTR
             /* This is how Linux indicates that a previous
@@ -1431,16 +1461,30 @@ static void process_packet(void *handle,
         return;
     cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0,
                       (struct sockaddr *)&saddr, saddr_len,
-                      (struct sockaddr *)&daddr, daddr_len);
+                      (struct sockaddr *)&daddr, daddr_len,
+                      &auxaddr);
     if (cc == -1) {
-        char addrbuf[46];
+        /*
+         * Note that the local address (daddr*) has no port number
+         * info associated with it.
+         */
+        char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV];
+        char daddrbuf[NI_MAXHOST];
+        int e = errno;
         krb5_free_data(server_handle->context, response);
-        if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
-                      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
-            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        if (getnameinfo((struct sockaddr *)&daddr, daddr_len,
+                        daddrbuf, sizeof(daddrbuf), 0, 0,
+                        NI_NUMERICHOST) != 0) {
+            strlcpy(daddrbuf, "?", sizeof(daddrbuf));
+        }
+        if (getnameinfo((struct sockaddr *)&saddr, saddr_len,
+                        saddrbuf, sizeof(saddrbuf), sportbuf, sizeof(sportbuf),
+                        NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+            strlcpy(saddrbuf, "?", sizeof(saddrbuf));
+            strlcpy(sportbuf, "?", sizeof(sportbuf));
         }
-        com_err(prog, errno, "while sending reply to %s/%d",
-                addrbuf, faddr.port);
+        com_err(prog, e, "while sending reply to %s/%s from %s",
+                saddrbuf, sportbuf, daddrbuf);
         return;
     }
     if (cc != response->length) {
diff --git a/src/kadmin/testing/Makefile.in b/src/kadmin/testing/Makefile.in
index 5b45995..1f154ec 100644
--- a/src/kadmin/testing/Makefile.in
+++ b/src/kadmin/testing/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=kadmin/testing
 mydir=kadmin/testing
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS = scripts util
diff --git a/src/kadmin/testing/scripts/Makefile.in b/src/kadmin/testing/scripts/Makefile.in
index 5622fc5..36ae3b4 100644
--- a/src/kadmin/testing/scripts/Makefile.in
+++ b/src/kadmin/testing/scripts/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=kadmin/testing/scripts
 mydir=kadmin/testing/scripts
 BUILDTOP=$(REL)..$(S)..$(S)..
 PERL_PATH=@PERL_PATH@
@@ -14,9 +12,9 @@ all:: env-setup.sh $(GEN_SCRIPTS)
 # Should only rebuild env_setup.sh here (use CONFIG_FILES=), but the weird krb5
 # makefile post-processing is unconditional and would trash the makefile.
 env-setup.sh: env-setup.stamp
-env-setup.stamp: $(srcdir)/env-setup.shin $(thisconfigdir)/config.status \
+env-setup.stamp: $(srcdir)/env-setup.shin $(BUILDTOP)/config.status \
 		Makefile 
-	cd $(thisconfigdir) && \
+	cd $(BUILDTOP) && \
 		CONFIG_FILES=$(mydir)/env-setup.sh:$(mydir)/env-setup.shin $(SHELL) \
 		config.status
 	chmod +x env-setup.sh
diff --git a/src/kadmin/testing/scripts/make-host-keytab.plin b/src/kadmin/testing/scripts/make-host-keytab.plin
index cf62ae7..dfe0b3a 100755
--- a/src/kadmin/testing/scripts/make-host-keytab.plin
+++ b/src/kadmin/testing/scripts/make-host-keytab.plin
@@ -54,8 +54,8 @@ chop ($canonhost = `hostname`);
 
 ($canonhost,$aliases,$addrtype,$length,@addrs) = gethostbyname($canonhost);
 die "couldn't get canonical hostname\n" if !($canonhost && @addrs);
-($canonhost) = gethostbyaddr($addrs[0],$addrtype);
-die "couldn't get canonical hostname\n" if (!$canonhost);
+($canonhost2) = gethostbyaddr($addrs[0],$addrtype);
+if ($canonhost2) { $canonhost = $canonhost2; }
 
 for (@princs) {
     s/xCANONHOSTx/$canonhost/g;
diff --git a/src/kadmin/testing/scripts/qualname.plin b/src/kadmin/testing/scripts/qualname.plin
index 883b7df..b712d89 100755
--- a/src/kadmin/testing/scripts/qualname.plin
+++ b/src/kadmin/testing/scripts/qualname.plin
@@ -6,13 +6,12 @@ if ($#ARGV == -1) {
     $hostname = $ARGV[0];
 }
 
-if (! (($type,$addr) = (gethostbyname($hostname))[2,4])) {
+if (! (($name,$type,$addr) = (gethostbyname($hostname))[0,2,4])) {
     print STDERR "No such host: $hostname\n";
     exit(1);
 }
 if (! ($qualname = (gethostbyaddr($addr,$type))[0])) {
-    print STDERR "No address information for host $hostname\n";
-    exit(1);
+    $qualname = $name;
 }
 
 $qualname =~ tr/A-Z/a-z/;	# lowercase our name for keytab use.
diff --git a/src/kadmin/testing/util/Makefile.in b/src/kadmin/testing/util/Makefile.in
index b1b61d9..3993c90 100644
--- a/src/kadmin/testing/util/Makefile.in
+++ b/src/kadmin/testing/util/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=kadmin/testing/util
 mydir=kadmin/testing/util
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = $(TCL_INCLUDES) -I$(BUILDTOP)/lib/kdb/
diff --git a/src/kadmin/testing/util/deps b/src/kadmin/testing/util/deps
index d449162..9b68301 100644
--- a/src/kadmin/testing/util/deps
+++ b/src/kadmin/testing/util/deps
@@ -5,12 +5,12 @@ $(OUTPRE)tcl_kadm5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h tcl_kadm5.c tcl_kadm5.h
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h tcl_kadm5.c tcl_kadm5.h
 $(OUTPRE)test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   tcl_kadm5.h test.c
diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in
index d6371de..5c0343d 100644
--- a/src/kdc/Makefile.in
+++ b/src/kdc/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=kdc
 mydir=kdc
 BUILDTOP=$(REL)..
 # -DUSE_RCACHE - enable replay cache for KDC
@@ -69,7 +67,7 @@ rtest: $(RT_OBJS) $(KDB5_DEPLIBS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
 	$(CC_LINK) -o rtest $(RT_OBJS) $(KDB5_LIBS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
 
 check-unix:: rtest
-	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\
+	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ; \
 	$(RUN_SETUP) $(VALGRIND) $(srcdir)/rtscript > test.out
 	cmp test.out $(srcdir)/rtest.good
 	$(RM) test.out
diff --git a/src/kdc/deps b/src/kdc/deps
index 1449680..bfda83d 100644
--- a/src/kdc/deps
+++ b/src/kdc/deps
@@ -4,149 +4,150 @@
 $(OUTPRE)kdc5_err.$(OBJEXT): $(COM_ERR_DEPS) kdc5_err.c
 $(OUTPRE)dispatch.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   dispatch.c extern.h kdc_util.h
 $(OUTPRE)do_as_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \
-  $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h do_as_req.c extern.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm.h \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h do_as_req.c extern.h \
   kdc_util.h policy.h
 $(OUTPRE)do_tgs_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   do_tgs_req.c extern.h kdc_util.h policy.h
 $(OUTPRE)fast_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h extern.h fast_util.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h fast_util.c \
   kdc_util.h
 $(OUTPRE)kdc_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \
-  $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h extern.h kdc_util.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm.h \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.c \
   kdc_util.h
 $(OUTPRE)kdc_preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  extern.h kdc_preauth.c kdc_util.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_preauth.c \
+  kdc_util.h
 $(OUTPRE)main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm.h \
-  $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_kt.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm.h \
+  $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/kdb_kt.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   extern.h kdc5_err.h kdc_util.h main.c
 $(OUTPRE)network.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h extern.h kdc5_err.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/cm.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/foreachaddr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc5_err.h \
   kdc_util.h network.c
 $(OUTPRE)policy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h extern.h kdc_util.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
   policy.c
 $(OUTPRE)extern.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   extern.c extern.h
 $(OUTPRE)replay.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h extern.h kdc_util.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h extern.h kdc_util.h \
   replay.c
 $(OUTPRE)kdc_authdata.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   extern.h kdc_authdata.c kdc_util.h
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 45ae496..23f1ddc 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -310,6 +310,7 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
     enc_tkt_reply.times.authtime = authtime;
 
     setflag(enc_tkt_reply.flags, TKT_FLG_INITIAL);
+    setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
 
     /*
      * It should be noted that local policy may affect the
@@ -556,12 +557,6 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
                reply.client->realm.data, reply.client->data->data);
 #endif /* APPLE_PKINIT */
 
-    errcode = return_svr_referral_data(kdc_context,
-                                       &server, &reply_encpart);
-    if (errcode) {
-        status = "KDC_RETURN_ENC_PADATA";
-        goto errout;
-    }
 
 
     errcode = handle_authdata(kdc_context,
@@ -607,6 +602,13 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
         status = "generating reply key";
         goto errout;
     }
+    errcode = return_enc_padata(kdc_context, req_pkt, request,
+                                as_encrypting_key, &server, &reply_encpart);
+    if (errcode) {
+        status = "KDC_RETURN_ENC_PADATA";
+        goto errout;
+    }
+
     errcode = krb5_encode_kdc_rep(kdc_context, KRB5_AS_REP, &reply_encpart,
                                   0, as_encrypting_key,  &reply, response);
     reply.enc_part.kvno = client_key->key_data_kvno;
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 778a3e8..75d4132 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -454,6 +454,7 @@ tgt_again:
      */
     if (!(header_enc_tkt->times.starttime))
         header_enc_tkt->times.starttime = authtime;
+    setflag(enc_tkt_reply.flags, TKT_FLG_ENC_PA_REP);
 
     /* don't use new addresses unless forwarded, see below */
 
@@ -755,14 +756,6 @@ tgt_again:
         goto cleanup;
     }
 
-    if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
-        errcode = return_svr_referral_data(kdc_context,
-                                           &server, &reply_encpart);
-        if (errcode) {
-            status = "KDC_RETURN_ENC_PADATA";
-            goto cleanup;
-        }
-    }
 
     /*
      * Only add the realm of the presented tgt to the transited list if
@@ -954,6 +947,31 @@ tgt_again:
         status  = "generating reply key";
         goto cleanup;
     }
+    if (is_referral && isflagset(s_flags, KRB5_KDB_FLAG_CANONICALIZE)) {
+        int idx = 0;
+
+        errcode = return_enc_padata(kdc_context, pkt, request,
+                                    reply_key, &server, &reply_encpart);
+        if (errcode) {
+            status = "KDC_RETURN_ENC_PADATA";
+            goto cleanup;
+        }
+        /* Not referral. */
+        reply_encpart.enc_padata = calloc(3, sizeof(krb5_pa_data *));
+        if (reply_encpart.enc_padata == NULL) {
+            errcode = ENOMEM;
+            status = "Allocating enc_padata";
+            goto cleanup;
+        }
+        errcode = kdc_handle_protected_negotiation(pkt, request, reply_key,
+                                                   reply_encpart.enc_padata,
+                                                   &idx);
+        if (errcode != 0) {
+            status = "protected negotiation";
+            goto cleanup;
+        }
+    }
+
     errcode = krb5_encode_kdc_rep(kdc_context, KRB5_TGS_REP, &reply_encpart,
                                   subkey ? 1 : 0,
                                   reply_key,
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
index 17b8447..e6503cf 100644
--- a/src/kdc/fast_util.c
+++ b/src/kdc/fast_util.c
@@ -128,7 +128,7 @@ kdc_find_fast(krb5_kdc_req **requestptr,
               struct kdc_request_state *state)
 {
     krb5_error_code retval = 0;
-    krb5_pa_data *fast_padata, *cookie_padata;
+    krb5_pa_data *fast_padata, *cookie_padata = NULL;
     krb5_data scratch;
     krb5_fast_req * fast_req = NULL;
     krb5_kdc_req *request = *requestptr;
@@ -148,6 +148,12 @@ kdc_find_fast(krb5_kdc_req **requestptr,
         if (retval == 0 &&fast_armored_req->armor) {
             switch (fast_armored_req->armor->armor_type) {
             case KRB5_FAST_ARMOR_AP_REQUEST:
+                if (tgs_subkey) {
+                    krb5_set_error_message( kdc_context, KRB5KDC_ERR_PREAUTH_FAILED,
+                                            "Ap-request armor not permitted with TGS");
+                    retval =  KRB5KDC_ERR_PREAUTH_FAILED;
+                    break;
+                }
                 retval = armor_ap_request(state, fast_armored_req->armor);
                 break;
             default:
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 05b109b..2262c89 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -3064,27 +3064,29 @@ include_pac_p(krb5_context context, krb5_kdc_req *request)
 }
 
 krb5_error_code
-return_svr_referral_data(krb5_context context,
-                         krb5_db_entry *server,
-                         krb5_enc_kdc_rep_part *reply_encpart)
+return_enc_padata(krb5_context context, krb5_data *req_pkt,
+                  krb5_kdc_req *request, krb5_keyblock *reply_key,
+                  krb5_db_entry *server, krb5_enc_kdc_rep_part *reply_encpart)
 {
     krb5_error_code             code;
     krb5_tl_data                tl_data;
     krb5_pa_data                *pa_data;
+    int idx = 0;
 
-    /* This should be initialized and only used for Win2K compat */
+    /* This should be initialized and only used for Win2K compat and other
+     * specific standardized uses such as FAST negotiation. */
     assert(reply_encpart->enc_padata == NULL);
-
+    reply_encpart->enc_padata = calloc(4, sizeof(krb5_pa_data *));
+    if (reply_encpart->enc_padata == NULL)
+        return ENOMEM;
     tl_data.tl_data_type = KRB5_TL_SVR_REFERRAL_DATA;
-
     code = krb5_dbe_lookup_tl_data(context, server, &tl_data);
     if (code || tl_data.tl_data_length == 0)
-        return 0; /* no server referrals to return */
+        goto negotiate; /* no server referrals to return */
 
     pa_data = (krb5_pa_data *)malloc(sizeof(*pa_data));
     if (pa_data == NULL)
         return ENOMEM;
-
     pa_data->magic = KV5M_PA_DATA;
     pa_data->pa_type = KRB5_PADATA_SVR_REFERRAL_INFO;
     pa_data->length = tl_data.tl_data_length;
@@ -3095,17 +3097,12 @@ return_svr_referral_data(krb5_context context,
     }
     memcpy(pa_data->contents, tl_data.tl_data_contents, tl_data.tl_data_length);
 
-    reply_encpart->enc_padata = (krb5_pa_data **)calloc(2, sizeof(krb5_pa_data *));
-    if (reply_encpart->enc_padata == NULL) {
-        free(pa_data->contents);
-        free(pa_data);
-        return ENOMEM;
-    }
 
-    reply_encpart->enc_padata[0] = pa_data;
+    reply_encpart->enc_padata[idx++] = pa_data;
     reply_encpart->enc_padata[1] = NULL;
-
-    return 0;
+negotiate:
+    return kdc_handle_protected_negotiation(req_pkt, request, reply_key,
+                                            reply_encpart->enc_padata, &idx);
 }
 
 #if 0
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index 39c6be6..475265e 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -2651,3 +2651,64 @@ kdc_get_ticket_endtime(krb5_context context,
 
     *out_endtime = starttime + life;
 }
+
+/**
+ * Handle protected negotiation of FAST using enc_padata
+ * - If ENCPADATA_REQ_ENC_PA_REP is present, then:
+ * - Return ENCPADATA_REQ_ENC_PA_REP with checksum of AS-REQ from client
+ * - Include PADATA_FX_FAST in the enc_padata to indicate FAST
+ * @pre @c out_enc_padata has space for at least two more padata
+ * @param index in/out index into @c out_enc_padata for next item
+ */
+krb5_error_code
+kdc_handle_protected_negotiation(krb5_data *req_pkt, krb5_kdc_req *request,
+                                 const krb5_keyblock *reply_key,
+                                 krb5_pa_data **out_enc_padata, int *idx)
+{
+    krb5_error_code retval = 0;
+    krb5_checksum checksum;
+    krb5_data *out = NULL;
+    krb5_pa_data *pa;
+    assert(out_enc_padata != NULL);
+    pa = krb5int_find_pa_data(kdc_context, request->padata,
+                              KRB5_ENCPADATA_REQ_ENC_PA_REP);
+    if (pa == NULL)
+        return 0;
+    checksum.contents = NULL;
+    pa = malloc(sizeof(krb5_pa_data));
+    if (pa == NULL)
+        return ENOMEM;
+    pa->magic = KV5M_PA_DATA;
+    pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
+    retval = krb5_c_make_checksum(kdc_context,0, reply_key,
+                                  KRB5_KEYUSAGE_AS_REQ, req_pkt, &checksum);
+    if (retval != 0)
+        goto cleanup;
+    retval = encode_krb5_checksum(&checksum, &out);
+    if (retval != 0)
+        goto cleanup;
+    pa->contents = (krb5_octet *) out->data;
+    pa->length = out->length;
+    out_enc_padata[(*idx)++] = pa;
+    pa = NULL;
+    out->data = NULL;
+    pa = malloc(sizeof(krb5_pa_data));
+    if (pa == NULL) {
+        retval = ENOMEM;
+        goto cleanup;
+    }
+    pa->magic = KV5M_PA_DATA;
+    pa->pa_type = KRB5_PADATA_FX_FAST;
+    pa->length = 0;
+    pa->contents = NULL;
+    out_enc_padata[(*idx)++] = pa;
+    pa = NULL;
+cleanup:
+    if (checksum.contents)
+        krb5_free_checksum_contents(kdc_context, &checksum);
+    if (out != NULL)
+        krb5_free_data(kdc_context, out);
+    if (pa != NULL)
+        free(pa);
+    return retval;
+}
diff --git a/src/kdc/kdc_util.h b/src/kdc/kdc_util.h
index a234720..353bbfc 100644
--- a/src/kdc/kdc_util.h
+++ b/src/kdc/kdc_util.h
@@ -250,9 +250,11 @@ krb5_boolean
 include_pac_p(krb5_context context, krb5_kdc_req *request);
 
 krb5_error_code
-return_svr_referral_data (krb5_context context,
-                          krb5_db_entry *server,
-                          krb5_enc_kdc_rep_part *reply_encpart);
+return_enc_padata(krb5_context context,
+                  krb5_data *req_pkt, krb5_kdc_req *request,
+                  krb5_keyblock *reply_key,
+                  krb5_db_entry *server,
+                  krb5_enc_kdc_rep_part *reply_encpart);
 
 krb5_error_code
 sign_db_authdata (krb5_context context,
@@ -392,7 +394,10 @@ krb5_error_code kdc_fast_handle_reply_key(struct kdc_request_state *state,
 
 krb5_error_code kdc_preauth_get_cookie(struct kdc_request_state *state,
                                        krb5_pa_data **cookie);
-
+krb5_error_code
+kdc_handle_protected_negotiation( krb5_data *req_pkt, krb5_kdc_req *request,
+                                  const krb5_keyblock *reply_key,
+                                  krb5_pa_data **out_enc_padata, int *idx);
 
 
 
diff --git a/src/kdc/network.c b/src/kdc/network.c
index a96bc30..00218a7 100644
--- a/src/kdc/network.c
+++ b/src/kdc/network.c
@@ -1003,10 +1003,24 @@ static void init_addr(krb5_fulladdr *faddr, struct sockaddr *sa)
     }
 }
 
+/*
+ * This holds whatever additional information might be needed to
+ * properly send back to the client from the correct local address.
+ *
+ * In this case, we only need one datum so far: On Mac OS X, the
+ * kernel doesn't seem to like sending from link-local addresses
+ * unless we specify the correct interface.
+ */
+
+union aux_addressing_info {
+    int ipv6_ifindex;
+};
+
 static int
 recv_from_to(int s, void *buf, size_t len, int flags,
              struct sockaddr *from, socklen_t *fromlen,
-             struct sockaddr *to, socklen_t *tolen)
+             struct sockaddr *to, socklen_t *tolen,
+             union aux_addressing_info *auxaddr)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     if (to && tolen) {
@@ -1075,6 +1089,7 @@ recv_from_to(int s, void *buf, size_t len, int flags,
                 ((struct sockaddr_in6 *)to)->sin6_addr = pktinfo->ipi6_addr;
                 ((struct sockaddr_in6 *)to)->sin6_family = AF_INET6;
                 *tolen = sizeof(struct sockaddr_in6);
+                auxaddr->ipv6_ifindex = pktinfo->ipi6_ifindex;
                 return r;
             }
 #endif
@@ -1090,7 +1105,8 @@ recv_from_to(int s, void *buf, size_t len, int flags,
 static int
 send_to_from(int s, void *buf, size_t len, int flags,
              const struct sockaddr *to, socklen_t tolen,
-             const struct sockaddr *from, socklen_t fromlen)
+             const struct sockaddr *from, socklen_t fromlen,
+             union aux_addressing_info *auxaddr)
 {
 #if (!defined(IP_PKTINFO) && !defined(IPV6_PKTINFO)) || !defined(CMSG_SPACE)
     return sendto(s, buf, len, flags, to, tolen);
@@ -1150,6 +1166,17 @@ send_to_from(int s, void *buf, size_t len, int flags,
             struct in6_pktinfo *p = (struct in6_pktinfo *)CMSG_DATA(cmsgptr);
             const struct sockaddr_in6 *from6 = (const struct sockaddr_in6 *)from;
             p->ipi6_addr = from6->sin6_addr;
+            /*
+             * Because of the possibility of asymmetric routing, we
+             * normally don't want to specify an interface.  However,
+             * Mac OS X doesn't like sending from a link-local address
+             * (which can come up in testing at least, if you wind up
+             * with a "foo.local" name) unless we do specify the
+             * interface.
+             */
+            if (IN6_IS_ADDR_LINKLOCAL(&from6->sin6_addr))
+                p->ipi6_ifindex = auxaddr->ipv6_ifindex;
+            /* otherwise, already zero */
         }
         msg.msg_controllen = CMSG_SPACE(sizeof(struct in6_pktinfo));
         break;
@@ -1206,13 +1233,16 @@ static void process_packet(struct connection *conn, int selflags)
     krb5_data *response;
     char pktbuf[MAX_DGRAM_SIZE];
     int port_fd = conn->fd;
+    union aux_addressing_info auxaddr;
 
     response = NULL;
     saddr_len = sizeof(saddr);
     daddr_len = sizeof(daddr);
+    memset(&auxaddr, 0, sizeof(auxaddr));
     cc = recv_from_to(port_fd, pktbuf, sizeof(pktbuf), 0,
                       (struct sockaddr *)&saddr, &saddr_len,
-                      (struct sockaddr *)&daddr, &daddr_len);
+                      (struct sockaddr *)&daddr, &daddr_len,
+                      &auxaddr);
     if (cc == -1) {
         if (errno != EINTR
             /* This is how Linux indicates that a previous
@@ -1259,16 +1289,30 @@ static void process_packet(struct connection *conn, int selflags)
     }
     cc = send_to_from(port_fd, response->data, (socklen_t) response->length, 0,
                       (struct sockaddr *)&saddr, saddr_len,
-                      (struct sockaddr *)&daddr, daddr_len);
+                      (struct sockaddr *)&daddr, daddr_len,
+                      &auxaddr);
     if (cc == -1) {
-        char addrbuf[46];
+        /*
+         * Note that the local address (daddr*) has no port number
+         * info associated with it.
+         */
+        char saddrbuf[NI_MAXHOST], sportbuf[NI_MAXSERV];
+        char daddrbuf[NI_MAXHOST];
+        int e = errno;
         krb5_free_data(kdc_context, response);
-        if (inet_ntop(((struct sockaddr *)&saddr)->sa_family,
-                      addr.contents, addrbuf, sizeof(addrbuf)) == 0) {
-            strlcpy(addrbuf, "?", sizeof(addrbuf));
+        if (getnameinfo((struct sockaddr *)&daddr, daddr_len,
+                        daddrbuf, sizeof(daddrbuf), 0, 0,
+                        NI_NUMERICHOST) != 0) {
+            strlcpy(daddrbuf, "?", sizeof(daddrbuf));
+        }
+        if (getnameinfo((struct sockaddr *)&saddr, saddr_len,
+                        saddrbuf, sizeof(saddrbuf), sportbuf, sizeof(sportbuf),
+                        NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
+            strlcpy(saddrbuf, "?", sizeof(saddrbuf));
+            strlcpy(sportbuf, "?", sizeof(sportbuf));
         }
-        kdc_err(NULL, errno, "while sending reply to %s/%d",
-                addrbuf, faddr.port);
+        kdc_err(NULL, e, "while sending reply to %s/%s from %s",
+                saddrbuf, sportbuf, daddrbuf);
         return;
     }
     if (cc != response->length) {
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index f5180d7..55e9b0f 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=lib
 mydir=lib
 SUBDIRS=crypto krb5 gssapi rpc kdb kadm5 apputils
 BUILDTOP=$(REL)..
@@ -74,7 +72,7 @@ clean-windows::
 ##WIN32##GGLUE=$(GSS_GLUE)
 ##WIN32##K4GLUE=$(K4_GLUE)
 
-##WIN32##RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+##WIN32##RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 ##WIN32##SRES=$(SLIB:.lib=.res)
 ##WIN32##CRES=$(CLIB:.lib=.res)
diff --git a/src/lib/apputils/Makefile.in b/src/lib/apputils/Makefile.in
index 07d7aa3..37a77bc 100644
--- a/src/lib/apputils/Makefile.in
+++ b/src/lib/apputils/Makefile.in
@@ -2,8 +2,6 @@ prefix=@prefix@
 bindir=@bindir@
 datadir=@datadir@
 mydatadir=$(datadir)/apputils
-thisconfigdir=../..
-myfulldir=lib/apputils
 mydir=lib/apputils
 BUILDTOP=$(REL)..$(S)..
 RELDIR=../lib/apputils
diff --git a/src/lib/apputils/daemon.c b/src/lib/apputils/daemon.c
index 42b2bbc..f084396 100644
--- a/src/lib/apputils/daemon.c
+++ b/src/lib/apputils/daemon.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
diff --git a/src/lib/apputils/deps b/src/lib/apputils/deps
index 49c57e1..c738588 100644
--- a/src/lib/apputils/deps
+++ b/src/lib/apputils/deps
@@ -3,12 +3,12 @@
 #
 daemon.so daemon.po $(OUTPRE)daemon.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h daemon.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h daemon.c
 dummy.so dummy.po $(OUTPRE)dummy.$(OBJEXT): dummy.c
diff --git a/src/lib/crypto/Makefile.in b/src/lib/crypto/Makefile.in
index e22f48d..91ea0f3 100644
--- a/src/lib/crypto/Makefile.in
+++ b/src/lib/crypto/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=lib/crypto
 mydir=lib/crypto
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS= krb @CRYPTO_IMPL@ crypto_tests
@@ -21,19 +19,19 @@ LIBFINIFUNC=cryptoint_cleanup_library
 RELDIR=crypto
 
 STOBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST	\
-	@CRYPTO_IMPL@/hash_provider/OBJS.ST krb/keyhash_provider/OBJS.ST  		\
+	@CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST  		\
 	krb/prf/OBJS.ST krb/rand2key/OBJS.ST 		 			\
 	krb/old/OBJS.ST krb/raw/OBJS.ST krb/yarrow/OBJS.ST 			\
 	@CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST @CRYPTO_IMPL@/sha1/OBJS.ST 		\
-	@CRYPTO_IMPL@/arcfour/OBJS.ST  @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST	\
+	krb/arcfour/OBJS.ST  @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST	\
 	krb/OBJS.ST  @CRYPTO_IMPL@/OBJS.ST
 
 SUBDIROBJLISTS=krb/crc32/OBJS.ST krb/dk/OBJS.ST @CRYPTO_IMPL@/enc_provider/OBJS.ST 	\
-	@CRYPTO_IMPL@/hash_provider/OBJS.ST krb/keyhash_provider/OBJS.ST 		\
+	@CRYPTO_IMPL@/hash_provider/OBJS.ST krb/checksum/OBJS.ST 		\
 	krb/prf/OBJS.ST krb/rand2key/OBJS.ST 		 			\
 	krb/old/OBJS.ST krb/raw/OBJS.ST  krb/yarrow/OBJS.ST 			\
 	@CRYPTO_IMPL@/md4/OBJS.ST @CRYPTO_IMPL@/md5/OBJS.ST	@CRYPTO_IMPL@/sha1/OBJS.ST 		\
-	@CRYPTO_IMPL@/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST		\
+	krb/arcfour/OBJS.ST @CRYPTO_IMPL@/aes/OBJS.ST @CRYPTO_IMPL@/des/OBJS.ST		\
 	krb/OBJS.ST @CRYPTO_IMPL@/OBJS.ST
 
 # No dependencies.  Record places to find this shared object if the target
diff --git a/src/lib/crypto/builtin/Makefile.in b/src/lib/crypto/builtin/Makefile.in
index de56ed4..a65f64d 100644
--- a/src/lib/crypto/builtin/Makefile.in
+++ b/src/lib/crypto/builtin/Makefile.in
@@ -1,13 +1,10 @@
-thisconfigdir=../../..
-myfulldir=lib/crypto/builtin
 mydir=lib/crypto/builtin
 BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=des arcfour aes	 md4 md5  sha1 enc_provider hash_provider
+SUBDIRS=des aes	 md4 md5  sha1 enc_provider hash_provider
 LOCALINCLUDES = -I$(srcdir)/../krb 			\
 		-I$(srcdir)/../krb/hash_provider 	\
 		-I$(srcdir)/des 	\
 		-I$(srcdir)/aes 	\
-		-I$(srcdir)/arcfour 	\
 		-I$(srcdir)/sha1 	\
 		-I$(srcdir)/md4 	\
 		-I$(srcdir)/md5	\
@@ -24,8 +21,8 @@ EXTRADEPSRCS= $(srcdir)/t_cf2.c
 ##DOSBUILDTOP = ..\..\..
 ##DOSLIBNAME=$(OUTPRE)crypto.lib
 ##DOSOBJFILE=$(OUTPRE)crypto.lst
-##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
-##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)arcfour.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
 
 STLIBOBJS=\
 	hmac.o	\
@@ -43,7 +40,6 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 	md5/OBJS.ST sha1/OBJS.ST 	\
 	enc_provider/OBJS.ST 		\
 	hash_provider/OBJS.ST 		\
-	arcfour/OBJS.ST 		\
 	aes/OBJS.ST 			\
 	OBJS.ST
 
@@ -51,7 +47,6 @@ SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 		md5/OBJS.ST sha1/OBJS.ST 	\
 		enc_provider/OBJS.ST 		\
 		hash_provider/OBJS.ST 		\
-		arcfour/OBJS.ST 		\
 		aes/OBJS.ST 
 
 ##DOS##LIBOBJS = $(OBJS)
@@ -94,9 +89,6 @@ all-windows::
 	cd ..\enc_provider
 	@echo Making in crypto\enc_provider
 	$(MAKE) -$(MFLAGS)
-	cd ..\arcfour
-	@echo Making in crypto\arcfour
-	$(MAKE) -$(MFLAGS)
 	cd ..\aes
 	@echo Making in crypto\aes
 	$(MAKE) -$(MFLAGS)
@@ -121,9 +113,6 @@ clean-windows::
 	cd ..\enc_provider
 	@echo Making clean in crypto\enc_provider
 	$(MAKE) -$(MFLAGS) clean
-	cd ..\arcfour
-	@echo Making clean in crypto\arcfour
-	$(MAKE) -$(MFLAGS) clean
 	cd ..\aes
 	@echo Making clean in crypto\aes
 	$(MAKE) -$(MFLAGS) clean
@@ -148,9 +137,6 @@ check-windows::
 	cd ..\enc_provider
 	@echo Making check in crypto\enc_provider
 	$(MAKE) -$(MFLAGS) check
-	cd ..\arcfour
-	@echo Making check in crypto\arcfour
-	$(MAKE) -$(MFLAGS) check
 	cd ..\aes
 	@echo Making check in crypto\aes
 	$(MAKE) -$(MFLAGS) check
diff --git a/src/lib/crypto/builtin/aes/Makefile.in b/src/lib/crypto/builtin/aes/Makefile.in
index d8e866f..260cc97 100644
--- a/src/lib/crypto/builtin/aes/Makefile.in
+++ b/src/lib/crypto/builtin/aes/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/aes
 mydir=lib/crypto/builtin/aes
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk  -I$(srcdir)/../../../../include
@@ -15,20 +13,17 @@ PROG_RPATH=$(KRB5_LIBDIR)
 STLIBOBJS=\
 	aescrypt.o	\
 	aestab.o	\
-	aeskey.o	\
-	aes_s2k.o
+	aeskey.o
 
 OBJS=\
 	$(OUTPRE)aescrypt.$(OBJEXT)	\
 	$(OUTPRE)aestab.$(OBJEXT)	\
-	$(OUTPRE)aeskey.$(OBJEXT)	\
-	$(OUTPRE)aes_s2k.$(OBJEXT)
+	$(OUTPRE)aeskey.$(OBJEXT)
 
 SRCS=\
 	$(srcdir)/aescrypt.c	\
 	$(srcdir)/aestab.c	\
 	$(srcdir)/aeskey.c	\
-	$(srcdir)/aes_s2k.c
 
 GEN_OBJS=\
 	$(OUTPRE)aescrypt.$(OBJEXT)	\
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.c b/src/lib/crypto/builtin/aes/aes_s2k.c
deleted file mode 100644
index 0eccdd9..0000000
--- a/src/lib/crypto/builtin/aes/aes_s2k.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * lib/crypto/aes/aes_s2k.c
- *
- * Copyright 2003 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5int_aes_string_to_key
- */
-
-#include "k5-int.h"
-#include "dk.h"
-#include "aes_s2k.h"
-
-#define DEFAULT_ITERATION_COUNT		4096 /* was 0xb000L in earlier drafts */
-#define MAX_ITERATION_COUNT		0x1000000L
-
-krb5_error_code
-krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt,
-			  const krb5_data *params,
-			  krb5_keyblock *key)
-{
-    unsigned long iter_count;
-    krb5_data out;
-    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
-    krb5_key tempkey = NULL;
-    krb5_error_code err;
-
-    if (params) {
-	unsigned char *p = (unsigned char *) params->data;
-	if (params->length != 4)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	/* The first two need casts in case 'int' is 16 bits.  */
-	iter_count = load_32_be(p);
-	if (iter_count == 0) {
-	    iter_count = (1UL << 16) << 16;
-	    if (((iter_count >> 16) >> 16) != 1)
-		return KRB5_ERR_BAD_S2K_PARAMS;
-	}
-    } else
-	iter_count = DEFAULT_ITERATION_COUNT;
-
-    /* This is not a protocol specification constraint; this is an
-       implementation limit, which should eventually be controlled by
-       a config file.  */
-    if (iter_count >= MAX_ITERATION_COUNT)
-	return KRB5_ERR_BAD_S2K_PARAMS;
-
-    /* Use the output keyblock contents for temporary space. */
-    out.data = (char *) key->contents;
-    out.length = key->length;
-    if (out.length != 16 && out.length != 32)
-	return KRB5_CRYPTO_INTERNAL;
-
-    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
-    if (err)
-	goto cleanup;
-
-    err = krb5_k_create_key (NULL, key, &tempkey);
-    if (err)
-	goto cleanup;
-
-    err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
-
-cleanup:
-    if (err)
-	memset (out.data, 0, out.length);
-    krb5_k_free_key (NULL, tempkey);
-    return err;
-}
diff --git a/src/lib/crypto/builtin/aes/aes_s2k.h b/src/lib/crypto/builtin/aes/aes_s2k.h
deleted file mode 100644
index b6804a9..0000000
--- a/src/lib/crypto/builtin/aes/aes_s2k.h
+++ /dev/null
@@ -1,4 +0,0 @@
-extern krb5_error_code
-krb5int_aes_string_to_key (const struct krb5_enc_provider *,
-			   const krb5_data *, const krb5_data *,
-			   const krb5_data *, krb5_keyblock *key);
diff --git a/src/lib/crypto/builtin/aes/deps b/src/lib/crypto/builtin/aes/deps
index 815ef29..7ce4e84 100644
--- a/src/lib/crypto/builtin/aes/deps
+++ b/src/lib/crypto/builtin/aes/deps
@@ -8,14 +8,3 @@ aestab.so aestab.po $(OUTPRE)aestab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   aes.h aesopt.h aestab.c uitypes.h
 aeskey.so aeskey.po $(OUTPRE)aeskey.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   aes.h aeskey.c aesopt.h uitypes.h
-aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/dk/dk.h \
-  aes_s2k.c aes_s2k.h
diff --git a/src/lib/crypto/builtin/deps b/src/lib/crypto/builtin/deps
index ad337da..a5d53a9 100644
--- a/src/lib/crypto/builtin/deps
+++ b/src/lib/crypto/builtin/deps
@@ -3,25 +3,26 @@
 #
 hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../krb/aead.h \
-  $(srcdir)/../krb/cksumtypes.h hmac.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/aead.h \
+  $(srcdir)/../krb/cksumtypes.h $(srcdir)/../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hmac.c
 pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   pbkdf2.c
 t_cf2.so t_cf2.po $(OUTPRE)t_cf2.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_cf2.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_cf2.c
diff --git a/src/lib/crypto/builtin/des/Makefile.in b/src/lib/crypto/builtin/des/Makefile.in
index 79356f2..ff5e3fa 100644
--- a/src/lib/crypto/builtin/des/Makefile.in
+++ b/src/lib/crypto/builtin/des/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/des
 mydir=lib/crypto/builtin/des
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. -I$(srcdir)/../../krb
@@ -16,11 +14,9 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 STLIBOBJS=\
 	afsstring2key.o	\
-	d3_cbc.o	\
 	d3_aead.o	\
 	d3_kysched.o	\
 	f_aead.o 	\
-	f_cbc.o 	\
 	f_cksum.o	\
 	f_parity.o 	\
 	f_sched.o 	\
@@ -30,11 +26,9 @@ STLIBOBJS=\
 	weak_key.o
 
 OBJS=	$(OUTPRE)afsstring2key.$(OBJEXT)	\
-	$(OUTPRE)d3_cbc.$(OBJEXT)	\
 	$(OUTPRE)d3_aead.$(OBJEXT)	\
 	$(OUTPRE)d3_kysched.$(OBJEXT)	\
 	$(OUTPRE)f_aead.$(OBJEXT) 	\
-	$(OUTPRE)f_cbc.$(OBJEXT) 	\
 	$(OUTPRE)f_cksum.$(OBJEXT)	\
 	$(OUTPRE)f_parity.$(OBJEXT) 	\
 	$(OUTPRE)f_sched.$(OBJEXT) 	\
@@ -44,11 +38,9 @@ OBJS=	$(OUTPRE)afsstring2key.$(OBJEXT)	\
 	$(OUTPRE)weak_key.$(OBJEXT)
 
 SRCS=	$(srcdir)/afsstring2key.c	\
-	$(srcdir)/d3_cbc.c	\
 	$(srcdir)/d3_aead.c	\
 	$(srcdir)/d3_kysched.c	\
 	$(srcdir)/f_aead.c	\
-	$(srcdir)/f_cbc.c	\
 	$(srcdir)/f_cksum.c	\
 	$(srcdir)/f_parity.c	\
 	$(srcdir)/f_sched.c	\
@@ -57,7 +49,7 @@ SRCS=	$(srcdir)/afsstring2key.c	\
 	$(srcdir)/weak_key.c	\
 	$(srcdir)/string2key.c
 
-EXTRADEPSRCS = $(SRCDIR)destest.c
+EXTRADEPSRCS = $(srcdir)/destest.c $(srcdir)/f_cbc.c $(srcdir)/t_verify.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
diff --git a/src/lib/crypto/builtin/des/afsstring2key.c b/src/lib/crypto/builtin/des/afsstring2key.c
index 4b61a2f..8c88046 100644
--- a/src/lib/crypto/builtin/des/afsstring2key.c
+++ b/src/lib/crypto/builtin/des/afsstring2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/string2key.c
  *
@@ -68,88 +69,88 @@ char *afs_crypt (const char *, const char *, char *);
 #define min(a,b) ((a)>(b)?(b):(a))
 
 krb5_error_code
-mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
-		       const krb5_data *salt)
+mit_afs_string_to_key(krb5_keyblock *keyblock, const krb5_data *data,
+                      const krb5_data *salt)
 {
-  /* totally different approach from MIT string2key. */
-  /* much of the work has already been done by the only caller
-     which is mit_des_string_to_key; in particular, *keyblock is already
-     set up. */
+    /* totally different approach from MIT string2key. */
+    /* much of the work has already been done by the only caller
+       which is mit_des_string_to_key; in particular, *keyblock is already
+       set up. */
 
     char *realm = salt->data;
     unsigned int i, j;
     krb5_octet *key = keyblock->contents;
 
     if (data->length <= 8) {
-      /* One block only.  Run afs_crypt and use the first eight
-	 returned bytes after the copy of the (fixed) salt.
-
-	 Since the returned bytes are alphanumeric, the output is
-	 limited to 2**48 possibilities; for each byte, only 64
-	 possible values can be used.  */
-      unsigned char password[9]; /* trailing nul for crypt() */
-      char afs_crypt_buf[16];
-
-      memset (password, 0, sizeof (password));
-      memcpy (password, realm, min (salt->length, 8));
-      for (i=0; i<8; i++)
-	if (isupper(password[i]))
-	  password[i] = tolower(password[i]);
-      for (i=0; i<data->length; i++)
-	password[i] ^= data->data[i];
-      for (i=0; i<8; i++)
-	if (password[i] == '\0')
-	  password[i] = 'X';
-      password[8] = '\0';
-      /* Out-of-bounds salt characters are equivalent to a salt string
-	 of "p1".  */
-      strncpy((char *) key,
-	      (char *) afs_crypt((char *) password, "#~", afs_crypt_buf) + 2,
-	      8);
-      for (i=0; i<8; i++)
-	key[i] <<= 1;
-      /* now fix up key parity again */
-      mit_des_fixup_key_parity(key);
-      /* clean & free the input string */
-      memset(password, 0, (size_t) sizeof(password));
+        /* One block only.  Run afs_crypt and use the first eight
+           returned bytes after the copy of the (fixed) salt.
+
+           Since the returned bytes are alphanumeric, the output is
+           limited to 2**48 possibilities; for each byte, only 64
+           possible values can be used.  */
+        unsigned char password[9]; /* trailing nul for crypt() */
+        char afs_crypt_buf[16];
+
+        memset (password, 0, sizeof (password));
+        memcpy (password, realm, min (salt->length, 8));
+        for (i=0; i<8; i++)
+            if (isupper(password[i]))
+                password[i] = tolower(password[i]);
+        for (i=0; i<data->length; i++)
+            password[i] ^= data->data[i];
+        for (i=0; i<8; i++)
+            if (password[i] == '\0')
+                password[i] = 'X';
+        password[8] = '\0';
+        /* Out-of-bounds salt characters are equivalent to a salt string
+           of "p1".  */
+        strncpy((char *) key,
+                (char *) afs_crypt((char *) password, "#~", afs_crypt_buf) + 2,
+                8);
+        for (i=0; i<8; i++)
+            key[i] <<= 1;
+        /* now fix up key parity again */
+        mit_des_fixup_key_parity(key);
+        /* clean & free the input string */
+        memset(password, 0, (size_t) sizeof(password));
     } else {
-      /* Multiple blocks.  Do a CBC checksum, twice, and use the
-	 result as the new key.  */
-      mit_des_cblock ikey, tkey;
-      mit_des_key_schedule key_sked;
-      unsigned int pw_len = salt->length+data->length;
-      unsigned char *password = malloc(pw_len+1);
-      if (!password) return ENOMEM;
-
-      /* Some bound checks from the original code are elided here as
-	 the malloc above makes sure we have enough storage. */
-      memcpy (password, data->data, data->length);
-      for (i=data->length, j = 0; j < salt->length; i++, j++) {
-	password[i] = realm[j];
-	if (isupper(password[i]))
-	  password[i] = tolower(password[i]);
-      }
-
-      memcpy (ikey, "kerberos", sizeof(ikey));
-      memcpy (tkey, ikey, sizeof(tkey));
-      mit_des_fixup_key_parity (tkey);
-      (void) mit_des_key_sched (tkey, key_sked);
-      (void) mit_des_cbc_cksum (password, tkey, i, key_sked, ikey);
-
-      memcpy (ikey, tkey, sizeof(ikey));
-      mit_des_fixup_key_parity (tkey);
-      (void) mit_des_key_sched (tkey, key_sked);
-      (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey);
-
-      /* erase key_sked */
-      memset(key_sked, 0,sizeof(key_sked));
-
-      /* now fix up key parity again */
-      mit_des_fixup_key_parity(key);
-
-      /* clean & free the input string */
-      memset(password, 0, (size_t) pw_len);
-      free(password);
+        /* Multiple blocks.  Do a CBC checksum, twice, and use the
+           result as the new key.  */
+        mit_des_cblock ikey, tkey;
+        mit_des_key_schedule key_sked;
+        unsigned int pw_len = salt->length+data->length;
+        unsigned char *password = malloc(pw_len+1);
+        if (!password) return ENOMEM;
+
+        /* Some bound checks from the original code are elided here as
+           the malloc above makes sure we have enough storage. */
+        memcpy (password, data->data, data->length);
+        for (i=data->length, j = 0; j < salt->length; i++, j++) {
+            password[i] = realm[j];
+            if (isupper(password[i]))
+                password[i] = tolower(password[i]);
+        }
+
+        memcpy (ikey, "kerberos", sizeof(ikey));
+        memcpy (tkey, ikey, sizeof(tkey));
+        mit_des_fixup_key_parity (tkey);
+        (void) mit_des_key_sched (tkey, key_sked);
+        (void) mit_des_cbc_cksum (password, tkey, i, key_sked, ikey);
+
+        memcpy (ikey, tkey, sizeof(ikey));
+        mit_des_fixup_key_parity (tkey);
+        (void) mit_des_key_sched (tkey, key_sked);
+        (void) mit_des_cbc_cksum (password, key, i, key_sked, ikey);
+
+        /* erase key_sked */
+        memset(key_sked, 0,sizeof(key_sked));
+
+        /* now fix up key parity again */
+        mit_des_fixup_key_parity(key);
+
+        /* clean & free the input string */
+        memset(password, 0, (size_t) pw_len);
+        free(password);
     }
 #if 0
     /* must free here because it was copied for this special case */
@@ -161,7 +162,7 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
 
 /* Portions of this code:
    Copyright 1989 by the Massachusetts Institute of Technology
-   */
+*/
 
 /*
  * Copyright (c) 1990 Regents of The University of Michigan.
@@ -177,12 +178,12 @@ mit_afs_string_to_key (krb5_keyblock *keyblock, const krb5_data *data,
  * specific, written prior permission. This software is supplied as
  * is without expressed or implied warranties of any kind.
  *
- *	ITD Research Systems
- *	University of Michigan
- *	535 W. William Street
- *	Ann Arbor, Michigan
- *	+1-313-936-2652
- *	netatalk@terminator.cc.umich.edu
+ *      ITD Research Systems
+ *      University of Michigan
+ *      535 W. William Street
+ *      Ann Arbor, Michigan
+ *      +1-313-936-2652
+ *      netatalk@terminator.cc.umich.edu
  */
 
 static void krb5_afs_crypt_setkey (char*, char*, char(*)[48]);
@@ -191,101 +192,101 @@ static void krb5_afs_encrypt (char*,char*,char (*)[48]);
 /*
  * Initial permutation,
  */
-static const char	IP[] = {
-	58,50,42,34,26,18,10, 2,
-	60,52,44,36,28,20,12, 4,
-	62,54,46,38,30,22,14, 6,
-	64,56,48,40,32,24,16, 8,
-	57,49,41,33,25,17, 9, 1,
-	59,51,43,35,27,19,11, 3,
-	61,53,45,37,29,21,13, 5,
-	63,55,47,39,31,23,15, 7,
+static const char       IP[] = {
+    58,50,42,34,26,18,10, 2,
+    60,52,44,36,28,20,12, 4,
+    62,54,46,38,30,22,14, 6,
+    64,56,48,40,32,24,16, 8,
+    57,49,41,33,25,17, 9, 1,
+    59,51,43,35,27,19,11, 3,
+    61,53,45,37,29,21,13, 5,
+    63,55,47,39,31,23,15, 7,
 };
 
 /*
  * Final permutation, FP = IP^(-1)
  */
-static const char	FP[] = {
-	40, 8,48,16,56,24,64,32,
-	39, 7,47,15,55,23,63,31,
-	38, 6,46,14,54,22,62,30,
-	37, 5,45,13,53,21,61,29,
-	36, 4,44,12,52,20,60,28,
-	35, 3,43,11,51,19,59,27,
-	34, 2,42,10,50,18,58,26,
-	33, 1,41, 9,49,17,57,25,
+static const char       FP[] = {
+    40, 8,48,16,56,24,64,32,
+    39, 7,47,15,55,23,63,31,
+    38, 6,46,14,54,22,62,30,
+    37, 5,45,13,53,21,61,29,
+    36, 4,44,12,52,20,60,28,
+    35, 3,43,11,51,19,59,27,
+    34, 2,42,10,50,18,58,26,
+    33, 1,41, 9,49,17,57,25,
 };
 
 /*
  * Permuted-choice 1 from the key bits to yield C and D.
  * Note that bits 8,16... are left out: They are intended for a parity check.
  */
-static const char	PC1_C[] = {
-	57,49,41,33,25,17, 9,
-	 1,58,50,42,34,26,18,
-	10, 2,59,51,43,35,27,
-	19,11, 3,60,52,44,36,
+static const char       PC1_C[] = {
+    57,49,41,33,25,17, 9,
+    1,58,50,42,34,26,18,
+    10, 2,59,51,43,35,27,
+    19,11, 3,60,52,44,36,
 };
 
-static const char	PC1_D[] = {
-	63,55,47,39,31,23,15,
-	 7,62,54,46,38,30,22,
-	14, 6,61,53,45,37,29,
-	21,13, 5,28,20,12, 4,
+static const char       PC1_D[] = {
+    63,55,47,39,31,23,15,
+    7,62,54,46,38,30,22,
+    14, 6,61,53,45,37,29,
+    21,13, 5,28,20,12, 4,
 };
 
 /*
  * Sequence of shifts used for the key schedule.
  */
-static const char	shifts[] = {
-	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
+static const char       shifts[] = {
+    1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
 };
 
 /*
  * Permuted-choice 2, to pick out the bits from
  * the CD array that generate the key schedule.
  */
-static const char	PC2_C[] = {
-	14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
+static const char       PC2_C[] = {
+    14,17,11,24, 1, 5,
+    3,28,15, 6,21,10,
+    23,19,12, 4,26, 8,
+    16, 7,27,20,13, 2,
 };
 
-static const char	PC2_D[] = {
-	41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
+static const char       PC2_D[] = {
+    41,52,31,37,47,55,
+    30,40,51,45,33,48,
+    44,49,39,56,34,53,
+    46,42,50,36,29,32,
 };
 
 /*
  * The E bit-selection table.
  */
-static const char	e[] = {
-	32, 1, 2, 3, 4, 5,
-	 4, 5, 6, 7, 8, 9,
-	 8, 9,10,11,12,13,
-	12,13,14,15,16,17,
-	16,17,18,19,20,21,
-	20,21,22,23,24,25,
-	24,25,26,27,28,29,
-	28,29,30,31,32, 1,
+static const char       e[] = {
+    32, 1, 2, 3, 4, 5,
+    4, 5, 6, 7, 8, 9,
+    8, 9,10,11,12,13,
+    12,13,14,15,16,17,
+    16,17,18,19,20,21,
+    20,21,22,23,24,25,
+    24,25,26,27,28,29,
+    28,29,30,31,32, 1,
 };
 
 /*
  * P is a permutation on the selected combination
  * of the current L and key.
  */
-static const char	P[] = {
-	16, 7,20,21,
-	29,12,28,17,
-	 1,15,23,26,
-	 5,18,31,10,
-	 2, 8,24,14,
-	32,27, 3, 9,
-	19,13,30, 6,
-	22,11, 4,25,
+static const char       P[] = {
+    16, 7,20,21,
+    29,12,28,17,
+    1,15,23,26,
+    5,18,31,10,
+    2, 8,24,14,
+    32,27, 3, 9,
+    19,13,30, 6,
+    22,11, 4,25,
 };
 
 /*
@@ -293,109 +294,109 @@ static const char	P[] = {
  * For some reason, they give a 0-origin
  * index, unlike everything else.
  */
-static const char	S[8][64] = {
-	{14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
-	  0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
-	  4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
-	 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
-
-	{15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
-	  3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
-	  0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
-	 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
-
-	{10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
-	 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
-	 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
-	  1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
-
-	{ 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
-	 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
-	 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
-	  3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
-
-	{ 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
-	 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
-	  4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
-	 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
-
-	{12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
-	 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
-	  9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
-	  4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
-
-	{ 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
-	 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
-	  1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
-	  6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
-
-	{13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
-	  1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
-	  7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
-	  2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
+static const char       S[8][64] = {
+    {14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
+     0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
+     4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
+     15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13},
+
+    {15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
+     3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
+     0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
+     13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9},
+
+    {10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
+     13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
+     13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
+     1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12},
+
+    { 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
+      13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
+      10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
+      3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14},
+
+    { 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
+      14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
+      4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
+      11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3},
+
+    {12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
+     10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
+     9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
+     4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13},
+
+    { 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
+      13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
+      1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
+      6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12},
+
+    {13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
+     1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
+     7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
+     2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11},
 };
 
 
 char *afs_crypt(const char *pw, const char *salt,
-		/* must be at least 16 bytes */
-		char *iobuf)
+                /* must be at least 16 bytes */
+                char *iobuf)
 {
-	int i, j, c;
-	int temp;
-	char block[66];
-	char E[48];
-	/*
-	 * The key schedule.
-	 * Generated from the key.
-	 */
-	char KS[16][48];
-
-	for(i=0; i<66; i++)
-		block[i] = 0;
-	for(i=0; (c= *pw) && i<64; pw++){
-		for(j=0; j<7; j++, i++)
-			block[i] = (c>>(6-j)) & 01;
-		i++;
-	}
-
-	krb5_afs_crypt_setkey(block, E, KS);
-
-	for(i=0; i<66; i++)
-		block[i] = 0;
-
-	for(i=0;i<2;i++){
-		c = *salt++;
-		iobuf[i] = c;
-		if(c>'Z') c -= 6;
-		if(c>'9') c -= 7;
-		c -= '.';
-		for(j=0;j<6;j++){
-			if((c>>j) & 01){
-				temp = E[6*i+j];
-				E[6*i+j] = E[6*i+j+24];
-				E[6*i+j+24] = temp;
-				}
-			}
-		}
-
-	for(i=0; i<25; i++)
-		krb5_afs_encrypt(block,E,KS);
-
-	for(i=0; i<11; i++){
-		c = 0;
-		for(j=0; j<6; j++){
-			c <<= 1;
-			c |= block[6*i+j];
-			}
-		c += '.';
-		if(c>'9') c += 7;
-		if(c>'Z') c += 6;
-		iobuf[i+2] = c;
-	}
-	iobuf[i+2] = 0;
-	if(iobuf[1]==0)
-		iobuf[1] = iobuf[0];
-	return(iobuf);
+    int i, j, c;
+    int temp;
+    char block[66];
+    char E[48];
+    /*
+     * The key schedule.
+     * Generated from the key.
+     */
+    char KS[16][48];
+
+    for(i=0; i<66; i++)
+        block[i] = 0;
+    for(i=0; (c= *pw) && i<64; pw++){
+        for(j=0; j<7; j++, i++)
+            block[i] = (c>>(6-j)) & 01;
+        i++;
+    }
+
+    krb5_afs_crypt_setkey(block, E, KS);
+
+    for(i=0; i<66; i++)
+        block[i] = 0;
+
+    for(i=0;i<2;i++){
+        c = *salt++;
+        iobuf[i] = c;
+        if(c>'Z') c -= 6;
+        if(c>'9') c -= 7;
+        c -= '.';
+        for(j=0;j<6;j++){
+            if((c>>j) & 01){
+                temp = E[6*i+j];
+                E[6*i+j] = E[6*i+j+24];
+                E[6*i+j+24] = temp;
+            }
+        }
+    }
+
+    for(i=0; i<25; i++)
+        krb5_afs_encrypt(block,E,KS);
+
+    for(i=0; i<11; i++){
+        c = 0;
+        for(j=0; j<6; j++){
+            c <<= 1;
+            c |= block[6*i+j];
+        }
+        c += '.';
+        if(c>'9') c += 7;
+        if(c>'Z') c += 6;
+        iobuf[i+2] = c;
+    }
+    iobuf[i+2] = 0;
+    if(iobuf[1]==0)
+        iobuf[1] = iobuf[0];
+    return(iobuf);
 }
 
 /*
@@ -404,57 +405,57 @@ char *afs_crypt(const char *pw, const char *salt,
 
 static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 {
-	register int i, j, k;
-	int t;
-	/*
-	 * The C and D arrays used to calculate the key schedule.
-	 */
-	char C[28], D[28];
-
-	/*
-	 * First, generate C and D by permuting
-	 * the key.  The low order bit of each
-	 * 8-bit char is not used, so C and D are only 28
-	 * bits apiece.
-	 */
-	for (i=0; i<28; i++) {
-		C[i] = key[PC1_C[i]-1];
-		D[i] = key[PC1_D[i]-1];
-	}
-	/*
-	 * To generate Ki, rotate C and D according
-	 * to schedule and pick up a permutation
-	 * using PC2.
-	 */
-	for (i=0; i<16; i++) {
-		/*
-		 * rotate.
-		 */
-		for (k=0; k<shifts[i]; k++) {
-			t = C[0];
-			for (j=0; j<28-1; j++)
-				C[j] = C[j+1];
-			C[27] = t;
-			t = D[0];
-			for (j=0; j<28-1; j++)
-				D[j] = D[j+1];
-			D[27] = t;
-		}
-		/*
-		 * get Ki. Note C and D are concatenated.
-		 */
-		for (j=0; j<24; j++) {
-			KS[i][j] = C[PC2_C[j]-1];
-			KS[i][j+24] = D[PC2_D[j]-28-1];
-		}
-	}
+    register int i, j, k;
+    int t;
+    /*
+     * The C and D arrays used to calculate the key schedule.
+     */
+    char C[28], D[28];
+
+    /*
+     * First, generate C and D by permuting
+     * the key.  The low order bit of each
+     * 8-bit char is not used, so C and D are only 28
+     * bits apiece.
+     */
+    for (i=0; i<28; i++) {
+        C[i] = key[PC1_C[i]-1];
+        D[i] = key[PC1_D[i]-1];
+    }
+    /*
+     * To generate Ki, rotate C and D according
+     * to schedule and pick up a permutation
+     * using PC2.
+     */
+    for (i=0; i<16; i++) {
+        /*
+         * rotate.
+         */
+        for (k=0; k<shifts[i]; k++) {
+            t = C[0];
+            for (j=0; j<28-1; j++)
+                C[j] = C[j+1];
+            C[27] = t;
+            t = D[0];
+            for (j=0; j<28-1; j++)
+                D[j] = D[j+1];
+            D[27] = t;
+        }
+        /*
+         * get Ki. Note C and D are concatenated.
+         */
+        for (j=0; j<24; j++) {
+            KS[i][j] = C[PC2_C[j]-1];
+            KS[i][j+24] = D[PC2_D[j]-28-1];
+        }
+    }
 
 #if 0
-	for(i=0;i<48;i++) {
-		E[i] = e[i];
-	}
+    for(i=0;i<48;i++) {
+        E[i] = e[i];
+    }
 #else
-	memcpy(E, e, 48);
+    memcpy(E, e, 48);
 #endif
 }
 
@@ -464,107 +465,107 @@ static void krb5_afs_crypt_setkey(char *key, char *E, char (*KS)[48])
 
 static void krb5_afs_encrypt(char *block, char *E, char (*KS)[48])
 {
-	const long edflag = 0;
-	int i, ii;
-	int t, j, k;
-	char tempL[32];
-	char f[32];
-	/*
-	 * The current block, divided into 2 halves.
-	 */
-	char L[64];
-	char *const R = &L[32];
-	/*
-	 * The combination of the key and the input, before selection.
-	 */
-	char preS[48];
-
-	/*
-	 * First, permute the bits in the input
-	 */
-	for (j=0; j<64; j++)
-		L[j] = block[IP[j]-1];
-	/*
-	 * Perform an encryption operation 16 times.
-	 */
-	for (ii=0; ii<16; ii++) {
-		/*
-		 * Set direction
-		 */
-		if (edflag)
-			i = 15-ii;
-		else
-			i = ii;
-		/*
-		 * Save the R array,
-		 * which will be the new L.
-		 */
+    const long edflag = 0;
+    int i, ii;
+    int t, j, k;
+    char tempL[32];
+    char f[32];
+    /*
+     * The current block, divided into 2 halves.
+     */
+    char L[64];
+    char *const R = &L[32];
+    /*
+     * The combination of the key and the input, before selection.
+     */
+    char preS[48];
+
+    /*
+     * First, permute the bits in the input
+     */
+    for (j=0; j<64; j++)
+        L[j] = block[IP[j]-1];
+    /*
+     * Perform an encryption operation 16 times.
+     */
+    for (ii=0; ii<16; ii++) {
+        /*
+         * Set direction
+         */
+        if (edflag)
+            i = 15-ii;
+        else
+            i = ii;
+        /*
+         * Save the R array,
+         * which will be the new L.
+         */
 #if 0
-		for (j=0; j<32; j++)
-			tempL[j] = R[j];
+        for (j=0; j<32; j++)
+            tempL[j] = R[j];
 #else
-		memcpy(tempL, R, 32);
+        memcpy(tempL, R, 32);
 #endif
-		/*
-		 * Expand R to 48 bits using the E selector;
-		 * exclusive-or with the current key bits.
-		 */
-		for (j=0; j<48; j++)
-			preS[j] = R[E[j]-1] ^ KS[i][j];
-		/*
-		 * The pre-select bits are now considered
-		 * in 8 groups of 6 bits each.
-		 * The 8 selection functions map these
-		 * 6-bit quantities into 4-bit quantities
-		 * and the results permuted
-		 * to make an f(R, K).
-		 * The indexing into the selection functions
-		 * is peculiar; it could be simplified by
-		 * rewriting the tables.
-		 */
-		for (j=0; j<8; j++) {
-			t = 6*j;
-			k = S[j][(preS[t+0]<<5)+
-				(preS[t+1]<<3)+
-				(preS[t+2]<<2)+
-				(preS[t+3]<<1)+
-				(preS[t+4]<<0)+
-				(preS[t+5]<<4)];
-			t = 4*j;
-				f[t+0] = (k>>3)&01;
-				f[t+1] = (k>>2)&01;
-				f[t+2] = (k>>1)&01;
-				f[t+3] = (k>>0)&01;
-		}
-		/*
-		 * The new R is L ^ f(R, K).
-		 * The f here has to be permuted first, though.
-		 */
-		for (j=0; j<32; j++)
-			R[j] = L[j] ^ f[P[j]-1];
-		/*
-		 * Finally, the new L (the original R)
-		 * is copied back.
-		 */
+        /*
+         * Expand R to 48 bits using the E selector;
+         * exclusive-or with the current key bits.
+         */
+        for (j=0; j<48; j++)
+            preS[j] = R[E[j]-1] ^ KS[i][j];
+        /*
+         * The pre-select bits are now considered
+         * in 8 groups of 6 bits each.
+         * The 8 selection functions map these
+         * 6-bit quantities into 4-bit quantities
+         * and the results permuted
+         * to make an f(R, K).
+         * The indexing into the selection functions
+         * is peculiar; it could be simplified by
+         * rewriting the tables.
+         */
+        for (j=0; j<8; j++) {
+            t = 6*j;
+            k = S[j][(preS[t+0]<<5)+
+                     (preS[t+1]<<3)+
+                     (preS[t+2]<<2)+
+                     (preS[t+3]<<1)+
+                     (preS[t+4]<<0)+
+                     (preS[t+5]<<4)];
+            t = 4*j;
+            f[t+0] = (k>>3)&01;
+            f[t+1] = (k>>2)&01;
+            f[t+2] = (k>>1)&01;
+            f[t+3] = (k>>0)&01;
+        }
+        /*
+         * The new R is L ^ f(R, K).
+         * The f here has to be permuted first, though.
+         */
+        for (j=0; j<32; j++)
+            R[j] = L[j] ^ f[P[j]-1];
+        /*
+         * Finally, the new L (the original R)
+         * is copied back.
+         */
 #if 0
-		for (j=0; j<32; j++)
-			L[j] = tempL[j];
+        for (j=0; j<32; j++)
+            L[j] = tempL[j];
 #else
-		memcpy(L, tempL, 32);
+        memcpy(L, tempL, 32);
 #endif
-	}
-	/*
-	 * The output L and R are reversed.
-	 */
-	for (j=0; j<32; j++) {
-		t = L[j];
-		L[j] = R[j];
-		R[j] = t;
-	}
-	/*
-	 * The final output
-	 * gets the inverse permutation of the very original.
-	 */
-	for (j=0; j<64; j++)
-		block[j] = L[FP[j]-1];
+    }
+    /*
+     * The output L and R are reversed.
+     */
+    for (j=0; j<32; j++) {
+        t = L[j];
+        L[j] = R[j];
+        R[j] = t;
+    }
+    /*
+     * The final output
+     * gets the inverse permutation of the very original.
+     */
+    for (j=0; j<64; j++)
+        block[j] = L[FP[j]-1];
 }
diff --git a/src/lib/crypto/builtin/des/d3_aead.c b/src/lib/crypto/builtin/des/d3_aead.c
index 3eb9422..4052a40 100644
--- a/src/lib/crypto/builtin/des/d3_aead.c
+++ b/src/lib/crypto/builtin/des/d3_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology.
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
@@ -26,107 +27,85 @@
 #include "aead.h"
 
 void
-krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec)
+krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
     const unsigned char *ip;
-    unsigned char *op;
     struct iov_block_state input_pos, output_pos;
-    unsigned char iblock[MIT_DES_BLOCK_LENGTH];
-    unsigned char oblock[MIT_DES_BLOCK_LENGTH];
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
+    /* Get key pointers here.  These won't need to be reinitialized. */
     kp1 = (const unsigned DES_INT32 *)ks1;
     kp2 = (const unsigned DES_INT32 *)ks2;
     kp3 = (const unsigned DES_INT32 *)ks3;
 
-    /*
-     * Initialize left and right with the contents of the initial
-     * vector.
-     */
-    if (ivec != NULL)
-	ip = ivec;
-    else
-	ip = mit_des_zeroblock;
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
     GET_HALF_BLOCK(left, ip);
     GET_HALF_BLOCK(right, ip);
 
-    /*
-     * Suitably initialized, now work the length down 8 bytes
-     * at a time.
-     */
+    /* Work the length down 8 bytes at a time. */
     for (;;) {
-	unsigned DES_INT32 temp;
-
-	ip = iblock;
-	op = oblock;
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	GET_HALF_BLOCK(temp, ip);
-	left  ^= temp;
-	GET_HALF_BLOCK(temp, ip);
-	right ^= temp;
-
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp1);
-	DES_DO_DECRYPT(left, right, kp2);
-	DES_DO_ENCRYPT(left, right, kp3);
-
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        unsigned DES_INT32 temp;
+
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Decompose this block and xor it with the previous ciphertext. */
+        GET_HALF_BLOCK(temp, ptr);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ptr);
+        right ^= temp;
+
+        /* Encrypt what we have and store it back into block. */
+        DES_DO_ENCRYPT(left, right, kp1);
+        DES_DO_DECRYPT(left, right, kp2);
+        DES_DO_ENCRYPT(left, right, kp3);
+        ptr = block;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+
+        iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
+                        &output_pos);
     }
 
-    if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+    if (ivec != NULL && block != NULL) {
+        ptr = ivec;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+    }
 }
 
 void
-krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec)
+krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp1, *kp2, *kp3;
     const unsigned char *ip;
     unsigned DES_INT32 ocipherl, ocipherr;
     unsigned DES_INT32 cipherl, cipherr;
-    unsigned char *op;
     struct iov_block_state input_pos, output_pos;
-    unsigned char iblock[MIT_DES_BLOCK_LENGTH];
-    unsigned char oblock[MIT_DES_BLOCK_LENGTH];
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
+    /* Get key pointers here.  These won't need to be reinitialized. */
     kp1 = (const unsigned DES_INT32 *)ks1;
     kp2 = (const unsigned DES_INT32 *)ks2;
     kp3 = (const unsigned DES_INT32 *)ks3;
@@ -137,71 +116,48 @@ krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
      * Should think about this a little more...
      */
 
-    if (num_data == 0)
-	return;
-
-    /*
-     * Prime the old cipher with ivec.
-     */
-    if (ivec != NULL)
-	ip = ivec;
-    else
-	ip = mit_des_zeroblock;
+    /* Prime the old cipher with ivec.*/
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
     GET_HALF_BLOCK(ocipherl, ip);
     GET_HALF_BLOCK(ocipherr, ip);
 
-    /*
-     * Now do this in earnest until we run out of length.
-     */
+    /* Work the length down 8 bytes at a time. */
     for (;;) {
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	ip = iblock;
-	op = oblock;
-
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp3);
-	DES_DO_ENCRYPT(left, right, kp2);
-	DES_DO_DECRYPT(left, right, kp1);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	/*
-	 * Save current cipher block here
-	 */
-	ocipherl = cipherl;
-	ocipherr = cipherr;
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Split this block into left and right. */
+        GET_HALF_BLOCK(left, ptr);
+        GET_HALF_BLOCK(right, ptr);
+        cipherl = left;
+        cipherr = right;
+
+        /* Decrypt and xor with the old cipher to get plain text. */
+        DES_DO_DECRYPT(left, right, kp3);
+        DES_DO_ENCRYPT(left, right, kp2);
+        DES_DO_DECRYPT(left, right, kp1);
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        /* Store the encrypted halves back into block. */
+        ptr = block;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+
+        /* Save current cipher block halves. */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
+                        &output_pos);
     }
 
-    if (ivec != NULL) {
-	op = ivec;
-	PUT_HALF_BLOCK(ocipherl,op);
-	PUT_HALF_BLOCK(ocipherr, op);
+    if (ivec != NULL && block != NULL) {
+        ptr = ivec;
+        PUT_HALF_BLOCK(ocipherl, ptr);
+        PUT_HALF_BLOCK(ocipherr, ptr);
     }
 }
diff --git a/src/lib/crypto/builtin/des/d3_cbc.c b/src/lib/crypto/builtin/des/d3_cbc.c
deleted file mode 100644
index f90d8e5..0000000
--- a/src/lib/crypto/builtin/des/d3_cbc.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
- * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used
- * in advertising or publicity pertaining to distribution of the software
- * without specific, written prior permission.  Richard P. Basch,
- * Lehman Brothers and M.I.T. make no representations about the suitability
- * of this software for any purpose.  It is provided "as is" without
- * express or implied warranty.
- */
-
-#include "des_int.h"
-#include "f_tables.h"
-
-/*
- * Triple-DES CBC encryption mode.
- */
-
-#undef mit_des3_cbc_encrypt
-int
-mit_des3_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
-		     unsigned long length, const mit_des_key_schedule ks1,
-		     const mit_des_key_schedule ks2,
-		     const mit_des_key_schedule ks3,
-		     const mit_des_cblock ivec, int enc)
-{
-    if (enc)
-	krb5int_des3_cbc_encrypt(in, out, length, ks1, ks2, ks3, ivec);
-    else
-	krb5int_des3_cbc_decrypt(in, out, length, ks1, ks2, ks3, ivec);
-    return 0;
-}
-
-void
-krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec)
-{
-    unsigned DES_INT32 left, right;
-    const unsigned DES_INT32 *kp1, *kp2, *kp3;
-    const unsigned char *ip;
-    unsigned char *op;
-
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
-    kp1 = (const unsigned DES_INT32 *)ks1;
-    kp2 = (const unsigned DES_INT32 *)ks2;
-    kp3 = (const unsigned DES_INT32 *)ks3;
-
-    /*
-     * Initialize left and right with the contents of the initial
-     * vector.
-     */
-    ip = ivec;
-    GET_HALF_BLOCK(left, ip);
-    GET_HALF_BLOCK(right, ip);
-
-    /*
-     * Suitably initialized, now work the length down 8 bytes
-     * at a time.
-     */
-    ip = *in;
-    op = *out;
-    while (length > 0) {
-	/*
-	 * Get more input, xor it in.  If the length is
-	 * greater than or equal to 8 this is straight
-	 * forward.  Otherwise we have to fart around.
-	 */
-	if (length >= 8) {
-	    unsigned DES_INT32 temp;
-	    GET_HALF_BLOCK(temp, ip);
-	    left  ^= temp;
-	    GET_HALF_BLOCK(temp, ip);
-	    right ^= temp;
-	    length -= 8;
-	} else {
-	    /*
-	     * Oh, shoot.  We need to pad the
-	     * end with zeroes.  Work backwards
-	     * to do this.
-	     */
-	    ip += (int) length;
-	    switch(length) {
-	    case 7:	right ^= (*(--ip) & FF_UINT32) <<  8;
-	    case 6:	right ^= (*(--ip) & FF_UINT32) << 16;
-	    case 5:	right ^= (*(--ip) & FF_UINT32) << 24;
-	    case 4:	left  ^=  *(--ip) & FF_UINT32;
-	    case 3:	left  ^= (*(--ip) & FF_UINT32) <<  8;
-	    case 2:	left  ^= (*(--ip) & FF_UINT32) << 16;
-	    case 1:	left  ^= (*(--ip) & FF_UINT32) << 24;
-
-	    }
-	    length = 0;
-	}
-
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp1);
-	DES_DO_DECRYPT(left, right, kp2);
-	DES_DO_ENCRYPT(left, right, kp3);
-
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-    }
-}
-
-void
-krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec)
-{
-    unsigned DES_INT32 left, right;
-    const unsigned DES_INT32 *kp1, *kp2, *kp3;
-    const unsigned char *ip;
-    unsigned char *op;
-    unsigned DES_INT32 ocipherl, ocipherr;
-    unsigned DES_INT32 cipherl, cipherr;
-
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
-    kp1 = (const unsigned DES_INT32 *)ks1;
-    kp2 = (const unsigned DES_INT32 *)ks2;
-    kp3 = (const unsigned DES_INT32 *)ks3;
-
-    /*
-     * Decrypting is harder than encrypting because of
-     * the necessity of remembering a lot more things.
-     * Should think about this a little more...
-     */
-
-    if (length <= 0)
-	return;
-
-    /*
-     * Prime the old cipher with ivec.
-     */
-    ip = ivec;
-    GET_HALF_BLOCK(ocipherl, ip);
-    GET_HALF_BLOCK(ocipherr, ip);
-
-    /*
-     * Now do this in earnest until we run out of length.
-     */
-    ip = *in;
-    op = *out;
-    for (;;) {		/* check done inside loop */
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp3);
-	DES_DO_ENCRYPT(left, right, kp2);
-	DES_DO_DECRYPT(left, right, kp1);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-	if (length > 8) {
-	    length -= 8;
-	    PUT_HALF_BLOCK(left, op);
-	    PUT_HALF_BLOCK(right, op);
-	    /*
-	     * Save current cipher block here
-	     */
-	    ocipherl = cipherl;
-	    ocipherr = cipherr;
-	} else {
-	    /*
-	     * Trouble here.  Start at end of output,
-	     * work backwards.
-	     */
-	    op += (int) length;
-	    switch(length) {
-	    case 8: *(--op) = (unsigned char) (right & 0xff);
-	    case 7: *(--op) = (unsigned char) ((right >> 8) & 0xff);
-	    case 6: *(--op) = (unsigned char) ((right >> 16) & 0xff);
-	    case 5: *(--op) = (unsigned char) ((right >> 24) & 0xff);
-	    case 4: *(--op) = (unsigned char) (left & 0xff);
-	    case 3: *(--op) = (unsigned char) ((left >> 8) & 0xff);
-	    case 2: *(--op) = (unsigned char) ((left >> 16) & 0xff);
-	    case 1: *(--op) = (unsigned char) ((left >> 24) & 0xff);
-	    }
-	    break;		/* we're done */
-	}
-    }
-}
diff --git a/src/lib/crypto/builtin/des/d3_kysched.c b/src/lib/crypto/builtin/des/d3_kysched.c
index 2a9cc5a..ebd1050 100644
--- a/src/lib/crypto/builtin/des/d3_kysched.c
+++ b/src/lib/crypto/builtin/des/d3_kysched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
  * Copyright 1995 by Lehman Brothers, Inc.  All Rights Reserved.
@@ -30,20 +31,20 @@ mit_des3_key_sched(mit_des3_cblock k, mit_des3_key_schedule schedule)
     mit_des_make_key_sched(k[1],schedule[1]);
     mit_des_make_key_sched(k[2],schedule[2]);
 
-    if (!mit_des_check_key_parity(k[0]))	/* bad parity --> return -1 */
-	return(-1);
+    if (!mit_des_check_key_parity(k[0]))        /* bad parity --> return -1 */
+        return(-1);
     if (mit_des_is_weak_key(k[0]))
-	return(-2);
+        return(-2);
 
     if (!mit_des_check_key_parity(k[1]))
-	return(-1);
+        return(-1);
     if (mit_des_is_weak_key(k[1]))
-	return(-2);
+        return(-2);
 
     if (!mit_des_check_key_parity(k[2]))
-	return(-1);
+        return(-1);
     if (mit_des_is_weak_key(k[2]))
-	return(-2);
+        return(-2);
 
     /* if key was good, return 0 */
     return 0;
diff --git a/src/lib/crypto/builtin/des/deps b/src/lib/crypto/builtin/des/deps
index e5f382e..7041f29 100644
--- a/src/lib/crypto/builtin/des/deps
+++ b/src/lib/crypto/builtin/des/deps
@@ -4,154 +4,154 @@
 afsstring2key.so afsstring2key.po $(OUTPRE)afsstring2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   afsstring2key.c des_int.h
-d3_cbc.so d3_cbc.po $(OUTPRE)d3_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h d3_cbc.c des_int.h \
-  f_tables.h
 d3_aead.so d3_aead.po $(OUTPRE)d3_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h d3_aead.c des_int.h \
-  f_tables.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  d3_aead.c des_int.h f_tables.h
 d3_kysched.so d3_kysched.po $(OUTPRE)d3_kysched.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   d3_kysched.c des_int.h
 f_aead.so f_aead.po $(OUTPRE)f_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h des_int.h f_aead.c \
-  f_tables.h
-f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h des_int.h f_cbc.c \
-  f_tables.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h f_aead.c f_tables.h
 f_cksum.so f_cksum.po $(OUTPRE)f_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h des_int.h f_cksum.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_cksum.c \
   f_tables.h
 f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   des_int.h f_parity.c
 f_sched.so f_sched.po $(OUTPRE)f_sched.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h des_int.h f_sched.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_sched.c
 f_tables.so f_tables.po $(OUTPRE)f_tables.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   des_int.h f_tables.c f_tables.h
 key_sched.so key_sched.po $(OUTPRE)key_sched.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   des_int.h key_sched.c
 weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   des_int.h weak_key.c
 string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   des_int.h string2key.c
 destest.so destest.po $(OUTPRE)destest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h des_int.h destest.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h destest.c
+f_cbc.so f_cbc.po $(OUTPRE)f_cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_int.h f_cbc.c \
+  f_tables.h
+t_verify.so t_verify.po $(OUTPRE)t_verify.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h t_verify.c
diff --git a/src/lib/crypto/builtin/des/des_int.h b/src/lib/crypto/builtin/des/des_int.h
index d6fa04a..419459d 100644
--- a/src/lib/crypto/builtin/des/des_int.h
+++ b/src/lib/crypto/builtin/des/des_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_int.h
  *
@@ -53,7 +54,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* only do the whole thing once	 */
+/* only do the whole thing once  */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
 
@@ -91,7 +92,7 @@
 #define DES_UINT32 unsigned long
 #endif
 
-typedef unsigned char des_cblock[8] 	/* crypto-block size */
+typedef unsigned char des_cblock[8]     /* crypto-block size */
 KRB5INT_DES_DEPRECATED;
 
 /*
@@ -119,11 +120,11 @@ typedef des_cblock mit_des_cblock;
 typedef des_key_schedule mit_des_key_schedule;
 
 /* Triple-DES structures */
-typedef mit_des_cblock		mit_des3_cblock[3];
-typedef mit_des_key_schedule	mit_des3_key_schedule[3];
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
 
-#define MIT_DES_ENCRYPT	1
-#define MIT_DES_DECRYPT	0
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
 
 typedef struct mit_des_ran_key_seed {
     krb5_encrypt_block eblock;
@@ -132,246 +133,166 @@ typedef struct mit_des_ran_key_seed {
 
 /* the first byte of the key is already in the keyblock */
 
-#define MIT_DES_BLOCK_LENGTH 		(8*sizeof(krb5_octet))
-#define	MIT_DES_CBC_CRC_PAD_MINIMUM	CRC32_CKSUM_LENGTH
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM     CRC32_CKSUM_LENGTH
 /* This used to be 8*sizeof(krb5_octet) */
-#define MIT_DES_KEYSIZE		 	8
+#define MIT_DES_KEYSIZE                 8
 
-#define MIT_DES_CBC_CKSUM_LENGTH	(4*sizeof(krb5_octet))
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
 
 /*
  * Check if k5-int.h has been included before us.  If so, then check to see
  * that our view of the DES key size is the same as k5-int.h's.
  */
-#ifdef	KRB5_MIT_DES_KEYSIZE
-#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef  KRB5_MIT_DES_KEYSIZE
+#if     MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif	/* KRB5_MIT_DES_KEYSIZE */
+#endif  /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif  /* KRB5_MIT_DES_KEYSIZE */
 #endif /* KRB5_MIT_DES__ */
 /*
  * End "mit-des.h"
  */
 
 /* afsstring2key.c */
-extern krb5_error_code mit_afs_string_to_key
-	(krb5_keyblock *keyblock,
-		   const krb5_data *data,
-		   const krb5_data *salt);
-extern char *mit_afs_crypt
-    (const char *pw, const char *salt, char *iobuf);
+krb5_error_code mit_afs_string_to_key(krb5_keyblock *keyblock,
+                                      const krb5_data *data,
+                                      const krb5_data *salt);
+char *mit_afs_crypt(const char *pw, const char *salt, char *iobuf);
 
 /* f_cksum.c */
-extern unsigned long mit_des_cbc_cksum
-    (const krb5_octet *, krb5_octet *, unsigned long ,
-     const mit_des_key_schedule, const krb5_octet *);
+unsigned long mit_des_cbc_cksum(const krb5_octet *, krb5_octet *,
+                                unsigned long, const mit_des_key_schedule,
+                                const krb5_octet *);
 
-/* f_ecb.c */
-extern int mit_des_ecb_encrypt
-    (const mit_des_cblock *, mit_des_cblock *, mit_des_key_schedule , int );
-
-/* f_cbc.c */
-extern int mit_des_cbc_encrypt (const mit_des_cblock *in,
-				mit_des_cblock *out,
-				unsigned long length,
-				const mit_des_key_schedule schedule,
-				const mit_des_cblock ivec, int enc);
+/* f_cbc.c (used by test programs) */
+int
+mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                    unsigned long length, const mit_des_key_schedule schedule,
+                    const mit_des_cblock ivec, int enc);
 
 #define mit_des_zeroblock krb5int_c_mit_des_zeroblock
 extern const mit_des_cblock mit_des_zeroblock;
 
 /* fin_rndkey.c */
-extern krb5_error_code mit_des_finish_random_key
-    ( const krb5_encrypt_block *,
-		krb5_pointer *);
+krb5_error_code mit_des_finish_random_key(const krb5_encrypt_block *,
+                                          krb5_pointer *);
 
 /* finish_key.c */
-extern krb5_error_code mit_des_finish_key
-    ( krb5_encrypt_block *);
+krb5_error_code mit_des_finish_key(krb5_encrypt_block *);
 
 /* init_rkey.c */
-extern krb5_error_code mit_des_init_random_key
-    ( const krb5_encrypt_block *,
-		const krb5_keyblock *,
-		krb5_pointer *);
+krb5_error_code mit_des_init_random_key(const krb5_encrypt_block *,
+                                        const krb5_keyblock *,
+                                        krb5_pointer *);
 
 /* key_parity.c */
-extern void mit_des_fixup_key_parity (mit_des_cblock );
-extern int mit_des_check_key_parity (mit_des_cblock );
+void mit_des_fixup_key_parity(mit_des_cblock);
+int mit_des_check_key_parity(mit_des_cblock);
 
 /* key_sched.c */
-extern int mit_des_key_sched
-    (mit_des_cblock , mit_des_key_schedule );
+int mit_des_key_sched(mit_des_cblock, mit_des_key_schedule);
 
 /* process_ky.c */
-extern krb5_error_code mit_des_process_key
-    ( krb5_encrypt_block *,  const krb5_keyblock *);
+krb5_error_code mit_des_process_key(krb5_encrypt_block *,
+                                    const krb5_keyblock *);
 
 /* random_key.c */
-extern krb5_error_code mit_des_random_key
-    ( const krb5_encrypt_block *, krb5_pointer ,
-                krb5_keyblock **);
+krb5_error_code mit_des_random_key(const krb5_encrypt_block *,
+                                   krb5_pointer, krb5_keyblock **);
 
 /* string2key.c */
-extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *,
-	       krb5_keyblock *, const krb5_data *, const krb5_data *);
-extern krb5_error_code mit_des_string_to_key_int
-	(krb5_keyblock *, const krb5_data *, const krb5_data *);
+krb5_error_code mit_des_string_to_key(const krb5_encrypt_block *,
+                                      krb5_keyblock *, const krb5_data *,
+                                      const krb5_data *);
+krb5_error_code mit_des_string_to_key_int(krb5_keyblock *, const krb5_data *,
+                                          const krb5_data *);
 
 /* weak_key.c */
-extern int mit_des_is_weak_key (mit_des_cblock );
+int mit_des_is_weak_key(mit_des_cblock);
 
 /* cmb_keys.c */
-krb5_error_code mit_des_combine_subkeys
-    (const krb5_keyblock *, const krb5_keyblock *,
-	       krb5_keyblock **);
+krb5_error_code mit_des_combine_subkeys(const krb5_keyblock *,
+                                        const krb5_keyblock *,
+                                        krb5_keyblock **);
 
 /* f_pcbc.c */
-int mit_des_pcbc_encrypt ();
+int mit_des_pcbc_encrypt();
 
 /* f_sched.c */
 int mit_des_make_key_sched(mit_des_cblock, mit_des_key_schedule);
 
 
 /* misc.c */
-extern void swap_bits (char *);
-extern unsigned long long_swap_bits (unsigned long );
-extern unsigned long swap_six_bits_to_ansi (unsigned long );
-extern unsigned long swap_four_bits_to_ansi (unsigned long );
-extern unsigned long swap_bit_pos_1 (unsigned long );
-extern unsigned long swap_bit_pos_0 (unsigned long );
-extern unsigned long swap_bit_pos_0_to_ansi (unsigned long );
-extern unsigned long rev_swap_bit_pos_0 (unsigned long );
-extern unsigned long swap_byte_bits (unsigned long );
-extern unsigned long swap_long_bytes_bit_number (unsigned long );
+extern void swap_bits(char *);
+extern unsigned long long_swap_bits(unsigned long);
+extern unsigned long swap_six_bits_to_ansi(unsigned long);
+extern unsigned long swap_four_bits_to_ansi(unsigned long);
+extern unsigned long swap_bit_pos_1(unsigned long);
+extern unsigned long swap_bit_pos_0(unsigned long);
+extern unsigned long swap_bit_pos_0_to_ansi(unsigned long);
+extern unsigned long rev_swap_bit_pos_0(unsigned long);
+extern unsigned long swap_byte_bits(unsigned long);
+extern unsigned long swap_long_bytes_bit_number(unsigned long);
 #ifdef FILE
 /* XXX depends on FILE being a #define! */
-extern void test_set (FILE *, const char *, int, const char *, int);
+extern void test_set(FILE *, const char *, int, const char *, int);
 #endif
 
-/* d3_ecb.c */
-extern int mit_des3_ecb_encrypt
-	(const mit_des_cblock *in,
-		   mit_des_cblock *out,
-		   mit_des_key_schedule sched1,
-		   mit_des_key_schedule sched2,
-		   mit_des_key_schedule sched3,
-		   int enc);
-
-/* d3_cbc.c */
-extern int mit_des3_cbc_encrypt
-	(const mit_des_cblock *in,
-	 mit_des_cblock *out,
-	 unsigned long length,
-	 const mit_des_key_schedule ks1,
-	 const mit_des_key_schedule ks2,
-	 const mit_des_key_schedule ks3,
-	 const mit_des_cblock ivec,
-	 int enc);
-
-void
-krb5int_des3_cbc_encrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec);
-void
-krb5int_des3_cbc_decrypt(const mit_des_cblock *in,
-			 mit_des_cblock *out,
-			 unsigned long length,
-			 const mit_des_key_schedule ks1,
-			 const mit_des_key_schedule ks2,
-			 const mit_des_key_schedule ks3,
-			 const mit_des_cblock ivec);
-
 void
-krb5int_des3_cbc_encrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec);
+krb5int_des3_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec);
 
 void
-krb5int_des3_cbc_decrypt_iov(krb5_crypto_iov *data,
-			     unsigned long num_data,
-			     const mit_des_key_schedule ks1,
-			     const mit_des_key_schedule ks2,
-			     const mit_des_key_schedule ks3,
-			     mit_des_cblock ivec);
-
-#define mit_des3_cbc_encrypt(in,out,length,ks1,ks2,ks3,ivec,enc) \
-    ((enc ? krb5int_des3_cbc_encrypt : krb5int_des3_cbc_decrypt) \
-     (in, out, length, ks1, ks2, ks3, ivec), 0)
+krb5int_des3_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                         const mit_des_key_schedule ks1,
+                         const mit_des_key_schedule ks2,
+                         const mit_des_key_schedule ks3,
+                         mit_des_cblock ivec);
 
 void
-krb5int_des_cbc_encrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec);
-void
-krb5int_des_cbc_decrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec);
-
-#define mit_des_cbc_encrypt(in,out,length,schedule,ivec,enc) \
-    ((enc ? krb5int_des_cbc_encrypt : krb5int_des_cbc_decrypt) \
-     (in, out, length, schedule, ivec), 0)
+krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec);
 
 void
-krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec);
+krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec);
 
 void
-krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec);
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out);
 
 /* d3_procky.c */
-extern krb5_error_code mit_des3_process_key
-	(krb5_encrypt_block * eblock,
-		   const krb5_keyblock * keyblock);
+krb5_error_code mit_des3_process_key(krb5_encrypt_block *eblock,
+                                     const krb5_keyblock *keyblock);
 
 /* d3_kysched.c */
-extern int mit_des3_key_sched
-	(mit_des3_cblock key,
-		   mit_des3_key_schedule schedule);
+int mit_des3_key_sched(mit_des3_cblock key, mit_des3_key_schedule schedule);
 
 /* d3_str2ky.c */
-extern krb5_error_code mit_des3_string_to_key
-	(const krb5_encrypt_block * eblock,
-		   krb5_keyblock * keyblock,
-		   const krb5_data * data,
-		   const krb5_data * salt);
+krb5_error_code mit_des3_string_to_key(const krb5_encrypt_block *eblock,
+                                       krb5_keyblock *keyblock,
+                                       const krb5_data *data,
+                                       const krb5_data *salt);
 
 /* u_nfold.c */
-extern krb5_error_code mit_des_n_fold
-	(const krb5_octet * input,
-		   const size_t in_len,
-		   krb5_octet * output,
-		   const size_t out_len);
+krb5_error_code mit_des_n_fold(const krb5_octet *input, const size_t in_len,
+                               krb5_octet *output, const size_t out_len);
 
 /* u_rn_key.c */
-extern int mit_des_is_weak_keyblock
-	(krb5_keyblock *keyblock);
+int mit_des_is_weak_keyblock(krb5_keyblock *keyblock);
 
-extern void mit_des_fixup_keyblock_parity
-	(krb5_keyblock *keyblock);
+void mit_des_fixup_keyblock_parity(krb5_keyblock *keyblock);
 
-extern krb5_error_code mit_des_set_random_generator_seed
-	(const krb5_data * seed,
-		   krb5_pointer random_state);
+krb5_error_code mit_des_set_random_generator_seed(const krb5_data *seed,
+                                                  krb5_pointer random_state);
 
-extern krb5_error_code mit_des_set_random_sequence_number
-	(const krb5_data * sequence,
-		   krb5_pointer random_state);
-#endif	/*DES_INTERNAL_DEFS*/
+krb5_error_code mit_des_set_random_sequence_number(const krb5_data *sequence,
+                                                   krb5_pointer random_state);
+#endif  /*DES_INTERNAL_DEFS*/
diff --git a/src/lib/crypto/builtin/des/destest.c b/src/lib/crypto/builtin/des/destest.c
index 287a4e9..86c7477 100644
--- a/src/lib/crypto/builtin/des/destest.c
+++ b/src/lib/crypto/builtin/des/destest.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/destest.c
  *
@@ -87,71 +88,71 @@ main(argc, argv)
     int error = 0;
 
     while (scanf("%16s %16s %16s", block1, block2, block3) == 3) {
-	convert(block1, key);
-	convert(block2, input);
-	convert(block3, output);
-
-	retval = mit_des_key_sched(key, sched);
-	if (retval) {
-	    fprintf(stderr, "des test: can't process key: %d\n", retval);
-	    fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3);
+        convert(block1, key);
+        convert(block2, input);
+        convert(block3, output);
+
+        retval = mit_des_key_sched(key, sched);
+        if (retval) {
+            fprintf(stderr, "des test: can't process key: %d\n", retval);
+            fprintf(stderr, "des test: %s %s %s\n", block1, block2, block3);
             exit(1);
         }
-	mit_des_cbc_encrypt((const mit_des_cblock *) input, output2, 8,
-			    sched, zeroblock, 1);
-
-	if (memcmp((char *)output2, (char *)output, 8)) {
-	    fprintf(stderr,
-		    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
-		    block1, block2, block3,
-		    output2[0],output2[1],output2[2],output2[3],
-		    output2[4],output2[5],output2[6],output2[7]);
-	    error++;
-	}
-
-	/*
-	 * Now try decrypting....
-	 */
-	mit_des_cbc_encrypt((const mit_des_cblock *) output, output2, 8,
-			    sched, zeroblock, 0);
-
-	if (memcmp((char *)output2, (char *)input, 8)) {
-	    fprintf(stderr,
-		    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
-		    block1, block2, block3,
-		    output2[0],output2[1],output2[2],output2[3],
-		    output2[4],output2[5],output2[6],output2[7]);
-	    error++;
-	}
-
-	num++;
+        mit_des_cbc_encrypt((const mit_des_cblock *) input, output2, 8,
+                            sched, zeroblock, 1);
+
+        if (memcmp((char *)output2, (char *)output, 8)) {
+            fprintf(stderr,
+                    "DES ENCRYPT ERROR, key %s, text %s, real cipher %s, computed cyphertext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        /*
+         * Now try decrypting....
+         */
+        mit_des_cbc_encrypt((const mit_des_cblock *) output, output2, 8,
+                            sched, zeroblock, 0);
+
+        if (memcmp((char *)output2, (char *)input, 8)) {
+            fprintf(stderr,
+                    "DES DECRYPT ERROR, key %s, text %s, real cipher %s, computed cleartext %02X%02X%02X%02X%02X%02X%02X%02X\n",
+                    block1, block2, block3,
+                    output2[0],output2[1],output2[2],output2[3],
+                    output2[4],output2[5],output2[6],output2[7]);
+            error++;
+        }
+
+        num++;
     }
 
     if (error)
-	printf("destest: failed to pass the test\n");
+        printf("destest: failed to pass the test\n");
     else
-	printf("destest: %d tests passed successfully\n", num);
+        printf("destest: %d tests passed successfully\n", num);
 
     exit( (error > 256 && error % 256) ? 1 : error);
 }
 
 int value[128] = {
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
-0, 1, 2, 3, 4, 5, 6, 7,
-8, 9, -1, -1, -1, -1, -1, -1,
--1, 10, 11, 12, 13, 14, 15, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
--1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    0, 1, 2, 3, 4, 5, 6, 7,
+    8, 9, -1, -1, -1, -1, -1, -1,
+    -1, 10, 11, 12, 13, 14, 15, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
+    -1, -1, -1, -1, -1, -1, -1, -1,
 };
 
 void
@@ -161,13 +162,13 @@ convert(text, cblock)
 {
     register int i;
     for (i = 0; i < 8; i++) {
-	if (text[i*2] < 0 || text[i*2] >= 128)
-	    abort ();
-	if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) {
-	    printf("Bad value byte %d in %s\n", i, text);
-	    exit(1);
-	}
-	cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]];
+        if (text[i*2] < 0 || text[i*2] >= 128)
+            abort ();
+        if (value[(int) text[i*2]] == -1 || value[(int) text[i*2+1]] == -1) {
+            printf("Bad value byte %d in %s\n", i, text);
+            exit(1);
+        }
+        cblock[i] = 16*value[(int) text[i*2]] + value[(int) text[i*2+1]];
     }
     return;
 }
@@ -182,7 +183,7 @@ int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
 {
-    return 0;				/* fake it out for testing */
+    return 0;                           /* fake it out for testing */
 }
 
 void
@@ -214,18 +215,18 @@ des_cblock_print_file(x, fp)
  */
 int
 mit_des_check_key_parity(key)
-     register mit_des_cblock key;
+    register mit_des_cblock key;
 {
     int i;
 
     for (i=0; i<sizeof(mit_des_cblock); i++) {
-	if ((key[i] & 1) == parity_char(0xfe&key[i])) {
-	    printf("warning: bad parity key:");
-	    des_cblock_print_file(key, stdout);
-	    putchar('\n');
+        if ((key[i] & 1) == parity_char(0xfe&key[i])) {
+            printf("warning: bad parity key:");
+            des_cblock_print_file(key, stdout);
+            putchar('\n');
 
-	    return 1;
-	}
+            return 1;
+        }
     }
 
     return(1);
@@ -233,14 +234,14 @@ mit_des_check_key_parity(key)
 
 void
 mit_des_fixup_key_parity(key)
-     register mit_des_cblock key;
+    register mit_des_cblock key;
 {
     int i;
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	key[i] &= 0xfe;
-	key[i] |= 1^parity_char(key[i]);
-      }
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
 
     return;
 }
diff --git a/src/lib/crypto/builtin/des/f_aead.c b/src/lib/crypto/builtin/des/f_aead.c
index 328d20a..bb3982d 100644
--- a/src/lib/crypto/builtin/des/f_aead.c
+++ b/src/lib/crypto/builtin/des/f_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2008 by the Massachusetts Institute of Technology.
  * Copyright 1995 by Richard P. Basch.  All Rights Reserved.
@@ -25,100 +26,80 @@
 #include "f_tables.h"
 #include "aead.h"
 
+const mit_des_cblock mit_des_zeroblock /* = all zero */;
+
 void
-krb5int_des_cbc_encrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec)
+krb5int_des_cbc_encrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp;
     const unsigned char *ip;
-    unsigned char *op;
     struct iov_block_state input_pos, output_pos;
-    unsigned char iblock[MIT_DES_BLOCK_LENGTH];
-    unsigned char oblock[MIT_DES_BLOCK_LENGTH];
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
+    /* Get key pointer here.  This won't need to be reinitialized. */
     kp = (const unsigned DES_INT32 *)schedule;
 
-    /*
-     * Initialize left and right with the contents of the initial
-     * vector.
-     */
-    if (ivec != NULL)
-	ip = ivec;
-    else
-	ip = mit_des_zeroblock;
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
     GET_HALF_BLOCK(left, ip);
     GET_HALF_BLOCK(right, ip);
 
-    /*
-     * Suitably initialized, now work the length down 8 bytes
-     * at a time.
-     */
+    /* Work the length down 8 bytes at a time. */
     for (;;) {
-	unsigned DES_INT32 temp;
-
-	ip = iblock;
-	op = oblock;
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	GET_HALF_BLOCK(temp, ip);
-	left  ^= temp;
-	GET_HALF_BLOCK(temp, ip);
-	right ^= temp;
-
-	/*
-	 * Encrypt what we have
-	 */
-	DES_DO_ENCRYPT(left, right, kp);
-
-	/*
-	 * Copy the results out
-	 */
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        unsigned DES_INT32 temp;
+
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Decompose this block and xor it with the previous ciphertext. */
+        GET_HALF_BLOCK(temp, ptr);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ptr);
+        right ^= temp;
+
+        /* Encrypt what we have and store back into block. */
+        DES_DO_ENCRYPT(left, right, kp);
+        ptr = block;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+
+        iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
+                        &output_pos);
     }
 
-    if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+    if (ivec != NULL && block != NULL) {
+        ptr = ivec;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+    }
 }
 
 void
-krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
-			    unsigned long num_data,
-			    const mit_des_key_schedule schedule,
-			    mit_des_cblock ivec)
+krb5int_des_cbc_decrypt(krb5_crypto_iov *data, unsigned long num_data,
+                        const mit_des_key_schedule schedule,
+                        mit_des_cblock ivec)
 {
     unsigned DES_INT32 left, right;
     const unsigned DES_INT32 *kp;
     const unsigned char *ip;
     unsigned DES_INT32 ocipherl, ocipherr;
     unsigned DES_INT32 cipherl, cipherr;
-    unsigned char *op;
     struct iov_block_state input_pos, output_pos;
-    unsigned char iblock[MIT_DES_BLOCK_LENGTH];
-    unsigned char oblock[MIT_DES_BLOCK_LENGTH];
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    /*
-     * Get key pointer here.  This won't need to be reinitialized
-     */
+    /* Get key pointer here.  This won't need to be reinitialized. */
     kp = (const unsigned DES_INT32 *)schedule;
 
     /*
@@ -127,66 +108,110 @@ krb5int_des_cbc_decrypt_iov(krb5_crypto_iov *data,
      * Should think about this a little more...
      */
 
-    if (num_data == 0)
-	return;
-
-    /*
-     * Prime the old cipher with ivec.
-     */
-    if (ivec != NULL)
-	ip = ivec;
-    else
-	ip = mit_des_zeroblock;
+    /* Prime the old cipher with ivec. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
     GET_HALF_BLOCK(ocipherl, ip);
     GET_HALF_BLOCK(ocipherr, ip);
 
-    /*
-     * Now do this in earnest until we run out of length.
-     */
+    /* Work the length down 8 bytes at a time. */
     for (;;) {
-	/*
-	 * Read a block from the input into left and
-	 * right.  Save this cipher block for later.
-	 */
-
-	if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
-	    break;
-
-	if (input_pos.iov_pos == num_data)
-	    break;
-
-	ip = iblock;
-	op = oblock;
-
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-	cipherl = left;
-	cipherr = right;
-
-	/*
-	 * Decrypt this.
-	 */
-	DES_DO_DECRYPT(left, right, kp);
-
-	/*
-	 * Xor with the old cipher to get plain
-	 * text.  Output 8 or less bytes of this.
-	 */
-	left ^= ocipherl;
-	right ^= ocipherr;
-
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
-
-	/*
-	 * Save current cipher block here
-	 */
-	ocipherl = cipherl;
-	ocipherr = cipherr;
-
-	krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Split this block into left and right. */
+        GET_HALF_BLOCK(left, ptr);
+        GET_HALF_BLOCK(right, ptr);
+        cipherl = left;
+        cipherr = right;
+
+        /* Decrypt and xor with the old cipher to get plain text. */
+        DES_DO_DECRYPT(left, right, kp);
+        left ^= ocipherl;
+        right ^= ocipherr;
+
+        /* Store the encrypted halves back into block. */
+        ptr = block;
+        PUT_HALF_BLOCK(left, ptr);
+        PUT_HALF_BLOCK(right, ptr);
+
+        /* Save current cipher block halves. */
+        ocipherl = cipherl;
+        ocipherr = cipherr;
+
+        iov_store_block(data, num_data, block, storage, MIT_DES_BLOCK_LENGTH,
+                        &output_pos);
     }
 
-    if (ivec != NULL)
-	memcpy(ivec, oblock, MIT_DES_BLOCK_LENGTH);
+    if (ivec != NULL && block != NULL) {
+        ptr = ivec;
+        PUT_HALF_BLOCK(ocipherl, ptr);
+        PUT_HALF_BLOCK(ocipherr, ptr);
+    }
+}
+
+void
+krb5int_des_cbc_mac(const krb5_crypto_iov *data, unsigned long num_data,
+                    const mit_des_key_schedule schedule, mit_des_cblock ivec,
+                    mit_des_cblock out)
+{
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    struct iov_block_state input_pos;
+    unsigned char storage[MIT_DES_BLOCK_LENGTH], *block = NULL, *ptr;
+
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    input_pos.include_sign_only = 1;
+
+    /* Get key pointer here.  This won't need to be reinitialized. */
+    kp = (const unsigned DES_INT32 *)schedule;
+
+    /* Initialize left and right with the contents of the initial vector. */
+    ip = (ivec != NULL) ? ivec : mit_des_zeroblock;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
+
+    /* Work the length down 8 bytes at a time. */
+    for (;;) {
+        unsigned DES_INT32 temp;
+
+        ptr = iov_next_block(storage, MIT_DES_BLOCK_LENGTH, data, num_data,
+                             &input_pos);
+        if (ptr == NULL)
+            break;
+        block = ptr;
+
+        /* Decompose this block and xor it with the previous ciphertext. */
+        GET_HALF_BLOCK(temp, ptr);
+        left  ^= temp;
+        GET_HALF_BLOCK(temp, ptr);
+        right ^= temp;
+
+        /* Encrypt what we have. */
+        DES_DO_ENCRYPT(left, right, kp);
+    }
+
+    /* Output the final ciphertext block. */
+    ptr = out;
+    PUT_HALF_BLOCK(left, ptr);
+    PUT_HALF_BLOCK(right, ptr);
+}
+
+#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
+void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
+{
+    DES_DO_ENCRYPT_1 (*left, *right, kp);
+}
+
+void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left,
+                               unsigned DES_INT32 *right,
+                               const unsigned DES_INT32 *kp)
+{
+    DES_DO_DECRYPT_1 (*left, *right, kp);
 }
+#endif
diff --git a/src/lib/crypto/builtin/des/f_cbc.c b/src/lib/crypto/builtin/des/f_cbc.c
index 0949ba1..887740b 100644
--- a/src/lib/crypto/builtin/des/f_cbc.c
+++ b/src/lib/crypto/builtin/des/f_cbc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_cbc.c
  *
@@ -23,7 +24,8 @@
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
  *
- * DES implementation donated by Dennis Ferguson
+ * CBC functions; used only by the test programs at this time.  (krb5 uses the
+ * functions in f_aead.c instead.)
  */
 
 /*
@@ -57,218 +59,197 @@
 
 const mit_des_cblock mit_des_zeroblock /* = all zero */;
 
-#undef mit_des_cbc_encrypt
-int
-mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
-		    unsigned long length, const mit_des_key_schedule schedule,
-		    const mit_des_cblock ivec, int enc)
+static void
+des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                unsigned long length, const mit_des_key_schedule schedule,
+                const mit_des_cblock ivec)
 {
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+
     /*
-     * Deal with encryption and decryption separately.
+     * Get key pointer here.  This won't need to be reinitialized
      */
-    if (enc)
-	krb5int_des_cbc_encrypt(in, out, length, schedule, ivec);
-    else
-	krb5int_des_cbc_decrypt(in, out, length, schedule, ivec);
-    return 0;
-}
-
-void
-krb5int_des_cbc_encrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec)
-{
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
+    kp = (const unsigned DES_INT32 *)schedule;
 
-	/*
-	 * Get key pointer here.  This won't need to be reinitialized
-	 */
-	kp = (const unsigned DES_INT32 *)schedule;
-
-	/*
-	 * Initialize left and right with the contents of the initial
-	 * vector.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
-
-	/*
-	 * Suitably initialized, now work the length down 8 bytes
-	 * at a time.
-	 */
-	ip = *in;
-	op = *out;
-	while (length > 0) {
-		/*
-		 * Get more input, xor it in.  If the length is
-		 * greater than or equal to 8 this is straight
-		 * forward.  Otherwise we have to fart around.
-		 */
-		if (length >= 8) {
-			unsigned DES_INT32 temp;
-			GET_HALF_BLOCK(temp, ip);
-			left  ^= temp;
-			GET_HALF_BLOCK(temp, ip);
-			right ^= temp;
-			length -= 8;
-		} else {
-			/*
-			 * Oh, shoot.  We need to pad the
-			 * end with zeroes.  Work backwards
-			 * to do this.
-			 */
-			ip += (int) length;
-			switch(length) {
-			case 7:
-				right ^= (*(--ip) & FF_UINT32) <<  8;
-			case 6:
-				right ^= (*(--ip) & FF_UINT32) << 16;
-			case 5:
-				right ^= (*(--ip) & FF_UINT32) << 24;
-			case 4:
-				left  ^=  *(--ip) & FF_UINT32;
-			case 3:
-				left  ^= (*(--ip) & FF_UINT32) <<  8;
-			case 2:
-				left  ^= (*(--ip) & FF_UINT32) << 16;
-			case 1:
-				left  ^= (*(--ip) & FF_UINT32) << 24;
-				break;
-			}
-			length = 0;
-		}
-
-		/*
-		 * Encrypt what we have
-		 */
-		DES_DO_ENCRYPT(left, right, kp);
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
 
-		/*
-		 * Copy the results out
-		 */
-		PUT_HALF_BLOCK(left, op);
-		PUT_HALF_BLOCK(right, op);
-	}
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = *in;
+    op = *out;
+    while (length > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (length >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            length -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) length;
+            switch(length) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            length = 0;
+        }
+
+        /*
+         * Encrypt what we have
+         */
+        DES_DO_ENCRYPT(left, right, kp);
+
+        /*
+         * Copy the results out
+         */
+        PUT_HALF_BLOCK(left, op);
+        PUT_HALF_BLOCK(right, op);
+    }
 }
 
-void
-krb5int_des_cbc_decrypt(const mit_des_cblock *in,
-			mit_des_cblock *out,
-			unsigned long length,
-			const mit_des_key_schedule schedule,
-			const mit_des_cblock ivec)
+static void
+des_cbc_decrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                unsigned long length, const mit_des_key_schedule schedule,
+                const mit_des_cblock ivec)
 {
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
-	unsigned DES_INT32 ocipherl, ocipherr;
-	unsigned DES_INT32 cipherl, cipherr;
-
-	/*
-	 * Get key pointer here.  This won't need to be reinitialized
-	 */
-	kp = (const unsigned DES_INT32 *)schedule;
-
-	/*
-	 * Decrypting is harder than encrypting because of
-	 * the necessity of remembering a lot more things.
-	 * Should think about this a little more...
-	 */
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    unsigned DES_INT32 ocipherl, ocipherr;
+    unsigned DES_INT32 cipherl, cipherr;
 
-	if (length <= 0)
-		return;
-
-	/*
-	 * Prime the old cipher with ivec.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(ocipherl, ip);
-	GET_HALF_BLOCK(ocipherr, ip);
+    /*
+     * Get key pointer here.  This won't need to be reinitialized
+     */
+    kp = (const unsigned DES_INT32 *)schedule;
 
-	/*
-	 * Now do this in earnest until we run out of length.
-	 */
-	ip = *in;
-	op = *out;
-	for (;;) {		/* check done inside loop */
-		/*
-		 * Read a block from the input into left and
-		 * right.  Save this cipher block for later.
-		 */
-		GET_HALF_BLOCK(left, ip);
-		GET_HALF_BLOCK(right, ip);
-		cipherl = left;
-		cipherr = right;
+    /*
+     * Decrypting is harder than encrypting because of
+     * the necessity of remembering a lot more things.
+     * Should think about this a little more...
+     */
 
-		/*
-		 * Decrypt this.
-		 */
-		DES_DO_DECRYPT(left, right, kp);
+    if (length <= 0)
+        return;
 
-		/*
-		 * Xor with the old cipher to get plain
-		 * text.  Output 8 or less bytes of this.
-		 */
-		left ^= ocipherl;
-		right ^= ocipherr;
-		if (length > 8) {
-			length -= 8;
-			PUT_HALF_BLOCK(left, op);
-			PUT_HALF_BLOCK(right, op);
-			/*
-			 * Save current cipher block here
-			 */
-			ocipherl = cipherl;
-			ocipherr = cipherr;
-		} else {
-			/*
-			 * Trouble here.  Start at end of output,
-			 * work backwards.
-			 */
-			op += (int) length;
-			switch(length) {
-			case 8:
-				*(--op) = (unsigned char) (right & 0xff);
-			case 7:
-				*(--op) = (unsigned char) ((right >> 8) & 0xff);
-			case 6:
-				*(--op) = (unsigned char) ((right >> 16) & 0xff);
-			case 5:
-				*(--op) = (unsigned char) ((right >> 24) & 0xff);
-			case 4:
-				*(--op) = (unsigned char) (left & 0xff);
-			case 3:
-				*(--op) = (unsigned char) ((left >> 8) & 0xff);
-			case 2:
-				*(--op) = (unsigned char) ((left >> 16) & 0xff);
-			case 1:
-				*(--op) = (unsigned char) ((left >> 24) & 0xff);
-				break;
-			}
-			break;		/* we're done */
-		}
-	}
-}
+    /*
+     * Prime the old cipher with ivec.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(ocipherl, ip);
+    GET_HALF_BLOCK(ocipherr, ip);
 
-#if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
-void krb5int_des_do_encrypt_2 (unsigned DES_INT32 *left,
-			       unsigned DES_INT32 *right,
-			       const unsigned DES_INT32 *kp)
-{
-    DES_DO_ENCRYPT_1 (*left, *right, kp);
+    /*
+     * Now do this in earnest until we run out of length.
+     */
+    ip = *in;
+    op = *out;
+    for (;;) {              /* check done inside loop */
+        /*
+         * Read a block from the input into left and
+         * right.  Save this cipher block for later.
+         */
+        GET_HALF_BLOCK(left, ip);
+        GET_HALF_BLOCK(right, ip);
+        cipherl = left;
+        cipherr = right;
+
+        /*
+         * Decrypt this.
+         */
+        DES_DO_DECRYPT(left, right, kp);
+
+        /*
+         * Xor with the old cipher to get plain
+         * text.  Output 8 or less bytes of this.
+         */
+        left ^= ocipherl;
+        right ^= ocipherr;
+        if (length > 8) {
+            length -= 8;
+            PUT_HALF_BLOCK(left, op);
+            PUT_HALF_BLOCK(right, op);
+            /*
+             * Save current cipher block here
+             */
+            ocipherl = cipherl;
+            ocipherr = cipherr;
+        } else {
+            /*
+             * Trouble here.  Start at end of output,
+             * work backwards.
+             */
+            op += (int) length;
+            switch(length) {
+            case 8:
+                *(--op) = (unsigned char) (right & 0xff);
+            case 7:
+                *(--op) = (unsigned char) ((right >> 8) & 0xff);
+            case 6:
+                *(--op) = (unsigned char) ((right >> 16) & 0xff);
+            case 5:
+                *(--op) = (unsigned char) ((right >> 24) & 0xff);
+            case 4:
+                *(--op) = (unsigned char) (left & 0xff);
+            case 3:
+                *(--op) = (unsigned char) ((left >> 8) & 0xff);
+            case 2:
+                *(--op) = (unsigned char) ((left >> 16) & 0xff);
+            case 1:
+                *(--op) = (unsigned char) ((left >> 24) & 0xff);
+                break;
+            }
+            break;          /* we're done */
+        }
+    }
 }
 
-void krb5int_des_do_decrypt_2 (unsigned DES_INT32 *left,
-			       unsigned DES_INT32 *right,
-			       const unsigned DES_INT32 *kp)
+int
+mit_des_cbc_encrypt(const mit_des_cblock *in, mit_des_cblock *out,
+                    unsigned long length, const mit_des_key_schedule schedule,
+                    const mit_des_cblock ivec, int enc)
 {
-    DES_DO_DECRYPT_1 (*left, *right, kp);
+    /*
+     * Deal with encryption and decryption separately.
+     */
+    if (enc)
+        des_cbc_encrypt(in, out, length, schedule, ivec);
+    else
+        des_cbc_decrypt(in, out, length, schedule, ivec);
+    return 0;
 }
-#endif
diff --git a/src/lib/crypto/builtin/des/f_cksum.c b/src/lib/crypto/builtin/des/f_cksum.c
index 1c03da4..09ac4a0 100644
--- a/src/lib/crypto/builtin/des/f_cksum.c
+++ b/src/lib/crypto/builtin/des/f_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_cksum.c
  *
@@ -49,88 +50,88 @@
 
 unsigned long
 mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
-		  unsigned long length, const mit_des_key_schedule schedule,
-		  const krb5_octet *ivec)
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
 {
-	unsigned DES_INT32 left, right;
-	const unsigned DES_INT32 *kp;
-	const unsigned char *ip;
-	unsigned char *op;
-	register DES_INT32 len;
+    unsigned DES_INT32 left, right;
+    const unsigned DES_INT32 *kp;
+    const unsigned char *ip;
+    unsigned char *op;
+    register DES_INT32 len;
 
-	/*
-	 * Initialize left and right with the contents of the initial
-	 * vector.
-	 */
-	ip = ivec;
-	GET_HALF_BLOCK(left, ip);
-	GET_HALF_BLOCK(right, ip);
+    /*
+     * Initialize left and right with the contents of the initial
+     * vector.
+     */
+    ip = ivec;
+    GET_HALF_BLOCK(left, ip);
+    GET_HALF_BLOCK(right, ip);
 
-	/*
-	 * Suitably initialized, now work the length down 8 bytes
-	 * at a time.
-	 */
-	ip = in;
-	len = length;
-	while (len > 0) {
-		/*
-		 * Get more input, xor it in.  If the length is
-		 * greater than or equal to 8 this is straight
-		 * forward.  Otherwise we have to fart around.
-		 */
-		if (len >= 8) {
-			unsigned DES_INT32 temp;
-			GET_HALF_BLOCK(temp, ip);
-			left  ^= temp;
-			GET_HALF_BLOCK(temp, ip);
-			right ^= temp;
-			len -= 8;
-		} else {
-			/*
-			 * Oh, shoot.  We need to pad the
-			 * end with zeroes.  Work backwards
-			 * to do this.
-			 */
-			ip += (int) len;
-			switch(len) {
-			case 7:
-				right ^= (*(--ip) & FF_UINT32) <<  8;
-			case 6:
-				right ^= (*(--ip) & FF_UINT32) << 16;
-			case 5:
-				right ^= (*(--ip) & FF_UINT32) << 24;
-			case 4:
-				left  ^=  *(--ip) & FF_UINT32;
-			case 3:
-				left  ^= (*(--ip) & FF_UINT32) <<  8;
-			case 2:
-				left  ^= (*(--ip) & FF_UINT32) << 16;
-			case 1:
-				left  ^= (*(--ip) & FF_UINT32) << 24;
-				break;
-			}
-			len = 0;
-		}
+    /*
+     * Suitably initialized, now work the length down 8 bytes
+     * at a time.
+     */
+    ip = in;
+    len = length;
+    while (len > 0) {
+        /*
+         * Get more input, xor it in.  If the length is
+         * greater than or equal to 8 this is straight
+         * forward.  Otherwise we have to fart around.
+         */
+        if (len >= 8) {
+            unsigned DES_INT32 temp;
+            GET_HALF_BLOCK(temp, ip);
+            left  ^= temp;
+            GET_HALF_BLOCK(temp, ip);
+            right ^= temp;
+            len -= 8;
+        } else {
+            /*
+             * Oh, shoot.  We need to pad the
+             * end with zeroes.  Work backwards
+             * to do this.
+             */
+            ip += (int) len;
+            switch(len) {
+            case 7:
+                right ^= (*(--ip) & FF_UINT32) <<  8;
+            case 6:
+                right ^= (*(--ip) & FF_UINT32) << 16;
+            case 5:
+                right ^= (*(--ip) & FF_UINT32) << 24;
+            case 4:
+                left  ^=  *(--ip) & FF_UINT32;
+            case 3:
+                left  ^= (*(--ip) & FF_UINT32) <<  8;
+            case 2:
+                left  ^= (*(--ip) & FF_UINT32) << 16;
+            case 1:
+                left  ^= (*(--ip) & FF_UINT32) << 24;
+                break;
+            }
+            len = 0;
+        }
 
-		/*
-		 * Encrypt what we have
-		 */
-		kp = (const unsigned DES_INT32 *)schedule;
-		DES_DO_ENCRYPT(left, right, kp);
-	}
+        /*
+         * Encrypt what we have
+         */
+        kp = (const unsigned DES_INT32 *)schedule;
+        DES_DO_ENCRYPT(left, right, kp);
+    }
 
-	/*
-	 * Done.  Left and right have the checksum.  Put it into
-	 * the output.
-	 */
-	op = out;
-	PUT_HALF_BLOCK(left, op);
-	PUT_HALF_BLOCK(right, op);
+    /*
+     * Done.  Left and right have the checksum.  Put it into
+     * the output.
+     */
+    op = out;
+    PUT_HALF_BLOCK(left, op);
+    PUT_HALF_BLOCK(right, op);
 
-	/*
-	 * Return right.  I'll bet the MIT code returns this
-	 * inconsistantly (with the low order byte of the checksum
-	 * not always in the low order byte of the DES_INT32).  We won't.
-	 */
-	return right & 0xFFFFFFFFUL;
+    /*
+     * Return right.  I'll bet the MIT code returns this
+     * inconsistantly (with the low order byte of the checksum
+     * not always in the low order byte of the DES_INT32).  We won't.
+     */
+    return right & 0xFFFFFFFFUL;
 }
diff --git a/src/lib/crypto/builtin/des/f_parity.c b/src/lib/crypto/builtin/des/f_parity.c
index 846c821..460b506 100644
--- a/src/lib/crypto/builtin/des/f_parity.c
+++ b/src/lib/crypto/builtin/des/f_parity.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * These routines check and fix parity of encryption keys for the DES
  * algorithm.
@@ -25,10 +26,10 @@ mit_des_fixup_key_parity(mit_des_cblock key)
 {
     unsigned int i;
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	key[i] &= 0xfe;
-	key[i] |= 1^parity_char(key[i]);
-      }
+    {
+        key[i] &= 0xfe;
+        key[i] |= 1^parity_char(key[i]);
+    }
 
     return;
 }
@@ -44,12 +45,12 @@ mit_des_check_key_parity(mit_des_cblock key)
     unsigned int i;
 
     for (i=0; i<sizeof(mit_des_cblock); i++)
-      {
-	if((key[i] & 1) == parity_char(0xfe&key[i]))
-	  {
-	    return 0;
-	  }
-      }
+    {
+        if((key[i] & 1) == parity_char(0xfe&key[i]))
+        {
+            return 0;
+        }
+    }
 
     return(1);
 }
diff --git a/src/lib/crypto/builtin/des/f_sched.c b/src/lib/crypto/builtin/des/f_sched.c
index cb0a6bb..af9d66b 100644
--- a/src/lib/crypto/builtin/des/f_sched.c
+++ b/src/lib/crypto/builtin/des/f_sched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_sched.c
  *
@@ -39,27 +40,27 @@
  * part of each key are used to form Ci and Di.
  */
 static const unsigned DES_INT32 PC1_CL[8] = {
-	0x00000000, 0x00000010, 0x00001000, 0x00001010,
-	0x00100000, 0x00100010, 0x00101000, 0x00101010
+    0x00000000, 0x00000010, 0x00001000, 0x00001010,
+    0x00100000, 0x00100010, 0x00101000, 0x00101010
 };
 
 static const unsigned DES_INT32 PC1_DL[16] = {
-	0x00000000, 0x00100000, 0x00001000, 0x00101000,
-	0x00000010, 0x00100010, 0x00001010, 0x00101010,
-	0x00000001, 0x00100001, 0x00001001, 0x00101001,
-	0x00000011, 0x00100011, 0x00001011, 0x00101011
+    0x00000000, 0x00100000, 0x00001000, 0x00101000,
+    0x00000010, 0x00100010, 0x00001010, 0x00101010,
+    0x00000001, 0x00100001, 0x00001001, 0x00101001,
+    0x00000011, 0x00100011, 0x00001011, 0x00101011
 };
 
 static const unsigned DES_INT32 PC1_CR[16] = {
-	0x00000000, 0x00000001, 0x00000100, 0x00000101,
-	0x00010000, 0x00010001, 0x00010100, 0x00010101,
-	0x01000000, 0x01000001, 0x01000100, 0x01000101,
-	0x01010000, 0x01010001, 0x01010100, 0x01010101
+    0x00000000, 0x00000001, 0x00000100, 0x00000101,
+    0x00010000, 0x00010001, 0x00010100, 0x00010101,
+    0x01000000, 0x01000001, 0x01000100, 0x01000101,
+    0x01010000, 0x01010001, 0x01010100, 0x01010101
 };
 
 static const unsigned DES_INT32 PC1_DR[8] = {
-	0x00000000, 0x01000000, 0x00010000, 0x01010000,
-	0x00000100, 0x01000100, 0x00010100, 0x01010100
+    0x00000000, 0x01000000, 0x00010000, 0x01010000,
+    0x00000100, 0x01000100, 0x00010100, 0x01010100
 };
 
 
@@ -69,7 +70,7 @@ static const unsigned DES_INT32 PC1_DR[8] = {
  * two places.  This has bits set for the iterations where we do 2 bit
  * shifts, starting at the low order bit.
  */
-#define	TWO_BIT_SHIFTS	0x7efc
+#define TWO_BIT_SHIFTS  0x7efc
 
 /*
  * Permuted choice 2 tables.  The first actually produces the low order
@@ -84,153 +85,153 @@ static const unsigned DES_INT32 PC1_DR[8] = {
  * in in the des code.
  */
 static const unsigned DES_INT32 PC2_C[4][64] = {
-  {
-	0x00000000, 0x00000004, 0x00010000, 0x00010004,
-	0x00000400, 0x00000404, 0x00010400, 0x00010404,
-	0x00000020, 0x00000024, 0x00010020, 0x00010024,
-	0x00000420, 0x00000424, 0x00010420, 0x00010424,
-	0x01000000, 0x01000004, 0x01010000, 0x01010004,
-	0x01000400, 0x01000404, 0x01010400, 0x01010404,
-	0x01000020, 0x01000024, 0x01010020, 0x01010024,
-	0x01000420, 0x01000424, 0x01010420, 0x01010424,
-	0x00020000, 0x00020004, 0x00030000, 0x00030004,
-	0x00020400, 0x00020404, 0x00030400, 0x00030404,
-	0x00020020, 0x00020024, 0x00030020, 0x00030024,
-	0x00020420, 0x00020424, 0x00030420, 0x00030424,
-	0x01020000, 0x01020004, 0x01030000, 0x01030004,
-	0x01020400, 0x01020404, 0x01030400, 0x01030404,
-	0x01020020, 0x01020024, 0x01030020, 0x01030024,
-	0x01020420, 0x01020424, 0x01030420, 0x01030424,
-  },
-  {
-	0x00000000, 0x02000000, 0x00000800, 0x02000800,
-	0x00080000, 0x02080000, 0x00080800, 0x02080800,
-	0x00000001, 0x02000001, 0x00000801, 0x02000801,
-	0x00080001, 0x02080001, 0x00080801, 0x02080801,
-	0x00000100, 0x02000100, 0x00000900, 0x02000900,
-	0x00080100, 0x02080100, 0x00080900, 0x02080900,
-	0x00000101, 0x02000101, 0x00000901, 0x02000901,
-	0x00080101, 0x02080101, 0x00080901, 0x02080901,
-	0x10000000, 0x12000000, 0x10000800, 0x12000800,
-	0x10080000, 0x12080000, 0x10080800, 0x12080800,
-	0x10000001, 0x12000001, 0x10000801, 0x12000801,
-	0x10080001, 0x12080001, 0x10080801, 0x12080801,
-	0x10000100, 0x12000100, 0x10000900, 0x12000900,
-	0x10080100, 0x12080100, 0x10080900, 0x12080900,
-	0x10000101, 0x12000101, 0x10000901, 0x12000901,
-	0x10080101, 0x12080101, 0x10080901, 0x12080901,
-  },
-  {
-	0x00000000, 0x00040000, 0x00002000, 0x00042000,
-	0x00100000, 0x00140000, 0x00102000, 0x00142000,
-	0x20000000, 0x20040000, 0x20002000, 0x20042000,
-	0x20100000, 0x20140000, 0x20102000, 0x20142000,
-	0x00000008, 0x00040008, 0x00002008, 0x00042008,
-	0x00100008, 0x00140008, 0x00102008, 0x00142008,
-	0x20000008, 0x20040008, 0x20002008, 0x20042008,
-	0x20100008, 0x20140008, 0x20102008, 0x20142008,
-	0x00200000, 0x00240000, 0x00202000, 0x00242000,
-	0x00300000, 0x00340000, 0x00302000, 0x00342000,
-	0x20200000, 0x20240000, 0x20202000, 0x20242000,
-	0x20300000, 0x20340000, 0x20302000, 0x20342000,
-	0x00200008, 0x00240008, 0x00202008, 0x00242008,
-	0x00300008, 0x00340008, 0x00302008, 0x00342008,
-	0x20200008, 0x20240008, 0x20202008, 0x20242008,
-	0x20300008, 0x20340008, 0x20302008, 0x20342008,
-  },
-  {
-	0x00000000, 0x00000010, 0x08000000, 0x08000010,
-	0x00000200, 0x00000210, 0x08000200, 0x08000210,
-	0x00000002, 0x00000012, 0x08000002, 0x08000012,
-	0x00000202, 0x00000212, 0x08000202, 0x08000212,
-	0x04000000, 0x04000010, 0x0c000000, 0x0c000010,
-	0x04000200, 0x04000210, 0x0c000200, 0x0c000210,
-	0x04000002, 0x04000012, 0x0c000002, 0x0c000012,
-	0x04000202, 0x04000212, 0x0c000202, 0x0c000212,
-	0x00001000, 0x00001010, 0x08001000, 0x08001010,
-	0x00001200, 0x00001210, 0x08001200, 0x08001210,
-	0x00001002, 0x00001012, 0x08001002, 0x08001012,
-	0x00001202, 0x00001212, 0x08001202, 0x08001212,
-	0x04001000, 0x04001010, 0x0c001000, 0x0c001010,
-	0x04001200, 0x04001210, 0x0c001200, 0x0c001210,
-	0x04001002, 0x04001012, 0x0c001002, 0x0c001012,
-	0x04001202, 0x04001212, 0x0c001202, 0x0c001212
-  },
+    {
+        0x00000000, 0x00000004, 0x00010000, 0x00010004,
+        0x00000400, 0x00000404, 0x00010400, 0x00010404,
+        0x00000020, 0x00000024, 0x00010020, 0x00010024,
+        0x00000420, 0x00000424, 0x00010420, 0x00010424,
+        0x01000000, 0x01000004, 0x01010000, 0x01010004,
+        0x01000400, 0x01000404, 0x01010400, 0x01010404,
+        0x01000020, 0x01000024, 0x01010020, 0x01010024,
+        0x01000420, 0x01000424, 0x01010420, 0x01010424,
+        0x00020000, 0x00020004, 0x00030000, 0x00030004,
+        0x00020400, 0x00020404, 0x00030400, 0x00030404,
+        0x00020020, 0x00020024, 0x00030020, 0x00030024,
+        0x00020420, 0x00020424, 0x00030420, 0x00030424,
+        0x01020000, 0x01020004, 0x01030000, 0x01030004,
+        0x01020400, 0x01020404, 0x01030400, 0x01030404,
+        0x01020020, 0x01020024, 0x01030020, 0x01030024,
+        0x01020420, 0x01020424, 0x01030420, 0x01030424,
+    },
+    {
+        0x00000000, 0x02000000, 0x00000800, 0x02000800,
+        0x00080000, 0x02080000, 0x00080800, 0x02080800,
+        0x00000001, 0x02000001, 0x00000801, 0x02000801,
+        0x00080001, 0x02080001, 0x00080801, 0x02080801,
+        0x00000100, 0x02000100, 0x00000900, 0x02000900,
+        0x00080100, 0x02080100, 0x00080900, 0x02080900,
+        0x00000101, 0x02000101, 0x00000901, 0x02000901,
+        0x00080101, 0x02080101, 0x00080901, 0x02080901,
+        0x10000000, 0x12000000, 0x10000800, 0x12000800,
+        0x10080000, 0x12080000, 0x10080800, 0x12080800,
+        0x10000001, 0x12000001, 0x10000801, 0x12000801,
+        0x10080001, 0x12080001, 0x10080801, 0x12080801,
+        0x10000100, 0x12000100, 0x10000900, 0x12000900,
+        0x10080100, 0x12080100, 0x10080900, 0x12080900,
+        0x10000101, 0x12000101, 0x10000901, 0x12000901,
+        0x10080101, 0x12080101, 0x10080901, 0x12080901,
+    },
+    {
+        0x00000000, 0x00040000, 0x00002000, 0x00042000,
+        0x00100000, 0x00140000, 0x00102000, 0x00142000,
+        0x20000000, 0x20040000, 0x20002000, 0x20042000,
+        0x20100000, 0x20140000, 0x20102000, 0x20142000,
+        0x00000008, 0x00040008, 0x00002008, 0x00042008,
+        0x00100008, 0x00140008, 0x00102008, 0x00142008,
+        0x20000008, 0x20040008, 0x20002008, 0x20042008,
+        0x20100008, 0x20140008, 0x20102008, 0x20142008,
+        0x00200000, 0x00240000, 0x00202000, 0x00242000,
+        0x00300000, 0x00340000, 0x00302000, 0x00342000,
+        0x20200000, 0x20240000, 0x20202000, 0x20242000,
+        0x20300000, 0x20340000, 0x20302000, 0x20342000,
+        0x00200008, 0x00240008, 0x00202008, 0x00242008,
+        0x00300008, 0x00340008, 0x00302008, 0x00342008,
+        0x20200008, 0x20240008, 0x20202008, 0x20242008,
+        0x20300008, 0x20340008, 0x20302008, 0x20342008,
+    },
+    {
+        0x00000000, 0x00000010, 0x08000000, 0x08000010,
+        0x00000200, 0x00000210, 0x08000200, 0x08000210,
+        0x00000002, 0x00000012, 0x08000002, 0x08000012,
+        0x00000202, 0x00000212, 0x08000202, 0x08000212,
+        0x04000000, 0x04000010, 0x0c000000, 0x0c000010,
+        0x04000200, 0x04000210, 0x0c000200, 0x0c000210,
+        0x04000002, 0x04000012, 0x0c000002, 0x0c000012,
+        0x04000202, 0x04000212, 0x0c000202, 0x0c000212,
+        0x00001000, 0x00001010, 0x08001000, 0x08001010,
+        0x00001200, 0x00001210, 0x08001200, 0x08001210,
+        0x00001002, 0x00001012, 0x08001002, 0x08001012,
+        0x00001202, 0x00001212, 0x08001202, 0x08001212,
+        0x04001000, 0x04001010, 0x0c001000, 0x0c001010,
+        0x04001200, 0x04001210, 0x0c001200, 0x0c001210,
+        0x04001002, 0x04001012, 0x0c001002, 0x0c001012,
+        0x04001202, 0x04001212, 0x0c001202, 0x0c001212
+    },
 };
 
 static const unsigned DES_INT32 PC2_D[4][64] = {
-  {
-	0x00000000, 0x02000000, 0x00020000, 0x02020000,
-	0x00000100, 0x02000100, 0x00020100, 0x02020100,
-	0x00000008, 0x02000008, 0x00020008, 0x02020008,
-	0x00000108, 0x02000108, 0x00020108, 0x02020108,
-	0x00200000, 0x02200000, 0x00220000, 0x02220000,
-	0x00200100, 0x02200100, 0x00220100, 0x02220100,
-	0x00200008, 0x02200008, 0x00220008, 0x02220008,
-	0x00200108, 0x02200108, 0x00220108, 0x02220108,
-	0x00000200, 0x02000200, 0x00020200, 0x02020200,
-	0x00000300, 0x02000300, 0x00020300, 0x02020300,
-	0x00000208, 0x02000208, 0x00020208, 0x02020208,
-	0x00000308, 0x02000308, 0x00020308, 0x02020308,
-	0x00200200, 0x02200200, 0x00220200, 0x02220200,
-	0x00200300, 0x02200300, 0x00220300, 0x02220300,
-	0x00200208, 0x02200208, 0x00220208, 0x02220208,
-	0x00200308, 0x02200308, 0x00220308, 0x02220308,
-  },
-  {
-	0x00000000, 0x00001000, 0x00000020, 0x00001020,
-	0x00100000, 0x00101000, 0x00100020, 0x00101020,
-	0x08000000, 0x08001000, 0x08000020, 0x08001020,
-	0x08100000, 0x08101000, 0x08100020, 0x08101020,
-	0x00000004, 0x00001004, 0x00000024, 0x00001024,
-	0x00100004, 0x00101004, 0x00100024, 0x00101024,
-	0x08000004, 0x08001004, 0x08000024, 0x08001024,
-	0x08100004, 0x08101004, 0x08100024, 0x08101024,
-	0x00000400, 0x00001400, 0x00000420, 0x00001420,
-	0x00100400, 0x00101400, 0x00100420, 0x00101420,
-	0x08000400, 0x08001400, 0x08000420, 0x08001420,
-	0x08100400, 0x08101400, 0x08100420, 0x08101420,
-	0x00000404, 0x00001404, 0x00000424, 0x00001424,
-	0x00100404, 0x00101404, 0x00100424, 0x00101424,
-	0x08000404, 0x08001404, 0x08000424, 0x08001424,
-	0x08100404, 0x08101404, 0x08100424, 0x08101424,
-  },
-  {
-	0x00000000, 0x10000000, 0x00010000, 0x10010000,
-	0x00000002, 0x10000002, 0x00010002, 0x10010002,
-	0x00002000, 0x10002000, 0x00012000, 0x10012000,
-	0x00002002, 0x10002002, 0x00012002, 0x10012002,
-	0x00040000, 0x10040000, 0x00050000, 0x10050000,
-	0x00040002, 0x10040002, 0x00050002, 0x10050002,
-	0x00042000, 0x10042000, 0x00052000, 0x10052000,
-	0x00042002, 0x10042002, 0x00052002, 0x10052002,
-	0x20000000, 0x30000000, 0x20010000, 0x30010000,
-	0x20000002, 0x30000002, 0x20010002, 0x30010002,
-	0x20002000, 0x30002000, 0x20012000, 0x30012000,
-	0x20002002, 0x30002002, 0x20012002, 0x30012002,
-	0x20040000, 0x30040000, 0x20050000, 0x30050000,
-	0x20040002, 0x30040002, 0x20050002, 0x30050002,
-	0x20042000, 0x30042000, 0x20052000, 0x30052000,
-	0x20042002, 0x30042002, 0x20052002, 0x30052002,
-  },
-  {
-	0x00000000, 0x04000000, 0x00000001, 0x04000001,
-	0x01000000, 0x05000000, 0x01000001, 0x05000001,
-	0x00000010, 0x04000010, 0x00000011, 0x04000011,
-	0x01000010, 0x05000010, 0x01000011, 0x05000011,
-	0x00080000, 0x04080000, 0x00080001, 0x04080001,
-	0x01080000, 0x05080000, 0x01080001, 0x05080001,
-	0x00080010, 0x04080010, 0x00080011, 0x04080011,
-	0x01080010, 0x05080010, 0x01080011, 0x05080011,
-	0x00000800, 0x04000800, 0x00000801, 0x04000801,
-	0x01000800, 0x05000800, 0x01000801, 0x05000801,
-	0x00000810, 0x04000810, 0x00000811, 0x04000811,
-	0x01000810, 0x05000810, 0x01000811, 0x05000811,
-	0x00080800, 0x04080800, 0x00080801, 0x04080801,
-	0x01080800, 0x05080800, 0x01080801, 0x05080801,
-	0x00080810, 0x04080810, 0x00080811, 0x04080811,
-	0x01080810, 0x05080810, 0x01080811, 0x05080811
-  },
+    {
+        0x00000000, 0x02000000, 0x00020000, 0x02020000,
+        0x00000100, 0x02000100, 0x00020100, 0x02020100,
+        0x00000008, 0x02000008, 0x00020008, 0x02020008,
+        0x00000108, 0x02000108, 0x00020108, 0x02020108,
+        0x00200000, 0x02200000, 0x00220000, 0x02220000,
+        0x00200100, 0x02200100, 0x00220100, 0x02220100,
+        0x00200008, 0x02200008, 0x00220008, 0x02220008,
+        0x00200108, 0x02200108, 0x00220108, 0x02220108,
+        0x00000200, 0x02000200, 0x00020200, 0x02020200,
+        0x00000300, 0x02000300, 0x00020300, 0x02020300,
+        0x00000208, 0x02000208, 0x00020208, 0x02020208,
+        0x00000308, 0x02000308, 0x00020308, 0x02020308,
+        0x00200200, 0x02200200, 0x00220200, 0x02220200,
+        0x00200300, 0x02200300, 0x00220300, 0x02220300,
+        0x00200208, 0x02200208, 0x00220208, 0x02220208,
+        0x00200308, 0x02200308, 0x00220308, 0x02220308,
+    },
+    {
+        0x00000000, 0x00001000, 0x00000020, 0x00001020,
+        0x00100000, 0x00101000, 0x00100020, 0x00101020,
+        0x08000000, 0x08001000, 0x08000020, 0x08001020,
+        0x08100000, 0x08101000, 0x08100020, 0x08101020,
+        0x00000004, 0x00001004, 0x00000024, 0x00001024,
+        0x00100004, 0x00101004, 0x00100024, 0x00101024,
+        0x08000004, 0x08001004, 0x08000024, 0x08001024,
+        0x08100004, 0x08101004, 0x08100024, 0x08101024,
+        0x00000400, 0x00001400, 0x00000420, 0x00001420,
+        0x00100400, 0x00101400, 0x00100420, 0x00101420,
+        0x08000400, 0x08001400, 0x08000420, 0x08001420,
+        0x08100400, 0x08101400, 0x08100420, 0x08101420,
+        0x00000404, 0x00001404, 0x00000424, 0x00001424,
+        0x00100404, 0x00101404, 0x00100424, 0x00101424,
+        0x08000404, 0x08001404, 0x08000424, 0x08001424,
+        0x08100404, 0x08101404, 0x08100424, 0x08101424,
+    },
+    {
+        0x00000000, 0x10000000, 0x00010000, 0x10010000,
+        0x00000002, 0x10000002, 0x00010002, 0x10010002,
+        0x00002000, 0x10002000, 0x00012000, 0x10012000,
+        0x00002002, 0x10002002, 0x00012002, 0x10012002,
+        0x00040000, 0x10040000, 0x00050000, 0x10050000,
+        0x00040002, 0x10040002, 0x00050002, 0x10050002,
+        0x00042000, 0x10042000, 0x00052000, 0x10052000,
+        0x00042002, 0x10042002, 0x00052002, 0x10052002,
+        0x20000000, 0x30000000, 0x20010000, 0x30010000,
+        0x20000002, 0x30000002, 0x20010002, 0x30010002,
+        0x20002000, 0x30002000, 0x20012000, 0x30012000,
+        0x20002002, 0x30002002, 0x20012002, 0x30012002,
+        0x20040000, 0x30040000, 0x20050000, 0x30050000,
+        0x20040002, 0x30040002, 0x20050002, 0x30050002,
+        0x20042000, 0x30042000, 0x20052000, 0x30052000,
+        0x20042002, 0x30042002, 0x20052002, 0x30052002,
+    },
+    {
+        0x00000000, 0x04000000, 0x00000001, 0x04000001,
+        0x01000000, 0x05000000, 0x01000001, 0x05000001,
+        0x00000010, 0x04000010, 0x00000011, 0x04000011,
+        0x01000010, 0x05000010, 0x01000011, 0x05000011,
+        0x00080000, 0x04080000, 0x00080001, 0x04080001,
+        0x01080000, 0x05080000, 0x01080001, 0x05080001,
+        0x00080010, 0x04080010, 0x00080011, 0x04080011,
+        0x01080010, 0x05080010, 0x01080011, 0x05080011,
+        0x00000800, 0x04000800, 0x00000801, 0x04000801,
+        0x01000800, 0x05000800, 0x01000801, 0x05000801,
+        0x00000810, 0x04000810, 0x00000811, 0x04000811,
+        0x01000810, 0x05000810, 0x01000811, 0x05000811,
+        0x00080800, 0x04080800, 0x00080801, 0x04080801,
+        0x01080800, 0x05080800, 0x01080801, 0x05080801,
+        0x00080810, 0x04080810, 0x00080811, 0x04080811,
+        0x01080810, 0x05080810, 0x01080811, 0x05080811
+    },
 };
 
 
@@ -241,119 +242,119 @@ static const unsigned DES_INT32 PC2_D[4][64] = {
 int
 mit_des_make_key_sched(mit_des_cblock key, mit_des_key_schedule schedule)
 {
-	register unsigned DES_INT32 c, d;
+    register unsigned DES_INT32 c, d;
 
-	{
-		/*
-		 * Need a pointer for the keys and a temporary DES_INT32
-		 */
-		const unsigned char *k;
-		register unsigned DES_INT32 tmp;
+    {
+        /*
+         * Need a pointer for the keys and a temporary DES_INT32
+         */
+        const unsigned char *k;
+        register unsigned DES_INT32 tmp;
 
-		/*
-		 * Fetch the key into something we can work with
-		 */
-		k = key;
+        /*
+         * Fetch the key into something we can work with
+         */
+        k = key;
 
-		/*
-		 * The first permutted choice gives us the 28 bits for C0 and
-		 * 28 for D0.  C0 gets 12 bits from the left key and 16 from
-		 * the right, while D0 gets 16 from the left and 12 from the
-		 * right.  The code knows which bits go where.
-		 */
-		tmp = load_32_be(k), k += 4;
+        /*
+         * The first permutted choice gives us the 28 bits for C0 and
+         * 28 for D0.  C0 gets 12 bits from the left key and 16 from
+         * the right, while D0 gets 16 from the left and 12 from the
+         * right.  The code knows which bits go where.
+         */
+        tmp = load_32_be(k), k += 4;
 
-		c =  PC1_CL[(tmp >> 29) & 0x7]
-		  | (PC1_CL[(tmp >> 21) & 0x7] << 1)
-		  | (PC1_CL[(tmp >> 13) & 0x7] << 2)
-		  | (PC1_CL[(tmp >>  5) & 0x7] << 3);
-		d =  PC1_DL[(tmp >> 25) & 0xf]
-		  | (PC1_DL[(tmp >> 17) & 0xf] << 1)
-		  | (PC1_DL[(tmp >>  9) & 0xf] << 2)
-		  | (PC1_DL[(tmp >>  1) & 0xf] << 3);
+        c =  PC1_CL[(tmp >> 29) & 0x7]
+            | (PC1_CL[(tmp >> 21) & 0x7] << 1)
+            | (PC1_CL[(tmp >> 13) & 0x7] << 2)
+            | (PC1_CL[(tmp >>  5) & 0x7] << 3);
+        d =  PC1_DL[(tmp >> 25) & 0xf]
+            | (PC1_DL[(tmp >> 17) & 0xf] << 1)
+            | (PC1_DL[(tmp >>  9) & 0xf] << 2)
+            | (PC1_DL[(tmp >>  1) & 0xf] << 3);
 
-		tmp = load_32_be(k), k += 4;
+        tmp = load_32_be(k), k += 4;
 
-		c |= PC1_CR[(tmp >> 28) & 0xf]
-		  | (PC1_CR[(tmp >> 20) & 0xf] << 1)
-		  | (PC1_CR[(tmp >> 12) & 0xf] << 2)
-		  | (PC1_CR[(tmp >>  4) & 0xf] << 3);
-		d |= PC1_DR[(tmp >> 25) & 0x7]
-		  | (PC1_DR[(tmp >> 17) & 0x7] << 1)
-		  | (PC1_DR[(tmp >>  9) & 0x7] << 2)
-		  | (PC1_DR[(tmp >>  1) & 0x7] << 3);
-	}
+        c |= PC1_CR[(tmp >> 28) & 0xf]
+            | (PC1_CR[(tmp >> 20) & 0xf] << 1)
+            | (PC1_CR[(tmp >> 12) & 0xf] << 2)
+            | (PC1_CR[(tmp >>  4) & 0xf] << 3);
+        d |= PC1_DR[(tmp >> 25) & 0x7]
+            | (PC1_DR[(tmp >> 17) & 0x7] << 1)
+            | (PC1_DR[(tmp >>  9) & 0x7] << 2)
+            | (PC1_DR[(tmp >>  1) & 0x7] << 3);
+    }
 
-	{
-		/*
-		 * Need several temporaries in here
-		 */
-		register unsigned DES_INT32 ltmp, rtmp;
-		register unsigned DES_INT32 *k;
-		register int two_bit_shifts;
-		register int i;
-		/*
-		 * Now iterate to compute the key schedule.  Note that we
-		 * record the entire set of subkeys in 6 bit chunks since
-		 * they are used that way.  At 6 bits/char, we need
-		 * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
-		 * The schedule must be this big.
-		 */
-		k = (unsigned DES_INT32 *)schedule;
-		two_bit_shifts = TWO_BIT_SHIFTS;
-		for (i = 16; i > 0; i--) {
-			/*
-			 * Do the rotation.  One bit and two bit rotations
-			 * are done separately.  Note C and D are 28 bits.
-			 */
-			if (two_bit_shifts & 0x1) {
-				c = ((c << 2) & 0xffffffc) | (c >> 26);
-				d = ((d << 2) & 0xffffffc) | (d >> 26);
-			} else {
-				c = ((c << 1) & 0xffffffe) | (c >> 27);
-				d = ((d << 1) & 0xffffffe) | (d >> 27);
-			}
-			two_bit_shifts >>= 1;
+    {
+        /*
+         * Need several temporaries in here
+         */
+        register unsigned DES_INT32 ltmp, rtmp;
+        register unsigned DES_INT32 *k;
+        register int two_bit_shifts;
+        register int i;
+        /*
+         * Now iterate to compute the key schedule.  Note that we
+         * record the entire set of subkeys in 6 bit chunks since
+         * they are used that way.  At 6 bits/char, we need
+         * 48/6 char's/subkey * 16 subkeys/encryption == 128 bytes.
+         * The schedule must be this big.
+         */
+        k = (unsigned DES_INT32 *)schedule;
+        two_bit_shifts = TWO_BIT_SHIFTS;
+        for (i = 16; i > 0; i--) {
+            /*
+             * Do the rotation.  One bit and two bit rotations
+             * are done separately.  Note C and D are 28 bits.
+             */
+            if (two_bit_shifts & 0x1) {
+                c = ((c << 2) & 0xffffffc) | (c >> 26);
+                d = ((d << 2) & 0xffffffc) | (d >> 26);
+            } else {
+                c = ((c << 1) & 0xffffffe) | (c >> 27);
+                d = ((d << 1) & 0xffffffe) | (d >> 27);
+            }
+            two_bit_shifts >>= 1;
 
-			/*
-			 * Apply permutted choice 2 to C to get the first
-			 * 24 bits worth of keys.  Note that bits 9, 18, 22
-			 * and 25 (using DES numbering) in C are unused.  The
-			 * shift-mask stuff is done to delete these bits from
-			 * the indices, since this cuts the table size in half.
-			 *
-			 * The table is torqued, by the way.  If the standard
-			 * byte order for this (high to low order) is 1234,
-			 * the table actually gives us 4132.
-			 */
-			ltmp = PC2_C[0][((c >> 22) & 0x3f)]
-			     | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
-			     | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
-			     | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
-			/*
-			 * Apply permutted choice 2 to D to get the other half.
-			 * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
-			 * actually turns out to be cheaper here.
-			 *
-			 * This table is similarly torqued.  If the standard
-			 * byte order is 5678, the table has the bytes permuted
-			 * to give us 7685.
-			 */
-			rtmp = PC2_D[0][((d >> 22) & 0x3f)]
-			     | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
-			     | PC2_D[2][((d >>  7) & 0x3f)]
-			     | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
+            /*
+             * Apply permutted choice 2 to C to get the first
+             * 24 bits worth of keys.  Note that bits 9, 18, 22
+             * and 25 (using DES numbering) in C are unused.  The
+             * shift-mask stuff is done to delete these bits from
+             * the indices, since this cuts the table size in half.
+             *
+             * The table is torqued, by the way.  If the standard
+             * byte order for this (high to low order) is 1234,
+             * the table actually gives us 4132.
+             */
+            ltmp = PC2_C[0][((c >> 22) & 0x3f)]
+                | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)]
+                | PC2_C[2][((c >>  4) & 0x3) | ((c >>  9) & 0x3c)]
+                | PC2_C[3][((c      ) & 0x7) | ((c >>  4) & 0x38)];
+            /*
+             * Apply permutted choice 2 to D to get the other half.
+             * Here, bits 7, 10, 15 and 26 go unused.  The sqeezing
+             * actually turns out to be cheaper here.
+             *
+             * This table is similarly torqued.  If the standard
+             * byte order is 5678, the table has the bytes permuted
+             * to give us 7685.
+             */
+            rtmp = PC2_D[0][((d >> 22) & 0x3f)]
+                | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)]
+                | PC2_D[2][((d >>  7) & 0x3f)]
+                | PC2_D[3][((d      ) & 0x3) | ((d >>  1) & 0x3c)];
 
-			/*
-			 * Make up two words of the key schedule, with a
-			 * byte order which is convenient for the DES
-			 * inner loop.  The high order (first) word will
-			 * hold bytes 7135 (high to low order) while the
-			 * second holds bytes 4682.
-			 */
-			*k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff);
-			*k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
-		}
-	}
-	return (0);
+            /*
+             * Make up two words of the key schedule, with a
+             * byte order which is convenient for the DES
+             * inner loop.  The high order (first) word will
+             * hold bytes 7135 (high to low order) while the
+             * second holds bytes 4682.
+             */
+            *k++ = (ltmp & 0x00ffff00) | (rtmp & 0xff0000ff);
+            *k++ = (ltmp & 0xff0000ff) | (rtmp & 0x00ffff00);
+        }
+    }
+    return (0);
 }
diff --git a/src/lib/crypto/builtin/des/f_tables.c b/src/lib/crypto/builtin/des/f_tables.c
index 42426bc..9470b2b 100644
--- a/src/lib/crypto/builtin/des/f_tables.c
+++ b/src/lib/crypto/builtin/des/f_tables.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_tables.c
  *
@@ -70,70 +71,70 @@
  */
 
 const unsigned DES_INT32 des_IP_table[256] = {
-	0x00000000, 0x00000010, 0x00000001, 0x00000011,
-	0x00001000, 0x00001010, 0x00001001, 0x00001011,
-	0x00000100, 0x00000110, 0x00000101, 0x00000111,
-	0x00001100, 0x00001110, 0x00001101, 0x00001111,
-	0x00100000, 0x00100010, 0x00100001, 0x00100011,
-	0x00101000, 0x00101010, 0x00101001, 0x00101011,
-	0x00100100, 0x00100110, 0x00100101, 0x00100111,
-	0x00101100, 0x00101110, 0x00101101, 0x00101111,
-	0x00010000, 0x00010010, 0x00010001, 0x00010011,
-	0x00011000, 0x00011010, 0x00011001, 0x00011011,
-	0x00010100, 0x00010110, 0x00010101, 0x00010111,
-	0x00011100, 0x00011110, 0x00011101, 0x00011111,
-	0x00110000, 0x00110010, 0x00110001, 0x00110011,
-	0x00111000, 0x00111010, 0x00111001, 0x00111011,
-	0x00110100, 0x00110110, 0x00110101, 0x00110111,
-	0x00111100, 0x00111110, 0x00111101, 0x00111111,
-	0x10000000, 0x10000010, 0x10000001, 0x10000011,
-	0x10001000, 0x10001010, 0x10001001, 0x10001011,
-	0x10000100, 0x10000110, 0x10000101, 0x10000111,
-	0x10001100, 0x10001110, 0x10001101, 0x10001111,
-	0x10100000, 0x10100010, 0x10100001, 0x10100011,
-	0x10101000, 0x10101010, 0x10101001, 0x10101011,
-	0x10100100, 0x10100110, 0x10100101, 0x10100111,
-	0x10101100, 0x10101110, 0x10101101, 0x10101111,
-	0x10010000, 0x10010010, 0x10010001, 0x10010011,
-	0x10011000, 0x10011010, 0x10011001, 0x10011011,
-	0x10010100, 0x10010110, 0x10010101, 0x10010111,
-	0x10011100, 0x10011110, 0x10011101, 0x10011111,
-	0x10110000, 0x10110010, 0x10110001, 0x10110011,
-	0x10111000, 0x10111010, 0x10111001, 0x10111011,
-	0x10110100, 0x10110110, 0x10110101, 0x10110111,
-	0x10111100, 0x10111110, 0x10111101, 0x10111111,
-	0x01000000, 0x01000010, 0x01000001, 0x01000011,
-	0x01001000, 0x01001010, 0x01001001, 0x01001011,
-	0x01000100, 0x01000110, 0x01000101, 0x01000111,
-	0x01001100, 0x01001110, 0x01001101, 0x01001111,
-	0x01100000, 0x01100010, 0x01100001, 0x01100011,
-	0x01101000, 0x01101010, 0x01101001, 0x01101011,
-	0x01100100, 0x01100110, 0x01100101, 0x01100111,
-	0x01101100, 0x01101110, 0x01101101, 0x01101111,
-	0x01010000, 0x01010010, 0x01010001, 0x01010011,
-	0x01011000, 0x01011010, 0x01011001, 0x01011011,
-	0x01010100, 0x01010110, 0x01010101, 0x01010111,
-	0x01011100, 0x01011110, 0x01011101, 0x01011111,
-	0x01110000, 0x01110010, 0x01110001, 0x01110011,
-	0x01111000, 0x01111010, 0x01111001, 0x01111011,
-	0x01110100, 0x01110110, 0x01110101, 0x01110111,
-	0x01111100, 0x01111110, 0x01111101, 0x01111111,
-	0x11000000, 0x11000010, 0x11000001, 0x11000011,
-	0x11001000, 0x11001010, 0x11001001, 0x11001011,
-	0x11000100, 0x11000110, 0x11000101, 0x11000111,
-	0x11001100, 0x11001110, 0x11001101, 0x11001111,
-	0x11100000, 0x11100010, 0x11100001, 0x11100011,
-	0x11101000, 0x11101010, 0x11101001, 0x11101011,
-	0x11100100, 0x11100110, 0x11100101, 0x11100111,
-	0x11101100, 0x11101110, 0x11101101, 0x11101111,
-	0x11010000, 0x11010010, 0x11010001, 0x11010011,
-	0x11011000, 0x11011010, 0x11011001, 0x11011011,
-	0x11010100, 0x11010110, 0x11010101, 0x11010111,
-	0x11011100, 0x11011110, 0x11011101, 0x11011111,
-	0x11110000, 0x11110010, 0x11110001, 0x11110011,
-	0x11111000, 0x11111010, 0x11111001, 0x11111011,
-	0x11110100, 0x11110110, 0x11110101, 0x11110111,
-	0x11111100, 0x11111110, 0x11111101, 0x11111111
+    0x00000000, 0x00000010, 0x00000001, 0x00000011,
+    0x00001000, 0x00001010, 0x00001001, 0x00001011,
+    0x00000100, 0x00000110, 0x00000101, 0x00000111,
+    0x00001100, 0x00001110, 0x00001101, 0x00001111,
+    0x00100000, 0x00100010, 0x00100001, 0x00100011,
+    0x00101000, 0x00101010, 0x00101001, 0x00101011,
+    0x00100100, 0x00100110, 0x00100101, 0x00100111,
+    0x00101100, 0x00101110, 0x00101101, 0x00101111,
+    0x00010000, 0x00010010, 0x00010001, 0x00010011,
+    0x00011000, 0x00011010, 0x00011001, 0x00011011,
+    0x00010100, 0x00010110, 0x00010101, 0x00010111,
+    0x00011100, 0x00011110, 0x00011101, 0x00011111,
+    0x00110000, 0x00110010, 0x00110001, 0x00110011,
+    0x00111000, 0x00111010, 0x00111001, 0x00111011,
+    0x00110100, 0x00110110, 0x00110101, 0x00110111,
+    0x00111100, 0x00111110, 0x00111101, 0x00111111,
+    0x10000000, 0x10000010, 0x10000001, 0x10000011,
+    0x10001000, 0x10001010, 0x10001001, 0x10001011,
+    0x10000100, 0x10000110, 0x10000101, 0x10000111,
+    0x10001100, 0x10001110, 0x10001101, 0x10001111,
+    0x10100000, 0x10100010, 0x10100001, 0x10100011,
+    0x10101000, 0x10101010, 0x10101001, 0x10101011,
+    0x10100100, 0x10100110, 0x10100101, 0x10100111,
+    0x10101100, 0x10101110, 0x10101101, 0x10101111,
+    0x10010000, 0x10010010, 0x10010001, 0x10010011,
+    0x10011000, 0x10011010, 0x10011001, 0x10011011,
+    0x10010100, 0x10010110, 0x10010101, 0x10010111,
+    0x10011100, 0x10011110, 0x10011101, 0x10011111,
+    0x10110000, 0x10110010, 0x10110001, 0x10110011,
+    0x10111000, 0x10111010, 0x10111001, 0x10111011,
+    0x10110100, 0x10110110, 0x10110101, 0x10110111,
+    0x10111100, 0x10111110, 0x10111101, 0x10111111,
+    0x01000000, 0x01000010, 0x01000001, 0x01000011,
+    0x01001000, 0x01001010, 0x01001001, 0x01001011,
+    0x01000100, 0x01000110, 0x01000101, 0x01000111,
+    0x01001100, 0x01001110, 0x01001101, 0x01001111,
+    0x01100000, 0x01100010, 0x01100001, 0x01100011,
+    0x01101000, 0x01101010, 0x01101001, 0x01101011,
+    0x01100100, 0x01100110, 0x01100101, 0x01100111,
+    0x01101100, 0x01101110, 0x01101101, 0x01101111,
+    0x01010000, 0x01010010, 0x01010001, 0x01010011,
+    0x01011000, 0x01011010, 0x01011001, 0x01011011,
+    0x01010100, 0x01010110, 0x01010101, 0x01010111,
+    0x01011100, 0x01011110, 0x01011101, 0x01011111,
+    0x01110000, 0x01110010, 0x01110001, 0x01110011,
+    0x01111000, 0x01111010, 0x01111001, 0x01111011,
+    0x01110100, 0x01110110, 0x01110101, 0x01110111,
+    0x01111100, 0x01111110, 0x01111101, 0x01111111,
+    0x11000000, 0x11000010, 0x11000001, 0x11000011,
+    0x11001000, 0x11001010, 0x11001001, 0x11001011,
+    0x11000100, 0x11000110, 0x11000101, 0x11000111,
+    0x11001100, 0x11001110, 0x11001101, 0x11001111,
+    0x11100000, 0x11100010, 0x11100001, 0x11100011,
+    0x11101000, 0x11101010, 0x11101001, 0x11101011,
+    0x11100100, 0x11100110, 0x11100101, 0x11100111,
+    0x11101100, 0x11101110, 0x11101101, 0x11101111,
+    0x11010000, 0x11010010, 0x11010001, 0x11010011,
+    0x11011000, 0x11011010, 0x11011001, 0x11011011,
+    0x11010100, 0x11010110, 0x11010101, 0x11010111,
+    0x11011100, 0x11011110, 0x11011101, 0x11011111,
+    0x11110000, 0x11110010, 0x11110001, 0x11110011,
+    0x11111000, 0x11111010, 0x11111001, 0x11111011,
+    0x11110100, 0x11110110, 0x11110101, 0x11110111,
+    0x11111100, 0x11111110, 0x11111101, 0x11111111
 };
 
 /*
@@ -150,70 +151,70 @@ const unsigned DES_INT32 des_IP_table[256] = {
  * which is or'd with the result from the low byte.
  */
 const unsigned DES_INT32 des_FP_table[256] = {
-	0x00000000, 0x02000000, 0x00020000, 0x02020000,
-	0x00000200, 0x02000200, 0x00020200, 0x02020200,
-	0x00000002, 0x02000002, 0x00020002, 0x02020002,
-	0x00000202, 0x02000202, 0x00020202, 0x02020202,
-	0x01000000, 0x03000000, 0x01020000, 0x03020000,
-	0x01000200, 0x03000200, 0x01020200, 0x03020200,
-	0x01000002, 0x03000002, 0x01020002, 0x03020002,
-	0x01000202, 0x03000202, 0x01020202, 0x03020202,
-	0x00010000, 0x02010000, 0x00030000, 0x02030000,
-	0x00010200, 0x02010200, 0x00030200, 0x02030200,
-	0x00010002, 0x02010002, 0x00030002, 0x02030002,
-	0x00010202, 0x02010202, 0x00030202, 0x02030202,
-	0x01010000, 0x03010000, 0x01030000, 0x03030000,
-	0x01010200, 0x03010200, 0x01030200, 0x03030200,
-	0x01010002, 0x03010002, 0x01030002, 0x03030002,
-	0x01010202, 0x03010202, 0x01030202, 0x03030202,
-	0x00000100, 0x02000100, 0x00020100, 0x02020100,
-	0x00000300, 0x02000300, 0x00020300, 0x02020300,
-	0x00000102, 0x02000102, 0x00020102, 0x02020102,
-	0x00000302, 0x02000302, 0x00020302, 0x02020302,
-	0x01000100, 0x03000100, 0x01020100, 0x03020100,
-	0x01000300, 0x03000300, 0x01020300, 0x03020300,
-	0x01000102, 0x03000102, 0x01020102, 0x03020102,
-	0x01000302, 0x03000302, 0x01020302, 0x03020302,
-	0x00010100, 0x02010100, 0x00030100, 0x02030100,
-	0x00010300, 0x02010300, 0x00030300, 0x02030300,
-	0x00010102, 0x02010102, 0x00030102, 0x02030102,
-	0x00010302, 0x02010302, 0x00030302, 0x02030302,
-	0x01010100, 0x03010100, 0x01030100, 0x03030100,
-	0x01010300, 0x03010300, 0x01030300, 0x03030300,
-	0x01010102, 0x03010102, 0x01030102, 0x03030102,
-	0x01010302, 0x03010302, 0x01030302, 0x03030302,
-	0x00000001, 0x02000001, 0x00020001, 0x02020001,
-	0x00000201, 0x02000201, 0x00020201, 0x02020201,
-	0x00000003, 0x02000003, 0x00020003, 0x02020003,
-	0x00000203, 0x02000203, 0x00020203, 0x02020203,
-	0x01000001, 0x03000001, 0x01020001, 0x03020001,
-	0x01000201, 0x03000201, 0x01020201, 0x03020201,
-	0x01000003, 0x03000003, 0x01020003, 0x03020003,
-	0x01000203, 0x03000203, 0x01020203, 0x03020203,
-	0x00010001, 0x02010001, 0x00030001, 0x02030001,
-	0x00010201, 0x02010201, 0x00030201, 0x02030201,
-	0x00010003, 0x02010003, 0x00030003, 0x02030003,
-	0x00010203, 0x02010203, 0x00030203, 0x02030203,
-	0x01010001, 0x03010001, 0x01030001, 0x03030001,
-	0x01010201, 0x03010201, 0x01030201, 0x03030201,
-	0x01010003, 0x03010003, 0x01030003, 0x03030003,
-	0x01010203, 0x03010203, 0x01030203, 0x03030203,
-	0x00000101, 0x02000101, 0x00020101, 0x02020101,
-	0x00000301, 0x02000301, 0x00020301, 0x02020301,
-	0x00000103, 0x02000103, 0x00020103, 0x02020103,
-	0x00000303, 0x02000303, 0x00020303, 0x02020303,
-	0x01000101, 0x03000101, 0x01020101, 0x03020101,
-	0x01000301, 0x03000301, 0x01020301, 0x03020301,
-	0x01000103, 0x03000103, 0x01020103, 0x03020103,
-	0x01000303, 0x03000303, 0x01020303, 0x03020303,
-	0x00010101, 0x02010101, 0x00030101, 0x02030101,
-	0x00010301, 0x02010301, 0x00030301, 0x02030301,
-	0x00010103, 0x02010103, 0x00030103, 0x02030103,
-	0x00010303, 0x02010303, 0x00030303, 0x02030303,
-	0x01010101, 0x03010101, 0x01030101, 0x03030101,
-	0x01010301, 0x03010301, 0x01030301, 0x03030301,
-	0x01010103, 0x03010103, 0x01030103, 0x03030103,
-	0x01010303, 0x03010303, 0x01030303, 0x03030303
+    0x00000000, 0x02000000, 0x00020000, 0x02020000,
+    0x00000200, 0x02000200, 0x00020200, 0x02020200,
+    0x00000002, 0x02000002, 0x00020002, 0x02020002,
+    0x00000202, 0x02000202, 0x00020202, 0x02020202,
+    0x01000000, 0x03000000, 0x01020000, 0x03020000,
+    0x01000200, 0x03000200, 0x01020200, 0x03020200,
+    0x01000002, 0x03000002, 0x01020002, 0x03020002,
+    0x01000202, 0x03000202, 0x01020202, 0x03020202,
+    0x00010000, 0x02010000, 0x00030000, 0x02030000,
+    0x00010200, 0x02010200, 0x00030200, 0x02030200,
+    0x00010002, 0x02010002, 0x00030002, 0x02030002,
+    0x00010202, 0x02010202, 0x00030202, 0x02030202,
+    0x01010000, 0x03010000, 0x01030000, 0x03030000,
+    0x01010200, 0x03010200, 0x01030200, 0x03030200,
+    0x01010002, 0x03010002, 0x01030002, 0x03030002,
+    0x01010202, 0x03010202, 0x01030202, 0x03030202,
+    0x00000100, 0x02000100, 0x00020100, 0x02020100,
+    0x00000300, 0x02000300, 0x00020300, 0x02020300,
+    0x00000102, 0x02000102, 0x00020102, 0x02020102,
+    0x00000302, 0x02000302, 0x00020302, 0x02020302,
+    0x01000100, 0x03000100, 0x01020100, 0x03020100,
+    0x01000300, 0x03000300, 0x01020300, 0x03020300,
+    0x01000102, 0x03000102, 0x01020102, 0x03020102,
+    0x01000302, 0x03000302, 0x01020302, 0x03020302,
+    0x00010100, 0x02010100, 0x00030100, 0x02030100,
+    0x00010300, 0x02010300, 0x00030300, 0x02030300,
+    0x00010102, 0x02010102, 0x00030102, 0x02030102,
+    0x00010302, 0x02010302, 0x00030302, 0x02030302,
+    0x01010100, 0x03010100, 0x01030100, 0x03030100,
+    0x01010300, 0x03010300, 0x01030300, 0x03030300,
+    0x01010102, 0x03010102, 0x01030102, 0x03030102,
+    0x01010302, 0x03010302, 0x01030302, 0x03030302,
+    0x00000001, 0x02000001, 0x00020001, 0x02020001,
+    0x00000201, 0x02000201, 0x00020201, 0x02020201,
+    0x00000003, 0x02000003, 0x00020003, 0x02020003,
+    0x00000203, 0x02000203, 0x00020203, 0x02020203,
+    0x01000001, 0x03000001, 0x01020001, 0x03020001,
+    0x01000201, 0x03000201, 0x01020201, 0x03020201,
+    0x01000003, 0x03000003, 0x01020003, 0x03020003,
+    0x01000203, 0x03000203, 0x01020203, 0x03020203,
+    0x00010001, 0x02010001, 0x00030001, 0x02030001,
+    0x00010201, 0x02010201, 0x00030201, 0x02030201,
+    0x00010003, 0x02010003, 0x00030003, 0x02030003,
+    0x00010203, 0x02010203, 0x00030203, 0x02030203,
+    0x01010001, 0x03010001, 0x01030001, 0x03030001,
+    0x01010201, 0x03010201, 0x01030201, 0x03030201,
+    0x01010003, 0x03010003, 0x01030003, 0x03030003,
+    0x01010203, 0x03010203, 0x01030203, 0x03030203,
+    0x00000101, 0x02000101, 0x00020101, 0x02020101,
+    0x00000301, 0x02000301, 0x00020301, 0x02020301,
+    0x00000103, 0x02000103, 0x00020103, 0x02020103,
+    0x00000303, 0x02000303, 0x00020303, 0x02020303,
+    0x01000101, 0x03000101, 0x01020101, 0x03020101,
+    0x01000301, 0x03000301, 0x01020301, 0x03020301,
+    0x01000103, 0x03000103, 0x01020103, 0x03020103,
+    0x01000303, 0x03000303, 0x01020303, 0x03020303,
+    0x00010101, 0x02010101, 0x00030101, 0x02030101,
+    0x00010301, 0x02010301, 0x00030301, 0x02030301,
+    0x00010103, 0x02010103, 0x00030103, 0x02030103,
+    0x00010303, 0x02010303, 0x00030303, 0x02030303,
+    0x01010101, 0x03010101, 0x01030101, 0x03030101,
+    0x01010301, 0x03010301, 0x01030301, 0x03030301,
+    0x01010103, 0x03010103, 0x01030103, 0x03030103,
+    0x01010303, 0x03010303, 0x01030303, 0x03030303
 };
 
 
@@ -223,148 +224,148 @@ const unsigned DES_INT32 des_FP_table[256] = {
  * spec, to match the order of key application we follow.
  */
 const unsigned DES_INT32 des_SP_table[8][64] = {
-  {
-	0x00100000, 0x02100001, 0x02000401, 0x00000000,	/* 7 */
-	0x00000400, 0x02000401, 0x00100401, 0x02100400,
-	0x02100401, 0x00100000, 0x00000000, 0x02000001,
-	0x00000001, 0x02000000, 0x02100001, 0x00000401,
-	0x02000400, 0x00100401, 0x00100001, 0x02000400,
-	0x02000001, 0x02100000, 0x02100400, 0x00100001,
-	0x02100000, 0x00000400, 0x00000401, 0x02100401,
-	0x00100400, 0x00000001, 0x02000000, 0x00100400,
-	0x02000000, 0x00100400, 0x00100000, 0x02000401,
-	0x02000401, 0x02100001, 0x02100001, 0x00000001,
-	0x00100001, 0x02000000, 0x02000400, 0x00100000,
-	0x02100400, 0x00000401, 0x00100401, 0x02100400,
-	0x00000401, 0x02000001, 0x02100401, 0x02100000,
-	0x00100400, 0x00000000, 0x00000001, 0x02100401,
-	0x00000000, 0x00100401, 0x02100000, 0x00000400,
-	0x02000001, 0x02000400, 0x00000400, 0x00100001,
-  },
-  {
-	0x00808200, 0x00000000, 0x00008000, 0x00808202,	/* 1 */
-	0x00808002, 0x00008202, 0x00000002, 0x00008000,
-	0x00000200, 0x00808200, 0x00808202, 0x00000200,
-	0x00800202, 0x00808002, 0x00800000, 0x00000002,
-	0x00000202, 0x00800200, 0x00800200, 0x00008200,
-	0x00008200, 0x00808000, 0x00808000, 0x00800202,
-	0x00008002, 0x00800002, 0x00800002, 0x00008002,
-	0x00000000, 0x00000202, 0x00008202, 0x00800000,
-	0x00008000, 0x00808202, 0x00000002, 0x00808000,
-	0x00808200, 0x00800000, 0x00800000, 0x00000200,
-	0x00808002, 0x00008000, 0x00008200, 0x00800002,
-	0x00000200, 0x00000002, 0x00800202, 0x00008202,
-	0x00808202, 0x00008002, 0x00808000, 0x00800202,
-	0x00800002, 0x00000202, 0x00008202, 0x00808200,
-	0x00000202, 0x00800200, 0x00800200, 0x00000000,
-	0x00008002, 0x00008200, 0x00000000, 0x00808002,
-  },
-  {
-	0x00000104, 0x04010100, 0x00000000, 0x04010004,	/* 3 */
-	0x04000100, 0x00000000, 0x00010104, 0x04000100,
-	0x00010004, 0x04000004, 0x04000004, 0x00010000,
-	0x04010104, 0x00010004, 0x04010000, 0x00000104,
-	0x04000000, 0x00000004, 0x04010100, 0x00000100,
-	0x00010100, 0x04010000, 0x04010004, 0x00010104,
-	0x04000104, 0x00010100, 0x00010000, 0x04000104,
-	0x00000004, 0x04010104, 0x00000100, 0x04000000,
-	0x04010100, 0x04000000, 0x00010004, 0x00000104,
-	0x00010000, 0x04010100, 0x04000100, 0x00000000,
-	0x00000100, 0x00010004, 0x04010104, 0x04000100,
-	0x04000004, 0x00000100, 0x00000000, 0x04010004,
-	0x04000104, 0x00010000, 0x04000000, 0x04010104,
-	0x00000004, 0x00010104, 0x00010100, 0x04000004,
-	0x04010000, 0x04000104, 0x00000104, 0x04010000,
-	0x00010104, 0x00000004, 0x04010004, 0x00010100,
-  },
-  {
-	0x00000080, 0x01040080, 0x01040000, 0x21000080,	/* 5 */
-	0x00040000, 0x00000080, 0x20000000, 0x01040000,
-	0x20040080, 0x00040000, 0x01000080, 0x20040080,
-	0x21000080, 0x21040000, 0x00040080, 0x20000000,
-	0x01000000, 0x20040000, 0x20040000, 0x00000000,
-	0x20000080, 0x21040080, 0x21040080, 0x01000080,
-	0x21040000, 0x20000080, 0x00000000, 0x21000000,
-	0x01040080, 0x01000000, 0x21000000, 0x00040080,
-	0x00040000, 0x21000080, 0x00000080, 0x01000000,
-	0x20000000, 0x01040000, 0x21000080, 0x20040080,
-	0x01000080, 0x20000000, 0x21040000, 0x01040080,
-	0x20040080, 0x00000080, 0x01000000, 0x21040000,
-	0x21040080, 0x00040080, 0x21000000, 0x21040080,
-	0x01040000, 0x00000000, 0x20040000, 0x21000000,
-	0x00040080, 0x01000080, 0x20000080, 0x00040000,
-	0x00000000, 0x20040000, 0x01040080, 0x20000080,
-  },
-  {
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,	/* 4 */
-	0x00401040, 0x80400040, 0x80400000, 0x80001000,
-	0x00000000, 0x00401000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00400040, 0x80400000,
-	0x80000000, 0x00001000, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x80001000, 0x00001040,
-	0x80400040, 0x80000000, 0x00001040, 0x00400040,
-	0x00001000, 0x00401040, 0x80401040, 0x80000040,
-	0x00400040, 0x80400000, 0x00401000, 0x80401040,
-	0x80000040, 0x00000000, 0x00000000, 0x00401000,
-	0x00001040, 0x00400040, 0x80400040, 0x80000000,
-	0x80401000, 0x80001040, 0x80001040, 0x00000040,
-	0x80401040, 0x80000040, 0x80000000, 0x00001000,
-	0x80400000, 0x80001000, 0x00401040, 0x80400040,
-	0x80001000, 0x00001040, 0x00400000, 0x80401000,
-	0x00000040, 0x00400000, 0x00001000, 0x00401040,
-  },
-  {
-	0x10000008, 0x10200000, 0x00002000, 0x10202008,	/* 6 */
-	0x10200000, 0x00000008, 0x10202008, 0x00200000,
-	0x10002000, 0x00202008, 0x00200000, 0x10000008,
-	0x00200008, 0x10002000, 0x10000000, 0x00002008,
-	0x00000000, 0x00200008, 0x10002008, 0x00002000,
-	0x00202000, 0x10002008, 0x00000008, 0x10200008,
-	0x10200008, 0x00000000, 0x00202008, 0x10202000,
-	0x00002008, 0x00202000, 0x10202000, 0x10000000,
-	0x10002000, 0x00000008, 0x10200008, 0x00202000,
-	0x10202008, 0x00200000, 0x00002008, 0x10000008,
-	0x00200000, 0x10002000, 0x10000000, 0x00002008,
-	0x10000008, 0x10202008, 0x00202000, 0x10200000,
-	0x00202008, 0x10202000, 0x00000000, 0x10200008,
-	0x00000008, 0x00002000, 0x10200000, 0x00202008,
-	0x00002000, 0x00200008, 0x10002008, 0x00000000,
-	0x10202000, 0x10000000, 0x00200008, 0x10002008,
-  },
-  {
-	0x08000820, 0x00000800, 0x00020000, 0x08020820,	/* 8 */
-	0x08000000, 0x08000820, 0x00000020, 0x08000000,
-	0x00020020, 0x08020000, 0x08020820, 0x00020800,
-	0x08020800, 0x00020820, 0x00000800, 0x00000020,
-	0x08020000, 0x08000020, 0x08000800, 0x00000820,
-	0x00020800, 0x00020020, 0x08020020, 0x08020800,
-	0x00000820, 0x00000000, 0x00000000, 0x08020020,
-	0x08000020, 0x08000800, 0x00020820, 0x00020000,
-	0x00020820, 0x00020000, 0x08020800, 0x00000800,
-	0x00000020, 0x08020020, 0x00000800, 0x00020820,
-	0x08000800, 0x00000020, 0x08000020, 0x08020000,
-	0x08020020, 0x08000000, 0x00020000, 0x08000820,
-	0x00000000, 0x08020820, 0x00020020, 0x08000020,
-	0x08020000, 0x08000800, 0x08000820, 0x00000000,
-	0x08020820, 0x00020800, 0x00020800, 0x00000820,
-	0x00000820, 0x00020020, 0x08000000, 0x08020800,
-  },
-  {
-	0x40084010, 0x40004000, 0x00004000, 0x00084010,	/* 2 */
-	0x00080000, 0x00000010, 0x40080010, 0x40004010,
-	0x40000010, 0x40084010, 0x40084000, 0x40000000,
-	0x40004000, 0x00080000, 0x00000010, 0x40080010,
-	0x00084000, 0x00080010, 0x40004010, 0x00000000,
-	0x40000000, 0x00004000, 0x00084010, 0x40080000,
-	0x00080010, 0x40000010, 0x00000000, 0x00084000,
-	0x00004010, 0x40084000, 0x40080000, 0x00004010,
-	0x00000000, 0x00084010, 0x40080010, 0x00080000,
-	0x40004010, 0x40080000, 0x40084000, 0x00004000,
-	0x40080000, 0x40004000, 0x00000010, 0x40084010,
-	0x00084010, 0x00000010, 0x00004000, 0x40000000,
-	0x00004010, 0x40084000, 0x00080000, 0x40000010,
-	0x00080010, 0x40004010, 0x40000010, 0x00080010,
-	0x00084000, 0x00000000, 0x40004000, 0x00004010,
-	0x40000000, 0x40080010, 0x40084010, 0x00084000
-  },
+    {
+        0x00100000, 0x02100001, 0x02000401, 0x00000000, /* 7 */
+        0x00000400, 0x02000401, 0x00100401, 0x02100400,
+        0x02100401, 0x00100000, 0x00000000, 0x02000001,
+        0x00000001, 0x02000000, 0x02100001, 0x00000401,
+        0x02000400, 0x00100401, 0x00100001, 0x02000400,
+        0x02000001, 0x02100000, 0x02100400, 0x00100001,
+        0x02100000, 0x00000400, 0x00000401, 0x02100401,
+        0x00100400, 0x00000001, 0x02000000, 0x00100400,
+        0x02000000, 0x00100400, 0x00100000, 0x02000401,
+        0x02000401, 0x02100001, 0x02100001, 0x00000001,
+        0x00100001, 0x02000000, 0x02000400, 0x00100000,
+        0x02100400, 0x00000401, 0x00100401, 0x02100400,
+        0x00000401, 0x02000001, 0x02100401, 0x02100000,
+        0x00100400, 0x00000000, 0x00000001, 0x02100401,
+        0x00000000, 0x00100401, 0x02100000, 0x00000400,
+        0x02000001, 0x02000400, 0x00000400, 0x00100001,
+    },
+    {
+        0x00808200, 0x00000000, 0x00008000, 0x00808202, /* 1 */
+        0x00808002, 0x00008202, 0x00000002, 0x00008000,
+        0x00000200, 0x00808200, 0x00808202, 0x00000200,
+        0x00800202, 0x00808002, 0x00800000, 0x00000002,
+        0x00000202, 0x00800200, 0x00800200, 0x00008200,
+        0x00008200, 0x00808000, 0x00808000, 0x00800202,
+        0x00008002, 0x00800002, 0x00800002, 0x00008002,
+        0x00000000, 0x00000202, 0x00008202, 0x00800000,
+        0x00008000, 0x00808202, 0x00000002, 0x00808000,
+        0x00808200, 0x00800000, 0x00800000, 0x00000200,
+        0x00808002, 0x00008000, 0x00008200, 0x00800002,
+        0x00000200, 0x00000002, 0x00800202, 0x00008202,
+        0x00808202, 0x00008002, 0x00808000, 0x00800202,
+        0x00800002, 0x00000202, 0x00008202, 0x00808200,
+        0x00000202, 0x00800200, 0x00800200, 0x00000000,
+        0x00008002, 0x00008200, 0x00000000, 0x00808002,
+    },
+    {
+        0x00000104, 0x04010100, 0x00000000, 0x04010004, /* 3 */
+        0x04000100, 0x00000000, 0x00010104, 0x04000100,
+        0x00010004, 0x04000004, 0x04000004, 0x00010000,
+        0x04010104, 0x00010004, 0x04010000, 0x00000104,
+        0x04000000, 0x00000004, 0x04010100, 0x00000100,
+        0x00010100, 0x04010000, 0x04010004, 0x00010104,
+        0x04000104, 0x00010100, 0x00010000, 0x04000104,
+        0x00000004, 0x04010104, 0x00000100, 0x04000000,
+        0x04010100, 0x04000000, 0x00010004, 0x00000104,
+        0x00010000, 0x04010100, 0x04000100, 0x00000000,
+        0x00000100, 0x00010004, 0x04010104, 0x04000100,
+        0x04000004, 0x00000100, 0x00000000, 0x04010004,
+        0x04000104, 0x00010000, 0x04000000, 0x04010104,
+        0x00000004, 0x00010104, 0x00010100, 0x04000004,
+        0x04010000, 0x04000104, 0x00000104, 0x04010000,
+        0x00010104, 0x00000004, 0x04010004, 0x00010100,
+    },
+    {
+        0x00000080, 0x01040080, 0x01040000, 0x21000080, /* 5 */
+        0x00040000, 0x00000080, 0x20000000, 0x01040000,
+        0x20040080, 0x00040000, 0x01000080, 0x20040080,
+        0x21000080, 0x21040000, 0x00040080, 0x20000000,
+        0x01000000, 0x20040000, 0x20040000, 0x00000000,
+        0x20000080, 0x21040080, 0x21040080, 0x01000080,
+        0x21040000, 0x20000080, 0x00000000, 0x21000000,
+        0x01040080, 0x01000000, 0x21000000, 0x00040080,
+        0x00040000, 0x21000080, 0x00000080, 0x01000000,
+        0x20000000, 0x01040000, 0x21000080, 0x20040080,
+        0x01000080, 0x20000000, 0x21040000, 0x01040080,
+        0x20040080, 0x00000080, 0x01000000, 0x21040000,
+        0x21040080, 0x00040080, 0x21000000, 0x21040080,
+        0x01040000, 0x00000000, 0x20040000, 0x21000000,
+        0x00040080, 0x01000080, 0x20000080, 0x00040000,
+        0x00000000, 0x20040000, 0x01040080, 0x20000080,
+    },
+    {
+        0x80401000, 0x80001040, 0x80001040, 0x00000040, /* 4 */
+        0x00401040, 0x80400040, 0x80400000, 0x80001000,
+        0x00000000, 0x00401000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00400040, 0x80400000,
+        0x80000000, 0x00001000, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x80001000, 0x00001040,
+        0x80400040, 0x80000000, 0x00001040, 0x00400040,
+        0x00001000, 0x00401040, 0x80401040, 0x80000040,
+        0x00400040, 0x80400000, 0x00401000, 0x80401040,
+        0x80000040, 0x00000000, 0x00000000, 0x00401000,
+        0x00001040, 0x00400040, 0x80400040, 0x80000000,
+        0x80401000, 0x80001040, 0x80001040, 0x00000040,
+        0x80401040, 0x80000040, 0x80000000, 0x00001000,
+        0x80400000, 0x80001000, 0x00401040, 0x80400040,
+        0x80001000, 0x00001040, 0x00400000, 0x80401000,
+        0x00000040, 0x00400000, 0x00001000, 0x00401040,
+    },
+    {
+        0x10000008, 0x10200000, 0x00002000, 0x10202008, /* 6 */
+        0x10200000, 0x00000008, 0x10202008, 0x00200000,
+        0x10002000, 0x00202008, 0x00200000, 0x10000008,
+        0x00200008, 0x10002000, 0x10000000, 0x00002008,
+        0x00000000, 0x00200008, 0x10002008, 0x00002000,
+        0x00202000, 0x10002008, 0x00000008, 0x10200008,
+        0x10200008, 0x00000000, 0x00202008, 0x10202000,
+        0x00002008, 0x00202000, 0x10202000, 0x10000000,
+        0x10002000, 0x00000008, 0x10200008, 0x00202000,
+        0x10202008, 0x00200000, 0x00002008, 0x10000008,
+        0x00200000, 0x10002000, 0x10000000, 0x00002008,
+        0x10000008, 0x10202008, 0x00202000, 0x10200000,
+        0x00202008, 0x10202000, 0x00000000, 0x10200008,
+        0x00000008, 0x00002000, 0x10200000, 0x00202008,
+        0x00002000, 0x00200008, 0x10002008, 0x00000000,
+        0x10202000, 0x10000000, 0x00200008, 0x10002008,
+    },
+    {
+        0x08000820, 0x00000800, 0x00020000, 0x08020820, /* 8 */
+        0x08000000, 0x08000820, 0x00000020, 0x08000000,
+        0x00020020, 0x08020000, 0x08020820, 0x00020800,
+        0x08020800, 0x00020820, 0x00000800, 0x00000020,
+        0x08020000, 0x08000020, 0x08000800, 0x00000820,
+        0x00020800, 0x00020020, 0x08020020, 0x08020800,
+        0x00000820, 0x00000000, 0x00000000, 0x08020020,
+        0x08000020, 0x08000800, 0x00020820, 0x00020000,
+        0x00020820, 0x00020000, 0x08020800, 0x00000800,
+        0x00000020, 0x08020020, 0x00000800, 0x00020820,
+        0x08000800, 0x00000020, 0x08000020, 0x08020000,
+        0x08020020, 0x08000000, 0x00020000, 0x08000820,
+        0x00000000, 0x08020820, 0x00020020, 0x08000020,
+        0x08020000, 0x08000800, 0x08000820, 0x00000000,
+        0x08020820, 0x00020800, 0x00020800, 0x00000820,
+        0x00000820, 0x00020020, 0x08000000, 0x08020800,
+    },
+    {
+        0x40084010, 0x40004000, 0x00004000, 0x00084010, /* 2 */
+        0x00080000, 0x00000010, 0x40080010, 0x40004010,
+        0x40000010, 0x40084010, 0x40084000, 0x40000000,
+        0x40004000, 0x00080000, 0x00000010, 0x40080010,
+        0x00084000, 0x00080010, 0x40004010, 0x00000000,
+        0x40000000, 0x00004000, 0x00084010, 0x40080000,
+        0x00080010, 0x40000010, 0x00000000, 0x00084000,
+        0x00004010, 0x40084000, 0x40080000, 0x00004010,
+        0x00000000, 0x00084010, 0x40080010, 0x00080000,
+        0x40004010, 0x40080000, 0x40084000, 0x00004000,
+        0x40080000, 0x40004000, 0x00000010, 0x40084010,
+        0x00084010, 0x00000010, 0x00004000, 0x40000000,
+        0x00004010, 0x40084000, 0x00080000, 0x40000010,
+        0x00080010, 0x40004010, 0x40000010, 0x00080010,
+        0x00084000, 0x00000000, 0x40004000, 0x00004010,
+        0x40000000, 0x40080010, 0x40084010, 0x00084000
+    },
 };
diff --git a/src/lib/crypto/builtin/des/f_tables.h b/src/lib/crypto/builtin/des/f_tables.h
index 45a6322..556bffd 100644
--- a/src/lib/crypto/builtin/des/f_tables.h
+++ b/src/lib/crypto/builtin/des/f_tables.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/f_tables.h
  *
@@ -28,10 +29,10 @@
 
 /*
  * des_tables.h - declarations to import the DES tables, used internally
- *		  by some of the library routines.
+ *                by some of the library routines.
  */
-#ifndef	__DES_TABLES_H__
-#define	__DES_TABLES_H__	/* nothing */
+#ifndef __DES_TABLES_H__
+#define __DES_TABLES_H__        /* nothing */
 
 #include "k5-platform.h"
 /*
@@ -45,14 +46,14 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
 /*
  * Use standard shortforms to reference these to save typing
  */
-#define	IP	des_IP_table
-#define	FP	des_FP_table
-#define	SP	des_SP_table
+#define IP      des_IP_table
+#define FP      des_FP_table
+#define SP      des_SP_table
 
 #ifdef DEBUG
-#define	DEB(foofraw)	printf foofraw
+#define DEB(foofraw)    printf foofraw
 #else
-#define	DEB(foofraw)	/* nothing */
+#define DEB(foofraw)    /* nothing */
 #endif
 
 /*
@@ -89,39 +90,41 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  *
  * When using this, the inner loop of the DES function might look like:
  *
- *	for (i = 0; i < 8; i++) {
- *		DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp);
- *		DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp);
- *	}
+ *      for (i = 0; i < 8; i++) {
+ *              DES_SP_{EN,DE}CRYPT_ROUND(left, right, temp, kp);
+ *              DES_SP_{EN,DE}CRYPT_ROUND(right, left, temp, kp);
+ *      }
  *
  * Note the trick above.  You are supposed to do 16 rounds, swapping
  * left and right at the end of each round.  By doing two rounds at
  * a time and swapping left and right in the code we can avoid the
  * swaps altogether.
  */
-#define	DES_SP_ENCRYPT_ROUND(left, right, temp, kp) \
-	(temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++; \
-	(left) ^= SP[0][((temp) >> 24) & 0x3f] \
-		| SP[1][((temp) >> 16) & 0x3f] \
-		| SP[2][((temp) >>  8) & 0x3f] \
-		| SP[3][((temp)      ) & 0x3f]; \
-	(temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++; \
-	(left) ^= SP[4][((temp) >> 24) & 0x3f] \
-		| SP[5][((temp) >> 16) & 0x3f] \
-		| SP[6][((temp) >>  8) & 0x3f] \
-		| SP[7][((temp)      ) & 0x3f]
+#define DES_SP_ENCRYPT_ROUND(left, right, temp, kp) do {                \
+        (temp) = (((right) >> 11) | ((right) << 21)) ^ *(kp)++;         \
+        (left) ^= SP[0][((temp) >> 24) & 0x3f]                          \
+            | SP[1][((temp) >> 16) & 0x3f]                              \
+            | SP[2][((temp) >>  8) & 0x3f]                              \
+            | SP[3][((temp)      ) & 0x3f];                             \
+        (temp) = (((right) >> 23) | ((right) << 9)) ^ *(kp)++;          \
+        (left) ^= SP[4][((temp) >> 24) & 0x3f]                          \
+            | SP[5][((temp) >> 16) & 0x3f]                              \
+            | SP[6][((temp) >>  8) & 0x3f]                              \
+            | SP[7][((temp)      ) & 0x3f];                             \
+    } while(0);
 
-#define	DES_SP_DECRYPT_ROUND(left, right, temp, kp) \
-	(temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp)); \
-	(left) ^= SP[7][((temp)      ) & 0x3f] \
-		| SP[6][((temp) >>  8) & 0x3f] \
-		| SP[5][((temp) >> 16) & 0x3f] \
-		| SP[4][((temp) >> 24) & 0x3f]; \
-	(temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp)); \
-	(left) ^= SP[3][((temp)      ) & 0x3f] \
-		| SP[2][((temp) >>  8) & 0x3f] \
-		| SP[1][((temp) >> 16) & 0x3f] \
-		| SP[0][((temp) >> 24) & 0x3f]
+#define DES_SP_DECRYPT_ROUND(left, right, temp, kp) do {                \
+        (temp) = (((right) >> 23) | ((right) << 9)) ^ *(--(kp));        \
+        (left) ^= SP[7][((temp)      ) & 0x3f]                          \
+            | SP[6][((temp) >>  8) & 0x3f]                              \
+            | SP[5][((temp) >> 16) & 0x3f]                              \
+            | SP[4][((temp) >> 24) & 0x3f];                             \
+        (temp) = (((right) >> 11) | ((right) << 21)) ^ *(--(kp));       \
+        (left) ^= SP[3][((temp)      ) & 0x3f]                          \
+            | SP[2][((temp) >>  8) & 0x3f]                              \
+            | SP[1][((temp) >> 16) & 0x3f]                              \
+            | SP[0][((temp) >> 24) & 0x3f];                             \
+    } while (0);
 
 /*
  * Macros to help deal with the initial permutation table.  Note
@@ -140,11 +143,11 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
  * propagates the high-order bit in the shift.
  */
-#define	DES_IP_LEFT_BITS(left, right) \
-	((((left) & 0x55555555) << 1) | ((right) & 0x55555555))
-#define	DES_IP_RIGHT_BITS(left, right) \
-	(((left) & 0xaaaaaaaa) | \
-		( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1))
+#define DES_IP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x55555555) << 1) | ((right) & 0x55555555))
+#define DES_IP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xaaaaaaaa) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xaaaaaaaa) ) >> 1))
 
 /*
  * The following macro does an in-place initial permutation given
@@ -154,17 +157,18 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * are dealing with.  If you use this, though, try to make left,
  * right and temp register unsigned DES_INT32s.
  */
-#define	DES_INITIAL_PERM(left, right, temp) \
-	(temp) = DES_IP_RIGHT_BITS((left), (right)); \
-	(right) = DES_IP_LEFT_BITS((left), (right)); \
-	(left) = IP[((right) >> 24) & 0xff] \
-	       | (IP[((right) >> 16) & 0xff] << 1) \
-	       | (IP[((right) >>  8) & 0xff] << 2) \
-	       | (IP[(right) & 0xff] << 3); \
-	(right) = IP[((temp) >> 24) & 0xff] \
-		| (IP[((temp) >> 16) & 0xff] << 1) \
-		| (IP[((temp) >>  8) & 0xff] << 2) \
-		| (IP[(temp) & 0xff] << 3)
+#define DES_INITIAL_PERM(left, right, temp) do {        \
+        (temp) = DES_IP_RIGHT_BITS((left), (right));    \
+        (right) = DES_IP_LEFT_BITS((left), (right));    \
+        (left) = IP[((right) >> 24) & 0xff]             \
+            | (IP[((right) >> 16) & 0xff] << 1)         \
+            | (IP[((right) >>  8) & 0xff] << 2)         \
+            | (IP[(right) & 0xff] << 3);                \
+        (right) = IP[((temp) >> 24) & 0xff]             \
+            | (IP[((temp) >> 16) & 0xff] << 1)          \
+            | (IP[((temp) >>  8) & 0xff] << 2)          \
+            | (IP[(temp) & 0xff] << 3);                 \
+    } while(0);
 
 /*
  * Now the final permutation stuff.  The same comments apply to
@@ -175,11 +179,11 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * the Macintosh MPW 3.2 C compiler which loses the unsignedness and
  * propagates the high-order bit in the shift.
  */
-#define DES_FP_LEFT_BITS(left, right) \
-	((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f))
-#define	DES_FP_RIGHT_BITS(left, right) \
-	(((left) & 0xf0f0f0f0) | \
-		( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4))
+#define DES_FP_LEFT_BITS(left, right)                           \
+    ((((left) & 0x0f0f0f0f) << 4) | ((right) & 0x0f0f0f0f))
+#define DES_FP_RIGHT_BITS(left, right)                          \
+    (((left) & 0xf0f0f0f0) |                                    \
+     ( ( (unsigned DES_INT32) ((right) & 0xf0f0f0f0) ) >> 4))
 
 
 /*
@@ -189,17 +193,18 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * swapping internally, which is why left and right are confused
  * at the beginning.
  */
-#define DES_FINAL_PERM(left, right, temp) \
-	(temp) = DES_FP_RIGHT_BITS((right), (left)); \
-	(right) = DES_FP_LEFT_BITS((right), (left)); \
-	(left) = (FP[((right) >> 24) & 0xff] << 6) \
-	       | (FP[((right) >> 16) & 0xff] << 4) \
-	       | (FP[((right) >>  8) & 0xff] << 2) \
-	       |  FP[(right) & 0xff]; \
-	(right) = (FP[((temp) >> 24) & 0xff] << 6) \
-		| (FP[((temp) >> 16) & 0xff] << 4) \
-		| (FP[((temp) >>  8) & 0xff] << 2) \
-		|  FP[temp & 0xff]
+#define DES_FINAL_PERM(left, right, temp) do {          \
+        (temp) = DES_FP_RIGHT_BITS((right), (left));    \
+        (right) = DES_FP_LEFT_BITS((right), (left));    \
+        (left) = (FP[((right) >> 24) & 0xff] << 6)      \
+            | (FP[((right) >> 16) & 0xff] << 4)         \
+            | (FP[((right) >>  8) & 0xff] << 2)         \
+            |  FP[(right) & 0xff];                      \
+        (right) = (FP[((temp) >> 24) & 0xff] << 6)      \
+            | (FP[((temp) >> 16) & 0xff] << 4)          \
+            | (FP[((temp) >>  8) & 0xff] << 2)          \
+            |  FP[temp & 0xff];                         \
+    } while(0);
 
 
 /*
@@ -220,44 +225,44 @@ extern const unsigned DES_INT32 des_SP_table[8][64];
  * at each stage of the encryption, so that by comparing the output to
  * a known good machine, the location of the first error can be found.
  */
-#define	DES_DO_ENCRYPT_1(left, right, kp) \
-	do { \
-		register int i; \
-		register unsigned DES_INT32 temp1; \
-		DEB (("do_encrypt %8lX %8lX \n", left, right)); \
-		DES_INITIAL_PERM((left), (right), (temp1)); \
-		DEB (("  after IP %8lX %8lX\n", left, right)); \
-		for (i = 0; i < 8; i++) { \
-			DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp)); \
-			DEB (("  round %2d %8lX %8lX \n", i*2, left, right)); \
-			DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp)); \
-			DEB (("  round %2d %8lX %8lX \n", 1+i*2, left, right)); \
-		} \
-		DES_FINAL_PERM((left), (right), (temp1)); \
-		(kp) -= (2 * 16); \
-		DEB (("  after FP %8lX %8lX \n", left, right)); \
-	} while (0)
+#define DES_DO_ENCRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        register int i;                                                 \
+        register unsigned DES_INT32 temp1;                              \
+        DEB (("do_encrypt %8lX %8lX \n", left, right));                 \
+        DES_INITIAL_PERM((left), (right), (temp1));                     \
+        DEB (("  after IP %8lX %8lX\n", left, right));                  \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_ENCRYPT_ROUND((left), (right), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", i*2, left, right));       \
+            DES_SP_ENCRYPT_ROUND((right), (left), (temp1), (kp));       \
+            DEB (("  round %2d %8lX %8lX \n", 1+i*2, left, right));     \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp1));                       \
+        (kp) -= (2 * 16);                                               \
+        DEB (("  after FP %8lX %8lX \n", left, right));                 \
+    } while (0)
 
-#define	DES_DO_DECRYPT_1(left, right, kp) \
-	do { \
-		register int i; \
-		register unsigned DES_INT32 temp2; \
-		DES_INITIAL_PERM((left), (right), (temp2)); \
-		(kp) += (2 * 16); \
-		for (i = 0; i < 8; i++) { \
-			DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp)); \
-			DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp)); \
-		} \
-		DES_FINAL_PERM((left), (right), (temp2)); \
-	} while (0)
+#define DES_DO_DECRYPT_1(left, right, kp)                               \
+    do {                                                                \
+        register int i;                                                 \
+        register unsigned DES_INT32 temp2;                              \
+        DES_INITIAL_PERM((left), (right), (temp2));                     \
+        (kp) += (2 * 16);                                               \
+        for (i = 0; i < 8; i++) {                                       \
+            DES_SP_DECRYPT_ROUND((left), (right), (temp2), (kp));       \
+            DES_SP_DECRYPT_ROUND((right), (left), (temp2), (kp));       \
+        }                                                               \
+        DES_FINAL_PERM((left), (right), (temp2));                       \
+    } while (0)
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 extern void krb5int_des_do_encrypt_2(unsigned DES_INT32 *l,
-				     unsigned DES_INT32 *r,
-				     const unsigned DES_INT32 *k);
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
 extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l,
-				     unsigned DES_INT32 *r,
-				     const unsigned DES_INT32 *k);
+                                     unsigned DES_INT32 *r,
+                                     const unsigned DES_INT32 *k);
 #define DES_DO_ENCRYPT(L,R,K) krb5int_des_do_encrypt_2(&(L), &(R), (K))
 #define DES_DO_DECRYPT(L,R,K) krb5int_des_do_decrypt_2(&(L), &(R), (K))
 #else
@@ -269,11 +274,11 @@ extern void krb5int_des_do_decrypt_2(unsigned DES_INT32 *l,
  * These are handy dandy utility thingies for straightening out bytes.
  * Included here because they're used a couple of places.
  */
-#define	GET_HALF_BLOCK(lr, ip)	((lr) = load_32_be(ip), (ip) += 4)
-#define PUT_HALF_BLOCK(lr, op)	(store_32_be(lr, op), (op) += 4)
+#define GET_HALF_BLOCK(lr, ip)  ((lr) = load_32_be(ip), (ip) += 4)
+#define PUT_HALF_BLOCK(lr, op)  (store_32_be(lr, op), (op) += 4)
 
 /* Shorthand that we'll need in several places, for creating values that
    really can hold 32 bits regardless of the prevailing int size.  */
-#define FF_UINT32	((unsigned DES_INT32) 0xFF)
+#define FF_UINT32       ((unsigned DES_INT32) 0xFF)
 
-#endif	/* __DES_TABLES_H__ */
+#endif  /* __DES_TABLES_H__ */
diff --git a/src/lib/crypto/builtin/des/key_sched.c b/src/lib/crypto/builtin/des/key_sched.c
index dc6f349..2be5586 100644
--- a/src/lib/crypto/builtin/des/key_sched.c
+++ b/src/lib/crypto/builtin/des/key_sched.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/key_sched.c
  *
@@ -50,11 +51,11 @@ mit_des_key_sched(mit_des_cblock k, mit_des_key_schedule schedule)
 {
     mit_des_make_key_sched(k,schedule);
 
-    if (!mit_des_check_key_parity(k))	/* bad parity --> return -1 */
-	return(-1);
+    if (!mit_des_check_key_parity(k))   /* bad parity --> return -1 */
+        return(-1);
 
     if (mit_des_is_weak_key(k))
-	return(-2);
+        return(-2);
 
     /* if key was good, return 0 */
     return 0;
diff --git a/src/lib/crypto/builtin/des/string2key.c b/src/lib/crypto/builtin/des/string2key.c
index c817806..7ddee27 100644
--- a/src/lib/crypto/builtin/des/string2key.c
+++ b/src/lib/crypto/builtin/des/string2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_s2k.c
  *
@@ -32,13 +33,13 @@
 
 krb5_error_code
 mit_des_string_to_key_int (krb5_keyblock *key,
-			   const krb5_data *pw, const krb5_data *salt)
+                           const krb5_data *pw, const krb5_data *salt)
 {
     union {
-	/* 8 "forward" bytes, 8 "reverse" bytes */
-	unsigned char uc[16];
-	krb5_ui_4 ui[4];
-	mit_des_cblock cb;
+        /* 8 "forward" bytes, 8 "reverse" bytes */
+        unsigned char uc[16];
+        krb5_ui_4 ui[4];
+        mit_des_cblock cb;
     } temp;
     unsigned int i;
     krb5_ui_4 x, y, z;
@@ -53,30 +54,30 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        current algorithm is dependent on having four 8-bit char values
        exactly overlay a 32-bit integral type.  */
     if (sizeof(temp.uc) != sizeof(temp.ui)
-	|| (unsigned char)~0 != 0xFF
-	|| (krb5_ui_4)~(krb5_ui_4)0 != 0xFFFFFFFF
-	|| (temp.uc[0] = 1, temp.uc[1] = 2, temp.uc[2] = 3, temp.uc[3] = 4,
-	    !(temp.ui[0] == 0x01020304
-	      || temp.ui[0] == 0x04030201)))
-	abort();
-#define FETCH4(VAR, IDX)	VAR = temp.ui[IDX/4]
-#define PUT4(VAR, IDX)		temp.ui[IDX/4] = VAR
+        || (unsigned char)~0 != 0xFF
+        || (krb5_ui_4)~(krb5_ui_4)0 != 0xFFFFFFFF
+        || (temp.uc[0] = 1, temp.uc[1] = 2, temp.uc[2] = 3, temp.uc[3] = 4,
+            !(temp.ui[0] == 0x01020304
+              || temp.ui[0] == 0x04030201)))
+        abort();
+#define FETCH4(VAR, IDX)        VAR = temp.ui[IDX/4]
+#define PUT4(VAR, IDX)          temp.ui[IDX/4] = VAR
 
     if (salt
-	&& (salt->length == SALT_TYPE_AFS_LENGTH
-	    /* XXX  Yuck!  Aren't we done with this yet?  */
-	    || salt->length == (unsigned) -1)) {
-	krb5_data afssalt;
-	char *at;
+        && (salt->length == SALT_TYPE_AFS_LENGTH
+            /* XXX  Yuck!  Aren't we done with this yet?  */
+            || salt->length == (unsigned) -1)) {
+        krb5_data afssalt;
+        char *at;
 
-	afssalt.data = salt->data;
-	at = strchr(afssalt.data, '@');
-	if (at) {
-	    *at = 0;
-	    afssalt.length = at - afssalt.data;
-	} else
-	    afssalt.length = strlen(afssalt.data);
-	return mit_afs_string_to_key(key, pw, &afssalt);
+        afssalt.data = salt->data;
+        at = strchr(afssalt.data, '@');
+        if (at) {
+            *at = 0;
+            afssalt.length = at - afssalt.data;
+        } else
+            afssalt.length = strlen(afssalt.data);
+        return mit_afs_string_to_key(key, pw, &afssalt);
     }
 
     copylen = pw->length + (salt ? salt->length : 0);
@@ -84,10 +85,10 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        a byte array, not a string.  */
     copy = malloc(copylen);
     if (copy == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memcpy(copy, pw->data, pw->length);
     if (salt)
-	memcpy(copy + pw->length, salt->data, salt->length);
+        memcpy(copy + pw->length, salt->data, salt->length);
 
     memset(&temp, 0, sizeof(temp));
     p = temp.uc;
@@ -95,34 +96,34 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        forward and reverse sections, and combine them later, rather
        than having to do the reversal over and over again.  */
     for (i = 0; i < copylen; i++) {
-	*p++ ^= copy[i];
-	if (p == temp.uc+16) {
-	    p = temp.uc;
+        *p++ ^= copy[i];
+        if (p == temp.uc+16) {
+            p = temp.uc;
 #ifdef PRINT_TEST_VECTORS
-	    {
-		int j;
-		printf("after %d input bytes:\nforward block:\t", i+1);
-		for (j = 0; j < 8; j++)
-		    printf(" %02x", temp.uc[j] & 0xff);
-		printf("\nreverse block:\t");
-		for (j = 8; j < 16; j++)
-		    printf(" %02x", temp.uc[j] & 0xff);
-		printf("\n");
-	    }
+            {
+                int j;
+                printf("after %d input bytes:\nforward block:\t", i+1);
+                for (j = 0; j < 8; j++)
+                    printf(" %02x", temp.uc[j] & 0xff);
+                printf("\nreverse block:\t");
+                for (j = 8; j < 16; j++)
+                    printf(" %02x", temp.uc[j] & 0xff);
+                printf("\n");
+            }
 #endif
-	}
+        }
     }
 
 #ifdef PRINT_TEST_VECTORS
     if (p != temp.uc) {
-	int j;
-	printf("at end, after %d input bytes:\nforward block:\t", i);
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\nreverse block:\t");
-	for (j = 8; j < 16; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("at end, after %d input bytes:\nforward block:\t", i);
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\nreverse block:\t");
+        for (j = 8; j < 16; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 #if 0
@@ -137,24 +138,24 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
        If we could rely on 64-bit math, another 7 ops would save us
        from having to do double the work.  */
-#define REVERSE_STEP(VAR, SHIFT, MASK)			\
+#define REVERSE_STEP(VAR, SHIFT, MASK)                                  \
     VAR = ((VAR >> SHIFT) & MASK) | ((VAR << SHIFT) & (0xFFFFFFFFUL & ~MASK))
-#define REVERSE(VAR)						\
-    REVERSE_STEP (VAR, 1, 0x55555555UL); /* swap odd/even bits */	\
-    REVERSE_STEP (VAR, 2, 0x33333333UL); /* swap bitpairs */		\
-    REVERSE_STEP (VAR, 4, 0x0F0F0F0FUL); /* swap nibbles, etc */	\
-    REVERSE_STEP (VAR, 8, 0x00FF00FFUL);				\
+#define REVERSE(VAR)                                                    \
+    REVERSE_STEP (VAR, 1, 0x55555555UL); /* swap odd/even bits */       \
+    REVERSE_STEP (VAR, 2, 0x33333333UL); /* swap bitpairs */            \
+    REVERSE_STEP (VAR, 4, 0x0F0F0F0FUL); /* swap nibbles, etc */        \
+    REVERSE_STEP (VAR, 8, 0x00FF00FFUL);                                \
     REVERSE_STEP (VAR, 16, 0x0000FFFFUL);
 #else /* shorter */
-#define REVERSE(VAR)				\
-    {						\
-	krb5_ui_4 old = VAR, temp1 = 0;		\
-	int j;					\
-	for (j = 0; j < 32; j++) {		\
-	    temp1 = (temp1 << 1) | (old & 1);	\
-	    old >>= 1;				\
-	}					\
-	VAR = temp1;				\
+#define REVERSE(VAR)                            \
+    {                                           \
+        krb5_ui_4 old = VAR, temp1 = 0;         \
+        int j;                                  \
+        for (j = 0; j < 32; j++) {              \
+            temp1 = (temp1 << 1) | (old & 1);   \
+            old >>= 1;                          \
+        }                                       \
+        VAR = temp1;                            \
     }
 #endif
 
@@ -168,16 +169,16 @@ mit_des_string_to_key_int (krb5_keyblock *key,
     REVERSE (y);
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	union { unsigned char uc[4]; krb5_ui_4 ui; } t2;
-	printf("after reversal, reversed block:\n\t\t");
-	t2.ui = y;
-	for (j = 0; j < 4; j++)
-	    printf(" %02x", t2.uc[j] & 0xff);
-	t2.ui = x;
-	for (j = 0; j < 4; j++)
-	    printf(" %02x", t2.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        union { unsigned char uc[4]; krb5_ui_4 ui; } t2;
+        printf("after reversal, reversed block:\n\t\t");
+        t2.ui = y;
+        for (j = 0; j < 4; j++)
+            printf(" %02x", t2.uc[j] & 0xff);
+        t2.ui = x;
+        for (j = 0; j < 4; j++)
+            printf(" %02x", t2.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
     /* Ignored bits are now at the bottom of each byte, where we'll
@@ -200,16 +201,16 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after reversal, combined block:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after reversal, combined block:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
-#define FIXUP(K)					\
-    (mit_des_fixup_key_parity(K),			\
+#define FIXUP(K)                                        \
+    (mit_des_fixup_key_parity(K),                       \
      mit_des_is_weak_key(K) ? (K[7] ^= 0xF0) : 0)
 
     /* Now temp.cb is the temporary key, with invalid parity.  */
@@ -217,11 +218,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after fixing parity and weak keys:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after fixing parity and weak keys:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
@@ -233,11 +234,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("cbc checksum:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("cbc checksum:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
@@ -246,11 +247,11 @@ mit_des_string_to_key_int (krb5_keyblock *key,
 
 #ifdef PRINT_TEST_VECTORS
     {
-	int j;
-	printf("after fixing parity and weak keys:\n\t\t");
-	for (j = 0; j < 8; j++)
-	    printf(" %02x", temp.uc[j] & 0xff);
-	printf("\n");
+        int j;
+        printf("after fixing parity and weak keys:\n\t\t");
+        for (j = 0; j < 8; j++)
+            printf(" %02x", temp.uc[j] & 0xff);
+        printf("\n");
     }
 #endif
 
diff --git a/src/lib/crypto/builtin/des/t_afss2k.c b/src/lib/crypto/builtin/des/t_afss2k.c
index a6d0aa5..5a0f960 100644
--- a/src/lib/crypto/builtin/des/t_afss2k.c
+++ b/src/lib/crypto/builtin/des/t_afss2k.c
@@ -1,70 +1,71 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "des_int.h"
 
 static const char *me;
 
 struct test_case {
-	char *saltstr;
-	int saltlen;
-	unsigned char keys[12][8];
+    char *saltstr;
+    int saltlen;
+    unsigned char keys[12][8];
 };
 
 struct test_case test_cases[] = {
-	{
-		"Sodium Chloride", -1,
-		{
-			{ 0xa4, 0xd0, 0xd0, 0x9b, 0x86, 0x92, 0xb0, 0xc2, },
-			{ 0xf1, 0xf2, 0x9e, 0xab, 0xd0, 0xef, 0xdf, 0x73, },
-			{ 0xd6, 0x85, 0x61, 0xc4, 0xf2, 0x94, 0xf4, 0xa1, },
-			{ 0xd0, 0xe3, 0xa7, 0x83, 0x94, 0x61, 0xe0, 0xd0, },
-			{ 0xd5, 0x62, 0xcd, 0x94, 0x61, 0xcb, 0x97, 0xdf, },
-			{ 0x9e, 0xa2, 0xa2, 0xec, 0xa8, 0x8c, 0x6b, 0x8f, },
-			{ 0xe3, 0x91, 0x6d, 0xd3, 0x85, 0xf1, 0x67, 0xc4, },
-			{ 0xf4, 0xc4, 0x73, 0xc8, 0x8a, 0xe9, 0x94, 0x6d, },
-			{ 0xa1, 0x9e, 0xb3, 0xad, 0x6b, 0xe3, 0xab, 0xd9, },
-			{ 0xad, 0xa1, 0xce, 0x10, 0x37, 0x83, 0xa7, 0x8c, },
-			{ 0xd3, 0x01, 0xd0, 0xf7, 0x3e, 0x7a, 0x49, 0x0b, },
-			{ 0xb6, 0x2a, 0x4a, 0xec, 0x9d, 0x4c, 0x68, 0xdf, },
-		}
-	},
-	{
-		"NaCl", 4,
-		{
-			{ 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
-			{ 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
-			{ 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
-			{ 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
-			{ 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
-			{ 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
-			{ 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
-			{ 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
-			{ 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
-			{ 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
-			{ 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
-			{ 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
-		}
-	},
-	{
-		/* This one intentionally supplies a length shorter
-		   than the string.  The point of this is to ensure
-		   that s[len] is not zero, so that anything actually
-		   relying on that value (i.e., reading out of bounds)
-		   should generate incorrect results.  */
-		"NaCl2", 4,
-		{
-			{ 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
-			{ 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
-			{ 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
-			{ 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
-			{ 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
-			{ 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
-			{ 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
-			{ 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
-			{ 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
-			{ 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
-			{ 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
-			{ 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
-		}
-	},
+    {
+        "Sodium Chloride", -1,
+        {
+            { 0xa4, 0xd0, 0xd0, 0x9b, 0x86, 0x92, 0xb0, 0xc2, },
+            { 0xf1, 0xf2, 0x9e, 0xab, 0xd0, 0xef, 0xdf, 0x73, },
+            { 0xd6, 0x85, 0x61, 0xc4, 0xf2, 0x94, 0xf4, 0xa1, },
+            { 0xd0, 0xe3, 0xa7, 0x83, 0x94, 0x61, 0xe0, 0xd0, },
+            { 0xd5, 0x62, 0xcd, 0x94, 0x61, 0xcb, 0x97, 0xdf, },
+            { 0x9e, 0xa2, 0xa2, 0xec, 0xa8, 0x8c, 0x6b, 0x8f, },
+            { 0xe3, 0x91, 0x6d, 0xd3, 0x85, 0xf1, 0x67, 0xc4, },
+            { 0xf4, 0xc4, 0x73, 0xc8, 0x8a, 0xe9, 0x94, 0x6d, },
+            { 0xa1, 0x9e, 0xb3, 0xad, 0x6b, 0xe3, 0xab, 0xd9, },
+            { 0xad, 0xa1, 0xce, 0x10, 0x37, 0x83, 0xa7, 0x8c, },
+            { 0xd3, 0x01, 0xd0, 0xf7, 0x3e, 0x7a, 0x49, 0x0b, },
+            { 0xb6, 0x2a, 0x4a, 0xec, 0x9d, 0x4c, 0x68, 0xdf, },
+        }
+    },
+    {
+        "NaCl", 4,
+        {
+            { 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
+            { 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
+            { 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
+            { 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
+            { 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
+            { 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
+            { 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
+            { 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
+            { 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
+            { 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
+            { 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
+            { 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
+        }
+    },
+    {
+        /* This one intentionally supplies a length shorter
+           than the string.  The point of this is to ensure
+           that s[len] is not zero, so that anything actually
+           relying on that value (i.e., reading out of bounds)
+           should generate incorrect results.  */
+        "NaCl2", 4,
+        {
+            { 0x61, 0xef, 0xe6, 0x83, 0xe5, 0x8a, 0x6b, 0x98 },
+            { 0x68, 0xcd, 0x68, 0xad, 0xc4, 0x86, 0xcd, 0xe5 },
+            { 0x83, 0xa1, 0xc8, 0x86, 0x8f, 0x67, 0xd0, 0x62 },
+            { 0x9e, 0xc7, 0x8f, 0xa4, 0xa4, 0xb3, 0xe0, 0xd5 },
+            { 0xd9, 0x92, 0x86, 0x8f, 0x9d, 0x8c, 0x85, 0xe6 },
+            { 0xda, 0xf2, 0x92, 0x83, 0xf4, 0x9b, 0xa7, 0xad },
+            { 0x91, 0xcd, 0xad, 0xef, 0x86, 0xdf, 0xd3, 0xa2 },
+            { 0x73, 0xd3, 0x67, 0x68, 0x8f, 0x6e, 0xe3, 0x73 },
+            { 0xc4, 0x61, 0x85, 0x9d, 0xad, 0xf4, 0xdc, 0xb0 },
+            { 0xe9, 0x02, 0x83, 0x16, 0x2c, 0xec, 0xe0, 0x08 },
+            { 0x61, 0xc8, 0x26, 0x29, 0xd9, 0x73, 0x6e, 0xb6 },
+            { 0x8c, 0xa8, 0x9e, 0xc4, 0xa8, 0xdc, 0x31, 0x73 },
+        }
+    },
 };
 
 static void do_it (struct test_case *tcase);
@@ -72,65 +73,65 @@ static void do_it (struct test_case *tcase);
 int
 main (int argc, char *argv[])
 {
-	int i;
+    int i;
 
-	me = argv[0];
-	for (i = 0; i < sizeof (test_cases) / sizeof (struct test_case); i++)
-		do_it (&test_cases[i]);
-	return 0;
+    me = argv[0];
+    for (i = 0; i < sizeof (test_cases) / sizeof (struct test_case); i++)
+        do_it (&test_cases[i]);
+    return 0;
 }
 
 static void
 do_it (struct test_case *tcase)
 {
-	unsigned char keydata[8];
-	krb5_data salt, passwd;
-	krb5_keyblock key;
-	krb5_error_code err;
-	int i;
-	unsigned char longpass[2048];
+    unsigned char keydata[8];
+    krb5_data salt, passwd;
+    krb5_keyblock key;
+    krb5_error_code err;
+    int i;
+    unsigned char longpass[2048];
 
-	key.contents = keydata;
-	key.length = sizeof (keydata);
+    key.contents = keydata;
+    key.length = sizeof (keydata);
 
-	salt.data = tcase->saltstr;
-	if (tcase->saltlen == -1)
-		salt.length = strlen (tcase->saltstr);
-	else
-		salt.length = tcase->saltlen;
+    salt.data = tcase->saltstr;
+    if (tcase->saltlen == -1)
+        salt.length = strlen (tcase->saltstr);
+    else
+        salt.length = tcase->saltlen;
 
-	/*
-	 * Try passwords with lengths equal to, greater than, and less
-	 * than 8 characters, since the AFS s2k algorithm does
-	 * interesting stuff depending on the length.
-	 */
-	passwd.data = "My Password";
-	for (i = 0; i < 12; i++) {
-		passwd.length = i;
-		err = mit_afs_string_to_key (&key, &passwd, &salt);
-		if (err != 0) {
-			com_err (me, err, "");
-			exit (1);
-		}
-		if (memcmp (tcase->keys[i], keydata, 8) != 0)
-			abort ();
-	}
+    /*
+     * Try passwords with lengths equal to, greater than, and less
+     * than 8 characters, since the AFS s2k algorithm does
+     * interesting stuff depending on the length.
+     */
+    passwd.data = "My Password";
+    for (i = 0; i < 12; i++) {
+        passwd.length = i;
+        err = mit_afs_string_to_key (&key, &passwd, &salt);
+        if (err != 0) {
+            com_err (me, err, "");
+            exit (1);
+        }
+        if (memcmp (tcase->keys[i], keydata, 8) != 0)
+            abort ();
+    }
 
-	/* Run another pass to make sure the characters after the
-	   password in the buffer aren't influencing the output.  The
-	   password is *not* required to be null-terminated.  */
-	memset (longpass, '!', sizeof (longpass));
-	longpass[sizeof (longpass)-1] = '\0';
-	memcpy (longpass, "My Password", strlen ("My Password"));
-	passwd.data = (char *) longpass;
-	for (i = 0; i < 12; i++) {
-		passwd.length = i;
-		err = mit_afs_string_to_key (&key, &passwd, &salt);
-		if (err != 0) {
-			com_err (me, err, "");
-			exit (1);
-		}
-		if (memcmp (tcase->keys[i], keydata, 8) != 0)
-			abort ();
-	}
+    /* Run another pass to make sure the characters after the
+       password in the buffer aren't influencing the output.  The
+       password is *not* required to be null-terminated.  */
+    memset (longpass, '!', sizeof (longpass));
+    longpass[sizeof (longpass)-1] = '\0';
+    memcpy (longpass, "My Password", strlen ("My Password"));
+    passwd.data = (char *) longpass;
+    for (i = 0; i < 12; i++) {
+        passwd.length = i;
+        err = mit_afs_string_to_key (&key, &passwd, &salt);
+        if (err != 0) {
+            com_err (me, err, "");
+            exit (1);
+        }
+        if (memcmp (tcase->keys[i], keydata, 8) != 0)
+            abort ();
+    }
 }
diff --git a/src/lib/crypto/builtin/des/t_verify.c b/src/lib/crypto/builtin/des/t_verify.c
index 6c1f17b..ae31207 100644
--- a/src/lib/crypto/builtin/des/t_verify.c
+++ b/src/lib/crypto/builtin/des/t_verify.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/verify.c
  *
@@ -27,8 +28,8 @@
  * Program to test the correctness of the DES library
  * implementation.
  *
- * exit returns	 0 ==> success
- * 		-1 ==> error
+ * exit returns  0 ==> success
+ *              -1 ==> error
  */
 
 /*
@@ -140,35 +141,35 @@ main(argc,argv)
     /* Set screen window buffer to infinite size -- MS default is tiny.  */
     _wsetscreenbuf (fileno (stdout), _WINBUFINF);
 #endif
-    progname=argv[0];		/* salt away invoking program */
+    progname=argv[0];           /* salt away invoking program */
 
     while (--argc > 0 && (*++argv)[0] == '-')
-	for (i=1; argv[0][i] != '\0'; i++) {
-	    switch (argv[0][i]) {
+        for (i=1; argv[0][i] != '\0'; i++) {
+            switch (argv[0][i]) {
 
-		/* debug flag */
-	    case 'd':
-		mit_des_debug=3;
-		continue;
+                /* debug flag */
+            case 'd':
+                mit_des_debug=3;
+                continue;
 
-	    case 'z':
-		zflag = 1;
-		continue;
+            case 'z':
+                zflag = 1;
+                continue;
 
-	    case 'm':
-		mflag = 1;
-		continue;
+            case 'm':
+                mflag = 1;
+                continue;
 
-	    default:
-		printf("%s: illegal flag \"%c\" ",
-		       progname,argv[0][i]);
-		exit(1);
-	    }
-	};
+            default:
+                printf("%s: illegal flag \"%c\" ",
+                       progname,argv[0][i]);
+                exit(1);
+            }
+        };
 
     if (argc) {
-	fprintf(stderr, "Usage: %s [-dmz]\n", progname);
-	exit(1);
+        fprintf(stderr, "Usage: %s [-dmz]\n", progname);
+        exit(1);
     }
 
     /* do some initialisation */
@@ -177,92 +178,92 @@ main(argc,argv)
 
     /* ECB zero text zero key */
     if (zflag) {
-	input = zero_text;
-	mit_des_key_sched(zero_key, sched);
-	printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++)
-	    printf("%02x ",cipher_text[j]);
-	printf("\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
-	    printf("verify: error in zero key test\n");
-	    exit(-1);
-	}
-
-	exit(0);
+        input = zero_text;
+        mit_des_key_sched(zero_key, sched);
+        printf("plaintext = key = 0, cipher = 0x8ca64de9c1b123a7\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)zresult, 8) ) {
+            printf("verify: error in zero key test\n");
+            exit(-1);
+        }
+
+        exit(0);
     }
 
     if (mflag) {
-	input = msb_text;
-	mit_des_key_sched(key3, sched);
-	printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
-	printf("key = 0x80 01 01 01 01 01 01 01\n");
-	printf("	cipher = 0xa380e02a6be54696\n");
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++) {
-	    printf("%02x ",cipher_text[j]);
-	}
-	printf("\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
-	    printf("verify: error in msb test\n");
-	    exit(-1);
-	}
-	exit(0);
+        input = msb_text;
+        mit_des_key_sched(key3, sched);
+        printf("plaintext = 0x00 00 00 00 00 00 00 40, ");
+        printf("key = 0x80 01 01 01 01 01 01 01\n");
+        printf("        cipher = 0xa380e02a6be54696\n");
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)mresult, 8) ) {
+            printf("verify: error in msb test\n");
+            exit(-1);
+        }
+        exit(0);
     }
 
     /* ECB mode Davies and Price */
     {
-	input = zero_text;
-	mit_des_key_sched(key2, sched);
-	printf("Examples per FIPS publication 81, keys ivs and cipher\n");
-	printf("in hex.  These are the correct answers, see below for\n");
-	printf("the actual answers.\n\n");
-	printf("Examples per Davies and Price.\n\n");
-	printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
-	printf("\tclear = 0\n");
-	printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
-	printf("ACTUAL ECB\n");
-	printf("\tclear \"%s\"\n", input);
-	do_encrypt(input,cipher_text);
-	printf("\tcipher  = (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++)
-	    printf("%02x ",cipher_text[j]);
-	printf("\n\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
-	    printf("verify: error in ECB encryption\n");
-	    exit(-1);
-	}
-	else
-	    printf("verify: ECB encryption is correct\n\n");
+        input = zero_text;
+        mit_des_key_sched(key2, sched);
+        printf("Examples per FIPS publication 81, keys ivs and cipher\n");
+        printf("in hex.  These are the correct answers, see below for\n");
+        printf("the actual answers.\n\n");
+        printf("Examples per Davies and Price.\n\n");
+        printf("EXAMPLE ECB\tkey = 08192a3b4c5d6e7f\n");
+        printf("\tclear = 0\n");
+        printf("\tcipher = 25 dd ac 3e 96 17 64 67\n");
+        printf("ACTUAL ECB\n");
+        printf("\tclear \"%s\"\n", input);
+        do_encrypt(input,cipher_text);
+        printf("\tcipher  = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++)
+            printf("%02x ",cipher_text[j]);
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher1, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
     }
 
     /* ECB mode */
     {
-	mit_des_key_sched(default_key, sched);
-	input = clear_text;
-	ivec = default_ivec;
-	printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
-	printf("\tclear = \"Now is the time for all \"\n");
-	printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
-	printf("ACTUAL ECB\n\tclear \"%s\"",input);
-	do_encrypt(input,cipher_text);
-	printf("\n\tcipher	= (low to high bytes)\n\t\t");
-	for (j = 0; j<=7; j++) {
-	    printf("%02x ",cipher_text[j]);
-	}
-	printf("\n\n");
-	do_decrypt(output,cipher_text);
-	if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
-	    printf("verify: error in ECB encryption\n");
-	    exit(-1);
-	}
-	else
-	    printf("verify: ECB encryption is correct\n\n");
+        mit_des_key_sched(default_key, sched);
+        input = clear_text;
+        ivec = default_ivec;
+        printf("EXAMPLE ECB\tkey = 0123456789abcdef\n");
+        printf("\tclear = \"Now is the time for all \"\n");
+        printf("\tcipher = 3f a4 0e 8a 98 4d 48 15 ...\n");
+        printf("ACTUAL ECB\n\tclear \"%s\"",input);
+        do_encrypt(input,cipher_text);
+        printf("\n\tcipher      = (low to high bytes)\n\t\t");
+        for (j = 0; j<=7; j++) {
+            printf("%02x ",cipher_text[j]);
+        }
+        printf("\n\n");
+        do_decrypt(output,cipher_text);
+        if ( memcmp((char *)cipher_text, (char *)cipher2, 8) ) {
+            printf("verify: error in ECB encryption\n");
+            exit(-1);
+        }
+        else
+            printf("verify: ECB encryption is correct\n\n");
     }
 
     /* CBC mode */
@@ -276,39 +277,39 @@ main(argc,argv)
     printf("ACTUAL CBC\n\tclear \"%s\"\n",input);
     in_length =  strlen((char *)input);
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) input,
-				      (mit_des_cblock *) cipher_text,
-				      (size_t) in_length,
-				      sched,
-				      ivec,
-				      MIT_DES_ENCRYPT))) {
-	com_err("des verify", retval, "can't encrypt");
-	exit(-1);
+                                      (mit_des_cblock *) cipher_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_ENCRYPT))) {
+        com_err("des verify", retval, "can't encrypt");
+        exit(-1);
     }
     printf("\tciphertext = (low to high bytes)\n");
     for (i = 0; i <= 2; i++) {
-	printf("\t\t");
-	for (j = 0; j <= 7; j++) {
-	    printf("%02x ",cipher_text[i*8+j]);
-	}
-	printf("\n");
+        printf("\t\t");
+        for (j = 0; j <= 7; j++) {
+            printf("%02x ",cipher_text[i*8+j]);
+        }
+        printf("\n");
     }
     if ((retval = mit_des_cbc_encrypt((const mit_des_cblock *) cipher_text,
-				      (mit_des_cblock *) clear_text,
-				      (size_t) in_length,
-				      sched,
-				      ivec,
-				      MIT_DES_DECRYPT))) {
-	com_err("des verify", retval, "can't decrypt");
-	exit(-1);
+                                      (mit_des_cblock *) clear_text,
+                                      (size_t) in_length,
+                                      sched,
+                                      ivec,
+                                      MIT_DES_DECRYPT))) {
+        com_err("des verify", retval, "can't decrypt");
+        exit(-1);
     }
     printf("\tdecrypted clear_text = \"%s\"\n",clear_text);
 
     if ( memcmp((char *)cipher_text, (char *)cipher3, in_length) ) {
-	printf("verify: error in CBC encryption\n");
-	exit(-1);
+        printf("verify: error in CBC encryption\n");
+        exit(-1);
     }
     else
-	printf("verify: CBC encryption is correct\n\n");
+        printf("verify: CBC encryption is correct\n\n");
 
     printf("EXAMPLE CBC checksum");
     printf("\tkey =  0123456789abcdef\tiv =  1234567890abcdef\n");
@@ -317,18 +318,18 @@ main(argc,argv)
     printf("or some part thereof\n");
     input = clear_text2;
     mit_des_cbc_cksum(input,cipher_text, strlen((char *)input),
-		      sched,ivec);
+                      sched,ivec);
     printf("ACTUAL CBC checksum\n");
     printf("\t\tencrypted cksum = (low to high bytes)\n\t\t");
     for (j = 0; j<=7; j++)
-	printf("%02x ",cipher_text[j]);
+        printf("%02x ",cipher_text[j]);
     printf("\n\n");
     if ( memcmp((char *)cipher_text, (char *)checksum, 8) ) {
-	printf("verify: error in CBC cheksum\n");
-	exit(-1);
+        printf("verify: error in CBC cheksum\n");
+        exit(-1);
     }
     else
-	printf("verify: CBC checksum is correct\n\n");
+        printf("verify: CBC checksum is correct\n\n");
 
     exit(0);
 }
@@ -341,18 +342,18 @@ flip(array)
     register int old,new,i,j;
     /* flips the bit order within each byte from 0 lsb to 0 msb */
     for (i = 0; i<=7; i++) {
-	old = *array;
-	new = 0;
-	for (j = 0; j<=7; j++) {
-	    if (old & 01)
-		new = new | 01;
-	    if (j < 7) {
-		old = old >> 1;
-		new = new << 1;
-	    }
-	}
-	*array = new;
-	array++;
+        old = *array;
+        new = 0;
+        for (j = 0; j<=7; j++) {
+            if (old & 01)
+                new = new | 01;
+            if (j < 7) {
+                old = old >> 1;
+                new = new << 1;
+            }
+        }
+        *array = new;
+        array++;
     }
 }
 #endif
@@ -364,20 +365,20 @@ do_encrypt(in,out)
 {
     int i, j;
     for (i =1; i<=nflag; i++) {
-	mit_des_cbc_encrypt((const mit_des_cblock *)in,
-			    (mit_des_cblock *)out,
-			    8,
-			    sched,
-			    zero_text,
-			    MIT_DES_ENCRYPT);
-	if (mit_des_debug) {
-	    printf("\nclear %s\n",in);
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",in[j] & 0xff);
-	    printf("\tcipher ");
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",out[j] & 0xff);
-	}
+        mit_des_cbc_encrypt((const mit_des_cblock *)in,
+                            (mit_des_cblock *)out,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_ENCRYPT);
+        if (mit_des_debug) {
+            printf("\nclear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
     }
 }
 
@@ -389,20 +390,20 @@ do_decrypt(in,out)
 {
     int i, j;
     for (i =1; i<=nflag; i++) {
-	mit_des_cbc_encrypt((const mit_des_cblock *)out,
-			    (mit_des_cblock *)in,
-			    8,
-			    sched,
-			    zero_text,
-			    MIT_DES_DECRYPT);
-	if (mit_des_debug) {
-	    printf("clear %s\n",in);
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",in[j] & 0xff);
-	    printf("\tcipher ");
-	    for (j = 0; j<=7; j++)
-		printf("%02X ",out[j] & 0xff);
-	}
+        mit_des_cbc_encrypt((const mit_des_cblock *)out,
+                            (mit_des_cblock *)in,
+                            8,
+                            sched,
+                            zero_text,
+                            MIT_DES_DECRYPT);
+        if (mit_des_debug) {
+            printf("clear %s\n",in);
+            for (j = 0; j<=7; j++)
+                printf("%02X ",in[j] & 0xff);
+            printf("\tcipher ");
+            for (j = 0; j<=7; j++)
+                printf("%02X ",out[j] & 0xff);
+        }
     }
 }
 
@@ -414,5 +415,5 @@ int
 mit_des_is_weak_key(key)
     mit_des_cblock key;
 {
-    return 0;				/* fake it out for testing */
+    return 0;                           /* fake it out for testing */
 }
diff --git a/src/lib/crypto/builtin/des/weak_key.c b/src/lib/crypto/builtin/des/weak_key.c
index 7086789..921ce10 100644
--- a/src/lib/crypto/builtin/des/weak_key.c
+++ b/src/lib/crypto/builtin/des/weak_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/weak_key.c
  *
@@ -77,8 +78,8 @@ mit_des_is_weak_key(mit_des_cblock key)
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
-	    return 1;
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
     }
 
     return 0;
diff --git a/src/lib/crypto/builtin/enc_provider/Makefile.in b/src/lib/crypto/builtin/enc_provider/Makefile.in
index 14d5317..40e42ef 100644
--- a/src/lib/crypto/builtin/enc_provider/Makefile.in
+++ b/src/lib/crypto/builtin/enc_provider/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/enc_provider
 mydir=lib/crypto/builtin/enc_provider
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/../des 	\
diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c
index b735cc9..0440f7a 100644
--- a/src/lib/crypto/builtin/enc_provider/aes.c
+++ b/src/lib/crypto/builtin/enc_provider/aes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/enc_provider/aes.c
  *
@@ -30,352 +31,233 @@
 #include <aead.h>
 #include <rand2key.h>
 
-#if 0
-aes_rval aes_blk_len(unsigned int blen, aes_ctx cx[1]);
-aes_rval aes_enc_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
-aes_rval aes_enc_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
-aes_rval aes_dec_key(const unsigned char in_key[], unsigned int klen, aes_ctx cx[1]);
-aes_rval aes_dec_blk(const unsigned char in_blk[], unsigned char out_blk[], const aes_ctx cx[1]);
-#endif
-
 #define CHECK_SIZES 0
 
-#if 0
-static void printd (const char *descr, krb5_data *d) {
-    int i, j;
-    const int r = 16;
-
-    printf("%s:", descr);
-
-    for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-#ifdef SHOW_TEXT
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
-#endif
-    }
-    printf("\n");
-}
-#endif
-
-static inline void enc(char *out, const char *in, aes_ctx *ctx)
+static inline void
+enc(unsigned char *out, const unsigned char *in, aes_ctx *ctx)
 {
-    if (aes_enc_blk((const unsigned char *)in, (unsigned char *)out, ctx)
-	!= aes_good)
-	abort();
-}
-static inline void dec(char *out, const char *in, aes_ctx *ctx)
-{
-    if (aes_dec_blk((const unsigned char *)in, (unsigned char *)out, ctx)
-	!= aes_good)
-	abort();
+    if (aes_enc_blk(in, out, ctx) != aes_good)
+        abort();
 }
 
-static void xorblock(char *out, const char *in)
+static inline void
+dec(unsigned char *out, const unsigned char *in, aes_ctx *ctx)
 {
-    int z;
-    for (z = 0; z < BLOCK_SIZE; z++)
-	out[z] ^= in[z];
+    if (aes_dec_blk(in, out, ctx) != aes_good)
+        abort();
 }
 
-krb5_error_code
-krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+static void
+xorblock(unsigned char *out, const unsigned char *in)
 {
-    aes_ctx ctx;
-    char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
-    int nblocks = 0, blockno;
-
-/*    CHECK_SIZES; */
-
-    if (aes_enc_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
-
-    if (ivec)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
-    else
-	memset(tmp, 0, BLOCK_SIZE);
-
-    nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
-    if (nblocks == 1) {
-	/* XXX Used for DK function.  */
-	enc(output->data, input->data, &ctx);
-    } else {
-	unsigned int nleft;
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    xorblock(tmp, input->data + blockno * BLOCK_SIZE);
-	    enc(tmp2, tmp, &ctx);
-	    memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-
-	    /* Set up for next block.  */
-	    memcpy(tmp, tmp2, BLOCK_SIZE);
-	}
-	/* Do final CTS step for last two blocks (the second of which
-	   may or may not be incomplete).  */
-	xorblock(tmp, input->data + (nblocks - 2) * BLOCK_SIZE);
-	enc(tmp2, tmp, &ctx);
-	nleft = input->length - (nblocks - 1) * BLOCK_SIZE;
-	memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2, nleft);
-	memcpy(tmp, tmp2, BLOCK_SIZE);
-
-	memset(tmp3, 0, sizeof(tmp3));
-	memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE, nleft);
-	xorblock(tmp, tmp3);
-	enc(tmp2, tmp, &ctx);
-	memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-	if (ivec)
-	    memcpy(ivec->data, tmp2, BLOCK_SIZE);
+    int z;
+    for (z = 0; z < BLOCK_SIZE/4; z++) {
+        unsigned char *outptr = &out[z*4];
+        unsigned char *inptr = &in[z*4];
+        /*
+         * Use unaligned accesses.  On x86, this will probably still be faster
+         * than multiple byte accesses for unaligned data, and for aligned data
+         * should be far better.  (One test indicated about 2.4% faster
+         * encryption for 1024-byte messages.)
+         *
+         * If some other CPU has really slow unaligned-word or byte accesses,
+         * perhaps this function (or the load/store helpers?) should test for
+         * alignment first.
+         *
+         * If byte accesses are faster than unaligned words, we may need to
+         * conditionalize on CPU type, as that may be hard to determine
+         * automatically.
+         */
+        store_32_n (load_32_n(outptr) ^ load_32_n(inptr), outptr);
     }
-
-    return 0;
 }
 
 krb5_error_code
-krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
-{
-    aes_ctx ctx;
-    char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
-    int nblocks = 0, blockno;
-
-    CHECK_SIZES;
-
-    if (aes_dec_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
-
-    if (ivec)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
-    else
-	memset(tmp, 0, BLOCK_SIZE);
-
-    nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
-    if (nblocks == 1) {
-	if (input->length < BLOCK_SIZE)
-	    abort();
-	dec(output->data, input->data, &ctx);
-    } else {
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
-	    xorblock(tmp2, tmp);
-	    memcpy(output->data + blockno * BLOCK_SIZE, tmp2, BLOCK_SIZE);
-	    memcpy(tmp, input->data + blockno * BLOCK_SIZE, BLOCK_SIZE);
-	}
-	/* Do last two blocks, the second of which (next-to-last block
-	   of plaintext) may be incomplete.  */
-	dec(tmp2, input->data + (nblocks - 2) * BLOCK_SIZE, &ctx);
-	/* Set tmp3 to last ciphertext block, padded.  */
-	memset(tmp3, 0, sizeof(tmp3));
-	memcpy(tmp3, input->data + (nblocks - 1) * BLOCK_SIZE,
-	       input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Set tmp2 to last (possibly partial) plaintext block, and
-	   save it.  */
-	xorblock(tmp2, tmp3);
-	memcpy(output->data + (nblocks - 1) * BLOCK_SIZE, tmp2,
-	       input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Maybe keep the trailing part, and copy in the last
-	   ciphertext block.  */
-	memcpy(tmp2, tmp3, input->length - (nblocks - 1) * BLOCK_SIZE);
-	/* Decrypt, to get next to last plaintext block xor previous
-	   ciphertext.  */
-	dec(tmp3, tmp2, &ctx);
-	xorblock(tmp3, tmp);
-	memcpy(output->data + (nblocks - 2) * BLOCK_SIZE, tmp3, BLOCK_SIZE);
-	if (ivec)
-	    memcpy(ivec->data, input->data + (nblocks - 2) * BLOCK_SIZE,
-		   BLOCK_SIZE);
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-krb5int_aes_encrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data)
 {
     aes_ctx ctx;
-    char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
+    unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
     int nblocks = 0, blockno;
     size_t input_length, i;
+    struct iov_block_state input_pos, output_pos;
 
     if (aes_enc_key(key->keyblock.contents, key->keyblock.length, &ctx)
-	!= aes_good)
-	abort();
+        != aes_good)
+        abort();
 
     if (ivec != NULL)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
-    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
-    assert(nblocks > 1);
-
-    {
-	char blockN2[BLOCK_SIZE];   /* second last */
-	char blockN1[BLOCK_SIZE];   /* last block */
-	struct iov_block_state input_pos, output_pos;
-
-	IOV_BLOCK_STATE_INIT(&input_pos);
-	IOV_BLOCK_STATE_INIT(&output_pos);
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    char blockN[BLOCK_SIZE];
-
-	    krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
-	    xorblock(tmp, blockN);
-	    enc(tmp2, tmp, &ctx);
-	    krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    IOV_BLOCK_STATE_INIT(&output_pos);
 
-	    /* Set up for next block.  */
-	    memcpy(tmp, tmp2, BLOCK_SIZE);
-	}
-
-	/* Do final CTS step for last two blocks (the second of which
-	   may or may not be incomplete).  */
-
-	/* First, get the last two blocks */
-	memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
-	krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
-	krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
-
-	/* Encrypt second last block */
-	xorblock(tmp, blockN2);
-	enc(tmp2, tmp, &ctx);
-	memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */
-	memcpy(tmp, tmp2, BLOCK_SIZE);
-
-	/* Encrypt last block */
-	xorblock(tmp, blockN1);
-	enc(tmp2, tmp, &ctx);
-	memcpy(blockN1, tmp2, BLOCK_SIZE);
-
-	/* Put the last two blocks back into the iovec (reverse order) */
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
-
-	if (ivec != NULL)
-	    memcpy(ivec->data, blockN1, BLOCK_SIZE);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos);
+        enc(tmp2, tmp, &ctx);
+        krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos);
+    } else if (nblocks > 1) {
+        unsigned char blockN2[BLOCK_SIZE];   /* second last */
+        unsigned char blockN1[BLOCK_SIZE];   /* last block */
+
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            unsigned char blockN[BLOCK_SIZE], *block;
+
+            block = iov_next_block(blockN, BLOCK_SIZE, data, num_data,
+                                   &input_pos);
+            xorblock(tmp, block);
+            enc(block, tmp, &ctx);
+            iov_store_block(data, num_data, block, blockN, BLOCK_SIZE,
+                            &output_pos);
+
+            /* Set up for next block.  */
+            memcpy(tmp, block, BLOCK_SIZE);
+        }
+
+        /* Do final CTS step for last two blocks (the second of which
+           may or may not be incomplete).  */
+
+        /* First, get the last two blocks */
+        memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+        krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data,
+                                &input_pos);
+        krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data,
+                                &input_pos);
+
+        /* Encrypt second last block */
+        xorblock(tmp, blockN2);
+        enc(tmp2, tmp, &ctx);
+        memcpy(blockN2, tmp2, BLOCK_SIZE); /* blockN2 now contains first block */
+        memcpy(tmp, tmp2, BLOCK_SIZE);
+
+        /* Encrypt last block */
+        xorblock(tmp, blockN1);
+        enc(tmp2, tmp, &ctx);
+        memcpy(blockN1, tmp2, BLOCK_SIZE);
+
+        /* Put the last two blocks back into the iovec (reverse order) */
+        krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE,
+                                &output_pos);
+        krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE,
+                                &output_pos);
+
+        if (ivec != NULL)
+            memcpy(ivec->data, blockN1, BLOCK_SIZE);
     }
 
     return 0;
 }
 
-static krb5_error_code
-krb5int_aes_decrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+krb5_error_code
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                    size_t num_data)
 {
     aes_ctx ctx;
-    char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
+    unsigned char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
     int nblocks = 0, blockno;
     unsigned int i;
     size_t input_length;
+    struct iov_block_state input_pos, output_pos;
 
     CHECK_SIZES;
 
     if (aes_dec_key(key->keyblock.contents, key->keyblock.length,
-		    &ctx) != aes_good)
-	abort();
+                    &ctx) != aes_good)
+        abort();
 
     if (ivec != NULL)
-	memcpy(tmp, ivec->data, BLOCK_SIZE);
+        memcpy(tmp, ivec->data, BLOCK_SIZE);
     else
-	memset(tmp, 0, BLOCK_SIZE);
+        memset(tmp, 0, BLOCK_SIZE);
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
-    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    IOV_BLOCK_STATE_INIT(&output_pos);
 
-    assert(nblocks > 1);
-
-    {
-	char blockN2[BLOCK_SIZE];   /* second last */
-	char blockN1[BLOCK_SIZE];   /* last block */
-	struct iov_block_state input_pos, output_pos;
-
-	IOV_BLOCK_STATE_INIT(&input_pos);
-	IOV_BLOCK_STATE_INIT(&output_pos);
-
-	for (blockno = 0; blockno < nblocks - 2; blockno++) {
-	    char blockN[BLOCK_SIZE];
-
-	    krb5int_c_iov_get_block((unsigned char *)blockN, BLOCK_SIZE, data, num_data, &input_pos);
-	    dec(tmp2, blockN, &ctx);
-	    xorblock(tmp2, tmp);
-	    krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2, BLOCK_SIZE, &output_pos);
-	    memcpy(tmp, blockN, BLOCK_SIZE);
-	}
-
-	/* Do last two blocks, the second of which (next-to-last block
-	   of plaintext) may be incomplete.  */
-
-	/* First, get the last two encrypted blocks */
-	memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
-	krb5int_c_iov_get_block((unsigned char *)blockN2, BLOCK_SIZE, data, num_data, &input_pos);
-	krb5int_c_iov_get_block((unsigned char *)blockN1, BLOCK_SIZE, data, num_data, &input_pos);
-
-	if (ivec != NULL)
-	    memcpy(ivec->data, blockN2, BLOCK_SIZE);
-
-	/* Decrypt second last block */
-	dec(tmp2, blockN2, &ctx);
-	/* Set tmp2 to last (possibly partial) plaintext block, and
-	   save it.  */
-	xorblock(tmp2, blockN1);
-	memcpy(blockN2, tmp2, BLOCK_SIZE);
-
-	/* Maybe keep the trailing part, and copy in the last
-	   ciphertext block.  */
-	input_length %= BLOCK_SIZE;
-	memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE);
-	dec(tmp3, tmp2, &ctx);
-	xorblock(tmp3, tmp);
-	memcpy(blockN1, tmp3, BLOCK_SIZE);
-
-	/* Put the last two blocks back into the iovec */
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN1, BLOCK_SIZE, &output_pos);
-	krb5int_c_iov_put_block(data, num_data, (unsigned char *)blockN2, BLOCK_SIZE, &output_pos);
+    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
+    if (nblocks == 1) {
+        krb5int_c_iov_get_block(tmp, BLOCK_SIZE, data, num_data, &input_pos);
+        enc(tmp2, tmp, &ctx);
+        krb5int_c_iov_put_block(data, num_data, tmp2, BLOCK_SIZE, &output_pos);
+    } else if (nblocks > 1) {
+        unsigned char blockN2[BLOCK_SIZE];   /* second last */
+        unsigned char blockN1[BLOCK_SIZE];   /* last block */
+
+        for (blockno = 0; blockno < nblocks - 2; blockno++) {
+            unsigned char blockN[BLOCK_SIZE], *block;
+
+            block = iov_next_block(blockN, BLOCK_SIZE, data, num_data,
+                                   &input_pos);
+            memcpy(tmp2, block, BLOCK_SIZE);
+            dec(block, block, &ctx);
+            xorblock(block, tmp);
+            memcpy(tmp, tmp2, BLOCK_SIZE);
+            iov_store_block(data, num_data, block, blockN, BLOCK_SIZE,
+                            &output_pos);
+        }
+
+        /* Do last two blocks, the second of which (next-to-last block
+           of plaintext) may be incomplete.  */
+
+        /* First, get the last two encrypted blocks */
+        memset(blockN1, 0, sizeof(blockN1)); /* pad last block with zeros */
+        krb5int_c_iov_get_block(blockN2, BLOCK_SIZE, data, num_data,
+                                &input_pos);
+        krb5int_c_iov_get_block(blockN1, BLOCK_SIZE, data, num_data,
+                                &input_pos);
+
+        if (ivec != NULL)
+            memcpy(ivec->data, blockN2, BLOCK_SIZE);
+
+        /* Decrypt second last block */
+        dec(tmp2, blockN2, &ctx);
+        /* Set tmp2 to last (possibly partial) plaintext block, and
+           save it.  */
+        xorblock(tmp2, blockN1);
+        memcpy(blockN2, tmp2, BLOCK_SIZE);
+
+        /* Maybe keep the trailing part, and copy in the last
+           ciphertext block.  */
+        input_length %= BLOCK_SIZE;
+        memcpy(tmp2, blockN1, input_length ? input_length : BLOCK_SIZE);
+        dec(tmp3, tmp2, &ctx);
+        xorblock(tmp3, tmp);
+        memcpy(blockN1, tmp3, BLOCK_SIZE);
+
+        /* Put the last two blocks back into the iovec */
+        krb5int_c_iov_put_block(data, num_data, blockN1, BLOCK_SIZE,
+                                &output_pos);
+        krb5int_c_iov_put_block(data, num_data, blockN2, BLOCK_SIZE,
+                                &output_pos);
     }
 
     return 0;
 }
 
 static krb5_error_code
-krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
-			krb5_data *state)
+aes_init_state(const krb5_keyblock *key, krb5_keyusage usage,
+               krb5_data *state)
 {
     state->length = 16;
-    state->data = (void *) malloc(16);
+    state->data = malloc(16);
     if (state->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(state->data, 0, state->length);
     return 0;
 }
@@ -385,11 +267,10 @@ const struct krb5_enc_provider krb5int_enc_aes128 = {
     16, 16,
     krb5int_aes_encrypt,
     krb5int_aes_decrypt,
+    NULL,
     krb5int_aes_make_key,
-    krb5int_aes_init_state,
+    aes_init_state,
     krb5int_default_free_state,
-    krb5int_aes_encrypt_iov,
-    krb5int_aes_decrypt_iov
 };
 
 const struct krb5_enc_provider krb5int_enc_aes256 = {
@@ -397,9 +278,8 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     32, 32,
     krb5int_aes_encrypt,
     krb5int_aes_decrypt,
+    NULL,
     krb5int_aes_make_key,
-    krb5int_aes_init_state,
-    krb5int_default_free_state,
-    krb5int_aes_encrypt_iov,
-    krb5int_aes_decrypt_iov
+    aes_init_state,
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/builtin/enc_provider/deps b/src/lib/crypto/builtin/enc_provider/deps
index 74d9887..deeb864 100644
--- a/src/lib/crypto/builtin/enc_provider/deps
+++ b/src/lib/crypto/builtin/enc_provider/deps
@@ -3,51 +3,53 @@
 #
 des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \
-  $(srcdir)/../des/des_int.h des.c enc_provider.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des.c enc_provider.h
 des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \
-  $(srcdir)/../des/des_int.h des3.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des3.c
 aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \
-  $(srcdir)/../aes/aes.h $(srcdir)/../aes/uitypes.h aes.c \
-  enc_provider.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../aes/aes.h \
+  $(srcdir)/../aes/uitypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aes.c enc_provider.h
 rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h \
-  $(srcdir)/../arcfour/arcfour-int.h $(srcdir)/../arcfour/arcfour.h \
-  enc_provider.h rc4.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h enc_provider.h \
+  rc4.c
diff --git a/src/lib/crypto/builtin/enc_provider/des.c b/src/lib/crypto/builtin/enc_provider/des.c
index f531c06..ed79b06 100644
--- a/src/lib/crypto/builtin/enc_provider/des.c
+++ b/src/lib/crypto/builtin/enc_provider/des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,129 +31,101 @@
 #include <aead.h>
 #include <rand2key.h>
 
-
 static krb5_error_code
-k5_des_docrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output, int enc)
+validate_and_schedule(krb5_key key, const krb5_data *ivec,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      mit_des_key_schedule schedule)
 {
-    mit_des_key_schedule schedule;
+    size_t i, input_length;
 
-    /* key->keyblock.enctype was checked by the caller */
+    for (i = 0, input_length = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
+    }
 
     if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
-    if ((input->length%8) != 0)
-	return(KRB5_BAD_MSIZE);
-    if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
-    if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
+        return KRB5_BAD_KEYSIZE;
+    if (input_length % 8 != 0 || (ivec != NULL && ivec->length != 8))
+        return KRB5_BAD_MSIZE;
 
     switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
-
-    /* this has a return value, but the code always returns zero */
-
-    mit_des_cbc_encrypt((krb5_pointer) input->data,
-			(krb5_pointer) output->data, input->length,
-			schedule,
-			(ivec
-			 ? (const unsigned char *) ivec->data
-			 : (const unsigned char *) mit_des_zeroblock),
-			enc);
-
-    memset(schedule, 0, sizeof(schedule));
-
-    return(0);
+    return 0;
 }
 
 static krb5_error_code
-k5_des_encrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
+des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+            size_t num_data)
 {
-    return(k5_des_docrypt(key, ivec, input, output, 1));
-}
+    mit_des_key_schedule schedule;
+    krb5_error_code err;
 
-static krb5_error_code
-k5_des_decrypt(krb5_key key, const krb5_data *ivec,
-	       const krb5_data *input, krb5_data *output)
-{
-    return(k5_des_docrypt(key, ivec, input, output, 0));
+    err = validate_and_schedule(key, ivec, data, num_data, schedule);
+    if (err)
+        return err;
+
+    krb5int_des_cbc_encrypt(data, num_data, schedule,
+                            ivec != NULL ? (unsigned char *) ivec->data :
+                            NULL);
+
+    zap(schedule, sizeof(schedule));
+    return 0;
 }
 
 static krb5_error_code
-k5_des_docrypt_iov(krb5_key key, const krb5_data *ivec,
-		   krb5_crypto_iov *data, size_t num_data, int enc)
+des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+            size_t num_data)
 {
     mit_des_key_schedule schedule;
-    size_t input_length = 0;
-    unsigned int i;
-
-    /* key->keyblock.enctype was checked by the caller */
+    krb5_error_code err;
 
-    if (key->keyblock.length != 8)
-	return(KRB5_BAD_KEYSIZE);
+    err = validate_and_schedule(key, ivec, data, num_data, schedule);
+    if (err)
+        return err;
 
-    for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+    krb5int_des_cbc_decrypt(data, num_data, schedule,
+                            ivec != NULL ? (unsigned char *) ivec->data :
+                            NULL);
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    input_length += iov->data.length;
-    }
-
-    if ((input_length % 8) != 0)
-	return(KRB5_BAD_MSIZE);
-    if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
-
-    switch (mit_des_key_sched(key->keyblock.contents, schedule)) {
-    case -1:
-	return(KRB5DES_BAD_KEYPAR);
-    case -2:
-	return(KRB5DES_WEAK_KEY);
-    }
-
-    /* this has a return value, but the code always returns zero */
-    if (enc)
-	krb5int_des_cbc_encrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
-    else
-	krb5int_des_cbc_decrypt_iov(data, num_data, schedule, ivec ? ivec->data : NULL);
-
-    memset(schedule, 0, sizeof(schedule));
-
-    return(0);
+    zap(schedule, sizeof(schedule));
+    return 0;
 }
 
 static krb5_error_code
-k5_des_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+des_cbc_mac(krb5_key key, const krb5_crypto_iov *data, size_t num_data,
+            const krb5_data *ivec, krb5_data *output)
 {
-    return k5_des_docrypt_iov(key, ivec, data, num_data, 1);
-}
+    mit_des_key_schedule schedule;
+    krb5_error_code err;
 
-static krb5_error_code
-k5_des_decrypt_iov(krb5_key key,
-		   const krb5_data *ivec,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
-{
-    return k5_des_docrypt_iov(key, ivec, data, num_data, 0);
+    err = validate_and_schedule(key, ivec, data, num_data, schedule);
+    if (err)
+        return err;
+
+    if (output->length != 8)
+        return KRB5_CRYPTO_INTERNAL;
+
+    krb5int_des_cbc_mac(data, num_data, schedule,
+                        ivec != NULL ? (unsigned char *) ivec->data : NULL,
+                        (unsigned char *) output->data);
+
+    zap(schedule, sizeof(schedule));
+    return 0;
 }
 
 const struct krb5_enc_provider krb5int_enc_des = {
     8,
     7, 8,
-    k5_des_encrypt,
-    k5_des_decrypt,
+    des_encrypt,
+    des_decrypt,
+    des_cbc_mac,
     krb5int_des_make_key,
     krb5int_des_init_state,
-    krb5int_default_free_state,
-    k5_des_encrypt_iov,
-    k5_des_decrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/builtin/enc_provider/des3.c b/src/lib/crypto/builtin/enc_provider/des3.c
index c731639..e08cc62 100644
--- a/src/lib/crypto/builtin/enc_provider/des3.c
+++ b/src/lib/crypto/builtin/enc_provider/des3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,77 +32,51 @@
 
 static krb5_error_code
 validate_and_schedule(krb5_key key, const krb5_data *ivec,
-		      const krb5_data *input, const krb5_data *output,
-		      mit_des3_key_schedule *schedule)
-{
-    /* key->keyblock.enctype was checked by the caller */
-
-    if (key->keyblock.length != 24)
-	return(KRB5_BAD_KEYSIZE);
-    if ((input->length%8) != 0)
-	return(KRB5_BAD_MSIZE);
-    if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
-    if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
-
-    switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents,
-			       *schedule)) {
-    case -1:
-	return(KRB5DES_BAD_KEYPAR);
-    case -2:
-	return(KRB5DES_WEAK_KEY);
-    }
-    return 0;
-}
-
-static krb5_error_code
-validate_and_schedule_iov(krb5_key key, const krb5_data *ivec,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  mit_des3_key_schedule *schedule)
+                      const krb5_crypto_iov *data, size_t num_data,
+                      mit_des3_key_schedule *schedule)
 {
     size_t i, input_length;
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     if (key->keyblock.length != 24)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input_length%8) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
 
     switch (mit_des3_key_sched(*(mit_des3_cblock *)key->keyblock.contents,
-			       *schedule)) {
+                               *schedule)) {
     case -1:
-	return(KRB5DES_BAD_KEYPAR);
+        return(KRB5DES_BAD_KEYPAR);
     case -2:
-	return(KRB5DES_WEAK_KEY);
+        return(KRB5DES_WEAK_KEY);
     }
     return 0;
 }
 
 static krb5_error_code
-k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
-    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    err = validate_and_schedule(key, ivec, data, num_data, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
-    krb5int_des3_cbc_encrypt((krb5_pointer) input->data,
-			     (krb5_pointer) output->data, input->length,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
+    krb5int_des3_cbc_encrypt(data, num_data,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec != NULL ? (unsigned char *) ivec->data :
+                             NULL);
 
     zap(schedule, sizeof(schedule));
 
@@ -109,71 +84,25 @@ k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
 }
 
 static krb5_error_code
-k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
+k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
 {
     mit_des3_key_schedule schedule;
     krb5_error_code err;
 
-    err = validate_and_schedule(key, ivec, input, output, &schedule);
+    err = validate_and_schedule(key, ivec, data, num_data, &schedule);
     if (err)
-	return err;
+        return err;
 
     /* this has a return value, but the code always returns zero */
-    krb5int_des3_cbc_decrypt((krb5_pointer) input->data,
-			     (krb5_pointer) output->data, input->length,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec?(const unsigned char *) ivec->data:(const unsigned char *)mit_des_zeroblock);
+    krb5int_des3_cbc_decrypt(data, num_data,
+                             schedule[0], schedule[1], schedule[2],
+                             ivec != NULL ? (unsigned char *) ivec->data :
+                             NULL);
 
     zap(schedule, sizeof(schedule));
 
-    return(0);
-}
-
-static krb5_error_code
-k5_des3_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
-{
-    mit_des3_key_schedule schedule;
-    krb5_error_code err;
-
-    err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
-    if (err)
-	return err;
-
-    /* this has a return value, but the code always returns zero */
-    krb5int_des3_cbc_encrypt_iov(data, num_data,
-			     schedule[0], schedule[1], schedule[2],
-			     ivec != NULL ? (unsigned char *) ivec->data : NULL);
-
-    zap(schedule, sizeof(schedule));
-
-    return(0);
-}
-
-static krb5_error_code
-k5_des3_decrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
-{
-    mit_des3_key_schedule schedule;
-    krb5_error_code err;
-
-    err = validate_and_schedule_iov(key, ivec, data, num_data, &schedule);
-    if (err)
-	return err;
-
-    /* this has a return value, but the code always returns zero */
-    krb5int_des3_cbc_decrypt_iov(data, num_data,
-				 schedule[0], schedule[1], schedule[2],
-				 ivec != NULL ? (unsigned char *) ivec->data : NULL);
-
-    zap(schedule, sizeof(schedule));
-
-    return(0);
+    return 0;
 }
 
 const struct krb5_enc_provider krb5int_enc_des3 = {
@@ -181,9 +110,8 @@ const struct krb5_enc_provider krb5int_enc_des3 = {
     21, 24,
     k5_des3_encrypt,
     k5_des3_decrypt,
+    NULL,
     krb5int_des3_make_key,
     krb5int_des_init_state,
-    krb5int_default_free_state,
-    k5_des3_encrypt_iov,
-    k5_des3_decrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/builtin/enc_provider/enc_provider.h b/src/lib/crypto/builtin/enc_provider/enc_provider.h
index 49ffaaf..8144b65 100644
--- a/src/lib/crypto/builtin/enc_provider/enc_provider.h
+++ b/src/lib/crypto/builtin/enc_provider/enc_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/builtin/enc_provider/rc4.c b/src/lib/crypto/builtin/enc_provider/rc4.c
index 3c3e0f1..a8e0721 100644
--- a/src/lib/crypto/builtin/enc_provider/rc4.c
+++ b/src/lib/crypto/builtin/enc_provider/rc4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* arcfour.c
  *
  * Copyright (c) 2000 by Computer Science Laboratory,
@@ -7,11 +8,22 @@
  */
 
 #include "k5-int.h"
-#include "arcfour-int.h"
 #include "enc_provider.h"
 #include <aead.h>
 #include <rand2key.h>
 
+typedef struct
+{
+    unsigned int x;
+    unsigned int y;
+    unsigned char state[256];
+} ArcfourContext;
+
+typedef struct {
+    int initialized;
+    ArcfourContext ctx;
+} ArcFourCipherState;
+
 /* gets the next byte from the PRNG */
 #if ((__GNUC__ >= 2) )
 static __inline__ unsigned int k5_arcfour_byte(ArcfourContext *);
@@ -21,16 +33,11 @@ static unsigned int k5_arcfour_byte(ArcfourContext *);
 
 /* Initializes the context and sets the key. */
 static krb5_error_code k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
-		  unsigned int keylen);
+                                       unsigned int keylen);
 
 /* Encrypts/decrypts data. */
 static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
-		     const unsigned char *src, unsigned int len);
-
-/* Interface layer to kerb5 crypto layer */
-static krb5_error_code
-k5_arcfour_docrypt(krb5_key, const krb5_data *,
-		   const krb5_data *, krb5_data *);
+                             const unsigned char *src, unsigned int len);
 
 static const unsigned char arcfour_weakkey1[] = {0x00, 0x00, 0xfd};
 static const unsigned char arcfour_weakkey2[] = {0x03, 0xfd, 0xfc};
@@ -44,125 +51,76 @@ static const struct {
 
 static inline unsigned int k5_arcfour_byte(ArcfourContext * ctx)
 {
-  unsigned int x;
-  unsigned int y;
-  unsigned int sx, sy;
-  unsigned char *state;
-
-  state = ctx->state;
-  x = (ctx->x + 1) & 0xff;
-  sx = state[x];
-  y = (sx + ctx->y) & 0xff;
-  sy = state[y];
-  ctx->x = x;
-  ctx->y = y;
-  state[y] = sx;
-  state[x] = sy;
-  return state[(sx + sy) & 0xff];
+    unsigned int x;
+    unsigned int y;
+    unsigned int sx, sy;
+    unsigned char *state;
+
+    state = ctx->state;
+    x = (ctx->x + 1) & 0xff;
+    sx = state[x];
+    y = (sx + ctx->y) & 0xff;
+    sy = state[y];
+    ctx->x = x;
+    ctx->y = y;
+    state[y] = sx;
+    state[x] = sy;
+    return state[(sx + sy) & 0xff];
 }
 
 static void k5_arcfour_crypt(ArcfourContext *ctx, unsigned char *dest,
-		     const unsigned char *src, unsigned int len)
+                             const unsigned char *src, unsigned int len)
 {
-  unsigned int i;
-  for (i = 0; i < len; i++)
-    dest[i] = src[i] ^ k5_arcfour_byte(ctx);
+    unsigned int i;
+    for (i = 0; i < len; i++)
+        dest[i] = src[i] ^ k5_arcfour_byte(ctx);
 }
 
 
 static krb5_error_code
 k5_arcfour_init(ArcfourContext *ctx, const unsigned char *key,
-		  unsigned int key_len)
+                unsigned int key_len)
 {
-  unsigned int t, u;
-  unsigned int keyindex;
-  unsigned int stateindex;
-  unsigned char* state;
-  unsigned int counter;
-
-  if (key_len != 16)
-    return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
-				 to return */
-  for (counter=0;
-       counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]);
-       counter++)
-      if (!memcmp(key, arcfour_weakkeys[counter].data,
-		  arcfour_weakkeys[counter].length))
-	  return KRB5DES_WEAK_KEY; /* most certainly not the correct error */
-
-  state = &ctx->state[0];
-  ctx->x = 0;
-  ctx->y = 0;
-  for (counter = 0; counter < 256; counter++)
-    state[counter] = counter;
-  keyindex = 0;
-  stateindex = 0;
-  for (counter = 0; counter < 256; counter++)
+    unsigned int t, u;
+    unsigned int keyindex;
+    unsigned int stateindex;
+    unsigned char* state;
+    unsigned int counter;
+
+    if (key_len != 16)
+        return KRB5_BAD_MSIZE;     /*this is probably not the correct error code
+                                     to return */
+    for (counter=0;
+         counter < sizeof(arcfour_weakkeys)/sizeof(arcfour_weakkeys[0]);
+         counter++)
+        if (!memcmp(key, arcfour_weakkeys[counter].data,
+                    arcfour_weakkeys[counter].length))
+            return KRB5DES_WEAK_KEY; /* most certainly not the correct error */
+
+    state = &ctx->state[0];
+    ctx->x = 0;
+    ctx->y = 0;
+    for (counter = 0; counter < 256; counter++)
+        state[counter] = counter;
+    keyindex = 0;
+    stateindex = 0;
+    for (counter = 0; counter < 256; counter++)
     {
-      t = state[counter];
-      stateindex = (stateindex + key[keyindex] + t) & 0xff;
-      u = state[stateindex];
-      state[stateindex] = t;
-      state[counter] = u;
-      if (++keyindex >= key_len)
-	keyindex = 0;
+        t = state[counter];
+        stateindex = (stateindex + key[keyindex] + t) & 0xff;
+        u = state[stateindex];
+        state[stateindex] = t;
+        state[counter] = u;
+        if (++keyindex >= key_len)
+            keyindex = 0;
     }
-  return 0;
+    return 0;
 }
 
 
-/* The workhorse of the arcfour system, this impliments the cipher */
-static krb5_error_code
-k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
-	       const krb5_data *input, krb5_data *output)
-{
-  ArcfourContext *arcfour_ctx;
-  ArcFourCipherState *cipher_state;
-  int ret;
-
-  if (key->keyblock.length != 16)
-    return(KRB5_BAD_KEYSIZE);
-  if (state && (state->length != sizeof (ArcFourCipherState)))
-    return(KRB5_BAD_MSIZE);
-  if (input->length != output->length)
-    return(KRB5_BAD_MSIZE);
-
-  if (state) {
-    cipher_state = (ArcFourCipherState *) state->data;
-    arcfour_ctx=&cipher_state->ctx;
-    if (cipher_state->initialized == 0) {
-      if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			       key->keyblock.length))) {
-	return ret;
-      }
-      cipher_state->initialized = 1;
-    }
-    k5_arcfour_crypt(arcfour_ctx, (unsigned char *) output->data, (const unsigned char *) input->data, input->length);
-  }
-  else {
-    arcfour_ctx=malloc(sizeof (ArcfourContext));
-    if (arcfour_ctx == NULL)
-      return ENOMEM;
-    if ((ret=k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			     key->keyblock.length))) {
-      free(arcfour_ctx);
-      return (ret);
-    }
-    k5_arcfour_crypt(arcfour_ctx, (unsigned char * ) output->data,
-		     (const unsigned char * ) input->data, input->length);
-    memset(arcfour_ctx, 0, sizeof (ArcfourContext));
-    free(arcfour_ctx);
-  }
-
-  return 0;
-}
-
-/* In-place encryption */
 static krb5_error_code
-k5_arcfour_docrypt_iov(krb5_key key,
-		       const krb5_data *state,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+k5_arcfour_docrypt(krb5_key key, const krb5_data *state, krb5_crypto_iov *data,
+                   size_t num_data)
 {
     ArcfourContext *arcfour_ctx = NULL;
     ArcFourCipherState *cipher_state = NULL;
@@ -170,45 +128,45 @@ k5_arcfour_docrypt_iov(krb5_key key,
     size_t i;
 
     if (key->keyblock.length != 16)
-	return KRB5_BAD_KEYSIZE;
+        return KRB5_BAD_KEYSIZE;
     if (state != NULL && (state->length != sizeof(ArcFourCipherState)))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (state != NULL) {
-	cipher_state = (ArcFourCipherState *)state->data;
-	arcfour_ctx = &cipher_state->ctx;
-	if (cipher_state->initialized == 0) {
-	    ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-				  key->keyblock.length);
-	    if (ret != 0)
-		return ret;
-
-	    cipher_state->initialized = 1;
-	}
+        cipher_state = (ArcFourCipherState *)state->data;
+        arcfour_ctx = &cipher_state->ctx;
+        if (cipher_state->initialized == 0) {
+            ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                                  key->keyblock.length);
+            if (ret != 0)
+                return ret;
+
+            cipher_state->initialized = 1;
+        }
     } else {
-	arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
-	if (arcfour_ctx == NULL)
-	    return ENOMEM;
-
-	ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
-			      key->keyblock.length);
-	if (ret != 0) {
-	    free(arcfour_ctx);
-	    return ret;
-	}
+        arcfour_ctx = (ArcfourContext *)malloc(sizeof(ArcfourContext));
+        if (arcfour_ctx == NULL)
+            return ENOMEM;
+
+        ret = k5_arcfour_init(arcfour_ctx, key->keyblock.contents,
+                              key->keyblock.length);
+        if (ret != 0) {
+            free(arcfour_ctx);
+            return ret;
+        }
     }
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_IOV(iov))
-	    k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
-			     (const unsigned char *)iov->data.data, iov->data.length);
+        if (ENCRYPT_IOV(iov))
+            k5_arcfour_crypt(arcfour_ctx, (unsigned char *)iov->data.data,
+                             (const unsigned char *)iov->data.data, iov->data.length);
     }
 
     if (state == NULL) {
-	memset(arcfour_ctx, 0, sizeof(ArcfourContext));
-	free(arcfour_ctx);
+        memset(arcfour_ctx, 0, sizeof(ArcfourContext));
+        free(arcfour_ctx);
     }
 
     return 0;
@@ -216,22 +174,22 @@ k5_arcfour_docrypt_iov(krb5_key key,
 
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
-		       krb5_keyusage keyusage, krb5_data *new_state)
+                       krb5_keyusage keyusage, krb5_data *new_state)
 {
-  /* Note that we can't actually set up the state here  because the key
-   * will change  between now and when encrypt is called
-   * because  it is data dependent.  Yeah, this has strange
-   * properties. --SDH
-   */
-  new_state->length = sizeof (ArcFourCipherState);
-  new_state->data = malloc (new_state->length);
-  if (new_state->data) {
-    memset (new_state->data, 0 , new_state->length);
-    /* That will set initialized to zero*/
-  }else {
-    return (ENOMEM);
-  }
-  return 0;
+    /* Note that we can't actually set up the state here  because the key
+     * will change  between now and when encrypt is called
+     * because  it is data dependent.  Yeah, this has strange
+     * properties. --SDH
+     */
+    new_state->length = sizeof (ArcFourCipherState);
+    new_state->data = malloc (new_state->length);
+    if (new_state->data) {
+        memset (new_state->data, 0 , new_state->length);
+        /* That will set initialized to zero*/
+    }else {
+        return (ENOMEM);
+    }
+    return 0;
 }
 
 /* Since the arcfour cipher is identical going forwards and backwards,
@@ -248,9 +206,8 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
     16, 16,
     k5_arcfour_docrypt,
     k5_arcfour_docrypt,
+    NULL,
     krb5int_arcfour_make_key,
     k5_arcfour_init_state, /*xxx not implemented yet*/
-    krb5int_default_free_state,
-    k5_arcfour_docrypt_iov,
-    k5_arcfour_docrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/builtin/hash_provider/Makefile.in b/src/lib/crypto/builtin/hash_provider/Makefile.in
index 09bfb59..36ec412 100644
--- a/src/lib/crypto/builtin/hash_provider/Makefile.in
+++ b/src/lib/crypto/builtin/hash_provider/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/hash_provider
 mydir=lib/crypto/builtin/hash_provider
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/../../krb/crc32 -I$(srcdir)/../md4 \
-	-I$(srcdir)/../md5 -I$(srcdir)/../sha1
+	-I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../../krb
 DEFS=
 
 ##DOS##BUILDTOP = ..\..\..\..
diff --git a/src/lib/crypto/builtin/hash_provider/deps b/src/lib/crypto/builtin/hash_provider/deps
index 398cf14..99e024e 100644
--- a/src/lib/crypto/builtin/hash_provider/deps
+++ b/src/lib/crypto/builtin/hash_provider/deps
@@ -4,44 +4,52 @@
 hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../../krb/crc32/crc-32.h hash_crc32.c hash_provider.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/crc32/crc-32.h $(srcdir)/../../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_crc32.c hash_provider.h
 hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../md4/rsa-md4.h hash_md4.c hash_provider.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../md4/rsa-md4.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md4.c hash_provider.h
 hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../md5/rsa-md5.h hash_md5.c hash_provider.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../md5/rsa-md5.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md5.c hash_provider.h
 hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../sha1/shs.h hash_provider.h hash_sha1.c
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../sha1/shs.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_provider.h hash_sha1.c
diff --git a/src/lib/crypto/builtin/hash_provider/hash_crc32.c b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
index 771a7d6..c9cafb0 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,25 +28,27 @@
 #include "k5-int.h"
 #include "crc-32.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_crc32_hash(unsigned int icount, const krb5_data *input,
-	      krb5_data *output)
+k5_crc32_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
-    unsigned long c, cn;
+    unsigned long c;
     unsigned int i;
 
     if (output->length != CRC32_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     c = 0;
-    for (i=0; i<icount; i++) {
-	mit_crc32(input[i].data, input[i].length, &cn);
-	c ^= cn;
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov))
+            mit_crc32(iov->data.data, iov->data.length, &c);
     }
 
     store_32_le(c, output->data);
-    return(0);
+    return 0;
 }
 
 const struct krb5_hash_provider krb5int_hash_crc32 = {
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md4.c b/src/lib/crypto/builtin/hash_provider/hash_md4.c
index 916da0f..85f18f6 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md4.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,20 +28,26 @@
 #include "k5-int.h"
 #include "rsa-md4.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_md4_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     krb5_MD4_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD4_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD4Init(&ctx);
-    for (i=0; i<icount; i++)
-	krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD4Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
     krb5int_MD4Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
diff --git a/src/lib/crypto/builtin/hash_provider/hash_md5.c b/src/lib/crypto/builtin/hash_provider/hash_md5.c
index e1e29f0..583a8fb 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_md5.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,25 +28,31 @@
 #include "k5-int.h"
 #include "rsa-md5.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_md5_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     krb5_MD5_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD5_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     krb5int_MD5Init(&ctx);
-    for (i=0; i<icount; i++)
-	krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD5Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
     krb5int_MD5Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
 
-    return(0);
+    return 0;
 }
 
 const struct krb5_hash_provider krb5int_hash_md5 = {
diff --git a/src/lib/crypto/builtin/hash_provider/hash_provider.h b/src/lib/crypto/builtin/hash_provider/hash_provider.h
index 1023d1a..eebe845 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_provider.h
+++ b/src/lib/crypto/builtin/hash_provider/hash_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/builtin/hash_provider/hash_sha1.c b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
index 1f1fc62..7a9cda5 100644
--- a/src/lib/crypto/builtin/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/builtin/hash_provider/hash_sha1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,27 +28,32 @@
 #include "k5-int.h"
 #include "shs.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_sha1_hash(unsigned int icount, const krb5_data *input,
-	     krb5_data *output)
+k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     SHS_INFO ctx;
     unsigned int i;
 
     if (output->length != SHS_DIGESTSIZE)
-	return(KRB5_CRYPTO_INTERNAL);
+        return KRB5_CRYPTO_INTERNAL;
 
     shsInit(&ctx);
-    for (i=0; i<icount; i++)
-	shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
-    shsFinal(&ctx);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
 
-    for (i=0; i<(sizeof(ctx.digest)/sizeof(ctx.digest[0])); i++) {
-	store_32_be(ctx.digest[i], &output->data[i*4]);
+        if (SIGN_IOV(iov)) {
+            shsUpdate(&ctx, (unsigned char *) iov->data.data,
+                      iov->data.length);
+        }
     }
+    shsFinal(&ctx);
+
+    for (i = 0; i < sizeof(ctx.digest) / sizeof(ctx.digest[0]); i++)
+        store_32_be(ctx.digest[i], &output->data[i*4]);
 
-    return(0);
+    return 0;
 }
 
 const struct krb5_hash_provider krb5int_hash_sha1 = {
diff --git a/src/lib/crypto/builtin/hmac.c b/src/lib/crypto/builtin/hmac.c
index 3e58a59..3cb4146 100644
--- a/src/lib/crypto/builtin/hmac.c
+++ b/src/lib/crypto/builtin/hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,17 +30,14 @@
 
 /*
  * Because our built-in HMAC implementation doesn't need to invoke any
- * encryption or keyed hash functions, it is simplest to define it in
- * terms of keyblocks, and then supply a simple wrapper for the
- * "normal" krb5_key-using interfaces.  The keyblock interfaces are
- * useful for the built-in arcfour code which constructs a lot of
- * intermediate HMAC keys.  For other back ends, it should not be
- * necessary to supply the _keyblock versions of the hmac functions if
- * the back end code doesn't make use of them.
+ * encryption or keyed hash functions, it is simplest to define it in terms of
+ * keyblocks, and then supply a simple wrapper for the "normal" krb5_key-using
+ * interfaces.  The keyblock interfaces are useful for code which creates
+ * intermediate keyblocks.
  */
 
 /*
- * the HMAC transform looks like:
+ * The HMAC transform looks like:
  *
  * H(K XOR opad, H(K XOR ipad, text))
  *
@@ -52,143 +50,72 @@
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-		      const krb5_keyblock *key, unsigned int icount,
-		      const krb5_data *input, krb5_data *output)
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
 {
-    size_t hashsize, blocksize;
-    unsigned char *xorkey, *ihash;
+    unsigned char *xorkey = NULL, *ihash = NULL;
     unsigned int i;
-    krb5_data *hashin, hashout;
+    krb5_crypto_iov *ihash_iov = NULL, ohash_iov[2];
+    krb5_data hashout;
     krb5_error_code ret;
 
-    hashsize = hash->hashsize;
-    blocksize = hash->blocksize;
+    if (keyblock->length > hash->blocksize)
+        return KRB5_CRYPTO_INTERNAL;
+    if (output->length < hash->hashsize)
+        return KRB5_BAD_MSIZE;
 
-    if (key->length > blocksize)
-        return(KRB5_CRYPTO_INTERNAL);
-    if (output->length < hashsize)
-        return(KRB5_BAD_MSIZE);
-    /* if this isn't > 0, then there won't be enough space in this
-       array to compute the outer hash */
-    if (icount == 0)
-        return(KRB5_CRYPTO_INTERNAL);
-
-    /* allocate space for the xor key, hash input vector, and inner hash */
-
-    if ((xorkey = (unsigned char *) malloc(blocksize)) == NULL)
-        return(ENOMEM);
-    if ((ihash = (unsigned char *) malloc(hashsize)) == NULL) {
-        free(xorkey);
-        return(ENOMEM);
-    }
-    if ((hashin = (krb5_data *)malloc(sizeof(krb5_data)*(icount+1))) == NULL) {
-        free(ihash);
-        free(xorkey);
-        return(ENOMEM);
-    }
-
-    /* create the inner padded key */
-
-    memset(xorkey, 0x36, blocksize);
-
-    for (i=0; i<key->length; i++)
-        xorkey[i] ^= key->contents[i];
-
-    /* compute the inner hash */
-
-    hashin[0].length = blocksize;
-    hashin[0].data = (char *) xorkey;
-    for (i=0; i<icount; i++)
-        hashin[i+1] = input[i];
-
-    hashout.length = hashsize;
-    hashout.data = (char *) ihash;
-
-    if ((ret = ((*(hash->hash))(icount+1, hashin, &hashout))))
+    /* Allocate space for the xor key, hash input vector, and inner hash */
+    xorkey = k5alloc(hash->blocksize, &ret);
+    if (xorkey == NULL)
+        goto cleanup;
+    ihash = k5alloc(hash->hashsize, &ret);
+    if (ihash == NULL)
+        goto cleanup;
+    ihash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+    if (ihash_iov == NULL)
         goto cleanup;
 
-    /* create the outer padded key */
-
-    memset(xorkey, 0x5c, blocksize);
-
-    for (i=0; i<key->length; i++)
-        xorkey[i] ^= key->contents[i];
-
-    /* compute the outer hash */
-
-    hashin[0].length = blocksize;
-    hashin[0].data = (char *) xorkey;
-    hashin[1] = hashout;
-
-    output->length = hashsize;
+    /* Create the inner padded key. */
+    memset(xorkey, 0x36, hash->blocksize);
+    for (i = 0; i < keyblock->length; i++)
+        xorkey[i] ^= keyblock->contents[i];
+
+    /* Compute the inner hash over the inner key and input data. */
+    ihash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    ihash_iov[0].data = make_data(xorkey, hash->blocksize);
+    memcpy(ihash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    hashout = make_data(ihash, hash->hashsize);
+    ret = hash->hash(ihash_iov, num_data + 1, &hashout);
+    if (ret != 0)
+        goto cleanup;
 
-    if ((ret = ((*(hash->hash))(2, hashin, output))))
+    /* Create the outer padded key. */
+    memset(xorkey, 0x5c, hash->blocksize);
+    for (i = 0; i < keyblock->length; i++)
+        xorkey[i] ^= keyblock->contents[i];
+
+    /* Compute the outer hash over the outer key and inner hash value. */
+    ohash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    ohash_iov[0].data = make_data(xorkey, hash->blocksize);
+    ohash_iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    ohash_iov[1].data = make_data(ihash, hash->hashsize);
+    output->length = hash->hashsize;
+    ret = hash->hash(ohash_iov, 2, output);
+    if (ret != 0)
         memset(output->data, 0, output->length);
 
-    /* ret is set correctly by the prior call */
-
 cleanup:
-    memset(xorkey, 0, blocksize);
-    memset(ihash, 0, hashsize);
-
-    free(hashin);
-    free(ihash);
-    free(xorkey);
-
-    return(ret);
-}
-
-krb5_error_code
-krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
-			  const krb5_keyblock *key,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  krb5_data *output)
-{
-    krb5_data *sign_data;
-    size_t num_sign_data;
-    krb5_error_code ret;
-    size_t i, j;
-
-    /* Create a checksum over all the data to be signed */
-    for (i = 0, num_sign_data = 0; i < num_data; i++) {
-        const krb5_crypto_iov *iov = &data[i];
-
-        if (SIGN_IOV(iov))
-            num_sign_data++;
-    }
-
-    /* XXX cleanup to avoid alloc */
-    sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data));
-    if (sign_data == NULL)
-        return ENOMEM;
-
-    for (i = 0, j = 0; i < num_data; i++) {
-        const krb5_crypto_iov *iov = &data[i];
-
-        if (SIGN_IOV(iov))
-            sign_data[j++] = iov->data;
-    }
-
-    /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */
-    ret = krb5int_hmac_keyblock(hash, key, num_sign_data, sign_data, output);
-
-    free(sign_data);
-
+    zapfree(xorkey, hash->blocksize);
+    zapfree(ihash, hash->hashsize);
+    free(ihash_iov);
     return ret;
 }
 
 krb5_error_code
 krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
-	  unsigned int icount, const krb5_data *input, krb5_data *output)
-{
-    return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
-}
-
-krb5_error_code
-krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key,
-		 const krb5_crypto_iov *data, size_t num_data,
-		 krb5_data *output)
+             const krb5_crypto_iov *data, size_t num_data,
+             krb5_data *output)
 {
-    return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data,
-				     output);
+    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);
 }
diff --git a/src/lib/crypto/builtin/md4/Makefile.in b/src/lib/crypto/builtin/md4/Makefile.in
index 78dd053..561927a 100644
--- a/src/lib/crypto/builtin/md4/Makefile.in
+++ b/src/lib/crypto/builtin/md4/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/md4
 mydir=lib/crypto/builtin/md4
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)
diff --git a/src/lib/crypto/builtin/md4/deps b/src/lib/crypto/builtin/md4/deps
index e52d180..a28d9da 100644
--- a/src/lib/crypto/builtin/md4/deps
+++ b/src/lib/crypto/builtin/md4/deps
@@ -3,11 +3,11 @@
 #
 md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h md4.c rsa-md4.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h md4.c rsa-md4.h
diff --git a/src/lib/crypto/builtin/md4/md4.c b/src/lib/crypto/builtin/md4/md4.c
index b36a476..6850e13 100644
--- a/src/lib/crypto/builtin/md4/md4.c
+++ b/src/lib/crypto/builtin/md4/md4.c
@@ -1,39 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- *	lib/crypto/md4/md4.c
+ *      lib/crypto/md4/md4.c
  */
 
 /*
- **********************************************************************
- ** md4.c                                                            **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version                  **
- **********************************************************************
- */
+**********************************************************************
+** md4.c                                                            **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C Version                  **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 #include "k5-int.h"
 #include "rsa-md4.h"
@@ -42,14 +43,14 @@
 static void Transform (krb5_ui_4 *, krb5_ui_4 *);
 
 static const unsigned char PADDING[64] = {
-  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
 /* F, G and H are basic MD4 functions: selection, majority, parity */
@@ -62,185 +63,185 @@ static const unsigned char PADDING[64] = {
 
 /* FF, GG and HH are MD4 transformations for rounds 1, 2 and 3 */
 /* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s) \
-  {(a) += F ((b), (c), (d)) + (x); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
-#define GG(a, b, c, d, x, s) \
-  {(a) += G ((b), (c), (d)) + (x) + 013240474631UL; \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
-#define HH(a, b, c, d, x, s) \
-  {(a) += H ((b), (c), (d)) + (x) + 015666365641UL; \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s));}
+#define FF(a, b, c, d, x, s)                    \
+    {(a) += F ((b), (c), (d)) + (x);            \
+        (a) &= 0xffffffff;                      \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define GG(a, b, c, d, x, s)                            \
+    {(a) += G ((b), (c), (d)) + (x) + 013240474631UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
+#define HH(a, b, c, d, x, s)                            \
+    {(a) += H ((b), (c), (d)) + (x) + 015666365641UL;   \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));}
 
 void
 krb5int_MD4Init (krb5_MD4_CTX *mdContext)
 {
-  mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
-
-  /* Load magic initialization constants.
-   */
-  mdContext->buf[0] = 0x67452301UL;
-  mdContext->buf[1] = 0xefcdab89UL;
-  mdContext->buf[2] = 0x98badcfeUL;
-  mdContext->buf[3] = 0x10325476UL;
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
 }
 
 void
 krb5int_MD4Update (krb5_MD4_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* update number of bits */
-  if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
-    mdContext->i[1]++;
-  mdContext->i[0] += ((krb5_ui_4)inLen << 3);
-  mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
-
-  while (inLen--) {
-    /* add new character to buffer, increment mdi */
-    mdContext->in[mdi++] = *inBuf++;
-
-    /* transform if necessary */
-    if (mdi == 0x40) {
-      for (i = 0, ii = 0; i < 16; i++, ii += 4) {
-	  in[i] = load_32_le(mdContext->in+ii);
-      }
-      Transform (mdContext->buf, in);
-      mdi = 0;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4) {
+                in[i] = load_32_le(mdContext->in+ii);
+            }
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
     }
-  }
 }
 
 void
 krb5int_MD4Final (krb5_MD4_CTX *mdContext)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-  unsigned int padLen;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
 
-  /* save number of bits */
-  in[14] = mdContext->i[0];
-  in[15] = mdContext->i[1];
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
 
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
 
-  /* pad out to 56 mod 64 */
-  padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
-  krb5int_MD4Update (mdContext, PADDING, padLen);
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD4Update (mdContext, PADDING, padLen);
 
-  /* append length in bits and transform */
-  for (i = 0, ii = 0; i < 14; i++, ii += 4)
-      in[i] = load_32_le(mdContext->in+ii);
-  Transform (mdContext->buf, in);
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
 
 
-  /* store buffer in digest */
-  for (i = 0, ii = 0; i < 4; i++, ii += 4) {
-      store_32_le(mdContext->buf[i], mdContext->digest+ii);
-  }
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
 }
 
 /* Basic MD4 step. Transform buf based on in.
  */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
 {
-  register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+    register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
-  int i;
+    int i;
 #define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round1consts[] = { 3, 7, 11, 19, };
-      FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round2indices[] = {
-	  0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
-      };
-      static const unsigned char round2consts[] = { 3, 5, 9, 13 };
-      GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round3indices[] = {
-	  0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
-      };
-      static const unsigned char round3consts[] = { 3, 9, 11, 15 };
-      HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
-  }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round1consts[] = { 3, 7, 11, 19, };
+        FF (a, b, c, d, in[i], round1consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round2indices[] = {
+            0,4,8,12,1,5,9,13,2,6,10,14,3,7,11,15
+        };
+        static const unsigned char round2consts[] = { 3, 5, 9, 13 };
+        GG (a, b, c, d, in[round2indices[i]], round2consts[i%4]); ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3indices[] = {
+            0, 8, 4, 12, 2, 10, 6, 14, 1, 9, 5, 13, 3, 11, 7, 15
+        };
+        static const unsigned char round3consts[] = { 3, 9, 11, 15 };
+        HH (a, b, c, d, in[round3indices[i]], round3consts[i%4]); ROTATE;
+    }
 #else
-  /* Round 1 */
-  FF (a, b, c, d, in[ 0],  3);
-  FF (d, a, b, c, in[ 1],  7);
-  FF (c, d, a, b, in[ 2], 11);
-  FF (b, c, d, a, in[ 3], 19);
-  FF (a, b, c, d, in[ 4],  3);
-  FF (d, a, b, c, in[ 5],  7);
-  FF (c, d, a, b, in[ 6], 11);
-  FF (b, c, d, a, in[ 7], 19);
-  FF (a, b, c, d, in[ 8],  3);
-  FF (d, a, b, c, in[ 9],  7);
-  FF (c, d, a, b, in[10], 11);
-  FF (b, c, d, a, in[11], 19);
-  FF (a, b, c, d, in[12],  3);
-  FF (d, a, b, c, in[13],  7);
-  FF (c, d, a, b, in[14], 11);
-  FF (b, c, d, a, in[15], 19);
-
-  /* Round 2 */
-  GG (a, b, c, d, in[ 0],  3);
-  GG (d, a, b, c, in[ 4],  5);
-  GG (c, d, a, b, in[ 8],  9);
-  GG (b, c, d, a, in[12], 13);
-  GG (a, b, c, d, in[ 1],  3);
-  GG (d, a, b, c, in[ 5],  5);
-  GG (c, d, a, b, in[ 9],  9);
-  GG (b, c, d, a, in[13], 13);
-  GG (a, b, c, d, in[ 2],  3);
-  GG (d, a, b, c, in[ 6],  5);
-  GG (c, d, a, b, in[10],  9);
-  GG (b, c, d, a, in[14], 13);
-  GG (a, b, c, d, in[ 3],  3);
-  GG (d, a, b, c, in[ 7],  5);
-  GG (c, d, a, b, in[11],  9);
-  GG (b, c, d, a, in[15], 13);
-
-  /* Round 3 */
-  HH (a, b, c, d, in[ 0],  3);
-  HH (d, a, b, c, in[ 8],  9);
-  HH (c, d, a, b, in[ 4], 11);
-  HH (b, c, d, a, in[12], 15);
-  HH (a, b, c, d, in[ 2],  3);
-  HH (d, a, b, c, in[10],  9);
-  HH (c, d, a, b, in[ 6], 11);
-  HH (b, c, d, a, in[14], 15);
-  HH (a, b, c, d, in[ 1],  3);
-  HH (d, a, b, c, in[ 9],  9);
-  HH (c, d, a, b, in[ 5], 11);
-  HH (b, c, d, a, in[13], 15);
-  HH (a, b, c, d, in[ 3],  3);
-  HH (d, a, b, c, in[11],  9);
-  HH (c, d, a, b, in[ 7], 11);
-  HH (b, c, d, a, in[15], 15);
+    /* Round 1 */
+    FF (a, b, c, d, in[ 0],  3);
+    FF (d, a, b, c, in[ 1],  7);
+    FF (c, d, a, b, in[ 2], 11);
+    FF (b, c, d, a, in[ 3], 19);
+    FF (a, b, c, d, in[ 4],  3);
+    FF (d, a, b, c, in[ 5],  7);
+    FF (c, d, a, b, in[ 6], 11);
+    FF (b, c, d, a, in[ 7], 19);
+    FF (a, b, c, d, in[ 8],  3);
+    FF (d, a, b, c, in[ 9],  7);
+    FF (c, d, a, b, in[10], 11);
+    FF (b, c, d, a, in[11], 19);
+    FF (a, b, c, d, in[12],  3);
+    FF (d, a, b, c, in[13],  7);
+    FF (c, d, a, b, in[14], 11);
+    FF (b, c, d, a, in[15], 19);
+
+    /* Round 2 */
+    GG (a, b, c, d, in[ 0],  3);
+    GG (d, a, b, c, in[ 4],  5);
+    GG (c, d, a, b, in[ 8],  9);
+    GG (b, c, d, a, in[12], 13);
+    GG (a, b, c, d, in[ 1],  3);
+    GG (d, a, b, c, in[ 5],  5);
+    GG (c, d, a, b, in[ 9],  9);
+    GG (b, c, d, a, in[13], 13);
+    GG (a, b, c, d, in[ 2],  3);
+    GG (d, a, b, c, in[ 6],  5);
+    GG (c, d, a, b, in[10],  9);
+    GG (b, c, d, a, in[14], 13);
+    GG (a, b, c, d, in[ 3],  3);
+    GG (d, a, b, c, in[ 7],  5);
+    GG (c, d, a, b, in[11],  9);
+    GG (b, c, d, a, in[15], 13);
+
+    /* Round 3 */
+    HH (a, b, c, d, in[ 0],  3);
+    HH (d, a, b, c, in[ 8],  9);
+    HH (c, d, a, b, in[ 4], 11);
+    HH (b, c, d, a, in[12], 15);
+    HH (a, b, c, d, in[ 2],  3);
+    HH (d, a, b, c, in[10],  9);
+    HH (c, d, a, b, in[ 6], 11);
+    HH (b, c, d, a, in[14], 15);
+    HH (a, b, c, d, in[ 1],  3);
+    HH (d, a, b, c, in[ 9],  9);
+    HH (c, d, a, b, in[ 5], 11);
+    HH (b, c, d, a, in[13], 15);
+    HH (a, b, c, d, in[ 3],  3);
+    HH (d, a, b, c, in[11],  9);
+    HH (c, d, a, b, in[ 7], 11);
+    HH (b, c, d, a, in[15], 15);
 #endif
 
-  buf[0] += a;
-  buf[1] += b;
-  buf[2] += c;
-  buf[3] += d;
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
 }
 
 /*
- **********************************************************************
- ** End of md4.c                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.c                                                     **
+******************************* (cut) ********************************
+*/
diff --git a/src/lib/crypto/builtin/md4/rsa-md4.h b/src/lib/crypto/builtin/md4/rsa-md4.h
index 2f59220..408f2ef 100644
--- a/src/lib/crypto/builtin/md4/rsa-md4.h
+++ b/src/lib/crypto/builtin/md4/rsa-md4.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md4/rsa-md4.h
  *
@@ -35,51 +36,51 @@
 #endif /* unicos61 */
 
 /* 16 u_char's in the digest */
-#define RSA_MD4_CKSUM_LENGTH	16
+#define RSA_MD4_CKSUM_LENGTH    16
 /* des blocksize is 8, so this works nicely... */
-#define OLD_RSA_MD4_DES_CKSUM_LENGTH	16
-#define NEW_RSA_MD4_DES_CKSUM_LENGTH	24
-#define	RSA_MD4_DES_CONFOUND_LENGTH	8
+#define OLD_RSA_MD4_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD4_DES_CKSUM_LENGTH    24
+#define RSA_MD4_DES_CONFOUND_LENGTH     8
 
 /*
- **********************************************************************
- ** md4.h -- Header file for implementation of MD4                   **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
- **********************************************************************
- */
+**********************************************************************
+** md4.h -- Header file for implementation of MD4                   **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 /* Data structure for MD4 (Message Digest) computation */
 typedef struct {
-  krb5_ui_4 i[2];			/* number of _bits_ handled mod 2^64 */
-  krb5_ui_4 buf[4];			/* scratch buffer */
-  unsigned char in[64];			/* input buffer */
-  unsigned char digest[16];		/* actual digest after MD4Final call */
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD4Final call */
 } krb5_MD4_CTX;
 
 extern void krb5int_MD4Init(krb5_MD4_CTX *);
@@ -87,8 +88,8 @@ extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned in
 extern void krb5int_MD4Final(krb5_MD4_CTX *);
 
 /*
- **********************************************************************
- ** End of md4.h                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.h                                                     **
+******************************* (cut) ********************************
+*/
 #endif /* __KRB5_RSA_MD4_H__ */
diff --git a/src/lib/crypto/builtin/md5/Makefile.in b/src/lib/crypto/builtin/md5/Makefile.in
index 6da4374..6a1f52f 100644
--- a/src/lib/crypto/builtin/md5/Makefile.in
+++ b/src/lib/crypto/builtin/md5/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/md5
 mydir=lib/crypto/builtin/md5
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/crypto/builtin/md5/deps b/src/lib/crypto/builtin/md5/deps
index 4e3b63d..876368d 100644
--- a/src/lib/crypto/builtin/md5/deps
+++ b/src/lib/crypto/builtin/md5/deps
@@ -3,11 +3,11 @@
 #
 md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h md5.c rsa-md5.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h md5.c rsa-md5.h
diff --git a/src/lib/crypto/builtin/md5/md5.c b/src/lib/crypto/builtin/md5/md5.c
index 76f8fa2..7e06aa6 100644
--- a/src/lib/crypto/builtin/md5/md5.c
+++ b/src/lib/crypto/builtin/md5/md5.c
@@ -1,66 +1,67 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- ***********************************************************************
- ** md5.c -- the source code for MD5 routines                         **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
- ***********************************************************************
- */
+***********************************************************************
+** md5.c -- the source code for MD5 routines                         **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+***********************************************************************
+*/
 
 /*
  * Modified by John Carr, MIT, to use Kerberos 5 typedefs.
  */
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
 #include "k5-int.h"
 #include "rsa-md5.h"
 
 /*
- ***********************************************************************
- **  Message-digest routines:                                         **
- **  To form the message digest for a message M                       **
- **    (1) Initialize a context buffer mdContext using krb5int_MD5Init   **
- **    (2) Call krb5int_MD5Update on mdContext and M                     **
- **    (3) Call krb5int_MD5Final on mdContext                            **
- **  The message digest is now in mdContext->digest[0...15]           **
- ***********************************************************************
- */
+***********************************************************************
+**  Message-digest routines:                                         **
+**  To form the message digest for a message M                       **
+**    (1) Initialize a context buffer mdContext using krb5int_MD5Init   **
+**    (2) Call krb5int_MD5Update on mdContext and M                     **
+**    (3) Call krb5int_MD5Final on mdContext                            **
+**  The message digest is now in mdContext->digest[0...15]           **
+***********************************************************************
+*/
 
 /* forward declaration */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in);
 
 static const unsigned char PADDING[64] = {
-  0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-  0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 
 /* F, G, H and I are basic MD5 functions */
@@ -74,270 +75,270 @@ static const unsigned char PADDING[64] = {
 
 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
 /* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s, ac) \
-  {(a) += F ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define GG(a, b, c, d, x, s, ac) \
-  {(a) += G ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define HH(a, b, c, d, x, s, ac) \
-  {(a) += H ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
-#define II(a, b, c, d, x, s, ac) \
-  {(a) += I ((b), (c), (d)) + (x) + (krb5_ui_4)(ac); \
-   (a) &= 0xffffffff; \
-   (a) = ROTATE_LEFT ((a), (s)); \
-   (a) += (b); \
-   (a) &= 0xffffffff; \
-  }
+#define FF(a, b, c, d, x, s, ac)                        \
+    {(a) += F ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define GG(a, b, c, d, x, s, ac)                        \
+    {(a) += G ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define HH(a, b, c, d, x, s, ac)                        \
+    {(a) += H ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
+#define II(a, b, c, d, x, s, ac)                        \
+    {(a) += I ((b), (c), (d)) + (x) + (krb5_ui_4)(ac);  \
+        (a) &= 0xffffffff;                              \
+        (a) = ROTATE_LEFT ((a), (s));                   \
+        (a) += (b);                                     \
+        (a) &= 0xffffffff;                              \
+    }
 
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
- */
+*/
 void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
-  mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
-
-  /* Load magic initialization constants.
-   */
-  mdContext->buf[0] = 0x67452301UL;
-  mdContext->buf[1] = 0xefcdab89UL;
-  mdContext->buf[2] = 0x98badcfeUL;
-  mdContext->buf[3] = 0x10325476UL;
+    mdContext->i[0] = mdContext->i[1] = (krb5_ui_4)0;
+
+    /* Load magic initialization constants.
+     */
+    mdContext->buf[0] = 0x67452301UL;
+    mdContext->buf[1] = 0xefcdab89UL;
+    mdContext->buf[2] = 0x98badcfeUL;
+    mdContext->buf[3] = 0x10325476UL;
 }
 
 /* The routine krb5int_MD5Update updates the message-digest context to
    account for the presence of each of the characters inBuf[0..inLen-1]
    in the message whose digest is being computed.
- */
+*/
 void
 krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* update number of bits */
-  if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
-    mdContext->i[1]++;
-  mdContext->i[0] += ((krb5_ui_4)inLen << 3);
-  mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
-
-  while (inLen--) {
-    /* add new character to buffer, increment mdi */
-    mdContext->in[mdi++] = *inBuf++;
-
-    /* transform if necessary */
-    if (mdi == 0x40) {
-      for (i = 0, ii = 0; i < 16; i++, ii += 4)
-	  in[i] = load_32_le(mdContext->in+ii);
-      Transform (mdContext->buf, in);
-      mdi = 0;
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* update number of bits */
+    if ((mdContext->i[0] + ((krb5_ui_4)inLen << 3)) < mdContext->i[0])
+        mdContext->i[1]++;
+    mdContext->i[0] += ((krb5_ui_4)inLen << 3);
+    mdContext->i[1] += ((krb5_ui_4)inLen >> 29);
+
+    while (inLen--) {
+        /* add new character to buffer, increment mdi */
+        mdContext->in[mdi++] = *inBuf++;
+
+        /* transform if necessary */
+        if (mdi == 0x40) {
+            for (i = 0, ii = 0; i < 16; i++, ii += 4)
+                in[i] = load_32_le(mdContext->in+ii);
+            Transform (mdContext->buf, in);
+            mdi = 0;
+        }
     }
-  }
 }
 
 /* The routine krb5int_MD5Final terminates the message-digest computation and
    ends with the desired message digest in mdContext->digest[0...15].
- */
+*/
 void
 krb5int_MD5Final (krb5_MD5_CTX *mdContext)
 {
-  krb5_ui_4 in[16];
-  int mdi;
-  unsigned int i, ii;
-  unsigned int padLen;
-
-  /* save number of bits */
-  in[14] = mdContext->i[0];
-  in[15] = mdContext->i[1];
-
-  /* compute number of bytes mod 64 */
-  mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
-  /* pad out to 56 mod 64 */
-  padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
-  krb5int_MD5Update (mdContext, PADDING, padLen);
-
-  /* append length in bits and transform */
-  for (i = 0, ii = 0; i < 14; i++, ii += 4)
-      in[i] = load_32_le(mdContext->in+ii);
-  Transform (mdContext->buf, in);
-
-  /* store buffer in digest */
-  for (i = 0, ii = 0; i < 4; i++, ii += 4) {
-    store_32_le(mdContext->buf[i], mdContext->digest+ii);
-  }
+    krb5_ui_4 in[16];
+    int mdi;
+    unsigned int i, ii;
+    unsigned int padLen;
+
+    /* save number of bits */
+    in[14] = mdContext->i[0];
+    in[15] = mdContext->i[1];
+
+    /* compute number of bytes mod 64 */
+    mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+    /* pad out to 56 mod 64 */
+    padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+    krb5int_MD5Update (mdContext, PADDING, padLen);
+
+    /* append length in bits and transform */
+    for (i = 0, ii = 0; i < 14; i++, ii += 4)
+        in[i] = load_32_le(mdContext->in+ii);
+    Transform (mdContext->buf, in);
+
+    /* store buffer in digest */
+    for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+        store_32_le(mdContext->buf[i], mdContext->digest+ii);
+    }
 }
 
 /* Basic MD5 step. Transforms buf based on in.
  */
 static void Transform (krb5_ui_4 *buf, krb5_ui_4 *in)
 {
-  register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+    register krb5_ui_4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
 
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 
-  int i;
+    int i;
 #define ROTATE { krb5_ui_4 temp; temp = d, d = c, c = b, b = a, a = temp; }
-  for (i = 0; i < 16; i++) {
-      const unsigned char round1s[] = { 7, 12, 17, 22 };
-      const krb5_ui_4 round1consts[] = {
-	  3614090360UL,	  3905402710UL,	   606105819UL,	  3250441966UL,
-	  4118548399UL,	  1200080426UL,	  2821735955UL,	  4249261313UL,
-	  1770035416UL,	  2336552879UL,	  4294925233UL,	  2304563134UL,
-	  1804603682UL,	  4254626195UL,	  2792965006UL,	  1236535329UL,
-      };
-      FF (a, b, c, d, in[i], round1s[i%4], round1consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      const unsigned char round2s[] = { 5, 9, 14, 20 };
-      const krb5_ui_4 round2consts[] = {
-	  4129170786UL,	  3225465664UL,	   643717713UL,	  3921069994UL,
-	  3593408605UL,	    38016083UL,	  3634488961UL,	  3889429448UL,
-	   568446438UL,	  3275163606UL,	  4107603335UL,	  1163531501UL,
-	  2850285829UL,	  4243563512UL,	  1735328473UL,	  2368359562UL,
-      };
-      int r2index = (1 + i * 5) % 16;
-      GG (a, b, c, d, in[r2index], round2s[i%4], round2consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round3s[] = { 4, 11, 16, 23 };
-      static const krb5_ui_4 round3consts[] = {
-	  4294588738UL,	  2272392833UL,	  1839030562UL,	  4259657740UL,
-	  2763975236UL,	  1272893353UL,	  4139469664UL,	  3200236656UL,
-	   681279174UL,	  3936430074UL,	  3572445317UL,	    76029189UL,
-	  3654602809UL,	  3873151461UL,	   530742520UL,	  3299628645UL,
-      };
-      int r3index = (5 + i * 3) % 16;
-      HH (a, b, c, d, in[r3index], round3s[i%4], round3consts[i]);
-      ROTATE;
-  }
-  for (i = 0; i < 16; i++) {
-      static const unsigned char round4s[] = { 6, 10, 15, 21 };
-      static const krb5_ui_4 round4consts[] = {
-	  4096336452UL,	  1126891415UL,	  2878612391UL,	  4237533241UL,
-	  1700485571UL,	  2399980690UL,	  4293915773UL,	  2240044497UL,
-	  1873313359UL,	  4264355552UL,	  2734768916UL,	  1309151649UL,
-	  4149444226UL,	  3174756917UL,	   718787259UL,	  3951481745UL,
-      };
-      int r4index = (7 * i) % 16;
-      II (a, b, c, d, in[r4index], round4s[i%4], round4consts[i]);
-      ROTATE;
-  }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round1s[] = { 7, 12, 17, 22 };
+        const krb5_ui_4 round1consts[] = {
+            3614090360UL,   3905402710UL,    606105819UL,   3250441966UL,
+            4118548399UL,   1200080426UL,   2821735955UL,   4249261313UL,
+            1770035416UL,   2336552879UL,   4294925233UL,   2304563134UL,
+            1804603682UL,   4254626195UL,   2792965006UL,   1236535329UL,
+        };
+        FF (a, b, c, d, in[i], round1s[i%4], round1consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        const unsigned char round2s[] = { 5, 9, 14, 20 };
+        const krb5_ui_4 round2consts[] = {
+            4129170786UL,   3225465664UL,    643717713UL,   3921069994UL,
+            3593408605UL,     38016083UL,   3634488961UL,   3889429448UL,
+            568446438UL,   3275163606UL,   4107603335UL,   1163531501UL,
+            2850285829UL,   4243563512UL,   1735328473UL,   2368359562UL,
+        };
+        int r2index = (1 + i * 5) % 16;
+        GG (a, b, c, d, in[r2index], round2s[i%4], round2consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round3s[] = { 4, 11, 16, 23 };
+        static const krb5_ui_4 round3consts[] = {
+            4294588738UL,   2272392833UL,   1839030562UL,   4259657740UL,
+            2763975236UL,   1272893353UL,   4139469664UL,   3200236656UL,
+            681279174UL,   3936430074UL,   3572445317UL,     76029189UL,
+            3654602809UL,   3873151461UL,    530742520UL,   3299628645UL,
+        };
+        int r3index = (5 + i * 3) % 16;
+        HH (a, b, c, d, in[r3index], round3s[i%4], round3consts[i]);
+        ROTATE;
+    }
+    for (i = 0; i < 16; i++) {
+        static const unsigned char round4s[] = { 6, 10, 15, 21 };
+        static const krb5_ui_4 round4consts[] = {
+            4096336452UL,   1126891415UL,   2878612391UL,   4237533241UL,
+            1700485571UL,   2399980690UL,   4293915773UL,   2240044497UL,
+            1873313359UL,   4264355552UL,   2734768916UL,   1309151649UL,
+            4149444226UL,   3174756917UL,    718787259UL,   3951481745UL,
+        };
+        int r4index = (7 * i) % 16;
+        II (a, b, c, d, in[r4index], round4s[i%4], round4consts[i]);
+        ROTATE;
+    }
 
 #else
 
-  /* Round 1 */
+    /* Round 1 */
 #define S11 7
 #define S12 12
 #define S13 17
 #define S14 22
-  FF ( a, b, c, d, in[ 0], S11, 3614090360UL); /* 1 */
-  FF ( d, a, b, c, in[ 1], S12, 3905402710UL); /* 2 */
-  FF ( c, d, a, b, in[ 2], S13,  606105819UL); /* 3 */
-  FF ( b, c, d, a, in[ 3], S14, 3250441966UL); /* 4 */
-  FF ( a, b, c, d, in[ 4], S11, 4118548399UL); /* 5 */
-  FF ( d, a, b, c, in[ 5], S12, 1200080426UL); /* 6 */
-  FF ( c, d, a, b, in[ 6], S13, 2821735955UL); /* 7 */
-  FF ( b, c, d, a, in[ 7], S14, 4249261313UL); /* 8 */
-  FF ( a, b, c, d, in[ 8], S11, 1770035416UL); /* 9 */
-  FF ( d, a, b, c, in[ 9], S12, 2336552879UL); /* 10 */
-  FF ( c, d, a, b, in[10], S13, 4294925233UL); /* 11 */
-  FF ( b, c, d, a, in[11], S14, 2304563134UL); /* 12 */
-  FF ( a, b, c, d, in[12], S11, 1804603682UL); /* 13 */
-  FF ( d, a, b, c, in[13], S12, 4254626195UL); /* 14 */
-  FF ( c, d, a, b, in[14], S13, 2792965006UL); /* 15 */
-  FF ( b, c, d, a, in[15], S14, 1236535329UL); /* 16 */
-
-  /* Round 2 */
+    FF ( a, b, c, d, in[ 0], S11, 3614090360UL); /* 1 */
+    FF ( d, a, b, c, in[ 1], S12, 3905402710UL); /* 2 */
+    FF ( c, d, a, b, in[ 2], S13,  606105819UL); /* 3 */
+    FF ( b, c, d, a, in[ 3], S14, 3250441966UL); /* 4 */
+    FF ( a, b, c, d, in[ 4], S11, 4118548399UL); /* 5 */
+    FF ( d, a, b, c, in[ 5], S12, 1200080426UL); /* 6 */
+    FF ( c, d, a, b, in[ 6], S13, 2821735955UL); /* 7 */
+    FF ( b, c, d, a, in[ 7], S14, 4249261313UL); /* 8 */
+    FF ( a, b, c, d, in[ 8], S11, 1770035416UL); /* 9 */
+    FF ( d, a, b, c, in[ 9], S12, 2336552879UL); /* 10 */
+    FF ( c, d, a, b, in[10], S13, 4294925233UL); /* 11 */
+    FF ( b, c, d, a, in[11], S14, 2304563134UL); /* 12 */
+    FF ( a, b, c, d, in[12], S11, 1804603682UL); /* 13 */
+    FF ( d, a, b, c, in[13], S12, 4254626195UL); /* 14 */
+    FF ( c, d, a, b, in[14], S13, 2792965006UL); /* 15 */
+    FF ( b, c, d, a, in[15], S14, 1236535329UL); /* 16 */
+
+    /* Round 2 */
 #define S21 5
 #define S22 9
 #define S23 14
 #define S24 20
-  GG ( a, b, c, d, in[ 1], S21, 4129170786UL); /* 17 */
-  GG ( d, a, b, c, in[ 6], S22, 3225465664UL); /* 18 */
-  GG ( c, d, a, b, in[11], S23,  643717713UL); /* 19 */
-  GG ( b, c, d, a, in[ 0], S24, 3921069994UL); /* 20 */
-  GG ( a, b, c, d, in[ 5], S21, 3593408605UL); /* 21 */
-  GG ( d, a, b, c, in[10], S22,   38016083UL); /* 22 */
-  GG ( c, d, a, b, in[15], S23, 3634488961UL); /* 23 */
-  GG ( b, c, d, a, in[ 4], S24, 3889429448UL); /* 24 */
-  GG ( a, b, c, d, in[ 9], S21,  568446438UL); /* 25 */
-  GG ( d, a, b, c, in[14], S22, 3275163606UL); /* 26 */
-  GG ( c, d, a, b, in[ 3], S23, 4107603335UL); /* 27 */
-  GG ( b, c, d, a, in[ 8], S24, 1163531501UL); /* 28 */
-  GG ( a, b, c, d, in[13], S21, 2850285829UL); /* 29 */
-  GG ( d, a, b, c, in[ 2], S22, 4243563512UL); /* 30 */
-  GG ( c, d, a, b, in[ 7], S23, 1735328473UL); /* 31 */
-  GG ( b, c, d, a, in[12], S24, 2368359562UL); /* 32 */
-
-  /* Round 3 */
+    GG ( a, b, c, d, in[ 1], S21, 4129170786UL); /* 17 */
+    GG ( d, a, b, c, in[ 6], S22, 3225465664UL); /* 18 */
+    GG ( c, d, a, b, in[11], S23,  643717713UL); /* 19 */
+    GG ( b, c, d, a, in[ 0], S24, 3921069994UL); /* 20 */
+    GG ( a, b, c, d, in[ 5], S21, 3593408605UL); /* 21 */
+    GG ( d, a, b, c, in[10], S22,   38016083UL); /* 22 */
+    GG ( c, d, a, b, in[15], S23, 3634488961UL); /* 23 */
+    GG ( b, c, d, a, in[ 4], S24, 3889429448UL); /* 24 */
+    GG ( a, b, c, d, in[ 9], S21,  568446438UL); /* 25 */
+    GG ( d, a, b, c, in[14], S22, 3275163606UL); /* 26 */
+    GG ( c, d, a, b, in[ 3], S23, 4107603335UL); /* 27 */
+    GG ( b, c, d, a, in[ 8], S24, 1163531501UL); /* 28 */
+    GG ( a, b, c, d, in[13], S21, 2850285829UL); /* 29 */
+    GG ( d, a, b, c, in[ 2], S22, 4243563512UL); /* 30 */
+    GG ( c, d, a, b, in[ 7], S23, 1735328473UL); /* 31 */
+    GG ( b, c, d, a, in[12], S24, 2368359562UL); /* 32 */
+
+    /* Round 3 */
 #define S31 4
 #define S32 11
 #define S33 16
 #define S34 23
-  HH ( a, b, c, d, in[ 5], S31, 4294588738UL); /* 33 */
-  HH ( d, a, b, c, in[ 8], S32, 2272392833UL); /* 34 */
-  HH ( c, d, a, b, in[11], S33, 1839030562UL); /* 35 */
-  HH ( b, c, d, a, in[14], S34, 4259657740UL); /* 36 */
-  HH ( a, b, c, d, in[ 1], S31, 2763975236UL); /* 37 */
-  HH ( d, a, b, c, in[ 4], S32, 1272893353UL); /* 38 */
-  HH ( c, d, a, b, in[ 7], S33, 4139469664UL); /* 39 */
-  HH ( b, c, d, a, in[10], S34, 3200236656UL); /* 40 */
-  HH ( a, b, c, d, in[13], S31,  681279174UL); /* 41 */
-  HH ( d, a, b, c, in[ 0], S32, 3936430074UL); /* 42 */
-  HH ( c, d, a, b, in[ 3], S33, 3572445317UL); /* 43 */
-  HH ( b, c, d, a, in[ 6], S34,   76029189UL); /* 44 */
-  HH ( a, b, c, d, in[ 9], S31, 3654602809UL); /* 45 */
-  HH ( d, a, b, c, in[12], S32, 3873151461UL); /* 46 */
-  HH ( c, d, a, b, in[15], S33,  530742520UL); /* 47 */
-  HH ( b, c, d, a, in[ 2], S34, 3299628645UL); /* 48 */
-
-  /* Round 4 */
+    HH ( a, b, c, d, in[ 5], S31, 4294588738UL); /* 33 */
+    HH ( d, a, b, c, in[ 8], S32, 2272392833UL); /* 34 */
+    HH ( c, d, a, b, in[11], S33, 1839030562UL); /* 35 */
+    HH ( b, c, d, a, in[14], S34, 4259657740UL); /* 36 */
+    HH ( a, b, c, d, in[ 1], S31, 2763975236UL); /* 37 */
+    HH ( d, a, b, c, in[ 4], S32, 1272893353UL); /* 38 */
+    HH ( c, d, a, b, in[ 7], S33, 4139469664UL); /* 39 */
+    HH ( b, c, d, a, in[10], S34, 3200236656UL); /* 40 */
+    HH ( a, b, c, d, in[13], S31,  681279174UL); /* 41 */
+    HH ( d, a, b, c, in[ 0], S32, 3936430074UL); /* 42 */
+    HH ( c, d, a, b, in[ 3], S33, 3572445317UL); /* 43 */
+    HH ( b, c, d, a, in[ 6], S34,   76029189UL); /* 44 */
+    HH ( a, b, c, d, in[ 9], S31, 3654602809UL); /* 45 */
+    HH ( d, a, b, c, in[12], S32, 3873151461UL); /* 46 */
+    HH ( c, d, a, b, in[15], S33,  530742520UL); /* 47 */
+    HH ( b, c, d, a, in[ 2], S34, 3299628645UL); /* 48 */
+
+    /* Round 4 */
 #define S41 6
 #define S42 10
 #define S43 15
 #define S44 21
-  II ( a, b, c, d, in[ 0], S41, 4096336452UL); /* 49 */
-  II ( d, a, b, c, in[ 7], S42, 1126891415UL); /* 50 */
-  II ( c, d, a, b, in[14], S43, 2878612391UL); /* 51 */
-  II ( b, c, d, a, in[ 5], S44, 4237533241UL); /* 52 */
-  II ( a, b, c, d, in[12], S41, 1700485571UL); /* 53 */
-  II ( d, a, b, c, in[ 3], S42, 2399980690UL); /* 54 */
-  II ( c, d, a, b, in[10], S43, 4293915773UL); /* 55 */
-  II ( b, c, d, a, in[ 1], S44, 2240044497UL); /* 56 */
-  II ( a, b, c, d, in[ 8], S41, 1873313359UL); /* 57 */
-  II ( d, a, b, c, in[15], S42, 4264355552UL); /* 58 */
-  II ( c, d, a, b, in[ 6], S43, 2734768916UL); /* 59 */
-  II ( b, c, d, a, in[13], S44, 1309151649UL); /* 60 */
-  II ( a, b, c, d, in[ 4], S41, 4149444226UL); /* 61 */
-  II ( d, a, b, c, in[11], S42, 3174756917UL); /* 62 */
-  II ( c, d, a, b, in[ 2], S43,  718787259UL); /* 63 */
-  II ( b, c, d, a, in[ 9], S44, 3951481745UL); /* 64 */
+    II ( a, b, c, d, in[ 0], S41, 4096336452UL); /* 49 */
+    II ( d, a, b, c, in[ 7], S42, 1126891415UL); /* 50 */
+    II ( c, d, a, b, in[14], S43, 2878612391UL); /* 51 */
+    II ( b, c, d, a, in[ 5], S44, 4237533241UL); /* 52 */
+    II ( a, b, c, d, in[12], S41, 1700485571UL); /* 53 */
+    II ( d, a, b, c, in[ 3], S42, 2399980690UL); /* 54 */
+    II ( c, d, a, b, in[10], S43, 4293915773UL); /* 55 */
+    II ( b, c, d, a, in[ 1], S44, 2240044497UL); /* 56 */
+    II ( a, b, c, d, in[ 8], S41, 1873313359UL); /* 57 */
+    II ( d, a, b, c, in[15], S42, 4264355552UL); /* 58 */
+    II ( c, d, a, b, in[ 6], S43, 2734768916UL); /* 59 */
+    II ( b, c, d, a, in[13], S44, 1309151649UL); /* 60 */
+    II ( a, b, c, d, in[ 4], S41, 4149444226UL); /* 61 */
+    II ( d, a, b, c, in[11], S42, 3174756917UL); /* 62 */
+    II ( c, d, a, b, in[ 2], S43,  718787259UL); /* 63 */
+    II ( b, c, d, a, in[ 9], S44, 3951481745UL); /* 64 */
 
 #endif /* small? */
 
-  buf[0] += a;
-  buf[1] += b;
-  buf[2] += c;
-  buf[3] += d;
+    buf[0] += a;
+    buf[1] += b;
+    buf[2] += c;
+    buf[3] += d;
 }
diff --git a/src/lib/crypto/builtin/md5/rsa-md5.h b/src/lib/crypto/builtin/md5/rsa-md5.h
index 938b22d..11a4fc3 100644
--- a/src/lib/crypto/builtin/md5/rsa-md5.h
+++ b/src/lib/crypto/builtin/md5/rsa-md5.h
@@ -1,60 +1,61 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5                    **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
- ** Revised (for MD5): RLR 4/27/91                                    **
- **   -- G modified to have y&~z instead of y&z                       **
- **   -- FF, GG, HH modified to add in last register done             **
- **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
- **   -- distinct additive constant for each step                     **
- **   -- round 4 added, working mod 7                                 **
- ***********************************************************************
- */
+***********************************************************************
+** md5.h -- header file for implementation of MD5                    **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+** Revised (for MD5): RLR 4/27/91                                    **
+**   -- G modified to have y&~z instead of y&z                       **
+**   -- FF, GG, HH modified to add in last register done             **
+**   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+**   -- distinct additive constant for each step                     **
+**   -- round 4 added, working mod 7                                 **
+***********************************************************************
+*/
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
-#ifndef	KRB5_RSA_MD5__
-#define	KRB5_RSA_MD5__
+#ifndef KRB5_RSA_MD5__
+#define KRB5_RSA_MD5__
 
 /* Data structure for MD5 (Message-Digest) computation */
 typedef struct {
-  krb5_ui_4 i[2];			/* number of _bits_ handled mod 2^64 */
-  krb5_ui_4 buf[4];			/* scratch buffer */
-  unsigned char in[64];			/* input buffer */
-  unsigned char digest[16];		/* actual digest after MD5Final call */
+    krb5_ui_4 i[2];                       /* number of _bits_ handled mod 2^64 */
+    krb5_ui_4 buf[4];                     /* scratch buffer */
+    unsigned char in[64];                 /* input buffer */
+    unsigned char digest[16];             /* actual digest after MD5Final call */
 } krb5_MD5_CTX;
 
 extern void krb5int_MD5Init(krb5_MD5_CTX *);
 extern void krb5int_MD5Update(krb5_MD5_CTX *,const unsigned char *,unsigned int);
 extern void krb5int_MD5Final(krb5_MD5_CTX *);
 
-#define	RSA_MD5_CKSUM_LENGTH		16
-#define	OLD_RSA_MD5_DES_CKSUM_LENGTH	16
-#define	NEW_RSA_MD5_DES_CKSUM_LENGTH	24
-#define	RSA_MD5_DES_CONFOUND_LENGTH	8
+#define RSA_MD5_CKSUM_LENGTH            16
+#define OLD_RSA_MD5_DES_CKSUM_LENGTH    16
+#define NEW_RSA_MD5_DES_CKSUM_LENGTH    24
+#define RSA_MD5_DES_CONFOUND_LENGTH     8
 
 #endif /* KRB5_RSA_MD5__ */
diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 7b45fe8..7ee07f0 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/pbkdf2.c
  *
@@ -48,13 +49,13 @@
  */
 
 typedef krb5_error_code (*prf_func)(krb5_key pass, krb5_data *salt,
-				    krb5_data *out);
+                                    krb5_data *out);
 
 /* Not exported, for now.  */
 static krb5_error_code
 krb5int_pbkdf2 (prf_func prf, size_t hlen, krb5_key pass,
-		const krb5_data *salt, unsigned long count,
-		const krb5_data *output);
+                const krb5_data *salt, unsigned long count,
+                const krb5_data *output);
 
 static int debug_hmac = 0;
 
@@ -65,16 +66,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -92,7 +93,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 
 #if 0
     printf("F(i=%d, count=%lu, pass=%d:%s)\n", i, count,
-	   pass->length, pass->data);
+           pass->length, pass->data);
 #endif
 
     /* Compute U_1.  */
@@ -117,7 +118,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 #endif
     err = (*prf)(pass, &sdata, &out);
     if (err)
-	return err;
+        return err;
 #if 0
     printd("F: prf return value", &out);
 #endif
@@ -127,23 +128,23 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
     sdata.length = hlen;
     for (j = 2; j <= count; j++) {
 #if 0
-	printf("F: computing hmac #%d (U_%d)\n", j, j);
+        printf("F: computing hmac #%d (U_%d)\n", j, j);
 #endif
-	memcpy(u_tmp2, u_tmp1, hlen);
-	err = (*prf)(pass, &sdata, &out);
-	if (err)
-	    return err;
+        memcpy(u_tmp2, u_tmp1, hlen);
+        err = (*prf)(pass, &sdata, &out);
+        if (err)
+            return err;
 #if 0
-	printd("F: prf return value", &out);
+        printd("F: prf return value", &out);
 #endif
-	/* And xor them together.  */
-	for (k = 0; k < hlen; k++)
-	    output[k] ^= u_tmp1[k];
+        /* And xor them together.  */
+        for (k = 0; k < hlen; k++)
+            output[k] ^= u_tmp1[k];
 #if 0
-	printf("F: xor result:\n");
-	for (k = 0; k < hlen; k++)
-	    printf(" %02x", 0xff & output[k]);
-	printf("\n");
+        printf("F: xor result:\n");
+        for (k = 0; k < hlen; k++)
+            printf(" %02x", 0xff & output[k]);
+        printf("\n");
 #endif
     }
     return 0;
@@ -151,58 +152,58 @@ F(char *output, char *u_tmp1, char *u_tmp2, prf_func prf, size_t hlen,
 
 static krb5_error_code
 krb5int_pbkdf2 (prf_func prf, size_t hlen, krb5_key pass,
-		const krb5_data *salt, unsigned long count,
-		const krb5_data *output)
+                const krb5_data *salt, unsigned long count,
+                const krb5_data *output)
 {
     int l, r, i;
     char *utmp1, *utmp2;
-    char utmp3[20];		/* XXX length shouldn't be hardcoded! */
+    char utmp3[20];             /* XXX length shouldn't be hardcoded! */
 
     if (output->length == 0 || hlen == 0)
-	abort();
+        abort();
     /* Step 1 & 2.  */
     if (output->length / hlen > 0xffffffff)
-	abort();
+        abort();
     /* Step 2.  */
     l = (output->length + hlen - 1) / hlen;
     r = output->length - (l - 1) * hlen;
 
     utmp1 = /*output + dklen; */ malloc(hlen);
     if (utmp1 == NULL)
-	return ENOMEM;
+        return ENOMEM;
     utmp2 = /*utmp1 + hlen; */ malloc(salt->length + 4 + hlen);
     if (utmp2 == NULL) {
-	free(utmp1);
-	return ENOMEM;
+        free(utmp1);
+        return ENOMEM;
     }
 
     /* Step 3.  */
     for (i = 1; i <= l; i++) {
 #if 0
-	int j;
+        int j;
 #endif
-	krb5_error_code err;
-	char *out;
+        krb5_error_code err;
+        char *out;
 
-	if (i == l)
-	    out = utmp3;
-	else
-	    out = output->data + (i-1) * hlen;
-	err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
-	if (err) {
-	    free(utmp1);
-	    free(utmp2);
-	    return err;
-	}
-	if (i == l)
-	    memcpy(output->data + (i-1) * hlen, utmp3,
-		   output->length - (i-1) * hlen);
+        if (i == l)
+            out = utmp3;
+        else
+            out = output->data + (i-1) * hlen;
+        err = F(out, utmp1, utmp2, prf, hlen, pass, salt, count, i);
+        if (err) {
+            free(utmp1);
+            free(utmp2);
+            return err;
+        }
+        if (i == l)
+            memcpy(output->data + (i-1) * hlen, utmp3,
+                   output->length - (i-1) * hlen);
 
 #if 0
-	printf("after F(%d), @%p:\n", i, output->data);
-	for (j = (i-1) * hlen; j < i * hlen; j++)
-	    printf(" %02x", 0xff & output->data[j]);
-	printf ("\n");
+        printf("after F(%d), @%p:\n", i, output->data);
+        for (j = (i-1) * hlen; j < i * hlen; j++)
+            printf(" %02x", 0xff & output->data[j]);
+        printf ("\n");
 #endif
     }
     free(utmp1);
@@ -220,43 +221,48 @@ hmac_sha1(krb5_key pass, krb5_data *salt, krb5_data *out)
 {
     const struct krb5_hash_provider *h = &krb5int_hash_sha1;
     krb5_error_code err;
+    krb5_crypto_iov iov;
 
     if (debug_hmac)
-	printd(" hmac input", salt);
-    err = krb5int_hmac(h, pass, 1, salt, out);
+        printd(" hmac input", salt);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *salt;
+    err = krb5int_hmac(h, pass, &iov, 1, out);
     if (err == 0 && debug_hmac)
-	printd(" hmac output", out);
+        printd(" hmac output", out);
     return err;
 }
 
 krb5_error_code
-krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt)
+krb5int_pbkdf2_hmac_sha1(const krb5_data *out, unsigned long count,
+                         const krb5_data *pass, const krb5_data *salt)
 {
     const struct krb5_hash_provider *h = &krb5int_hash_sha1;
     krb5_keyblock keyblock;
     krb5_key key;
     char tmp[40];
     krb5_data d;
+    krb5_crypto_iov iov;
     krb5_error_code err;
 
     assert(h->hashsize <= sizeof(tmp));
     if (pass->length > h->blocksize) {
-	d.data = tmp;
-	d.length = h->hashsize;
-	err = h->hash (1, pass, &d);
-	if (err)
-	    return err;
-	keyblock.length = d.length;
-	keyblock.contents = (krb5_octet *) d.data;
+        d = make_data(tmp, h->hashsize);
+        iov.flags = KRB5_CRYPTO_TYPE_DATA;
+        iov.data = *pass;
+        err = h->hash(&iov, 1, &d);
+        if (err)
+            return err;
+        keyblock.length = d.length;
+        keyblock.contents = (krb5_octet *) d.data;
     } else {
-	keyblock.length = pass->length;
-	keyblock.contents = (krb5_octet *) pass->data;
+        keyblock.length = pass->length;
+        keyblock.contents = (krb5_octet *) pass->data;
     }
 
     err = krb5_k_create_key(NULL, &keyblock, &key);
     if (err)
-	return err;
+        return err;
 
     err = krb5int_pbkdf2(hmac_sha1, 20, key, salt, count, out);
     krb5_k_free_key(NULL, key);
diff --git a/src/lib/crypto/builtin/sha1/Makefile.in b/src/lib/crypto/builtin/sha1/Makefile.in
index 24b9ef1..ec51713 100644
--- a/src/lib/crypto/builtin/sha1/Makefile.in
+++ b/src/lib/crypto/builtin/sha1/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/builtin/sha1
 mydir=lib/crypto/builtin/sha1
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/crypto/builtin/sha1/deps b/src/lib/crypto/builtin/sha1/deps
index 39b9f9a..40fa5fa 100644
--- a/src/lib/crypto/builtin/sha1/deps
+++ b/src/lib/crypto/builtin/sha1/deps
@@ -3,11 +3,11 @@
 #
 shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h shs.c shs.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h shs.c shs.h
diff --git a/src/lib/crypto/builtin/sha1/shs.c b/src/lib/crypto/builtin/sha1/shs.c
index d9372df..f28a4fc 100644
--- a/src/lib/crypto/builtin/sha1/shs.c
+++ b/src/lib/crypto/builtin/sha1/shs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "shs.h"
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
@@ -39,7 +40,7 @@
    80-word expanded input array W, where the first 16 are copies of the input
    data, and the remaining 64 are defined by
 
-        W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
+   W[ i ] = W[ i - 16 ] ^ W[ i - 14 ] ^ W[ i - 8 ] ^ W[ i - 3 ]
 
    This implementation generates these values on the fly in a circular
    buffer - thanks to Colin Plumb, colin@nyx10.cs.du.edu for this
@@ -51,27 +52,27 @@
 
 #ifdef NEW_SHS
 #define expand(W,i) ( W[ i & 15 ] = ROTL( 1, ( W[ i & 15 ] ^ W[ (i - 14) & 15 ] ^ \
-                                                 W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
+                                               W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )))
 #else
-#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^ \
-		      W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
+#define expand(W,i) ( W[ i & 15 ] ^= W[ (i - 14) & 15 ] ^       \
+                      W[ (i - 8) & 15 ] ^ W[ (i - 3) & 15 ] )
 #endif /* NEW_SHS */
 
 /* The prototype SHS sub-round.  The fundamental sub-round is:
 
-        a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
-        b' = a;
-        c' = ROTL( 30, b );
-        d' = c;
-        e' = d;
+   a' = e + ROTL( 5, a ) + f( b, c, d ) + k + data;
+   b' = a;
+   c' = ROTL( 30, b );
+   d' = c;
+   e' = d;
 
    but this is implemented by unrolling the loop 5 times and renaming the
    variables ( e, a, b, c, d ) = ( a', b', c', d', e' ) each iteration.
    This code is then replicated 20 times for each of the 4 functions, using
    the next 20 values from the W[] array each time */
 
-#define subRound(a, b, c, d, e, f, k, data) \
-    ( e += ROTL( 5, a ) + f( b, c, d ) + k + data, \
+#define subRound(a, b, c, d, e, f, k, data)             \
+    ( e += ROTL( 5, a ) + f( b, c, d ) + k + data,      \
       e &= 0xffffffff, b = ROTL( 30, b ) )
 
 /* Initialize the SHS values */
@@ -115,25 +116,25 @@ void SHSTransform(SHS_LONG *digest, const SHS_LONG *data)
 #if defined(CONFIG_SMALL) && !defined(CONFIG_SMALL_NO_CRYPTO)
 
     {
-	int i;
-	SHS_LONG temp;
-	for (i = 0; i < 20; i++) {
-	    SHS_LONG x = (i < 16) ? eData[i] : expand(eData, i);
-	    subRound(A, B, C, D, E, f1, K1, x);
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 20; i < 40; i++) {
-	    subRound(A, B, C, D, E, f2, K2, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 40; i < 60; i++) {
-	    subRound(A, B, C, D, E, f3, K3, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
-	for (i = 60; i < 80; i++) {
-	    subRound(A, B, C, D, E, f4, K4, expand(eData, i));
-	    temp = E, E = D, D = C, C = B, B = A, A = temp;
-	}
+        int i;
+        SHS_LONG temp;
+        for (i = 0; i < 20; i++) {
+            SHS_LONG x = (i < 16) ? eData[i] : expand(eData, i);
+            subRound(A, B, C, D, E, f1, K1, x);
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 20; i < 40; i++) {
+            subRound(A, B, C, D, E, f2, K2, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 40; i < 60; i++) {
+            subRound(A, B, C, D, E, f3, K3, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
+        for (i = 60; i < 80; i++) {
+            subRound(A, B, C, D, E, f4, K4, expand(eData, i));
+            temp = E, E = D, D = C, C = B, B = A, A = temp;
+        }
     }
 
 #else
@@ -251,7 +252,7 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
     tmp = shsInfo->countLo;
     shsInfo->countLo = tmp + (((SHS_LONG) count) << 3 );
     if ((shsInfo->countLo &= 0xffffffff) < tmp)
-        shsInfo->countHi++;	/* Carry from low to high */
+        shsInfo->countHi++;     /* Carry from low to high */
     shsInfo->countHi += count >> 29;
 
     /* Get count of bytes already in data */
@@ -259,72 +260,72 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
 
     /* Handle any leading odd-sized chunks */
     if (dataCount) {
-	lp = shsInfo->data + dataCount / 4;
-	dataCount = SHS_DATASIZE - dataCount;
-	canfill = (count >= dataCount);
-
-	if (dataCount % 4) {
-	    /* Fill out a full 32 bit word first if needed -- this
-	       is not very efficient (computed shift amount),
-	       but it shouldn't happen often. */
-	    while (dataCount % 4 && count > 0) {
-		*lp |= (SHS_LONG) *buffer++ << ((--dataCount % 4) * 8);
-		count--;
-	    }
-	    lp++;
-	}
-	while (lp < shsInfo->data + 16) {
-	    if (count < 4) {
-		*lp = 0;
-		switch (count % 4) {
-		case 3:
-		    *lp |= (SHS_LONG) buffer[2] << 8;
-		case 2:
-		    *lp |= (SHS_LONG) buffer[1] << 16;
-		case 1:
-		    *lp |= (SHS_LONG) buffer[0] << 24;
-		}
-		count = 0;
-		break;		/* out of while loop */
-	    }
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	    count -= 4;
-	}
-	if (canfill) {
-	    SHSTransform(shsInfo->digest, shsInfo->data);
-	}
+        lp = shsInfo->data + dataCount / 4;
+        dataCount = SHS_DATASIZE - dataCount;
+        canfill = (count >= dataCount);
+
+        if (dataCount % 4) {
+            /* Fill out a full 32 bit word first if needed -- this
+               is not very efficient (computed shift amount),
+               but it shouldn't happen often. */
+            while (dataCount % 4 && count > 0) {
+                *lp |= (SHS_LONG) *buffer++ << ((--dataCount % 4) * 8);
+                count--;
+            }
+            lp++;
+        }
+        while (lp < shsInfo->data + 16) {
+            if (count < 4) {
+                *lp = 0;
+                switch (count % 4) {
+                case 3:
+                    *lp |= (SHS_LONG) buffer[2] << 8;
+                case 2:
+                    *lp |= (SHS_LONG) buffer[1] << 16;
+                case 1:
+                    *lp |= (SHS_LONG) buffer[0] << 24;
+                }
+                count = 0;
+                break;          /* out of while loop */
+            }
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        if (canfill) {
+            SHSTransform(shsInfo->digest, shsInfo->data);
+        }
     }
 
     /* Process data in SHS_DATASIZE chunks */
     while (count >= SHS_DATASIZE) {
-	lp = shsInfo->data;
-	while (lp < shsInfo->data + 16) {
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	}
-	SHSTransform(shsInfo->digest, shsInfo->data);
-	count -= SHS_DATASIZE;
+        lp = shsInfo->data;
+        while (lp < shsInfo->data + 16) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+        }
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        count -= SHS_DATASIZE;
     }
 
     if (count > 0) {
-	lp = shsInfo->data;
-	while (count > 4) {
-	    *lp++ = load_32_be(buffer);
-	    buffer += 4;
-	    count -= 4;
-	}
-	*lp = 0;
-	switch (count % 4) {
-	case 0:
-	    *lp |= ((SHS_LONG) buffer[3]);
-	case 3:
-	    *lp |= ((SHS_LONG) buffer[2]) << 8;
-	case 2:
-	    *lp |= ((SHS_LONG) buffer[1]) << 16;
-	case 1:
-	    *lp |= ((SHS_LONG) buffer[0]) << 24;
-	}
+        lp = shsInfo->data;
+        while (count > 4) {
+            *lp++ = load_32_be(buffer);
+            buffer += 4;
+            count -= 4;
+        }
+        *lp = 0;
+        switch (count % 4) {
+        case 0:
+            *lp |= ((SHS_LONG) buffer[3]);
+        case 3:
+            *lp |= ((SHS_LONG) buffer[2]) << 8;
+        case 2:
+            *lp |= ((SHS_LONG) buffer[1]) << 16;
+        case 1:
+            *lp |= ((SHS_LONG) buffer[0]) << 24;
+        }
     }
 }
 
@@ -345,16 +346,16 @@ void shsFinal(SHS_INFO *shsInfo)
     lp = shsInfo->data + count / 4;
     switch (count % 4) {
     case 3:
-	*lp++ |= (SHS_LONG) 0x80;
-	break;
+        *lp++ |= (SHS_LONG) 0x80;
+        break;
     case 2:
-	*lp++ |= (SHS_LONG) 0x80 << 8;
-	break;
+        *lp++ |= (SHS_LONG) 0x80 << 8;
+        break;
     case 1:
-	*lp++ |= (SHS_LONG) 0x80 << 16;
-	break;
+        *lp++ |= (SHS_LONG) 0x80 << 16;
+        break;
     case 0:
-	*lp++ = (SHS_LONG) 0x80 << 24;
+        *lp++ = (SHS_LONG) 0x80 << 24;
     }
 
     /* at this point, lp can point *past* shsInfo->data.  If it points
@@ -363,16 +364,16 @@ void shsFinal(SHS_INFO *shsInfo)
        enough room for length words */
 
     if (lp == shsInfo->data + 15)
-	*lp++ = 0;
+        *lp++ = 0;
 
     if (lp == shsInfo->data + 16) {
-	SHSTransform(shsInfo->digest, shsInfo->data);
-	lp = shsInfo->data;
+        SHSTransform(shsInfo->digest, shsInfo->data);
+        lp = shsInfo->data;
     }
 
     /* Pad out to 56 bytes */
     while (lp < shsInfo->data + 14)
-	*lp++ = 0;
+        *lp++ = 0;
 
     /* Append length in bits and transform */
     *lp++ = shsInfo->countHi;
diff --git a/src/lib/crypto/builtin/sha1/shs.h b/src/lib/crypto/builtin/sha1/shs.h
index 6dcb41b..e1872f2 100644
--- a/src/lib/crypto/builtin/sha1/shs.h
+++ b/src/lib/crypto/builtin/sha1/shs.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _SHS_DEFINED
 
 #include "k5-int.h"
@@ -6,8 +7,8 @@
 
 /* Some useful types */
 
-typedef krb5_octet	SHS_BYTE;
-typedef krb5_ui_4	SHS_LONG;
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
 
 /* Define the following to use the updated SHS implementation */
 #define NEW_SHS         /**/
@@ -20,10 +21,10 @@ typedef krb5_ui_4	SHS_LONG;
 /* The structure for storing SHS info */
 
 typedef struct {
-               SHS_LONG digest[ 5 ];            /* Message digest */
-               SHS_LONG countLo, countHi;       /* 64-bit bit count */
-               SHS_LONG data[ 16 ];             /* SHS data buffer */
-               } SHS_INFO;
+    SHS_LONG digest[ 5 ];            /* Message digest */
+    SHS_LONG countLo, countHi;       /* 64-bit bit count */
+    SHS_LONG data[ 16 ];             /* SHS data buffer */
+} SHS_INFO;
 
 /* Message digest functions (shs.c) */
 void shsInit(SHS_INFO *shsInfo);
@@ -33,13 +34,13 @@ void shsFinal(SHS_INFO *shsInfo);
 
 /* Keyed Message digest functions (hmac_sha.c) */
 krb5_error_code hmac_sha(krb5_octet *text,
-			int text_len,
-			krb5_octet *key,
-			int key_len,
-			krb5_octet *digest);
+                         int text_len,
+                         krb5_octet *key,
+                         int key_len,
+                         krb5_octet *digest);
 
 
-#define NIST_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
 
 #endif /* _SHS_DEFINED */
diff --git a/src/lib/crypto/builtin/sha1/t_shs.c b/src/lib/crypto/builtin/sha1/t_shs.c
index adcb092..08157b6 100644
--- a/src/lib/crypto/builtin/sha1/t_shs.c
+++ b/src/lib/crypto/builtin/sha1/t_shs.c
@@ -1,8 +1,9 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /****************************************************************************
-*                                                                           *
-*                               SHS Test Code                               *
-*                                                                           *
-****************************************************************************/
+ *                                                                           *
+ *                               SHS Test Code                               *
+ *                                                                           *
+ ****************************************************************************/
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -17,7 +18,7 @@ static SHS_LONG shsTestResults[][ 5 ] = {
     { 0xA9993E36L, 0x4706816AL, 0xBA3E2571L, 0x7850C26CL, 0x9CD0D89DL, },
     { 0x84983E44L, 0x1C3BD26EL, 0xBAAE4AA1L, 0xF95129E5L, 0xE54670F1L, },
     { 0x34AA973CL, 0xD4C4DAA4L, 0xF61EEB2BL, 0xDBAD2731L, 0x6534016FL, }
-    };
+};
 
 #else
 
@@ -25,30 +26,30 @@ static SHS_LONG shsTestResults[][ 5 ] = {
     { 0x0164B8A9L, 0x14CD2A5EL, 0x74C4F7FFL, 0x082C4D97L, 0xF1EDF880L },
     { 0xD2516EE1L, 0xACFA5BAFL, 0x33DFC1C4L, 0x71E43844L, 0x9EF134C8L },
     { 0x3232AFFAL, 0x48628A26L, 0x653B5AAAL, 0x44541FD9L, 0x0D690603L }
-    };
+};
 #endif /* NEW_SHS */
 
 static int compareSHSresults(shsInfo, shsTestLevel)
-SHS_INFO *shsInfo;
-int shsTestLevel;
+    SHS_INFO *shsInfo;
+    int shsTestLevel;
 {
     int i, fail = 0;
 
     /* Compare the returned digest and required values */
     for( i = 0; i < 5; i++ )
         if( shsInfo->digest[ i ] != shsTestResults[ shsTestLevel ][ i ] )
-	    fail = 1;
+            fail = 1;
     if (fail) {
-	printf("\nExpected: ");
-	for (i = 0; i < 5; i++) {
-	    printf("%8.8lx ", (unsigned long) shsTestResults[shsTestLevel][i]);
-	}
-	printf("\nGot:      ");
-	for (i = 0; i < 5; i++) {
-	    printf("%8.8lx ", (unsigned long) shsInfo->digest[i]);
-	}
-	printf("\n");
-	return( -1 );
+        printf("\nExpected: ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsTestResults[shsTestLevel][i]);
+        }
+        printf("\nGot:      ");
+        for (i = 0; i < 5; i++) {
+            printf("%8.8lx ", (unsigned long) shsInfo->digest[i]);
+        }
+        printf("\n");
+        return( -1 );
     }
     return( 0 );
 }
@@ -75,11 +76,11 @@ main()
     shsUpdate( &shsInfo, ( SHS_BYTE * ) "abc", 3 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 0 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 1 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= A9993E364706816ABA3E25717850C26C9CD0D89D" );
 #else
@@ -91,11 +92,11 @@ main()
     shsUpdate( &shsInfo, ( SHS_BYTE * ) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 56 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 1 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 2 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= 84983E441C3BD26EBAAE4AA1F95129E5E54670F1" );
 #else
@@ -108,11 +109,11 @@ main()
         shsUpdate( &shsInfo, ( SHS_BYTE * ) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 64 );
     shsFinal( &shsInfo );
     if( compareSHSresults( &shsInfo, 2 ) == -1 )
-        {
+    {
         putchar( '\n' );
         puts( "SHS test 3 failed" );
         exit( -1 );
-        }
+    }
 #ifdef NEW_SHS
     puts( "passed, result= 34AA973CD4C4DAA4F61EEB2BDBAD27316534016F" );
 #else
diff --git a/src/lib/crypto/builtin/sha1/t_shs3.c b/src/lib/crypto/builtin/sha1/t_shs3.c
index cf9787e..d05ac6d 100644
--- a/src/lib/crypto/builtin/sha1/t_shs3.c
+++ b/src/lib/crypto/builtin/sha1/t_shs3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* test shs code */
 
 #include <stdio.h>
@@ -28,23 +29,23 @@ static void longReverse( SHS_LONG *buffer, int byteCount )
 
     switch (init) {
     case 0:
-	init=1;
-	cp = (char *) &init;
-	if (*cp == 1) {
-	    init=2;
-	    break;
-	}
-	init=1;
-	/* fall through - MSB */
+        init=1;
+        cp = (char *) &init;
+        if (*cp == 1) {
+            init=2;
+            break;
+        }
+        init=1;
+        /* fall through - MSB */
     case 1:
-	return;
+        return;
     }
 
     byteCount /= sizeof( SHS_LONG );
     while( byteCount-- ) {
         value = *buffer;
         value = ( ( value & 0xFF00FF00L ) >> 8  ) |
-                ( ( value & 0x00FF00FFL ) << 8 );
+            ( ( value & 0x00FF00FFL ) << 8 );
         *buffer++ = ( value << 16 ) | ( value >> 16 );
     }
 }
@@ -55,538 +56,538 @@ int Dflag;
 
 int
 main(argc,argv)
-	char **argv;
+    char **argv;
 {
-	char *argp;
-
-	while (--argc > 0) if (*(argp = *++argv)=='-')
-	while (*++argp) switch(*argp)
-	{
-	case '1':
-	case '2':
-	case '3':
-	case '4':
-	case '5':
-	case '6':
-	case '7':
-		if (mode) goto Usage;
-		mode = *argp;
-		break;
-	case 'D':
-		if (argc <= 1) goto Usage;
-		--argc;
-		Dflag = atoi(*++argv);
-		break;
-	case '-':
-		break;
-	default:
-		fprintf (stderr,"Bad switch char <%c>\n", *argp);
-	Usage:
-		fprintf(stderr, "Usage: t_shs [-1234567] [-D #]\n");
-		exit(1);
-	}
-	else goto Usage;
-
-	process();
-	exit(rc);
+    char *argp;
+
+    while (--argc > 0) if (*(argp = *++argv)=='-')
+                           while (*++argp) switch(*argp)
+                                           {
+                                           case '1':
+                                           case '2':
+                                           case '3':
+                                           case '4':
+                                           case '5':
+                                           case '6':
+                                           case '7':
+                                               if (mode) goto Usage;
+                                               mode = *argp;
+                                               break;
+                                           case 'D':
+                                               if (argc <= 1) goto Usage;
+                                               --argc;
+                                               Dflag = atoi(*++argv);
+                                               break;
+                                           case '-':
+                                               break;
+                                           default:
+                                               fprintf (stderr,"Bad switch char <%c>\n", *argp);
+                                           Usage:
+                                               fprintf(stderr, "Usage: t_shs [-1234567] [-D #]\n");
+                                               exit(1);
+                                           }
+        else goto Usage;
+
+    process();
+    exit(rc);
 }
 
 static void process(void)
 {
-	switch(mode)
-	{
-	case '1':
-		test1();
-		break;
-	case '2':
-		test2();
-		break;
-	case '3':
-		test3();
-		break;
-	case '4':
-		test4();
-		break;
-	case '5':
-		test5();
-		break;
-	case '6':
-		test6();
-		break;
-	case '7':
-		test7();
-		break;
-	default:
-		test1();
-		test2();
-		test3();
-		test4();
-		test5();
-		test6();
-		test7();
-	}
+    switch(mode)
+    {
+    case '1':
+        test1();
+        break;
+    case '2':
+        test2();
+        break;
+    case '3':
+        test3();
+        break;
+    case '4':
+        test4();
+        break;
+    case '5':
+        test5();
+        break;
+    case '6':
+        test6();
+        break;
+    case '7':
+        test7();
+        break;
+    default:
+        test1();
+        test2();
+        test3();
+        test4();
+        test5();
+        test6();
+        test7();
+    }
 }
 
 #ifndef shsDigest
 static unsigned char *
 shsDigest(si)
-	SHS_INFO *si;
+    SHS_INFO *si;
 {
-	longReverse(si->digest, SHS_DIGESTSIZE);
-	return (unsigned char*) si->digest;
+    longReverse(si->digest, SHS_DIGESTSIZE);
+    return (unsigned char*) si->digest;
 }
 #endif
 
 unsigned char results1[SHS_DIGESTSIZE] = {
-0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
-0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d};
+    0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
+    0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d};
 
 static void test1(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 1 ...\n");
-	shsInit(si);
-	shsUpdate(si, (SHS_BYTE *) "abc", 3);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results1, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 1 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results1[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 1 ...\n");
+    shsInit(si);
+    shsUpdate(si, (SHS_BYTE *) "abc", 3);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results1, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 1 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results1[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results2[SHS_DIGESTSIZE] = {
-0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
-0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1};
+    0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
+    0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1};
 
 static void test2(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 2 ...\n");
-	shsInit(si);
-	shsUpdate(si,
-	(SHS_BYTE *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
-		56);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results2, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 2 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results2[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 2 ...\n");
+    shsInit(si);
+    shsUpdate(si,
+              (SHS_BYTE *) "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+              56);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results2, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 2 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results2[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results3[SHS_DIGESTSIZE] = {
-0x34,0xaa,0x97,0x3c,0xd4,0xc4,0xda,0xa4,0xf6,0x1e,
-0xeb,0x2b,0xdb,0xad,0x27,0x31,0x65,0x34,0x01,0x6f};
+    0x34,0xaa,0x97,0x3c,0xd4,0xc4,0xda,0xa4,0xf6,0x1e,
+    0xeb,0x2b,0xdb,0xad,0x27,0x31,0x65,0x34,0x01,0x6f};
 
 static void test3(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 3 ...\n");
-	shsInit(si);
-	for (i = 0; i < 15625; ++i)
-		shsUpdate(si,
-(SHS_BYTE *) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-			64);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results3, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 3 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results3[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 3 ...\n");
+    shsInit(si);
+    for (i = 0; i < 15625; ++i)
+        shsUpdate(si,
+                  (SHS_BYTE *) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+                  64);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results3, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 3 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results3[i]);
+    }
+    printf("\n");
 }
 
 unsigned char randdata[] = {
-0xfe,0x28,0x79,0x25,0xf5,0x03,0xf9,0x1c,0xcd,0x70,0x7b,0xb0,0x42,0x02,0xb8,0x2f,
-0xf3,0x63,0xa2,0x79,0x8e,0x9b,0x33,0xd7,0x2b,0xc4,0xb4,0xd2,0xcb,0x61,0xec,0xbb,
-0x94,0xe1,0x8f,0x53,0x80,0x55,0xd9,0x90,0xb2,0x03,0x58,0xfa,0xa6,0xe5,0x18,0x57,
-0x68,0x04,0x24,0x98,0x41,0x7e,0x84,0xeb,0xc1,0x39,0xbc,0x1d,0xf7,0x4e,0x92,0x72,
-0x1a,0x5b,0xb6,0x99,0x43,0xa5,0x0a,0x45,0x73,0x55,0xfd,0x57,0x83,0x45,0x36,0x5c,
-0xfd,0x39,0x08,0x6e,0xe2,0x01,0x9a,0x8c,0x4e,0x39,0xd2,0x0d,0x5f,0x0e,0x35,0x15,
-0xb9,0xac,0x5f,0xa1,0x8a,0xe6,0xdd,0x6e,0x68,0x9d,0xf6,0x29,0x95,0xf6,0x7d,0x7b,
-0xd9,0x5e,0xf4,0x67,0x25,0xbd,0xee,0xed,0x53,0x60,0xb0,0x47,0xdf,0xef,0xf4,0x41,
-0xbd,0x45,0xcf,0x5c,0x93,0x41,0x87,0x97,0x82,0x39,0x20,0x66,0xb4,0xda,0xcb,0x66,
-0x93,0x02,0x2e,0x7f,0x94,0x4c,0xc7,0x3b,0x2c,0xcf,0xf6,0x99,0x6f,0x13,0xf1,0xc5,
-0x28,0x2b,0xa6,0x6c,0x39,0x26,0x7f,0x76,0x24,0x4a,0x6e,0x01,0x40,0x63,0xf8,0x00,
-0x06,0x23,0x5a,0xaa,0xa6,0x2f,0xd1,0x37,0xc7,0xcc,0x76,0xe9,0x54,0x1e,0x57,0x73,
-0xf5,0x33,0xaa,0x96,0xbe,0x35,0xcd,0x1d,0xd5,0x7d,0xac,0x50,0xd5,0xf8,0x47,0x2d,
-0xd6,0x93,0x5f,0x6e,0x38,0xd3,0xac,0xd0,0x7e,0xad,0x9e,0xf8,0x87,0x95,0x63,0x15,
-0x65,0xa3,0xd4,0xb3,0x9a,0x6c,0xac,0xcd,0x2a,0x54,0x83,0x13,0xc4,0xb4,0x94,0xfa,
-0x76,0x87,0xc5,0x8b,0x4a,0x10,0x92,0x05,0xd1,0x0e,0x97,0xfd,0xc8,0xfb,0xc5,0xdc,
-0x21,0x4c,0xc8,0x77,0x5c,0xed,0x32,0x22,0x77,0xc1,0x38,0x30,0xd7,0x8e,0x2a,0x70,
-0x72,0x67,0x13,0xe4,0xb7,0x18,0xd4,0x76,0xdd,0x32,0x12,0xf4,0x5d,0xc9,0xec,0xc1,
-0x2c,0x8a,0xfe,0x08,0x6c,0xea,0xf6,0xab,0x5a,0x0e,0x8e,0x81,0x1d,0xc8,0x5a,0x4b,
-0xed,0xb9,0x7f,0x4b,0x67,0xe3,0x65,0x46,0xc9,0xf2,0xab,0x37,0x0a,0x98,0x67,0x5b,
-0xb1,0x3b,0x02,0x91,0x38,0x71,0xea,0x62,0x88,0xae,0xb6,0xdb,0xfc,0x55,0x79,0x33,
-0x69,0x95,0x51,0xb6,0xe1,0x3b,0xab,0x22,0x68,0x54,0xf9,0x89,0x9c,0x94,0xe0,0xe3,
-0xd3,0x48,0x5c,0xe9,0x78,0x5b,0xb3,0x4b,0xba,0xd8,0x48,0xd8,0xaf,0x91,0x4e,0x23,
-0x38,0x23,0x23,0x6c,0xdf,0x2e,0xf0,0xff,0xac,0x1d,0x2d,0x27,0x10,0x45,0xa3,0x2d,
-0x8b,0x00,0xcd,0xe2,0xfc,0xb7,0xdb,0x52,0x13,0xb7,0x66,0x79,0xd9,0xd8,0x29,0x0e,
-0x32,0xbd,0x52,0x6b,0x75,0x71,0x08,0x83,0x1b,0x67,0x28,0x93,0x97,0x97,0x32,0xff,
-0x8b,0xd3,0x98,0xa3,0xce,0x2b,0x88,0x37,0x1c,0xcc,0xa0,0xd1,0x19,0x9b,0xe6,0x11,
-0xfc,0xc0,0x3c,0x4e,0xe1,0x35,0x49,0x29,0x19,0xcf,0x1d,0xe1,0x60,0x74,0xc0,0xe9,
-0xf7,0xb4,0x99,0xa0,0x23,0x50,0x51,0x78,0xcf,0xc0,0xe5,0xc2,0x1c,0x16,0xd2,0x24,
-0x5a,0x63,0x54,0x83,0xaa,0x74,0x3d,0x41,0x0d,0x52,0xee,0xfe,0x0f,0x4d,0x13,0xe1,
-0x27,0x00,0xc4,0xf3,0x2b,0x55,0xe0,0x9c,0x81,0xe0,0xfc,0xc2,0x13,0xd4,0x39,0x09
+    0xfe,0x28,0x79,0x25,0xf5,0x03,0xf9,0x1c,0xcd,0x70,0x7b,0xb0,0x42,0x02,0xb8,0x2f,
+    0xf3,0x63,0xa2,0x79,0x8e,0x9b,0x33,0xd7,0x2b,0xc4,0xb4,0xd2,0xcb,0x61,0xec,0xbb,
+    0x94,0xe1,0x8f,0x53,0x80,0x55,0xd9,0x90,0xb2,0x03,0x58,0xfa,0xa6,0xe5,0x18,0x57,
+    0x68,0x04,0x24,0x98,0x41,0x7e,0x84,0xeb,0xc1,0x39,0xbc,0x1d,0xf7,0x4e,0x92,0x72,
+    0x1a,0x5b,0xb6,0x99,0x43,0xa5,0x0a,0x45,0x73,0x55,0xfd,0x57,0x83,0x45,0x36,0x5c,
+    0xfd,0x39,0x08,0x6e,0xe2,0x01,0x9a,0x8c,0x4e,0x39,0xd2,0x0d,0x5f,0x0e,0x35,0x15,
+    0xb9,0xac,0x5f,0xa1,0x8a,0xe6,0xdd,0x6e,0x68,0x9d,0xf6,0x29,0x95,0xf6,0x7d,0x7b,
+    0xd9,0x5e,0xf4,0x67,0x25,0xbd,0xee,0xed,0x53,0x60,0xb0,0x47,0xdf,0xef,0xf4,0x41,
+    0xbd,0x45,0xcf,0x5c,0x93,0x41,0x87,0x97,0x82,0x39,0x20,0x66,0xb4,0xda,0xcb,0x66,
+    0x93,0x02,0x2e,0x7f,0x94,0x4c,0xc7,0x3b,0x2c,0xcf,0xf6,0x99,0x6f,0x13,0xf1,0xc5,
+    0x28,0x2b,0xa6,0x6c,0x39,0x26,0x7f,0x76,0x24,0x4a,0x6e,0x01,0x40,0x63,0xf8,0x00,
+    0x06,0x23,0x5a,0xaa,0xa6,0x2f,0xd1,0x37,0xc7,0xcc,0x76,0xe9,0x54,0x1e,0x57,0x73,
+    0xf5,0x33,0xaa,0x96,0xbe,0x35,0xcd,0x1d,0xd5,0x7d,0xac,0x50,0xd5,0xf8,0x47,0x2d,
+    0xd6,0x93,0x5f,0x6e,0x38,0xd3,0xac,0xd0,0x7e,0xad,0x9e,0xf8,0x87,0x95,0x63,0x15,
+    0x65,0xa3,0xd4,0xb3,0x9a,0x6c,0xac,0xcd,0x2a,0x54,0x83,0x13,0xc4,0xb4,0x94,0xfa,
+    0x76,0x87,0xc5,0x8b,0x4a,0x10,0x92,0x05,0xd1,0x0e,0x97,0xfd,0xc8,0xfb,0xc5,0xdc,
+    0x21,0x4c,0xc8,0x77,0x5c,0xed,0x32,0x22,0x77,0xc1,0x38,0x30,0xd7,0x8e,0x2a,0x70,
+    0x72,0x67,0x13,0xe4,0xb7,0x18,0xd4,0x76,0xdd,0x32,0x12,0xf4,0x5d,0xc9,0xec,0xc1,
+    0x2c,0x8a,0xfe,0x08,0x6c,0xea,0xf6,0xab,0x5a,0x0e,0x8e,0x81,0x1d,0xc8,0x5a,0x4b,
+    0xed,0xb9,0x7f,0x4b,0x67,0xe3,0x65,0x46,0xc9,0xf2,0xab,0x37,0x0a,0x98,0x67,0x5b,
+    0xb1,0x3b,0x02,0x91,0x38,0x71,0xea,0x62,0x88,0xae,0xb6,0xdb,0xfc,0x55,0x79,0x33,
+    0x69,0x95,0x51,0xb6,0xe1,0x3b,0xab,0x22,0x68,0x54,0xf9,0x89,0x9c,0x94,0xe0,0xe3,
+    0xd3,0x48,0x5c,0xe9,0x78,0x5b,0xb3,0x4b,0xba,0xd8,0x48,0xd8,0xaf,0x91,0x4e,0x23,
+    0x38,0x23,0x23,0x6c,0xdf,0x2e,0xf0,0xff,0xac,0x1d,0x2d,0x27,0x10,0x45,0xa3,0x2d,
+    0x8b,0x00,0xcd,0xe2,0xfc,0xb7,0xdb,0x52,0x13,0xb7,0x66,0x79,0xd9,0xd8,0x29,0x0e,
+    0x32,0xbd,0x52,0x6b,0x75,0x71,0x08,0x83,0x1b,0x67,0x28,0x93,0x97,0x97,0x32,0xff,
+    0x8b,0xd3,0x98,0xa3,0xce,0x2b,0x88,0x37,0x1c,0xcc,0xa0,0xd1,0x19,0x9b,0xe6,0x11,
+    0xfc,0xc0,0x3c,0x4e,0xe1,0x35,0x49,0x29,0x19,0xcf,0x1d,0xe1,0x60,0x74,0xc0,0xe9,
+    0xf7,0xb4,0x99,0xa0,0x23,0x50,0x51,0x78,0xcf,0xc0,0xe5,0xc2,0x1c,0x16,0xd2,0x24,
+    0x5a,0x63,0x54,0x83,0xaa,0x74,0x3d,0x41,0x0d,0x52,0xee,0xfe,0x0f,0x4d,0x13,0xe1,
+    0x27,0x00,0xc4,0xf3,0x2b,0x55,0xe0,0x9c,0x81,0xe0,0xfc,0xc2,0x13,0xd4,0x39,0x09
 };
 
 unsigned char results4[SHS_DIGESTSIZE] = {
-0x13,0x62,0xfc,0x87,0x68,0x33,0xd5,0x1d,0x2f,0x0c,
-0x73,0xe3,0xfb,0x87,0x6a,0x6b,0xc3,0x25,0x54,0xfc};
+    0x13,0x62,0xfc,0x87,0x68,0x33,0xd5,0x1d,0x2f,0x0c,
+    0x73,0xe3,0xfb,0x87,0x6a,0x6b,0xc3,0x25,0x54,0xfc};
 
 static void test4(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 4 ...\n");
-	shsInit(si);
-	shsUpdate(si, randdata, 19);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results4, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 4 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results4[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 4 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results4, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 4 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results4[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results5[SHS_DIGESTSIZE] = {
-0x19,0x4d,0xf6,0xeb,0x8e,0x02,0x6d,0x37,0x58,0x64,
-0xe5,0x95,0x19,0x2a,0xdd,0x1c,0xc4,0x3c,0x24,0x86};
+    0x19,0x4d,0xf6,0xeb,0x8e,0x02,0x6d,0x37,0x58,0x64,
+    0xe5,0x95,0x19,0x2a,0xdd,0x1c,0xc4,0x3c,0x24,0x86};
 
 static void test5(void)
 {
-	SHS_INFO si[1];
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	int i;
-
-	printf("Running SHS test 5 ...\n");
-	shsInit(si);
-	shsUpdate(si, randdata, 19);
-	shsUpdate(si, randdata+32, 15);
-	shsFinal(si);
-	memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results5, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 5 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results5[i]);
-	}
-	printf("\n");
+    SHS_INFO si[1];
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    int i;
+
+    printf("Running SHS test 5 ...\n");
+    shsInit(si);
+    shsUpdate(si, randdata, 19);
+    shsUpdate(si, randdata+32, 15);
+    shsFinal(si);
+    memcpy(digest, shsDigest(si), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results5, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 5 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results5[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results6[SHS_DIGESTSIZE] = {
-0x4e,0x16,0x57,0x9d,0x4b,0x48,0xa9,0x1c,0x88,0x72,
-0x83,0xdb,0x88,0xd1,0xea,0x3a,0x45,0xdf,0xa1,0x10};
+    0x4e,0x16,0x57,0x9d,0x4b,0x48,0xa9,0x1c,0x88,0x72,
+    0x83,0xdb,0x88,0xd1,0xea,0x3a,0x45,0xdf,0xa1,0x10};
 
 static void test6(void)
 {
-	struct {
-		long pad1;
-		SHS_INFO si1;
-		long pad2;
-		SHS_INFO si2;
-		long pad3;
-	} sdata;
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	unsigned int i, j;
-
-	printf("Running SHS test 6 ...\n");
-	sdata.pad1 = 0x12345678;
-	sdata.pad2 = 0x87654321;
-	sdata.pad3 = 0x78563412;
-	shsInit((&sdata.si2));
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #20 %#lx\n",
-sdata.pad2);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #21 %#lx\n",
-sdata.pad3);
-sdata.pad3 = 0x78563412;
-}
-	for (i = 0; i < 400; ++i)
-	{
-		shsInit(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #22 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #23 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		shsUpdate(&sdata.si1, (randdata+sizeof(randdata))-i, i);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #24 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #25 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		shsFinal(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #26 %#lx at %d\n",
-sdata.pad1, i);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #27 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-		memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
-		if (Dflag & 1)
-		{
-			printf ("%d: ", i);
-			for (j = 0; j < SHS_DIGESTSIZE; ++j)
-				printf("%02x",digest[j]);
-			printf("\n");
-		}
-		shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #28 %#lx at %d\n",
-sdata.pad2, i);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #29 %#lx at %d\n",
-sdata.pad3, i);
-sdata.pad3 = 0x78563412;
-}
-		if (Dflag & 2)
-			printf ("%d: %08lx%08lx%08lx%08lx%08lx\n",
-				i,
-				(unsigned long) sdata.si2.digest[0],
-				(unsigned long) sdata.si2.digest[1],
-				(unsigned long) sdata.si2.digest[2],
-				(unsigned long) sdata.si2.digest[3],
-				(unsigned long) sdata.si2.digest[4]);
-	}
-	shsFinal((&sdata.si2));
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #30 %#lx\n",
-sdata.pad2);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #31 %#lx\n",
-sdata.pad3);
-sdata.pad3 = 0x78563412;
-}
-	memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results6, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 6 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results6[i]);
-	}
-	printf("\n");
+    struct {
+        long pad1;
+        SHS_INFO si1;
+        long pad2;
+        SHS_INFO si2;
+        long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j;
+
+    printf("Running SHS test 6 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #20 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #21 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    for (i = 0; i < 400; ++i)
+    {
+        shsInit(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #22 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #23 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsUpdate(&sdata.si1, (randdata+sizeof(randdata))-i, i);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #24 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #25 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        shsFinal(&sdata.si1);
+        if (sdata.pad1 != 0x12345678) {
+            printf ("Overrun #26 %#lx at %d\n",
+                    sdata.pad1, i);
+            sdata.pad1 = 0x12345678;
+        }
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #27 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+        if (Dflag & 1)
+        {
+            printf ("%d: ", i);
+            for (j = 0; j < SHS_DIGESTSIZE; ++j)
+                printf("%02x",digest[j]);
+            printf("\n");
+        }
+        shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+        if (sdata.pad2 != 0x87654321) {
+            printf ("Overrun #28 %#lx at %d\n",
+                    sdata.pad2, i);
+            sdata.pad2 = 0x87654321;
+        }
+        if (sdata.pad3 != 0x78563412) {
+            printf ("Overrun #29 %#lx at %d\n",
+                    sdata.pad3, i);
+            sdata.pad3 = 0x78563412;
+        }
+        if (Dflag & 2)
+            printf ("%d: %08lx%08lx%08lx%08lx%08lx\n",
+                    i,
+                    (unsigned long) sdata.si2.digest[0],
+                    (unsigned long) sdata.si2.digest[1],
+                    (unsigned long) sdata.si2.digest[2],
+                    (unsigned long) sdata.si2.digest[3],
+                    (unsigned long) sdata.si2.digest[4]);
+    }
+    shsFinal((&sdata.si2));
+    if (sdata.pad2 != 0x87654321) {
+        printf ("Overrun #30 %#lx\n",
+                sdata.pad2);
+        sdata.pad2 = 0x87654321;
+    }
+    if (sdata.pad3 != 0x78563412) {
+        printf ("Overrun #31 %#lx\n",
+                sdata.pad3);
+        sdata.pad3 = 0x78563412;
+    }
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results6, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 6 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results6[i]);
+    }
+    printf("\n");
 }
 
 unsigned char results7[SHS_DIGESTSIZE] = {
-0x89,0x41,0x65,0xce,0x76,0xc1,0xd1,0xd1,0xc3,0x6f,
-0xab,0x92,0x79,0x30,0x01,0x71,0x63,0x1f,0x74,0xfe};
+    0x89,0x41,0x65,0xce,0x76,0xc1,0xd1,0xd1,0xc3,0x6f,
+    0xab,0x92,0x79,0x30,0x01,0x71,0x63,0x1f,0x74,0xfe};
 
 unsigned int jfsize[] = {0,1,31,32,
-	33,55,56,63,
-	64,65,71,72,
-	73,95,96,97,
-	119,120,123,127};
+                         33,55,56,63,
+                         64,65,71,72,
+                         73,95,96,97,
+                         119,120,123,127};
 unsigned int kfsize[] = {0,1,31,32,33,55,56,63};
 
 static void test7(void)
 {
-	struct {
-		long pad1;
-		SHS_INFO si1;
-		long pad2;
-		SHS_INFO si2;
-		long pad3;
-	} sdata;
-	unsigned char digest[SHS_DIGESTSIZE];
-	int failed;
-	unsigned int i, j, k, l;
-
-	printf("Running SHS test 7 ...\n");
-	sdata.pad1 = 0x12345678;
-	sdata.pad2 = 0x87654321;
-	sdata.pad3 = 0x78563412;
-	shsInit((&sdata.si2));
-	for (i = 1; i <= 128; ++i)
-	for (j = 0; j < 20; ++j)
-	for (k = 0; k < 8; ++k)
-	{
-		shsInit(&sdata.si1);
-		shsUpdate(&sdata.si1, (randdata+80+j), i);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #1 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #2 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		shsUpdate(&sdata.si1, randdata+i, jfsize[j]);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #3 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #4 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		if (k) shsUpdate(&sdata.si1, randdata+(i^j), kfsize[k]);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #5 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #6 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		shsFinal(&sdata.si1);
-if (sdata.pad1 != 0x12345678) {
-printf ("Overrun #7 %#lx at %d,%d,%d\n",
-sdata.pad1, i,j,k);
-sdata.pad1 = 0x12345678;
-}
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #8 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-		memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
-		if (Dflag & 1)
-		{
-			printf ("%d,%d,%d: ", i, j, k);
-			for (l = 0; l < SHS_DIGESTSIZE; ++l)
-				printf("%02x",digest[l]);
-			printf("\n");
-		}
-		shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
-if (sdata.pad2 != 0x87654321) {
-printf ("Overrun #9 %#lx at %d,%d,%d\n",
-sdata.pad2, i,j,k);
-sdata.pad2 = 0x87654321;
-}
-if (sdata.pad3 != 0x78563412) {
-printf ("Overrun #10 %#lx at %d,%d,%d\n",
-sdata.pad3, i,j,k);
-sdata.pad3 = 0x78563412;
-}
-		if (Dflag & 2)
-			printf ("%d,%d,%d: %08lx%08lx%08lx%08lx%08lx\n",
-				i,j,k,
-				(unsigned long) sdata.si2.digest[0],
-				(unsigned long) sdata.si2.digest[1],
-				(unsigned long) sdata.si2.digest[2],
-				(unsigned long) sdata.si2.digest[3],
-				(unsigned long) sdata.si2.digest[4]);
-	}
-	shsFinal((&sdata.si2));
-	memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
-	if ((failed = memcmp(digest, results7, SHS_DIGESTSIZE)) != 0)
-	{
-		fprintf(stderr,"SHS test 7 failed!\n");
-		rc = 1;
-	}
-	printf ("%s, results = ", failed ? "Failed" : "Passed");
-	for (i = 0; i < SHS_DIGESTSIZE; ++i)
-		printf("%02x",digest[i]);
-	if (failed)
-	{
-		printf ("\n, expected ");
-		for (i = 0; i < SHS_DIGESTSIZE; ++i)
-			printf("%02x",results7[i]);
-	}
-	printf("\n");
+    struct {
+        long pad1;
+        SHS_INFO si1;
+        long pad2;
+        SHS_INFO si2;
+        long pad3;
+    } sdata;
+    unsigned char digest[SHS_DIGESTSIZE];
+    int failed;
+    unsigned int i, j, k, l;
+
+    printf("Running SHS test 7 ...\n");
+    sdata.pad1 = 0x12345678;
+    sdata.pad2 = 0x87654321;
+    sdata.pad3 = 0x78563412;
+    shsInit((&sdata.si2));
+    for (i = 1; i <= 128; ++i)
+        for (j = 0; j < 20; ++j)
+            for (k = 0; k < 8; ++k)
+            {
+                shsInit(&sdata.si1);
+                shsUpdate(&sdata.si1, (randdata+80+j), i);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #1 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #2 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsUpdate(&sdata.si1, randdata+i, jfsize[j]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #3 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #4 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (k) shsUpdate(&sdata.si1, randdata+(i^j), kfsize[k]);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #5 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #6 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                shsFinal(&sdata.si1);
+                if (sdata.pad1 != 0x12345678) {
+                    printf ("Overrun #7 %#lx at %d,%d,%d\n",
+                            sdata.pad1, i,j,k);
+                    sdata.pad1 = 0x12345678;
+                }
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #8 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                memcpy(digest, shsDigest(&sdata.si1), SHS_DIGESTSIZE);
+                if (Dflag & 1)
+                {
+                    printf ("%d,%d,%d: ", i, j, k);
+                    for (l = 0; l < SHS_DIGESTSIZE; ++l)
+                        printf("%02x",digest[l]);
+                    printf("\n");
+                }
+                shsUpdate((&sdata.si2), digest, SHS_DIGESTSIZE);
+                if (sdata.pad2 != 0x87654321) {
+                    printf ("Overrun #9 %#lx at %d,%d,%d\n",
+                            sdata.pad2, i,j,k);
+                    sdata.pad2 = 0x87654321;
+                }
+                if (sdata.pad3 != 0x78563412) {
+                    printf ("Overrun #10 %#lx at %d,%d,%d\n",
+                            sdata.pad3, i,j,k);
+                    sdata.pad3 = 0x78563412;
+                }
+                if (Dflag & 2)
+                    printf ("%d,%d,%d: %08lx%08lx%08lx%08lx%08lx\n",
+                            i,j,k,
+                            (unsigned long) sdata.si2.digest[0],
+                            (unsigned long) sdata.si2.digest[1],
+                            (unsigned long) sdata.si2.digest[2],
+                            (unsigned long) sdata.si2.digest[3],
+                            (unsigned long) sdata.si2.digest[4]);
+            }
+    shsFinal((&sdata.si2));
+    memcpy(digest, shsDigest((&sdata.si2)), SHS_DIGESTSIZE);
+    if ((failed = memcmp(digest, results7, SHS_DIGESTSIZE)) != 0)
+    {
+        fprintf(stderr,"SHS test 7 failed!\n");
+        rc = 1;
+    }
+    printf ("%s, results = ", failed ? "Failed" : "Passed");
+    for (i = 0; i < SHS_DIGESTSIZE; ++i)
+        printf("%02x",digest[i]);
+    if (failed)
+    {
+        printf ("\n, expected ");
+        for (i = 0; i < SHS_DIGESTSIZE; ++i)
+            printf("%02x",results7[i]);
+    }
+    printf("\n");
 }
diff --git a/src/lib/crypto/builtin/t_cf2.c b/src/lib/crypto/builtin/t_cf2.c
index 0c968ea..550192c 100644
--- a/src/lib/crypto/builtin/t_cf2.c
+++ b/src/lib/crypto/builtin/t_cf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_cf2.c
  *
@@ -42,47 +43,47 @@
 #include <string.h>
 
 int main () {
-  char pepper1[1024], pepper2[1024];
-  krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL;
-  krb5_data s2k;
-  unsigned int i;
-  while (1) {
-    krb5_enctype enctype;
-    char s[1025];
+    char pepper1[1024], pepper2[1024];
+    krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL;
+    krb5_data s2k;
+    unsigned int i;
+    while (1) {
+        krb5_enctype enctype;
+        char s[1025];
 
-    if (scanf( "%d", &enctype) == EOF)
-      break;
-    if (scanf("%1024s", &s[0]) == EOF)
-      break;
-    assert (krb5_init_keyblock(0, enctype, 0, &k1) == 0);
-    s2k.data = &s[0];
-    s2k.length = strlen(s);
-    assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1) == 0);
-    if (scanf("%1024s", &s[0]) == EOF)
-      break;
-    assert (krb5_init_keyblock(0, enctype, 0, &k2) == 0);
-    s2k.data = &s[0];
-    s2k.length = strlen(s);
-    assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2) == 0);
-    if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
-      break;
-    assert(krb5_c_fx_cf2_simple(0, k1, pepper1,
-				k2, pepper2, &out) ==0);
-    i = out->length;
-    for (; i > 0; i--) {
-      printf ("%02x",
-	      (unsigned int) ((unsigned char) out->contents[out->length-i]));
-    }
-    printf ("\n");
+        if (scanf( "%d", &enctype) == EOF)
+            break;
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &k1) == 0);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k1) == 0);
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &k2) == 0);
+        s2k.data = &s[0];
+        s2k.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &s2k, &s2k, k2) == 0);
+        if (scanf("%1024s %1024s", pepper1, pepper2) == EOF)
+            break;
+        assert(krb5_c_fx_cf2_simple(0, k1, pepper1,
+                                    k2, pepper2, &out) ==0);
+        i = out->length;
+        for (; i > 0; i--) {
+            printf ("%02x",
+                    (unsigned int) ((unsigned char) out->contents[out->length-i]));
+        }
+        printf ("\n");
 
-    krb5_free_keyblock(0,out);
-    out = NULL;
+        krb5_free_keyblock(0,out);
+        out = NULL;
 
-    krb5_free_keyblock(0, k1);
-    k1 = NULL;
-    krb5_free_keyblock(0, k2);
-    k2 =  NULL;
-  }
+        krb5_free_keyblock(0, k1);
+        k1 = NULL;
+        krb5_free_keyblock(0, k2);
+        k2 =  NULL;
+    }
 
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/builtin/yhash.h b/src/lib/crypto/builtin/yhash.h
index ce78c56..dcb8769 100644
--- a/src/lib/crypto/builtin/yhash.h
+++ b/src/lib/crypto/builtin/yhash.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YHASH_H
 #define YHASH_H
@@ -14,14 +14,14 @@
 #define HASH_CTX SHS_INFO
 #define HASH_Init(x) shsInit(x)
 #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
-#define HASH_Final(x, tdigest)  do { \
-  size_t loopvar; \
-  unsigned char *out2 = (void *)(tdigest); \
-  HASH_CTX  *ctx = (x); \
-  shsFinal(ctx); \
-  for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \
-    store_32_be(ctx->digest[loopvar], &out2[loopvar*4]); \
-  } while(0)
+#define HASH_Final(x, tdigest)  do {                                    \
+        size_t loopvar;                                                 \
+        unsigned char *out2 = (void *)(tdigest);                        \
+        HASH_CTX  *ctx = (x);                                           \
+        shsFinal(ctx);                                                  \
+        for (loopvar=0; loopvar<(sizeof(ctx->digest)/sizeof(ctx->digest[0])); loopvar++) \
+            store_32_be(ctx->digest[loopvar], &out2[loopvar*4]);        \
+    } while(0)
 
 
 #define HASH_DIGEST_SIZE SHS_DIGESTSIZE
diff --git a/src/lib/crypto/crypto_tests/Makefile.in b/src/lib/crypto/crypto_tests/Makefile.in
index fa916d7..fde5a73 100644
--- a/src/lib/crypto/crypto_tests/Makefile.in
+++ b/src/lib/crypto/crypto_tests/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/crypto/crypto_tests
 mydir=lib/crypto/crypto_tests
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/../krb -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider 		\
@@ -39,6 +37,9 @@ EXTRADEPSRCS=\
 
 ##DOS##LIBOBJS = $(OBJS)
 
+# NOTE: The t_cksum known checksum values are primarily for regression
+# testing.  They are not derived a priori, but are known to produce
+# checksums that interoperate.
 check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac \
 		t_cksum4 t_cksum5 \
 		aes-test  \
@@ -51,8 +52,8 @@ check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac \
 	$(RUN_SETUP) $(VALGRIND) ./t_hmac
 	$(RUN_SETUP) $(VALGRIND) ./t_prf <$(srcdir)/t_prf.in >t_prf.output
 	diff t_prf.output $(srcdir)/t_prf.expected
-	$(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test"
-	$(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test"
+	$(RUN_SETUP) $(VALGRIND) ./t_cksum4 "this is a test" e3f76a07f3401e3536b43a3f54226c39422c35682c354835
+	$(RUN_SETUP) $(VALGRIND) ./t_cksum5 "this is a test" e3f76a07f3401e351143ee6f4c09be1edb4264d55015db53
 	$(RUN_SETUP) $(VALGRIND) ./t_crc
 	$(RUN_SETUP) $(VALGRIND) ./t_cts
 	$(RUN_SETUP) $(VALGRIND) ./aes-test -k > vk.txt
@@ -138,7 +139,7 @@ clean::
 		t_cksum.o t_cksum \
 		t_crc.o t_crc t_cts.o t_cts \
 		t_mddriver4.o t_mddriver4 t_mddriver.o t_mddriver \
-		t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o \
+		t_cksum4 t_cksum4.o t_cksum5 t_cksum5.o t_kperf.o t_kperf \
 		t_mddriver$(EXEEXT) $(OUTPRE)t_mddriver.$(OBJEXT)
 
 	-$(RM) t_prng.output
diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c
index 3ccacd8..714d08e 100644
--- a/src/lib/crypto/crypto_tests/aes-test.c
+++ b/src/lib/crypto/crypto_tests/aes-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aes/aes-test.c
  *
@@ -36,25 +37,24 @@ static char plain[16], cipher[16], zero[16];
 
 static krb5_keyblock enc_key;
 static krb5_data ivec;
-static krb5_data in, out;
 static void init()
 {
     enc_key.contents = key;
     enc_key.length = 16;
     ivec.data = zero;
     ivec.length = 16;
-    in.data = plain;
-    in.length = 16;
-    out.data = cipher;
-    out.length = 16;
 }
 static void enc()
 {
-    krb5_key key;
+    krb5_key k;
+    krb5_crypto_iov iov;
 
-    krb5_k_create_key(NULL, &enc_key, &key);
-    krb5int_aes_encrypt(key, &ivec, &in, &out);
-    krb5_k_free_key(NULL, key);
+    memcpy(cipher, plain, 16);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(cipher, 16);
+    krb5_k_create_key(NULL, &enc_key, &k);
+    krb5int_aes_encrypt(k, &ivec, &iov, 1);
+    krb5_k_free_key(NULL, k);
 }
 
 static void hexdump(const char *label, const char *cp, int len)
@@ -83,12 +83,12 @@ static void vk_test_1(int len)
     memset(plain, 0, sizeof(plain));
     hexdump("PT", plain, 16);
     for (i = 0; i < len * 8; i++) {
-	memset(key, 0, len);
-	set_bit(key, i);
-	printf("\nI=%d\n", i+1);
-	hexdump("KEY", key, len);
-	enc();
-	hexdump("CT", cipher, 16);
+        memset(key, 0, len);
+        set_bit(key, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("KEY", key, len);
+        enc();
+        hexdump("CT", cipher, 16);
     }
     printf("\n==========\n");
 }
@@ -108,12 +108,12 @@ static void vt_test_1(int len)
     memset(key, 0, len);
     hexdump("KEY", key, len);
     for (i = 0; i < 16 * 8; i++) {
-	memset(plain, 0, sizeof(plain));
-	set_bit(plain, i);
-	printf("\nI=%d\n", i+1);
-	hexdump("PT", plain, 16);
-	enc();
-	hexdump("CT", cipher, 16);
+        memset(plain, 0, sizeof(plain));
+        set_bit(plain, i);
+        printf("\nI=%d\n", i+1);
+        hexdump("PT", plain, 16);
+        enc();
+        hexdump("CT", cipher, 16);
     }
     printf("\n==========\n");
 }
@@ -127,16 +127,16 @@ static void vt_test()
 int main (int argc, char *argv[])
 {
     if (argc > 2 || (argc == 2 && strcmp(argv[1], "-k"))) {
-	fprintf(stderr,
-		"usage:\t%s -k\tfor variable-key tests\n"
-		"   or:\t%s   \tfor variable-plaintext tests\n",
-		argv[0], argv[0]);
-	return 1;
+        fprintf(stderr,
+                "usage:\t%s -k\tfor variable-key tests\n"
+                "   or:\t%s   \tfor variable-plaintext tests\n",
+                argv[0], argv[0]);
+        return 1;
     }
     init();
     if (argc == 2)
-	vk_test();
+        vk_test();
     else
-	vt_test();
+        vt_test();
     return 0;
 }
diff --git a/src/lib/crypto/crypto_tests/deps b/src/lib/crypto/crypto_tests/deps
index 2feac3c..65076fe 100644
--- a/src/lib/crypto/crypto_tests/deps
+++ b/src/lib/crypto/crypto_tests/deps
@@ -1 +1,152 @@
-# No dependencies here.
+# 
+# Generated makefile dependencies follow.
+#
+$(OUTPRE)t_nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_nfold.c
+$(OUTPRE)t_encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_encrypt.c
+$(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_prf.c
+$(OUTPRE)t_prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_prng.c
+$(OUTPRE)t_hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_hmac.c
+$(OUTPRE)t_pkcs5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_pkcs5.c
+$(OUTPRE)t_cts.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_cts.c
+$(OUTPRE)vectors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  vectors.c
+$(OUTPRE)aes-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aes-test.c
+$(OUTPRE)t_cksum.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_cksum.c
+$(OUTPRE)t_crc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/crc32/crc-32.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_crc.c
+$(OUTPRE)t_mddriver.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/md5/rsa-md5.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  t_mddriver.c
+$(OUTPRE)t_kperf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_kperf.c
+$(OUTPRE)ytest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/sha1/shs.h \
+  $(srcdir)/../builtin/yhash.h $(srcdir)/../krb/yarrow/yarrow.h \
+  $(srcdir)/../krb/yarrow/ycipher.h $(srcdir)/../krb/yarrow/yexcep.h \
+  $(srcdir)/../krb/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ytest.c
diff --git a/src/lib/crypto/crypto_tests/t_cksum.c b/src/lib/crypto/crypto_tests/t_cksum.c
index a544d9e..c4f22bc 100644
--- a/src/lib/crypto/crypto_tests/t_cksum.c
+++ b/src/lib/crypto/crypto_tests/t_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md5/t_cksum.c
  *
@@ -34,29 +35,46 @@
 #define MD5_K5BETA_COMPAT
 #define MD4_K5BETA_COMPAT
 
-#if	MD == 4
-extern struct krb5_keyhash_provider krb5int_keyhash_md4des;
-#define khp krb5int_keyhash_md4des
+#if MD == 4
+#define CKTYPE CKSUMTYPE_RSA_MD4_DES
 #endif
 
-#if	MD == 5
-extern struct krb5_keyhash_provider krb5int_keyhash_md5des;
-#define khp krb5int_keyhash_md5des
+#if MD == 5
+#define CKTYPE CKSUMTYPE_RSA_MD5_DES
 #endif
 
 static void
-print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_data	*checksum;
+print_checksum(char *text, int number, char *message, krb5_checksum *checksum)
 {
-  int i;
+    unsigned int i;
 
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", (unsigned char) checksum->data[i]);
-  printf("\n");
+    printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+    for (i=0; i<checksum->length; i++)
+        printf("%02x", (unsigned char) checksum->contents[i]);
+    printf("\n");
+}
+
+static void
+parse_hexstring(const char *s, krb5_checksum *cksum)
+{
+    size_t i, len;
+    unsigned int byte;
+    unsigned char *cp;
+
+    len = strlen(s);
+    cp = malloc(len / 2);
+    cksum->contents = cp;
+    if (cp == NULL) {
+        cksum->length = 0;
+        return;
+    }
+    cksum->length = len / 2;
+    for (i = 0; i + 1 < len; i += 2) {
+        sscanf(&s[i], "%2x", &byte);
+        *cp++ = byte;
+    }
+    cksum->checksum_type = CKTYPE;
+    cksum->magic = KV5M_CHECKSUM;
 }
 
 /*
@@ -68,78 +86,98 @@ krb5_octet testkey[8] = { 0x45, 0x01, 0x49, 0x61, 0x58, 0x19, 0x1a, 0x3d };
 
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-  int 			msgindex;
-  krb5_boolean		valid;
-  size_t		length;
-  krb5_keyblock		keyblock;
-  krb5_key		key;
-  krb5_error_code	kret=0;
-  krb5_data		plaintext, newstyle_checksum;
-
-  /* this is a terrible seed, but that's ok for the test. */
-
-  plaintext.length = 8;
-  plaintext.data = (char *) testkey;
-
-  krb5_c_random_seed(/* XXX */ 0, &plaintext);
-
-  keyblock.enctype = ENCTYPE_DES_CBC_CRC;
-  keyblock.length = sizeof(testkey);
-  keyblock.contents = testkey;
-
-  krb5_k_create_key(NULL, &keyblock, &key);
-
-  length = khp.hashsize;
-
-  newstyle_checksum.length = length;
-
-  if (!(newstyle_checksum.data = (char *)
-	malloc((unsigned) newstyle_checksum.length))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
-    plaintext.length = strlen(argv[msgindex]);
-    plaintext.data = argv[msgindex];
-
-    if ((kret = (*(khp.hash))(key, 0, 0, &plaintext, &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
-    }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-
-    if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
-				&valid))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    if (!valid) {
-      printf("verify on new checksum failed\n");
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-
-    newstyle_checksum.data[0]++;
-    if ((kret = (*(khp.verify))(key, 0, 0, &plaintext, &newstyle_checksum,
-				&valid))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    if (valid) {
-      printf("verify on new checksum succeeded, but shouldn't have\n");
-      break;
+    int                   msgindex;
+    krb5_boolean          valid;
+    krb5_keyblock         keyblock;
+    krb5_key              key;
+    krb5_error_code       kret=0;
+    krb5_data             plaintext;
+    krb5_checksum         checksum, knowncksum;
+
+    /* this is a terrible seed, but that's ok for the test. */
+
+    plaintext.length = 8;
+    plaintext.data = (char *) testkey;
+
+    krb5_c_random_seed(/* XXX */ 0, &plaintext);
+
+    keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    keyblock.length = sizeof(testkey);
+    keyblock.contents = testkey;
+
+    krb5_k_create_key(NULL, &keyblock, &key);
+
+    for (msgindex = 1; msgindex + 1 < argc; msgindex += 2) {
+        plaintext.length = strlen(argv[msgindex]);
+        plaintext.data = argv[msgindex];
+
+        /* Create a checksum. */
+        kret = krb5_k_make_checksum(NULL, CKTYPE, key, 0, &plaintext,
+                                    &checksum);
+        if (kret != 0) {
+            printf("krb5_calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("correct", MD, argv[msgindex], &checksum);
+
+        /* Verify it. */
+        kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
+                                      &valid);
+        if (kret != 0) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        if (!valid) {
+            printf("verify on new checksum failed\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+
+        /* Corrupt the checksum and see if it still verifies. */
+        checksum.contents[0]++;
+        kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &checksum,
+                                      &valid);
+        if (kret != 0) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        if (valid) {
+            printf("verify on new checksum succeeded, but shouldn't have\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+        free(checksum.contents);
+
+        /* Verify a known-good checksum for this plaintext. */
+        parse_hexstring(argv[msgindex+1], &knowncksum);
+        if (knowncksum.contents == NULL) {
+            printf("parse_hexstring failed\n");
+            kret = 1;
+            break;
+        }
+        kret = krb5_k_verify_checksum(NULL, key, 0, &plaintext, &knowncksum,
+                                      &valid);
+        if (kret != 0) {
+            printf("verify on known checksum choked with %d\n", kret);
+            break;
+        }
+        if (!valid) {
+            printf("verify on known checksum failed\n");
+            kret = 1;
+            break;
+        }
+        printf("Verify on known checksum succeeded\n");
+        free(knowncksum.contents);
     }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-    kret = 0;
-  }
-  free(newstyle_checksum.data);
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    if (!kret)
+        printf("%d tests passed successfully for MD%d checksum\n", (argc-1)/2, MD);
 
-  krb5_k_free_key(NULL, key);
+    krb5_k_free_key(NULL, key);
 
-  return(kret);
+    return(kret);
 }
diff --git a/src/lib/crypto/crypto_tests/t_crc.c b/src/lib/crypto/crypto_tests/t_crc.c
index cf837f8..99b2b5e 100644
--- a/src/lib/crypto/crypto_tests/t_crc.c
+++ b/src/lib/crypto/crypto_tests/t_crc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crc32/t_crc.c
  *
@@ -36,9 +37,9 @@
 #define HEX 1
 #define STR 2
 struct crc_trial {
-    int		type;
-    char	*data;
-    unsigned long	sum;
+    int         type;
+    char        *data;
+    unsigned long       sum;
 };
 
 struct crc_trial trials[] = {
@@ -115,42 +116,29 @@ timetest(unsigned int nblk, unsigned int blksiz)
 
     block = malloc(blksiz * nblk);
     if (block == NULL)
-	exit(1);
+        exit(1);
     for (i = 0; i < blksiz * nblk; i++)
-	block[i] = i % 256;
+        block[i] = i % 256;
     times(&before);
     for (i = 0; i < nblk; i++) {
-	mit_crc32(block + i * blksiz, blksiz, &cksum);
+        cksum = 0;
+        mit_crc32(block + i * blksiz, blksiz, &cksum);
     }
 
     times(&after);
     printf("shift-8 implementation, %d blocks of %d bytes:\n",
-	   nblk, blksiz);
+           nblk, blksiz);
     printf("\tu=%ld s=%ld cu=%ld cs=%ld\n",
-	   (long)(after.tms_utime - before.tms_utime),
-	   (long)(after.tms_stime - before.tms_stime),
-	   (long)(after.tms_cutime - before.tms_cutime),
-	   (long)(after.tms_cstime - before.tms_cstime));
+           (long)(after.tms_utime - before.tms_utime),
+           (long)(after.tms_stime - before.tms_stime),
+           (long)(after.tms_cutime - before.tms_cutime),
+           (long)(after.tms_cstime - before.tms_cstime));
 
-#ifdef CRC32_SHIFT4
-    times(&before);
-    for (i = 0; i < nblk; i++) {
-	mit_crc32_shift4(block + i * blksiz, blksiz, &cksum);
-    }
-    times(&after);
-    printf("shift-4 implementation, %d blocks of %d bytes:\n",
-	   nblk, blksiz);
-    printf("\tu=%ld s=%ld cu=%ld cs=%ld\n",
-	   (long)(after.tms_utime - before.tms_utime),
-	   (long)(after.tms_stime - before.tms_stime),
-	   (long)(after.tms_cutime - before.tms_cutime),
-	   (long)(after.tms_cstime - before.tms_cstime));
-#endif
     free(block);
 }
 
 static void gethexstr(char *data, size_t *outlen, unsigned char *outbuf,
-		      size_t buflen)
+                      size_t buflen)
 {
     size_t inlen;
     char *cp, buf[3];
@@ -159,12 +147,12 @@ static void gethexstr(char *data, size_t *outlen, unsigned char *outbuf,
     inlen = strlen(data);
     *outlen = 0;
     for (cp = data; cp - data < inlen; cp += 2) {
-	strncpy(buf, cp, 2);
-	buf[2] = '\0';
-	n = strtol(buf, NULL, 16);
-	outbuf[(*outlen)++] = n;
-	if (*outlen > buflen)
-	    break;
+        strncpy(buf, cp, 2);
+        buf[2] = '\0';
+        n = strtol(buf, NULL, 16);
+        outbuf[(*outlen)++] = n;
+        if (*outlen > buflen)
+            break;
     }
 }
 
@@ -179,26 +167,28 @@ verify(void)
     char *typestr;
 
     for (i = 0; i < NTRIALS; i++) {
-	trial = trials[i];
-	switch (trial.type) {
-	case STR:
-	    len = strlen(trial.data);
-	    typestr = "STR";
-	    mit_crc32(trial.data, len, &cksum);
-	    break;
-	case HEX:
-	    typestr = "HEX";
-	    gethexstr(trial.data, &len, buf, 4);
-	    mit_crc32(buf, len, &cksum);
-	    break;
-	default:
-	    typestr = "BOGUS";
-	    fprintf(stderr, "bad trial type %d\n", trial.type);
-	    exit(1);
-	}
-	printf("%s: %s \"%s\" = 0x%08lx\n",
-	       (trial.sum == cksum) ? "OK" : "***BAD***",
-	       typestr, trial.data, cksum);
+        trial = trials[i];
+        switch (trial.type) {
+        case STR:
+            len = strlen(trial.data);
+            typestr = "STR";
+            cksum = 0;
+            mit_crc32(trial.data, len, &cksum);
+            break;
+        case HEX:
+            typestr = "HEX";
+            gethexstr(trial.data, &len, buf, 4);
+            cksum = 0;
+            mit_crc32(buf, len, &cksum);
+            break;
+        default:
+            typestr = "BOGUS";
+            fprintf(stderr, "bad trial type %d\n", trial.type);
+            exit(1);
+        }
+        printf("%s: %s \"%s\" = 0x%08lx\n",
+               (trial.sum == cksum) ? "OK" : "***BAD***",
+               typestr, trial.data, cksum);
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c
index d948532..9b1c271 100644
--- a/src/lib/crypto/crypto_tests/t_cts.c
+++ b/src/lib/crypto/crypto_tests/t_cts.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/vectors.c
  *
@@ -45,7 +46,7 @@ const char *whoami;
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const char *p) { printhex (strlen (p), p); }
@@ -68,9 +69,9 @@ keyToData (krb5_keyblock *k, krb5_data *d)
 
 void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -86,17 +87,17 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
 #ifdef SHOW_TEXT
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
 #endif
     }
     printf("\n");
@@ -111,20 +112,21 @@ static void printk(const char *descr, krb5_keyblock *k) {
 static void test_cts()
 {
     static const char input[4*16] =
-	"I would like the General Gau's Chicken, please, and wonton soup.";
+        "I would like the General Gau's Chicken, please, and wonton soup.";
     static const unsigned char aeskey[16] = "chicken teriyaki";
     static const int lengths[] = { 17, 31, 32, 47, 48, 64 };
 
     int i;
-    char outbuf[64], encivbuf[16], decivbuf[16], outbuf2[64];
-    krb5_data in, out, enciv, deciv, out2;
+    char outbuf[64], encivbuf[16], decivbuf[16];
+    krb5_crypto_iov iov;
+    krb5_data in, enciv, deciv;
     krb5_keyblock keyblock;
     krb5_key key;
     krb5_error_code err;
 
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data.data = outbuf;
     in.data = input;
-    out.data = outbuf;
-    out2.data = outbuf2;
     enciv.length = deciv.length = 16;
     enciv.data = encivbuf;
     deciv.data = decivbuf;
@@ -133,41 +135,41 @@ static void test_cts()
 
     err = krb5_k_create_key(NULL, &keyblock, &key);
     if (err) {
-	printf("error %ld from krb5_k_create_key\n", (long)err);
-	exit(1);
+        printf("error %ld from krb5_k_create_key\n", (long)err);
+        exit(1);
     }
 
     memset(enciv.data, 0, 16);
     printk("AES 128-bit key", &keyblock);
     for (i = 0; i < sizeof(lengths)/sizeof(lengths[0]); i++) {
-    memset(enciv.data, 0, 16);
-    memset(deciv.data, 0, 16);
-
-	printf("\n");
-	in.length = out.length = lengths[i];
-	printd("IV", &enciv);
-	err = krb5int_aes_encrypt(key, &enciv, &in, &out);
-	if (err) {
-	    printf("error %ld from krb5int_aes_encrypt\n", (long)err);
-	    exit(1);
-	}
-	printd("Input", &in);
-	printd("Output", &out);
-	printd("Next IV", &enciv);
-	out2.length = out.length;
-	err = krb5int_aes_decrypt(key, &deciv, &out, &out2);
-	if (err) {
-	    printf("error %ld from krb5int_aes_decrypt\n", (long)err);
-	    exit(1);
-	}
-	if (!data_eq(out2, in)) {
-	    printd("Decryption result DOESN'T MATCH", &out2);
-	    exit(1);
-	}
-	if (memcmp(enciv.data, deciv.data, 16)) {
-	    printd("Decryption IV result DOESN'T MATCH", &deciv);
-	    exit(1);
-	}
+        memset(enciv.data, 0, 16);
+        memset(deciv.data, 0, 16);
+
+        printf("\n");
+        iov.data.length = in.length = lengths[i];
+        memcpy(outbuf, input, lengths[i]);
+        printd("IV", &enciv);
+        err = krb5int_aes_encrypt(key, &enciv, &iov, 1);
+        if (err) {
+            printf("error %ld from krb5int_aes_encrypt\n", (long)err);
+            exit(1);
+        }
+        printd("Input", &in);
+        printd("Output", &iov.data);
+        printd("Next IV", &enciv);
+        err = krb5int_aes_decrypt(key, &deciv, &iov, 1);
+        if (err) {
+            printf("error %ld from krb5int_aes_decrypt\n", (long)err);
+            exit(1);
+        }
+        if (memcmp(outbuf, input, lengths[i]) != 0) {
+            printd("Decryption result DOESN'T MATCH", &iov.data);
+            exit(1);
+        }
+        if (memcmp(enciv.data, deciv.data, 16)) {
+            printd("Decryption IV result DOESN'T MATCH", &deciv);
+            exit(1);
+        }
     }
     krb5_k_free_key(NULL, key);
 }
diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c
index 5615bc8..60e86f4 100644
--- a/src/lib/crypto/crypto_tests/t_encrypt.c
+++ b/src/lib/crypto/crypto_tests/t_encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_encrypt.c
  *
@@ -36,15 +37,15 @@
 
 /* What enctypes should we test?*/
 krb5_enctype interesting_enctypes[] = {
-  ENCTYPE_DES_CBC_CRC,
-  ENCTYPE_DES_CBC_MD4,
-  ENCTYPE_DES_CBC_MD5,
-  ENCTYPE_DES3_CBC_SHA1,
-  ENCTYPE_ARCFOUR_HMAC,
-  ENCTYPE_ARCFOUR_HMAC_EXP,
-  ENCTYPE_AES256_CTS_HMAC_SHA1_96,
-  ENCTYPE_AES128_CTS_HMAC_SHA1_96,
-  0
+    ENCTYPE_DES_CBC_CRC,
+    ENCTYPE_DES_CBC_MD4,
+    ENCTYPE_DES_CBC_MD5,
+    ENCTYPE_DES3_CBC_SHA1,
+    ENCTYPE_ARCFOUR_HMAC,
+    ENCTYPE_ARCFOUR_HMAC_EXP,
+    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
+    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
+    0
 };
 
 static void
@@ -52,24 +53,24 @@ test(const char *msg, krb5_error_code retval)
 {
     printf("%s: . . . ", msg);
     if (retval) {
-	printf("Failed: %s\n", error_message(retval));
-	abort();
+        printf("Failed: %s\n", error_message(retval));
+        abort();
     } else
-	printf("OK\n");
+        printf("OK\n");
 }
 
 static int compare_results(krb5_data *d1, krb5_data *d2)
 {
     if (d1->length != d2->length) {
-	/* Decryption can leave a little trailing cruft.
-	   For the current cryptosystems, this can be up to 7 bytes.  */
-	if (d1->length + 8 <= d2->length)
-	    return EINVAL;
-	if (d1->length > d2->length)
-	    return EINVAL;
+        /* Decryption can leave a little trailing cruft.
+           For the current cryptosystems, this can be up to 7 bytes.  */
+        if (d1->length + 8 <= d2->length)
+            return EINVAL;
+        if (d1->length > d2->length)
+            return EINVAL;
     }
     if (memcmp(d1->data, d2->data, d1->length)) {
-	return EINVAL;
+        return EINVAL;
     }
     return 0;
 }
@@ -77,187 +78,187 @@ static int compare_results(krb5_data *d1, krb5_data *d2)
 int
 main ()
 {
-  krb5_context context = 0;
-  krb5_data  in, in2, out, out2, check, check2, state, signdata;
-  krb5_crypto_iov iov[5];
-  int i, j, pos;
-  unsigned int dummy;
-  size_t len;
-  krb5_enc_data enc_out, enc_out2;
-  krb5_keyblock *keyblock;
-  krb5_key key;
+    krb5_context context = 0;
+    krb5_data  in, in2, out, out2, check, check2, state, signdata;
+    krb5_crypto_iov iov[5];
+    int i, j, pos;
+    unsigned int dummy;
+    size_t len;
+    krb5_enc_data enc_out, enc_out2;
+    krb5_keyblock *keyblock;
+    krb5_key key;
 
-  memset(iov, 0, sizeof(iov));
+    memset(iov, 0, sizeof(iov));
 
-  in.data = "This is a test.\n";
-  in.length = strlen (in.data);
-  in2.data = "This is another test.\n";
-  in2.length = strlen (in2.data);
+    in.data = "This is a test.\n";
+    in.length = strlen (in.data);
+    in2.data = "This is another test.\n";
+    in2.length = strlen (in2.data);
 
-  test ("Seeding random number generator",
-	krb5_c_random_seed (context, &in));
+    test ("Seeding random number generator",
+          krb5_c_random_seed (context, &in));
 
-  /* Set up output buffers. */
-  out.data = malloc(2048);
-  out2.data = malloc(2048);
-  check.data = malloc(2048);
-  check2.data = malloc(2048);
-  if (out.data == NULL || out2.data == NULL
-      || check.data == NULL || check2.data == NULL)
-      abort();
-  out.magic = KV5M_DATA;
-  out.length = 2048;
-  out2.magic = KV5M_DATA;
-  out2.length = 2048;
-  check.length = 2048;
-  check2.length = 2048;
+    /* Set up output buffers. */
+    out.data = malloc(2048);
+    out2.data = malloc(2048);
+    check.data = malloc(2048);
+    check2.data = malloc(2048);
+    if (out.data == NULL || out2.data == NULL
+        || check.data == NULL || check2.data == NULL)
+        abort();
+    out.magic = KV5M_DATA;
+    out.length = 2048;
+    out2.magic = KV5M_DATA;
+    out2.length = 2048;
+    check.length = 2048;
+    check2.length = 2048;
 
-  for (i = 0; interesting_enctypes[i]; i++) {
-    krb5_enctype enctype = interesting_enctypes [i];
+    for (i = 0; interesting_enctypes[i]; i++) {
+        krb5_enctype enctype = interesting_enctypes [i];
 
-    printf ("Testing enctype %d\n", enctype);
-    test ("Initializing a keyblock",
-	  krb5_init_keyblock (context, enctype, 0, &keyblock));
-    test ("Generating random keyblock",
-	  krb5_c_make_random_key (context, enctype, keyblock));
-    test ("Creating opaque key from keyblock",
-	  krb5_k_create_key (context, keyblock, &key));
+        printf ("Testing enctype %d\n", enctype);
+        test ("Initializing a keyblock",
+              krb5_init_keyblock (context, enctype, 0, &keyblock));
+        test ("Generating random keyblock",
+              krb5_c_make_random_key (context, enctype, keyblock));
+        test ("Creating opaque key from keyblock",
+              krb5_k_create_key (context, keyblock, &key));
 
-    enc_out.ciphertext = out;
-    enc_out2.ciphertext = out2;
-    /* We use an intermediate `len' because size_t may be different size
-       than `int' */
-    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
-    enc_out.ciphertext.length = len;
+        enc_out.ciphertext = out;
+        enc_out2.ciphertext = out2;
+        /* We use an intermediate `len' because size_t may be different size
+           than `int' */
+        krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+        enc_out.ciphertext.length = len;
 
-    /* Encrypt, decrypt, and see if we got the plaintext back again. */
-    test ("Encrypting (c)",
-	  krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
-    test ("Decrypting",
-	  krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
-    test ("Comparing", compare_results (&in, &check));
+        /* Encrypt, decrypt, and see if we got the plaintext back again. */
+        test ("Encrypting (c)",
+              krb5_c_encrypt (context, keyblock, 7, 0, &in, &enc_out));
+        test ("Decrypting",
+              krb5_c_decrypt (context, keyblock, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
 
-    /* Try again with the opaque-key-using variants. */
-    memset(out.data, 0, out.length);
-    test ("Encrypting (k)",
-	  krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
-    test ("Decrypting",
-	  krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
-    test ("Comparing", compare_results (&in, &check));
+        /* Try again with the opaque-key-using variants. */
+        memset(out.data, 0, out.length);
+        test ("Encrypting (k)",
+              krb5_k_encrypt (context, key, 7, 0, &in, &enc_out));
+        test ("Decrypting",
+              krb5_k_decrypt (context, key, 7, 0, &enc_out, &check));
+        test ("Comparing", compare_results (&in, &check));
 
-    /* Check if this enctype supports IOV encryption. */
-    if ( krb5_c_crypto_length(context, keyblock->enctype,
-			      KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
-	/* Set up iovecs for stream decryption. */
-	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
-	iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
-	iov[0].data.data = out2.data;
-	iov[0].data.length = enc_out.ciphertext.length;
-	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+        /* Check if this enctype supports IOV encryption. */
+        if ( krb5_c_crypto_length(context, keyblock->enctype,
+                                  KRB5_CRYPTO_TYPE_HEADER, &dummy) == 0 ){
+            /* Set up iovecs for stream decryption. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            iov[0].flags= KRB5_CRYPTO_TYPE_STREAM;
+            iov[0].data.data = out2.data;
+            iov[0].data.length = enc_out.ciphertext.length;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
 
-	/* Decrypt the encrypted data from above and check it. */
-	test("IOV stream decrypting (c)",
-	     krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Decrypt the encrypted data from above and check it. */
+            test("IOV stream decrypting (c)",
+                 krb5_c_decrypt_iov( context, keyblock, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Try again with the opaque-key-using variant. */
-	memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
-	test("IOV stream decrypting (k)",
-	     krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Try again with the opaque-key-using variant. */
+            memcpy(out2.data, enc_out.ciphertext.data, enc_out.ciphertext.length);
+            test("IOV stream decrypting (k)",
+                 krb5_k_decrypt_iov( context, key, 7, 0, iov, 2));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Set up iovecs for AEAD encryption. */
-	signdata.magic = KV5M_DATA;
-	signdata.data = (char *) "This should be signed";
-	signdata.length = strlen(signdata.data);
-	iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
-	iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-	iov[1].data = in; /*We'll need to copy memory before encrypt*/
-	iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
-	iov[2].data = signdata;
-	iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
-	iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
+            /* Set up iovecs for AEAD encryption. */
+            signdata.magic = KV5M_DATA;
+            signdata.data = (char *) "This should be signed";
+            signdata.length = strlen(signdata.data);
+            iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+            iov[1].data = in; /*We'll need to copy memory before encrypt*/
+            iov[2].flags = KRB5_CRYPTO_TYPE_SIGN_ONLY;
+            iov[2].data = signdata;
+            iov[3].flags = KRB5_CRYPTO_TYPE_PADDING;
+            iov[4].flags = KRB5_CRYPTO_TYPE_TRAILER;
 
-	/* "Allocate" data for the iovec buffers from the "out" buffer. */
-	test("Setting up iov lengths",
-	     krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
-	for (j=0,pos=0; j <= 4; j++ ){
-	    if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
-		continue;
-	    iov[j].data.data = &out.data[pos];
-	    pos += iov[j].data.length;
-	}
-	assert (iov[1].data.length == in.length);
-	memcpy(iov[1].data.data, in.data, in.length);
+            /* "Allocate" data for the iovec buffers from the "out" buffer. */
+            test("Setting up iov lengths",
+                 krb5_c_crypto_length_iov(context, keyblock->enctype, iov, 5));
+            for (j=0,pos=0; j <= 4; j++ ){
+                if (iov[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY)
+                    continue;
+                iov[j].data.data = &out.data[pos];
+                pos += iov[j].data.length;
+            }
+            assert (iov[1].data.length == in.length);
+            memcpy(iov[1].data.data, in.data, in.length);
 
-	/* Encrypt and decrypt in place, and check the result. */
-	test("iov encrypting (c)",
-	     krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
-	assert(iov[1].data.length == in.length);
-	test("iov decrypting",
-	     krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
+            /* Encrypt and decrypt in place, and check the result. */
+            test("iov encrypting (c)",
+                 krb5_c_encrypt_iov(context, keyblock, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            test("iov decrypting",
+                 krb5_c_decrypt_iov(context, keyblock, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
 
-	/* Try again with opaque-key-using variants. */
-	test("iov encrypting (k)",
-	     krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
-	assert(iov[1].data.length == in.length);
-	test("iov decrypting",
-	     krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
-	test("Comparing results",
-	     compare_results(&in, &iov[1].data));
-    }
+            /* Try again with opaque-key-using variants. */
+            test("iov encrypting (k)",
+                 krb5_k_encrypt_iov(context, key, 7, 0, iov, 5));
+            assert(iov[1].data.length == in.length);
+            test("iov decrypting",
+                 krb5_k_decrypt_iov(context, key, 7, 0, iov, 5));
+            test("Comparing results",
+                 compare_results(&in, &iov[1].data));
+        }
 
-    enc_out.ciphertext.length = out.length;
-    check.length = 2048;
+        enc_out.ciphertext.length = out.length;
+        check.length = 2048;
 
-    test ("init_state",
-	  krb5_c_init_state (context, keyblock, 7, &state));
-    test ("Encrypting with state",
-	  krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
-    test ("Encrypting again with state",
-	  krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
-    test ("free_state",
-	  krb5_c_free_state (context, keyblock, &state));
-    test ("init_state",
-	  krb5_c_init_state (context, keyblock, 7, &state));
-    test ("Decrypting with state",
-	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
-    test ("Decrypting again with state",
-	  krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
-    test ("free_state",
-	  krb5_c_free_state (context, keyblock, &state));
-    test ("Comparing",
-	  compare_results (&in, &check));
-    test ("Comparing",
-	  compare_results (&in2, &check2));
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Encrypting with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in, &enc_out));
+        test ("Encrypting again with state",
+              krb5_c_encrypt (context, keyblock, 7, &state, &in2, &enc_out2));
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("init_state",
+              krb5_c_init_state (context, keyblock, 7, &state));
+        test ("Decrypting with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out, &check));
+        test ("Decrypting again with state",
+              krb5_c_decrypt (context, keyblock, 7, &state, &enc_out2, &check2));
+        test ("free_state",
+              krb5_c_free_state (context, keyblock, &state));
+        test ("Comparing",
+              compare_results (&in, &check));
+        test ("Comparing",
+              compare_results (&in2, &check2));
 
-    krb5_free_keyblock (context, keyblock);
-    krb5_k_free_key (context, key);
-  }
+        krb5_free_keyblock (context, keyblock);
+        krb5_k_free_key (context, key);
+    }
 
-  /* Test the RC4 decrypt fallback from key usage 9 to 8. */
-  test ("Initializing an RC4 keyblock",
-	krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
-  test ("Generating random RC4 key",
-	krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
-  enc_out.ciphertext = out;
-  krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
-  enc_out.ciphertext.length = len;
-  check.length = 2048;
-  test ("Encrypting with RC4 key usage 8",
-	krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
-  test ("Decrypting with RC4 key usage 9",
-	krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
-  test ("Comparing", compare_results (&in, &check));
+    /* Test the RC4 decrypt fallback from key usage 9 to 8. */
+    test ("Initializing an RC4 keyblock",
+          krb5_init_keyblock (context, ENCTYPE_ARCFOUR_HMAC, 0, &keyblock));
+    test ("Generating random RC4 key",
+          krb5_c_make_random_key (context, ENCTYPE_ARCFOUR_HMAC, keyblock));
+    enc_out.ciphertext = out;
+    krb5_c_encrypt_length (context, keyblock->enctype, in.length, &len);
+    enc_out.ciphertext.length = len;
+    check.length = 2048;
+    test ("Encrypting with RC4 key usage 8",
+          krb5_c_encrypt (context, keyblock, 8, 0, &in, &enc_out));
+    test ("Decrypting with RC4 key usage 9",
+          krb5_c_decrypt (context, keyblock, 9, 0, &enc_out, &check));
+    test ("Comparing", compare_results (&in, &check));
 
-  krb5_free_keyblock (context, keyblock);
-  free(out.data);
-  free(out2.data);
-  free(check.data);
-  free(check2.data);
-  return 0;
+    krb5_free_keyblock (context, keyblock);
+    free(out.data);
+    free(out2.data);
+    free(check.data);
+    free(check2.data);
+    return 0;
 }
diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c
index 55b47b8..1056ff6 100644
--- a/src/lib/crypto/crypto_tests/t_hmac.c
+++ b/src/lib/crypto/crypto_tests/t_hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_hmac.c
  *
@@ -47,9 +48,9 @@ static void keyToData (krb5_keyblock *k, krb5_data *d) {
 #if 0
 static void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -62,16 +63,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s (%d bytes):", descr, d->length);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -92,40 +93,42 @@ struct hmac_test {
 };
 
 static krb5_error_code hmac1(const struct krb5_hash_provider *h,
-			     krb5_keyblock *key,
-			     krb5_data *in, krb5_data *out)
+                             krb5_keyblock *key,
+                             krb5_data *in, krb5_data *out)
 {
     char tmp[40];
     size_t blocksize, hashsize;
     krb5_error_code err;
     krb5_key k;
+    krb5_crypto_iov iov;
+    krb5_data d;
 
     printk(" test key", key);
     blocksize = h->blocksize;
     hashsize = h->hashsize;
     if (hashsize > sizeof(tmp))
-	abort();
+        abort();
     if (key->length > blocksize) {
-	krb5_data d, d2;
-	d.data = (char *) key->contents;
-	d.length = key->length;
-	d2.data = tmp;
-	d2.length = hashsize;
-	err = h->hash (1, &d, &d2);
-	if (err) {
-	    com_err(whoami, err, "hashing key before calling hmac");
-	    exit(1);
-	}
-	key->length = d2.length;
-	key->contents = (krb5_octet *) d2.data;
-	printk(" pre-hashed key", key);
+        iov.flags = KRB5_CRYPTO_TYPE_DATA;
+        iov.data = make_data(key->contents, key->length);
+        d = make_data(tmp, hashsize);
+        err = h->hash(&iov, 1, &d);
+        if (err) {
+            com_err(whoami, err, "hashing key before calling hmac");
+            exit(1);
+        }
+        key->length = d.length;
+        key->contents = (krb5_octet *) d.data;
+        printk(" pre-hashed key", key);
     }
     printd(" hmac input", in);
     krb5_k_create_key(NULL, key, &k);
-    err = krb5int_hmac(h, k, 1, in, out);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    err = krb5int_hmac(h, k, &iov, 1, out);
     krb5_k_free_key(NULL, k);
     if (err == 0)
-	printd(" hmac output", out);
+        printd(" hmac output", out);
     return err;
 }
 
@@ -142,128 +145,128 @@ static void test_hmac()
 
     /* RFC 2202 test vector.  */
     static const struct hmac_test md5tests[] = {
-	{
-	    16, {
-		0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
-		0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
-	    },
-	    8, "Hi There",
-	    "0x9294727a3638bb1c13f48ef8158bfc9d"
-	},
+        {
+            16, {
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+                0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb, 0xb,
+            },
+            8, "Hi There",
+            "0x9294727a3638bb1c13f48ef8158bfc9d"
+        },
 
-	{
-	    4, "Jefe",
-	    28, "what do ya want for nothing?",
-	    "0x750c783e6ab0b503eaa86e310a5db738"
-	},
+        {
+            4, "Jefe",
+            28, "what do ya want for nothing?",
+            "0x750c783e6ab0b503eaa86e310a5db738"
+        },
 
-	{
-	    16, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
-	    },
-	    50, {
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-		0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
-	    },
-	    "0x56be34521d144c88dbb8c733f0e8b3f6"
-	},
+        {
+            16, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
+            },
+            50, {
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+                0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+            },
+            "0x56be34521d144c88dbb8c733f0e8b3f6"
+        },
 
-	{
-	    25, {
-		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
-		0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
-		0x15, 0x16, 0x17, 0x18, 0x19
-	    },
-	    50, {
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-		0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
-	    },
-	    "0x697eaf0aca3a3aea3a75164746ffaa79"
-	},
+        {
+            25, {
+                0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a,
+                0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14,
+                0x15, 0x16, 0x17, 0x18, 0x19
+            },
+            50, {
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+                0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+            },
+            "0x697eaf0aca3a3aea3a75164746ffaa79"
+        },
 
-	{
-	    16, {
-		0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
-		0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
-	    },
-	    20, "Test With Truncation",
-	    "0x56461ef2342edc00f9bab995690efd4c"
-	},
+        {
+            16, {
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
+                0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
+            },
+            20, "Test With Truncation",
+            "0x56461ef2342edc00f9bab995690efd4c"
+        },
 
-	{
-	    80, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-	    },
-	    54, "Test Using Larger Than Block-Size Key - Hash Key First",
-	    "0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
-	},
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            54, "Test Using Larger Than Block-Size Key - Hash Key First",
+            "0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd"
+        },
 
-	{
-	    80, {
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-		0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
-	    },
-	    73,
-	    "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
-	    "0x6f630fad67cda0ee1fb1f562db3aa53e"
-	},
+        {
+            80, {
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+                0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+            },
+            73,
+            "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
+            "0x6f630fad67cda0ee1fb1f562db3aa53e"
+        },
     };
 
     for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
-	key.contents = md5tests[i].key;
-	key.length = md5tests[i].key_len;
-	in.data = md5tests[i].data;
-	in.length = md5tests[i].data_len;
+        key.contents = md5tests[i].key;
+        key.length = md5tests[i].key_len;
+        in.data = md5tests[i].data;
+        in.length = md5tests[i].data_len;
 
-	out.data = outbuf;
-	out.length = 20;
-	printf("\nTest #%d:\n", i+1);
-	err = hmac1(&krb5int_hash_md5, &key, &in, &out);
-	if (err) {
-	    com_err(whoami, err, "computing hmac");
-	    exit(1);
-	}
+        out.data = outbuf;
+        out.length = 20;
+        printf("\nTest #%d:\n", i+1);
+        err = hmac1(&krb5int_hash_md5, &key, &in, &out);
+        if (err) {
+            com_err(whoami, err, "computing hmac");
+            exit(1);
+        }
 
-	krb5int_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf));
-	krb5int_buf_add(&buf, "0x");
-	for (j = 0; j < out.length; j++)
-	    krb5int_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]);
-	if (krb5int_buf_data(&buf) == NULL)
-	    abort();
-	if (strcmp(stroutbuf, md5tests[i].hexdigest)) {
-	    printf("*** CHECK FAILED!\n"
-		   "\tReturned: %s.\n"
-		   "\tExpected: %s.\n", stroutbuf, md5tests[i].hexdigest);
-	    lose++;
-	} else
-	    printf("Matches expected result.\n");
+        krb5int_buf_init_fixed(&buf, stroutbuf, sizeof(stroutbuf));
+        krb5int_buf_add(&buf, "0x");
+        for (j = 0; j < out.length; j++)
+            krb5int_buf_add_fmt(&buf, "%02x", 0xff & outbuf[j]);
+        if (krb5int_buf_data(&buf) == NULL)
+            abort();
+        if (strcmp(stroutbuf, md5tests[i].hexdigest)) {
+            printf("*** CHECK FAILED!\n"
+                   "\tReturned: %s.\n"
+                   "\tExpected: %s.\n", stroutbuf, md5tests[i].hexdigest);
+            lose++;
+        } else
+            printf("Matches expected result.\n");
     }
 
     /* Do again with SHA-1 tests....  */
 
     if (lose) {
-	printf("%d failures; exiting.\n", lose);
-	exit(1);
+        printf("%d failures; exiting.\n", lose);
+        exit(1);
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_kperf.c b/src/lib/crypto/crypto_tests/t_kperf.c
index 4c99d72..8c36e90 100644
--- a/src/lib/crypto/crypto_tests/t_kperf.c
+++ b/src/lib/crypto/crypto_tests/t_kperf.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crypto_tests/t_kperf.c
  *
@@ -94,6 +94,14 @@ main(int argc, char **argv)
     sum.length = cklen;
     sum.contents = calloc(1, cklen);
 
+    /*
+     * Decrypting typically involves copying the output after checking the
+     * hash, so we need to create a valid ciphertext to correctly measure its
+     * performance.
+     */
+    if (op == 'd')
+        krb5_c_encrypt(NULL, &kblock, 0, NULL, &block, &outblock);
+
     for (i = 0; i < num_blocks; i++) {
         if (intf == 'c') {
             if (op == 'e')
diff --git a/src/lib/crypto/crypto_tests/t_mdcksum.c b/src/lib/crypto/crypto_tests/t_mdcksum.c
index 17ecd51..0b8a4fe 100644
--- a/src/lib/crypto/crypto_tests/t_mdcksum.c
+++ b/src/lib/crypto/crypto_tests/t_mdcksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md5/t_cksum.c
  *
@@ -29,65 +30,65 @@
  * t_cksum.c - Test checksum and checksum compatability for rsa-md[4,5]-des
  */
 
-#ifndef	MD
-#define	MD	5
-#endif	/* MD */
+#ifndef MD
+#define MD      5
+#endif  /* MD */
 
 #include "k5-int.h"
-#if	MD == 4
+#if     MD == 4
 #include "rsa-md4.h"
-#endif	/* MD == 4 */
-#if	MD == 5
+#endif  /* MD == 4 */
+#if     MD == 5
 #include "rsa-md5.h"
-#endif	/* MD == 5 */
+#endif  /* MD == 5 */
 #include "des_int.h"
 
 #define MD5_K5BETA_COMPAT
 #define MD4_K5BETA_COMPAT
 
-#if	MD == 4
-#define	CONFOUNDER_LENGTH	RSA_MD4_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD4_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD4_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD4_DES
-#ifdef	MD4_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD4_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD4_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md4_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md4_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md4_crypto_verify_func
-#endif	/* MD == 4 */
+#if     MD == 4
+#define CONFOUNDER_LENGTH       RSA_MD4_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD4_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD4_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD4_DES
+#ifdef  MD4_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD4_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD4_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md4_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md4_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md4_crypto_verify_func
+#endif  /* MD == 4 */
 
-#if	MD == 5
-#define	CONFOUNDER_LENGTH	RSA_MD5_DES_CONFOUND_LENGTH
-#define	NEW_CHECKSUM_LENGTH	NEW_RSA_MD5_DES_CKSUM_LENGTH
-#define	OLD_CHECKSUM_LENGTH	OLD_RSA_MD5_DES_CKSUM_LENGTH
-#define	CHECKSUM_TYPE		CKSUMTYPE_RSA_MD5_DES
-#ifdef	MD5_K5BETA_COMPAT
-#define	K5BETA_COMPAT	1
-#else	/* MD5_K5BETA_COMPAT */
-#undef	K5BETA_COMPAT
-#endif	/* MD5_K5BETA_COMPAT */
-#define	CKSUM_FUNCTION		krb5_md5_crypto_sum_func
-#define	COMPAT_FUNCTION		krb5_md5_crypto_compat_sum_func
-#define	VERIFY_FUNCTION		krb5_md5_crypto_verify_func
-#endif	/* MD == 5 */
+#if     MD == 5
+#define CONFOUNDER_LENGTH       RSA_MD5_DES_CONFOUND_LENGTH
+#define NEW_CHECKSUM_LENGTH     NEW_RSA_MD5_DES_CKSUM_LENGTH
+#define OLD_CHECKSUM_LENGTH     OLD_RSA_MD5_DES_CKSUM_LENGTH
+#define CHECKSUM_TYPE           CKSUMTYPE_RSA_MD5_DES
+#ifdef  MD5_K5BETA_COMPAT
+#define K5BETA_COMPAT   1
+#else   /* MD5_K5BETA_COMPAT */
+#undef  K5BETA_COMPAT
+#endif  /* MD5_K5BETA_COMPAT */
+#define CKSUM_FUNCTION          krb5_md5_crypto_sum_func
+#define COMPAT_FUNCTION         krb5_md5_crypto_compat_sum_func
+#define VERIFY_FUNCTION         krb5_md5_crypto_verify_func
+#endif  /* MD == 5 */
 
 static void
 print_checksum(text, number, message, checksum)
-     char	*text;
-     int	number;
-     char	*message;
-     krb5_checksum	*checksum;
+    char       *text;
+    int        number;
+    char       *message;
+    krb5_checksum      *checksum;
 {
-  int i;
+    int i;
 
-  printf("%s MD%d checksum(\"%s\") = ", text, number, message);
-  for (i=0; i<checksum->length; i++)
-    printf("%02x", checksum->contents[i]);
-  printf("\n");
+    printf("%s MD%d checksum(\"%s\") = ", text, number, message);
+    for (i=0; i<checksum->length; i++)
+        printf("%02x", checksum->contents[i]);
+    printf("\n");
 }
 
 /*
@@ -96,111 +97,111 @@ print_checksum(text, number, message, checksum)
  */
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-  int 			msgindex;
-  krb5_context		kcontext;
-  krb5_encrypt_block	encblock;
-  krb5_keyblock		keyblock;
-  krb5_error_code	kret;
-  krb5_checksum		oldstyle_checksum;
-  krb5_checksum		newstyle_checksum;
-  krb5_data		pwdata;
-  char			*pwd;
+    int                   msgindex;
+    krb5_context          kcontext;
+    krb5_encrypt_block    encblock;
+    krb5_keyblock         keyblock;
+    krb5_error_code       kret;
+    krb5_checksum         oldstyle_checksum;
+    krb5_checksum         newstyle_checksum;
+    krb5_data             pwdata;
+    char                  *pwd;
 
-  pwd = "test password";
-  pwdata.length = strlen(pwd);
-  pwdata.data = pwd;
-  krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
-  if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
-    printf("mit_des_string_to_key choked with %d\n", kret);
-    return(kret);
-  }
-  if ((kret = mit_des_process_key(&encblock, &keyblock))) {
-    printf("mit_des_process_key choked with %d\n", kret);
-    return(kret);
-  }
-
-  oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
-  if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for old style checksum\n");
-    return(ENOMEM);
-  }
-  newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
-  if (!(newstyle_checksum.contents = (krb5_octet *)
-	malloc(NEW_CHECKSUM_LENGTH))) {
-    printf("cannot get memory for new style checksum\n");
-    return(ENOMEM);
-  }
-  for (msgindex = 1; msgindex < argc; msgindex++) {
-    if ((kret = CKSUM_FUNCTION(argv[msgindex],
-			       strlen(argv[msgindex]),
-			       (krb5_pointer) keyblock.contents,
-			       keyblock.length,
-			       &newstyle_checksum))) {
-      printf("krb5_calculate_checksum choked with %d\n", kret);
-      break;
+    pwd = "test password";
+    pwdata.length = strlen(pwd);
+    pwdata.data = pwd;
+    krb5_use_enctype(kcontext, &encblock, DEFAULT_KDC_ENCTYPE);
+    if ((kret = mit_des_string_to_key(&encblock, &keyblock, &pwdata, NULL))) {
+        printf("mit_des_string_to_key choked with %d\n", kret);
+        return(kret);
     }
-    print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
-#ifdef	K5BETA_COMPAT
-    if ((kret = COMPAT_FUNCTION(argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length,
-				&oldstyle_checksum))) {
-      printf("old style calculate_checksum choked with %d\n", kret);
-      break;
+    if ((kret = mit_des_process_key(&encblock, &keyblock))) {
+        printf("mit_des_process_key choked with %d\n", kret);
+        return(kret);
     }
-    print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
-#endif	/* K5BETA_COMPAT */
-    if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on new checksum choked with %d\n", kret);
-      break;
-    }
-    printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				argv[msgindex],
-				strlen(argv[msgindex]),
-				(krb5_pointer) keyblock.contents,
-				keyblock.length))) {
-      printf("verify on old checksum choked with %d\n", kret);
-      break;
+
+    oldstyle_checksum.length = OLD_CHECKSUM_LENGTH;
+    if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(OLD_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for old style checksum\n");
+        return(ENOMEM);
     }
-    printf("Compatible checksum verify succeeded for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    newstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on new checksum should have choked\n");
-      break;
+    newstyle_checksum.length = NEW_CHECKSUM_LENGTH;
+    if (!(newstyle_checksum.contents = (krb5_octet *)
+          malloc(NEW_CHECKSUM_LENGTH))) {
+        printf("cannot get memory for new style checksum\n");
+        return(ENOMEM);
     }
-    printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
-#ifdef	K5BETA_COMPAT
-    oldstyle_checksum.contents[0]++;
-    if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
-				 argv[msgindex],
-				 strlen(argv[msgindex]),
-				 (krb5_pointer) keyblock.contents,
-				 keyblock.length))) {
-      printf("verify on old checksum should have choked\n");
-      break;
+    for (msgindex = 1; msgindex < argc; msgindex++) {
+        if ((kret = CKSUM_FUNCTION(argv[msgindex],
+                                   strlen(argv[msgindex]),
+                                   (krb5_pointer) keyblock.contents,
+                                   keyblock.length,
+                                   &newstyle_checksum))) {
+            printf("krb5_calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("correct", MD, argv[msgindex], &newstyle_checksum);
+#ifdef  K5BETA_COMPAT
+        if ((kret = COMPAT_FUNCTION(argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length,
+                                    &oldstyle_checksum))) {
+            printf("old style calculate_checksum choked with %d\n", kret);
+            break;
+        }
+        print_checksum("old", MD, argv[msgindex], &oldstyle_checksum);
+#endif  /* K5BETA_COMPAT */
+        if ((kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on new checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Verify succeeded for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        if ((kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                    argv[msgindex],
+                                    strlen(argv[msgindex]),
+                                    (krb5_pointer) keyblock.contents,
+                                    keyblock.length))) {
+            printf("verify on old checksum choked with %d\n", kret);
+            break;
+        }
+        printf("Compatible checksum verify succeeded for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        newstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&newstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on new checksum should have choked\n");
+            break;
+        }
+        printf("Verify of bad checksum OK for \"%s\"\n", argv[msgindex]);
+#ifdef  K5BETA_COMPAT
+        oldstyle_checksum.contents[0]++;
+        if (!(kret = VERIFY_FUNCTION(&oldstyle_checksum,
+                                     argv[msgindex],
+                                     strlen(argv[msgindex]),
+                                     (krb5_pointer) keyblock.contents,
+                                     keyblock.length))) {
+            printf("verify on old checksum should have choked\n");
+            break;
+        }
+        printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
+               argv[msgindex]);
+#endif  /* K5BETA_COMPAT */
+        kret = 0;
     }
-    printf("Compatible checksum verify of altered checksum OK for \"%s\"\n",
-	   argv[msgindex]);
-#endif	/* K5BETA_COMPAT */
-    kret = 0;
-  }
-  if (!kret)
-    printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
-  return(kret);
+    if (!kret)
+        printf("%d tests passed successfully for MD%d checksum\n", argc-1, MD);
+    return(kret);
 }
diff --git a/src/lib/crypto/crypto_tests/t_mddriver.c b/src/lib/crypto/crypto_tests/t_mddriver.c
index 3fab847..b3af381 100644
--- a/src/lib/crypto/crypto_tests/t_mddriver.c
+++ b/src/lib/crypto/crypto_tests/t_mddriver.c
@@ -1,21 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* MDDRIVER.C - test driver for MD2, MD4 and MD5
  */
 
 /* Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
-rights reserved.
+   rights reserved.
 
-RSA Data Security, Inc. makes no representations concerning either
-the merchantability of this software or the suitability of this
-software for any particular purpose. It is provided "as is"
-without express or implied warranty of any kind.
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
 
-These notices must be retained in any copies of any part of this
-documentation and/or software.
- */
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+*/
 
 /* The following makes MD default to MD5 if it has not already been
-  defined with C compiler flags.
- */
+   defined with C compiler flags.
+*/
 #ifndef MD
 #define MD 5
 #endif
@@ -67,26 +68,26 @@ struct md_test_entry {
 
 struct md_test_entry md_test_suite[] = {
     { "",
-	  {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
-	   0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }},
+      {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+       0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }},
     { "a",
-	  {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
-	   0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }},
+      {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+       0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }},
     { "abc",
-	  {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
-	   0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }},
+      {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+       0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }},
     { "message digest",
-	  {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
-	   0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }},
+      {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+       0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }},
     { "abcdefghijklmnopqrstuvwxyz",
-	  {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
-	   0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }},
+      {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+       0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 }},
     { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	  {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
-	  0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }},
+      {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+       0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 }},
     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	  {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
-	   0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }},
+      {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+       0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 }},
     {0, {0}}
 };
 
@@ -103,26 +104,26 @@ struct md_test_entry md_test_suite[] = {
 
 struct md_test_entry md_test_suite[] = {
     { "",
-	  {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
-	   0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }},
+      {0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+       0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e }},
     { "a",
-	  {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
-	   0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 }},
+      {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8,
+       0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 }},
     { "abc",
-	  {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
-	   0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 }},
+      {0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0,
+       0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 }},
     { "message digest",
-	  {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
-	   0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 }},
+      {0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d,
+       0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 }},
     { "abcdefghijklmnopqrstuvwxyz",
-	  {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
-	   0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
+      {0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00,
+       0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b }},
     { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	  {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
-	   0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
+      {0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5,
+       0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f }},
     { "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	  {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
-	   0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
+      {0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55,
+       0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a }},
     { 0, {0} }
 };
 
@@ -130,88 +131,88 @@ struct md_test_entry md_test_suite[] = {
 
 /* Main driver.
 
-Arguments (may be any combination):
-  -sstring - digests string
-  -t       - runs time trial
-  -x       - runs test script
-  filename - digests file
-  (none)   - digests standard input
- */
+   Arguments (may be any combination):
+   -sstring - digests string
+   -t       - runs time trial
+   -x       - runs test script
+   filename - digests file
+   (none)   - digests standard input
+*/
 int main (argc, argv)
-int argc;
-char *argv[];
+    int argc;
+    char *argv[];
 {
-  int i;
-
-  if (argc > 1)
- for (i = 1; i < argc; i++)
-   if (argv[i][0] == '-' && argv[i][1] == 's')
-     MDString (argv[i] + 2);
-   else if (strcmp (argv[i], "-t") == 0)
-     MDTimeTrial ();
-   else if (strcmp (argv[i], "-x") == 0)
-     MDTestSuite ();
-   else
-     MDFile (argv[i]);
-  else
- MDFilter ();
-
-  return (0);
+    int i;
+
+    if (argc > 1)
+        for (i = 1; i < argc; i++)
+            if (argv[i][0] == '-' && argv[i][1] == 's')
+                MDString (argv[i] + 2);
+            else if (strcmp (argv[i], "-t") == 0)
+                MDTimeTrial ();
+            else if (strcmp (argv[i], "-x") == 0)
+                MDTestSuite ();
+            else
+                MDFile (argv[i]);
+    else
+        MDFilter ();
+
+    return (0);
 }
 
 /* Digests a string and prints the result.
  */
 static void MDString (string)
-char *string;
+    char *string;
 {
-  MD_CTX context;
-  unsigned int len = strlen (string);
+    MD_CTX context;
+    unsigned int len = strlen (string);
 
-  MDInit (&context);
-  MDUpdate (&context, (unsigned char *) string, len);
-  MDFinal (&context);
+    MDInit (&context);
+    MDUpdate (&context, (unsigned char *) string, len);
+    MDFinal (&context);
 
-  printf ("MD%d (\"%s\") = ", MD, string);
-  MDPrint (context.digest);
-  printf ("\n");
+    printf ("MD%d (\"%s\") = ", MD, string);
+    MDPrint (context.digest);
+    printf ("\n");
 }
 
 /* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
-  blocks.
- */
+   blocks.
+*/
 static void MDTimeTrial ()
 {
-  MD_CTX context;
-  time_t endTime, startTime;
-  unsigned char block[TEST_BLOCK_LEN];
-  unsigned int i;
-
-  printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
-  TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
-
-  /* Initialize block */
-  for (i = 0; i < TEST_BLOCK_LEN; i++)
- block[i] = (unsigned char)(i & 0xff);
-
-  /* Start timer */
-  time (&startTime);
-
-  /* Digest blocks */
-  MDInit (&context);
-  for (i = 0; i < TEST_BLOCK_COUNT; i++)
-      MDUpdate (&context, block, TEST_BLOCK_LEN);
-  MDFinal (&context);
-
-  /* Stop timer */
-  time (&endTime);
-
-  printf (" done\n");
-  printf ("Digest = ");
-  MDPrint (context.digest);
-  printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
-  printf
- ("Speed = %ld bytes/second\n",
-  (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
+    MD_CTX context;
+    time_t endTime, startTime;
+    unsigned char block[TEST_BLOCK_LEN];
+    unsigned int i;
+
+    printf("MD%d time trial. Digesting %d %d-byte blocks ...", MD,
+           TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
+
+    /* Initialize block */
+    for (i = 0; i < TEST_BLOCK_LEN; i++)
+        block[i] = (unsigned char)(i & 0xff);
+
+    /* Start timer */
+    time (&startTime);
+
+    /* Digest blocks */
+    MDInit (&context);
+    for (i = 0; i < TEST_BLOCK_COUNT; i++)
+        MDUpdate (&context, block, TEST_BLOCK_LEN);
+    MDFinal (&context);
+
+    /* Stop timer */
+    time (&endTime);
+
+    printf (" done\n");
+    printf ("Digest = ");
+    MDPrint (context.digest);
+    printf ("\nTime = %ld seconds\n", (long)(endTime-startTime));
+    printf
+        ("Speed = %ld bytes/second\n",
+         (long)TEST_BLOCK_LEN * (long)TEST_BLOCK_COUNT/(endTime-startTime));
 }
 
 /* Digests a reference suite of strings and prints the results.
@@ -221,37 +222,37 @@ static void MDTestSuite ()
 #ifdef HAVE_TEST_SUITE
     MD_CTX context;
     struct md_test_entry *entry;
-    int	i, num_tests = 0, num_failed = 0;
+    int i, num_tests = 0, num_failed = 0;
 
     printf ("MD%d test suite:\n\n", MD);
     for (entry = md_test_suite; entry->string; entry++) {
-	unsigned int len = strlen (entry->string);
-
-	MDInit (&context);
-	MDUpdate (&context, (unsigned char *) entry->string, len);
-	MDFinal (&context);
-
-	printf ("MD%d (\"%s\") = ", MD, entry->string);
-	MDPrint (context.digest);
-	printf ("\n");
-	for (i=0; i < 16; i++) {
-	    if (context.digest[i] != entry->digest[i]) {
-		printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ",
-		       MD);
-		MDPrint(entry->digest);
-		printf("\n");
-		num_failed++;
-	    }
-	}
-	num_tests++;
+        unsigned int len = strlen (entry->string);
+
+        MDInit (&context);
+        MDUpdate (&context, (unsigned char *) entry->string, len);
+        MDFinal (&context);
+
+        printf ("MD%d (\"%s\") = ", MD, entry->string);
+        MDPrint (context.digest);
+        printf ("\n");
+        for (i=0; i < 16; i++) {
+            if (context.digest[i] != entry->digest[i]) {
+                printf("\tIncorrect MD%d digest!  Should have been:\n\t\t ",
+                       MD);
+                MDPrint(entry->digest);
+                printf("\n");
+                num_failed++;
+            }
+        }
+        num_tests++;
     }
     if (num_failed) {
-	printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
-	       num_tests, MD);
-	exit(1);
+        printf("%d out of %d tests failed for MD%d!!!\n", num_failed,
+               num_tests, MD);
+        exit(1);
     } else {
-	printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
-	exit(0);
+        printf ("%d tests passed successfully for MD%d.\n", num_tests, MD);
+        exit(0);
     }
 #else
 
@@ -262,9 +263,9 @@ static void MDTestSuite ()
     MDString ("message digest");
     MDString ("abcdefghijklmnopqrstuvwxyz");
     MDString
-	("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
+        ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789");
     MDString
-	("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
+        ("12345678901234567890123456789012345678901234567890123456789012345678901234567890");
 #endif
 }
 
@@ -279,18 +280,18 @@ static void MDFile (filename)
     unsigned char buffer[1024];
 
     if ((file = fopen (filename, "rb")) == NULL)
-	printf ("%s can't be opened\n", filename);
+        printf ("%s can't be opened\n", filename);
     else {
-	MDInit (&context);
-	while ((len = fread (buffer, 1, 1024, file)) != 0)
-	    MDUpdate (&context, buffer, len);
-	MDFinal (&context);
+        MDInit (&context);
+        while ((len = fread (buffer, 1, 1024, file)) != 0)
+            MDUpdate (&context, buffer, len);
+        MDFinal (&context);
 
-	fclose (file);
+        fclose (file);
 
-	printf ("MD%d (%s) = ", MD, filename);
-	MDPrint (context.digest);
-	printf ("\n");
+        printf ("MD%d (%s) = ", MD, filename);
+        MDPrint (context.digest);
+        printf ("\n");
     }
 }
 
@@ -298,26 +299,26 @@ static void MDFile (filename)
  */
 static void MDFilter ()
 {
-  MD_CTX context;
-  int len;
-  unsigned char buffer[16];
+    MD_CTX context;
+    int len;
+    unsigned char buffer[16];
 
-  MDInit (&context);
-  while ((len = fread (buffer, 1, 16, stdin)) != 0)
-    MDUpdate (&context, buffer, len);
-  MDFinal (&context);
+    MDInit (&context);
+    while ((len = fread (buffer, 1, 16, stdin)) != 0)
+        MDUpdate (&context, buffer, len);
+    MDFinal (&context);
 
-  MDPrint (context.digest);
-  printf ("\n");
+    MDPrint (context.digest);
+    printf ("\n");
 }
 
 /* Prints a message digest in hexadecimal.
  */
 static void MDPrint (digest)
-unsigned char digest[16];
+    unsigned char digest[16];
 {
-  unsigned int i;
+    unsigned int i;
 
-  for (i = 0; i < 16; i++)
- printf ("%02x", digest[i]);
+    for (i = 0; i < 16; i++)
+        printf ("%02x", digest[i]);
 }
diff --git a/src/lib/crypto/crypto_tests/t_nfold.c b/src/lib/crypto/crypto_tests/t_nfold.c
index 27a5760..2536133 100644
--- a/src/lib/crypto/crypto_tests/t_nfold.c
+++ b/src/lib/crypto/crypto_tests/t_nfold.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_nfold.c
  *
@@ -26,8 +27,8 @@
  *
  * Program to test the correctness of nfold implementation.
  *
- * exit returns	 0 ==> success
- * 		-1 ==> error
+ * exit returns  0 ==> success
+ *              -1 ==> error
  */
 
 #include <stdio.h>
@@ -41,7 +42,7 @@
 static void printhex (size_t len, const unsigned char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const unsigned char *p) {
@@ -52,48 +53,48 @@ static void rfc_tests ()
 {
     int i;
     struct {
-	char *input;
-	unsigned int n;
-	unsigned char exp[192/8];
+        char *input;
+        unsigned int n;
+        unsigned char exp[192/8];
     } tests[] = {
-	{ "012345", 64,
-	  { 0xbe,0x07,0x26,0x31,0x27,0x6b,0x19,0x55, }
-	},
-	{ "password", 56,
-	  { 0x78,0xa0,0x7b,0x6c,0xaf,0x85,0xfa, }
-	},
-	{ "Rough Consensus, and Running Code", 64,
-	  { 0xbb,0x6e,0xd3,0x08,0x70,0xb7,0xf0,0xe0, }
-	},
-	{ "password", 168,
-	  { 0x59,0xe4,0xa8,0xca,0x7c,0x03,0x85,0xc3,
-	    0xc3,0x7b,0x3f,0x6d,0x20,0x00,0x24,0x7c,
-	    0xb6,0xe6,0xbd,0x5b,0x3e, }
-	},
-	{ "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192,
-	  { 0xdb,0x3b,0x0d,0x8f,0x0b,0x06,0x1e,0x60,
-	    0x32,0x82,0xb3,0x08,0xa5,0x08,0x41,0x22,
-	    0x9a,0xd7,0x98,0xfa,0xb9,0x54,0x0c,0x1b, }
-	},
+        { "012345", 64,
+          { 0xbe,0x07,0x26,0x31,0x27,0x6b,0x19,0x55, }
+        },
+        { "password", 56,
+          { 0x78,0xa0,0x7b,0x6c,0xaf,0x85,0xfa, }
+        },
+        { "Rough Consensus, and Running Code", 64,
+          { 0xbb,0x6e,0xd3,0x08,0x70,0xb7,0xf0,0xe0, }
+        },
+        { "password", 168,
+          { 0x59,0xe4,0xa8,0xca,0x7c,0x03,0x85,0xc3,
+            0xc3,0x7b,0x3f,0x6d,0x20,0x00,0x24,0x7c,
+            0xb6,0xe6,0xbd,0x5b,0x3e, }
+        },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192,
+          { 0xdb,0x3b,0x0d,0x8f,0x0b,0x06,0x1e,0x60,
+            0x32,0x82,0xb3,0x08,0xa5,0x08,0x41,0x22,
+            0x9a,0xd7,0x98,0xfa,0xb9,0x54,0x0c,0x1b, }
+        },
     };
     unsigned char outbuf[192/8];
 
     printf ("RFC tests:\n");
     for (i = 0; i < ASIZE (tests); i++) {
-	unsigned char *p = (unsigned char *) tests[i].input;
-	assert (tests[i].n / 8 <= sizeof (outbuf));
-	krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
-	printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
-	printf ("%d-fold(", tests[i].n);
-	printstringhex (p);
-	printf (") =\n\t");
-	printhex (tests[i].n / 8, outbuf);
-	printf ("\n\n");
-	if (memcmp (outbuf, tests[i].exp, tests[i].n/8) != 0) {
-	    printf ("wrong value! expected:\n\t");
-	    printhex (tests[i].n / 8, tests[i].exp);
-	    exit (1);
-	}
+        unsigned char *p = (unsigned char *) tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        krb5int_nfold (8 * strlen ((char *) p), p, tests[i].n, outbuf);
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        printhex (tests[i].n / 8, outbuf);
+        printf ("\n\n");
+        if (memcmp (outbuf, tests[i].exp, tests[i].n/8) != 0) {
+            printf ("wrong value! expected:\n\t");
+            printhex (tests[i].n / 8, tests[i].exp);
+            exit (1);
+        }
     }
 }
 
@@ -103,12 +104,12 @@ static void fold_kerberos(unsigned int nbytes)
     int j;
 
     if (nbytes > 300)
-	abort();
+        abort();
 
     printf("%d-fold(\"kerberos\") =\n\t", nbytes*8);
     krb5int_nfold(64, (unsigned char *) "kerberos", 8*nbytes, cipher_text);
     for (j=0; j<nbytes; j++)
-	printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+        printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
     printf("\n");
 }
 
@@ -131,26 +132,26 @@ unsigned char nfold_192[4][24] = {
 
 int
 main(argc, argv)
-     int argc;
-     char *argv[];
+    int argc;
+    char *argv[];
 {
     unsigned char cipher_text[64];
     int i, j;
 
     printf("N-fold\n");
     for (i=0; i<sizeof(nfold_in)/sizeof(char *); i++) {
-	printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
-	       nfold_in[i]);
-	printf("\t192-Fold:\t");
-	krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
-		   cipher_text);
-	for (j=0; j<24; j++)
-	    printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
-	printf("\n");
-	if (memcmp(cipher_text, nfold_192[i], 24)) {
-	    printf("verify: error in n-fold\n");
-	    exit(-1);
-	};
+        printf("\tInput:\t\"%.*s\"\n", (int) strlen((char *) nfold_in[i]),
+               nfold_in[i]);
+        printf("\t192-Fold:\t");
+        krb5int_nfold(strlen((char *) nfold_in[i])*8, nfold_in[i], 24*8,
+                      cipher_text);
+        for (j=0; j<24; j++)
+            printf("%s%02x", (j&3) ? "" : " ", cipher_text[j]);
+        printf("\n");
+        if (memcmp(cipher_text, nfold_192[i], 24)) {
+            printf("verify: error in n-fold\n");
+            exit(-1);
+        };
     }
     rfc_tests ();
 
diff --git a/src/lib/crypto/crypto_tests/t_pkcs5.c b/src/lib/crypto/crypto_tests/t_pkcs5.c
index 2d58b50..34d884f 100644
--- a/src/lib/crypto/crypto_tests/t_pkcs5.c
+++ b/src/lib/crypto/crypto_tests/t_pkcs5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_pkcs5.c
  *
@@ -37,7 +38,7 @@
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf (" %02X", 0xff & *p++);
+        printf (" %02X", 0xff & *p++);
 }
 
 static void printdata (krb5_data *d) {
@@ -53,20 +54,20 @@ static void test_pbkdf2_rfc3211()
 
     /* RFC 3211 test cases.  */
     static const struct {
-	const char *pass;
-	const char *salt;
-	unsigned int count;
-	size_t len;
-	const unsigned char expected[24];
+        const char *pass;
+        const char *salt;
+        unsigned int count;
+        size_t len;
+        const unsigned char expected[24];
     } t[] = {
-	{ "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 5, 8,
-	  { 0xD1, 0xDA, 0xA7, 0x86, 0x15, 0xF2, 0x87, 0xE6 } },
-	{ "All n-entities must communicate with other "
-	  "n-entities via n-1 entiteeheehees",
-	  "\x12\x34\x56\x78\x78\x56\x34\x12", 500, 24,
-	  { 0x6A, 0x89, 0x70, 0xBF, 0x68, 0xC9, 0x2C, 0xAE,
-	    0xA8, 0x4A, 0x8D, 0xF2, 0x85, 0x10, 0x85, 0x86,
-	    0x07, 0x12, 0x63, 0x80, 0xCC, 0x47, 0xAB, 0x2D } },
+        { "password", "\x12\x34\x56\x78\x78\x56\x34\x12", 5, 8,
+          { 0xD1, 0xDA, 0xA7, 0x86, 0x15, 0xF2, 0x87, 0xE6 } },
+        { "All n-entities must communicate with other "
+          "n-entities via n-1 entiteeheehees",
+          "\x12\x34\x56\x78\x78\x56\x34\x12", 500, 24,
+          { 0x6A, 0x89, 0x70, 0xBF, 0x68, 0xC9, 0x2C, 0xAE,
+            0xA8, 0x4A, 0x8D, 0xF2, 0x85, 0x10, 0x85, 0x86,
+            0x07, 0x12, 0x63, 0x80, 0xCC, 0x47, 0xAB, 0x2D } },
     };
 
     d.data = x;
@@ -74,27 +75,27 @@ static void test_pbkdf2_rfc3211()
 
     for (i = 0; i < sizeof(t)/sizeof(t[0]); i++) {
 
-	printf("pkbdf2(iter_count=%d, dklen=%d (%d bytes), salt=12 34 56 78 78 56 34 12,\n"
-	       "       pass=%s):\n  ->",
-	       t[i].count, t[i].len * 8, t[i].len, t[i].pass);
+        printf("pkbdf2(iter_count=%d, dklen=%d (%d bytes), salt=12 34 56 78 78 56 34 12,\n"
+               "       pass=%s):\n  ->",
+               t[i].count, t[i].len * 8, t[i].len, t[i].pass);
 
-	d.length = t[i].len;
-	pass.data = t[i].pass;
-	pass.length = strlen(pass.data);
-	salt.data = t[i].salt;
-	salt.length = strlen(salt.data);
-	err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
-	if (err) {
-	    printf("error in computing pbkdf2: %s\n", error_message(err));
-	    exit(1);
-	}
-	printdata(&d);
-	if (!memcmp(x, t[i].expected, t[i].len))
-	    printf("\nTest passed.\n\n");
-	else {
-	    printf("\n*** CHECK FAILED!\n");
-	    exit(1);
-	}
+        d.length = t[i].len;
+        pass.data = t[i].pass;
+        pass.length = strlen(pass.data);
+        salt.data = t[i].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, t[i].count, &pass, &salt);
+        if (err) {
+            printf("error in computing pbkdf2: %s\n", error_message(err));
+            exit(1);
+        }
+        printdata(&d);
+        if (!memcmp(x, t[i].expected, t[i].len))
+            printf("\nTest passed.\n\n");
+        else {
+            printf("\n*** CHECK FAILED!\n");
+            exit(1);
+        }
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c
index c8825d0..6336d86 100644
--- a/src/lib/crypto/crypto_tests/t_prf.c
+++ b/src/lib/crypto/crypto_tests/t_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_prf.c
  *
@@ -37,55 +38,55 @@
 #include <assert.h>
 
 int main () {
-  krb5_data input, output;
-  krb5_keyblock *key = NULL;
-  unsigned int in_length;
-  unsigned int i;
-  size_t prfsz;
+    krb5_data input, output;
+    krb5_keyblock *key = NULL;
+    unsigned int in_length;
+    unsigned int i;
+    size_t prfsz;
 
-  while (1) {
-      krb5_enctype enctype;
-      char s[1025];
+    while (1) {
+        krb5_enctype enctype;
+        char s[1025];
 
-      if (scanf( "%d", &enctype) == EOF)
-	  break;
-      if (scanf("%1024s", &s[0]) == EOF)
-	  break;
-      assert (krb5_init_keyblock(0, enctype, 0, &key) == 0);
-      input.data = &s[0];
-      input.length = strlen(s);
-      assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
+        if (scanf( "%d", &enctype) == EOF)
+            break;
+        if (scanf("%1024s", &s[0]) == EOF)
+            break;
+        assert (krb5_init_keyblock(0, enctype, 0, &key) == 0);
+        input.data = &s[0];
+        input.length = strlen(s);
+        assert(krb5_c_string_to_key (0, enctype, &input, &input, key) == 0);
 
-      if (scanf("%u", &in_length) == EOF)
-	  break;
+        if (scanf("%u", &in_length) == EOF)
+            break;
 
-      if (in_length ) {
-	  unsigned int lc;
-	  assert ((input.data = malloc(in_length)) != NULL);
-	  for (lc = in_length; lc > 0; lc--) {
-	      scanf ("%2x",  &i);
-	      input.data[in_length-lc] = (unsigned) (i&0xff);
-	  }
-	  input.length = in_length;
-	  assert (krb5_c_prf_length(0, enctype, &prfsz) == 0);
-	  assert (output.data = malloc(prfsz));
-	  output.length = prfsz;
-	  assert (krb5_c_prf(0, key, &input, &output) == 0);
+        if (in_length ) {
+            unsigned int lc;
+            assert ((input.data = malloc(in_length)) != NULL);
+            for (lc = in_length; lc > 0; lc--) {
+                scanf ("%2x",  &i);
+                input.data[in_length-lc] = (unsigned) (i&0xff);
+            }
+            input.length = in_length;
+            assert (krb5_c_prf_length(0, enctype, &prfsz) == 0);
+            assert (output.data = malloc(prfsz));
+            output.length = prfsz;
+            assert (krb5_c_prf(0, key, &input, &output) == 0);
 
-	  free (input.data);
-	  input.data = NULL;
-      }
-      for (; prfsz > 0; prfsz--) {
-	  printf ("%02x",
-		  (unsigned int) ((unsigned char ) output.data[output.length-prfsz]));
-      }
-      printf ("\n");
+            free (input.data);
+            input.data = NULL;
+        }
+        for (; prfsz > 0; prfsz--) {
+            printf ("%02x",
+                    (unsigned int) ((unsigned char ) output.data[output.length-prfsz]));
+        }
+        printf ("\n");
 
-      free (output.data);
-      output.data = NULL;
-      krb5_free_keyblock(0, key);
-      key = NULL;
-  }
+        free (output.data);
+        output.data = NULL;
+        krb5_free_keyblock(0, key);
+        key = NULL;
+    }
 
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/crypto_tests/t_prng.c b/src/lib/crypto/crypto_tests/t_prng.c
index 2555e89..634667a 100644
--- a/src/lib/crypto/crypto_tests/t_prng.c
+++ b/src/lib/crypto/crypto_tests/t_prng.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/t_prng.c
  *
@@ -41,47 +42,47 @@
 #include <assert.h>
 
 int main () {
-  krb5_error_code ret;
-  krb5_data input, output;
-  unsigned int source_id, seed_length;
-  unsigned int i;
-  while (1) {
+    krb5_error_code ret;
+    krb5_data input, output;
+    unsigned int source_id, seed_length;
+    unsigned int i;
+    while (1) {
         /* Read source*/
-    if (scanf ("%u", &source_id ) == EOF )
-      break;
+        if (scanf ("%u", &source_id ) == EOF )
+            break;
         /* Read seed length*/
-    if (scanf ("%u", &seed_length) == EOF)
-      break;
-    if (seed_length ) {
-      unsigned int lc;
-      assert ((input.data = malloc(seed_length)) != NULL);
-      for (lc = seed_length; lc > 0; lc--) {
-	scanf ("%2x",  &i);
-	input.data[seed_length-lc] = (unsigned) (i&0xff);
-      }
-      input.length = seed_length;
-      assert (krb5_c_random_add_entropy (0, source_id, &input) == 0);
-      free (input.data);
-      input.data = NULL;
+        if (scanf ("%u", &seed_length) == EOF)
+            break;
+        if (seed_length ) {
+            unsigned int lc;
+            assert ((input.data = malloc(seed_length)) != NULL);
+            for (lc = seed_length; lc > 0; lc--) {
+                scanf ("%2x",  &i);
+                input.data[seed_length-lc] = (unsigned) (i&0xff);
+            }
+            input.length = seed_length;
+            assert (krb5_c_random_add_entropy (0, source_id, &input) == 0);
+            free (input.data);
+            input.data = NULL;
+        }
+        if (scanf ("%u", &i) == EOF)
+            break;
+        if (i) {
+            assert ((output.data = malloc (i)) != NULL);
+            output.length = i;
+            ret = krb5_c_random_make_octets (0, &output);
+            if (ret)
+                printf ("failed\n");
+            else {
+                for (; i > 0; i--) {
+                    printf ("%02x",
+                            (unsigned int) ((unsigned char ) output.data[output.length-i]));
+                }
+                printf ("\n");
+            }
+            free (output.data);
+            output.data = NULL;
+        }
     }
-    if (scanf ("%u", &i) == EOF)
-      break;
-    if (i) {
-      assert ((output.data = malloc (i)) != NULL);
-      output.length = i;
-      ret = krb5_c_random_make_octets (0, &output);
-      if (ret)
-	printf ("failed\n");
-      else {
-	for (; i > 0; i--) {
-	  printf ("%02x",
-		  (unsigned int) ((unsigned char ) output.data[output.length-i]));
-	}
-	printf ("\n");
-      }
-      free (output.data);
-      output.data = NULL;
-    }
-  }
-  return (0);
+    return (0);
 }
diff --git a/src/lib/crypto/crypto_tests/vectors.c b/src/lib/crypto/crypto_tests/vectors.c
index a6301ed..a6f1bbe 100644
--- a/src/lib/crypto/crypto_tests/vectors.c
+++ b/src/lib/crypto/crypto_tests/vectors.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/vectors.c
  *
@@ -45,7 +46,7 @@ const char *whoami;
 static void printhex (size_t len, const char *p)
 {
     while (len--)
-	printf ("%02x", 0xff & *p++);
+        printf ("%02x", 0xff & *p++);
 }
 
 static void printstringhex (const char *p) { printhex (strlen (p), p); }
@@ -58,29 +59,29 @@ static void test_nfold ()
 {
     int i;
     static const struct {
-	char *input;
-	int n;
+        char *input;
+        int n;
     } tests[] = {
-	{ "012345", 64, },
-	{ "password", 56, },
-	{ "Rough Consensus, and Running Code", 64, },
-	{ "password", 168, },
-	{ "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 },
-	{ "Q", 168 },
-	{ "ba", 168 },
+        { "012345", 64, },
+        { "password", 56, },
+        { "Rough Consensus, and Running Code", 64, },
+        { "password", 168, },
+        { "MASSACHVSETTS INSTITVTE OF TECHNOLOGY", 192 },
+        { "Q", 168 },
+        { "ba", 168 },
     };
     unsigned char outbuf[192/8];
 
     for (i = 0; i < ASIZE (tests); i++) {
-	char *p = tests[i].input;
-	assert (tests[i].n / 8 <= sizeof (outbuf));
-	printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
-	printf ("%d-fold(", tests[i].n);
-	printstringhex (p);
-	printf (") =\n\t");
-	krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
-	printhex (tests[i].n / 8U, outbuf);
-	printf ("\n\n");
+        char *p = tests[i].input;
+        assert (tests[i].n / 8 <= sizeof (outbuf));
+        printf ("%d-fold(\"%s\") =\n", tests[i].n, p);
+        printf ("%d-fold(", tests[i].n);
+        printstringhex (p);
+        printf (") =\n\t");
+        krb5int_nfold (8 * strlen (p), p, tests[i].n, outbuf);
+        printhex (tests[i].n / 8U, outbuf);
+        printf ("\n\n");
     }
 }
 
@@ -89,57 +90,57 @@ static void test_nfold ()
 #define GCLEF  "\360\235\204\236" /* outside BMP, woo hoo!  */
 
 /* Some weak keys:
-    {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
-    {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
+   {0x1f,0x1f,0x1f,0x1f,0x0e,0x0e,0x0e,0x0e},
+   {0xe0,0xe0,0xe0,0xe0,0xf1,0xf1,0xf1,0xf1},
    so try to generate them. */
 
 static void
 test_mit_des_s2k ()
 {
     static const struct {
-	const char *pass;
-	const char *salt;
+        const char *pass;
+        const char *salt;
     } pairs[] = {
-	{ "password", "ATHENA.MIT.EDUraeburn" },
-	{ "potatoe", "WHITEHOUSE.GOVdanny" },
-	{ "penny", "EXAMPLE.COMbuckaroo", },
-	{ GCLEF, "EXAMPLE.COMpianist" },
-	{ ESZETT, "ATHENA.MIT.EDU" JURISIC },
-	/* These two trigger weak-key fixups.  */
-	{ "11119999", "AAAAAAAA" },
-	{ "NNNN6666", "FFFFAAAA" },
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { GCLEF, "EXAMPLE.COMpianist" },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        /* These two trigger weak-key fixups.  */
+        { "11119999", "AAAAAAAA" },
+        { "NNNN6666", "FFFFAAAA" },
     };
     int i;
 
     for (i = 0; i < ASIZE (pairs); i++) {
-	const char *p = pairs[i].pass;
-	const char *s = pairs[i].salt;
-	krb5_data pd;
-	krb5_data sd;
-	unsigned char key_contents[60];
-	krb5_keyblock key;
-	krb5_error_code r;
-	char buf[80];
-
-	key.contents = key_contents;
-
-	pd.length = strlen (p);
-	pd.data = (char *) p;
-	sd.length = strlen (s);
-	sd.data = (char *) s;
-
-	assert (strlen (s) + 4 < sizeof (buf));
-	snprintf (buf, sizeof (buf), "\"%s\"", s);
-	printf (  "salt:     %-25s", buf);
-	printhex (strlen(s), s);
-	snprintf (buf, sizeof (buf), "\"%s\"", p);
-	printf ("\npassword: %-25s", buf);
-	printhex (strlen(p), p);
-	printf ("\n");
-	r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
-	printf (  "DES key:  %-25s", "");
-	printhex (key.length, key.contents);
-	printf ("\n\n");
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd;
+        krb5_data sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        key.contents = key_contents;
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof (buf), "\"%s\"", s);
+        printf (  "salt:     %-25s", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof (buf), "\"%s\"", p);
+        printf ("\npassword: %-25s", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5int_des_string_to_key (0, &pd, &sd, 0, &key);
+        printf (  "DES key:  %-25s", "");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
     }
 }
 
@@ -147,44 +148,44 @@ static void
 test_s2k (krb5_enctype enctype)
 {
     static const struct {
-	const char *pass;
-	const char *salt;
+        const char *pass;
+        const char *salt;
     } pairs[] = {
-	{ "password", "ATHENA.MIT.EDUraeburn" },
-	{ "potatoe", "WHITEHOUSE.GOVdanny" },
-	{ "penny", "EXAMPLE.COMbuckaroo", },
-	{ ESZETT, "ATHENA.MIT.EDU" JURISIC },
-	{ GCLEF, "EXAMPLE.COMpianist" },
+        { "password", "ATHENA.MIT.EDUraeburn" },
+        { "potatoe", "WHITEHOUSE.GOVdanny" },
+        { "penny", "EXAMPLE.COMbuckaroo", },
+        { ESZETT, "ATHENA.MIT.EDU" JURISIC },
+        { GCLEF, "EXAMPLE.COMpianist" },
     };
     int i;
 
     for (i = 0; i < ASIZE (pairs); i++) {
-	const char *p = pairs[i].pass;
-	const char *s = pairs[i].salt;
-	krb5_data pd, sd;
-	unsigned char key_contents[60];
-	krb5_keyblock key;
-	krb5_error_code r;
-	char buf[80];
-
-	pd.length = strlen (p);
-	pd.data = (char *) p;
-	sd.length = strlen (s);
-	sd.data = (char *) s;
-	key.contents = key_contents;
-
-	assert (strlen (s) + 4 < sizeof (buf));
-	snprintf (buf, sizeof(buf), "\"%s\"", s);
-	printf (  "salt:\t%s\n\t", buf);
-	printhex (strlen(s), s);
-	snprintf (buf, sizeof(buf), "\"%s\"", p);
-	printf ("\npasswd:\t%s\n\t", buf);
-	printhex (strlen(p), p);
-	printf ("\n");
-	r = krb5_c_string_to_key (0, enctype, &pd, &sd, &key);
-	printf (  "key:\t");
-	printhex (key.length, key.contents);
-	printf ("\n\n");
+        const char *p = pairs[i].pass;
+        const char *s = pairs[i].salt;
+        krb5_data pd, sd;
+        unsigned char key_contents[60];
+        krb5_keyblock key;
+        krb5_error_code r;
+        char buf[80];
+
+        pd.length = strlen (p);
+        pd.data = (char *) p;
+        sd.length = strlen (s);
+        sd.data = (char *) s;
+        key.contents = key_contents;
+
+        assert (strlen (s) + 4 < sizeof (buf));
+        snprintf (buf, sizeof(buf), "\"%s\"", s);
+        printf (  "salt:\t%s\n\t", buf);
+        printhex (strlen(s), s);
+        snprintf (buf, sizeof(buf), "\"%s\"", p);
+        printf ("\npasswd:\t%s\n\t", buf);
+        printhex (strlen(p), p);
+        printf ("\n");
+        r = krb5_c_string_to_key (0, enctype, &pd, &sd, &key);
+        printf (  "key:\t");
+        printhex (key.length, key.contents);
+        printf ("\n\n");
     }
 }
 
@@ -199,9 +200,9 @@ keyToData (krb5_keyblock *k, krb5_data *d)
 
 void check_error (int r, int line) {
     if (r != 0) {
-	fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
-		 error_message (r));
-	exit (1);
+        fprintf (stderr, "%s:%d: %s\n", __FILE__, line,
+                 error_message (r));
+        exit (1);
     }
 }
 #define CHECK check_error(r, __LINE__)
@@ -228,114 +229,114 @@ void DR (krb5_data *out, krb5_keyblock *in, const krb5_data *usage) {
 void test_dr_dk ()
 {
     static const struct {
-	unsigned char keydata[KEYLENGTH];
-	int usage_len;
-	unsigned char usage[8];
+        unsigned char keydata[KEYLENGTH];
+        int usage_len;
+        unsigned char usage[8];
     } derive_tests[] = {
-	{
-	    {
-		0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1,
-		0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c,
-		0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57,
-		0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b,
-		0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85,
-		0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52,
-		0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad,
-		0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02,
-		0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38,
-		0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92,
-		0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb,
-	     },
-	    8, { 'k', 'e', 'r', 'b', 'e', 'r', 'o', 's' },
-	},
-	{
-	    {
-		0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3,
-		0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76,
-		0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e,
-	    },
-	    7, { 'c', 'o', 'm', 'b', 'i', 'n', 'e', },
-	},
-	{
-	    {
-		0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62,
-		0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d,
-		0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13,
-		0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79,
-		0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
-	{
-	    {
-		0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57,
-		0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1,
-		0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
-	},
-	{
-	    {
-		0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f,
-		0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4,
-		0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16,
-	    },
-	    5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
-	},
+        {
+            {
+                0xdc, 0xe0, 0x6b, 0x1f, 0x64, 0xc8, 0x57, 0xa1,
+                0x1c, 0x3d, 0xb5, 0x7c, 0x51, 0x89, 0x9b, 0x2c,
+                0xc1, 0x79, 0x10, 0x08, 0xce, 0x97, 0x3b, 0x92,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5e, 0x13, 0xd3, 0x1c, 0x70, 0xef, 0x76, 0x57,
+                0x46, 0x57, 0x85, 0x31, 0xcb, 0x51, 0xc1, 0x5b,
+                0xf1, 0x1c, 0xa8, 0x2c, 0x97, 0xce, 0xe9, 0xf2,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x98, 0xe6, 0xfd, 0x8a, 0x04, 0xa4, 0xb6, 0x85,
+                0x9b, 0x75, 0xa1, 0x76, 0x54, 0x0b, 0x97, 0x52,
+                0xba, 0xd3, 0xec, 0xd6, 0x10, 0xa2, 0x52, 0xbc,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x62, 0x2a, 0xec, 0x25, 0xa2, 0xfe, 0x2c, 0xad,
+                0x70, 0x94, 0x68, 0x0b, 0x7c, 0x64, 0x94, 0x02,
+                0x80, 0x08, 0x4c, 0x1a, 0x7c, 0xec, 0x92, 0xb5,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0xd3, 0xf8, 0x29, 0x8c, 0xcb, 0x16, 0x64, 0x38,
+                0xdc, 0xb9, 0xb9, 0x3e, 0xe5, 0xa7, 0x62, 0x92,
+                0x86, 0xa4, 0x91, 0xf8, 0x38, 0xf8, 0x02, 0xfb,
+            },
+            8, { 'k', 'e', 'r', 'b', 'e', 'r', 'o', 's' },
+        },
+        {
+            {
+                0xb5, 0x5e, 0x98, 0x34, 0x67, 0xe5, 0x51, 0xb3,
+                0xe5, 0xd0, 0xe5, 0xb6, 0xc8, 0x0d, 0x45, 0x76,
+                0x94, 0x23, 0xa8, 0x73, 0xdc, 0x62, 0xb3, 0x0e,
+            },
+            7, { 'c', 'o', 'm', 'b', 'i', 'n', 'e', },
+        },
+        {
+            {
+                0xc1, 0x08, 0x16, 0x49, 0xad, 0xa7, 0x43, 0x62,
+                0xe6, 0xa1, 0x45, 0x9d, 0x01, 0xdf, 0xd3, 0x0d,
+                0x67, 0xc2, 0x23, 0x4c, 0x94, 0x07, 0x04, 0xda,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x5d, 0x15, 0x4a, 0xf2, 0x38, 0xf4, 0x67, 0x13,
+                0x15, 0x57, 0x19, 0xd5, 0x5e, 0x2f, 0x1f, 0x79,
+                0x0d, 0xd6, 0x61, 0xf2, 0x79, 0xa7, 0x91, 0x7c,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
+        {
+            {
+                0x79, 0x85, 0x62, 0xe0, 0x49, 0x85, 0x2f, 0x57,
+                0xdc, 0x8c, 0x34, 0x3b, 0xa1, 0x7f, 0x2c, 0xa1,
+                0xd9, 0x73, 0x94, 0xef, 0xc8, 0xad, 0xc4, 0x43,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0x55 },
+        },
+        {
+            {
+                0x26, 0xdc, 0xe3, 0x34, 0xb5, 0x45, 0x29, 0x2f,
+                0x2f, 0xea, 0xb9, 0xa8, 0x70, 0x1a, 0x89, 0xa4,
+                0xb9, 0x9e, 0xb9, 0x94, 0x2c, 0xec, 0xd0, 0x16,
+            },
+            5, { 0x00, 0x00, 0x00, 0x01, 0xaa },
+        },
     };
     int i;
 
     for (i = 0; i < ASIZE(derive_tests); i++) {
 #define D (derive_tests[i])
-	krb5_keyblock key;
-	krb5_data usage;
-
-	unsigned char drData[KEYBYTES];
-	krb5_data dr;
-	unsigned char dkData[KEYLENGTH];
-	krb5_keyblock dk;
-
-	key.length = KEYLENGTH, key.contents = D.keydata;
-	usage.length = D.usage_len, usage.data = D.usage;
-	dr.length = KEYBYTES, dr.data = drData;
-	dk.length = KEYLENGTH, dk.contents = dkData;
-
-	printf ("key:\t"); printkey (&key); printf ("\n");
-	printf ("usage:\t"); printdata (&usage); printf ("\n");
-	DR (&dr, &key, &usage);
-	printf ("DR:\t"); printdata (&dr); printf ("\n");
-	DK (&dk, &key, &usage);
-	printf ("DK:\t"); printkey (&dk); printf ("\n\n");
+        krb5_keyblock key;
+        krb5_data usage;
+
+        unsigned char drData[KEYBYTES];
+        krb5_data dr;
+        unsigned char dkData[KEYLENGTH];
+        krb5_keyblock dk;
+
+        key.length = KEYLENGTH, key.contents = D.keydata;
+        usage.length = D.usage_len, usage.data = D.usage;
+        dr.length = KEYBYTES, dr.data = drData;
+        dk.length = KEYLENGTH, dk.contents = dkData;
+
+        printf ("key:\t"); printkey (&key); printf ("\n");
+        printf ("usage:\t"); printdata (&usage); printf ("\n");
+        DR (&dr, &key, &usage);
+        printf ("DR:\t"); printdata (&dr); printf ("\n");
+        DK (&dk, &key, &usage);
+        printf ("DK:\t"); printkey (&dk); printf ("\n\n");
     }
 }
 
@@ -347,16 +348,16 @@ static void printd (const char *descr, krb5_data *d) {
     printf("%s:", descr);
 
     for (i = 0; i < d->length; i += r) {
-	printf("\n  %04x: ", i);
-	for (j = i; j < i + r && j < d->length; j++)
-	    printf(" %02x", 0xff & d->data[j]);
-	for (; j < i + r; j++)
-	    printf("   ");
-	printf("   ");
-	for (j = i; j < i + r && j < d->length; j++) {
-	    int c = 0xff & d->data[j];
-	    printf("%c", isprint(c) ? c : '.');
-	}
+        printf("\n  %04x: ", i);
+        for (j = i; j < i + r && j < d->length; j++)
+            printf(" %02x", 0xff & d->data[j]);
+        for (; j < i + r; j++)
+            printf("   ");
+        printf("   ");
+        for (j = i; j < i + r && j < d->length; j++) {
+            int c = 0xff & d->data[j];
+            printf("%c", isprint(c) ? c : '.');
+        }
     }
     printf("\n");
 }
@@ -372,21 +373,21 @@ static void
 test_pbkdf2()
 {
     static struct {
-	int count;
-	char *pass;
-	char *salt;
+        int count;
+        char *pass;
+        char *salt;
     } test[] = {
-	{ 1, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 2, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 1200, "password", "ATHENA.MIT.EDUraeburn" },
-	{ 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" },
-	{ 1200,
-	  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	  "pass phrase equals block size" },
-	{ 1200,
-	  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
-	  "pass phrase exceeds block size" },
-	{ 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" },
+        { 1, "password", "ATHENA.MIT.EDUraeburn" },
+        { 2, "password", "ATHENA.MIT.EDUraeburn" },
+        { 1200, "password", "ATHENA.MIT.EDUraeburn" },
+        { 5, "password", "\x12\x34\x56\x78\x78\x56\x34\x12" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase equals block size" },
+        { 1200,
+          "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+          "pass phrase exceeds block size" },
+        { 50, "\xf0\x9d\x84\x9e", "EXAMPLE.COMpianist" },
     };
     unsigned char x[100];
     unsigned char x2[100];
@@ -403,43 +404,43 @@ test_pbkdf2()
     usage.length = 8;
 
     for (j = 0; j < sizeof(test)/sizeof(test[0]); j++) {
-	printf("pkbdf2(count=%d, pass=\"%s\", salt=",
-	       test[j].count, test[j].pass);
-	if (isprint(test[j].salt[0]))
-	    printf("\"%s\")\n", test[j].salt);
-	else {
-	    char *s = test[j].salt;
-	    printf("0x");
-	    while (*s)
-		printf("%02X", 0xff & *s++);
-	    printf(")\n");
-	}
-
-	d.length = 16;
-	pass.data = test[j].pass;
-	pass.length = strlen(pass.data);
-	salt.data = test[j].salt;
-	salt.length = strlen(salt.data);
-	err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
-	printd("128-bit PBKDF2 output", &d);
-	enc = &krb5int_enc_aes128;
-	k.contents = d.data;
-	k.length = d.length;
-	dk.length = d.length;
-	DK (&dk, &k, &usage);
-	printk("128-bit AES key",&dk);
-
-	d.length = 32;
-	err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
-	printd("256-bit PBKDF2 output", &d);
-	enc = &krb5int_enc_aes256;
-	k.contents = d.data;
-	k.length = d.length;
-	dk.length = d.length;
-	DK (&dk, &k, &usage);
-	printk("256-bit AES key", &dk);
-
-	printf("\n");
+        printf("pkbdf2(count=%d, pass=\"%s\", salt=",
+               test[j].count, test[j].pass);
+        if (isprint(test[j].salt[0]))
+            printf("\"%s\")\n", test[j].salt);
+        else {
+            char *s = test[j].salt;
+            printf("0x");
+            while (*s)
+                printf("%02X", 0xff & *s++);
+            printf(")\n");
+        }
+
+        d.length = 16;
+        pass.data = test[j].pass;
+        pass.length = strlen(pass.data);
+        salt.data = test[j].salt;
+        salt.length = strlen(salt.data);
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("128-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes128;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("128-bit AES key",&dk);
+
+        d.length = 32;
+        err = krb5int_pbkdf2_hmac_sha1 (&d, test[j].count, &pass, &salt);
+        printd("256-bit PBKDF2 output", &d);
+        enc = &krb5int_enc_aes256;
+        k.contents = d.data;
+        k.length = d.length;
+        dk.length = d.length;
+        DK (&dk, &k, &usage);
+        printk("256-bit AES key", &dk);
+
+        printf("\n");
     }
 }
 
diff --git a/src/lib/crypto/crypto_tests/ytest.c b/src/lib/crypto/crypto_tests/ytest.c
index 82e2eba..5b9ffaf 100644
--- a/src/lib/crypto/crypto_tests/ytest.c
+++ b/src/lib/crypto/crypto_tests/ytest.c
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Yarrow - Cryptographic Pseudo-Random Number Generator
  * Copyright (c) 2000 Zero-Knowledge Systems, Inc.
@@ -24,14 +24,14 @@ static void print_yarrow_status( Yarrow_CTX *y )
 
     for ( pool = 0; pool < 2; pool++ )
     {
-	printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
-	for ( sid = 0; sid < y->num_sources; sid++ )
-	{
-	    source = &y->source[ sid ];
-	    printf( "#%d=%d/%d, ", sid, source->entropy[pool],
-		    pool == YARROW_SLOW_POOL ?
-		    y->slow_thresh : y->fast_thresh );
-	}
+        printf( " %s: ", pool == YARROW_SLOW_POOL ? "slow" : "fast" );
+        for ( sid = 0; sid < y->num_sources; sid++ )
+        {
+            source = &y->source[ sid ];
+            printf( "#%d=%d/%d, ", sid, source->entropy[pool],
+                    pool == YARROW_SLOW_POOL ?
+                    y->slow_thresh : y->fast_thresh );
+        }
     }
     printf( "\n" );
 }
@@ -40,13 +40,13 @@ int yarrow_verbose = 0;
 #define VERBOSE( x ) if ( yarrow_verbose ) { x }
 
 int Instrumented_krb5int_yarrow_input( Yarrow_CTX* y, int sid, void* sample,
-			       size_t size, int entropy )
+                                       size_t size, int entropy )
 {
     int ret;
 
     VERBOSE( printf( "krb5int_yarrow_input( #%d, %d bits, %s ) = [", sid, entropy,
-		     y->source[sid].pool ==
-		     YARROW_SLOW_POOL ? "slow" : "fast" ); );
+                     y->source[sid].pool ==
+                     YARROW_SLOW_POOL ? "slow" : "fast" ); );
     ret = krb5int_yarrow_input( y, sid, sample, size, entropy );
 
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
@@ -79,7 +79,7 @@ int do_test( int t )
     printf( "[%s]\n", krb5int_yarrow_str_error( ret ) ); fflush( stdout );
     THROW( ret );
 
- CATCH:
+CATCH:
     THROW( EXCEP_BOOL );
     EXCEP_RET;
 }
@@ -98,48 +98,48 @@ int main( int argc, char* argv[] )
 
     for ( argvp = argv+1, i = 1; i < argc; i++, argvp++ )
     {
-	arg = *argvp;
-	if ( arg[0] == '-' )
-	{
-	    switch ( arg[1] )
-	    {
-	    case 'v': yarrow_verbose = 1; continue;
-	    default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-		THROW( YARROW_FAIL );
-	    }
-	}
-	conv_ok = NULL;
-	test = strtoul( arg, &conv_ok, 10 );
-	if ( !conv_ok || test < 1 || test > num_tests )
-	{
-	    fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
-	    THROW( YARROW_FAIL );
-	}
-	else
-	{
-	    ret = do_test( test );
-	    if ( ok ) { ok = ret; }
-	    done_some_tests = 1;
-	}
+        arg = *argvp;
+        if ( arg[0] == '-' )
+        {
+            switch ( arg[1] )
+            {
+            case 'v': yarrow_verbose = 1; continue;
+            default: fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
+                THROW( YARROW_FAIL );
+            }
+        }
+        conv_ok = NULL;
+        test = strtoul( arg, &conv_ok, 10 );
+        if ( !conv_ok || test < 1 || test > num_tests )
+        {
+            fprintf( stderr, "usage: test [-v] [[test] ... ]\n" );
+            THROW( YARROW_FAIL );
+        }
+        else
+        {
+            ret = do_test( test );
+            if ( ok ) { ok = ret; }
+            done_some_tests = 1;
+        }
     }
 
     if ( !done_some_tests )
     {
-	for ( i = 1; i <= num_tests; i++ )
-	{
-	    ret = do_test( i );
-	    if ( ok ) { ok = ret; }
-	}
+        for ( i = 1; i <= num_tests; i++ )
+        {
+            ret = do_test( i );
+            if ( ok ) { ok = ret; }
+        }
     }
     THROW( ok );
 
- CATCH:
+CATCH:
     switch (EXCEPTION)
     {
     case YARROW_OK:
-	exit (EXIT_SUCCESS);
+        exit (EXIT_SUCCESS);
     default:
-	exit (EXIT_FAILURE);
+        exit (EXIT_FAILURE);
     }
 }
 
@@ -157,7 +157,7 @@ int test_1( void )
     VERBOSE( printf( "\nunknown hash function\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -178,7 +178,7 @@ int test_2( void )
     VERBOSE( printf( "\nunknown encryption function\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -194,7 +194,7 @@ int test_3( void )
     VERBOSE( printf( "\nkrb5int_yarrow_stretch\n\n" ); );
     THROW( YARROW_NOT_IMPL );
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -217,7 +217,7 @@ int test_4( void )
 
     VERBOSE( printf( "\nGeneral workout test\n\n" ); )
 
-    VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
+        VERBOSE( printf( "krb5int_yarrow_init() = [" ); );
     ret = krb5int_yarrow_init( &yarrow, YARROW_SEED_FILE );
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
 
@@ -230,7 +230,7 @@ int test_4( void )
 
     ret = krb5int_yarrow_new_source( &yarrow, &user );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
     VERBOSE( printf( "Yarrow_Poll( #%d ) = [", user ); );
@@ -239,12 +239,12 @@ int test_4( void )
 
     ret = krb5int_yarrow_new_source( &yarrow, &mouse );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
     ret = krb5int_yarrow_new_source( &yarrow, &keyboard );
     VERBOSE( printf( "krb5int_yarrow_new_source() = [%s]\n",
-		     krb5int_yarrow_str_error( ret ) ); );
+                     krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK ) { THROW( ret ); }
 
 /*  prematurely try to draw output, to check failure when no
@@ -261,14 +261,14 @@ int test_4( void )
 
     for ( i = 0; i < 2; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-					sizeof( mouse_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
+                                                sizeof( mouse_sample ), 2 ) );
 
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
-					sizeof( keyboard_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, keyboard, keyboard_sample,
+                                                sizeof( keyboard_sample ), 2 ) );
 
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-					sizeof( user_sample ), 2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
+                                                sizeof( user_sample ), 2 ) );
     }
 
 #if defined( YARROW_DEBUG )
@@ -276,38 +276,38 @@ int test_4( void )
 #endif
 
     VERBOSE( printf( "\nInduce user source (#%d) to reach "
-		     "slow threshold\n\n", user ); );
+                     "slow threshold\n\n", user ); );
 
     /* induce fast reseed */
 
     for ( i = 0; i < 7; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
-					sizeof( user_sample ),
-					sizeof( user_sample ) * 3 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, user_sample,
+                                                sizeof( user_sample ),
+                                                sizeof( user_sample ) * 3 ) );
     }
 
     VERBOSE( printf( "\nInduce mouse source (#%d) to reach "
-		     "slow threshold reseed\n\n", mouse ); );
+                     "slow threshold reseed\n\n", mouse ); );
 
     /* induce slow reseed, by triggering a second source to reach it's
        threshold */
 
     for ( i = 0; i < 40; i++ )
     {
-	TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
-					sizeof( mouse_sample ),
-					sizeof( mouse_sample )*2 ) );
+        TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, mouse_sample,
+                                                sizeof( mouse_sample ),
+                                                sizeof( mouse_sample )*2 ) );
     }
 
     VERBOSE( printf( "\nProduce some output\n\n" ); );
 
     for ( i = 0; i < 30; i++ )
     {
-	VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
-	ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
-	VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-	if ( ret != YARROW_OK ) { THROW( ret );	}
+        VERBOSE( printf( "krb5int_yarrow_output( %d ) = [", sizeof( junk ) ); );
+        ret = krb5int_yarrow_output( &yarrow, junk, sizeof( junk ) );
+        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
+        if ( ret != YARROW_OK ) { THROW( ret ); }
     }
 
     memset( junk, 0, sizeof( junk ) );
@@ -316,20 +316,20 @@ int test_4( void )
 
     for ( i = 0; i < 30; i++ )
     {
-	/* odd input to a different source so there are some slow reseeds */
-
-	if ( i % 16 == 0 )
-	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
-					    sizeof( junk ),
-					    sizeof( junk ) * 3 ) );
-	}
-	else
-	{
-	    TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
-					    sizeof( junk ),
-					    sizeof( junk ) * 3 ) );
-	}
+        /* odd input to a different source so there are some slow reseeds */
+
+        if ( i % 16 == 0 )
+        {
+            TRY( Instrumented_krb5int_yarrow_input( &yarrow, mouse, junk,
+                                                    sizeof( junk ),
+                                                    sizeof( junk ) * 3 ) );
+        }
+        else
+        {
+            TRY( Instrumented_krb5int_yarrow_input( &yarrow, user, junk,
+                                                    sizeof( junk ),
+                                                    sizeof( junk ) * 3 ) );
+        }
     }
 
     VERBOSE( printf( "\nPrint some random output\n\n" ); );
@@ -339,22 +339,22 @@ int test_4( void )
     VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
     if ( ret != YARROW_OK )
     {
-	THROW( ret );
+        THROW( ret );
     }
     else
     {
-	VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
+        VERBOSE( hex_print( stdout, "random", random, sizeof( random ) ); );
     }
 
     VERBOSE( printf( "\nClose down Yarrow\n\n" ); );
 
- CATCH:
+CATCH:
     if ( initialized )
     {
-	VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
-	ret = krb5int_yarrow_final( &yarrow );
-	VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
-	THROW( ret );
+        VERBOSE( printf( "krb5int_yarrow_final() = [" ); );
+        ret = krb5int_yarrow_final( &yarrow );
+        VERBOSE( printf( "%s]\n", krb5int_yarrow_str_error( ret ) ); );
+        THROW( ret );
     }
     EXCEP_RET;
 }
@@ -370,9 +370,9 @@ void hex_print( FILE* f, const char* var, void* data, size_t size )
     fprintf( f, " = " );
     for ( i = 0; i < size; i++ )
     {
-	c = conv[ (p[ i ] >> 4) & 0xf ];
-	d = conv[ p[ i ] & 0xf ];
-	fprintf( f, "%c%c", c, d );
+        c = conv[ (p[ i ] >> 4) & 0xf ];
+        d = conv[ p[ i ] & 0xf ];
+        fprintf( f, "%c%c", c, d );
     }
     fprintf( f, "\n" );
 }
diff --git a/src/lib/crypto/krb/Makefile.in b/src/lib/crypto/krb/Makefile.in
index fe96eba..5c08de6 100644
--- a/src/lib/crypto/krb/Makefile.in
+++ b/src/lib/crypto/krb/Makefile.in
@@ -1,15 +1,13 @@
-thisconfigdir=../../..
-myfulldir=lib/crypto/krb
 mydir=lib/crypto/krb
 BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS= crc32 dk keyhash_provider \
+SUBDIRS= arcfour checksum crc32 dk \
 	prf rand2key old raw yarrow 
 LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/../@CRYPTO_IMPL@/enc_provider -I$(srcdir)/dk	\
-		-I$(srcdir)/../@CRYPTO_IMPL@/hash_provider -I$(srcdir)/keyhash_provider	\
+		-I$(srcdir)/../@CRYPTO_IMPL@/hash_provider				\
 		-I$(srcdir)/prf -I$(srcdir)/rand2key		 			\
 		-I$(srcdir)/old -I$(srcdir)/raw -I$(srcdir)/yarrow 			\
 		-I$(srcdir)/../@CRYPTO_IMPL@/ -I$(srcdir)/../@CRYPTO_IMPL@/des		\
-		-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/../@CRYPTO_IMPL@/arcfour 	\
+		-I$(srcdir)/../@CRYPTO_IMPL@/aes -I$(srcdir)/arcfour 	\
 		-I$(srcdir)/../@CRYPTO_IMPL@/sha1 -I$(srcdir)/../@CRYPTO_IMPL@
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
@@ -18,8 +16,8 @@ DEFS=
 ##DOSBUILDTOP = ..\..\..
 ##DOSLIBNAME=$(OUTPRE)crypto.lib
 ##DOSOBJFILE=$(OUTPRE)crypto.lst
-##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
-##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)arcfour.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)cksum.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)arcfour.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)cksum.lst $(OUTPRE)aes.lst
 
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
@@ -153,14 +151,12 @@ SRCS=\
 	$(srcdir)/verify_checksum.c	\
 	$(srcdir)/verify_checksum_iov.c
 
-STOBJLISTS=crc32/OBJS.ST  dk/OBJS.ST 			 	\
-	keyhash_provider/OBJS.ST 			 	\
-	prf/OBJS.ST rand2key/OBJS.ST 			 	\
+STOBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST	\
+	dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST			\
 	old/OBJS.ST raw/OBJS.ST  yarrow/OBJS.ST  OBJS.ST
 
-SUBDIROBJLISTS=crc32/OBJS.ST  dk/OBJS.ST 		 	\
-	keyhash_provider/OBJS.ST 			 	\
-	prf/OBJS.ST rand2key/OBJS.ST 			 	\
+SUBDIROBJLISTS=arcfour/OBJS.ST checksum/OBJS.ST crc32/OBJS.ST	\
+	dk/OBJS.ST prf/OBJS.ST rand2key/OBJS.ST			\
 	old/OBJS.ST raw/OBJS.ST  yarrow/OBJS.ST 
 
 ##DOS##LIBOBJS = $(OBJS)
@@ -173,15 +169,18 @@ depend:: $(SRCS)
 clean-unix:: clean-libobjs
 
 all-windows::
-	cd crc32
+	cd arcfour
+	@echo Making in crypto\arcfour
+	$(MAKE) -$(MFLAGS)
+	cd ..\crc32
 	@echo Making in crypto\crc32
 	$(MAKE) -$(MFLAGS)
+	cd ..\checksum
+	@echo Making in crypto\checksum
+	$(MAKE) -$(MFLAGS)
 	cd ..\dk
 	@echo Making in crypto\dk
 	$(MAKE) -$(MFLAGS)
-	cd ..\keyhash_provider
-	@echo Making in crypto\keyhash_provider
-	$(MAKE) -$(MFLAGS)
 	cd ..\prf
 	@echo Making in crypto\prf
 	$(MAKE) -$(MFLAGS)
@@ -200,15 +199,18 @@ all-windows::
 	cd ..
 
 clean-windows::
-	cd crc32
+	cd arcfour
+	@echo Making in clean crypto\arcfour
+	$(MAKE) -$(MFLAGS) clean
+	cd ..\crc32
 	@echo Making in clean crypto\crc32
 	$(MAKE) -$(MFLAGS) clean
+	cd ..\checksum
+	@echo Making clean in crypto\checksum
+	$(MAKE) -$(MFLAGS) clean
 	cd ..\dk
 	@echo Making clean in crypto\dk
 	$(MAKE) -$(MFLAGS) clean
-	cd ..\keyhash_provider
-	@echo Making clean in crypto\keyhash_provider
-	$(MAKE) -$(MFLAGS) clean
 	cd ..\prf
 	@echo Making clean in crypto\prf
 	$(MAKE) -$(MFLAGS) clean
@@ -227,15 +229,18 @@ clean-windows::
 	cd ..
 
 check-windows::
-	cd crc32
+	cd arcfour
+	@echo Making in check crypto\arcfour
+	$(MAKE) -$(MFLAGS) check
+	cd ..\crc32
 	@echo Making in check crypto\crc32
 	$(MAKE) -$(MFLAGS) check
+	cd ..\checksum
+	@echo Making check in crypto\checksum
+	$(MAKE) -$(MFLAGS) check
 	cd ..\dk
 	@echo Making check in crypto\dk
 	$(MAKE) -$(MFLAGS) check
-	cd ..\keyhash_provider
-	@echo Making check in crypto\keyhash_provider
-	$(MAKE) -$(MFLAGS) check
 	cd ..\prf
 	@echo Making check in crypto\prf
 	$(MAKE) -$(MFLAGS) check
diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c
index f3ca11b..c1f8ccd 100644
--- a/src/lib/crypto/krb/aead.c
+++ b/src/lib/crypto/krb/aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aead.c
  *
@@ -31,147 +32,41 @@
 #include "aead.h"
 
 krb5_crypto_iov *
-krb5int_c_locate_iov(krb5_crypto_iov *data,
-		     size_t num_data,
-		     krb5_cryptotype type)
+krb5int_c_locate_iov(krb5_crypto_iov *data, size_t num_data,
+                     krb5_cryptotype type)
 {
     size_t i;
     krb5_crypto_iov *iov = NULL;
 
     if (data == NULL)
-	return NULL;
+        return NULL;
 
     for (i = 0; i < num_data; i++) {
-	if (data[i].flags == type) {
-	    if (iov == NULL)
-		iov = &data[i];
-	    else
-		return NULL; /* can't appear twice */
-	}
+        if (data[i].flags == type) {
+            if (iov == NULL)
+                iov = &data[i];
+            else
+                return NULL; /* can't appear twice */
+        }
     }
 
     return iov;
 }
 
-static krb5_error_code
-make_unkeyed_checksum_iov(const struct krb5_hash_provider *hash_provider,
-			  const krb5_crypto_iov *data,
-			  size_t num_data,
-			  krb5_data *output)
-{
-    krb5_data *sign_data;
-    size_t num_sign_data;
-    krb5_error_code ret;
-    size_t i, j;
-
-    /* Create a checksum over all the data to be signed */
-    for (i = 0, num_sign_data = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-
-	if (SIGN_IOV(iov))
-	    num_sign_data++;
-    }
-
-    /* XXX cleanup to avoid alloc. */
-    sign_data = calloc(num_sign_data, sizeof(krb5_data));
-    if (sign_data == NULL)
-	return ENOMEM;
-
-    for (i = 0, j = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-
-	if (SIGN_IOV(iov))
-	    sign_data[j++] = iov->data;
-    }
-
-    ret = (*hash_provider->hash)(num_sign_data, sign_data, output);
-
-    free(sign_data);
-
-    return ret;
-}
-
-krb5_error_code
-krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum_type,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_crypto_iov *data,
-			    size_t num_data,
-			    krb5_data *cksum_data)
-{
-    const struct krb5_keytypes *e1, *e2;
-    krb5_error_code ret;
-
-    if (cksum_type->keyhash != NULL) {
-	/* Check if key is compatible. */
-
-	if (cksum_type->keyed_etype) {
-	    e1 = find_enctype(cksum_type->keyed_etype);
-	    e2 = find_enctype(key->keyblock.enctype);
-	    if (e1 == NULL || e2 == NULL || e1->enc != e2->enc) {
-		ret = KRB5_BAD_ENCTYPE;
-		goto cleanup;
-	    }
-	}
-
-	if (cksum_type->keyhash->hash_iov == NULL)
-	    return KRB5_BAD_ENCTYPE;
-
-	ret = (*cksum_type->keyhash->hash_iov)(key, usage, 0, data, num_data,
-					       cksum_data);
-    } else if (cksum_type->flags & KRB5_CKSUMFLAG_DERIVE) {
-	ret = krb5int_dk_make_checksum_iov(cksum_type->hash,
-					   key, usage, data, num_data,
-					   cksum_data);
-    } else {
-	ret = make_unkeyed_checksum_iov(cksum_type->hash, data, num_data,
-					cksum_data);
-    }
-
-    if (ret == 0) {
-	if (cksum_type->trunc_size) {
-	    cksum_data->length = cksum_type->trunc_size;
-	}
-    }
-
-cleanup:
-    if (ret != 0) {
-	memset(cksum_data->data, 0, cksum_data->length);
-    }
-
-    return ret;
-}
-
-const struct krb5_cksumtypes *
-krb5int_c_find_checksum_type(krb5_cksumtype cksumtype)
-{
-    size_t i;
-
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
-    }
-
-    if (i == krb5int_cksumtypes_length)
-	return NULL;
-
-    return &krb5int_cksumtypes_list[i];
-}
-
 #ifdef DEBUG_IOV
 static void
 dump_block(const char *tag,
-	   size_t i,
-	   size_t j,
-	   unsigned char *block,
-	   size_t block_size)
+           size_t i,
+           size_t j,
+           unsigned char *block,
+           size_t block_size)
 {
     size_t k;
 
     printf("[%s: %d.%d] ", tag, i, j);
 
     for (k = 0; k < block_size; k++)
-	printf("%02x ", block[k] & 0xFF);
+        printf("%02x ", block[k] & 0xFF);
 
     printf("\n");
 }
@@ -179,29 +74,29 @@ dump_block(const char *tag,
 
 static int
 process_block_p(const krb5_crypto_iov *data,
-		size_t num_data,
-		struct iov_block_state *iov_state,
-		size_t i)
+                size_t num_data,
+                struct iov_block_state *iov_state,
+                size_t i)
 {
     const krb5_crypto_iov *iov = &data[i];
     int process_block;
 
     switch (iov->flags) {
     case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	process_block = iov_state->include_sign_only;
-	break;
+        process_block = iov_state->include_sign_only;
+        break;
     case KRB5_CRYPTO_TYPE_PADDING:
-	process_block = (iov_state->pad_to_boundary == 0);
-	break;
+        process_block = (iov_state->pad_to_boundary == 0);
+        break;
     case KRB5_CRYPTO_TYPE_HEADER:
-	process_block = (iov_state->ignore_header == 0);
-	break;
+        process_block = (iov_state->ignore_header == 0);
+        break;
     case KRB5_CRYPTO_TYPE_DATA:
-	process_block = 1;
-	break;
+        process_block = 1;
+        break;
     default:
-	process_block = 0;
-	break;
+        process_block = 0;
+        break;
     }
 
     return process_block;
@@ -213,116 +108,118 @@ process_block_p(const krb5_crypto_iov *data,
  */
 static int
 pad_to_boundary_p(const krb5_crypto_iov *data,
-		  size_t num_data,
-		  struct iov_block_state *iov_state,
-		  size_t i,
-		  size_t j)
+                  size_t num_data,
+                  struct iov_block_state *iov_state,
+                  size_t i,
+                  size_t j)
 {
     /* If the pad_to_boundary flag is unset, return FALSE */
     if (iov_state->pad_to_boundary == 0)
-	return 0;
+        return 0;
 
     /* If we haven't got any data, we need to get some */
     if (j == 0)
-	return 0;
+        return 0;
 
     /* No boundary between adjacent buffers marked for processing */
     if (data[iov_state->iov_pos].flags == data[i].flags)
-	return 0;
+        return 0;
 
     return 1;
 }
 
 krb5_boolean
 krb5int_c_iov_get_block(unsigned char *block,
-			size_t block_size,
-			const krb5_crypto_iov *data,
-			size_t num_data,
-			struct iov_block_state *iov_state)
+                        size_t block_size,
+                        const krb5_crypto_iov *data,
+                        size_t num_data,
+                        struct iov_block_state *iov_state)
 {
     size_t i, j = 0;
 
     for (i = iov_state->iov_pos; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	size_t nbytes;
+        const krb5_crypto_iov *iov = &data[i];
+        size_t nbytes;
 
-	if (!process_block_p(data, num_data, iov_state, i))
-	    continue;
+        if (!process_block_p(data, num_data, iov_state, i))
+            continue;
 
-	if (pad_to_boundary_p(data, num_data, iov_state, i, j))
-	    break;
+        if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+            break;
 
-	iov_state->iov_pos = i;
+        iov_state->iov_pos = i;
 
-	nbytes = iov->data.length - iov_state->data_pos;
-	if (nbytes > block_size - j)
-	    nbytes = block_size - j;
+        nbytes = iov->data.length - iov_state->data_pos;
+        if (nbytes > block_size - j)
+            nbytes = block_size - j;
 
-	memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes);
+        memcpy(block + j, iov->data.data + iov_state->data_pos, nbytes);
 
-	iov_state->data_pos += nbytes;
-	j += nbytes;
+        iov_state->data_pos += nbytes;
+        j += nbytes;
 
-	assert(j <= block_size);
+        assert(j <= block_size);
 
-	if (j == block_size)
-	    break;
+        if (j == block_size)
+            break;
 
-	assert(iov_state->data_pos == iov->data.length);
+        assert(iov_state->data_pos == iov->data.length);
 
-	iov_state->data_pos = 0;
+        iov_state->data_pos = 0;
     }
 
     iov_state->iov_pos = i;
+    if (i == num_data)
+        return FALSE;
 
     if (j != block_size)
-	memset(block + j, 0, block_size - j);
+        memset(block + j, 0, block_size - j);
 
 #ifdef DEBUG_IOV
     dump_block("get_block", i, j, block, block_size);
 #endif
 
-    return (iov_state->iov_pos < num_data);
+    return TRUE;
 }
 
 krb5_boolean
 krb5int_c_iov_put_block(const krb5_crypto_iov *data,
-			size_t num_data,
-			unsigned char *block,
-			size_t block_size,
-			struct iov_block_state *iov_state)
+                        size_t num_data,
+                        unsigned char *block,
+                        size_t block_size,
+                        struct iov_block_state *iov_state)
 {
     size_t i, j = 0;
 
     for (i = iov_state->iov_pos; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	size_t nbytes;
+        const krb5_crypto_iov *iov = &data[i];
+        size_t nbytes;
 
-	if (!process_block_p(data, num_data, iov_state, i))
-	    continue;
+        if (!process_block_p(data, num_data, iov_state, i))
+            continue;
 
-	if (pad_to_boundary_p(data, num_data, iov_state, i, j))
-	    break;
+        if (pad_to_boundary_p(data, num_data, iov_state, i, j))
+            break;
 
-	iov_state->iov_pos = i;
+        iov_state->iov_pos = i;
 
-	nbytes = iov->data.length - iov_state->data_pos;
-	if (nbytes > block_size - j)
-	    nbytes = block_size - j;
+        nbytes = iov->data.length - iov_state->data_pos;
+        if (nbytes > block_size - j)
+            nbytes = block_size - j;
 
-	memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes);
+        memcpy(iov->data.data + iov_state->data_pos, block + j, nbytes);
 
-	iov_state->data_pos += nbytes;
-	j += nbytes;
+        iov_state->data_pos += nbytes;
+        j += nbytes;
 
-	assert(j <= block_size);
+        assert(j <= block_size);
 
-	if (j == block_size)
-	    break;
+        if (j == block_size)
+            break;
 
-	assert(iov_state->data_pos == iov->data.length);
+        assert(iov_state->data_pos == iov->data.length);
 
-	iov_state->data_pos = 0;
+        iov_state->data_pos = 0;
     }
 
     iov_state->iov_pos = i;
@@ -335,17 +232,12 @@ krb5int_c_iov_put_block(const krb5_crypto_iov *data,
 }
 
 krb5_error_code
-krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
-			     const struct krb5_enc_provider *enc,
-			     const struct krb5_hash_provider *hash,
-			     krb5_key key,
-			     krb5_keyusage keyusage,
-			     const krb5_data *ivec,
-			     krb5_crypto_iov *data,
-			     size_t num_data)
+krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
+                             krb5_keyusage keyusage, const krb5_data *ivec,
+                             krb5_crypto_iov *data, size_t num_data)
 {
     krb5_error_code ret;
-    unsigned int header_len, trailer_len, padding_len;
+    unsigned int header_len, trailer_len;
     krb5_crypto_iov *iov;
     krb5_crypto_iov *stream;
     size_t i, j;
@@ -354,219 +246,75 @@ krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
     stream = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM);
     assert(stream != NULL);
 
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-				 &header_len);
-    if (ret != 0)
-	return ret;
-
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-				 &trailer_len);
-    if (ret != 0)
-	return ret;
-
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-				 &padding_len);
-    if (ret != 0)
-	return ret;
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
 
     if (stream->data.length < header_len + trailer_len)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     iov = calloc(num_data + 2, sizeof(krb5_crypto_iov));
     if (iov == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     i = 0;
 
     iov[i].flags = KRB5_CRYPTO_TYPE_HEADER; /* takes place of STREAM */
-    iov[i].data.data = stream->data.data;
-    iov[i].data.length = header_len;
+    iov[i].data = make_data(stream->data.data, header_len);
     i++;
 
     for (j = 0; j < num_data; j++) {
-	if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
-	    if (got_data) {
-		free(iov);
-		return KRB5_BAD_MSIZE;
-	    }
-
-	    got_data++;
-
-	    data[j].data.data = stream->data.data + header_len;
-	    data[j].data.length = stream->data.length - header_len
-		- trailer_len;
-	}
-	if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
-	    data[j].flags == KRB5_CRYPTO_TYPE_DATA)
-	    iov[i++] = data[j];
+        if (data[j].flags == KRB5_CRYPTO_TYPE_DATA) {
+            if (got_data) {
+                free(iov);
+                return KRB5_BAD_MSIZE;
+            }
+
+            got_data++;
+
+            data[j].data.data = stream->data.data + header_len;
+            data[j].data.length = stream->data.length - header_len
+                - trailer_len;
+        }
+        if (data[j].flags == KRB5_CRYPTO_TYPE_SIGN_ONLY ||
+            data[j].flags == KRB5_CRYPTO_TYPE_DATA)
+            iov[i++] = data[j];
     }
 
-    /*
-     * XXX not self-describing with respect to length, this is the best
-     * we can do.
-     */
+    /* Use empty padding since tokens don't indicate the padding length. */
     iov[i].flags = KRB5_CRYPTO_TYPE_PADDING;
-    iov[i].data.data = NULL;
-    iov[i].data.length = 0;
+    iov[i].data = empty_data();
     i++;
 
     iov[i].flags = KRB5_CRYPTO_TYPE_TRAILER;
-    iov[i].data.data = stream->data.data + stream->data.length - trailer_len;
-    iov[i].data.length = trailer_len;
+    iov[i].data = make_data(stream->data.data + stream->data.length -
+                            trailer_len, trailer_len);
     i++;
 
     assert(i <= num_data + 2);
 
-    ret = (*aead->decrypt_iov)(aead, enc, hash, key, keyusage, ivec, iov, i);
-
+    ret = ktp->decrypt(ktp, key, keyusage, ivec, iov, i);
     free(iov);
-
     return ret;
 }
 
-krb5_error_code
-krb5int_c_padding_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 size_t data_length,
-			 unsigned int *pad_length)
+unsigned int
+krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length)
 {
-    unsigned int padding;
-    krb5_error_code ret;
+    unsigned int header, padding;
 
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-				 &padding);
-    if (ret != 0)
-	return ret;
+    /*
+     * Add in the header length since the header is encrypted along with the
+     * data.  (arcfour violates this assumption since not all of the header is
+     * encrypted, but that's okay since it has no padding.  If there is ever an
+     * enctype using a similar token format and a block cipher, we will have to
+     * move this logic into an enctype-dependent function.)
+     */
+    header = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    data_length += header;
 
+    padding = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
     if (padding == 0 || (data_length % padding) == 0)
-	*pad_length = 0;
+        return 0;
     else
-	*pad_length = padding - (data_length % padding);
-
-    return 0;
-}
-
-krb5_error_code
-krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output)
-{
-    krb5_crypto_iov iov[4];
-    krb5_error_code ret;
-    unsigned int header_len = 0;
-    unsigned int padding_len = 0;
-    unsigned int trailer_len = 0;
-
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-				 &header_len);
-    if (ret != 0)
-	return ret;
-
-    ret = krb5int_c_padding_length(aead, enc, hash, input->length,
-				   &padding_len);
-    if (ret != 0)
-	return ret;
-
-    ret = (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-				 &trailer_len);
-    if (ret != 0)
-	return ret;
-
-    if (output->length <
-	header_len + input->length + padding_len + trailer_len)
-	return KRB5_BAD_MSIZE;
-
-    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
-    iov[0].data.data = output->data;
-    iov[0].data.length = header_len;
-
-    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-    iov[1].data.data = iov[0].data.data + iov[0].data.length;
-    iov[1].data.length = input->length;
-    memcpy(iov[1].data.data, input->data, input->length);
-
-    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
-    iov[2].data.data = iov[1].data.data + iov[1].data.length;
-    iov[2].data.length = padding_len;
-
-    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
-    iov[3].data.data = iov[2].data.data + iov[2].data.length;
-    iov[3].data.length = trailer_len;
-
-    ret = (*aead->encrypt_iov)(aead, enc, hash, key, usage, ivec,
-			       iov, sizeof(iov) / sizeof(iov[0]));
-
-    if (ret != 0)
-	zap(iov[1].data.data, iov[1].data.length);
-
-    output->length = iov[0].data.length + iov[1].data.length +
-		     iov[2].data.length + iov[3].data.length;
-
-    return ret;
-}
-
-krb5_error_code
-krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output)
-{
-    krb5_crypto_iov iov[2];
-    krb5_error_code ret;
-
-    iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
-    iov[0].data.data = malloc(input->length);
-    if (iov[0].data.data == NULL)
-	return ENOMEM;
-
-    memcpy(iov[0].data.data, input->data, input->length);
-    iov[0].data.length = input->length;
-
-    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
-    iov[1].data.data = NULL;
-    iov[1].data.length = 0;
-
-    ret = krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-				       usage, ivec,
-				       iov, sizeof(iov)/sizeof(iov[0]));
-    if (ret != 0)
-	goto cleanup;
-
-    if (output->length < iov[1].data.length) {
-	ret = KRB5_BAD_MSIZE;
-	goto cleanup;
-    }
-
-    memcpy(output->data, iov[1].data.data, iov[1].data.length);
-    output->length = iov[1].data.length;
-
-cleanup:
-    zapfree(iov[0].data.data, iov[0].data.length);
-
-    return ret;
-}
-
-void
-krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
-				     const struct krb5_enc_provider *enc,
-				     const struct krb5_hash_provider *hash,
-				     size_t inputlen, size_t *length)
-{
-    unsigned int header_len = 0;
-    unsigned int padding_len = 0;
-    unsigned int trailer_len = 0;
-
-    (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_HEADER,
-			   &header_len);
-    krb5int_c_padding_length(aead, enc, hash, inputlen, &padding_len);
-    (*aead->crypto_length)(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			   &trailer_len);
-
-    *length = header_len + inputlen + padding_len + trailer_len;
+        return padding - (data_length % padding);
 }
diff --git a/src/lib/crypto/krb/aead.h b/src/lib/crypto/krb/aead.h
index f9e92bd..df54a05 100644
--- a/src/lib/crypto/krb/aead.h
+++ b/src/lib/crypto/krb/aead.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/aead.h
  *
@@ -26,98 +27,103 @@
 
 #include "k5-int.h"
 #include "cksumtypes.h"
+#include "etypes.h"
 
 /* AEAD helpers */
 
 krb5_crypto_iov *
 krb5int_c_locate_iov(krb5_crypto_iov *data,
-		     size_t num_data,
-		     krb5_cryptotype type);
+                     size_t num_data,
+                     krb5_cryptotype type);
 
-krb5_error_code
-krb5int_c_make_checksum_iov(const struct krb5_cksumtypes *cksum,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_crypto_iov *data,
-			    size_t num_data,
-			    krb5_data *cksum_data);
-
-const struct krb5_cksumtypes *
-krb5int_c_find_checksum_type(krb5_cksumtype cksumtype);
-
-#define ENCRYPT_CONF_IOV(_iov)	((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER)
+#define ENCRYPT_CONF_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_HEADER)
 
-#define ENCRYPT_DATA_IOV(_iov)	((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \
-				 (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING)
+#define ENCRYPT_DATA_IOV(_iov)  ((_iov)->flags == KRB5_CRYPTO_TYPE_DATA || \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_PADDING)
 
-#define ENCRYPT_IOV(_iov)	(ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov))
+#define ENCRYPT_IOV(_iov)       (ENCRYPT_CONF_IOV(_iov) || ENCRYPT_DATA_IOV(_iov))
 
-#define SIGN_IOV(_iov)		(ENCRYPT_IOV(_iov) || \
-				 (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY )
+#define SIGN_IOV(_iov)          (ENCRYPT_IOV(_iov) ||                   \
+                                 (_iov)->flags == KRB5_CRYPTO_TYPE_SIGN_ONLY )
 
 struct iov_block_state {
-    size_t iov_pos;			/* index into iov array */
-    size_t data_pos;			/* index into iov contents */
-    unsigned int ignore_header : 1;	/* have/should we process HEADER */
-    unsigned int include_sign_only : 1;	/* should we process SIGN_ONLY blocks */
-    unsigned int pad_to_boundary : 1;	/* should we zero fill blocks until next buffer */
+    size_t iov_pos;                     /* index into iov array */
+    size_t data_pos;                    /* index into iov contents */
+    unsigned int ignore_header : 1;     /* have/should we process HEADER */
+    unsigned int include_sign_only : 1; /* should we process SIGN_ONLY blocks */
+    unsigned int pad_to_boundary : 1;   /* should we zero fill blocks until next buffer */
 };
 
-#define IOV_BLOCK_STATE_INIT(_state)	((_state)->iov_pos = \
-					 (_state)->data_pos = \
-					 (_state)->ignore_header = \
-					 (_state)->include_sign_only = \
-					 (_state)->pad_to_boundary = 0)
+#define IOV_BLOCK_STATE_INIT(_state)    ((_state)->iov_pos =            \
+                                         (_state)->data_pos =           \
+                                         (_state)->ignore_header =      \
+                                         (_state)->include_sign_only =  \
+                                         (_state)->pad_to_boundary = 0)
 
 krb5_boolean
 krb5int_c_iov_get_block(unsigned char *block,
-			size_t block_size,
-			const krb5_crypto_iov *data,
-			size_t num_data,
-			struct iov_block_state *iov_state);
+                        size_t block_size,
+                        const krb5_crypto_iov *data,
+                        size_t num_data,
+                        struct iov_block_state *iov_state);
 
 krb5_boolean
 krb5int_c_iov_put_block(const krb5_crypto_iov *data,
-			size_t num_data,
-			unsigned char *block,
-			size_t block_size,
-			struct iov_block_state *iov_state);
+                        size_t num_data,
+                        unsigned char *block,
+                        size_t block_size,
+                        struct iov_block_state *iov_state);
 
 krb5_error_code
-krb5int_c_iov_decrypt_stream(const struct krb5_aead_provider *aead,
-			     const struct krb5_enc_provider *enc,
-			     const struct krb5_hash_provider *hash,
-			     krb5_key key,
-			     krb5_keyusage keyusage,
-			     const krb5_data *ivec,
-			     krb5_crypto_iov *data,
-			     size_t num_data);
+krb5int_c_iov_decrypt_stream(const struct krb5_keytypes *ktp, krb5_key key,
+                             krb5_keyusage keyusage, const krb5_data *ivec,
+                             krb5_crypto_iov *data, size_t num_data);
 
-krb5_error_code
-krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output);
+unsigned int
+krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length);
 
-krb5_error_code
-krb5int_c_encrypt_aead_compat(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_key key, krb5_keyusage usage,
-			      const krb5_data *ivec, const krb5_data *input,
-			      krb5_data *output);
-
-void
-krb5int_c_encrypt_length_aead_compat(const struct krb5_aead_provider *aead,
-				     const struct krb5_enc_provider *enc,
-				     const struct krb5_hash_provider *hash,
-				     size_t inputlen, size_t *length);
+/*
+ * Returns an alias into the current buffer if the next block is fully
+ * contained within; otherwise makes a copy of the next block and returns an
+ * alias to storage.  After calling this function, encrypt the returned block
+ * in place and then call iov_store_block (with a separate output cursor) to
+ * store the result back into the iov if necessary.  Returns NULL if there
+ * is no next block.
+ */
+static inline unsigned char *
+iov_next_block(unsigned char *storage, size_t len,
+               const krb5_crypto_iov *data, size_t num_data,
+               struct iov_block_state *pos)
+{
+    const krb5_crypto_iov *iov = &data[pos->iov_pos];
+    unsigned char *block;
+
+    if (pos->iov_pos < num_data && iov->data.length - pos->data_pos >= len) {
+        /* Return an alias to memory inside the current iov. */
+        block = (unsigned char *) iov->data.data + pos->data_pos;
+        pos->data_pos += len;
+        return block;
+    }
+    /* Do it the slow way and return a copy into storage. */
+    if (krb5int_c_iov_get_block(storage, len, data, num_data, pos))
+        return storage;
+    return NULL;
+}
 
-krb5_error_code
-krb5int_c_padding_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 size_t data_length,
-			 unsigned int *pad_length);
+/*
+ * Store a block retrieved with iov_next_block if necessary, and advance the
+ * output cursor.
+ */
+static inline void
+iov_store_block(const krb5_crypto_iov *data, size_t num_data,
+                unsigned char *block, unsigned char *storage, size_t len,
+                struct iov_block_state *pos)
+{
+    if (block == storage) {
+        /* We got the block the slow way; put it back that way too. */
+        krb5int_c_iov_put_block(data, num_data, storage, len, pos);
+    } else {
+        /* It's already stored; we just have to advance the output cursor. */
+        pos->data_pos += len;
+    }
+}
diff --git a/src/lib/crypto/openssl/arcfour/Makefile.in b/src/lib/crypto/krb/arcfour/Makefile.in
index 61e6354..bd234fa 100644
--- a/src/lib/crypto/openssl/arcfour/Makefile.in
+++ b/src/lib/crypto/krb/arcfour/Makefile.in
@@ -1,8 +1,7 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/arcfour
-mydir=lib/crypto/openssl/arcfour
+mydir=lib/crypto/krb/arcfour
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../md4  -I$(srcdir)/../../krb
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../@CRYPTO_IMPL@ \
+	-I$(srcdir)/../../@CRYPTO_IMPL@/md4
 DEFS=
 
 ##DOS##BUILDTOP = ..\..\..\..
@@ -12,7 +11,6 @@ DEFS=
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-
 STLIBOBJS=\
 	arcfour.o	\
 	arcfour_aead.o	\
diff --git a/src/lib/crypto/krb/arcfour/arcfour-int.h b/src/lib/crypto/krb/arcfour/arcfour-int.h
new file mode 100644
index 0000000..15ab75b
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/arcfour-int.h
@@ -0,0 +1,33 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
+  This cipher is widely believed and has been tested to be equivalent
+  with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
+  of RSA Data Security)
+
+*/
+#ifndef ARCFOUR_INT_H
+#define ARCFOUR_INT_H
+
+#include "arcfour.h"
+
+#define CONFOUNDERLENGTH 8
+
+krb5_keyusage
+krb5int_arcfour_translate_usage(krb5_keyusage usage);
+
+krb5_error_code
+krb5int_arcfour_usage_key(const struct krb5_enc_provider *enc,
+                          const struct krb5_hash_provider *hash,
+                          const krb5_keyblock *session_keyblock,
+                          krb5_keyusage usage,
+                          krb5_keyblock *out);
+
+krb5_error_code
+krb5int_arcfour_enc_key(const struct krb5_enc_provider *enc,
+                        const struct krb5_hash_provider *hash,
+                        const krb5_keyblock *usage_keyblock,
+                        const krb5_data *checksum, krb5_keyblock *out);
+
+#endif /* ARCFOUR_INT_H */
diff --git a/src/lib/crypto/krb/arcfour/arcfour.c b/src/lib/crypto/krb/arcfour/arcfour.c
new file mode 100644
index 0000000..783b777
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/arcfour.c
@@ -0,0 +1,93 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+
+  ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
+  This cipher is widely believed and has been tested to be equivalent
+  with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
+  of RSA Data Security)
+
+*/
+#include "k5-int.h"
+#include "arcfour-int.h"
+#include "hash_provider/hash_provider.h"
+
+const char l40[] = "fortybits";
+
+krb5_keyusage
+krb5int_arcfour_translate_usage(krb5_keyusage usage)
+{
+    switch (usage) {
+    case 1:  return 1;   /* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
+    case 2:  return 2;   /* ticket from kdc */
+    case 3:  return 8;   /* as-rep encrypted part */
+    case 4:  return 4;   /* tgs-req authz data */
+    case 5:  return 5;   /* tgs-req authz data in subkey */
+    case 6:  return 6;   /* tgs-req authenticator cksum */
+    case 7:  return 7;   /* tgs-req authenticator */
+    case 8:  return 8;
+    case 9:  return 9;   /* tgs-rep encrypted with subkey */
+    case 10: return 10;  /* ap-rep authentication cksum (never used by MS) */
+    case 11: return 11;  /* app-req authenticator */
+    case 12: return 12;  /* app-rep encrypted part */
+    case 23: return 13;  /* sign wrap token*/
+    default: return usage;
+    }
+}
+
+/* Derive a usage key from a session key and krb5 usage constant. */
+krb5_error_code
+krb5int_arcfour_usage_key(const struct krb5_enc_provider *enc,
+                          const struct krb5_hash_provider *hash,
+                          const krb5_keyblock *session_keyblock,
+                          krb5_keyusage usage,
+                          krb5_keyblock *out)
+{
+    char salt_buf[14];
+    unsigned int salt_len;
+    krb5_data out_data = make_data(out->contents, out->length);
+    krb5_crypto_iov iov;
+    krb5_keyusage ms_usage;
+
+    /* Generate the salt. */
+    ms_usage = krb5int_arcfour_translate_usage(usage);
+    if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
+        memcpy(salt_buf, l40, 10);
+        store_32_le(ms_usage, salt_buf + 10);
+        salt_len = 14;
+    } else {
+        store_32_le(ms_usage, salt_buf);
+        salt_len = 4;
+    }
+
+    /* Compute HMAC(key, salt) to produce the usage key. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(salt_buf, salt_len);
+    return krb5int_hmac_keyblock(hash, session_keyblock, &iov, 1, &out_data);
+}
+
+/* Derive an encryption key from a usage key and (typically) checksum. */
+krb5_error_code
+krb5int_arcfour_enc_key(const struct krb5_enc_provider *enc,
+                        const struct krb5_hash_provider *hash,
+                        const krb5_keyblock *usage_keyblock,
+                        const krb5_data *checksum, krb5_keyblock *out)
+{
+    krb5_keyblock *trunc_keyblock = NULL;
+    krb5_data out_data = make_data(out->contents, out->length);
+    krb5_crypto_iov iov;
+    krb5_error_code ret;
+
+    /* Copy usage_keyblock to trunc_keyblock and truncate if exportable. */
+    ret = krb5int_c_copy_keyblock(NULL, usage_keyblock, &trunc_keyblock);
+    if (ret != 0)
+        return ret;
+    if (trunc_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
+        memset(trunc_keyblock->contents + 7, 0xab, 9);
+
+    /* Compute HMAC(trunc_key, checksum) to produce the encryption key. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *checksum;
+    ret = krb5int_hmac_keyblock(hash, trunc_keyblock, &iov, 1, &out_data);
+    krb5int_c_free_keyblock(NULL, trunc_keyblock);
+    return ret;
+}
diff --git a/src/lib/crypto/krb/arcfour/arcfour.h b/src/lib/crypto/krb/arcfour/arcfour.h
new file mode 100644
index 0000000..7ec0d77
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/arcfour.h
@@ -0,0 +1,31 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#ifndef ARCFOUR_H
+#define ARCFOUR_H
+
+#include "etypes.h"
+
+unsigned int
+krb5int_arcfour_crypto_length(const struct krb5_keytypes *ktp,
+                              krb5_cryptotype type);
+
+krb5_error_code
+krb5int_arcfour_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data);
+
+krb5_error_code
+krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data);
+
+extern krb5_error_code
+krb5int_arcfour_string_to_key(
+    const struct krb5_keytypes *,
+    const krb5_data *,
+    const krb5_data *,
+    const krb5_data *,
+    krb5_keyblock *);
+
+extern const struct krb5_enc_provider krb5int_enc_arcfour;
+
+#endif /* ARCFOUR_H */
diff --git a/src/lib/crypto/krb/arcfour/arcfour_aead.c b/src/lib/crypto/krb/arcfour/arcfour_aead.c
new file mode 100644
index 0000000..6f82921
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/arcfour_aead.c
@@ -0,0 +1,296 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/arcfour/arcfour_aead.c
+ *
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "k5-int.h"
+#include "arcfour.h"
+#include "arcfour-int.h"
+#include "hash_provider/hash_provider.h"
+#include "aead.h"
+
+/* AEAD */
+
+unsigned int
+krb5int_arcfour_crypto_length(const struct krb5_keytypes *ktp,
+                              krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->hash->hashsize + CONFOUNDERLENGTH;
+    case KRB5_CRYPTO_TYPE_PADDING:
+    case KRB5_CRYPTO_TYPE_TRAILER:
+        return 0;
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->hash->hashsize;
+    default:
+        assert(0 &&
+               "invalid cryptotype passed to krb5int_arcfour_crypto_length");
+        return 0;
+    }
+}
+
+/* Encrypt or decrypt using a keyblock. */
+static krb5_error_code
+keyblock_crypt(const struct krb5_enc_provider *enc, krb5_keyblock *keyblock,
+               const krb5_data *ivec, krb5_crypto_iov *data, size_t num_data)
+{
+    krb5_error_code ret;
+    krb5_key key;
+
+    ret = krb5_k_create_key(NULL, keyblock, &key);
+    if (ret != 0)
+        return ret;
+    /* Works for encryption or decryption since arcfour is a stream cipher. */
+    ret = enc->encrypt(key, ivec, data, num_data);
+    krb5_k_free_key(NULL, key);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_data checksum, confounder, header_data;
+    size_t i;
+
+    /*
+     * Caller must have provided space for the header, padding
+     * and trailer; per RFC 4757 we will arrange it as:
+     *
+     *      Checksum | E(Confounder | Plaintext)
+     */
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length < hash->hashsize + CONFOUNDERLENGTH)
+        return KRB5_BAD_MSIZE;
+
+    header_data = header->data;
+
+    /* Trailer may be absent. */
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL)
+        trailer->data.length = 0;
+
+    /* Ensure that there is no padding. */
+    for (i = 0; i < num_data; i++) {
+        if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
+            data[i].data.length = 0;
+    }
+
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a usage key from the session key and usage. */
+    ret = krb5int_arcfour_usage_key(enc, hash, &key->keyblock, usage,
+                                    usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Generate a confounder in the header block, after the checksum. */
+    header->data.length = hash->hashsize + CONFOUNDERLENGTH;
+    confounder = make_data(header->data.data + hash->hashsize,
+                           CONFOUNDERLENGTH);
+    ret = krb5_c_random_make_octets(0, &confounder);
+    if (ret != 0)
+        goto cleanup;
+    checksum = make_data(header->data.data, hash->hashsize);
+
+    /* Adjust pointers so confounder is at start of header. */
+    header->data.length -= hash->hashsize;
+    header->data.data += hash->hashsize;
+
+    /* Compute the checksum using the usage key. */
+    ret = krb5int_hmac_keyblock(hash, usage_keyblock, data, num_data,
+                                &checksum);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the encryption key from the usage key and checksum. */
+    ret = krb5int_arcfour_enc_key(enc, hash, usage_keyblock, &checksum,
+                                  enc_keyblock);
+    if (ret)
+        goto cleanup;
+
+    ret = keyblock_crypt(enc, enc_keyblock, ivec, data, num_data);
+
+cleanup:
+    header->data = header_data; /* Restore header pointers. */
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                        krb5_keyusage usage, const krb5_data *ivec,
+                        krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_data checksum, header_data, comp_checksum = empty_data();
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length != hash->hashsize + CONFOUNDERLENGTH)
+        return KRB5_BAD_MSIZE;
+
+    header_data = header->data;
+
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL && trailer->data.length != 0)
+        return KRB5_BAD_MSIZE;
+
+    /* Allocate buffers. */
+    ret = alloc_data(&comp_checksum, hash->hashsize);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, key->keyblock.enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    checksum = make_data(header->data.data, hash->hashsize);
+
+    /* Adjust pointers so confounder is at start of header. */
+    header->data.length -= hash->hashsize;
+    header->data.data += hash->hashsize;
+
+    /* We may have to try two usage values; see below. */
+    do {
+        /* Derive a usage key from the session key and usage. */
+        ret = krb5int_arcfour_usage_key(enc, hash, &key->keyblock, usage,
+                                        usage_keyblock);
+        if (ret != 0)
+            goto cleanup;
+
+        /* Derive the encryption key from the usage key and checksum. */
+        ret = krb5int_arcfour_enc_key(enc, hash, usage_keyblock, &checksum,
+                                      enc_keyblock);
+        if (ret)
+            goto cleanup;
+
+        /* Decrypt the ciphertext. */
+        ret = keyblock_crypt(enc, enc_keyblock, ivec, data, num_data);
+        if (ret != 0)
+            goto cleanup;
+
+        /* Compute HMAC(usage key, plaintext) to get the checksum. */
+        ret = krb5int_hmac_keyblock(hash, usage_keyblock, data, num_data,
+                                    &comp_checksum);
+        if (ret != 0)
+            goto cleanup;
+
+        if (memcmp(checksum.data, comp_checksum.data, hash->hashsize) != 0) {
+            if (usage == 9) {
+                /*
+                 * RFC 4757 specifies usage 8 for TGS-REP encrypted parts
+                 * encrypted in a subkey, but the value used by MS is actually
+                 * 9.  We now use 9 to start with, but fall back to 8 on
+                 * failure in case we are communicating with a KDC using the
+                 * value from the RFC.  ivec is always NULL in this case.
+                 * We need to re-encrypt the data in the wrong key first.
+                 */
+                ret = keyblock_crypt(enc, enc_keyblock, NULL, data, num_data);
+                if (ret != 0)
+                    goto cleanup;
+                usage = 8;
+                continue;
+            }
+            ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+            goto cleanup;
+        }
+
+        break;
+    } while (1);
+
+cleanup:
+    header->data = header_data; /* Restore header pointers. */
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    zapfree(comp_checksum.data, comp_checksum.length);
+    return ret;
+}
+
+krb5_error_code
+krb5int_arcfour_gsscrypt(const krb5_keyblock *keyblock, krb5_keyusage usage,
+                         const krb5_data *kd_data, krb5_crypto_iov *data,
+                         size_t num_data)
+{
+    const struct krb5_enc_provider *enc = &krb5int_enc_arcfour;
+    const struct krb5_hash_provider *hash = &krb5int_hash_md5;
+    krb5_keyblock *usage_keyblock = NULL, *enc_keyblock = NULL;
+    krb5_error_code ret;
+
+    ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
+                                  &usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5int_c_init_keyblock(NULL, keyblock->enctype, enc->keybytes,
+                                  &enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a usage key from the session key and usage. */
+    ret = krb5int_arcfour_usage_key(enc, hash, keyblock, usage,
+                                    usage_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive the encryption key from the usage key and kd_data. */
+    ret = krb5int_arcfour_enc_key(enc, hash, usage_keyblock, kd_data,
+                                  enc_keyblock);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Encrypt or decrypt (encrypt_iov works for both) the input. */
+    ret = keyblock_crypt(enc, enc_keyblock, 0, data, num_data);
+
+cleanup:
+    krb5int_c_free_keyblock(NULL, usage_keyblock);
+    krb5int_c_free_keyblock(NULL, enc_keyblock);
+    return ret;
+}
diff --git a/src/lib/crypto/krb/arcfour/arcfour_s2k.c b/src/lib/crypto/krb/arcfour/arcfour_s2k.c
new file mode 100644
index 0000000..b77738e
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/arcfour_s2k.c
@@ -0,0 +1,60 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+#include "k5-int.h"
+#include "k5-utf8.h"
+#include "rsa-md4.h"
+#include "arcfour-int.h"
+
+#if TARGET_OS_MAC && !defined(DEPEND)
+#include <CoreFoundation/CFString.h>
+#endif
+
+krb5_error_code
+krb5int_arcfour_string_to_key(const struct krb5_keytypes *ktp,
+                              const krb5_data *string, const krb5_data *salt,
+                              const krb5_data *params, krb5_keyblock *key)
+{
+    krb5_error_code err = 0;
+    krb5_MD4_CTX md4_context;
+    unsigned char *copystr;
+    size_t copystrlen;
+
+    if (params != NULL)
+        return KRB5_ERR_BAD_S2K_PARAMS;
+
+    if (key->length != 16)
+        return (KRB5_BAD_MSIZE);
+
+    /* We ignore salt per the Microsoft spec*/
+
+    /* compute the space needed for the new string.
+       Since the password must be stored in unicode, we need to increase
+       that number by 2x.
+    */
+
+    err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr, &copystrlen);
+    if (err)
+        return err;
+
+    /* the actual MD4 hash of the data */
+    krb5int_MD4Init(&md4_context);
+    krb5int_MD4Update(&md4_context, copystr, copystrlen);
+    krb5int_MD4Final(&md4_context);
+    memcpy(key->contents, md4_context.digest, 16);
+
+#if 0
+    /* test the string_to_key function */
+    printf("Hash=");
+    {
+        int counter;
+        for(counter=0;counter<16;counter++)
+            printf("%02x", md4_context.digest[counter]);
+        printf("\n");
+    }
+#endif /* 0 */
+
+    /* Zero out the data behind us */
+    memset(copystr, 0, copystrlen);
+    memset(&md4_context, 0, sizeof(md4_context));
+    free(copystr);
+    return err;
+}
diff --git a/src/lib/crypto/krb/arcfour/deps b/src/lib/crypto/krb/arcfour/deps
new file mode 100644
index 0000000..e626ff8
--- /dev/null
+++ b/src/lib/crypto/krb/arcfour/deps
@@ -0,0 +1,41 @@
+# 
+# Generated makefile dependencies follow.
+#
+arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h arcfour-int.h \
+  arcfour.c arcfour.h
+arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \
+  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  arcfour-int.h arcfour.h arcfour_aead.c
+arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../../builtin/md4/rsa-md4.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  arcfour-int.h arcfour.h arcfour_s2k.c
diff --git a/src/lib/crypto/krb/block_size.c b/src/lib/crypto/krb/block_size.c
index 6f88945..7d65a5a 100644
--- a/src/lib/crypto/krb/block_size.c
+++ b/src/lib/crypto/krb/block_size.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,13 +30,13 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_block_size(krb5_context context, krb5_enctype enctype,
-		  size_t *blocksize)
+                  size_t *blocksize)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *blocksize = ktp->enc->block_size;
 
     return 0;
diff --git a/src/lib/crypto/krb/cf2.c b/src/lib/crypto/krb/cf2.c
index b5724a3..ab0a134 100644
--- a/src/lib/crypto/krb/cf2.c
+++ b/src/lib/crypto/krb/cf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/cf2.c
  *
@@ -41,7 +42,7 @@
  */
 static krb5_error_code
 prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
-	 size_t keybytes, char **out)
+         size_t keybytes, char **out)
 {
     krb5_error_code retval = 0;
     size_t prflen, iterations;
@@ -55,17 +56,17 @@ prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
     krb5int_buf_add(&prf_inbuf, pepper);
     retval = krb5_c_prf_length( context, k->enctype, &prflen);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     iterations = keybytes / prflen;
     if (keybytes % prflen != 0)
-	iterations++;
+        iterations++;
     assert(iterations <= 254);
     buffer = k5alloc(iterations * prflen, &retval);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     if (krb5int_buf_len(&prf_inbuf) == -1) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     in_data.length = (krb5_int32) krb5int_buf_len(&prf_inbuf);
     in_data.data = krb5int_buf_data(&prf_inbuf);
@@ -73,12 +74,12 @@ prf_plus(krb5_context context, krb5_keyblock *k, const char *pepper,
     out_data.data = buffer;
 
     while (iterations > 0) {
-	retval = krb5_c_prf(context, k, &in_data, &out_data);
-	if (retval)
-	    goto cleanup;
-	out_data.data += prflen;
-	in_data.data[0]++;
-	iterations--;
+        retval = krb5_c_prf(context, k, &in_data, &out_data);
+        if (retval)
+            goto cleanup;
+        out_data.data += prflen;
+        in_data.data[0]++;
+        iterations--;
     }
 
     *out = buffer;
@@ -93,9 +94,9 @@ cleanup:
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_fx_cf2_simple(krb5_context context,
-		     krb5_keyblock *k1, const char *pepper1,
-		     krb5_keyblock *k2, const char *pepper2,
-		     krb5_keyblock **out)
+                     krb5_keyblock *k1, const char *pepper1,
+                     krb5_keyblock *k2, const char *pepper2,
+                     krb5_keyblock **out)
 {
     const struct krb5_keytypes *out_enctype;
     size_t keybytes, keylength, i;
@@ -106,38 +107,38 @@ krb5_c_fx_cf2_simple(krb5_context context,
     krb5_keyblock *out_key = NULL;
 
     if (k1 == NULL || !krb5_c_valid_enctype(k1->enctype))
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     if (k2 == NULL || !krb5_c_valid_enctype(k2->enctype))
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     out_enctype_num = k1->enctype;
     assert(out != NULL);
     assert((out_enctype = find_enctype(out_enctype_num)) != NULL);
     if (out_enctype->prf == NULL) {
-	if (context)
-	    krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
-			      "Enctype %d has no PRF", out_enctype_num);
-	return KRB5_CRYPTO_INTERNAL;
+        if (context)
+            krb5int_set_error(&(context->err), KRB5_CRYPTO_INTERNAL,
+                              "Enctype %d has no PRF", out_enctype_num);
+        return KRB5_CRYPTO_INTERNAL;
     }
     keybytes = out_enctype->enc->keybytes;
     keylength = out_enctype->enc->keylength;
 
     retval = prf_plus(context, k1, pepper1, keybytes, &prf1);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     retval = prf_plus(context, k2, pepper2, keybytes, &prf2);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     for (i = 0; i < keybytes; i++)
-	prf1[i] ^= prf2[i];
+        prf1[i] ^= prf2[i];
     retval = krb5int_c_init_keyblock(context, out_enctype_num, keylength,
-				     &out_key);
+                                     &out_key);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     keydata.data = prf1;
     keydata.length = keybytes;
     retval = (*out_enctype->enc->make_key)(&keydata, out_key);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     *out = out_key;
     out_key = NULL;
diff --git a/src/lib/crypto/krb/checksum/Makefile.in b/src/lib/crypto/krb/checksum/Makefile.in
new file mode 100644
index 0000000..61b41f2
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/Makefile.in
@@ -0,0 +1,32 @@
+mydir=lib/crypto/krb/checksum
+BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
+LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../arcfour
+DEFS=
+
+##DOS##BUILDTOP = ..\..\..\..
+##DOS##PREFIXDIR=checksum
+##DOS##OBJFILE=..\$(OUTPRE)cksum.lst
+
+PROG_LIBPATH=-L$(TOPLIBD)
+PROG_RPATH=$(KRB5_LIBDIR)
+
+STLIBOBJS= cbc.o confounder.o hmac_md5.o unkeyed.o
+
+OBJS=	$(OUTPRE)cbc.$(OBJEXT) $(OUTPRE)confounder.$(OBJEXT) \
+	$(OUTPRE)hmac_md5.$(OBJEXT) $(OUTPRE)unkeyed.$(OBJEXT)
+
+SRCS=	$(srcdir)/cbc.c $(srcdir)/confounder.c $(srcdir)/hmac_md5.c \
+	$(srcdir)/unkeyed.c
+
+##DOS##LIBOBJS = $(OBJS)
+
+all-unix:: all-libobjs
+
+includes:: depend
+
+depend:: $(SRCS)
+
+clean-unix:: clean-libobjs
+
+@libobj_frag@
+
diff --git a/src/lib/crypto/krb/checksum/cbc.c b/src/lib/crypto/krb/checksum/cbc.c
new file mode 100644
index 0000000..6beadf8
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/cbc.c
@@ -0,0 +1,43 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/krb/checksum/cbc.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * CBC checksum, which computes the ivec resulting from CBC encryption of the
+ * input.
+ */
+
+#include "k5-int.h"
+#include "cksumtypes.h"
+
+krb5_error_code
+krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
+                     krb5_key key, krb5_keyusage usage,
+                     const krb5_crypto_iov *data, size_t num_data,
+                     krb5_data *output)
+{
+    if (ctp->enc->cbc_mac == NULL)
+        return KRB5_CRYPTO_INTERNAL;
+    return ctp->enc->cbc_mac(key, data, num_data, NULL, output);
+}
diff --git a/src/lib/crypto/krb/checksum/confounder.c b/src/lib/crypto/krb/checksum/confounder.c
new file mode 100644
index 0000000..6429a19
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/confounder.c
@@ -0,0 +1,160 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/krb/checksum/confounder.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Confounder checksum implementation, using tokens of the form:
+ *   enc(xorkey, confounder | hash(confounder | data))
+ * where xorkey is the key XOR'd with 0xf0 bytes.
+ */
+
+#include "k5-int.h"
+#include "cksumtypes.h"
+
+/* Derive a key by XOR with 0xF0 bytes. */
+static krb5_error_code
+mk_xorkey(krb5_key origkey, krb5_key *xorkey)
+{
+    krb5_error_code retval = 0;
+    unsigned char *xorbytes;
+    krb5_keyblock xorkeyblock;
+    size_t i = 0;
+
+    xorbytes = malloc(origkey->keyblock.length);
+    if (xorbytes == NULL)
+	return ENOMEM;
+    memcpy(xorbytes, origkey->keyblock.contents, origkey->keyblock.length);
+    for (i = 0; i < origkey->keyblock.length; i++)
+        xorbytes[i] ^= 0xf0;
+
+    /* Do a shallow copy here. */
+    xorkeyblock = origkey->keyblock;
+    xorkeyblock.contents = xorbytes;
+
+    retval = krb5_k_create_key(0, &xorkeyblock, xorkey);
+    zapfree(xorbytes, sizeof(xorbytes));
+    return retval;
+}
+
+krb5_error_code
+krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
+                            krb5_key key, krb5_keyusage usage,
+                            const krb5_crypto_iov *data, size_t num_data,
+                            krb5_data *output)
+{
+    krb5_error_code ret;
+    krb5_data conf, hashval;
+    krb5_key xorkey = NULL;
+    krb5_crypto_iov *hash_iov, iov;
+    size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
+
+    /* Partition the output buffer into confounder and hash. */
+    conf = make_data(output->data, blocksize);
+    hashval = make_data(output->data + blocksize, hashsize);
+
+    /* Create the confounder. */
+    ret = krb5_c_random_make_octets(NULL, &conf);
+    if (ret != 0)
+        return ret;
+
+    ret = mk_xorkey(key, &xorkey);
+    if (ret)
+        return ret;
+
+    /* Hash the confounder, then the input data. */
+    hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+    if (hash_iov == NULL)
+	goto cleanup;
+    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    hash_iov[0].data = conf;
+    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
+    if (ret != 0)
+	goto cleanup;
+
+    /* Confounder and hash are in output buffer; encrypt them in place. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *output;
+    ret = ctp->enc->encrypt(xorkey, NULL, &iov, 1);
+
+cleanup:
+    free(hash_iov);
+    krb5_k_free_key(NULL, xorkey);
+    return ret;
+}
+
+krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
+                                          krb5_key key, krb5_keyusage usage,
+                                          const krb5_crypto_iov *data,
+                                          size_t num_data,
+                                          const krb5_data *input,
+                                          krb5_boolean *valid)
+{
+    krb5_error_code ret;
+    unsigned char *plaintext = NULL;
+    krb5_key xorkey = NULL;
+    krb5_data computed = empty_data();
+    krb5_crypto_iov *hash_iov, iov;
+    size_t blocksize = ctp->enc->block_size, hashsize = ctp->hash->hashsize;
+
+    plaintext = k5alloc(input->length, &ret);
+    if (plaintext == NULL)
+	return ret;
+
+    ret = mk_xorkey(key, &xorkey);
+    if (ret != 0)
+	goto cleanup;
+
+    /* Decrypt the input checksum. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(plaintext, input->length);
+    memcpy(plaintext, input->data, input->length);
+    ret = ctp->enc->decrypt(xorkey, NULL, &iov, 1);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Hash the confounder, then the input data. */
+    hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+    if (hash_iov == NULL)
+	goto cleanup;
+    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    hash_iov[0].data = make_data(plaintext, blocksize);
+    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    ret = alloc_data(&computed, hashsize);
+    if (ret != 0)
+	goto cleanup;
+    ret = ctp->hash->hash(hash_iov, num_data + 1, &computed);
+    if (ret != 0)
+	goto cleanup;
+
+    /* Compare the decrypted hash to the computed one. */
+    *valid = (memcmp(plaintext + blocksize, computed.data, hashsize) == 0);
+
+cleanup:
+    zapfree(plaintext, input->length);
+    zapfree(computed.data, hashsize);
+    free(hash_iov);
+    krb5_k_free_key(NULL, xorkey);
+    return ret;
+}
diff --git a/src/lib/crypto/krb/checksum/deps b/src/lib/crypto/krb/checksum/deps
new file mode 100644
index 0000000..65fd5f2
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/deps
@@ -0,0 +1,49 @@
+# 
+# Generated makefile dependencies follow.
+#
+cbc.so cbc.po $(OUTPRE)cbc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../cksumtypes.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cbc.c
+confounder.so confounder.po $(OUTPRE)confounder.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  confounder.c
+hmac_md5.so hmac_md5.po $(OUTPRE)hmac_md5.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(srcdir)/../arcfour/arcfour.h $(srcdir)/../cksumtypes.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h hmac_md5.c
+unkeyed.so unkeyed.po $(OUTPRE)unkeyed.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../cksumtypes.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h unkeyed.c
diff --git a/src/lib/crypto/krb/checksum/hmac_md5.c b/src/lib/crypto/krb/checksum/hmac_md5.c
new file mode 100644
index 0000000..1dc05ea
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/hmac_md5.c
@@ -0,0 +1,94 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/krb/checksum/hmac_md5.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Microsoft HMAC-MD5 and MD5-HMAC checksums (see RFC 4757):
+ *   HMAC(KS, hash(msusage || input))
+ * KS is HMAC(key, "signaturekey\0") for HMAC-MD5, or just the key for
+ * MD5-HMAC.
+ */
+
+#include "k5-int.h"
+#include "cksumtypes.h"
+#include "arcfour.h"
+#include "arcfour-int.h"
+
+krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output)
+{
+    krb5_keyusage ms_usage;
+    krb5_error_code ret;
+    krb5_keyblock ks, *keyblock;
+    krb5_crypto_iov *hash_iov = NULL, iov;
+    krb5_data ds = empty_data(), hashval = empty_data();
+    char t[4];
+
+    if (ctp->ctype == CKSUMTYPE_HMAC_MD5_ARCFOUR) {
+	/* Compute HMAC(key, "signaturekey\0") to get the signing key ks. */
+	ret = alloc_data(&ds, key->keyblock.length);
+	if (ret != 0)
+	    goto cleanup;
+
+	iov.flags = KRB5_CRYPTO_TYPE_DATA;
+	iov.data = make_data("signaturekey", 13);
+	ret = krb5int_hmac(ctp->hash, key, &iov, 1, &ds);
+	if (ret)
+	    goto cleanup;
+	ks.length = key->keyblock.length;
+	ks.contents = (krb5_octet *) ds.data;
+	keyblock = &ks;
+    } else  /* For md5-hmac, just use the key. */
+	keyblock = &key->keyblock;
+
+    /* Compute the MD5 value of the input. */
+    ms_usage = krb5int_arcfour_translate_usage(usage);
+    store_32_le(ms_usage, t);
+    hash_iov = k5alloc((num_data + 1) * sizeof(krb5_crypto_iov), &ret);
+    if (hash_iov == NULL)
+	goto cleanup;
+    hash_iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
+    hash_iov[0].data = make_data(t, 4);
+    memcpy(hash_iov + 1, data, num_data * sizeof(krb5_crypto_iov));
+    ret = alloc_data(&hashval, ctp->hash->hashsize);
+    if (ret != 0)
+	goto cleanup;
+    ret = ctp->hash->hash(hash_iov, num_data + 1, &hashval);
+    if (ret != 0)
+	goto cleanup;
+
+    /* Compute HMAC(ks, md5value). */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = hashval;
+    ret = krb5int_hmac_keyblock(ctp->hash, keyblock, &iov, 1, output);
+
+cleanup:
+    zapfree(ds.data, ds.length);
+    zapfree(hashval.data, hashval.length);
+    free(hash_iov);
+    return ret;
+}
diff --git a/src/lib/crypto/krb/checksum/unkeyed.c b/src/lib/crypto/krb/checksum/unkeyed.c
new file mode 100644
index 0000000..fddd676
--- /dev/null
+++ b/src/lib/crypto/krb/checksum/unkeyed.c
@@ -0,0 +1,40 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/krb/checksum/unkeyed.c
+ *
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * Unkeyed hash checksum implementation.
+ */
+
+#include "k5-int.h"
+#include "cksumtypes.h"
+
+krb5_error_code
+krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
+                         krb5_key key, krb5_keyusage usage,
+                         const krb5_crypto_iov *data, size_t num_data,
+                         krb5_data *output)
+{
+    return ctp->hash->hash(data, num_data, output);
+}
diff --git a/src/lib/crypto/krb/checksum_length.c b/src/lib/crypto/krb/checksum_length.c
index bc1c9d3..2e869cb 100644
--- a/src/lib/crypto/krb/checksum_length.c
+++ b/src/lib/crypto/krb/checksum_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,24 +30,14 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
-		       size_t *length)
+                       size_t *length)
 {
-    unsigned int i;
+    const struct krb5_cksumtypes *ctp;
 
-    for (i=0; i<krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
-    }
-
-    if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
-
-    if (krb5int_cksumtypes_list[i].keyhash)
-	*length = krb5int_cksumtypes_list[i].keyhash->hashsize;
-    else if (krb5int_cksumtypes_list[i].trunc_size)
-	*length = krb5int_cksumtypes_list[i].trunc_size;
-    else
-	*length = krb5int_cksumtypes_list[i].hash->hashsize;
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
+    *length = ctp->output_size;
     return 0;
 }
diff --git a/src/lib/crypto/krb/cksumtype_to_string.c b/src/lib/crypto/krb/cksumtype_to_string.c
index d5bb702..1c084e6 100644
--- a/src/lib/crypto/krb/cksumtype_to_string.c
+++ b/src/lib/crypto/krb/cksumtype_to_string.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,16 +31,13 @@
 krb5_error_code KRB5_CALLCONV
 krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
 {
-    unsigned int i;
+    const struct krb5_cksumtypes *ctp;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype) {
-	    if (strlcpy(buffer, krb5int_cksumtypes_list[i].out_string,
-			buflen) >= buflen)
-		return ENOMEM;
-	    return 0;
-	}
-    }
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
-    return EINVAL;
+    if (strlcpy(buffer, ctp->out_string, buflen) >= buflen)
+        return ENOMEM;
+    return 0;
 }
diff --git a/src/lib/crypto/krb/cksumtypes.c b/src/lib/crypto/krb/cksumtypes.c
index 2c1924d..74fd158 100644
--- a/src/lib/crypto/krb/cksumtypes.c
+++ b/src/lib/crypto/krb/cksumtypes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -25,67 +26,85 @@
  */
 
 #include "k5-int.h"
+#include "enc_provider.h"
 #include "hash_provider.h"
-#include "keyhash_provider.h"
+#include "dk.h"
 #include "cksumtypes.h"
 
 const struct krb5_cksumtypes krb5int_cksumtypes_list[] = {
-    { CKSUMTYPE_CRC32, KRB5_CKSUMFLAG_NOT_COLL_PROOF,
+    { CKSUMTYPE_CRC32,
       "crc32", { 0 }, "CRC-32",
-      0, NULL,
-      &krb5int_hash_crc32 },
+      NULL, &krb5int_hash_crc32,
+      krb5int_unkeyed_checksum, NULL,
+      4, 4, CKSUM_UNKEYED | CKSUM_NOT_COLL_PROOF },
 
-    { CKSUMTYPE_RSA_MD4, 0,
+    { CKSUMTYPE_RSA_MD4,
       "md4", { 0 }, "RSA-MD4",
-      0, NULL,
-      &krb5int_hash_md4 },
-    { CKSUMTYPE_RSA_MD4_DES, 0,
+      NULL, &krb5int_hash_md4,
+      krb5int_unkeyed_checksum, NULL,
+      16, 16, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_RSA_MD4_DES,
       "md4-des", { 0 }, "RSA-MD4 with DES cbc mode",
-      ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_md4des,
-      NULL },
+      &krb5int_enc_des, &krb5int_hash_md4,
+      krb5int_confounder_checksum, krb5int_confounder_verify,
+      24, 24, 0 },
 
-    { CKSUMTYPE_DESCBC, 0,
+    { CKSUMTYPE_DESCBC,
       "des-cbc", { 0 }, "DES cbc mode",
-      ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_descbc,
-      NULL },
+      &krb5int_enc_des, NULL,
+      krb5int_cbc_checksum, NULL,
+      8, 8, 0 },
 
-    { CKSUMTYPE_RSA_MD5, 0,
+    { CKSUMTYPE_RSA_MD5,
       "md5", { 0 }, "RSA-MD5",
-      0, NULL,
-      &krb5int_hash_md5 },
-    { CKSUMTYPE_RSA_MD5_DES, 0,
+      NULL, &krb5int_hash_md5,
+      krb5int_unkeyed_checksum, NULL,
+      16, 16, CKSUM_UNKEYED },
+
+    { CKSUMTYPE_RSA_MD5_DES,
       "md5-des", { 0 }, "RSA-MD5 with DES cbc mode",
-      ENCTYPE_DES_CBC_CRC, &krb5int_keyhash_md5des,
-      NULL },
+      &krb5int_enc_des, &krb5int_hash_md5,
+      krb5int_confounder_checksum, krb5int_confounder_verify,
+      24, 24, 0 },
 
-    { CKSUMTYPE_NIST_SHA, 0,
+    { CKSUMTYPE_NIST_SHA,
       "sha", { 0 }, "NIST-SHA",
-      0, NULL,
-      &krb5int_hash_sha1 },
+      NULL, &krb5int_hash_sha1,
+      krb5int_unkeyed_checksum, NULL,
+      20, 20, CKSUM_UNKEYED },
 
-    { CKSUMTYPE_HMAC_SHA1_DES3, KRB5_CKSUMFLAG_DERIVE,
+    { CKSUMTYPE_HMAC_SHA1_DES3,
       "hmac-sha1-des3", { "hmac-sha1-des3-kd" }, "HMAC-SHA1 DES3 key",
-      0, NULL,
-      &krb5int_hash_sha1 },
-    { CKSUMTYPE_HMAC_MD5_ARCFOUR, 0,
+      NULL, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 20, 0 },
+
+    { CKSUMTYPE_HMAC_MD5_ARCFOUR,
       "hmac-md5-rc4", { "hmac-md5-enc", "hmac-md5-earcfour" },
       "Microsoft HMAC MD5 (RC4 key)",
-      ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_hmac_md5,
-      NULL },
+      &krb5int_enc_arcfour, &krb5int_hash_md5,
+      krb5int_hmacmd5_checksum, NULL,
+      16, 16, 0 },
 
-    { CKSUMTYPE_HMAC_SHA1_96_AES128, KRB5_CKSUMFLAG_DERIVE,
+    { CKSUMTYPE_HMAC_SHA1_96_AES128,
       "hmac-sha1-96-aes128", { 0 }, "HMAC-SHA1 AES128 key",
-      0, NULL,
-      &krb5int_hash_sha1, 12 },
-    { CKSUMTYPE_HMAC_SHA1_96_AES256, KRB5_CKSUMFLAG_DERIVE,
+      NULL, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 12, 0 },
+
+    { CKSUMTYPE_HMAC_SHA1_96_AES256,
       "hmac-sha1-96-aes256", { 0 }, "HMAC-SHA1 AES256 key",
-      0, NULL,
-      &krb5int_hash_sha1, 12 },
-    { CKSUMTYPE_MD5_HMAC_ARCFOUR, 0,
+      NULL, &krb5int_hash_sha1,
+      krb5int_dk_checksum, NULL,
+      20, 12, 0 },
+
+    { CKSUMTYPE_MD5_HMAC_ARCFOUR,
       "md5-hmac-rc4", { 0 }, "Microsoft MD5 HMAC (RC4 key)",
-      ENCTYPE_ARCFOUR_HMAC, &krb5int_keyhash_md5_hmac,
-      NULL }
+      &krb5int_enc_arcfour, &krb5int_hash_md5,
+      krb5int_hmacmd5_checksum, NULL,
+      16, 16, 0 },
 };
 
-const unsigned int krb5int_cksumtypes_length =
+const size_t krb5int_cksumtypes_length =
     sizeof(krb5int_cksumtypes_list) / sizeof(struct krb5_cksumtypes);
diff --git a/src/lib/crypto/krb/cksumtypes.h b/src/lib/crypto/krb/cksumtypes.h
index f3e1f57..8c32f66 100644
--- a/src/lib/crypto/krb/cksumtypes.h
+++ b/src/lib/crypto/krb/cksumtypes.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,42 +28,114 @@
 #ifndef CKSUMTYPES_H
 #define CKSUMTYPES_H
 #include "k5-int.h"
+#include "etypes.h"
+
+struct krb5_cksumtypes;
+
+/*
+ * Compute a checksum over the header, data, padding, and sign-only fields of
+ * the iov array data (of size num_data).  The output buffer will already be
+ * allocated with ctp->compute_size bytes available; the handler just needs to
+ * fill in the contents.  If ctp->enc is not NULL, the handler can assume that
+ * key is a valid-length key of an enctype which uses that enc provider.
+ */
+typedef krb5_error_code (*checksum_func)(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+
+/*
+ * Verify a checksum over the header, data, padding, and sign-only fields of
+ * the iov array data (of size num_data), and store the boolean result in
+ * *valid.  The handler can assume that hash has length ctp->output_size.  If
+ * ctp->enc is not NULL, the handler can assume that key a valid-length key of
+ * an enctype which uses that enc provider.
+ */
+typedef krb5_error_code (*verify_func)(const struct krb5_cksumtypes *ctp,
+                                       krb5_key key, krb5_keyusage usage,
+                                       const krb5_crypto_iov *data,
+                                       size_t num_data,
+                                       const krb5_data *input,
+                                       krb5_boolean *valid);
 
 struct krb5_cksumtypes {
     krb5_cksumtype ctype;
-    unsigned int flags;
     char *name;
     char *aliases[2];
     char *out_string;
-    /*
-     * If the hash is keyed, this is the etype it is keyed with.
-     * Actually, it can be keyed by any etype which has the same
-     * enc_provider as the specified etype.  DERIVE checksums can
-     * be keyed with any valid etype.
-     */
-    krb5_enctype keyed_etype;
-    /*
-     * I can't statically initialize a union, so I'm just going to use
-     * two pointers here.  The keyhash is used if non-NULL.  If NULL,
-     * then HMAC/hash with derived keys is used if the relevant flag
-     * is set.  Otherwise, a non-keyed hash is computed.  This is all
-     * kind of messy, but so is the krb5 api.
-     */
-    const struct krb5_keyhash_provider *keyhash;
+    const struct krb5_enc_provider *enc;
     const struct krb5_hash_provider *hash;
-    /*
-     * This just gets uglier and uglier.  In the key derivation case,
-     * we produce an hmac.  To make the hmac code work, we can't hack
-     * the output size indicated by the hash provider, but we may want
-     * a truncated hmac.  If we want truncation, this is the number of
-     * bytes we truncate to; it should be 0 otherwise.
-     */
-    unsigned int trunc_size;
+    checksum_func checksum;
+    verify_func verify;         /* NULL means recompute checksum and compare */
+    unsigned int compute_size;  /* Allocation size for checksum computation */
+    unsigned int output_size;   /* Possibly truncated output size */
+    krb5_flags flags;
 };
 
-#define KRB5_CKSUMFLAG_DERIVE		0x0001
-#define KRB5_CKSUMFLAG_NOT_COLL_PROOF	0x0002
+#define CKSUM_UNKEYED          0x0001
+#define CKSUM_NOT_COLL_PROOF   0x0002
 
 extern const struct krb5_cksumtypes krb5int_cksumtypes_list[];
-extern const unsigned int krb5int_cksumtypes_length;
+extern const size_t krb5int_cksumtypes_length;
+
+krb5_error_code krb5int_unkeyed_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+
+krb5_error_code krb5int_cbc_checksum(const struct krb5_cksumtypes *ctp,
+                                     krb5_key key, krb5_keyusage usage,
+                                     const krb5_crypto_iov *data,
+                                     size_t num_data,
+                                     krb5_data *output);
+
+krb5_error_code krb5int_hmacmd5_checksum(const struct krb5_cksumtypes *ctp,
+                                         krb5_key key, krb5_keyusage usage,
+                                         const krb5_crypto_iov *data,
+                                         size_t num_data,
+                                         krb5_data *output);
+
+krb5_error_code krb5int_confounder_checksum(const struct krb5_cksumtypes *ctp,
+                                            krb5_key key, krb5_keyusage usage,
+                                            const krb5_crypto_iov *data,
+                                            size_t num_data,
+                                            krb5_data *output);
+
+krb5_error_code krb5int_confounder_verify(const struct krb5_cksumtypes *ctp,
+                                          krb5_key key, krb5_keyusage usage,
+                                          const krb5_crypto_iov *data,
+                                          size_t num_data,
+                                          const krb5_data *input,
+                                          krb5_boolean *valid);
+
+static inline const struct krb5_cksumtypes *
+find_cksumtype(krb5_cksumtype ctype)
+{
+    size_t i;
+
+    for (i = 0; i < krb5int_cksumtypes_length; i++) {
+        if (krb5int_cksumtypes_list[i].ctype == ctype)
+            break;
+    }
+
+    if (i == krb5int_cksumtypes_length)
+        return NULL;
+    return &krb5int_cksumtypes_list[i];
+}
+
+static inline krb5_error_code
+verify_key(const struct krb5_cksumtypes *ctp, krb5_key key)
+{
+    const struct krb5_keytypes *ktp;
+
+    ktp = key ? find_enctype(key->keyblock.enctype) : NULL;
+    if (ctp->enc != NULL && (!ktp || ktp->enc != ctp->enc))
+        return KRB5_BAD_ENCTYPE;
+    if (key && (!ktp || key->keyblock.length != ktp->enc->keylength))
+        return KRB5_BAD_KEYSIZE;
+    return 0;
+}
+
 #endif
diff --git a/src/lib/crypto/krb/coll_proof_cksum.c b/src/lib/crypto/krb/coll_proof_cksum.c
index a6226ba..bc13ba4 100644
--- a/src/lib/crypto/krb/coll_proof_cksum.c
+++ b/src/lib/crypto/krb/coll_proof_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,15 +31,8 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
 {
-    unsigned int i;
+    const struct krb5_cksumtypes *ctp;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == ctype)
-	    return((krb5int_cksumtypes_list[i].flags &
-		    KRB5_CKSUMFLAG_NOT_COLL_PROOF) ? FALSE : TRUE);
-    }
-
-    /* ick, but it's better than coredumping, which is what the
-       old code would have done */
-    return FALSE;
+    ctp = find_cksumtype(ctype);
+    return (ctp != NULL && !(ctp->flags & CKSUM_NOT_COLL_PROOF));
 }
diff --git a/src/lib/crypto/krb/combine_keys.c b/src/lib/crypto/krb/combine_keys.c
index 3aa24da..b743538 100644
--- a/src/lib/crypto/krb/combine_keys.c
+++ b/src/lib/crypto/krb/combine_keys.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (c) 2002 Naval Research Laboratory (NRL/CCS)
  *
@@ -32,7 +33,7 @@
  * R2 = DR(Key2, n-fold(Key1)) [ Output is length of Key2 ]
  *
  * rnd = n-fold(R1 | R2) [ Note: output size of nfold must be appropriately
- *			   sized for random-to-key function ]
+ *                         sized for random-to-key function ]
  * tkey = random-to-key(rnd)
  * Combine-Key(Key1, Key2) = DK(tkey, CombineConstant)
  *
@@ -47,8 +48,8 @@
 #include "dk.h"
 
 static krb5_error_code dr(const struct krb5_enc_provider *enc,
-			  const krb5_keyblock *inkey, unsigned char *outdata,
-			  const krb5_data *in_constant);
+                          const krb5_keyblock *inkey, unsigned char *outdata,
+                          const krb5_data *in_constant);
 
 /*
  * We only support this combine_keys algorithm for des and 3des keys.
@@ -64,15 +65,15 @@ enctype_ok(krb5_enctype e)
     case ENCTYPE_DES_CBC_MD4:
     case ENCTYPE_DES_CBC_MD5:
     case ENCTYPE_DES3_CBC_SHA1:
-	return TRUE;
+        return TRUE;
     default:
-	return FALSE;
+        return FALSE;
     }
 }
 
 krb5_error_code
 krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
-		       krb5_keyblock *key2, krb5_keyblock *outkey)
+                       krb5_keyblock *key2, krb5_keyblock *outkey)
 {
     unsigned char *r1 = NULL, *r2 = NULL, *combined = NULL, *rnd = NULL;
     unsigned char *output = NULL;
@@ -86,15 +87,15 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     krb5_boolean myalloc = FALSE;
 
     if (!enctype_ok(key1->enctype) || !enctype_ok(key2->enctype))
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     if (key1->length != key2->length || key1->enctype != key2->enctype)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     /* Find our encryption algorithm. */
     ktp = find_enctype(key1->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     keybytes = enc->keybytes;
@@ -103,19 +104,19 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     /* Allocate and set up buffers. */
     r1 = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     r2 = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     rnd = k5alloc(keybytes, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     combined = k5alloc(keybytes * 2, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
     output = k5alloc(keylength, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Get R1 and R2 (by running the input keys through the DR algorithm.
@@ -126,13 +127,13 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
     input.data = (char *) key2->contents;
     ret = dr(enc, key1, r1, &input);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     input.length = key1->length;
     input.data = (char *) key1->contents;
     ret = dr(enc, key2, r2, &input);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Concatenate the two keys together, and then run them through
@@ -158,11 +159,11 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
 
     ret = (*enc->make_key)(&randbits, &tkeyblock);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &tkeyblock, &tkey);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /*
      * Run through derive-key one more time to produce the final key.
@@ -182,21 +183,21 @@ krb5int_c_combine_keys(krb5_context context, krb5_keyblock *key1,
      */
 
     if (outkey->length == 0 || outkey->contents == NULL) {
-	outkey->contents = k5alloc(keylength, &ret);
-	if (ret)
-	    goto cleanup;
-	outkey->length = keylength;
-	outkey->enctype = key1->enctype;
-	myalloc = TRUE;
+        outkey->contents = k5alloc(keylength, &ret);
+        if (ret)
+            goto cleanup;
+        outkey->length = keylength;
+        outkey->enctype = key1->enctype;
+        myalloc = TRUE;
     }
 
     ret = krb5int_derive_keyblock(enc, tkey, outkey, &input);
     if (ret) {
-	if (myalloc) {
-	    free(outkey->contents);
-	    outkey->contents = NULL;
-	}
-	goto cleanup;
+        if (myalloc) {
+            free(outkey->contents);
+            outkey->contents = NULL;
+        }
+        goto cleanup;
     }
 
 cleanup:
@@ -209,70 +210,19 @@ cleanup:
     return ret;
 }
 
-/*
- * Our DR function; mostly taken from derive.c
- */
-
+/* Our DR function, a simple wrapper around krb5int_derive_random(). */
 static krb5_error_code
 dr(const struct krb5_enc_provider *enc, const krb5_keyblock *inkey,
    unsigned char *out, const krb5_data *in_constant)
 {
-    size_t blocksize, keybytes, n;
-    unsigned char *inblockdata = NULL, *outblockdata = NULL;
-    krb5_data inblock, outblock;
-    krb5_error_code ret;
+    krb5_data outdata = make_data(out, enc->keybytes);
     krb5_key key = NULL;
+    krb5_error_code ret;
 
-    blocksize = enc->block_size;
-    keybytes = enc->keybytes;
-
-    /* Allocate and set up buffers. */
-    inblockdata = k5alloc(blocksize, &ret);
-    if (ret)
-	goto cleanup;
-    outblockdata = k5alloc(blocksize, &ret);
-    if (ret)
-	goto cleanup;
     ret = krb5_k_create_key(NULL, inkey, &key);
-    if (ret)
-	goto cleanup;
-
-    inblock.data = (char *) inblockdata;
-    inblock.length = blocksize;
-
-    outblock.data = (char *) outblockdata;
-    outblock.length = blocksize;
-
-    /* initialize the input block */
-
-    if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
-    } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
-    }
-
-    /* loop encrypting the blocks until enough key bytes are generated */
-
-    n = 0;
-    while (n < keybytes) {
-	ret = (*enc->encrypt)(key, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
-
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(out + n, outblock.data, (keybytes - n));
-	    break;
-	}
-
-	memcpy(out + n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
-    }
-
-cleanup:
-    zapfree(inblockdata, blocksize);
-    zapfree(outblockdata, blocksize);
+    if (ret != 0)
+        return ret;
+    ret = krb5int_derive_random(enc, key, &outdata, in_constant);
     krb5_k_free_key(NULL, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/crc32/Makefile.in b/src/lib/crypto/krb/crc32/Makefile.in
index d62b6ed..b34f3aa 100644
--- a/src/lib/crypto/krb/crc32/Makefile.in
+++ b/src/lib/crypto/krb/crc32/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/crc32
 mydir=lib/crypto/krb/crc32
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/crypto/krb/crc32/crc-32.h b/src/lib/crypto/krb/crc32/crc-32.h
index 5c8c5bc..08fce6d 100644
--- a/src/lib/crypto/krb/crc32/crc-32.h
+++ b/src/lib/crypto/krb/crc32/crc-32.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * include/krb5/crc-32.h
  *
@@ -57,15 +58,10 @@
 #ifndef KRB5_CRC32__
 #define KRB5_CRC32__
 
-#define CRC32_CKSUM_LENGTH	4
+#define CRC32_CKSUM_LENGTH      4
 
+/* c is in-out to allow chaining; initialize to 0. */
 void
 mit_crc32 (krb5_pointer in, size_t in_length, unsigned long *c);
 
-#ifdef CRC32_SHIFT4
-void mit_crc32_shift4(krb5_pointer /* in */,
-		      size_t /* in_length */,
-		      unsigned long * /* cksum */);
-#endif
-
 #endif /* KRB5_CRC32__ */
diff --git a/src/lib/crypto/krb/crc32/crc32.c b/src/lib/crypto/krb/crc32/crc32.c
index ee7e53f..659e611 100644
--- a/src/lib/crypto/krb/crc32/crc32.c
+++ b/src/lib/crypto/krb/crc32/crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crc32/crc.c
  *
@@ -144,49 +145,23 @@ static u_long const crc_table[256] = {
     0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
     0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
     0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-    };
+};
 
 void
 mit_crc32(krb5_pointer in, size_t in_length, unsigned long *cksum)
 {
     register u_char *data;
-    register u_long c = 0;
+    register u_long c = *cksum;
     register int idx;
     size_t i;
 
     data = (u_char *)in;
     for (i = 0; i < in_length; i++) {
-	idx = (int) (data[i] ^ c);
-	idx &= 0xff;
-	c >>= 8;
-	c ^= crc_table[idx];
+        idx = (int) (data[i] ^ c);
+        idx &= 0xff;
+        c >>= 8;
+        c ^= crc_table[idx];
     }
 
     *cksum = c;
 }
-
-#ifdef CRC32_SHIFT4
-static unsigned long const tbl4[16] = {
-    0x00000000, 0x1db71064, 0x3b6e20c8, 0x26d930ac,
-    0x76dc4190, 0x6b6b51f4, 0x4db26158, 0x5005713c,
-    0xedb88320, 0xf00f9344, 0xd6d6a3e8, 0xcb61b38c,
-    0x9b64c2b0, 0x86d3d2d4, 0xa00ae278, 0xbdbdf21c
-};
-
-void
-mit_crc32_shift4(krb5_pointer in, size_t in_length, unsigned long *cksum)
-{
-    register unsigned char *data, b;
-    register unsigned long c = 0;
-    size_t i;
-
-    data = (u_char *)in;
-    for (i = 0; i < in_length; i++) {
-	b = data[i];
-	c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
-	b >>= 4;
-	c = (c >> 4) ^ tbl4[(b ^ c) & 0x0f];
-    }
-    *cksum = c;
-}
-#endif
diff --git a/src/lib/crypto/krb/crc32/deps b/src/lib/crypto/krb/crc32/deps
index bc04f15..e0243cc 100644
--- a/src/lib/crypto/krb/crc32/deps
+++ b/src/lib/crypto/krb/crc32/deps
@@ -3,11 +3,11 @@
 #
 crc32.so crc32.po $(OUTPRE)crc32.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h crc-32.h crc32.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h crc-32.h crc32.c
diff --git a/src/lib/crypto/krb/crypto_length.c b/src/lib/crypto/krb/crypto_length.c
index 00de30c..3b0a9ac 100644
--- a/src/lib/crypto/krb/crypto_length.c
+++ b/src/lib/crypto/krb/crypto_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/crypto_length.c
  *
@@ -30,59 +31,53 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_crypto_length(krb5_context context, krb5_enctype enctype,
-		     krb5_cryptotype type, unsigned int *size)
+                     krb5_cryptotype type, unsigned int *size)
 {
     const struct krb5_keytypes *ktp;
-    krb5_error_code ret;
 
     ktp = find_enctype(enctype);
-    if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
     switch (type) {
     case KRB5_CRYPTO_TYPE_EMPTY:
     case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	*size = 0;
-	ret = 0;
-	break;
+        *size = 0;
+        break;
     case KRB5_CRYPTO_TYPE_DATA:
-	*size = (size_t)~0; /* match Heimdal */
-	ret = 0;
-	break;
+        *size = (size_t)~0; /* match Heimdal */
+        break;
     case KRB5_CRYPTO_TYPE_HEADER:
     case KRB5_CRYPTO_TYPE_PADDING:
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
-					  type, size);
-	break;
+        *size = ktp->crypto_length(ktp, type);
+        break;
     default:
-	ret = EINVAL;
-	break;
+        return EINVAL;
     }
 
-    return ret;
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_padding_length(krb5_context context, krb5_enctype enctype,
-		      size_t data_length, unsigned int *pad_length)
+                      size_t data_length, unsigned int *pad_length)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(enctype);
-    if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
-    return krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
-				    data_length, pad_length);
+    *pad_length = krb5int_c_padding_length(ktp, data_length);
+    return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
-			 krb5_crypto_iov *data, size_t num_data)
+                         krb5_crypto_iov *data, size_t num_data)
 {
-    krb5_error_code ret = 0;
     size_t i;
     const struct krb5_keytypes *ktp;
     unsigned int data_length = 0, pad_length;
@@ -94,51 +89,40 @@ krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype,
      */
 
     ktp = find_enctype(enctype);
-    if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
-
-	switch (iov->flags) {
-	case KRB5_CRYPTO_TYPE_DATA:
-	    data_length += iov->data.length;
-	    break;
-	case KRB5_CRYPTO_TYPE_PADDING:
-	    if (padding != NULL)
-		return EINVAL;
-
-	    padding = iov;
-	    break;
-	case KRB5_CRYPTO_TYPE_HEADER:
-	case KRB5_CRYPTO_TYPE_TRAILER:
-	case KRB5_CRYPTO_TYPE_CHECKSUM:
-	    ret = (*ktp->aead->crypto_length)(ktp->aead, ktp->enc, ktp->hash,
-					      iov->flags, &iov->data.length);
-	    break;
-	case KRB5_CRYPTO_TYPE_EMPTY:
-	case KRB5_CRYPTO_TYPE_SIGN_ONLY:
-	default:
-	    break;
-	}
-
-	if (ret != 0)
-	    break;
+        krb5_crypto_iov *iov = &data[i];
+
+        switch (iov->flags) {
+        case KRB5_CRYPTO_TYPE_DATA:
+            data_length += iov->data.length;
+            break;
+        case KRB5_CRYPTO_TYPE_PADDING:
+            if (padding != NULL)
+                return EINVAL;
+
+            padding = iov;
+            break;
+        case KRB5_CRYPTO_TYPE_HEADER:
+        case KRB5_CRYPTO_TYPE_TRAILER:
+        case KRB5_CRYPTO_TYPE_CHECKSUM:
+            iov->data.length = ktp->crypto_length(ktp, iov->flags);
+            break;
+        case KRB5_CRYPTO_TYPE_EMPTY:
+        case KRB5_CRYPTO_TYPE_SIGN_ONLY:
+        default:
+            break;
+        }
     }
 
-    if (ret != 0)
-	return ret;
-
-    ret = krb5int_c_padding_length(ktp->aead, ktp->enc, ktp->hash,
-				   data_length, &pad_length);
-    if (ret != 0)
-	return ret;
-
+    pad_length = krb5int_c_padding_length(ktp, data_length);
     if (pad_length != 0 && padding == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if (padding != NULL)
-	padding->data.length = pad_length;
+        padding->data.length = pad_length;
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/crypto_libinit.c b/src/lib/crypto/krb/crypto_libinit.c
index 91bf8ac..a69db38 100644
--- a/src/lib/crypto/krb/crypto_libinit.c
+++ b/src/lib/crypto/krb/crypto_libinit.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <assert.h>
 #include "k5-int.h"
 
@@ -28,6 +29,6 @@ int krb5int_crypto_init(void)
 void cryptoint_cleanup_library (void)
 {
     if (!INITIALIZER_RAN(cryptoint_initialize_library))
-	return;
+        return;
     krb5int_prng_cleanup ();
 }
diff --git a/src/lib/crypto/krb/decrypt.c b/src/lib/crypto/krb/decrypt.c
index 9ad68ad..c12c90d 100644
--- a/src/lib/crypto/krb/decrypt.c
+++ b/src/lib/crypto/krb/decrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,41 +31,72 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_decrypt(krb5_context context, krb5_key key,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_enc_data *input, krb5_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_enc_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
+    krb5_crypto_iov iov[4];
+    krb5_error_code ret;
+    unsigned int header_len, trailer_len, plain_len;
+    char *scratch = NULL;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (input->enctype != ENCTYPE_UNKNOWN && ktp->etype != input->enctype)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
+
+    /* Verify the input and output lengths. */
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+    if (input->ciphertext.length < header_len + trailer_len)
+        return KRB5_BAD_MSIZE;
+    plain_len = input->ciphertext.length - header_len - trailer_len;
+    if (output->length < plain_len)
+        return KRB5_BAD_MSIZE;
+
+    scratch = k5alloc(header_len + trailer_len, &ret);
+    if (scratch == NULL)
+        return ret;
+
+    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+    iov[0].data = make_data(scratch, header_len);
+    memcpy(iov[0].data.data, input->ciphertext.data, header_len);
 
-    if (ktp->decrypt == NULL) {
-	assert(ktp->aead != NULL);
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(output->data, plain_len);
+    memcpy(iov[1].data.data, input->ciphertext.data + header_len, plain_len);
 
-	return krb5int_c_decrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     key, usage, ivec,
-					     &input->ciphertext, output);
-    }
+    /* Use empty padding since tokens don't indicate the padding length. */
+    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
+    iov[2].data = empty_data();
 
-    return (*ktp->decrypt)(ktp->enc, ktp->hash, key, usage, ivec,
-			   &input->ciphertext, output);
+    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    iov[3].data = make_data(scratch + header_len, trailer_len);
+    memcpy(iov[3].data.data, input->ciphertext.data + header_len + plain_len,
+           trailer_len);
+
+    ret = ktp->decrypt(ktp, key, usage, ivec, iov, 4);
+    if (ret != 0)
+        zap(output->data, plain_len);
+    else
+        output->length = plain_len;
+    zapfree(scratch, header_len + trailer_len);
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_decrypt(krb5_context context, const krb5_keyblock *keyblock,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_enc_data *input, krb5_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_enc_data *input, krb5_data *output)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_decrypt(context, key, usage, ivec, input, output);
     krb5_k_free_key(context, key);
     return ret;
diff --git a/src/lib/crypto/krb/decrypt_iov.c b/src/lib/crypto/krb/decrypt_iov.c
index 1813af9..f52a727 100644
--- a/src/lib/crypto/krb/decrypt_iov.c
+++ b/src/lib/crypto/krb/decrypt_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/encrypt_iov.c
  *
@@ -29,46 +30,38 @@
 #include "aead.h"
 
 krb5_error_code KRB5_CALLCONV
-krb5_k_decrypt_iov(krb5_context context,
-		   krb5_key key,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
-    if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
     if (krb5int_c_locate_iov(data, num_data,
-			     KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(ktp->aead, ktp->enc, ktp->hash,
-					    key, usage, cipher_state, data,
-					    num_data);
+                             KRB5_CRYPTO_TYPE_STREAM) != NULL) {
+        return krb5int_c_iov_decrypt_stream(ktp, key, usage, cipher_state,
+                                            data, num_data);
     }
 
-    return (*ktp->aead->decrypt_iov)(ktp->aead, ktp->enc, ktp->hash, key,
-				     usage, cipher_state, data, num_data);
+    return ktp->decrypt(ktp, key, usage, cipher_state, data, num_data);
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_decrypt_iov(krb5_context context,
-		   const krb5_keyblock *keyblock,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_decrypt_iov(context, key, usage, cipher_state, data,
-			     num_data);
+                             num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/default_state.c b/src/lib/crypto/krb/default_state.c
index 9995b27..d44b31f 100644
--- a/src/lib/crypto/krb/default_state.c
+++ b/src/lib/crypto/krb/default_state.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2001 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -34,27 +35,27 @@
 krb5_error_code krb5int_des_init_state
 (const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state )
 {
-  new_state->length = 8;
-  new_state->data = (void *) malloc(8);
-  if (new_state->data) {
-    memset (new_state->data, 0, new_state->length);
-    /* We need to copy in the key for des-cbc-cr--ick, but that's how it works*/
-    if (key->enctype == ENCTYPE_DES_CBC_CRC) {
-      memcpy (new_state->data, key->contents, new_state->length);
-  }
-  } else {
-    return ENOMEM;
-  }
-  return 0;
+    new_state->length = 8;
+    new_state->data = (void *) malloc(8);
+    if (new_state->data) {
+        memset (new_state->data, 0, new_state->length);
+        /* We need to copy in the key for des-cbc-cr--ick, but that's how it works*/
+        if (key->enctype == ENCTYPE_DES_CBC_CRC) {
+            memcpy (new_state->data, key->contents, new_state->length);
+        }
+    } else {
+        return ENOMEM;
+    }
+    return 0;
 }
 
 krb5_error_code krb5int_default_free_state
 (krb5_data *state)
 {
-  if (state->data) {
-    free (state->data);
-    state-> data = NULL;
-    state->length = 0;
-  }
-  return 0;
+    if (state->data) {
+        free (state->data);
+        state-> data = NULL;
+        state->length = 0;
+    }
+    return 0;
 }
diff --git a/src/lib/crypto/krb/deps b/src/lib/crypto/krb/deps
index 7d9005c..5e081f7 100644
--- a/src/lib/crypto/krb/deps
+++ b/src/lib/crypto/krb/deps
@@ -3,454 +3,455 @@
 #
 aead.so aead.po $(OUTPRE)aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/dk/dk.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/dk/dk.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   aead.c aead.h cksumtypes.h etypes.h
 block_size.so block_size.po $(OUTPRE)block_size.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   block_size.c etypes.h
 checksum_length.so checksum_length.po $(OUTPRE)checksum_length.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  checksum_length.c cksumtypes.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  checksum_length.c cksumtypes.h etypes.h
 cksumtype_to_string.so cksumtype_to_string.po $(OUTPRE)cksumtype_to_string.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtype_to_string.c cksumtypes.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtype_to_string.c cksumtypes.h etypes.h
 cksumtypes.so cksumtypes.po $(OUTPRE)cksumtypes.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(srcdir)/../builtin/enc_provider/enc_provider.h \
   $(srcdir)/../builtin/hash_provider/hash_provider.h \
-  $(srcdir)/keyhash_provider/keyhash_provider.h cksumtypes.c \
-  cksumtypes.h
+  $(srcdir)/dk/dk.h $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.c cksumtypes.h etypes.h
 coll_proof_cksum.so coll_proof_cksum.po $(OUTPRE)coll_proof_cksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtypes.h coll_proof_cksum.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.h coll_proof_cksum.c etypes.h
 combine_keys.so combine_keys.po $(OUTPRE)combine_keys.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/dk/dk.h combine_keys.c etypes.h
+  $(COM_ERR_DEPS) $(srcdir)/dk/dk.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h combine_keys.c \
+  etypes.h
 crypto_length.so crypto_length.po $(OUTPRE)crypto_length.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   aead.h cksumtypes.h crypto_length.c etypes.h
 crypto_libinit.so crypto_libinit.po $(OUTPRE)crypto_libinit.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   crypto_libinit.c
 default_state.so default_state.po $(OUTPRE)default_state.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   default_state.c
 decrypt.so decrypt.po $(OUTPRE)decrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aead.h cksumtypes.h \
   decrypt.c etypes.h
 decrypt_iov.so decrypt_iov.po $(OUTPRE)decrypt_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   aead.h cksumtypes.h decrypt_iov.c etypes.h
 encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h aead.h cksumtypes.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h aead.h cksumtypes.h \
   encrypt.c etypes.h
 encrypt_iov.so encrypt_iov.po $(OUTPRE)encrypt_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   encrypt_iov.c etypes.h
 encrypt_length.so encrypt_length.po $(OUTPRE)encrypt_length.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   aead.h cksumtypes.h encrypt_length.c etypes.h
 enctype_compare.so enctype_compare.po $(OUTPRE)enctype_compare.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   enctype_compare.c etypes.h
 enctype_to_string.so enctype_to_string.po $(OUTPRE)enctype_to_string.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   enctype_to_string.c etypes.h
 etypes.so etypes.po $(OUTPRE)etypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../builtin/aes/aes_s2k.h \
-  $(srcdir)/../builtin/arcfour/arcfour.h $(srcdir)/../builtin/des/des_int.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/des/des_int.h \
   $(srcdir)/../builtin/enc_provider/enc_provider.h $(srcdir)/../builtin/hash_provider/hash_provider.h \
-  $(srcdir)/dk/dk.h $(srcdir)/old/old.h $(srcdir)/prf/prf_int.h \
-  $(srcdir)/raw/raw.h etypes.c etypes.h
+  $(srcdir)/arcfour/arcfour.h $(srcdir)/dk/dk.h $(srcdir)/old/old.h \
+  $(srcdir)/prf/prf_int.h $(srcdir)/raw/raw.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h etypes.c etypes.h
 key.so key.po $(OUTPRE)key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h key.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h key.c
 keyblocks.so keyblocks.po $(OUTPRE)keyblocks.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   keyblocks.c
 keyed_cksum.so keyed_cksum.po $(OUTPRE)keyed_cksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtypes.h keyed_cksum.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.h etypes.h keyed_cksum.c
 keyed_checksum_types.so keyed_checksum_types.po $(OUTPRE)keyed_checksum_types.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cksumtypes.h etypes.h keyed_checksum_types.c
 keylengths.so keylengths.po $(OUTPRE)keylengths.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h keylengths.c
 make_checksum.so make_checksum.po $(OUTPRE)make_checksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/dk/dk.h cksumtypes.h etypes.h make_checksum.c
+  $(COM_ERR_DEPS) $(srcdir)/dk/dk.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cksumtypes.h etypes.h \
+  make_checksum.c
 make_checksum_iov.so make_checksum_iov.po $(OUTPRE)make_checksum_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  aead.h cksumtypes.h make_checksum_iov.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aead.h cksumtypes.h etypes.h make_checksum_iov.c
 make_random_key.so make_random_key.po $(OUTPRE)make_random_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h make_random_key.c
 mandatory_sumtype.so mandatory_sumtype.po $(OUTPRE)mandatory_sumtype.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h mandatory_sumtype.c
 nfold.so nfold.po $(OUTPRE)nfold.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h nfold.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h nfold.c
 old_api_glue.so old_api_glue.po $(OUTPRE)old_api_glue.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   old_api_glue.c
 prf.so prf.po $(OUTPRE)prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h etypes.h prf.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h etypes.h prf.c
 cf2.so cf2.po $(OUTPRE)cf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cf2.c etypes.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cf2.c etypes.h
 prng.so prng.po $(OUTPRE)prng.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../builtin/enc_provider/enc_provider.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../builtin/enc_provider/enc_provider.h \
   $(srcdir)/../builtin/sha1/shs.h $(srcdir)/../builtin/yhash.h \
   $(srcdir)/yarrow/yarrow.h $(srcdir)/yarrow/ycipher.h \
-  $(srcdir)/yarrow/ytypes.h prng.c
+  $(srcdir)/yarrow/ytypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h prng.c
 random_to_key.so random_to_key.po $(OUTPRE)random_to_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h random_to_key.c
 state.so state.po $(OUTPRE)state.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h etypes.h state.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h etypes.h state.c
 string_to_cksumtype.so string_to_cksumtype.po $(OUTPRE)string_to_cksumtype.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtypes.h string_to_cksumtype.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.h etypes.h string_to_cksumtype.c
 string_to_enctype.so string_to_enctype.po $(OUTPRE)string_to_enctype.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h string_to_enctype.c
 string_to_key.so string_to_key.po $(OUTPRE)string_to_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h string_to_key.c
 valid_cksumtype.so valid_cksumtype.po $(OUTPRE)valid_cksumtype.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtypes.h valid_cksumtype.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.h etypes.h valid_cksumtype.c
 valid_enctype.so valid_enctype.po $(OUTPRE)valid_enctype.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   etypes.h valid_enctype.c
 verify_checksum.so verify_checksum.po $(OUTPRE)verify_checksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  cksumtypes.h verify_checksum.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  cksumtypes.h etypes.h verify_checksum.c
 verify_checksum_iov.so verify_checksum_iov.po $(OUTPRE)verify_checksum_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  aead.h cksumtypes.h verify_checksum_iov.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aead.h cksumtypes.h etypes.h verify_checksum_iov.c
diff --git a/src/lib/crypto/krb/dk/Makefile.in b/src/lib/crypto/krb/dk/Makefile.in
index a731cbc..8d65857 100644
--- a/src/lib/crypto/krb/dk/Makefile.in
+++ b/src/lib/crypto/krb/dk/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/dk
 mydir=lib/crypto/krb/dk
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/..  -I$(srcdir)/../../@CRYPTO_IMPL@
@@ -15,24 +13,18 @@ PROG_RPATH=$(KRB5_LIBDIR)
 STLIBOBJS=\
 	checksum.o	\
 	dk_aead.o	\
-	dk_decrypt.o	\
-	dk_encrypt.o	\
 	derive.o	\
 	stringtokey.o
 
 OBJS=\
 	$(OUTPRE)checksum.$(OBJEXT)	\
 	$(OUTPRE)dk_aead.$(OBJEXT)	\
-	$(OUTPRE)dk_decrypt.$(OBJEXT)	\
-	$(OUTPRE)dk_encrypt.$(OBJEXT)	\
 	$(OUTPRE)derive.$(OBJEXT)	\
 	$(OUTPRE)stringtokey.$(OBJEXT)
 
 SRCS=\
 	$(srcdir)/checksum.c	\
 	$(srcdir)/dk_aead.c	\
-	$(srcdir)/dk_decrypt.c	\
-	$(srcdir)/dk_encrypt.c	\
 	$(srcdir)/derive.c	\
 	$(srcdir)/stringtokey.c
 
diff --git a/src/lib/crypto/krb/dk/checksum.c b/src/lib/crypto/krb/dk/checksum.c
index 538060d..3dbde10 100644
--- a/src/lib/crypto/krb/dk/checksum.c
+++ b/src/lib/crypto/krb/dk/checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,14 +28,15 @@
 #include "k5-int.h"
 #include "etypes.h"
 #include "dk.h"
-#include "aead.h"
+#include "cksumtypes.h"
 
 #define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
 
 krb5_error_code
-krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
-		      krb5_key key, krb5_keyusage usage,
-		      const krb5_data *input, krb5_data *output)
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
+                    krb5_key key, krb5_keyusage usage,
+                    const krb5_crypto_iov *data, size_t num_data,
+                    krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
@@ -43,82 +45,26 @@ krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
     krb5_data datain;
     krb5_key kc;
 
+    /* Use the key's enctype (more flexible than setting an enctype in ctp). */
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
-
-    /*
-     * key->length will be tested in enc->encrypt.
-     * output->length will be tested in krb5int_hmac.
-     */
+    if (key->keyblock.length != enc->keylength)
+        return KRB5_BAD_KEYSIZE;
 
     /* Derive the key. */
-
-    datain.data = (char *) constantdata;
-    datain.length = K5CLENGTH;
-
+    datain = make_data(constantdata, K5CLENGTH);
     store_32_be(usage, constantdata);
-
-    datain.data[4] = (char) 0x99;
-
+    constantdata[4] = (char) 0x99;
     ret = krb5int_derive_key(enc, key, &kc, &datain);
     if (ret)
-	return ret;
-
-    /* hash the data */
-
-    datain = *input;
-
-    ret = krb5int_hmac(hash, kc, 1, &datain, output);
-    if (ret)
-	memset(output->data, 0, output->length);
-
-    krb5_k_free_key(NULL, kc);
-    return ret;
-}
-
-krb5_error_code
-krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
-		          krb5_key key, krb5_keyusage usage,
-			  const krb5_crypto_iov *data, size_t num_data,
-			  krb5_data *output)
-{
-    const struct krb5_keytypes *ktp;
-    const struct krb5_enc_provider *enc;
-    krb5_error_code ret;
-    unsigned char constantdata[K5CLENGTH];
-    krb5_data datain;
-    krb5_key kc;
-
-    ktp = find_enctype(key->keyblock.enctype);
-    if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
-    enc = ktp->enc;
-
-    /*
-     * key->length will be tested in enc->encrypt.
-     * output->length will be tested in krb5int_hmac.
-     */
-
-    /* Derive the key. */
-
-    datain.data = (char *) constantdata;
-    datain.length = K5CLENGTH;
-
-    store_32_be(usage, constantdata);
-
-    datain.data[4] = (char) 0x99;
-
-    ret = krb5int_derive_key(enc, key, &kc, &datain);
-    if (ret)
-	return ret;
+        return ret;
 
     /* Hash the data. */
-
-    ret = krb5int_hmac_iov(hash, kc, data, num_data, output);
+    ret = krb5int_hmac(ctp->hash, kc, data, num_data, output);
     if (ret)
-	memset(output->data, 0, output->length);
+        memset(output->data, 0, output->length);
 
     krb5_k_free_key(NULL, kc);
     return ret;
diff --git a/src/lib/crypto/krb/dk/deps b/src/lib/crypto/krb/dk/deps
index c41a570..029fe6a 100644
--- a/src/lib/crypto/krb/dk/deps
+++ b/src/lib/crypto/krb/dk/deps
@@ -4,66 +4,45 @@
 checksum.so checksum.po $(OUTPRE)checksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h \
+  $(COM_ERR_DEPS) $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   checksum.c dk.h
 dk_aead.so dk_aead.po $(OUTPRE)dk_aead.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../aead.h \
-  $(srcdir)/../cksumtypes.h dk.h dk_aead.c
-dk_decrypt.so dk_decrypt.po $(OUTPRE)dk_decrypt.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  dk.h dk_decrypt.c
-dk_encrypt.so dk_encrypt.po $(OUTPRE)dk_encrypt.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  dk.h dk_encrypt.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../aead.h \
+  $(srcdir)/../cksumtypes.h $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dk.h dk_aead.c
 derive.so derive.po $(OUTPRE)derive.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h derive.c dk.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  derive.c dk.h
 stringtokey.so stringtokey.po $(OUTPRE)stringtokey.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  dk.h stringtokey.c
+  $(COM_ERR_DEPS) $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dk.h stringtokey.c
diff --git a/src/lib/crypto/krb/dk/derive.c b/src/lib/crypto/krb/dk/derive.c
index 5019975..384a5e4 100644
--- a/src/lib/crypto/krb/dk/derive.c
+++ b/src/lib/crypto/krb/dk/derive.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,17 +32,17 @@ static krb5_key
 find_cached_dkey(struct derived_key *list, const krb5_data *constant)
 {
     for (; list; list = list->next) {
-	if (data_eq(list->constant, *constant)) {
-	    krb5_k_reference_key(NULL, list->dkey);
-	    return list->dkey;
-	}
+        if (data_eq(list->constant, *constant)) {
+            krb5_k_reference_key(NULL, list->dkey);
+            return list->dkey;
+        }
     }
     return NULL;
 }
 
 static krb5_error_code
 add_cached_dkey(krb5_key key, const krb5_data *constant,
-		const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
+                const krb5_keyblock *dkeyblock, krb5_key *cached_dkey)
 {
     krb5_key dkey;
     krb5_error_code ret;
@@ -51,13 +52,13 @@ add_cached_dkey(krb5_key key, const krb5_data *constant,
     /* Allocate fields for the new entry. */
     dkent = malloc(sizeof(*dkent));
     if (dkent == NULL)
-	goto cleanup;
+        goto cleanup;
     data = malloc(constant->length);
     if (data == NULL)
-	goto cleanup;
+        goto cleanup;
     ret = krb5_k_create_key(NULL, dkeyblock, &dkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Add the new entry to the list. */
     memcpy(data, constant->data, constant->length);
@@ -78,93 +79,93 @@ cleanup:
     return ENOMEM;
 }
 
-/*
- * Compute a derived key into the keyblock outkey.  This variation on
- * krb5int_derive_key does not cache the result, as it is only used
- * directly in situations which are not expected to be repeated with
- * the same inkey and constant.
- */
 krb5_error_code
-krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
-		     krb5_key inkey, krb5_keyblock *outkey,
-		     const krb5_data *in_constant)
+krb5int_derive_random(const struct krb5_enc_provider *enc,
+                      krb5_key inkey, krb5_data *outrnd,
+                      const krb5_data *in_constant)
 {
     size_t blocksize, keybytes, n;
-    unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
-    krb5_data inblock, outblock;
+    krb5_crypto_iov iov;
     krb5_error_code ret;
 
     blocksize = enc->block_size;
     keybytes = enc->keybytes;
 
-    if (inkey->keyblock.length != enc->keylength ||
-	outkey->length != enc->keylength)
-	return KRB5_CRYPTO_INTERNAL;
+    if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
+        return KRB5_CRYPTO_INTERNAL;
 
-    /* Allocate and set up buffers. */
-    inblockdata = k5alloc(blocksize, &ret);
+    /* Allocate encryption data buffer. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    ret = alloc_data(&iov.data, blocksize);
     if (ret)
-	goto cleanup;
-    outblockdata = k5alloc(blocksize, &ret);
-    if (ret)
-	goto cleanup;
-    rawkey = k5alloc(keybytes, &ret);
-    if (ret)
-	goto cleanup;
-
-    inblock.data = (char *) inblockdata;
-    inblock.length = blocksize;
-
-    outblock.data = (char *) outblockdata;
-    outblock.length = blocksize;
+        return ret;
 
     /* Initialize the input block. */
-
-    if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
+    if (in_constant->length == blocksize) {
+        memcpy(iov.data.data, in_constant->data, blocksize);
     } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
+        krb5int_nfold(in_constant->length * 8,
+                      (unsigned char *) in_constant->data,
+                      blocksize * 8, (unsigned char *) iov.data.data);
     }
 
-    /* Loop encrypting the blocks until enough key bytes are generated */
-
+    /* Loop encrypting the blocks until enough key bytes are generated. */
     n = 0;
     while (n < keybytes) {
-	ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
+        ret = enc->encrypt(inkey, 0, &iov, 1);
+        if (ret)
+            goto cleanup;
 
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(rawkey + n, outblock.data, (keybytes - n));
-	    break;
-	}
+        if ((keybytes - n) <= blocksize) {
+            memcpy(outrnd->data + n, iov.data.data, (keybytes - n));
+            break;
+        }
 
-	memcpy(rawkey+n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
+        memcpy(outrnd->data + n, iov.data.data, blocksize);
+        n += blocksize;
     }
 
-    /* postprocess the key */
+cleanup:
+    zapfree(iov.data.data, blocksize);
+    return ret;
+}
+
+/*
+ * Compute a derived key into the keyblock outkey.  This variation on
+ * krb5int_derive_key does not cache the result, as it is only used
+ * directly in situations which are not expected to be repeated with
+ * the same inkey and constant.
+ */
+krb5_error_code
+krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
+                        krb5_key inkey, krb5_keyblock *outkey,
+                        const krb5_data *in_constant)
+{
+    krb5_error_code ret;
+    krb5_data rawkey = empty_data();
 
-    inblock.data = (char *) rawkey;
-    inblock.length = keybytes;
+    /* Allocate a buffer for the raw key bytes. */
+    ret = alloc_data(&rawkey, enc->keybytes);
+    if (ret)
+        goto cleanup;
 
-    ret = (*enc->make_key)(&inblock, outkey);
+    /* Derive pseudo-random data for the key bytes. */
+    ret = krb5int_derive_random(enc, inkey, &rawkey, in_constant);
     if (ret)
-	goto cleanup;
+        goto cleanup;
+
+    /* Postprocess the key. */
+    ret = enc->make_key(&rawkey, outkey);
 
 cleanup:
-    zapfree(inblockdata, blocksize);
-    zapfree(outblockdata, blocksize);
-    zapfree(rawkey, keybytes);
+    zapfree(rawkey.data, enc->keybytes);
     return ret;
 }
 
 krb5_error_code
 krb5int_derive_key(const struct krb5_enc_provider *enc,
-		krb5_key inkey, krb5_key *outkey,
-		const krb5_data *in_constant)
+                   krb5_key inkey, krb5_key *outkey,
+                   const krb5_data *in_constant)
 {
     krb5_keyblock keyblock;
     krb5_error_code ret;
@@ -175,23 +176,23 @@ krb5int_derive_key(const struct krb5_enc_provider *enc,
     /* Check for a cached result. */
     dkey = find_cached_dkey(inkey->derived, in_constant);
     if (dkey != NULL) {
-	*outkey = dkey;
-	return 0;
+        *outkey = dkey;
+        return 0;
     }
 
     /* Derive into a temporary keyblock. */
     keyblock.length = enc->keylength;
     keyblock.contents = malloc(keyblock.length);
     if (keyblock.contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
     ret = krb5int_derive_keyblock(enc, inkey, &keyblock, in_constant);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     /* Cache the derived key. */
     ret = add_cached_dkey(inkey, in_constant, &keyblock, &dkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     *outkey = dkey;
 
@@ -199,72 +200,3 @@ cleanup:
     zapfree(keyblock.contents, keyblock.length);
     return ret;
 }
-
-krb5_error_code
-krb5int_derive_random(const struct krb5_enc_provider *enc,
-		   krb5_key inkey, krb5_data *outrnd,
-		   const krb5_data *in_constant)
-{
-    size_t blocksize, keybytes, n;
-    unsigned char *inblockdata = NULL, *outblockdata = NULL, *rawkey = NULL;
-    krb5_data inblock, outblock;
-    krb5_error_code ret;
-
-    blocksize = enc->block_size;
-    keybytes = enc->keybytes;
-
-    if (inkey->keyblock.length != enc->keylength || outrnd->length != keybytes)
-	return KRB5_CRYPTO_INTERNAL;
-
-    /* Allocate and set up buffers. */
-
-    inblockdata = k5alloc(blocksize, &ret);
-    if (ret)
-	goto cleanup;
-    outblockdata = k5alloc(blocksize, &ret);
-    if (ret)
-	goto cleanup;
-    rawkey = k5alloc(keybytes, &ret);
-    if (ret)
-	goto cleanup;
-
-    inblock.data = (char *) inblockdata;
-    inblock.length = blocksize;
-
-    outblock.data = (char *) outblockdata;
-    outblock.length = blocksize;
-
-    /* Initialize the input block. */
-    if (in_constant->length == inblock.length) {
-	memcpy(inblock.data, in_constant->data, inblock.length);
-    } else {
-	krb5int_nfold(in_constant->length*8, (unsigned char *) in_constant->data,
-		   inblock.length*8, (unsigned char *) inblock.data);
-    }
-
-    /* Loop encrypting the blocks until enough key bytes are generated. */
-    n = 0;
-    while (n < keybytes) {
-	ret = (*enc->encrypt)(inkey, 0, &inblock, &outblock);
-	if (ret)
-	    goto cleanup;
-
-	if ((keybytes - n) <= outblock.length) {
-	    memcpy(rawkey + n, outblock.data, (keybytes - n));
-	    break;
-	}
-
-	memcpy(rawkey+n, outblock.data, outblock.length);
-	memcpy(inblock.data, outblock.data, outblock.length);
-	n += outblock.length;
-    }
-
-    /* Postprocess the key. */
-    memcpy(outrnd->data, rawkey, keybytes);
-
-cleanup:
-    zapfree(inblockdata, blocksize);
-    zapfree(outblockdata, blocksize);
-    zapfree(rawkey, keybytes);
-    return ret;
-}
diff --git a/src/lib/crypto/krb/dk/dk.h b/src/lib/crypto/krb/dk/dk.h
index 76937da..0fdd984 100644
--- a/src/lib/crypto/krb/dk/dk.h
+++ b/src/lib/crypto/krb/dk/dk.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -25,87 +26,56 @@
  */
 
 #include "k5-int.h"
+#include "etypes.h"
+#include "cksumtypes.h"
 
-void
-krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    size_t input, size_t *length);
+unsigned int
+krb5int_dk_crypto_length(const struct krb5_keytypes *ktp,
+                         krb5_cryptotype type);
 
-krb5_error_code
-krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				krb5_key key, krb5_keyusage usage,
-				const krb5_data *ivec,
-				const krb5_data *input, krb5_data *output);
-
-void
-krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				size_t input, size_t *length);
+unsigned int
+krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type);
 
 krb5_error_code
-krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
-				       const struct krb5_hash_provider *hash,
-				       krb5_key key,
-				       krb5_keyusage usage,
-				       const krb5_data *ivec,
-				       const krb5_data *input,
-				       krb5_data *output);
+krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data);
 
 krb5_error_code
-krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
-				const struct krb5_hash_provider *hash,
-				krb5_key key, krb5_keyusage usage,
-				const krb5_data *ivec, const krb5_data *input,
-				krb5_data *arg_output);
+krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data);
 
 krb5_error_code
-krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
-				       const struct krb5_hash_provider *hash,
-				       krb5_key key,
-				       krb5_keyusage usage,
-				       const krb5_data *ivec,
-				       const krb5_data *input,
-				       krb5_data *arg_output);
+krb5int_dk_string_to_key(const struct krb5_keytypes *enc,
+                         const krb5_data *string, const krb5_data *salt,
+                         const krb5_data *params, krb5_keyblock *key);
 
 krb5_error_code
-krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
-					 const krb5_data *string,
-					 const krb5_data *salt,
-					 const krb5_data *params,
-					 krb5_keyblock *key);
+krb5int_aes_string_to_key(const struct krb5_keytypes *enc,
+                          const krb5_data *string, const krb5_data *salt,
+                          const krb5_data *params, krb5_keyblock *key);
 
 krb5_error_code
 krb5int_derive_keyblock(const struct krb5_enc_provider *enc,
-				     krb5_key inkey,
-				     krb5_keyblock *outkey,
-				     const krb5_data *in_constant);
+                        krb5_key inkey,
+                        krb5_keyblock *outkey,
+                        const krb5_data *in_constant);
 
 krb5_error_code
 krb5int_derive_key(const struct krb5_enc_provider *enc,
-				krb5_key inkey,
-				krb5_key *outkey,
-				const krb5_data *in_constant);
-
-krb5_error_code
-krb5int_dk_make_checksum(const struct krb5_hash_provider *hash,
-				      krb5_key key,
-				      krb5_keyusage usage,
-				      const krb5_data *input,
-				      krb5_data *output);
+                   krb5_key inkey,
+                   krb5_key *outkey,
+                   const krb5_data *in_constant);
 
 krb5_error_code
-krb5int_dk_make_checksum_iov(const struct krb5_hash_provider *hash,
-			     krb5_key key, krb5_keyusage usage,
-			     const krb5_crypto_iov *data, size_t num_data,
-			     krb5_data *output);
+krb5int_dk_checksum(const struct krb5_cksumtypes *ctp,
+                    krb5_key key, krb5_keyusage usage,
+                    const krb5_crypto_iov *data, size_t num_data,
+                    krb5_data *output);
 
 krb5_error_code
 krb5int_derive_random(const struct krb5_enc_provider *enc,
-		   krb5_key inkey, krb5_data *outrnd,
-		   const krb5_data *in_constant);
-
-/* AEAD */
-
-extern const struct krb5_aead_provider krb5int_aead_dk;
-extern const struct krb5_aead_provider krb5int_aead_aes;
+                      krb5_key inkey, krb5_data *outrnd,
+                      const krb5_data *in_constant);
diff --git a/src/lib/crypto/krb/dk/dk_aead.c b/src/lib/crypto/krb/dk/dk_aead.c
index e35ca55..f44ae84 100644
--- a/src/lib/crypto/krb/dk/dk_aead.c
+++ b/src/lib/crypto/krb/dk/dk_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/dk/dk_aead.c
  *
@@ -33,99 +34,96 @@
 
 /* AEAD */
 
-static krb5_error_code
-krb5int_dk_crypto_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 krb5_cryptotype type,
-			 unsigned int *length)
+unsigned int
+krb5int_dk_crypto_length(const struct krb5_keytypes *ktp, krb5_cryptotype type)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_HEADER:
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = enc->block_size;
-	break;
+        return ktp->enc->block_size;
     case KRB5_CRYPTO_TYPE_TRAILER:
     case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = hash->hashsize;
-	break;
+        return ktp->hash->hashsize;
     default:
-	assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
-	break;
+        assert(0 && "invalid cryptotype passed to krb5int_dk_crypto_length");
+        return 0;
     }
+}
 
-    return 0;
+unsigned int
+krb5int_aes_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return 0;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return 96 / 8;
+    default:
+        assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
+        return 0;
+    }
 }
 
-static krb5_error_code
-krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
-		       const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key,
-		       krb5_keyusage usage,
-		       const krb5_data *ivec,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+krb5_error_code
+krb5int_dk_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
 {
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data d1, d2;
     krb5_crypto_iov *header, *trailer, *padding;
     krb5_key ke = NULL, ki = NULL;
     size_t i;
-    unsigned int blocksize = 0;
-    unsigned int plainlen = 0;
-    unsigned int hmacsize = 0;
-    unsigned int padsize = 0;
+    unsigned int blocksize, hmacsize, plainlen = 0, padsize = 0;
     unsigned char *cksum = NULL;
 
     /* E(Confounder | Plaintext | Pad) | Checksum */
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-			      &blocksize);
-    if (ret != 0)
-	return ret;
-
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			      &hmacsize);
-    if (ret != 0)
-	return ret;
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+    hmacsize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
-	    plainlen += iov->data.length;
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
     }
 
     /* Validate header and trailer lengths. */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL || header->data.length < enc->block_size)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer == NULL || trailer->data.length < hmacsize)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (blocksize != 0) {
-	/* Check that the input data is correctly padded. */
-	if (plainlen % blocksize)
-	    padsize = blocksize - (plainlen % blocksize);
+        /* Check that the input data is correctly padded. */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
     }
 
     padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
     if (padsize && (padding == NULL || padding->data.length < padsize))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (padding != NULL) {
-	memset(padding->data.data, 0, padsize);
-	padding->data.length = padsize;
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
     }
 
     cksum = k5alloc(hash->hashsize, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Derive the keys. */
 
@@ -138,13 +136,13 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Generate confounder. */
 
@@ -152,22 +150,20 @@ krb5int_dk_encrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5_c_random_make_octets(/* XXX */ NULL, &header->data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Hash the plaintext. */
     d2.length = hash->hashsize;
     d2.data = (char *)cksum;
 
-    ret = krb5int_hmac_iov(hash, ki, data, num_data, &d2);
+    ret = krb5int_hmac(hash, ki, data, num_data, &d2);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Encrypt the plaintext (header | data | padding) */
-    assert(enc->encrypt_iov != NULL);
-
-    ret = (*enc->encrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
+    ret = enc->encrypt(ke, ivec, data, num_data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Possibly truncate the hash */
     assert(hmacsize <= d2.length);
@@ -182,75 +178,53 @@ cleanup:
     return ret;
 }
 
-static krb5_error_code
-krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
-		       const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key,
-		       krb5_keyusage usage,
-		       const krb5_data *ivec,
-		       krb5_crypto_iov *data,
-		       size_t num_data)
+krb5_error_code
+krb5int_dk_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                   krb5_keyusage usage, const krb5_data *ivec,
+                   krb5_crypto_iov *data, size_t num_data)
 {
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
     krb5_error_code ret;
     unsigned char constantdata[K5CLENGTH];
     krb5_data d1;
     krb5_crypto_iov *header, *trailer;
     krb5_key ke = NULL, ki = NULL;
     size_t i;
-    unsigned int blocksize = 0; /* enc block size, not confounder len */
-    unsigned int cipherlen = 0;
-    unsigned int hmacsize = 0;
+    unsigned int blocksize; /* enc block size, not confounder len */
+    unsigned int hmacsize, cipherlen = 0;
     unsigned char *cksum = NULL;
 
-    if (krb5int_c_locate_iov(data, num_data,
-			     KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-					    usage, ivec, data, num_data);
-    }
-
     /* E(Confounder | Plaintext | Pad) | Checksum */
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING,
-			      &blocksize);
-    if (ret != 0)
-	return ret;
-
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_TRAILER,
-			      &hmacsize);
-    if (ret != 0)
-	return ret;
-
-    for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
+    hmacsize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    cipherlen += iov->data.length;
-    }
-
-    if (blocksize == 0) {
-	/* Check for correct input length in CTS mode */
-	if (enc->block_size != 0 && cipherlen < enc->block_size)
-	    return KRB5_BAD_MSIZE;
-    } else {
-	/* Check that the input data is correctly padded */
-	if ((cipherlen % blocksize) != 0)
-	    return KRB5_BAD_MSIZE;
+    if (blocksize != 0) {
+        /* Check that the input data is correctly padded. */
+        for (i = 0; i < num_data; i++) {
+            const krb5_crypto_iov *iov = &data[i];
+
+            if (ENCRYPT_DATA_IOV(iov))
+                cipherlen += iov->data.length;
+        }
+        if (cipherlen % blocksize != 0)
+            return KRB5_BAD_MSIZE;
     }
 
     /* Validate header and trailer lengths */
 
     header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
     if (header == NULL || header->data.length != enc->block_size)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
     if (trailer == NULL || trailer->data.length != hmacsize)
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     cksum = k5alloc(hash->hashsize, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Derive the keys. */
 
@@ -263,33 +237,31 @@ krb5int_dk_decrypt_iov(const struct krb5_aead_provider *aead,
 
     ret = krb5int_derive_key(enc, key, &ke, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     d1.data[4] = 0x55;
 
     ret = krb5int_derive_key(enc, key, &ki, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Decrypt the plaintext (header | data | padding). */
-    assert(enc->decrypt_iov != NULL);
-
-    ret = (*enc->decrypt_iov)(ke, ivec, data, num_data); /* updates ivec */
+    ret = enc->decrypt(ke, ivec, data, num_data);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Verify the hash. */
     d1.length = hash->hashsize; /* non-truncated length */
     d1.data = (char *)cksum;
 
-    ret = krb5int_hmac_iov(hash, ki, data, num_data, &d1);
+    ret = krb5int_hmac(hash, ki, data, num_data, &d1);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Compare only the possibly truncated length. */
     if (memcmp(cksum, trailer->data.data, hmacsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
     }
 
 cleanup:
@@ -298,41 +270,3 @@ cleanup:
     free(cksum);
     return ret;
 }
-
-const struct krb5_aead_provider krb5int_aead_dk = {
-    krb5int_dk_crypto_length,
-    krb5int_dk_encrypt_iov,
-    krb5int_dk_decrypt_iov
-};
-
-static krb5_error_code
-krb5int_aes_crypto_length(const struct krb5_aead_provider *aead,
-			 const struct krb5_enc_provider *enc,
-			 const struct krb5_hash_provider *hash,
-			 krb5_cryptotype type,
-			 unsigned int *length)
-{
-    switch (type) {
-    case KRB5_CRYPTO_TYPE_HEADER:
-	*length = enc->block_size;
-	break;
-    case KRB5_CRYPTO_TYPE_PADDING:
-	*length = 0;
-	break;
-    case KRB5_CRYPTO_TYPE_TRAILER:
-    case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = 96 / 8;
-	break;
-    default:
-	assert(0 && "invalid cryptotype passed to krb5int_aes_crypto_length");
-	break;
-    }
-
-    return 0;
-}
-
-const struct krb5_aead_provider krb5int_aead_aes = {
-    krb5int_aes_crypto_length,
-    krb5int_dk_encrypt_iov,
-    krb5int_dk_decrypt_iov
-};
diff --git a/src/lib/crypto/krb/dk/dk_decrypt.c b/src/lib/crypto/krb/dk/dk_decrypt.c
deleted file mode 100644
index b080d5f..0000000
--- a/src/lib/crypto/krb/dk/dk_decrypt.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "dk.h"
-
-#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-
-static krb5_error_code
-krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
-				 const struct krb5_hash_provider *hash,
-				 krb5_key key,
-				 krb5_keyusage usage,
-				 const krb5_data *ivec,
-				 const krb5_data *input,
-				 krb5_data *output,
-				 size_t hmacsize,
-				 int ivec_mode);
-
-krb5_error_code
-krb5int_dk_decrypt(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output)
-{
-    return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 0, 0);
-}
-
-krb5_error_code
-krb5int_aes_dk_decrypt(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key, krb5_keyusage usage,
-		       const krb5_data *ivec, const krb5_data *input,
-		       krb5_data *output)
-{
-    return krb5_dk_decrypt_maybe_trunc_hmac(enc, hash, key, usage,
-					    ivec, input, output, 96 / 8, 1);
-}
-
-static krb5_error_code
-krb5_dk_decrypt_maybe_trunc_hmac(const struct krb5_enc_provider *enc,
-				 const struct krb5_hash_provider *hash,
-				 krb5_key key, krb5_keyusage usage,
-				 const krb5_data *ivec, const krb5_data *input,
-				 krb5_data *output, size_t hmacsize,
-				 int ivec_mode)
-{
-    krb5_error_code ret;
-    size_t hashsize, blocksize, enclen, plainlen;
-    unsigned char *plaindata = NULL, *cksum = NULL, *cn;
-    krb5_key ke = NULL, ki = NULL;
-    krb5_data d1, d2;
-    unsigned char constantdata[K5CLENGTH];
-
-    hashsize = hash->hashsize;
-    blocksize = enc->block_size;
-
-    if (hmacsize == 0)
-	hmacsize = hashsize;
-    else if (hmacsize > hashsize)
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-    enclen = input->length - hmacsize;
-
-    /* Allocate and set up ciphertext and to-be-derived keys. */
-    plaindata = k5alloc(enclen, &ret);
-    if (ret != 0)
-	goto cleanup;
-    cksum = k5alloc(hashsize, &ret);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Derive the keys. */
-
-    d1.data = (char *) constantdata;
-    d1.length = K5CLENGTH;
-
-    store_32_be(usage, constantdata);
-
-    d1.data[4] = (char) 0xAA;
-
-    ret = krb5int_derive_key(enc, key, &ke, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    d1.data[4] = 0x55;
-
-    ret = krb5int_derive_key(enc, key, &ki, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    /* decrypt the ciphertext */
-
-    d1.length = enclen;
-    d1.data = input->data;
-
-    d2.length = enclen;
-    d2.data = (char *) plaindata;
-
-    ret = (*enc->decrypt)(ke, ivec, &d1, &d2);
-    if (ret != 0)
-	goto cleanup;
-
-    if (ivec != NULL && ivec->length == blocksize) {
-	if (ivec_mode == 0)
-	    cn = (unsigned char *) d1.data + d1.length - blocksize;
-	else if (ivec_mode == 1) {
-	    int nblocks = (d1.length + blocksize - 1) / blocksize;
-	    cn = (unsigned char *) d1.data + blocksize * (nblocks - 2);
-	} else
-	    abort();
-    } else
-	cn = NULL;
-
-    /* Verify the hash. */
-
-    d1.length = hashsize;
-    d1.data = (char *) cksum;
-
-    ret = krb5int_hmac(hash, ki, 1, &d2, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    if (memcmp(cksum, input->data+enclen, hmacsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
-    }
-
-    /*
-     * Because this encoding isn't self-describing wrt length, the
-     * best we can do here is to compute the length minus the
-     * confounder.
-     */
-
-    plainlen = enclen - blocksize;
-
-    if (output->length < plainlen)
-	return KRB5_BAD_MSIZE;
-
-    output->length = plainlen;
-
-    memcpy(output->data, d2.data+blocksize, output->length);
-
-    if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
-
-cleanup:
-    krb5_k_free_key(NULL, ke);
-    krb5_k_free_key(NULL, ki);
-    zapfree(plaindata, enclen);
-    zapfree(cksum, hashsize);
-    return ret;
-}
diff --git a/src/lib/crypto/krb/dk/dk_encrypt.c b/src/lib/crypto/krb/dk/dk_encrypt.c
deleted file mode 100644
index e84a092..0000000
--- a/src/lib/crypto/krb/dk/dk_encrypt.c
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "dk.h"
-
-#define K5CLENGTH 5 /* 32 bit net byte order integer + one byte seed */
-
-/*
- * The spec says that the confounder size and padding are specific to
- * the encryption algorithm.  This code (dk_encrypt_length and
- * dk_encrypt) assume the confounder is always the blocksize, and the
- * padding is always zero bytes up to the blocksize.  If these
- * assumptions ever fails, the keytype table should be extended to
- * include these bits of info.
- */
-
-void
-krb5int_dk_encrypt_length(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       size_t inputlen, size_t *length)
-{
-    size_t blocksize, hashsize;
-
-    blocksize = enc->block_size;
-    hashsize = hash->hashsize;
-    *length = krb5_roundup(blocksize + inputlen, blocksize) + hashsize;
-}
-
-krb5_error_code
-krb5int_dk_encrypt(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output)
-{
-    size_t blocksize, plainlen, enclen;
-    krb5_error_code ret;
-    unsigned char constantdata[K5CLENGTH];
-    krb5_data d1, d2;
-    unsigned char *plaintext = NULL;
-    char *cn;
-    krb5_key ke = NULL, ki = NULL;
-
-    blocksize = enc->block_size;
-    plainlen = krb5_roundup(blocksize + input->length, blocksize);
-
-    krb5int_dk_encrypt_length(enc, hash, input->length, &enclen);
-
-    /* key->length, ivec will be tested in enc->encrypt. */
-
-    if (output->length < enclen)
-	return(KRB5_BAD_MSIZE);
-
-    /* Allocate and set up plaintext and to-be-derived keys. */
-
-    plaintext = malloc(plainlen);
-    if (plaintext == NULL)
-	return ENOMEM;
-
-    /* Derive the keys. */
-
-    d1.data = (char *) constantdata;
-    d1.length = K5CLENGTH;
-
-    store_32_be(usage, constantdata);
-
-    d1.data[4] = (char) 0xAA;
-
-    ret = krb5int_derive_key(enc, key, &ke, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    d1.data[4] = 0x55;
-
-    ret = krb5int_derive_key(enc, key, &ki, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Put together the plaintext. */
-
-    d1.length = blocksize;
-    d1.data = (char *) plaintext;
-
-    ret = krb5_c_random_make_octets(/* XXX */ 0, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(plaintext + blocksize, input->data, input->length);
-
-    memset(plaintext + blocksize + input->length, 0,
-	   plainlen - (blocksize + input->length));
-
-    /* Encrypt the plaintext. */
-
-    d1.length = plainlen;
-    d1.data = (char *) plaintext;
-
-    d2.length = plainlen;
-    d2.data = output->data;
-
-    ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
-    if (ret != 0)
-	goto cleanup;
-
-    if (ivec != NULL && ivec->length == blocksize)
-	cn = d2.data + d2.length - blocksize;
-    else
-	cn = NULL;
-
-    /* Hash the plaintext. */
-
-    d2.length = enclen - plainlen;
-    d2.data = output->data+plainlen;
-
-    output->length = enclen;
-
-    ret = krb5int_hmac(hash, ki, 1, &d1, &d2);
-    if (ret != 0) {
-	memset(d2.data, 0, d2.length);
-	goto cleanup;
-    }
-
-    /* Update ivec. */
-    if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
-
-cleanup:
-    krb5_k_free_key(NULL, ke);
-    krb5_k_free_key(NULL, ki);
-    zapfree(plaintext, plainlen);
-    return ret;
-}
-
-/* Not necessarily "AES", per se, but "a CBC+CTS mode block cipher
-   with a 96-bit truncated HMAC".  */
-void
-krb5int_aes_encrypt_length(const struct krb5_enc_provider *enc,
-			   const struct krb5_hash_provider *hash,
-			   size_t inputlen, size_t *length)
-{
-    size_t blocksize, hashsize;
-
-    blocksize = enc->block_size;
-    hashsize = 96 / 8;
-
-    /* No roundup, since CTS requires no padding once we've hit the
-       block size.  */
-    *length = blocksize+inputlen + hashsize;
-}
-
-static krb5_error_code
-trunc_hmac (const struct krb5_hash_provider *hash,
-	    krb5_key ki, unsigned int num,
-	    const krb5_data *input, const krb5_data *output)
-{
-    size_t hashsize;
-    krb5_data tmp;
-    krb5_error_code ret;
-
-    hashsize = hash->hashsize;
-    if (hashsize < output->length)
-	return KRB5_CRYPTO_INTERNAL;
-    tmp.length = hashsize;
-    tmp.data = malloc(hashsize);
-    if (tmp.data == NULL)
-	return ENOMEM;
-    ret = krb5int_hmac(hash, ki, num, input, &tmp);
-    if (ret == 0)
-	memcpy(output->data, tmp.data, output->length);
-    memset(tmp.data, 0, hashsize);
-    free(tmp.data);
-    return ret;
-}
-
-krb5_error_code
-krb5int_aes_dk_encrypt(const struct krb5_enc_provider *enc,
-		       const struct krb5_hash_provider *hash,
-		       krb5_key key, krb5_keyusage usage,
-		       const krb5_data *ivec, const krb5_data *input,
-		       krb5_data *output)
-{
-    size_t blocksize, keybytes, plainlen, enclen;
-    krb5_error_code ret;
-    unsigned char constantdata[K5CLENGTH];
-    krb5_data d1, d2;
-    unsigned char *plaintext = NULL;
-    char *cn;
-    krb5_key ke = NULL, ki = NULL;
-
-    /* allocate and set up plaintext and to-be-derived keys */
-
-    blocksize = enc->block_size;
-    keybytes = enc->keybytes;
-    plainlen = blocksize+input->length;
-
-    krb5int_aes_encrypt_length(enc, hash, input->length, &enclen);
-
-    /* key->length, ivec will be tested in enc->encrypt */
-
-    if (output->length < enclen)
-	return KRB5_BAD_MSIZE;
-
-    plaintext = malloc(plainlen);
-    if (plaintext == NULL)
-	return ENOMEM;
-
-    /* Derive the keys. */
-
-    d1.data = (char *) constantdata;
-    d1.length = K5CLENGTH;
-
-    store_32_be(usage, constantdata);
-
-    d1.data[4] = (char) 0xAA;
-
-    ret = krb5int_derive_key(enc, key, &ke, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    d1.data[4] = 0x55;
-
-    ret = krb5int_derive_key(enc, key, &ki, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    /* put together the plaintext */
-
-    d1.length = blocksize;
-    d1.data = (char *) plaintext;
-
-    ret = krb5_c_random_make_octets(NULL, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(plaintext + blocksize, input->data, input->length);
-
-    /* Ciphertext stealing; there should be no more.  */
-    if (plainlen != blocksize + input->length)
-	abort();
-
-    /* Encrypt the plaintext. */
-
-    d1.length = plainlen;
-    d1.data = (char *) plaintext;
-
-    d2.length = plainlen;
-    d2.data = output->data;
-
-    ret = (*enc->encrypt)(ke, ivec, &d1, &d2);
-    if (ret != 0)
-	goto cleanup;
-
-    if (ivec != NULL && ivec->length == blocksize) {
-	int nblocks = (d2.length + blocksize - 1) / blocksize;
-	cn = d2.data + blocksize * (nblocks - 2);
-    } else
-	cn = NULL;
-
-    /* Hash the plaintext. */
-
-    d2.length = enclen - plainlen;
-    d2.data = output->data+plainlen;
-    if (d2.length != 96 / 8)
-	abort();
-
-    ret = trunc_hmac(hash, ki, 1, &d1, &d2);
-    if (ret != 0) {
-	memset(d2.data, 0, d2.length);
-	goto cleanup;
-    }
-
-    output->length = enclen;
-
-    /* Update ivec. */
-    if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
-
-cleanup:
-    krb5_k_free_key(NULL, ke);
-    krb5_k_free_key(NULL, ki);
-    zapfree(plaintext, plainlen);
-    return ret;
-}
diff --git a/src/lib/crypto/krb/dk/stringtokey.c b/src/lib/crypto/krb/dk/stringtokey.c
index 59404e4..9a49187 100644
--- a/src/lib/crypto/krb/dk/stringtokey.c
+++ b/src/lib/crypto/krb/dk/stringtokey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,10 +31,11 @@ static const unsigned char kerberos[] = "kerberos";
 #define kerberos_len (sizeof(kerberos)-1)
 
 krb5_error_code
-krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
-			 const krb5_data *string, const krb5_data *salt,
-			 const krb5_data *parms, krb5_keyblock *keyblock)
+krb5int_dk_string_to_key(const struct krb5_keytypes *ktp,
+                         const krb5_data *string, const krb5_data *salt,
+                         const krb5_data *parms, krb5_keyblock *keyblock)
 {
+    const struct krb5_enc_provider *enc = ktp->enc;
     krb5_error_code ret;
     size_t keybytes, keylength, concatlen;
     unsigned char *concat = NULL, *foldstring = NULL, *foldkeydata = NULL;
@@ -50,19 +52,19 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
 
     concat = k5alloc(concatlen, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     foldstring = k5alloc(keybytes, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
     foldkeydata = k5alloc(keylength, &ret);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* construct input string ( = string + salt), fold it, make_key it */
 
     memcpy(concat, string->data, string->length);
     if (salt)
-	memcpy(concat + string->length, salt->data, salt->length);
+        memcpy(concat + string->length, salt->data, salt->length);
 
     krb5int_nfold(concatlen*8, concat, keybytes*8, foldstring);
 
@@ -71,13 +73,13 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
     foldkeyblock.length = keylength;
     foldkeyblock.contents = foldkeydata;
 
-    ret = (*enc->make_key)(&indata, &foldkeyblock);
+    ret = enc->make_key(&indata, &foldkeyblock);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     ret = krb5_k_create_key(NULL, &foldkeyblock, &foldkey);
     if (ret != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* now derive the key from this one */
 
@@ -86,7 +88,7 @@ krb5int_dk_string_to_key(const struct krb5_enc_provider *enc,
 
     ret = krb5int_derive_keyblock(enc, foldkey, keyblock, &indata);
     if (ret != 0)
-	memset(keyblock->contents, 0, keyblock->length);
+        memset(keyblock->contents, 0, keyblock->length);
 
 cleanup:
     zapfree(concat, concatlen);
@@ -95,3 +97,63 @@ cleanup:
     krb5_k_free_key(NULL, foldkey);
     return ret;
 }
+
+
+#define DEFAULT_ITERATION_COUNT         4096 /* was 0xb000L in earlier drafts */
+#define MAX_ITERATION_COUNT             0x1000000L
+
+krb5_error_code
+krb5int_aes_string_to_key(const struct krb5_keytypes *ktp,
+                          const krb5_data *string,
+                          const krb5_data *salt,
+                          const krb5_data *params,
+                          krb5_keyblock *key)
+{
+    unsigned long iter_count;
+    krb5_data out;
+    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
+    krb5_key tempkey = NULL;
+    krb5_error_code err;
+
+    if (params) {
+        unsigned char *p = (unsigned char *) params->data;
+        if (params->length != 4)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        /* The first two need casts in case 'int' is 16 bits.  */
+        iter_count = load_32_be(p);
+        if (iter_count == 0) {
+            iter_count = (1UL << 16) << 16;
+            if (((iter_count >> 16) >> 16) != 1)
+                return KRB5_ERR_BAD_S2K_PARAMS;
+        }
+    } else
+        iter_count = DEFAULT_ITERATION_COUNT;
+
+    /* This is not a protocol specification constraint; this is an
+       implementation limit, which should eventually be controlled by
+       a config file.  */
+    if (iter_count >= MAX_ITERATION_COUNT)
+        return KRB5_ERR_BAD_S2K_PARAMS;
+
+    /* Use the output keyblock contents for temporary space. */
+    out.data = (char *) key->contents;
+    out.length = key->length;
+    if (out.length != 16 && out.length != 32)
+        return KRB5_CRYPTO_INTERNAL;
+
+    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
+    if (err)
+        goto cleanup;
+
+    err = krb5_k_create_key (NULL, key, &tempkey);
+    if (err)
+        goto cleanup;
+
+    err = krb5int_derive_keyblock(ktp->enc, tempkey, key, &usage);
+
+cleanup:
+    if (err)
+        memset (out.data, 0, out.length);
+    krb5_k_free_key (NULL, tempkey);
+    return err;
+}
diff --git a/src/lib/crypto/krb/encrypt.c b/src/lib/crypto/krb/encrypt.c
index ee9e0e2..8f5c481 100644
--- a/src/lib/crypto/krb/encrypt.c
+++ b/src/lib/crypto/krb/encrypt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,42 +31,64 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_encrypt(krb5_context context, krb5_key key,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_enc_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_data *input, krb5_enc_data *output)
 {
     const struct krb5_keytypes *ktp;
+    krb5_crypto_iov iov[4];
+    krb5_error_code ret;
+    unsigned int header_len, padding_len, trailer_len, total_len;
 
     ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     output->magic = KV5M_ENC_DATA;
     output->kvno = 0;
     output->enctype = key->keyblock.enctype;
 
-    if (ktp->encrypt == NULL) {
-	assert(ktp->aead != NULL);
+    /* Get the lengths of the token parts and compute the total. */
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    padding_len = krb5int_c_padding_length(ktp, input->length);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
+    total_len = header_len + input->length + padding_len + trailer_len;
+    if (output->ciphertext.length < total_len)
+        return KRB5_BAD_MSIZE;
+
+    /* Set up the iov structures for the token parts. */
+    iov[0].flags = KRB5_CRYPTO_TYPE_HEADER;
+    iov[0].data = make_data(output->ciphertext.data, header_len);
+
+    iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
+    iov[1].data = make_data(output->ciphertext.data + header_len,
+                            input->length);
+    memcpy(iov[1].data.data, input->data, input->length);
 
-	return krb5int_c_encrypt_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     key, usage, ivec, input,
-					     &output->ciphertext);
-    }
+    iov[2].flags = KRB5_CRYPTO_TYPE_PADDING;
+    iov[2].data = make_data(iov[1].data.data + input->length, padding_len);
 
-    return (*ktp->encrypt)(ktp->enc, ktp->hash, key, usage, ivec, input,
-			   &output->ciphertext);
+    iov[3].flags = KRB5_CRYPTO_TYPE_TRAILER;
+    iov[3].data = make_data(iov[2].data.data + padding_len, trailer_len);
+
+    ret = ktp->encrypt(ktp, key, usage, ivec, iov, 4);
+    if (ret != 0)
+        zap(iov[1].data.data, iov[1].data.length);
+    else
+        output->ciphertext.length = total_len;
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt(krb5_context context, const krb5_keyblock *keyblock,
-	       krb5_keyusage usage, const krb5_data *ivec,
-	       const krb5_data *input, krb5_enc_data *output)
+               krb5_keyusage usage, const krb5_data *ivec,
+               const krb5_data *input, krb5_enc_data *output)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_encrypt(context, key, usage, ivec, input, output);
     krb5_k_free_key(context, key);
     return ret;
diff --git a/src/lib/crypto/krb/encrypt_iov.c b/src/lib/crypto/krb/encrypt_iov.c
index 64cb126..26bb82b 100644
--- a/src/lib/crypto/krb/encrypt_iov.c
+++ b/src/lib/crypto/krb/encrypt_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/encrypt_iov.c
  *
@@ -28,39 +29,32 @@
 #include "etypes.h"
 
 krb5_error_code KRB5_CALLCONV
-krb5_k_encrypt_iov(krb5_context context,
-		   krb5_key key,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage,
+                   const krb5_data *cipher_state, krb5_crypto_iov *data,
+                   size_t num_data)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->keyblock.enctype);
-    if (ktp == NULL || ktp->aead == NULL)
-	return KRB5_BAD_ENCTYPE;
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
-    return (*ktp->aead->encrypt_iov)(ktp->aead, ktp->enc, ktp->hash,
-				     key, usage, cipher_state, data, num_data);
+    return ktp->encrypt(ktp, key, usage, cipher_state, data, num_data);
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_encrypt_iov(krb5_context context,
-		   const krb5_keyblock *keyblock,
-		   krb5_keyusage usage,
-		   const krb5_data *cipher_state,
-		   krb5_crypto_iov *data,
-		   size_t num_data)
+krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                   krb5_keyusage usage, const krb5_data *cipher_state,
+                   krb5_crypto_iov *data, size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_encrypt_iov(context, key, usage, cipher_state, data,
-			     num_data);
+                             num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/encrypt_length.c b/src/lib/crypto/krb/encrypt_length.c
index f2aad02..be99f17 100644
--- a/src/lib/crypto/krb/encrypt_length.c
+++ b/src/lib/crypto/krb/encrypt_length.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,22 +31,19 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype,
-		      size_t inputlen, size_t *length)
+                      size_t inputlen, size_t *length)
 {
     const struct krb5_keytypes *ktp;
+    unsigned int header_len = 0, padding_len = 0, trailer_len = 0;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
-    if (ktp->encrypt_len == NULL) {
-	assert(ktp->aead != NULL);
-
-	krb5int_c_encrypt_length_aead_compat(ktp->aead, ktp->enc, ktp->hash,
-					     inputlen, length);
-    } else {
-	(*ktp->encrypt_len)(ktp->enc, ktp->hash, inputlen, length);
-    }
+    header_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_HEADER);
+    padding_len = krb5int_c_padding_length(ktp, inputlen);
+    trailer_len = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_TRAILER);
 
+    *length = header_len + inputlen + padding_len + trailer_len;
     return 0;
 }
diff --git a/src/lib/crypto/krb/enctype_compare.c b/src/lib/crypto/krb/enctype_compare.c
index 6d47f9d..3271880 100644
--- a/src/lib/crypto/krb/enctype_compare.c
+++ b/src/lib/crypto/krb/enctype_compare.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,14 +30,14 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2,
-		       krb5_boolean *similar)
+                       krb5_boolean *similar)
 {
     const struct krb5_keytypes *ktp1, *ktp2;
 
     ktp1 = find_enctype(e1);
     ktp2 = find_enctype(e2);
     if (ktp1 == NULL || ktp2 == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     *similar = (ktp1->enc == ktp2->enc && ktp1->str2key == ktp2->str2key);
     return 0;
diff --git a/src/lib/crypto/krb/enctype_to_string.c b/src/lib/crypto/krb/enctype_to_string.c
index c408782..f0e8962 100644
--- a/src/lib/crypto/krb/enctype_to_string.c
+++ b/src/lib/crypto/krb/enctype_to_string.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -34,8 +35,8 @@ krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return EINVAL;
+        return EINVAL;
     if (strlcpy(buffer, ktp->out_string, buflen) >= buflen)
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
diff --git a/src/lib/crypto/krb/etypes.c b/src/lib/crypto/krb/etypes.c
index a1acdc0..bd0e896 100644
--- a/src/lib/crypto/krb/etypes.c
+++ b/src/lib/crypto/krb/etypes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -33,7 +34,6 @@
 #include "dk.h"
 #include "prf_int.h"
 #include "arcfour.h"
-#include "aes_s2k.h"
 #include "des/des_int.h"
 
 /* these will be linear searched.  if they ever get big, a binary
@@ -47,51 +47,46 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       "des-cbc-crc", { 0 }, "DES cbc mode with CRC-32",
       &krb5int_enc_des, &krb5int_hash_crc32,
       16,
-      krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
+      krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD5,
-      NULL, /*AEAD*/
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_MD4,
       "des-cbc-md4", { 0 }, "DES cbc mode with RSA-MD4",
       &krb5int_enc_des, &krb5int_hash_md4,
       16,
-      krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
+      krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD4,
-      NULL, /*AEAD*/
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_MD5,
       "des-cbc-md5", { "des" }, "DES cbc mode with RSA-MD5",
       &krb5int_enc_des, &krb5int_hash_md5,
       16,
-      krb5int_old_encrypt_length, krb5int_old_encrypt, krb5int_old_decrypt,
+      krb5int_old_crypto_length, krb5int_old_encrypt, krb5int_old_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
       CKSUMTYPE_RSA_MD5,
-      NULL, /*AEAD*/
       ETYPE_WEAK },
     { ENCTYPE_DES_CBC_RAW,
       "des-cbc-raw", { 0 }, "DES cbc mode raw",
       &krb5int_enc_des, NULL,
       16,
-      krb5_raw_encrypt_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
+      krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
       krb5int_des_string_to_key,
       krb5int_des_prf,
       0,
-      &krb5int_aead_raw,
       ETYPE_WEAK },
     { ENCTYPE_DES3_CBC_RAW,
       "des3-cbc-raw", { 0 }, "Triple DES cbc mode raw",
       &krb5int_enc_des3, NULL,
       16,
-      krb5_raw_encrypt_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
+      krb5int_raw_crypto_length, krb5int_raw_encrypt, krb5int_raw_decrypt,
       krb5int_dk_string_to_key,
       NULL, /*PRF*/
       0,
-      &krb5int_aead_raw,
       ETYPE_WEAK },
 
     { ENCTYPE_DES3_CBC_SHA1,
@@ -99,22 +94,20 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       "Triple DES cbc mode with HMAC/sha1",
       &krb5int_enc_des3, &krb5int_hash_sha1,
       16,
-      krb5int_dk_encrypt_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
+      krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_dk_string_to_key,
       krb5int_dk_prf,
       CKSUMTYPE_HMAC_SHA1_DES3,
-      &krb5int_aead_dk,
       0 /*flags*/ },
 
     { ENCTYPE_DES_HMAC_SHA1,
       "des-hmac-sha1", { 0 }, "DES with HMAC/sha1",
       &krb5int_enc_des, &krb5int_hash_sha1,
       8,
-      krb5int_dk_encrypt_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
+      krb5int_dk_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_dk_string_to_key,
       NULL, /*PRF*/
       0,
-      NULL,
       ETYPE_WEAK },
     { ENCTYPE_ARCFOUR_HMAC,
       "arcfour-hmac", { "rc4-hmac", "arcfour-hmac-md5" },
@@ -122,11 +115,10 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       &krb5int_enc_arcfour,
       &krb5int_hash_md5,
       20,
-      krb5int_arcfour_encrypt_length, krb5int_arcfour_encrypt,
+      krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       krb5int_arcfour_prf, /*PRF*/
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
-      &krb5int_aead_arcfour,
       0 /*flags*/ },
     { ENCTYPE_ARCFOUR_HMAC_EXP,
       "arcfour-hmac-exp", { "rc4-hmac-exp", "arcfour-hmac-md5-exp" },
@@ -134,11 +126,10 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       &krb5int_enc_arcfour,
       &krb5int_hash_md5,
       20,
-      krb5int_arcfour_encrypt_length, krb5int_arcfour_encrypt,
+      krb5int_arcfour_crypto_length, krb5int_arcfour_encrypt,
       krb5int_arcfour_decrypt, krb5int_arcfour_string_to_key,
       krb5int_arcfour_prf, /*PRF*/
       CKSUMTYPE_HMAC_MD5_ARCFOUR,
-      &krb5int_aead_arcfour,
       ETYPE_WEAK
     },
 
@@ -147,22 +138,20 @@ const struct krb5_keytypes krb5int_enctypes_list[] = {
       "AES-128 CTS mode with 96-bit SHA-1 HMAC",
       &krb5int_enc_aes128, &krb5int_hash_sha1,
       16,
-      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_aes_string_to_key,
       krb5int_dk_prf,
       CKSUMTYPE_HMAC_SHA1_96_AES128,
-      &krb5int_aead_aes,
       0 /*flags*/ },
     { ENCTYPE_AES256_CTS_HMAC_SHA1_96,
       "aes256-cts-hmac-sha1-96", { "aes256-cts" },
       "AES-256 CTS mode with 96-bit SHA-1 HMAC",
       &krb5int_enc_aes256, &krb5int_hash_sha1,
       16,
-      krb5int_aes_encrypt_length, krb5int_aes_dk_encrypt, krb5int_aes_dk_decrypt,
+      krb5int_aes_crypto_length, krb5int_dk_encrypt, krb5int_dk_decrypt,
       krb5int_aes_string_to_key,
       krb5int_dk_prf,
       CKSUMTYPE_HMAC_SHA1_96_AES256,
-      &krb5int_aead_aes,
       0 /*flags*/ },
 };
 
diff --git a/src/lib/crypto/krb/etypes.h b/src/lib/crypto/krb/etypes.h
index 68dcdd4..be737cb 100644
--- a/src/lib/crypto/krb/etypes.h
+++ b/src/lib/crypto/krb/etypes.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -24,32 +25,30 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+#ifndef ETYPES_H
+#define ETYPES_H
+
 #include "k5-int.h"
 
-typedef void (*krb5_encrypt_length_func)(const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 size_t inputlen, size_t *length);
+struct krb5_keytypes;
+
+typedef unsigned int (*crypto_length_func)(const struct krb5_keytypes *ktp,
+                                           krb5_cryptotype type);
 
-typedef krb5_error_code (*krb5_crypt_func)(const struct krb5_enc_provider *enc,
-					   const struct
-					   krb5_hash_provider *hash,
-					   krb5_key key,
-					   krb5_keyusage keyusage,
-					   const krb5_data *ivec,
-					   const krb5_data *input,
-					   krb5_data *output);
+typedef krb5_error_code (*crypt_func)(const struct krb5_keytypes *ktp,
+                                      krb5_key key, krb5_keyusage keyusage,
+                                      const krb5_data *ivec,
+                                      krb5_crypto_iov *data, size_t num_data);
 
-typedef krb5_error_code (*krb5_str2key_func)(const struct
-					     krb5_enc_provider *enc,
-					     const krb5_data *string,
-					     const krb5_data *salt,
-					     const krb5_data *parm,
-					     krb5_keyblock *key);
+typedef krb5_error_code (*str2key_func)(const struct krb5_keytypes *ktp,
+                                        const krb5_data *string,
+                                        const krb5_data *salt,
+                                        const krb5_data *parm,
+                                        krb5_keyblock *key);
 
-typedef krb5_error_code (*krb5_prf_func)(const struct krb5_enc_provider *enc,
-					 const struct krb5_hash_provider *hash,
-					 krb5_key key,
-					 const krb5_data *in, krb5_data *out);
+typedef krb5_error_code (*prf_func)(const struct krb5_keytypes *ktp,
+                                    krb5_key key,
+                                    const krb5_data *in, krb5_data *out);
 
 struct krb5_keytypes {
     krb5_enctype etype;
@@ -59,13 +58,12 @@ struct krb5_keytypes {
     const struct krb5_enc_provider *enc;
     const struct krb5_hash_provider *hash;
     size_t prf_length;
-    krb5_encrypt_length_func encrypt_len;
-    krb5_crypt_func encrypt;
-    krb5_crypt_func decrypt;
-    krb5_str2key_func str2key;
-    krb5_prf_func prf;
+    crypto_length_func crypto_length;
+    crypt_func encrypt;
+    crypt_func decrypt;
+    str2key_func str2key;
+    prf_func prf;
     krb5_cksumtype required_ctype;
-    const struct krb5_aead_provider *aead;
     krb5_flags flags;
 };
 
@@ -80,11 +78,13 @@ find_enctype(krb5_enctype enctype)
     int i;
 
     for (i = 0; i < krb5int_enctypes_length; i++) {
-	if (krb5int_enctypes_list[i].etype == enctype)
-	    break;
+        if (krb5int_enctypes_list[i].etype == enctype)
+            break;
     }
 
     if (i == krb5int_enctypes_length)
-	return NULL;
+        return NULL;
     return &krb5int_enctypes_list[i];
 }
+
+#endif
diff --git a/src/lib/crypto/krb/key.c b/src/lib/crypto/krb/key.c
index 43d9ce6..2fabd3a 100644
--- a/src/lib/crypto/krb/key.c
+++ b/src/lib/crypto/krb/key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -35,7 +36,7 @@
 /* Create a krb5_key from the enctype and key data in a keyblock. */
 krb5_error_code KRB5_CALLCONV
 krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
-		  krb5_key *out)
+                  krb5_key *out)
 {
     krb5_key key = NULL;
     krb5_error_code code;
@@ -44,10 +45,10 @@ krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data,
 
     key = malloc(sizeof(*key));
     if (key == NULL)
-	return ENOMEM;
+        return ENOMEM;
     code = krb5int_c_copy_keyblock_contents(context, key_data, &key->keyblock);
     if (code)
-	goto cleanup;
+        goto cleanup;
 
     key->refcount = 1;
     key->derived = NULL;
@@ -62,7 +63,8 @@ cleanup:
 void KRB5_CALLCONV
 krb5_k_reference_key(krb5_context context, krb5_key key)
 {
-    key->refcount++;
+    if (key)
+        key->refcount++;
 }
 
 /* Free the memory used by a krb5_key. */
@@ -72,14 +74,14 @@ krb5_k_free_key(krb5_context context, krb5_key key)
     struct derived_key *dk;
 
     if (key == NULL || --key->refcount > 0)
-	return;
+        return;
 
     /* Free the derived key cache. */
     while ((dk = key->derived) != NULL) {
-	key->derived = dk->next;
-	free(dk->constant.data);
-	krb5_k_free_key(context, dk->dkey);
-	free(dk);
+        key->derived = dk->next;
+        free(dk->constant.data);
+        krb5_k_free_key(context, dk->dkey);
+        free(dk);
     }
     krb5int_c_free_keyblock_contents(context, &key->keyblock);
     free(key);
@@ -88,7 +90,7 @@ krb5_k_free_key(krb5_context context, krb5_key key)
 /* Retrieve a copy of the keyblock from a krb5_key. */
 krb5_error_code KRB5_CALLCONV
 krb5_k_key_keyblock(krb5_context context, krb5_key key,
-		    krb5_keyblock **key_data)
+                    krb5_keyblock **key_data)
 {
     return krb5int_c_copy_keyblock(context, &key->keyblock, key_data);
 }
diff --git a/src/lib/crypto/krb/keyblocks.c b/src/lib/crypto/krb/keyblocks.c
index d9db694..732a877 100644
--- a/src/lib/crypto/krb/keyblocks.c
+++ b/src/lib/crypto/krb/keyblocks.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/keyblocks.c
  *
@@ -35,7 +36,7 @@
 
 krb5_error_code
 krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
-			size_t length, krb5_keyblock **out)
+                        size_t length, krb5_keyblock **out)
 {
     krb5_keyblock *kb;
 
@@ -44,18 +45,18 @@ krb5int_c_init_keyblock(krb5_context context, krb5_enctype enctype,
 
     kb = malloc(sizeof(krb5_keyblock));
     if (kb == NULL)
-	return ENOMEM;
+        return ENOMEM;
     kb->magic = KV5M_KEYBLOCK;
     kb->enctype = enctype;
     kb->length = length;
     if (length) {
-	kb->contents = malloc(length);
-	if (!kb->contents) {
-	    free(kb);
-	    return ENOMEM;
-	}
+        kb->contents = malloc(length);
+        if (!kb->contents) {
+            free(kb);
+            return ENOMEM;
+        }
     } else {
-	kb->contents = NULL;
+        kb->contents = NULL;
     }
 
     *out = kb;
@@ -73,14 +74,14 @@ void
 krb5int_c_free_keyblock_contents(krb5_context context, krb5_keyblock *key)
 {
     if (key && key->contents) {
-	zapfree(key->contents, key->length);
-	key->contents = NULL;
+        zapfree(key->contents, key->length);
+        key->contents = NULL;
     }
 }
 
 krb5_error_code
 krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
-			krb5_keyblock **to)
+                        krb5_keyblock **to)
 {
     krb5_keyblock *new_key;
     krb5_error_code code;
@@ -88,11 +89,11 @@ krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
     *to = NULL;
     new_key = malloc(sizeof(*new_key));
     if (!new_key)
-	return ENOMEM;
+        return ENOMEM;
     code = krb5int_c_copy_keyblock_contents(context, from, new_key);
     if (code) {
-	free(new_key);
-	return code;
+        free(new_key);
+        return code;
     }
     *to = new_key;
     return 0;
@@ -100,7 +101,7 @@ krb5int_c_copy_keyblock(krb5_context context, const krb5_keyblock *from,
 
 krb5_error_code
 krb5int_c_copy_keyblock_contents(krb5_context context,
-				 const krb5_keyblock *from, krb5_keyblock *to)
+                                 const krb5_keyblock *from, krb5_keyblock *to)
 {
     *to = *from;
     if (to->length) {
diff --git a/src/lib/crypto/krb/keyed_checksum_types.c b/src/lib/crypto/krb/keyed_checksum_types.c
index 4da6e25..3cd1ebc 100644
--- a/src/lib/crypto/krb/keyed_checksum_types.c
+++ b/src/lib/crypto/krb/keyed_checksum_types.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,44 +30,46 @@
 #include "cksumtypes.h"
 
 static krb5_boolean
-etype_match(krb5_enctype e1, krb5_enctype e2)
+is_keyed_for(const struct krb5_cksumtypes *ctp,
+             const struct krb5_keytypes *ktp)
 {
-    const struct krb5_keytypes *ktp1, *ktp2;
-
-    ktp1 = find_enctype(e1);
-    ktp2 = find_enctype(e2);
-    return (ktp1 != NULL && ktp2 != NULL && ktp1->enc == ktp2->enc);
+    if (ctp->flags & CKSUM_UNKEYED)
+        return FALSE;
+    return (!ctp->enc || ktp->enc == ctp->enc);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype,
-			    unsigned int *count, krb5_cksumtype **cksumtypes)
+                            unsigned int *count, krb5_cksumtype **cksumtypes)
 {
     unsigned int i, c, nctypes;
     krb5_cksumtype *ctypes;
-    const struct krb5_cksumtypes *ct;
+    const struct krb5_cksumtypes *ctp;
+    const struct krb5_keytypes *ktp;
 
     *count = 0;
     *cksumtypes = NULL;
 
+    ktp = find_enctype(enctype);
+    if (ktp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
     nctypes = 0;
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ct = &krb5int_cksumtypes_list[i];
-	if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
-	    (ct->flags & KRB5_CKSUMFLAG_DERIVE))
-	    nctypes++;
+        ctp = &krb5int_cksumtypes_list[i];
+        if (is_keyed_for(ctp, ktp))
+            nctypes++;
     }
 
     ctypes = malloc(nctypes * sizeof(krb5_cksumtype));
     if (ctypes == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     c = 0;
     for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ct = &krb5int_cksumtypes_list[i];
-	if ((ct->keyhash && etype_match(ct->keyed_etype, enctype)) ||
-	    (ct->flags & KRB5_CKSUMFLAG_DERIVE))
-	    ctypes[c++] = krb5int_cksumtypes_list[i].ctype;
+        ctp = &krb5int_cksumtypes_list[i];
+        if (is_keyed_for(ctp, ktp))
+            ctypes[c++] = ctp->ctype;
     }
 
     *count = nctypes;
diff --git a/src/lib/crypto/krb/keyed_cksum.c b/src/lib/crypto/krb/keyed_cksum.c
index ac49ef6..b6d3e3d 100644
--- a/src/lib/crypto/krb/keyed_cksum.c
+++ b/src/lib/crypto/krb/keyed_cksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,17 +31,10 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
 {
-    unsigned int i;
     const struct krb5_cksumtypes *ctp;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	ctp = &krb5int_cksumtypes_list[i];
-	if (ctp->ctype == ctype) {
-	    return (ctp->keyhash != NULL ||
-		    (ctp->flags & KRB5_CKSUMFLAG_DERIVE));
-	}
-    }
-
-    /* Invalid ctype.  This is misleading, but better than dumping core. */
-    return FALSE;
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL)
+        return FALSE;
+    return !(ctp->flags & CKSUM_UNKEYED);
 }
diff --git a/src/lib/crypto/krb/keylengths.c b/src/lib/crypto/krb/keylengths.c
index f38a28c..fa65be1 100644
--- a/src/lib/crypto/krb/keylengths.c
+++ b/src/lib/crypto/krb/keylengths.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
@@ -37,21 +38,21 @@
  */
 krb5_error_code KRB5_CALLCONV
 krb5_c_keylengths(krb5_context context, krb5_enctype enctype,
-		  size_t *keybytes, size_t *keylength)
+                  size_t *keybytes, size_t *keylength)
 {
     const struct krb5_keytypes *ktp;
 
     if (keybytes == NULL && keylength == NULL)
-	return EINVAL;
+        return EINVAL;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
 
     if (keybytes)
-	*keybytes = ktp->enc->keybytes;
+        *keybytes = ktp->enc->keybytes;
     if (keylength)
-	*keylength = ktp->enc->keylength;
+        *keylength = ktp->enc->keylength;
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/make_checksum.c b/src/lib/crypto/krb/make_checksum.c
index 06a5247..d0dc622 100644
--- a/src/lib/crypto/krb/make_checksum.c
+++ b/src/lib/crypto/krb/make_checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,105 +30,71 @@
 #include "etypes.h"
 #include "dk.h"
 
+/* A 0 checksum type means use the mandatory checksum. */
+
 krb5_error_code KRB5_CALLCONV
 krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *input, krb5_checksum *cksum)
+                     krb5_key key, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
 {
-    unsigned int i;
     const struct krb5_cksumtypes *ctp;
-    const struct krb5_keytypes *ktp1, *ktp2;
-    const struct krb5_keyhash_provider *keyhash;
-    krb5_data data;
+    krb5_crypto_iov iov;
+    krb5_data cksum_data;
     krb5_octet *trunc;
     krb5_error_code ret;
-    size_t cksumlen;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
+    if (cksumtype == 0) {
+        ret = krb5int_c_mandatory_cksumtype(context, key->keyblock.enctype,
+                                            &cksumtype);
+        if (ret != 0)
+            return ret;
     }
-    if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
-    ctp = &krb5int_cksumtypes_list[i];
-
-    if (ctp->keyhash != NULL)
-	cksumlen = ctp->keyhash->hashsize;
-    else
-	cksumlen = ctp->hash->hashsize;
-
-    cksum->length = cksumlen;
-    cksum->contents = malloc(cksum->length);
-    if (cksum->contents == NULL)
-	return ENOMEM;
-
-    data.length = cksum->length;
-    data.data = (char *) cksum->contents;
-
-    if (ctp->keyhash) {
-	/* check if key is compatible */
-	if (ctp->keyed_etype) {
-	    ktp1 = find_enctype(ctp->keyed_etype);
-	    ktp2 = key ? find_enctype(key->keyblock.enctype) : NULL;
-	    if (ktp1 == NULL || ktp2 == NULL || ktp1->enc != ktp2->enc) {
-		ret = KRB5_BAD_ENCTYPE;
-		goto cleanup;
-	    }
-	}
-
-	keyhash = ctp->keyhash;
-	if (keyhash->hash == NULL) {
-	    krb5_crypto_iov iov[1];
-
-	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-	    iov[0].data.data = input->data;
-	    iov[0].data.length = input->length;
-
-	    assert(keyhash->hash_iov != NULL);
-
-	    ret = (*keyhash->hash_iov)(key, usage, 0, iov, 1, &data);
-	} else {
-	    ret = (*keyhash->hash)(key, usage, 0, input, &data);
-	}
-    } else if (ctp->flags & KRB5_CKSUMFLAG_DERIVE) {
-	ret = krb5int_dk_make_checksum(ctp->hash, key, usage, input, &data);
-    } else {
-	/* No key is used. */
-	ret = (*ctp->hash->hash)(1, input, &data);
-    }
-
-    if (!ret) {
-	cksum->magic = KV5M_CHECKSUM;
-	cksum->checksum_type = cksumtype;
-	if (ctp->trunc_size) {
-	    cksum->length = ctp->trunc_size;
-	    trunc = realloc(cksum->contents, cksum->length);
-	    if (trunc)
-		cksum->contents = trunc;
-	}
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
+
+    ret = alloc_data(&cksum_data, ctp->compute_size);
+    if (ret != 0)
+        return ret;
+
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *input;
+    ret = ctp->checksum(ctp, key, usage, &iov, 1, &cksum_data);
+    if (ret != 0)
+        goto cleanup;
+
+    cksum->magic = KV5M_CHECKSUM;
+    cksum->checksum_type = cksumtype;
+    cksum->length = ctp->output_size;
+    cksum->contents = (krb5_octet *) cksum_data.data;
+    cksum_data.data = NULL;
+    if (ctp->output_size < ctp->compute_size) {
+        trunc = realloc(cksum->contents, ctp->output_size);
+        if (trunc != NULL)
+            cksum->contents = trunc;
     }
 
 cleanup:
-    if (ret) {
-	zapfree(cksum->contents, cksum->length);
-	cksum->contents = NULL;
-    }
-
+    zapfree(cksum_data.data, ctp->compute_size);
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
-		     const krb5_keyblock *keyblock, krb5_keyusage usage,
-		     const krb5_data *input, krb5_checksum *cksum)
+                     const krb5_keyblock *keyblock, krb5_keyusage usage,
+                     const krb5_data *input, krb5_checksum *cksum)
 {
     krb5_key key = NULL;
     krb5_error_code ret;
 
     if (keyblock != NULL) {
-	ret = krb5_k_create_key(context, keyblock, &key);
-	if (ret != 0)
-	    return ret;
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
     }
     ret = krb5_k_make_checksum(context, cksumtype, key, usage, input, cksum);
     krb5_k_free_key(context, key);
diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c
index 192f910..dcffa48 100644
--- a/src/lib/crypto/krb/make_checksum_iov.c
+++ b/src/lib/crypto/krb/make_checksum_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/make_checksum_iov.c
  *
@@ -30,74 +31,61 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_make_checksum_iov(krb5_context context,
-			 krb5_cksumtype cksumtype,
-			 krb5_key key,
-			 krb5_keyusage usage,
-			 krb5_crypto_iov *data,
-			 size_t num_data)
+                         krb5_cksumtype cksumtype,
+                         krb5_key key,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
 {
-    unsigned int i;
-    size_t cksumlen;
     krb5_error_code ret;
     krb5_data cksum_data;
     krb5_crypto_iov *checksum;
     const struct krb5_cksumtypes *ctp;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksumtype)
-	    break;
-    }
-    if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
-    ctp = &krb5int_cksumtypes_list[i];
+    ctp = find_cksumtype(cksumtype);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
-    if (ctp->keyhash != NULL)
-	cksum_data.length = ctp->keyhash->hashsize;
-    else
-	cksum_data.length = ctp->hash->hashsize;
-
-    if (ctp->trunc_size != 0)
-	cksumlen = ctp->trunc_size;
-    else
-	cksumlen = cksum_data.length;
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
 
     checksum = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_CHECKSUM);
-    if (checksum == NULL || checksum->data.length < cksumlen)
-	return(KRB5_BAD_MSIZE);
+    if (checksum == NULL || checksum->data.length < ctp->output_size)
+        return(KRB5_BAD_MSIZE);
 
-    cksum_data.data = malloc(cksum_data.length);
-    if (cksum_data.data == NULL)
-	return(ENOMEM);
+    ret = alloc_data(&cksum_data, ctp->compute_size);
+    if (ret != 0)
+        return ret;
 
-    ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i],
-				      key, usage, data, num_data,
-				      &cksum_data);
-    if (ret == 0) {
-	memcpy(checksum->data.data, cksum_data.data, cksumlen);
-	checksum->data.length = cksumlen;
-    }
+    ret = ctp->checksum(ctp, key, usage, data, num_data, &cksum_data);
+    if (ret != 0)
+        goto cleanup;
 
-    free(cksum_data.data);
+    memcpy(checksum->data.data, cksum_data.data, ctp->output_size);
+    checksum->data.length = ctp->output_size;
 
-    return(ret);
+cleanup:
+    zapfree(cksum_data.data, ctp->compute_size);
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_checksum_iov(krb5_context context,
-			 krb5_cksumtype cksumtype,
-			 const krb5_keyblock *keyblock,
-			 krb5_keyusage usage,
-			 krb5_crypto_iov *data,
-			 size_t num_data)
+                         krb5_cksumtype cksumtype,
+                         const krb5_keyblock *keyblock,
+                         krb5_keyusage usage,
+                         krb5_crypto_iov *data,
+                         size_t num_data)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_make_checksum_iov(context, cksumtype, key, usage,
-				   data, num_data);
+                                   data, num_data);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/make_random_key.c b/src/lib/crypto/krb/make_random_key.c
index de2e6bb..a236844 100644
--- a/src/lib/crypto/krb/make_random_key.c
+++ b/src/lib/crypto/krb/make_random_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,7 +30,7 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
-		       krb5_keyblock *random_key)
+                       krb5_keyblock *random_key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
@@ -40,7 +41,7 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     keybytes = enc->keybytes;
@@ -48,17 +49,17 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
     bytes = k5alloc(keybytes, &ret);
     if (ret)
-	return ret;
+        return ret;
     random_key->contents = k5alloc(keylength, &ret);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     random_data.data = (char *) bytes;
     random_data.length = keybytes;
 
     ret = krb5_c_random_make_octets(context, &random_data);
     if (ret)
-	goto cleanup;
+        goto cleanup;
 
     random_key->magic = KV5M_KEYBLOCK;
     random_key->enctype = enctype;
@@ -68,8 +69,8 @@ krb5_c_make_random_key(krb5_context context, krb5_enctype enctype,
 
 cleanup:
     if (ret) {
-	zapfree(random_key->contents, keylength);
-	random_key->contents = NULL;
+        zapfree(random_key->contents, keylength);
+        random_key->contents = NULL;
     }
     zapfree(bytes, keybytes);
     return ret;
diff --git a/src/lib/crypto/krb/mandatory_sumtype.c b/src/lib/crypto/krb/mandatory_sumtype.c
index e3e3707..3adeaf2 100644
--- a/src/lib/crypto/krb/mandatory_sumtype.c
+++ b/src/lib/crypto/krb/mandatory_sumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2003 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -27,13 +28,13 @@
 
 krb5_error_code
 krb5int_c_mandatory_cksumtype(krb5_context ctx, krb5_enctype etype,
-			      krb5_cksumtype *cksumtype)
+                              krb5_cksumtype *cksumtype)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(etype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *cksumtype = ktp->required_ctype;
     return 0;
 }
diff --git a/src/lib/crypto/krb/nfold.c b/src/lib/crypto/krb/nfold.c
index 976e131..11082ac 100644
--- a/src/lib/crypto/krb/nfold.c
+++ b/src/lib/crypto/krb/nfold.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,24 +31,24 @@
 #endif
 
 /*
-n-fold(k-bits):
-  l = lcm(n,k)
-  r = l/k
-  s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
-  compute the 1's complement sum:
-	n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
-*/
+ * n-fold(k-bits):
+ * l = lcm(n,k)
+ * r = l/k
+ * s = k-bits | k-bits rot 13 | k-bits rot 13*2 | ... | k-bits rot 13*(r-1)
+ * compute the 1's complement sum:
+ * n-fold = s[0..n-1]+s[n..2n-1]+s[2n..3n-1]+..+s[(k-1)*n..k*n-1]
+ */
 
 /* representation: msb first, assume n and k are multiples of 8, and
-   that k>=16.  this is the case of all the cryptosystems which are
-   likely to be used.  this function can be replaced if that
-   assumption ever fails.  */
+ * that k>=16.  this is the case of all the cryptosystems which are
+ * likely to be used.  this function can be replaced if that
+ * assumption ever fails.  */
 
 /* input length is in bits */
 
 void
 krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits,
-	   unsigned char *out)
+              unsigned char *out)
 {
     int a,b,c,lcm;
     int byte, i, msbit;
@@ -64,9 +65,9 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits
     b = inbits;
 
     while(b != 0) {
-	c = b;
-	b = a%b;
-	a = c;
+        c = b;
+        b = a%b;
+        a = c;
     }
 
     lcm = outbits*inbits/a;
@@ -79,51 +80,51 @@ krb5int_nfold(unsigned int inbits, const unsigned char *in, unsigned int outbits
     /* this will end up cycling through k lcm(k,n)/k times, which
        is correct */
     for (i=lcm-1; i>=0; i--) {
-	/* compute the msbit in k which gets added into this byte */
-	msbit = (/* first, start with the msbit in the first, unrotated
-		    byte */
-		 ((inbits<<3)-1)
-		 /* then, for each byte, shift to the right for each
-		    repetition */
-		 +(((inbits<<3)+13)*(i/inbits))
-		 /* last, pick out the correct byte within that
-		    shifted repetition */
-		 +((inbits-(i%inbits))<<3)
-		 )%(inbits<<3);
-
-	/* pull out the byte value itself */
-	byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
-		  (in[((inbits)-(msbit>>3))%inbits]))
-		 >>((msbit&7)+1))&0xff;
-
-	/* do the addition */
-	byte += out[i%outbits];
-	out[i%outbits] = byte&0xff;
+        /* compute the msbit in k which gets added into this byte */
+        msbit = (/* first, start with the msbit in the first, unrotated
+                    byte */
+            ((inbits<<3)-1)
+            /* then, for each byte, shift to the right for each
+               repetition */
+            +(((inbits<<3)+13)*(i/inbits))
+            /* last, pick out the correct byte within that
+               shifted repetition */
+            +((inbits-(i%inbits))<<3)
+        )%(inbits<<3);
+
+        /* pull out the byte value itself */
+        byte += (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
+                  (in[((inbits)-(msbit>>3))%inbits]))
+                 >>((msbit&7)+1))&0xff;
+
+        /* do the addition */
+        byte += out[i%outbits];
+        out[i%outbits] = byte&0xff;
 
 #if 0
-	printf("msbit[%d] = %d\tbyte = %02x\tsum = %03x\n", i, msbit,
-	       (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
-		 (in[((inbits)-(msbit>>3))%inbits]))
-		>>((msbit&7)+1))&0xff, byte);
+        printf("msbit[%d] = %d\tbyte = %02x\tsum = %03x\n", i, msbit,
+               (((in[((inbits-1)-(msbit>>3))%inbits]<<8)|
+                 (in[((inbits)-(msbit>>3))%inbits]))
+                >>((msbit&7)+1))&0xff, byte);
 #endif
 
-	/* keep around the carry bit, if any */
-	byte >>= 8;
+        /* keep around the carry bit, if any */
+        byte >>= 8;
 
 #if 0
-	printf("carry=%d\n", byte);
+        printf("carry=%d\n", byte);
 #endif
     }
 
     /* if there's a carry bit left over, add it back in */
     if (byte) {
-	for (i=outbits-1; i>=0; i--) {
-	    /* do the addition */
-	    byte += out[i];
-	    out[i] = byte&0xff;
-
-	    /* keep around the carry bit, if any */
-	    byte >>= 8;
-	}
+        for (i=outbits-1; i>=0; i--) {
+            /* do the addition */
+            byte += out[i];
+            out[i] = byte&0xff;
+
+            /* keep around the carry bit, if any */
+            byte >>= 8;
+        }
     }
 }
diff --git a/src/lib/crypto/krb/old/Makefile.in b/src/lib/crypto/krb/old/Makefile.in
index 4370f1f..cc3c7f6 100644
--- a/src/lib/crypto/krb/old/Makefile.in
+++ b/src/lib/crypto/krb/old/Makefile.in
@@ -1,8 +1,6 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/old
 mydir=lib/crypto/krb/old
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
-LOCALINCLUDES = -I$(srcdir)/../../@CRYPTO_IMPL@/des -I$(srcdir)
+LOCALINCLUDES = -I$(srcdir)/../../@CRYPTO_IMPL@/des -I$(srcdir)/.. -I$(srcdir)
 DEFS=
 
 ##DOS##BUILDTOP = ..\..\..
@@ -12,14 +10,13 @@ DEFS=
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
+RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf
 
-STLIBOBJS= old_decrypt.o old_encrypt.o des_stringtokey.o
+STLIBOBJS= old_aead.o des_stringtokey.o
 
-OBJS= $(OUTPRE)des_stringtokey.$(OBJEXT) $(OUTPRE)old_decrypt.$(OBJEXT) $(OUTPRE)old_encrypt.$(OBJEXT)
+OBJS= $(OUTPRE)des_stringtokey.$(OBJEXT) $(OUTPRE)old_aead.$(OBJEXT)
 
-SRCS= $(srcdir)/des_stringtokey.c $(srcdir)/old_decrypt.c \
-	$(srcdir)/old_encrypt.c
+SRCS= $(srcdir)/des_stringtokey.c $(srcdir)/old_aead.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
diff --git a/src/lib/crypto/krb/old/deps b/src/lib/crypto/krb/old/deps
index 14c35f1..448acd9 100644
--- a/src/lib/crypto/krb/old/deps
+++ b/src/lib/crypto/krb/old/deps
@@ -4,34 +4,25 @@
 des_stringtokey.so des_stringtokey.po $(OUTPRE)des_stringtokey.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../../builtin/des/des_int.h des_stringtokey.c \
+  $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_stringtokey.c \
   old.h
-old_decrypt.so old_decrypt.po $(OUTPRE)old_decrypt.$(OBJEXT): \
+old_aead.so old_aead.po $(OUTPRE)old_aead.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  old.h old_decrypt.c
-old_encrypt.so old_encrypt.po $(OUTPRE)old_encrypt.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  old.h old_encrypt.c
+  $(COM_ERR_DEPS) $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h old.h old_aead.c
diff --git a/src/lib/crypto/krb/old/des_stringtokey.c b/src/lib/crypto/krb/old/des_stringtokey.c
index 6a5c669..71ee0de 100644
--- a/src/lib/crypto/krb/old/des_stringtokey.c
+++ b/src/lib/crypto/krb/old/des_stringtokey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -31,28 +32,27 @@
 /* XXX */
 extern krb5_error_code mit_des_string_to_key_int
 (krb5_keyblock * keyblock,
-		 const krb5_data * data,
-		 const krb5_data * salt);
+ const krb5_data * data,
+ const krb5_data * salt);
 
 krb5_error_code
-krb5int_des_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt, const krb5_data *parm,
-			  krb5_keyblock *key)
+krb5int_des_string_to_key(const struct krb5_keytypes *ktp,
+                          const krb5_data *string, const krb5_data *salt,
+                          const krb5_data *parm, krb5_keyblock *key)
 {
     int type;
-    if (parm ) {
-	if (parm->length != 1)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	type = parm->data[0];
+    if (parm) {
+        if (parm->length != 1)
+            return KRB5_ERR_BAD_S2K_PARAMS;
+        type = parm->data[0];
     }
     else type = 0;
     switch(type) {
     case 0:
-    return(mit_des_string_to_key_int(key, string, salt));
+        return(mit_des_string_to_key_int(key, string, salt));
     case 1:
-	return mit_afs_string_to_key(key, string, salt);
+        return mit_afs_string_to_key(key, string, salt);
     default:
-	return KRB5_ERR_BAD_S2K_PARAMS;
+        return KRB5_ERR_BAD_S2K_PARAMS;
     }
 }
diff --git a/src/lib/crypto/krb/old/old.h b/src/lib/crypto/krb/old/old.h
index 953e61e..d092686 100644
--- a/src/lib/crypto/krb/old/old.h
+++ b/src/lib/crypto/krb/old/old.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -25,28 +26,24 @@
  */
 
 #include "k5-int.h"
+#include "etypes.h"
 
-void krb5int_old_encrypt_length
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		size_t input, size_t *length);
+unsigned int
+krb5int_old_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type);
 
-krb5_error_code krb5int_old_encrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output);
+krb5_error_code
+krb5int_old_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data);
 
-krb5_error_code krb5int_old_decrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *arg_output);
+krb5_error_code
+krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data);
 
-krb5_error_code krb5int_des_string_to_key
-(const struct krb5_enc_provider *enc,
-		const krb5_data *string, const krb5_data *salt,
-		const krb5_data *params,
-		krb5_keyblock *key);
+krb5_error_code krb5int_des_string_to_key(const struct krb5_keytypes *ktp,
+                                          const krb5_data *string,
+                                          const krb5_data *salt,
+                                          const krb5_data *params,
+                                          krb5_keyblock *key);
diff --git a/src/lib/crypto/krb/old/old_aead.c b/src/lib/crypto/krb/old/old_aead.c
new file mode 100644
index 0000000..f7d1f10
--- /dev/null
+++ b/src/lib/crypto/krb/old/old_aead.c
@@ -0,0 +1,192 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+/*
+ * lib/crypto/old/old_aead.c
+ *
+ * Copyright 2008 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ */
+
+
+#include "k5-int.h"
+#include "old.h"
+#include "aead.h"
+
+unsigned int
+krb5int_old_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type)
+{
+    switch (type) {
+    case KRB5_CRYPTO_TYPE_HEADER:
+        return ktp->enc->block_size + ktp->hash->hashsize;
+    case KRB5_CRYPTO_TYPE_PADDING:
+        return ktp->enc->block_size;
+    case KRB5_CRYPTO_TYPE_TRAILER:
+        return 0;
+    case KRB5_CRYPTO_TYPE_CHECKSUM:
+        return ktp->hash->hashsize;
+    default:
+        assert(0 && "invalid cryptotype passed to krb5int_old_crypto_length");
+        return 0;
+    }
+}
+
+krb5_error_code
+krb5int_old_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer, *padding;
+    krb5_data checksum, confounder, crcivec = empty_data();
+    unsigned int plainlen, padsize;
+    size_t i;
+
+    /* E(Confounder | Checksum | Plaintext | Pad) */
+
+    plainlen = enc->block_size + hash->hashsize;
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
+    }
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length < enc->block_size + hash->hashsize)
+        return KRB5_BAD_MSIZE;
+
+    /* Trailer may be absent. */
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL)
+        trailer->data.length = 0;
+
+    /* Check that the input data is correctly padded. */
+    padsize = krb5_roundup(plainlen, enc->block_size) - plainlen;
+    padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
+    if (padsize > 0 && (padding == NULL || padding->data.length < padsize))
+        return KRB5_BAD_MSIZE;
+    if (padding) {
+        padding->data.length = padsize;
+        memset(padding->data.data, 0, padsize);
+    }
+
+    /* Generate a confounder in the header block. */
+    confounder = make_data(header->data.data, enc->block_size);
+    ret = krb5_c_random_make_octets(0, &confounder);
+    if (ret != 0)
+        goto cleanup;
+    checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
+    memset(checksum.data, 0, hash->hashsize);
+
+    /* Checksum the plaintext with zeroed checksum and padding. */
+    ret = hash->hash(data, num_data, &checksum);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Use the key as the ivec for des-cbc-crc if none was provided. */
+    if (key->keyblock.enctype == ENCTYPE_DES_CBC_CRC && ivec == NULL) {
+        ret = alloc_data(&crcivec, key->keyblock.length);
+        memcpy(crcivec.data, key->keyblock.contents, key->keyblock.length);
+        ivec = &crcivec;
+    }
+
+    ret = enc->encrypt(key, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+cleanup:
+    zapfree(crcivec.data, crcivec.length);
+    return ret;
+}
+
+krb5_error_code
+krb5int_old_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
+{
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_error_code ret;
+    krb5_crypto_iov *header, *trailer;
+    krb5_data checksum, crcivec = empty_data();
+    char *saved_checksum = NULL;
+    size_t i;
+    unsigned int cipherlen = 0;
+
+    /* Check that the input data is correctly padded. */
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (ENCRYPT_IOV(iov))
+            cipherlen += iov->data.length;
+    }
+    if (cipherlen % enc->block_size != 0)
+        return KRB5_BAD_MSIZE;
+
+    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
+    if (header == NULL ||
+        header->data.length != enc->block_size + hash->hashsize)
+        return KRB5_BAD_MSIZE;
+
+    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
+    if (trailer != NULL && trailer->data.length != 0)
+        return KRB5_BAD_MSIZE;
+
+    /* Use the key as the ivec for des-cbc-crc if none was provided. */
+    if (key->keyblock.enctype == ENCTYPE_DES_CBC_CRC && ivec == NULL) {
+        ret = alloc_data(&crcivec, key->keyblock.length);
+        memcpy(crcivec.data, key->keyblock.contents, key->keyblock.length);
+        ivec = &crcivec;
+    }
+
+    /* Decrypt the ciphertext. */
+    ret = enc->decrypt(key, ivec, data, num_data);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Save the checksum, then zero it out in the plaintext. */
+    checksum = make_data(header->data.data + enc->block_size, hash->hashsize);
+    saved_checksum = k5alloc(hash->hashsize, &ret);
+    if (saved_checksum == NULL)
+        goto cleanup;
+    memcpy(saved_checksum, checksum.data, checksum.length);
+    memset(checksum.data, 0, checksum.length);
+
+    /*
+     * Checksum the plaintext (with zeroed checksum field), storing the result
+     * back into the plaintext field we just zeroed out.  Then compare it to
+     * the saved checksum.
+     */
+    ret = hash->hash(data, num_data, &checksum);
+    if (memcmp(checksum.data, saved_checksum, checksum.length) != 0) {
+        ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        goto cleanup;
+    }
+
+cleanup:
+    zapfree(crcivec.data, crcivec.length);
+    zapfree(saved_checksum, hash->hashsize);
+    return ret;
+}
diff --git a/src/lib/crypto/krb/old/old_decrypt.c b/src/lib/crypto/krb/old/old_decrypt.c
deleted file mode 100644
index 97fbe6d..0000000
--- a/src/lib/crypto/krb/old/old_decrypt.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "old.h"
-
-krb5_error_code
-krb5int_old_decrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key,
-		 krb5_keyusage usage,
-		 const krb5_data *ivec,
-		 const krb5_data *input,
-		 krb5_data *arg_output)
-{
-    krb5_error_code ret;
-    size_t blocksize, hashsize, plainsize;
-    unsigned char *cksumdata, *cn;
-    krb5_data output, cksum, crcivec;
-    int alloced;
-
-    blocksize = enc->block_size;
-    hashsize = hash->hashsize;
-
-    plainsize = input->length - blocksize - hashsize;
-
-    if (arg_output->length < plainsize)
-	return(KRB5_BAD_MSIZE);
-
-    /* if there's enough space to work in the app buffer, use it,
-       otherwise allocate our own */
-
-    if ((cksumdata = (unsigned char *) malloc(hashsize)) == NULL)
-	return(ENOMEM);
-
-    if (arg_output->length < input->length) {
-	output.length = input->length;
-
-	if ((output.data = (char *) malloc(output.length)) == NULL) {
-	    free(cksumdata);
-	    return(ENOMEM);
-	}
-
-	alloced = 1;
-    } else {
-	output.length = input->length;
-
-	output.data = arg_output->data;
-
-	alloced = 0;
-    }
-
-    /* decrypt it */
-
-    /* save last ciphertext block in case we decrypt in place */
-    if (ivec != NULL && ivec->length == blocksize) {
-	cn = malloc(blocksize);
-	if (cn == NULL) {
-	    ret = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(cn, input->data + input->length - blocksize, blocksize);
-    } else
-	cn = NULL;
-
-    /* XXX this is gross, but I don't have much choice */
-    if ((key->keyblock.enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
-	crcivec.length = key->keyblock.length;
-	crcivec.data = (char *) key->keyblock.contents;
-	ivec = &crcivec;
-    }
-
-    if ((ret = ((*(enc->decrypt))(key, ivec, input, &output))))
-	goto cleanup;
-
-    /* verify the checksum */
-
-    memcpy(cksumdata, output.data+blocksize, hashsize);
-    memset(output.data+blocksize, 0, hashsize);
-
-    cksum.length = hashsize;
-    cksum.data = output.data+blocksize;
-
-    if ((ret = ((*(hash->hash))(1, &output, &cksum))))
-	goto cleanup;
-
-    if (memcmp(cksum.data, cksumdata, cksum.length) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
-    }
-
-    /* copy the plaintext around */
-
-    if (alloced) {
-	memcpy(arg_output->data, output.data+blocksize+hashsize,
-	       plainsize);
-    } else {
-	memmove(arg_output->data, arg_output->data+blocksize+hashsize,
-		plainsize);
-    }
-    arg_output->length = plainsize;
-
-    /* update ivec */
-    if (cn != NULL)
-	memcpy(ivec->data, cn, blocksize);
-
-    ret = 0;
-
-cleanup:
-    if (alloced) {
-	memset(output.data, 0, output.length);
-	free(output.data);
-    }
-
-    if (cn != NULL)
-	free(cn);
-    memset(cksumdata, 0, hashsize);
-    free(cksumdata);
-    return(ret);
-}
diff --git a/src/lib/crypto/krb/old/old_encrypt.c b/src/lib/crypto/krb/old/old_encrypt.c
deleted file mode 100644
index 137d6ed..0000000
--- a/src/lib/crypto/krb/old/old_encrypt.c
+++ /dev/null
@@ -1,110 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "old.h"
-
-void
-krb5int_old_encrypt_length(const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			size_t inputlen,
-			size_t *length)
-{
-    size_t blocksize, hashsize;
-
-    blocksize = enc->block_size;
-    hashsize = hash->hashsize;
-
-    *length = krb5_roundup(blocksize+hashsize+inputlen, blocksize);
-}
-
-krb5_error_code
-krb5int_old_encrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key,
-		 krb5_keyusage usage,
-		 const krb5_data *ivec,
-		 const krb5_data *input,
-		 krb5_data *output)
-{
-    krb5_error_code ret;
-    size_t blocksize, hashsize, enclen;
-    krb5_data datain, crcivec;
-    int real_ivec;
-
-    blocksize = enc->block_size;
-    hashsize = hash->hashsize;
-
-    krb5int_old_encrypt_length(enc, hash, input->length, &enclen);
-
-    if (output->length < enclen)
-	return(KRB5_BAD_MSIZE);
-
-    output->length = enclen;
-
-    /* fill in confounded, padded, plaintext buffer with zero checksum */
-
-    memset(output->data, 0, output->length);
-
-    datain.length = blocksize;
-    datain.data = output->data;
-
-    if ((ret = krb5_c_random_make_octets(/* XXX */ 0, &datain)))
-	return(ret);
-    memcpy(output->data+blocksize+hashsize, input->data, input->length);
-
-    /* compute the checksum */
-
-    datain.length = hashsize;
-    datain.data = output->data+blocksize;
-
-    if ((ret = ((*(hash->hash))(1, output, &datain))))
-	goto cleanup;
-
-    /* encrypt it */
-
-    /* XXX this is gross, but I don't have much choice */
-    if ((key->keyblock.enctype == ENCTYPE_DES_CBC_CRC) && (ivec == 0)) {
-	crcivec.length = key->keyblock.length;
-	crcivec.data = (char *) key->keyblock.contents;
-	ivec = &crcivec;
-	real_ivec = 0;
-    } else
-	real_ivec = 1;
-
-    if ((ret = ((*(enc->encrypt))(key, ivec, output, output))))
-	goto cleanup;
-
-    /* update ivec */
-    if (real_ivec && ivec != NULL && ivec->length == blocksize)
-	memcpy(ivec->data, output->data + output->length - blocksize,
-	       blocksize);
-cleanup:
-    if (ret)
-	memset(output->data, 0, output->length);
-
-    return(ret);
-}
diff --git a/src/lib/crypto/krb/old_api_glue.c b/src/lib/crypto/krb/old_api_glue.c
index c4ee596..c705ff5 100644
--- a/src/lib/crypto/krb/old_api_glue.c
+++ b/src/lib/crypto/krb/old_api_glue.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -38,16 +39,16 @@ krb5_boolean KRB5_CALLCONV is_coll_proof_cksum(krb5_cksumtype ctype);
 krb5_boolean KRB5_CALLCONV is_keyed_cksum(krb5_cksumtype ctype);
 krb5_error_code KRB5_CALLCONV krb5_random_confounder(size_t, krb5_pointer);
 krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_data *data,
-				  krb5_enc_data *enc_data);
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data);
 krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_enc_data *data,
-				  krb5_data *enc_data);
+                                  krb5_pointer ivec, krb5_enc_data *data,
+                                  krb5_data *enc_data);
 
 krb5_error_code KRB5_CALLCONV
 krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
-	     krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
-	     krb5_pointer ivec)
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
 {
     krb5_data inputd, ivecd;
     krb5_enc_data outputd;
@@ -55,12 +56,12 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     /* size is the length of the input cleartext data. */
@@ -73,19 +74,19 @@ krb5_encrypt(krb5_context context, krb5_const_pointer inptr,
      */
     ret = krb5_c_encrypt_length(context, eblock->key->enctype, size, &outlen);
     if (ret)
-	return ret;
+        return ret;
 
     outputd.ciphertext.length = outlen;
     outputd.ciphertext.data = outptr;
 
     return krb5_c_encrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
-			  &inputd, &outputd);
+                          &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
-	     krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
-	     krb5_pointer ivec)
+             krb5_pointer outptr, size_t size, krb5_encrypt_block *eblock,
+             krb5_pointer ivec)
 {
     krb5_enc_data inputd;
     krb5_data outputd, ivecd;
@@ -93,12 +94,12 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     krb5_error_code ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, eblock->key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     /* size is the length of the input ciphertext data */
@@ -113,12 +114,12 @@ krb5_decrypt(krb5_context context, krb5_const_pointer inptr,
     outputd.data = outptr;
 
     return krb5_c_decrypt(context, eblock->key, 0, ivec ? &ivecd : 0,
-			  &inputd, &outputd);
+                          &inputd, &outputd);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_process_key(krb5_context context, krb5_encrypt_block *eblock,
-		 const krb5_keyblock *key)
+                 const krb5_keyblock *key)
 {
     eblock->key = (krb5_keyblock *) key;
 
@@ -133,16 +134,16 @@ krb5_finish_key(krb5_context context, krb5_encrypt_block *eblock)
 
 krb5_error_code KRB5_CALLCONV
 krb5_string_to_key(krb5_context context, const krb5_encrypt_block *eblock,
-		   krb5_keyblock *keyblock, const krb5_data *data,
-		   const krb5_data *salt)
+                   krb5_keyblock *keyblock, const krb5_data *data,
+                   const krb5_data *salt)
 {
     return krb5_c_string_to_key(context, eblock->crypto_entry, data, salt,
-				keyblock);
+                                keyblock);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		     const krb5_keyblock *keyblock, krb5_pointer *ptr)
+                     const krb5_keyblock *keyblock, krb5_pointer *ptr)
 {
     krb5_data data;
 
@@ -154,14 +155,14 @@ krb5_init_random_key(krb5_context context, const krb5_encrypt_block *eblock,
 
 krb5_error_code KRB5_CALLCONV
 krb5_finish_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		       krb5_pointer *ptr)
+                       krb5_pointer *ptr)
 {
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
-		krb5_pointer ptr, krb5_keyblock **keyblock)
+                krb5_pointer ptr, krb5_keyblock **keyblock)
 {
     krb5_keyblock *key;
     krb5_error_code ret;
@@ -170,12 +171,12 @@ krb5_random_key(krb5_context context, const krb5_encrypt_block *eblock,
 
     key = malloc(sizeof(krb5_keyblock));
     if (key == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_make_random_key(context, eblock->crypto_entry, key);
     if (ret) {
-	free(key);
-	return ret;
+        free(key);
+        return ret;
     }
 
     *keyblock = key;
@@ -190,7 +191,7 @@ krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block *eblock)
 
 krb5_error_code KRB5_CALLCONV
 krb5_use_enctype(krb5_context context, krb5_encrypt_block *eblock,
-		 krb5_enctype enctype)
+                 krb5_enctype enctype)
 {
     eblock->crypto_entry = enctype;
 
@@ -203,7 +204,7 @@ krb5_encrypt_size(size_t length, krb5_enctype crypto)
     size_t ret;
 
     if (krb5_c_encrypt_length(NULL, crypto, length, &ret))
-	return (size_t) -1; /* XXX */
+        return (size_t) -1; /* XXX */
 
     return ret;
 }
@@ -214,16 +215,16 @@ krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
     size_t ret;
 
     if (krb5_c_checksum_length(context, ctype, &ret))
-	return (size_t) -1; /* XXX */
+        return (size_t) -1; /* XXX */
 
     return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
-			krb5_const_pointer in, size_t in_length,
-			krb5_const_pointer seed, size_t seed_length,
-			krb5_checksum *outcksum)
+                        krb5_const_pointer in, size_t in_length,
+                        krb5_const_pointer seed, size_t seed_length,
+                        krb5_checksum *outcksum)
 {
     krb5_data input;
     krb5_keyblock key;
@@ -239,12 +240,12 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
 
     ret = krb5_c_make_checksum(context, ctype, &key, 0, &input, &cksum);
     if (ret)
-	return ret;
+        return ret;
 
     if (outcksum->length < cksum.length) {
-	memset(cksum.contents, 0, cksum.length);
-	free(cksum.contents);
-	return KRB5_BAD_MSIZE;
+        memset(cksum.contents, 0, cksum.length);
+        free(cksum.contents);
+        return KRB5_BAD_MSIZE;
     }
 
     outcksum->magic = cksum.magic;
@@ -259,9 +260,9 @@ krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype,
 
 krb5_error_code KRB5_CALLCONV
 krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
-		     const krb5_checksum *cksum, krb5_const_pointer in,
-		     size_t in_length, krb5_const_pointer seed,
-		     size_t seed_length)
+                     const krb5_checksum *cksum, krb5_const_pointer in,
+                     size_t in_length, krb5_const_pointer seed,
+                     size_t seed_length)
 {
     krb5_data input;
     krb5_keyblock key;
@@ -276,10 +277,10 @@ krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype,
 
     ret = krb5_c_verify_checksum(context, &key, 0, &input, cksum, &valid);
     if (ret)
-	return ret;
+        return ret;
 
     if (!valid)
-	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
+        return KRB5KRB_AP_ERR_BAD_INTEGRITY;
 
     return 0;
 }
@@ -296,8 +297,8 @@ krb5_random_confounder(size_t size, krb5_pointer ptr)
 }
 
 krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_data *data,
-				  krb5_enc_data *enc_data)
+                                  krb5_pointer ivec, krb5_data *data,
+                                  krb5_enc_data *enc_data)
 {
     krb5_error_code ret;
     size_t enclen, blocksize;
@@ -305,15 +306,15 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
 
     ret = krb5_c_encrypt_length(context, key->enctype, data->length, &enclen);
     if (ret)
-	return ret;
+        return ret;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     enc_data->magic = KV5M_ENC_DATA;
@@ -322,40 +323,40 @@ krb5_error_code krb5_encrypt_data(krb5_context context, krb5_keyblock *key,
     enc_data->ciphertext.length = enclen;
     enc_data->ciphertext.data = malloc(enclen);
     if (enc_data->ciphertext.data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_encrypt(context, key, 0, ivec ? &ivecd : 0, data, enc_data);
     if (ret)
-	free(enc_data->ciphertext.data);
+        free(enc_data->ciphertext.data);
 
     return ret;
 }
 
 krb5_error_code krb5_decrypt_data(krb5_context context, krb5_keyblock *key,
-				  krb5_pointer ivec, krb5_enc_data *enc_data,
-				  krb5_data *data)
+                                  krb5_pointer ivec, krb5_enc_data *enc_data,
+                                  krb5_data *data)
 {
     krb5_error_code ret;
     krb5_data ivecd;
     size_t blocksize;
 
     if (ivec) {
-	ret = krb5_c_block_size(context, key->enctype, &blocksize);
-	if (ret)
-	    return ret;
+        ret = krb5_c_block_size(context, key->enctype, &blocksize);
+        if (ret)
+            return ret;
 
-	ivecd.length = blocksize;
-	ivecd.data = ivec;
+        ivecd.length = blocksize;
+        ivecd.data = ivec;
     }
 
     data->length = enc_data->ciphertext.length;
     data->data = malloc(data->length);
     if (data->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     ret = krb5_c_decrypt(context, key, 0, ivec ? &ivecd : 0, enc_data, data);
     if (ret)
-	free(data->data);
+        free(data->data);
 
     return 0;
 }
diff --git a/src/lib/crypto/krb/prf.c b/src/lib/crypto/krb/prf.c
index 141390f..e42d363 100644
--- a/src/lib/crypto/krb/prf.c
+++ b/src/lib/crypto/krb/prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/prf.c
  *
@@ -44,35 +45,45 @@ krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)
     assert(len);
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     *len = ktp->prf_length;
     return 0;
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock,
-	   krb5_data *input, krb5_data *output)
+krb5_k_prf(krb5_context context, krb5_key key,
+           krb5_data *input, krb5_data *output)
 {
     const struct krb5_keytypes *ktp;
-    krb5_key key;
     krb5_error_code ret;
 
     assert(input && output);
     assert(output->data);
 
-    ktp = find_enctype(keyblock->enctype);
+    ktp = find_enctype(key->keyblock.enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     if (ktp->prf == NULL)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     output->magic = KV5M_DATA;
     if (ktp->prf_length != output->length)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
+    ret = ktp->prf(ktp, key, input, output);
+    return ret;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock,
+           krb5_data *input, krb5_data *output)
+{
+    krb5_key key;
+    krb5_error_code ret;
+
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
-    ret = (*ktp->prf)(ktp->enc, ktp->hash, key, input, output);
+        return ret;
+    ret = krb5_k_prf(context, key, input, output);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/prf/Makefile.in b/src/lib/crypto/krb/prf/Makefile.in
index 42b14b9..4bcb867 100644
--- a/src/lib/crypto/krb/prf/Makefile.in
+++ b/src/lib/crypto/krb/prf/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/prf
 mydir=lib/crypto/krb/prf
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir) -I$(srcdir)/.. 		\
diff --git a/src/lib/crypto/krb/prf/deps b/src/lib/crypto/krb/prf/deps
index 91fbf74..8fbbe60 100644
--- a/src/lib/crypto/krb/prf/deps
+++ b/src/lib/crypto/krb/prf/deps
@@ -3,33 +3,34 @@
 #
 des_prf.so des_prf.po $(OUTPRE)des_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h des_prf.c prf_int.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h des_prf.c prf_int.h
 dk_prf.so dk_prf.po $(OUTPRE)dk_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../dk/dk.h \
-  dk_prf.c prf_int.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../dk/dk.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dk_prf.c prf_int.h
 rc4_prf.so rc4_prf.po $(OUTPRE)rc4_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../builtin/hash_provider/hash_provider.h \
-  prf_int.h rc4_prf.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/hash_provider/hash_provider.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h prf_int.h rc4_prf.c
diff --git a/src/lib/crypto/krb/prf/des_prf.c b/src/lib/crypto/krb/prf/des_prf.c
index 4713086..a111423 100644
--- a/src/lib/crypto/krb/prf/des_prf.c
+++ b/src/lib/crypto/krb/prf/des_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf//des_prf.c
  *
@@ -30,24 +31,24 @@
  */
 
 #include "prf_int.h"
-//#include <hash_provider/hash_provider.h>		/* XXX is this ok? */
+#include "hash_provider/hash_provider.h"
 
 krb5_error_code
-krb5int_des_prf (const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, const krb5_data *in, krb5_data *out)
+krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                const krb5_data *in, krb5_data *out)
 {
-  krb5_data tmp;
-  krb5_error_code ret = 0;
+    const struct krb5_hash_provider *hash = &krb5int_hash_md5;
+    krb5_crypto_iov iov;
+    krb5_error_code ret;
 
-  hash = &krb5int_hash_md5;		/* MD5 is always used. */
-  tmp.length = hash->hashsize;
-  tmp.data = malloc(hash->hashsize);
-  if (tmp.data == NULL)
-    return ENOMEM;
-  ret = hash->hash(1, in, &tmp);
-  if (ret == 0)
-      ret = enc->encrypt(key, NULL, &tmp, out);
-  free(tmp.data);
-  return ret;
+    /* Compute a hash of the input, storing into the output buffer. */
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    ret = hash->hash(&iov, 1, out);
+    if (ret != 0)
+        return ret;
+
+    /* Encrypt the hash in place. */
+    iov.data = *out;
+    return ktp->enc->encrypt(key, NULL, &iov, 1);
 }
diff --git a/src/lib/crypto/krb/prf/dk_prf.c b/src/lib/crypto/krb/prf/dk_prf.c
index 80f9d50..9851ce7 100644
--- a/src/lib/crypto/krb/prf/dk_prf.c
+++ b/src/lib/crypto/krb/prf/dk_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/dk_prf.c
  *
@@ -33,27 +34,43 @@
 #include <dk.h>
 
 krb5_error_code
-krb5int_dk_prf (const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, const krb5_data *in, krb5_data *out)
+krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
+               const krb5_data *in, krb5_data *out)
 {
-  krb5_data tmp;
-  krb5_data prfconst;
-  krb5_key kp = NULL;
-  krb5_error_code ret = 0;
+    const struct krb5_enc_provider *enc = ktp->enc;
+    const struct krb5_hash_provider *hash = ktp->hash;
+    krb5_crypto_iov iov;
+    krb5_data cksum = empty_data(), prfconst = make_data("prf", 3);
+    krb5_key kp = NULL;
+    krb5_error_code ret;
 
-  prfconst.data = (char *) "prf";
-  prfconst.length = 3;
-  tmp.length = hash->hashsize;
-  tmp.data = malloc(hash->hashsize);
-  if (tmp.data == NULL)
-    return ENOMEM;
-  hash->hash(1, in, &tmp);
-  tmp.length = (tmp.length/enc->block_size)*enc->block_size; /*truncate to block size*/
-  ret = krb5int_derive_key(enc, key, &kp, &prfconst);
-  if (ret == 0)
-      ret = enc->encrypt(kp, NULL, &tmp, out);
-  krb5_k_free_key(NULL, kp);
-  free (tmp.data);
-  return ret;
+    /* Hash the input data into an allocated buffer. */
+    ret = alloc_data(&cksum, hash->hashsize);
+    if (ret != 0)
+        goto cleanup;
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    ret = hash->hash(&iov, 1, &cksum);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Derive a key using the PRF constant. */
+    ret = krb5int_derive_key(ktp->enc, key, &kp, &prfconst);
+    if (ret != 0)
+        goto cleanup;
+
+    /* Truncate the hash to the closest multiple of the block size. */
+    iov.data.data = cksum.data;
+    iov.data.length = (hash->hashsize / enc->block_size) * enc->block_size;
+
+    /* Encrypt the truncated hash in the derived key to get the output. */
+    ret = ktp->enc->encrypt(kp, NULL, &iov, 1);
+    if (ret != 0)
+        goto cleanup;
+    memcpy(out->data, iov.data.data, out->length);
+
+cleanup:
+    zapfree(cksum.data, hash->hashsize);
+    krb5_k_free_key(NULL, kp);
+    return ret;
 }
diff --git a/src/lib/crypto/krb/prf/prf_int.h b/src/lib/crypto/krb/prf/prf_int.h
index e21035f..865f62b 100644
--- a/src/lib/crypto/krb/prf/prf_int.h
+++ b/src/lib/crypto/krb/prf/prf_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/prf_int.h
  *
@@ -28,20 +29,18 @@
 #define PRF_INTERNAL_DEFS
 
 #include "k5-int.h"
+#include "etypes.h"
 
 krb5_error_code
-krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
-                    const struct krb5_hash_provider *hash,
-                    krb5_key key, const krb5_data *in, krb5_data *out);
+krb5int_arcfour_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                    const krb5_data *in, krb5_data *out);
 
 krb5_error_code
-krb5int_des_prf (const struct krb5_enc_provider *enc,
-                const struct krb5_hash_provider *hash,
-                krb5_key key, const krb5_data *in, krb5_data *out);
+krb5int_des_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                const krb5_data *in, krb5_data *out);
 
 krb5_error_code
-krb5int_dk_prf(const struct krb5_enc_provider *enc,
-               const struct krb5_hash_provider *hash,
-               krb5_key key, const krb5_data *in, krb5_data *out);
+krb5int_dk_prf(const struct krb5_keytypes *ktp, krb5_key key,
+               const krb5_data *in, krb5_data *out);
 
 #endif  /*PRF_INTERNAL_DEFS*/
diff --git a/src/lib/crypto/krb/prf/rc4_prf.c b/src/lib/crypto/krb/prf/rc4_prf.c
index caeaa44..e34ab26 100644
--- a/src/lib/crypto/krb/prf/rc4_prf.c
+++ b/src/lib/crypto/krb/prf/rc4_prf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/prf/rc4_prf.c
  *
@@ -30,10 +31,13 @@
 #include <hash_provider/hash_provider.h>
 
 krb5_error_code
-krb5int_arcfour_prf(const struct krb5_enc_provider *enc,
-                    const struct krb5_hash_provider *hash,
-                    krb5_key key, const krb5_data *in, krb5_data *out)
+krb5int_arcfour_prf(const struct krb5_keytypes *ktp, krb5_key key,
+                    const krb5_data *in, krb5_data *out)
 {
+    krb5_crypto_iov iov;
+
     assert(out->length == 20);
-    return krb5int_hmac(&krb5int_hash_sha1, key, 1, in, out);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *in;
+    return krb5int_hmac(&krb5int_hash_sha1, key, &iov, 1, out);
 }
diff --git a/src/lib/crypto/krb/prng.c b/src/lib/crypto/krb/prng.c
index 00534ca..ef32699 100644
--- a/src/lib/crypto/krb/prng.c
+++ b/src/lib/crypto/krb/prng.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2001, 2002, 2004, 2007, 2008 by the Massachusetts Institute of Technology.
  * All rights reserved.
@@ -42,17 +43,17 @@ entropy_estimate(unsigned int randsource, size_t length)
 {
     switch (randsource) {
     case KRB5_C_RANDSOURCE_OLDAPI:
-	return 4 * length;
+        return 4 * length;
     case KRB5_C_RANDSOURCE_OSRAND:
-	return 8 * length;
+        return 8 * length;
     case KRB5_C_RANDSOURCE_TRUSTEDPARTY:
-	return 4 * length;
+        return 4 * length;
     case KRB5_C_RANDSOURCE_TIMING:
-	return 2;
+        return 2;
     case KRB5_C_RANDSOURCE_EXTERNAL_PROTOCOL:
-	return 0;
+        return 0;
     default:
-	abort();
+        abort();
     }
     return 0;
 }
@@ -64,16 +65,16 @@ int krb5int_prng_init(void)
 
     yerr = k5_mutex_finish_init(&yarrow_lock);
     if (yerr)
-	return yerr;
+        return yerr;
 
     yerr = krb5int_yarrow_init (&y_ctx, NULL);
     if (yerr != YARROW_OK && yerr != YARROW_NOT_SEEDED)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
 
     for (i=0; i < KRB5_C_RANDSOURCE_MAX; i++ ) {
-	if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
-	    return KRB5_CRYPTO_INTERNAL;
-	assert (source_id == i);
+        if (krb5int_yarrow_new_source(&y_ctx, &source_id) != YARROW_OK)
+            return KRB5_CRYPTO_INTERNAL;
+        assert (source_id == i);
     }
 
     return 0;
@@ -81,20 +82,20 @@ int krb5int_prng_init(void)
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_add_entropy(krb5_context context, unsigned int randsource,
-			  const krb5_data *data)
+                          const krb5_data *data)
 {
     int yerr;
 
     /* Make sure the mutex got initialized.  */
     yerr = krb5int_crypto_init();
     if (yerr)
-	return yerr;
+        return yerr;
     /* Now, finally, feed in the data.  */
     yerr = krb5int_yarrow_input(&y_ctx, randsource,
-				data->data, data->length,
-				entropy_estimate(randsource, data->length));
+                                data->data, data->length,
+                                entropy_estimate(randsource, data->length));
     if (yerr != YARROW_OK)
-	return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     return 0;
 }
 
@@ -110,12 +111,12 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *data)
     int yerr;
     yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     if (yerr == YARROW_NOT_SEEDED) {
-	yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
-	if (yerr == YARROW_OK)
-	    yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
+        yerr = krb5int_yarrow_reseed(&y_ctx, YARROW_SLOW_POOL);
+        if (yerr == YARROW_OK)
+            yerr = krb5int_yarrow_output(&y_ctx, data->data, data->length);
     }
     if (yerr != YARROW_OK)
-      return KRB5_CRYPTO_INTERNAL;
+        return KRB5_CRYPTO_INTERNAL;
     return 0;
 }
 
@@ -137,7 +138,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
 {
     if (success)
-	*success = 0;
+        *success = 0;
     return 0;
 }
 
@@ -167,28 +168,28 @@ read_entropy_from_device(krb5_context context, const char *device)
 
     fd = open (device, O_RDONLY);
     if (fd == -1)
-	return 0;
+        return 0;
     set_cloexec_fd(fd);
     if (fstat(fd, &sb) == -1 || S_ISREG(sb.st_mode)) {
-	close(fd);
-	return 0;
+        close(fd);
+        return 0;
     }
 
     for (bp = buf, left = sizeof(buf); left > 0;) {
-	ssize_t count;
-	count = read(fd, bp, (unsigned) left);
-	if (count <= 0) {
-	    close(fd);
-	    return 0;
-	}
-	left -= count;
-	bp += count;
+        ssize_t count;
+        count = read(fd, bp, (unsigned) left);
+        if (count <= 0) {
+            close(fd);
+            return 0;
+        }
+        left -= count;
+        bp += count;
     }
     close(fd);
     data.length = sizeof (buf);
     data.data = (char *) buf;
     return (krb5_c_random_add_entropy(context, KRB5_C_RANDSOURCE_OSRAND,
-				      &data) == 0);
+                                      &data) == 0);
 }
 
 krb5_error_code KRB5_CALLCONV
@@ -203,11 +204,11 @@ krb5_c_random_os_entropy(krb5_context context, int strong, int *success)
        we have both /dev/random and /dev/urandom.  We want the strong
        data included in the reseed so we get it first.*/
     if (strong) {
-	if (read_entropy_from_device(context, "/dev/random"))
-	    *oursuccess = 1;
+        if (read_entropy_from_device(context, "/dev/random"))
+            *oursuccess = 1;
     }
     if (read_entropy_from_device(context, "/dev/urandom"))
-	*oursuccess = 1;
+        *oursuccess = 1;
     return 0;
 }
 
diff --git a/src/lib/crypto/krb/rand2key/Makefile.in b/src/lib/crypto/krb/rand2key/Makefile.in
index ad2ed1f..72f14fe 100644
--- a/src/lib/crypto/krb/rand2key/Makefile.in
+++ b/src/lib/crypto/krb/rand2key/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/rand2key
 mydir=lib/crypto/krb/rand2key
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/. -I$(srcdir)/../../@CRYPTO_IMPL@/des
diff --git a/src/lib/crypto/krb/rand2key/aes_rand2key.c b/src/lib/crypto/krb/rand2key/aes_rand2key.c
index c5028e5..4b876bc 100644
--- a/src/lib/crypto/krb/rand2key/aes_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/aes_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/aes_rand2key.c
  *
diff --git a/src/lib/crypto/krb/rand2key/deps b/src/lib/crypto/krb/rand2key/deps
index 52ed9e1..58fdd89 100644
--- a/src/lib/crypto/krb/rand2key/deps
+++ b/src/lib/crypto/krb/rand2key/deps
@@ -4,46 +4,46 @@
 aes_rand2key.so aes_rand2key.po $(OUTPRE)aes_rand2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   aes_rand2key.c rand2key.h
 des_rand2key.so des_rand2key.po $(OUTPRE)des_rand2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../../builtin/des/des_int.h des_rand2key.c \
-  rand2key.h
+  $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_rand2key.c rand2key.h
 des3_rand2key.so des3_rand2key.po $(OUTPRE)des3_rand2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../../builtin/des/des_int.h des3_rand2key.c \
-  rand2key.h
+  $(COM_ERR_DEPS) $(srcdir)/../../builtin/des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des3_rand2key.c rand2key.h
 rc4_rand2key.so rc4_rand2key.po $(OUTPRE)rc4_rand2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   rand2key.h rc4_rand2key.c
diff --git a/src/lib/crypto/krb/rand2key/des3_rand2key.c b/src/lib/crypto/krb/rand2key/des3_rand2key.c
index fe84c3a..31f3f4c 100644
--- a/src/lib/crypto/krb/rand2key/des3_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des3_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/des3_rand2key.c
  *
diff --git a/src/lib/crypto/krb/rand2key/des_rand2key.c b/src/lib/crypto/krb/rand2key/des_rand2key.c
index 1485965..e5cdded 100644
--- a/src/lib/crypto/krb/rand2key/des_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/des_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/des_rand2key.c
  *
@@ -32,9 +33,9 @@ krb5_error_code
 krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key)
 {
     if (key->length != KRB5_MIT_DES_KEYSIZE)
-    return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if (randombits->length != 7)
-    return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     key->magic = KV5M_KEYBLOCK;
 
@@ -43,9 +44,9 @@ krb5int_des_make_key(const krb5_data *randombits, krb5_keyblock *key)
 
     memcpy(key->contents, randombits->data, randombits->length);
     key->contents[7] = (((key->contents[0]&1)<<1) | ((key->contents[1]&1)<<2) |
-            ((key->contents[2]&1)<<3) | ((key->contents[3]&1)<<4) |
-            ((key->contents[4]&1)<<5) | ((key->contents[5]&1)<<6) |
-            ((key->contents[6]&1)<<7));
+                        ((key->contents[2]&1)<<3) | ((key->contents[3]&1)<<4) |
+                        ((key->contents[4]&1)<<5) | ((key->contents[5]&1)<<6) |
+                        ((key->contents[6]&1)<<7));
 
     mit_des_fixup_key_parity(key->contents);
 
diff --git a/src/lib/crypto/krb/rand2key/rand2key.h b/src/lib/crypto/krb/rand2key/rand2key.h
index 01208f6..321c452 100644
--- a/src/lib/crypto/krb/rand2key/rand2key.h
+++ b/src/lib/crypto/krb/rand2key/rand2key.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 
 
diff --git a/src/lib/crypto/krb/rand2key/rc4_rand2key.c b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
index d498f05..2e2ddaa 100644
--- a/src/lib/crypto/krb/rand2key/rc4_rand2key.c
+++ b/src/lib/crypto/krb/rand2key/rc4_rand2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/krb/rand2key/rc4_rand2key.c
  *
diff --git a/src/lib/crypto/krb/random_to_key.c b/src/lib/crypto/krb/random_to_key.c
index f94229a..8b37374 100644
--- a/src/lib/crypto/krb/random_to_key.c
+++ b/src/lib/crypto/krb/random_to_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (c) 2006
  * The Regents of the University of Michigan
@@ -38,27 +39,27 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_random_to_key(krb5_context context, krb5_enctype enctype,
-		     krb5_data *random_data, krb5_keyblock *random_key)
+                     krb5_data *random_data, krb5_keyblock *random_key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
     const struct krb5_enc_provider *enc;
 
     if (random_data == NULL || random_key == NULL ||
-	random_key->contents == NULL)
-	return EINVAL;
+        random_key->contents == NULL)
+        return EINVAL;
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     enc = ktp->enc;
 
     if (random_key->length != enc->keylength)
-	return KRB5_BAD_KEYSIZE;
+        return KRB5_BAD_KEYSIZE;
 
     ret = (*enc->make_key)(random_data, random_key);
     if (ret)
-	memset(random_key->contents, 0, random_key->length);
+        memset(random_key->contents, 0, random_key->length);
 
     return ret;
 }
diff --git a/src/lib/crypto/krb/raw/Makefile.in b/src/lib/crypto/krb/raw/Makefile.in
index f52cb24..147b1d5 100644
--- a/src/lib/crypto/krb/raw/Makefile.in
+++ b/src/lib/crypto/krb/raw/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/raw
 mydir=lib/crypto/krb/raw
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../@CRYPTO_IMPL@
@@ -12,13 +10,13 @@ DEFS=
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf
+RUN_SETUP = @KRB5_RUN_ENV@ KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf
 
-STLIBOBJS= raw_decrypt.o raw_encrypt.o raw_aead.o
+STLIBOBJS= raw_aead.o
 
-OBJS= $(OUTPRE)raw_decrypt.$(OBJEXT) $(OUTPRE)raw_encrypt.$(OBJEXT) $(OUTPRE)raw_aead.$(OBJEXT)
+OBJS= $(OUTPRE)raw_aead.$(OBJEXT)
 
-SRCS= $(srcdir)/raw_decrypt.c $(srcdir)/raw_encrypt.c $(srcdir)/raw_aead.c
+SRCS= $(srcdir)/raw_aead.c
 
 ##DOS##LIBOBJS = $(OBJS)
 
diff --git a/src/lib/crypto/krb/raw/deps b/src/lib/crypto/krb/raw/deps
index 5b6fef8..654c4c3 100644
--- a/src/lib/crypto/krb/raw/deps
+++ b/src/lib/crypto/krb/raw/deps
@@ -1,37 +1,15 @@
 # 
 # Generated makefile dependencies follow.
 #
-raw_decrypt.so raw_decrypt.po $(OUTPRE)raw_decrypt.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  raw.h raw_decrypt.c
-raw_encrypt.so raw_encrypt.po $(OUTPRE)raw_encrypt.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  raw.h raw_encrypt.c
 raw_aead.so raw_aead.po $(OUTPRE)raw_aead.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h raw.h \
-  raw_aead.c
+  $(COM_ERR_DEPS) $(srcdir)/../aead.h $(srcdir)/../cksumtypes.h \
+  $(srcdir)/../etypes.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h raw.h raw_aead.c
diff --git a/src/lib/crypto/krb/raw/raw.h b/src/lib/crypto/krb/raw/raw.h
index d5575e1..ee54d58 100644
--- a/src/lib/crypto/krb/raw/raw.h
+++ b/src/lib/crypto/krb/raw/raw.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -25,24 +26,18 @@
  */
 
 #include "k5-int.h"
+#include "etypes.h"
 
-void krb5_raw_encrypt_length
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		size_t input, size_t *length);
+unsigned int
+krb5int_raw_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type);
 
-krb5_error_code krb5int_raw_encrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *output);
+krb5_error_code
+krb5int_raw_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data);
 
-krb5_error_code krb5int_raw_decrypt
-(const struct krb5_enc_provider *enc,
-		const struct krb5_hash_provider *hash,
-		krb5_key key, krb5_keyusage usage,
-		const krb5_data *ivec, const krb5_data *input,
-		krb5_data *arg_output);
-
-extern const struct krb5_aead_provider krb5int_aead_raw;
+krb5_error_code
+krb5int_raw_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data);
diff --git a/src/lib/crypto/krb/raw/raw_aead.c b/src/lib/crypto/krb/raw/raw_aead.c
index f15e486..75f2324 100644
--- a/src/lib/crypto/krb/raw/raw_aead.c
+++ b/src/lib/crypto/krb/raw/raw_aead.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/raw/raw_aead.c
  *
@@ -29,135 +30,83 @@
 #include "raw.h"
 #include "aead.h"
 
-/* AEAD */
-
-static krb5_error_code
-krb5int_raw_crypto_length(const struct krb5_aead_provider *aead,
-			  const struct krb5_enc_provider *enc,
-			  const struct krb5_hash_provider *hash,
-			  krb5_cryptotype type,
-			  unsigned int *length)
+unsigned int
+krb5int_raw_crypto_length(const struct krb5_keytypes *ktp,
+                          krb5_cryptotype type)
 {
     switch (type) {
     case KRB5_CRYPTO_TYPE_PADDING:
-	*length = enc->block_size;
-	break;
+        return ktp->enc->block_size;
     default:
-	*length = 0;
-	break;
+        return 0;
     }
-
-    return 0;
 }
 
-static krb5_error_code
-krb5int_raw_encrypt_iov(const struct krb5_aead_provider *aead,
-			const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			krb5_key key,
-			krb5_keyusage usage,
-			const krb5_data *ivec,
-			krb5_crypto_iov *data,
-			size_t num_data)
+krb5_error_code
+krb5int_raw_encrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-    krb5_error_code ret;
     krb5_crypto_iov *padding;
     size_t i;
-    unsigned int blocksize = 0;
-    unsigned int plainlen = 0;
-    unsigned int padsize = 0;
+    unsigned int blocksize, plainlen = 0, padsize = 0;
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
-    if (ret != 0)
-	return ret;
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
 
     for (i = 0; i < num_data; i++) {
-	krb5_crypto_iov *iov = &data[i];
+        krb5_crypto_iov *iov = &data[i];
 
-	if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
-	    plainlen += iov->data.length;
+        if (iov->flags == KRB5_CRYPTO_TYPE_DATA)
+            plainlen += iov->data.length;
     }
 
     if (blocksize != 0) {
-	/* Check that the input data is correctly padded */
-	if (plainlen % blocksize)
-	    padsize = blocksize - (plainlen % blocksize);
+        /* Check that the input data is correctly padded */
+        if (plainlen % blocksize)
+            padsize = blocksize - (plainlen % blocksize);
     }
 
     padding = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_PADDING);
     if (padsize && (padding == NULL || padding->data.length < padsize))
-	return KRB5_BAD_MSIZE;
+        return KRB5_BAD_MSIZE;
 
     if (padding != NULL) {
-	memset(padding->data.data, 0, padsize);
-	padding->data.length = padsize;
+        memset(padding->data.data, 0, padsize);
+        padding->data.length = padsize;
     }
 
-    assert(enc->encrypt_iov != NULL);
-
-    ret = enc->encrypt_iov(key, ivec, data, num_data); /* will update ivec */
-
-    return ret;
+    return ktp->enc->encrypt(key, ivec, data, num_data);
 }
 
-static krb5_error_code
-krb5int_raw_decrypt_iov(const struct krb5_aead_provider *aead,
-			const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			krb5_key key,
-			krb5_keyusage usage,
-			const krb5_data *ivec,
-			krb5_crypto_iov *data,
-			size_t num_data)
+krb5_error_code
+krb5int_raw_decrypt(const struct krb5_keytypes *ktp, krb5_key key,
+                    krb5_keyusage usage, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
-    krb5_error_code ret;
     size_t i;
-    unsigned int blocksize = 0; /* careful, this is enc block size not confounder len */
+    unsigned int blocksize = 0; /* enc block size, not confounder len */
     unsigned int cipherlen = 0;
 
-    if (krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_STREAM) != NULL) {
-	return krb5int_c_iov_decrypt_stream(aead, enc, hash, key,
-					    usage, ivec, data, num_data);
-    }
-
-
     /* E(Confounder | Plaintext | Pad) | Checksum */
 
-    ret = aead->crypto_length(aead, enc, hash, KRB5_CRYPTO_TYPE_PADDING, &blocksize);
-    if (ret != 0)
-	return ret;
+    blocksize = ktp->crypto_length(ktp, KRB5_CRYPTO_TYPE_PADDING);
 
     for (i = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
+        const krb5_crypto_iov *iov = &data[i];
 
-	if (ENCRYPT_DATA_IOV(iov))
-	    cipherlen += iov->data.length;
+        if (ENCRYPT_DATA_IOV(iov))
+            cipherlen += iov->data.length;
     }
 
     if (blocksize == 0) {
-	/* Check for correct input length in CTS mode */
-	if (enc->block_size != 0 && cipherlen < enc->block_size)
-	    return KRB5_BAD_MSIZE;
+        /* Check for correct input length in CTS mode */
+        if (ktp->enc->block_size != 0 && cipherlen < ktp->enc->block_size)
+            return KRB5_BAD_MSIZE;
     } else {
-	/* Check that the input data is correctly padded */
-	if ((cipherlen % blocksize) != 0)
-	    return KRB5_BAD_MSIZE;
+        /* Check that the input data is correctly padded */
+        if (cipherlen % blocksize != 0)
+            return KRB5_BAD_MSIZE;
     }
 
-    /* Validate header and trailer lengths */
-
-    /* derive the keys */
-
-    /* decrypt the plaintext (header | data | padding) */
-    assert(enc->decrypt_iov != NULL);
-
-    ret = enc->decrypt_iov(key, ivec, data, num_data); /* will update ivec */
-
-    return ret;
+    return ktp->enc->decrypt(key, ivec, data, num_data);
 }
-
-const struct krb5_aead_provider krb5int_aead_raw = {
-    krb5int_raw_crypto_length,
-    krb5int_raw_encrypt_iov,
-    krb5int_raw_decrypt_iov
-};
diff --git a/src/lib/crypto/krb/raw/raw_decrypt.c b/src/lib/crypto/krb/raw/raw_decrypt.c
deleted file mode 100644
index 34598bb..0000000
--- a/src/lib/crypto/krb/raw/raw_decrypt.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "raw.h"
-
-krb5_error_code
-krb5int_raw_decrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key, krb5_keyusage usage,
-		 const krb5_data *ivec, const krb5_data *input,
-		 krb5_data *output)
-{
-    return((*(enc->decrypt))(key, ivec, input, output));
-}
diff --git a/src/lib/crypto/krb/raw/raw_encrypt.c b/src/lib/crypto/krb/raw/raw_encrypt.c
deleted file mode 100644
index 6e8516c..0000000
--- a/src/lib/crypto/krb/raw/raw_encrypt.c
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 1998 by the FundsXpress, INC.
- *
- * All rights reserved.
- *
- * Export of this software from the United States of America may require
- * a specific license from the United States Government.  It is the
- * responsibility of any person or organization contemplating export to
- * obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of FundsXpress. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  FundsXpress makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- */
-
-#include "k5-int.h"
-#include "raw.h"
-
-void
-krb5_raw_encrypt_length(const struct krb5_enc_provider *enc,
-			const struct krb5_hash_provider *hash,
-			size_t inputlen, size_t *length)
-{
-    size_t blocksize;
-
-    blocksize = enc->block_size;
-
-    *length = krb5_roundup(inputlen, blocksize);
-}
-
-krb5_error_code
-krb5int_raw_encrypt(const struct krb5_enc_provider *enc,
-		 const struct krb5_hash_provider *hash,
-		 krb5_key key, krb5_keyusage usage,
-		 const krb5_data *ivec, const krb5_data *input,
-		 krb5_data *output)
-{
-    return((*(enc->encrypt))(key, ivec, input, output));
-}
diff --git a/src/lib/crypto/krb/state.c b/src/lib/crypto/krb/state.c
index 12638a4..ef0b2b6 100644
--- a/src/lib/crypto/krb/state.c
+++ b/src/lib/crypto/krb/state.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/state.c
  *
@@ -37,24 +38,24 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_init_state (krb5_context context, const krb5_keyblock *key,
-		   krb5_keyusage keyusage, krb5_data *new_state)
+                   krb5_keyusage keyusage, krb5_data *new_state)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     return ktp->enc->init_state(key, keyusage, new_state);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_free_state(krb5_context context, const krb5_keyblock *key,
-		  krb5_data *state)
+                  krb5_data *state)
 {
     const struct krb5_keytypes *ktp;
 
     ktp = find_enctype(key->enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     return ktp->enc->free_state(state);
 }
diff --git a/src/lib/crypto/krb/string_to_cksumtype.c b/src/lib/crypto/krb/string_to_cksumtype.c
index ae5da6d..b130b6c 100644
--- a/src/lib/crypto/krb/string_to_cksumtype.c
+++ b/src/lib/crypto/krb/string_to_cksumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -35,21 +36,21 @@ krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
     const struct krb5_cksumtypes *ctp;
 
     for (i=0; i<krb5int_cksumtypes_length; i++) {
-	ctp = &krb5int_cksumtypes_list[i];
-	if (strcasecmp(ctp->name, string) == 0) {
-	    *cksumtypep = ctp->ctype;
-	    return 0;
-	}
+        ctp = &krb5int_cksumtypes_list[i];
+        if (strcasecmp(ctp->name, string) == 0) {
+            *cksumtypep = ctp->ctype;
+            return 0;
+        }
 #define MAX_ALIASES (sizeof(ctp->aliases) / sizeof(ctp->aliases[0]))
-	for (j = 0; j < MAX_ALIASES; j++) {
-	    alias = ctp->aliases[j];
-	    if (alias == NULL)
-		break;
-	    if (strcasecmp(alias, string) == 0) {
-		*cksumtypep = ctp->ctype;
-		return 0;
-	    }
-	}
+        for (j = 0; j < MAX_ALIASES; j++) {
+            alias = ctp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *cksumtypep = ctp->ctype;
+                return 0;
+            }
+        }
     }
 
     return EINVAL;
diff --git a/src/lib/crypto/krb/string_to_enctype.c b/src/lib/crypto/krb/string_to_enctype.c
index 159c36b..25091fe 100644
--- a/src/lib/crypto/krb/string_to_enctype.c
+++ b/src/lib/crypto/krb/string_to_enctype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -36,21 +37,21 @@ krb5_string_to_enctype(char *string, krb5_enctype *enctypep)
     const struct krb5_keytypes *ktp;
 
     for (i = 0; i < krb5int_enctypes_length; i++) {
-	ktp = &krb5int_enctypes_list[i];
-	if (strcasecmp(ktp->name, string) == 0) {
-	    *enctypep = ktp->etype;
-	    return 0;
-	}
+        ktp = &krb5int_enctypes_list[i];
+        if (strcasecmp(ktp->name, string) == 0) {
+            *enctypep = ktp->etype;
+            return 0;
+        }
 #define MAX_ALIASES (sizeof(ktp->aliases) / sizeof(ktp->aliases[0]))
-	for (j = 0; j < MAX_ALIASES; j++) {
-	    alias = ktp->aliases[j];
-	    if (alias == NULL)
-		break;
-	    if (strcasecmp(alias, string) == 0) {
-		*enctypep = ktp->etype;
-		return 0;
-	    }
-	}
+        for (j = 0; j < MAX_ALIASES; j++) {
+            alias = ktp->aliases[j];
+            if (alias == NULL)
+                break;
+            if (strcasecmp(alias, string) == 0) {
+                *enctypep = ktp->etype;
+                return 0;
+            }
+        }
     }
 
     return EINVAL;
diff --git a/src/lib/crypto/krb/string_to_key.c b/src/lib/crypto/krb/string_to_key.c
index e81568b..3569404 100644
--- a/src/lib/crypto/krb/string_to_key.c
+++ b/src/lib/crypto/krb/string_to_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,27 +30,27 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key_with_params(krb5_context context,
-				 krb5_enctype enctype,
-				 const krb5_data *string,
-				 const krb5_data *salt,
-				 const krb5_data *params,
-				 krb5_keyblock *key);
+                                 krb5_enctype enctype,
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params,
+                                 krb5_keyblock *key);
 
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key(krb5_context context, krb5_enctype enctype,
-		     const krb5_data *string, const krb5_data *salt,
-		     krb5_keyblock *key)
+                     const krb5_data *string, const krb5_data *salt,
+                     krb5_keyblock *key)
 {
     return krb5_c_string_to_key_with_params(context, enctype, string, salt,
-					    NULL, key);
+                                            NULL, key);
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
-				 const krb5_data *string,
-				 const krb5_data *salt,
-				 const krb5_data *params, krb5_keyblock *key)
+                                 const krb5_data *string,
+                                 const krb5_data *salt,
+                                 const krb5_data *params, krb5_keyblock *key)
 {
     krb5_error_code ret;
     const struct krb5_keytypes *ktp;
@@ -57,7 +58,7 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
 
     ktp = find_enctype(enctype);
     if (ktp == NULL)
-	return KRB5_BAD_ENCTYPE;
+        return KRB5_BAD_ENCTYPE;
     keylength = ktp->enc->keylength;
 
     /*
@@ -66,29 +67,29 @@ krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype,
      * deal with this.  Using s2kparams would be a much better solution.
      */
     if (salt && salt->length == SALT_TYPE_AFS_LENGTH) {
-	switch (enctype) {
-	case ENCTYPE_DES_CBC_CRC:
-	case ENCTYPE_DES_CBC_MD4:
-	case ENCTYPE_DES_CBC_MD5:
-	    break;
-	default:
-	    return KRB5_CRYPTO_INTERNAL;
-	}
+        switch (enctype) {
+        case ENCTYPE_DES_CBC_CRC:
+        case ENCTYPE_DES_CBC_MD4:
+        case ENCTYPE_DES_CBC_MD5:
+            break;
+        default:
+            return KRB5_CRYPTO_INTERNAL;
+        }
     }
 
     key->contents = malloc(keylength);
     if (key->contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     key->magic = KV5M_KEYBLOCK;
     key->enctype = enctype;
     key->length = keylength;
 
-    ret = (*ktp->str2key)(ktp->enc, string, salt, params, key);
+    ret = (*ktp->str2key)(ktp, string, salt, params, key);
     if (ret) {
-	zapfree(key->contents, keylength);
-	key->length = 0;
-	key->contents = NULL;
+        zapfree(key->contents, keylength);
+        key->length = 0;
+        key->contents = NULL;
     }
 
     return ret;
diff --git a/src/lib/crypto/krb/valid_cksumtype.c b/src/lib/crypto/krb/valid_cksumtype.c
index 2b1e722..07b84fe 100644
--- a/src/lib/crypto/krb/valid_cksumtype.c
+++ b/src/lib/crypto/krb/valid_cksumtype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -30,12 +31,10 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_valid_cksumtype(krb5_cksumtype ctype)
 {
-    unsigned int i;
+    const struct krb5_cksumtypes *ctp;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == ctype)
-	    return TRUE;
-    }
-
-    return FALSE;
+    ctp = find_cksumtype(ctype);
+    if (ctp == NULL)
+        return FALSE;
+    return TRUE;
 }
diff --git a/src/lib/crypto/krb/valid_enctype.c b/src/lib/crypto/krb/valid_enctype.c
index e6fcb2e..0957219 100644
--- a/src/lib/crypto/krb/valid_enctype.c
+++ b/src/lib/crypto/krb/valid_enctype.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/krb/verify_checksum.c b/src/lib/crypto/krb/verify_checksum.c
index a4869eb..cb19c23 100644
--- a/src/lib/crypto/krb/verify_checksum.c
+++ b/src/lib/crypto/krb/verify_checksum.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -29,62 +30,42 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_verify_checksum(krb5_context context, krb5_key key,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
-    unsigned int i;
     const struct krb5_cksumtypes *ctp;
-    const struct krb5_keyhash_provider *keyhash;
-    size_t hashsize;
+    krb5_crypto_iov iov;
     krb5_error_code ret;
-    krb5_data indata;
+    krb5_data cksum_data;
     krb5_checksum computed;
 
-    for (i=0; i<krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == cksum->checksum_type)
-	    break;
-    }
-    if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
-    ctp = &krb5int_cksumtypes_list[i];
-
-    indata.length = cksum->length;
-    indata.data = (char *) cksum->contents;
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = *data;
 
-    /* If there's actually a verify function, call it. */
-    if (ctp->keyhash) {
-	keyhash = ctp->keyhash;
+    ctp = find_cksumtype(cksum->checksum_type);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
 
-	if (keyhash->verify == NULL && keyhash->verify_iov != NULL) {
-	    krb5_crypto_iov iov[1];
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
 
-	    iov[0].flags = KRB5_CRYPTO_TYPE_DATA;
-	    iov[0].data.data = data->data;
-	    iov[0].data.length = data->length;
-
-	    return (*keyhash->verify_iov)(key, usage, 0, iov, 1, &indata,
-					  valid);
-	} else if (keyhash->verify != NULL) {
-	    return (*keyhash->verify)(key, usage, 0, data, &indata, valid);
-	}
-    }
+    /* If there's actually a verify function, call it. */
+    cksum_data = make_data(cksum->contents, cksum->length);
+    if (ctp->verify != NULL)
+        return ctp->verify(ctp, key, usage, &iov, 1, &cksum_data, valid);
 
     /* Otherwise, make the checksum again, and compare. */
-    ret = krb5_c_checksum_length(context, cksum->checksum_type, &hashsize);
-    if (ret)
-	return ret;
-
-    if (cksum->length != hashsize)
-	return KRB5_BAD_MSIZE;
-
-    computed.length = hashsize;
+    if (cksum->length != ctp->output_size)
+        return KRB5_BAD_MSIZE;
 
     ret = krb5_k_make_checksum(context, cksum->checksum_type, key, usage,
-			       data, &computed);
+                               data, &computed);
     if (ret)
-	return ret;
+        return ret;
 
-    *valid = (memcmp(computed.contents, cksum->contents, hashsize) == 0);
+    *valid = (memcmp(computed.contents, cksum->contents,
+                     ctp->output_size) == 0);
 
     free(computed.contents);
     return 0;
@@ -92,16 +73,16 @@ krb5_k_verify_checksum(krb5_context context, krb5_key key,
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *keyblock,
-		       krb5_keyusage usage, const krb5_data *data,
-		       const krb5_checksum *cksum, krb5_boolean *valid)
+                       krb5_keyusage usage, const krb5_data *data,
+                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
     krb5_key key = NULL;
     krb5_error_code ret;
 
     if (keyblock != NULL) {
-	ret = krb5_k_create_key(context, keyblock, &key);
-	if (ret != 0)
-	    return ret;
+        ret = krb5_k_create_key(context, keyblock, &key);
+        if (ret != 0)
+            return ret;
     }
     ret = krb5_k_verify_checksum(context, key, usage, data, cksum, valid);
     krb5_k_free_key(context, key);
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index cbac1db..0934ae5 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/verify_checksum_iov.c
  *
@@ -30,88 +31,68 @@
 
 krb5_error_code KRB5_CALLCONV
 krb5_k_verify_checksum_iov(krb5_context context,
-			   krb5_cksumtype checksum_type,
-			   krb5_key key,
-			   krb5_keyusage usage,
-			   const krb5_crypto_iov *data,
-			   size_t num_data,
-			   krb5_boolean *valid)
+                           krb5_cksumtype checksum_type,
+                           krb5_key key,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
 {
-    unsigned int i;
     const struct krb5_cksumtypes *ctp;
-    size_t cksumlen;
     krb5_error_code ret;
     krb5_data computed;
     krb5_crypto_iov *checksum;
 
-    for (i = 0; i < krb5int_cksumtypes_length; i++) {
-	if (krb5int_cksumtypes_list[i].ctype == checksum_type)
-	    break;
-    }
-    if (i == krb5int_cksumtypes_length)
-	return KRB5_BAD_ENCTYPE;
-    ctp = &krb5int_cksumtypes_list[i];
+    ctp = find_cksumtype(checksum_type);
+    if (ctp == NULL)
+        return KRB5_BAD_ENCTYPE;
+
+    ret = verify_key(ctp, key);
+    if (ret != 0)
+        return ret;
 
     checksum = krb5int_c_locate_iov((krb5_crypto_iov *)data, num_data,
-				    KRB5_CRYPTO_TYPE_CHECKSUM);
-    if (checksum == NULL)
-	return(KRB5_BAD_MSIZE);
+                                    KRB5_CRYPTO_TYPE_CHECKSUM);
+    if (checksum == NULL || checksum->data.length != ctp->output_size)
+        return KRB5_BAD_MSIZE;
 
     /* If there's actually a verify function, call it. */
-    if (ctp->keyhash && ctp->keyhash->verify_iov) {
-	return (*ctp->keyhash->verify_iov)(key, usage, 0, data, num_data,
-					   &checksum->data, valid);
+    if (ctp->verify != NULL) {
+        return ctp->verify(ctp, key, usage, data, num_data, &checksum->data,
+                           valid);
     }
 
-    /* Otherwise, make the checksum again, and compare. */
-    if (ctp->keyhash != NULL)
-	computed.length = ctp->keyhash->hashsize;
-    else
-	computed.length = ctp->hash->hashsize;
-
-    if (ctp->trunc_size != 0)
-	cksumlen = ctp->trunc_size;
-    else
-	cksumlen = computed.length;
-
-    if (checksum->data.length != cksumlen)
-	return KRB5_BAD_MSIZE;
-
-    computed.data = malloc(computed.length);
-    if (computed.data == NULL)
-	return ENOMEM;
+    ret = alloc_data(&computed, ctp->compute_size);
+    if (ret != 0)
+        return ret;
 
-    ret = krb5int_c_make_checksum_iov(&krb5int_cksumtypes_list[i], key, usage,
-				      data, num_data, &computed);
-    if (ret) {
-	free(computed.data);
-	return ret;
+    ret = ctp->checksum(ctp, key, usage, data, num_data, &computed);
+    if (ret == 0) {
+        *valid = (memcmp(computed.data, checksum->data.data,
+                         ctp->output_size) == 0);
     }
 
-    *valid = (computed.length == cksumlen) &&
-	     (memcmp(computed.data, checksum->data.data, cksumlen) == 0);
-
-    free(computed.data);
-    return 0;
+    zapfree(computed.data, ctp->compute_size);
+    return ret;
 }
 
 krb5_error_code KRB5_CALLCONV
 krb5_c_verify_checksum_iov(krb5_context context,
-			   krb5_cksumtype checksum_type,
-			   const krb5_keyblock *keyblock,
-			   krb5_keyusage usage,
-			   const krb5_crypto_iov *data,
-			   size_t num_data,
-			   krb5_boolean *valid)
+                           krb5_cksumtype checksum_type,
+                           const krb5_keyblock *keyblock,
+                           krb5_keyusage usage,
+                           const krb5_crypto_iov *data,
+                           size_t num_data,
+                           krb5_boolean *valid)
 {
     krb5_key key;
     krb5_error_code ret;
 
     ret = krb5_k_create_key(context, keyblock, &key);
     if (ret != 0)
-	return ret;
+        return ret;
     ret = krb5_k_verify_checksum_iov(context, checksum_type, key, usage, data,
-				     num_data, valid);
+                                     num_data, valid);
     krb5_k_free_key(context, key);
     return ret;
 }
diff --git a/src/lib/crypto/krb/yarrow/Makefile.in b/src/lib/crypto/krb/yarrow/Makefile.in
index 0a3c1e7..55ae16c 100644
--- a/src/lib/crypto/krb/yarrow/Makefile.in
+++ b/src/lib/crypto/krb/yarrow/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/krb/yarrow
 mydir=lib/crypto/krb/yarrow
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. \
diff --git a/src/lib/crypto/krb/yarrow/deps b/src/lib/crypto/krb/yarrow/deps
index d9807fc..9387393 100644
--- a/src/lib/crypto/krb/yarrow/deps
+++ b/src/lib/crypto/krb/yarrow/deps
@@ -3,25 +3,25 @@
 #
 yarrow.so yarrow.po $(OUTPRE)yarrow.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../builtin/sha1/shs.h \
-  $(srcdir)/../../builtin/yhash.h yarrow.c yarrow.h ycipher.h \
-  yexcep.h ylock.h ystate.h ytypes.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/sha1/shs.h \
+  $(srcdir)/../../builtin/yhash.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h yarrow.c yarrow.h \
+  ycipher.h yexcep.h ylock.h ystate.h ytypes.h
 ycipher.so ycipher.po $(OUTPRE)ycipher.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../../builtin/enc_provider/enc_provider.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../builtin/enc_provider/enc_provider.h \
   $(srcdir)/../../builtin/sha1/shs.h $(srcdir)/../../builtin/yhash.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   yarrow.h ycipher.c ycipher.h ytypes.h
diff --git a/src/lib/crypto/krb/yarrow/yarrow.c b/src/lib/crypto/krb/yarrow/yarrow.c
index 66a5fe4..0695cd3 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.c
+++ b/src/lib/crypto/krb/yarrow/yarrow.c
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 /*
  * Yarrow - Cryptographic Pseudo-Random Number Generator
@@ -106,11 +106,11 @@ static void krb5int_yarrow_init_Limits(Yarrow_CTX* y)
     limit = min(tmp1, tmp2);
     if (limit < COUNTER_MAX)
     {
-	y->gates_limit = limit;
+        y->gates_limit = limit;
     }
     else
     {
-	y->gates_limit = COUNTER_MAX;
+        y->gates_limit = COUNTER_MAX;
     }
 }
 
@@ -122,8 +122,8 @@ static int yarrow_reseed_locked( Yarrow_CTX* y, int pool );
 
 static int
 yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
-		     const void *sample,
-		     size_t size, size_t entropy_bits );
+                     const void *sample,
+                     size_t size, size_t entropy_bits );
 
 static int Yarrow_detect_fork(Yarrow_CTX *y)
 {
@@ -132,21 +132,21 @@ static int Yarrow_detect_fork(Yarrow_CTX *y)
 
     /* this does not work for multi-threaded apps if threads have different
      * pids */
-       newpid = getpid();
+    newpid = getpid();
     if ( y->pid != newpid )
     {
-	/* we input the pid twice, so it will get into the fast pool at least once
-	 * Then we reseed.  This doesn't really increase entropy, but does make the
-	 * streams distinct assuming we already have good entropy*/
-	y->pid = newpid;
-	TRY (yarrow_input_locked (y, 0, &newpid,
-				  sizeof (newpid), 0));
-	TRY (yarrow_input_locked (y, 0, &newpid,
-				  sizeof (newpid), 0));
-	TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
+        /* we input the pid twice, so it will get into the fast pool at least once
+         * Then we reseed.  This doesn't really increase entropy, but does make the
+         * streams distinct assuming we already have good entropy*/
+        y->pid = newpid;
+        TRY (yarrow_input_locked (y, 0, &newpid,
+                                  sizeof (newpid), 0));
+        TRY (yarrow_input_locked (y, 0, &newpid,
+                                  sizeof (newpid), 0));
+        TRY (yarrow_reseed_locked (y, YARROW_FAST_POOL));
     }
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -215,41 +215,41 @@ int krb5int_yarrow_init(Yarrow_CTX* y, const char *filename)
 #if defined( YARROW_SAVE_STATE )
     if ( y->entropyfile != NULL )
     {
-	int ret = Yarrow_Load_State( y );
-	if ( ret != YARROW_OK && ret != YARROW_NO_STATE )
-	{
-	    THROW( ret );
-	}
-
-	/*  if load suceeded then write new state back immediately
-	 */
-
-	/*  Also check that it's not already saved, because the reseed in
-	 *  Yarrow_Load_State may trigger a save
-	 */
-
-	if ( ret == YARROW_OK && !y->saved )
-	{
-	    TRY( Yarrow_Save_State( y ) );
-	}
+        int ret = Yarrow_Load_State( y );
+        if ( ret != YARROW_OK && ret != YARROW_NO_STATE )
+        {
+            THROW( ret );
+        }
+
+        /*  if load suceeded then write new state back immediately
+         */
+
+        /*  Also check that it's not already saved, because the reseed in
+         *  Yarrow_Load_State may trigger a save
+         */
+
+        if ( ret == YARROW_OK && !y->saved )
+        {
+            TRY( Yarrow_Save_State( y ) );
+        }
     }
 #endif
 
     if ( !y->seeded )
     {
-	THROW( YARROW_NOT_SEEDED );
+        THROW( YARROW_NOT_SEEDED );
     }
 
- CATCH:
+CATCH:
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }
 
 static
 int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
-				const void* sample,
-				size_t size, size_t entropy_bits,
-				int do_lock )
+                                const void* sample,
+                                size_t size, size_t entropy_bits,
+                                int do_lock )
 {
     EXCEP_DECL;
     int ret;
@@ -259,8 +259,8 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     size_t estimate;
 
     if (do_lock) {
-	    TRY( LOCK() );
-	    locked = 1;
+        TRY( LOCK() );
+        locked = 1;
     }
     k5_assert_locked(&krb5int_yarrow_lock);
 
@@ -272,7 +272,7 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
 
     if(source->pool != YARROW_FAST_POOL && source->pool != YARROW_SLOW_POOL)
     {
-	THROW( YARROW_BAD_SOURCE );
+        THROW( YARROW_BAD_SOURCE );
     }
 
     /* hash in the sample */
@@ -282,78 +282,78 @@ int yarrow_input_maybe_locking( Yarrow_CTX* y, unsigned source_id,
     /* only update entropy estimate if pool is not full */
 
     if ( (source->pool == YARROW_FAST_POOL &&
-	  source->entropy[source->pool] < y->fast_thresh) ||
-	 (source->pool == YARROW_SLOW_POOL &&
-	  source->entropy[source->pool] < y->slow_thresh) )
+          source->entropy[source->pool] < y->fast_thresh) ||
+         (source->pool == YARROW_SLOW_POOL &&
+          source->entropy[source->pool] < y->slow_thresh) )
     {
-	new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER);
-	if (source->estimator)
-	{
-	    estimate = source->estimator(sample, size);
-	    new_entropy = min(new_entropy, estimate);
-	}
-	source->entropy[source->pool] += new_entropy;
-	if ( source->entropy[source->pool] > YARROW_POOL_SIZE )
-	{
-	    source->entropy[source->pool] = YARROW_POOL_SIZE;
-	}
-
-	if (source->pool == YARROW_FAST_POOL)
-	{
-	    if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
-	    {
-		ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
-		if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
-		{
-		    THROW( ret );
-		}
-	    }
-	}
-	else
-	{
-	    if (!source->reached_slow_thresh &&
-		source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
-	    {
-		source->reached_slow_thresh = 1;
-		y->slow_k_of_n++;
-		if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
-		{
-		    y->slow_k_of_n = 0;
-		    ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
-		    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
-		    {
-			THROW( ret );
-		    }
-		}
-	    }
-	}
+        new_entropy = min(entropy_bits, size * 8 * YARROW_ENTROPY_MULTIPLIER);
+        if (source->estimator)
+        {
+            estimate = source->estimator(sample, size);
+            new_entropy = min(new_entropy, estimate);
+        }
+        source->entropy[source->pool] += new_entropy;
+        if ( source->entropy[source->pool] > YARROW_POOL_SIZE )
+        {
+            source->entropy[source->pool] = YARROW_POOL_SIZE;
+        }
+
+        if (source->pool == YARROW_FAST_POOL)
+        {
+            if (source->entropy[YARROW_FAST_POOL] >= y->fast_thresh)
+            {
+                ret = yarrow_reseed_locked(y, YARROW_FAST_POOL);
+                if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
+                {
+                    THROW( ret );
+                }
+            }
+        }
+        else
+        {
+            if (!source->reached_slow_thresh &&
+                source->entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
+            {
+                source->reached_slow_thresh = 1;
+                y->slow_k_of_n++;
+                if (y->slow_k_of_n >= y->slow_k_of_n_thresh)
+                {
+                    y->slow_k_of_n = 0;
+                    ret = yarrow_reseed_locked(y, YARROW_SLOW_POOL);
+                    if ( ret != YARROW_OK && ret != YARROW_NOT_SEEDED )
+                    {
+                        THROW( ret );
+                    }
+                }
+            }
+        }
     }
 
     /* put samples in alternate pools */
 
     source->pool = (source->pool + 1) % 2;
 
- CATCH:
+CATCH:
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
 }
 
 YARROW_DLL
 int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
-		  const void* sample,
-		  size_t size, size_t entropy_bits )
+                          const void* sample,
+                          size_t size, size_t entropy_bits )
 {
     return yarrow_input_maybe_locking(y, source_id, sample, size,
-				      entropy_bits, 1);
+                                      entropy_bits, 1);
 }
 
 static int
 yarrow_input_locked( Yarrow_CTX* y, unsigned source_id,
-		     const void *sample,
-		     size_t size, size_t entropy_bits )
+                     const void *sample,
+                     size_t size, size_t entropy_bits )
 {
     return yarrow_input_maybe_locking(y, source_id, sample, size,
-				      entropy_bits, 0);
+                                      entropy_bits, 0);
 }
 
 YARROW_DLL
@@ -370,7 +370,7 @@ int krb5int_yarrow_new_source(Yarrow_CTX* y, unsigned* source_id)
 
     if (y->num_sources + 1 > YARROW_MAX_SOURCES)
     {
-	THROW( YARROW_TOO_MANY_SOURCES );
+        THROW( YARROW_TOO_MANY_SOURCES );
     }
 
     *source_id = y->num_sources;
@@ -390,7 +390,7 @@ CATCH:
 }
 
 int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
-                                     estimator_fn* fptr)
+                                             estimator_fn* fptr)
 {
     EXCEP_DECL;
     Source* source;
@@ -402,7 +402,7 @@ int krb5int_yarrow_register_source_estimator(Yarrow_CTX* y, unsigned source_id,
 
     source->estimator = fptr;
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -419,22 +419,22 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
     y->out_count++;
     if (y->out_count >= y->Pg)
     {
-	y->out_count = 0;
-	TRY( yarrow_gate_locked( y ) );
+        y->out_count = 0;
+        TRY( yarrow_gate_locked( y ) );
 
-	/* require new seed after reaching gates_limit */
+        /* require new seed after reaching gates_limit */
 
-	y->gate_count++;
-	if ( y->gate_count >= y->gates_limit )
-	{
-	    y->gate_count = 0;
+        y->gate_count++;
+        if ( y->gate_count >= y->gates_limit )
+        {
+            y->gate_count = 0;
 
-	    /* not defined whether to do slow or fast reseed */
+            /* not defined whether to do slow or fast reseed */
 
-	    TRACE( printf( "OUTPUT LIMIT REACHED," ); );
+            TRACE( printf( "OUTPUT LIMIT REACHED," ); );
 
-	    TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
-	}
+            TRY( yarrow_reseed_locked( y, YARROW_SLOW_POOL ) );
+        }
     }
 
     /* C <- (C + 1) mod 2^n */
@@ -451,13 +451,13 @@ static int krb5int_yarrow_output_Block( Yarrow_CTX* y, void* out )
     hex_print( stdout, "output: K", y->K, CIPHER_KEY_SIZE );
     hex_print( stdout, "output: O", out, CIPHER_BLOCK_SIZE );
 #endif
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
 YARROW_DLL
 int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
-		   size_t *entropy_bits, size_t *entropy_max )
+                           size_t *entropy_bits, size_t *entropy_max )
 {
     EXCEP_DECL;
     int num = y->slow_k_of_n_thresh;
@@ -476,22 +476,22 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
 
     if (y->seeded)
     {
-	if (num_sources) { *num_sources = 0; }
-	if (entropy_bits) { *entropy_bits = emax; }
-	THROW( YARROW_OK );
+        if (num_sources) { *num_sources = 0; }
+        if (entropy_bits) { *entropy_bits = emax; }
+        THROW( YARROW_OK );
     }
 
     for (i = 0; i < y->num_sources; i++)
     {
-	if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
-	{
-	    num--;
-	}
-	else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy)
-	{
-	    source = i;
-	    entropy = y->source[i].entropy[YARROW_SLOW_POOL];
-	}
+        if (y->source[i].entropy[YARROW_SLOW_POOL] >= y->slow_thresh)
+        {
+            num--;
+        }
+        else if (y->source[i].entropy[YARROW_SLOW_POOL] > entropy)
+        {
+            source = i;
+            entropy = y->source[i].entropy[YARROW_SLOW_POOL];
+        }
     }
 
     if (num_sources) { *num_sources = num; }
@@ -499,7 +499,7 @@ int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
     if (entropy_bits) { *entropy_bits = entropy; }
     THROW( YARROW_NOT_SEEDED );
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -534,28 +534,28 @@ int yarrow_output_locked( Yarrow_CTX* y, void* out, size_t size )
 
     if (y->out_left > 0)
     {
-	use = min(left, y->out_left);
-	mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use);
-	left -= use;
-	y->out_left -= use;
-	outp += use;
+        use = min(left, y->out_left);
+        mem_copy(outp, y->out + CIPHER_BLOCK_SIZE - y->out_left, use);
+        left -= use;
+        y->out_left -= use;
+        outp += use;
     }
 
     for ( ;
-	  left >= CIPHER_BLOCK_SIZE;
-	  left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
+          left >= CIPHER_BLOCK_SIZE;
+          left -= CIPHER_BLOCK_SIZE, outp += CIPHER_BLOCK_SIZE)
     {
-	TRY( krb5int_yarrow_output_Block(y, outp) );
+        TRY( krb5int_yarrow_output_Block(y, outp) );
     }
 
     if (left > 0)
     {
-	TRY( krb5int_yarrow_output_Block(y, y->out) );
-	mem_copy(outp, y->out, left);
-	y->out_left = CIPHER_BLOCK_SIZE - left;
+        TRY( krb5int_yarrow_output_Block(y, y->out) );
+        mem_copy(outp, y->out, left);
+        y->out_left = CIPHER_BLOCK_SIZE - left;
     }
 
- CATCH:
+CATCH:
     EXCEP_RET;
 }
 
@@ -577,7 +577,7 @@ static int yarrow_gate_locked(Yarrow_CTX* y)
 
     TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(new_K, sizeof(new_K));
     EXCEP_RET;
@@ -601,7 +601,7 @@ int krb5int_yarrow_gate(Yarrow_CTX* y)
 
     TRY (krb5int_yarrow_cipher_init(&y->cipher, y->K));
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(new_K, sizeof(new_K));
     EXCEP_RET;
@@ -617,24 +617,24 @@ static int Yarrow_Load_State( Yarrow_CTX *y )
 
     if ( y->entropyfile )
     {
-	TRY( STATE_Load(y->entropyfile, &state) );
-	TRACE( printf( "LOAD STATE," ); );
+        TRY( STATE_Load(y->entropyfile, &state) );
+        TRACE( printf( "LOAD STATE," ); );
 
 #if defined( YARROW_DEBUG )
-	hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
+        hex_print( stderr, "state.load", state.seed, sizeof(state.seed));
 #endif
 
-	/* what to do here is not defined by the Yarrow paper */
-	/* this is a place holder until we get some clarification */
+        /* what to do here is not defined by the Yarrow paper */
+        /* this is a place holder until we get some clarification */
 
-	HASH_Update( &y->pool[YARROW_FAST_POOL],
-		     state.seed, sizeof(state.seed) );
+        HASH_Update( &y->pool[YARROW_FAST_POOL],
+                     state.seed, sizeof(state.seed) );
 
-	Yarrow_Make_Seeded( y );
+        Yarrow_Make_Seeded( y );
 
-	TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) );
+        TRY( krb5int_yarrow_reseed(y, YARROW_FAST_POOL) );
     }
- CATCH:
+CATCH:
     mem_zero(state.seed, sizeof(state.seed));
     EXCEP_RET;
 }
@@ -648,16 +648,16 @@ static int Yarrow_Save_State( Yarrow_CTX *y )
 
     if ( y->entropyfile && y->seeded )
     {
-	TRACE( printf( "SAVE STATE[" ); );
-	TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
-	TRY( STATE_Save(y->entropyfile, &state) );
+        TRACE( printf( "SAVE STATE[" ); );
+        TRY( krb5int_yarrow_output( y, state.seed, sizeof(state.seed) ) );
+        TRY( STATE_Save(y->entropyfile, &state) );
     }
     y->saved = 1;
 # if defined(YARROW_DEBUG)
     hex_print(stdout, "state.save", state.seed, sizeof(state.seed));
 # endif
 
- CATCH:
+CATCH:
     TRACE( printf( "]," ); );
     mem_zero(state.seed, sizeof(state.seed));
     EXCEP_RET;
@@ -683,33 +683,33 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
     slow_pool = &y->pool[YARROW_SLOW_POOL];
     if( pool != YARROW_FAST_POOL && pool != YARROW_SLOW_POOL )
     {
-	THROW( YARROW_BAD_ARG );
+        THROW( YARROW_BAD_ARG );
     }
 
     TRACE( printf( "%s RESEED,",
-		   pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
+                   pool == YARROW_SLOW_POOL ? "SLOW" : "FAST" ); );
 
     if (pool == YARROW_SLOW_POOL)
     {
-	/* SLOW RESEED */
+        /* SLOW RESEED */
 
-	/* feed hash of slow pool into the fast pool */
+        /* feed hash of slow pool into the fast pool */
 
 
-	HASH_Final(slow_pool, digest);
+        HASH_Final(slow_pool, digest);
 
-	/*  Each pool contains the running hash of all inputs fed into it
-	 *  since it was last used to carry out a reseed -- this implies
-	 *  that the pool must be reinitialized after a reseed
-	 */
+        /*  Each pool contains the running hash of all inputs fed into it
+         *  since it was last used to carry out a reseed -- this implies
+         *  that the pool must be reinitialized after a reseed
+         */
 
-	HASH_Init(slow_pool);    /* reinitialize slow pool */
-	HASH_Update(fast_pool, digest, sizeof(digest));
+        HASH_Init(slow_pool);    /* reinitialize slow pool */
+        HASH_Update(fast_pool, digest, sizeof(digest));
 
-	if (y->seeded == 0)
-	{
-	    Yarrow_Make_Seeded( y );
-	}
+        if (y->seeded == 0)
+        {
+            Yarrow_Make_Seeded( y );
+        }
     }
 
     /* step 1. v_0 <- hash of all inputs into fast pool */
@@ -727,14 +727,14 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 
     for ( i = 0; i < y->Pt[pool]; i++ )
     {
-	HASH_Init(&hash);
-	HASH_Update(&hash, v_i, sizeof(v_i));
-	HASH_Update(&hash, v_0, sizeof(v_0));
-	big_endian_int32 = make_big_endian32(0); /* MS word */
-	HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
-	big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */
-	HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
-	HASH_Final(&hash, &v_i);
+        HASH_Init(&hash);
+        HASH_Update(&hash, v_i, sizeof(v_i));
+        HASH_Update(&hash, v_0, sizeof(v_0));
+        big_endian_int32 = make_big_endian32(0); /* MS word */
+        HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
+        big_endian_int32 = make_big_endian32(i & 0xFFFFFFFF); /* LS word */
+        HASH_Update(&hash, &big_endian_int32, sizeof(krb5_ui_4));
+        HASH_Final(&hash, &v_i);
     }
 
     /* step3. K = h'(h(v_Pt|K)) */
@@ -781,15 +781,15 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 
     for (i = 0; i < y->num_sources; i++)
     {
-	y->source[i].entropy[pool] = 0;
-	if (pool == YARROW_SLOW_POOL)
-	{
-    /*   if this is a slow reseed, reset the fast pool entropy
-     *   accumulator also
-     */
-	    y->source[i].entropy[YARROW_FAST_POOL] = 0;
-	    y->source[i].reached_slow_thresh = 0;
-	}
+        y->source[i].entropy[pool] = 0;
+        if (pool == YARROW_SLOW_POOL)
+        {
+            /*   if this is a slow reseed, reset the fast pool entropy
+             *   accumulator also
+             */
+            y->source[i].entropy[YARROW_FAST_POOL] = 0;
+            y->source[i].reached_slow_thresh = 0;
+        }
     }
 
     /*  step 7. If a seed file is in use, the next 2k bits of output
@@ -799,11 +799,11 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 #if defined( YARROW_SAVE_STATE )
     if ( y->seeded && y->entropyfile )
     {
-	TRY( Yarrow_Save_State( y ) );
+        TRY( Yarrow_Save_State( y ) );
     }
 #endif
 
- CATCH:
+CATCH:
     /*   step 6. Wipe the memory of all intermediate values
      *
      */
@@ -817,11 +817,11 @@ static int yarrow_reseed_locked(Yarrow_CTX* y, int pool)
 }
 int krb5int_yarrow_reseed(Yarrow_CTX* y, int pool)
 {
-	int r;
-	LOCK();
-	r = yarrow_reseed_locked(y, pool);
-	UNLOCK();
-	return r;
+    int r;
+    LOCK();
+    r = yarrow_reseed_locked(y, pool);
+    UNLOCK();
+    return r;
 }
 
 int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_size)
@@ -836,7 +836,7 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 
     if (m == NULL || size == 0 || out == NULL || out_size == 0)
     {
-	THROW( YARROW_BAD_ARG );
+        THROW( YARROW_BAD_ARG );
     }
 
     /*
@@ -859,28 +859,28 @@ int krb5int_yarrow_stretch(const byte* m, size_t size, byte* out, size_t out_siz
 
     HASH_Init(&hash);
     for ( ;
-	  left > 0;
-	  left -= HASH_DIGEST_SIZE)
+          left > 0;
+          left -= HASH_DIGEST_SIZE)
     {
-	HASH_Update(&hash, s_i, use);
+        HASH_Update(&hash, s_i, use);
 
-	/* have to save hash state to one side as HASH_final changes state */
+        /* have to save hash state to one side as HASH_final changes state */
 
-	mem_copy(&save, &hash, sizeof(hash));
-	HASH_Final(&hash, digest);
+        mem_copy(&save, &hash, sizeof(hash));
+        HASH_Final(&hash, digest);
 
-	use = min(HASH_DIGEST_SIZE, left);
-	mem_copy(outp, digest, use);
+        use = min(HASH_DIGEST_SIZE, left);
+        mem_copy(outp, digest, use);
 
-	/* put state back for next time */
+        /* put state back for next time */
 
-	mem_copy(&hash, &save, sizeof(hash));
+        mem_copy(&hash, &save, sizeof(hash));
 
-	s_i = outp;            /* retain pointer to s_i */
-	outp += use;
+        s_i = outp;            /* retain pointer to s_i */
+        outp += use;
     }
 
- CATCH:
+CATCH:
     mem_zero(&hash, sizeof(hash));
     mem_zero(digest, sizeof(digest));
 
@@ -894,7 +894,7 @@ static void block_increment(void* block, const int sz)
 
     for (i = sz-1; (++b[i]) == 0 && i > 0; i--)
     {
-	; /* nothing */
+        ; /* nothing */
     }
 }
 
@@ -911,15 +911,15 @@ int krb5int_yarrow_final(Yarrow_CTX* y)
 #if defined( YARROW_SAVE_STATE )
     if ( y->seeded && y->entropyfile )
     {
-	TRY( Yarrow_Save_State( y ) );
+        TRY( Yarrow_Save_State( y ) );
     }
 #endif
 
- CATCH:
+CATCH:
     if ( y )
     {
-	krb5int_yarrow_cipher_final(&y->cipher);
-	mem_zero( y, sizeof(Yarrow_CTX) );
+        krb5int_yarrow_cipher_final(&y->cipher);
+        mem_zero( y, sizeof(Yarrow_CTX) );
     }
     if ( locked ) { TRY( UNLOCK() ); }
     EXCEP_RET;
@@ -930,9 +930,9 @@ const char* krb5int_yarrow_str_error( int err )
 {
     err = 1-err;
     if ( err < 0 ||
-	 (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
+         (unsigned int) err >= sizeof( yarrow_str_error ) / sizeof( char* ) )
     {
-	err = 1-YARROW_FAIL;
+        err = 1-YARROW_FAIL;
     }
     return yarrow_str_error[ err ];
 }
@@ -949,9 +949,9 @@ static void hex_print(FILE* f, const char* var, void* data, size_t size)
     fprintf(f, " = ");
     for (i = 0; i < size; i++)
     {
-	c = conv[(p[i] >> 4) & 0xf];
-	d = conv[p[i] & 0xf];
-	fprintf(f, "%c%c", c, d);
+        c = conv[(p[i] >> 4) & 0xf];
+        d = conv[p[i] & 0xf];
+        fprintf(f, "%c%c", c, d);
     }
     fprintf(f, "\n");
 }
diff --git a/src/lib/crypto/krb/yarrow/yarrow.h b/src/lib/crypto/krb/yarrow/yarrow.h
index 3cf50fd..4f7cd51 100644
--- a/src/lib/crypto/krb/yarrow/yarrow.h
+++ b/src/lib/crypto/krb/yarrow/yarrow.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YARROW_H
 #define YARROW_H
@@ -135,12 +135,12 @@ int krb5int_yarrow_init( Yarrow_CTX* y, const char *filename );
 
 YARROW_DLL
 int krb5int_yarrow_input( Yarrow_CTX* y, unsigned source_id,
-		  const void* sample,
-		  size_t size, size_t entropy_bits );
+                          const void* sample,
+                          size_t size, size_t entropy_bits );
 
 YARROW_DLL
 int krb5int_yarrow_status( Yarrow_CTX* y, int *num_sources, unsigned *source_id,
-		   size_t *entropy_bits, size_t *entropy_max );
+                           size_t *entropy_bits, size_t *entropy_max );
 
 YARROW_DLL
 int krb5int_yarrow_output( Yarrow_CTX* y, void* out, size_t size );
@@ -150,7 +150,7 @@ int krb5int_yarrow_new_source( Yarrow_CTX* y, unsigned* source_id );
 
 YARROW_DLL
 int krb5int_yarrow_register_source_estimator( Yarrow_CTX* y, unsigned source_id,
-				      estimator_fn* fptr );
+                                              estimator_fn* fptr );
 
 YARROW_DLL
 int krb5int_yarrow_stretch( const byte* m, size_t size, byte* out, size_t out_size );
diff --git a/src/lib/crypto/krb/yarrow/ycipher.c b/src/lib/crypto/krb/yarrow/ycipher.c
index 8da7b71..71b89b0 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.c
+++ b/src/lib/crypto/krb/yarrow/ycipher.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/yarrow/ycipher.c
  *
@@ -34,60 +35,54 @@
 #include "assert.h"
 
 int
-krb5int_yarrow_cipher_init
-(CIPHER_CTX *ctx,
- unsigned const char * key)
+krb5int_yarrow_cipher_init(CIPHER_CTX *ctx, unsigned const char * key)
 {
-  size_t keybytes, keylength;
-  const struct krb5_enc_provider *enc = &yarrow_enc_provider;
-  krb5_error_code ret;
-  krb5_data randombits;
-  krb5_keyblock keyblock;
+    size_t keybytes, keylength;
+    const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+    krb5_error_code ret;
+    krb5_data randombits;
+    krb5_keyblock keyblock;
 
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  assert (keybytes == CIPHER_KEY_SIZE);
-  krb5_k_free_key(NULL, ctx->key);
-  ctx->key = NULL;
-  keyblock.contents = malloc(keylength);
-  keyblock.length = keylength;
-  if (keyblock.contents == NULL)
-    return (YARROW_NOMEM);
-  randombits.data = (char *) key;
-  randombits.length = keybytes;
-  ret = enc->make_key(&randombits, &keyblock);
-  if (ret != 0)
-      goto cleanup;
-  ret = krb5_k_create_key(NULL, &keyblock, &ctx->key);
+    keybytes = enc->keybytes;
+    keylength = enc->keylength;
+    assert (keybytes == CIPHER_KEY_SIZE);
+    krb5_k_free_key(NULL, ctx->key);
+    ctx->key = NULL;
+    keyblock.contents = malloc(keylength);
+    keyblock.length = keylength;
+    if (keyblock.contents == NULL)
+        return (YARROW_NOMEM);
+    randombits.data = (char *) key;
+    randombits.length = keybytes;
+    ret = enc->make_key(&randombits, &keyblock);
+    if (ret != 0)
+        goto cleanup;
+    ret = krb5_k_create_key(NULL, &keyblock, &ctx->key);
 cleanup:
-  free(keyblock.contents);
-  if (ret)
-    return YARROW_FAIL;
-  return YARROW_OK;
+    free(keyblock.contents);
+    if (ret)
+        return YARROW_FAIL;
+    return YARROW_OK;
 }
 
-int krb5int_yarrow_cipher_encrypt_block
-(CIPHER_CTX *ctx, const unsigned char *in,
- unsigned char *out)
+int krb5int_yarrow_cipher_encrypt_block(CIPHER_CTX *ctx,
+                                        const unsigned char *in,
+                                        unsigned char *out)
 {
-  krb5_error_code ret;
-  krb5_data ind, outd;
-  const struct krb5_enc_provider *enc = &yarrow_enc_provider;
-  ind.data = (char *) in;
-  ind.length = CIPHER_BLOCK_SIZE;
-  outd.data = (char *) out;
-  outd.length = CIPHER_BLOCK_SIZE;
-  ret = enc->encrypt(ctx->key, 0, &ind, &outd);
-  if (ret)
-    return YARROW_FAIL;
-  return YARROW_OK;
+    krb5_error_code ret;
+    krb5_crypto_iov iov;
+    const struct krb5_enc_provider *enc = &yarrow_enc_provider;
+
+    memcpy(out, in, CIPHER_BLOCK_SIZE);
+    iov.flags = KRB5_CRYPTO_TYPE_DATA;
+    iov.data = make_data(out, CIPHER_BLOCK_SIZE);
+    ret = enc->encrypt(ctx->key, 0, &iov, 1);
+    return (ret == 0) ? YARROW_OK : YARROW_FAIL;
 }
 
 void
-krb5int_yarrow_cipher_final
-(CIPHER_CTX *ctx)
-
+krb5int_yarrow_cipher_final(CIPHER_CTX *ctx)
 {
-  krb5_k_free_key(NULL, ctx->key);
-  ctx->key = NULL;
+    krb5_k_free_key(NULL, ctx->key);
+    ctx->key = NULL;
 }
diff --git a/src/lib/crypto/krb/yarrow/ycipher.h b/src/lib/crypto/krb/yarrow/ycipher.h
index 554cf9a..21151bd 100644
--- a/src/lib/crypto/krb/yarrow/ycipher.h
+++ b/src/lib/crypto/krb/yarrow/ycipher.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YCIPHER_H
 #define YCIPHER_H
diff --git a/src/lib/crypto/krb/yarrow/yexcep.h b/src/lib/crypto/krb/yarrow/yexcep.h
index b066c91..f76f650 100644
--- a/src/lib/crypto/krb/yarrow/yexcep.h
+++ b/src/lib/crypto/krb/yarrow/yexcep.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YEXCEP_H
 #define YEXCEP_H
@@ -85,16 +85,16 @@
 #define EXCEP_OK 1
 #define EXCEP_DECL int _thr = 0, _ret2 = 0, _ret = _ret2+EXCEP_OK
 
-#define THROW( x ) \
-    do { \
-        _ret = (x); \
-        if( !_thr ) { goto _catch; } \
+#define THROW( x )                              \
+    do {                                        \
+        _ret = (x);                             \
+        if( !_thr ) { goto _catch; }            \
     } while ( 0 )
 
-#define TRY( x ) \
-    do { \
-        _ret2 = (x); \
-        if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); } \
+#define TRY( x )                                                \
+    do {                                                        \
+        _ret2 = (x);                                            \
+        if ( _ret > 0 && _ret2 <= 0 ) { THROW( _ret2 ); }       \
     } while ( 0 )
 
 #define SET( x ) (_ret = (x))
diff --git a/src/lib/crypto/krb/yarrow/ylock.h b/src/lib/crypto/krb/yarrow/ylock.h
index 9c032dc..aacf786 100644
--- a/src/lib/crypto/krb/yarrow/ylock.h
+++ b/src/lib/crypto/krb/yarrow/ylock.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YLOCK_H
 #define YLOCK_H
@@ -17,7 +17,7 @@ static int UNLOCK( void ) {  return (YARROW_OK); }
 #else
 #include "k5-thread.h"
 extern k5_mutex_t krb5int_yarrow_lock;
-#define LOCK()	(k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
+#define LOCK()  (k5_mutex_lock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
 #define UNLOCK() (k5_mutex_unlock(&krb5int_yarrow_lock) ? YARROW_LOCKING : YARROW_OK)
 #endif
 
diff --git a/src/lib/crypto/krb/yarrow/ystate.h b/src/lib/crypto/krb/yarrow/ystate.h
index 2886ca3..fd277d2 100644
--- a/src/lib/crypto/krb/yarrow/ystate.h
+++ b/src/lib/crypto/krb/yarrow/ystate.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YSTATE_H
 #define YSTATE_H
diff --git a/src/lib/crypto/krb/yarrow/ytypes.h b/src/lib/crypto/krb/yarrow/ytypes.h
index 23c1bdf..9abbf8c 100644
--- a/src/lib/crypto/krb/yarrow/ytypes.h
+++ b/src/lib/crypto/krb/yarrow/ytypes.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 #ifndef YTYPES_H
 #define YTYPES_H
diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports
index 291c2f0..b6d7353 100644
--- a/src/lib/crypto/libk5crypto.exports
+++ b/src/lib/crypto/libk5crypto.exports
@@ -65,7 +65,6 @@ krb5int_c_free_keyblock_contents
 krb5int_c_free_keyblock
 krb5int_c_init_keyblock
 krb5int_hash_md5
-krb5int_hmac_keyblock
 krb5int_enc_arcfour
 krb5int_hmac
 mit_des_fixup_key_parity
@@ -80,10 +79,10 @@ krb5_k_key_enctype
 krb5_k_key_keyblock
 krb5_k_make_checksum
 krb5_k_make_checksum_iov
+krb5_k_prf
+krb5_k_reference_key
 krb5_k_verify_checksum
 krb5_k_verify_checksum_iov
-krb5int_keyhash_md4des
-krb5int_keyhash_md5des
 mit_crc32
 krb5int_aes_encrypt
 krb5int_MD4Init
@@ -94,3 +93,4 @@ krb5int_MD5Update
 krb5int_MD5Final
 krb5int_aes_decrypt
 krb5int_enc_des3
+krb5int_arcfour_gsscrypt
diff --git a/src/lib/crypto/openssl/Makefile.in b/src/lib/crypto/openssl/Makefile.in
index 79372ee..a008d57 100644
--- a/src/lib/crypto/openssl/Makefile.in
+++ b/src/lib/crypto/openssl/Makefile.in
@@ -1,13 +1,10 @@
-thisconfigdir=../../..
-myfulldir=lib/crypto/openssl
 mydir=lib/crypto/openssl
 BUILDTOP=$(REL)..$(S)..$(S)..
-SUBDIRS=des arcfour aes	 md4 md5  sha1 enc_provider hash_provider
+SUBDIRS=des aes	 md4 md5  sha1 enc_provider hash_provider
 LOCALINCLUDES = -I$(srcdir)/../krb 			\
 		-I$(srcdir)/../krb/hash_provider 	\
 		-I$(srcdir)/des 	\
 		-I$(srcdir)/aes 	\
-		-I$(srcdir)/arcfour 	\
 		-I$(srcdir)/sha1 	\
 		-I$(srcdir)/md4 	\
 		-I$(srcdir)/md5	\
@@ -17,14 +14,11 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 DEFS=
 
-EXTRADEPSRCS= $(srcdir)/t_cf2.c 
-
-
 ##DOSBUILDTOP = ..\..\..
 ##DOSLIBNAME=$(OUTPRE)crypto.lib
 ##DOSOBJFILE=$(OUTPRE)crypto.lst
-##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)arcfour.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
-##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)arcfour.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
+##DOSOBJFILELIST=@$(OUTPRE)crypto.lst @$(OUTPRE)des.lst @$(OUTPRE)md4.lst @$(OUTPRE)md5.lst @$(OUTPRE)sha1.lst @$(OUTPRE)crc32.lst @$(OUTPRE)dk.lst @$(OUTPRE)old.lst @$(OUTPRE)raw.lst @$(OUTPRE)enc_prov.lst @$(OUTPRE)hash_pro.lst @$(OUTPRE)kh_pro.lst @$(OUTPRE)yarrow.lst @$(OUTPRE)aes.lst
+##DOSOBJFILEDEP =$(OUTPRE)crypto.lst $(OUTPRE)des.lst $(OUTPRE)md4.lst $(OUTPRE)md5.lst $(OUTPRE)sha1.lst $(OUTPRE)crc32.lst $(OUTPRE)dk.lst $(OUTPRE)old.lst $(OUTPRE)raw.lst $(OUTPRE)enc_prov.lst $(OUTPRE)hash_pro.lst $(OUTPRE)kh_pro.lst $(OUTPRE)aes.lst
 
 STLIBOBJS=\
 	hmac.o	\
@@ -42,7 +36,6 @@ STOBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 	md5/OBJS.ST sha1/OBJS.ST 	\
 	enc_provider/OBJS.ST 		\
 	hash_provider/OBJS.ST 		\
-	arcfour/OBJS.ST 		\
 	aes/OBJS.ST 			\
 	OBJS.ST
 
@@ -50,7 +43,6 @@ SUBDIROBJLISTS= des/OBJS.ST md4/OBJS.ST 	\
 		md5/OBJS.ST sha1/OBJS.ST 	\
 		enc_provider/OBJS.ST 		\
 		hash_provider/OBJS.ST 		\
-		arcfour/OBJS.ST 		\
 		aes/OBJS.ST 
 
 ##DOS##LIBOBJS = $(OBJS)
@@ -61,18 +53,6 @@ includes:: depend
 depend:: $(SRCS)
 
 clean-unix:: clean-libobjs
-check-unix:: t_cf2
-	$(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
-	diff t_cf2.output $(srcdir)/t_cf2.expected
-
-t_cf2$(EXEEXT): t_cf2.$(OBJEXT) $(SUPPORT_DEPLIB)
-	$(CC_LINK) -o $@ t_cf2.$(OBJEXT)  -lkrb5 -lk5crypto -lcom_err $(SUPPORT_LIB)
-
-clean::
-	$(RM)  t_cf2 t_cf2.o  t_cf2.output
-
-
-
 
 all-windows::
 	cd ..\des
@@ -93,9 +73,6 @@ all-windows::
 	cd ..\enc_provider
 	@echo Making in crypto\enc_provider
 	$(MAKE) -$(MFLAGS)
-	cd ..\arcfour
-	@echo Making in crypto\arcfour
-	$(MAKE) -$(MFLAGS)
 	cd ..\aes
 	@echo Making in crypto\aes
 	$(MAKE) -$(MFLAGS)
@@ -120,9 +97,6 @@ clean-windows::
 	cd ..\enc_provider
 	@echo Making clean in crypto\enc_provider
 	$(MAKE) -$(MFLAGS) clean
-	cd ..\arcfour
-	@echo Making clean in crypto\arcfour
-	$(MAKE) -$(MFLAGS) clean
 	cd ..\aes
 	@echo Making clean in crypto\aes
 	$(MAKE) -$(MFLAGS) clean
@@ -147,9 +121,6 @@ check-windows::
 	cd ..\enc_provider
 	@echo Making check in crypto\enc_provider
 	$(MAKE) -$(MFLAGS) check
-	cd ..\arcfour
-	@echo Making check in crypto\arcfour
-	$(MAKE) -$(MFLAGS) check
 	cd ..\aes
 	@echo Making check in crypto\aes
 	$(MAKE) -$(MFLAGS) check
diff --git a/src/lib/crypto/openssl/aes/Makefile.in b/src/lib/crypto/openssl/aes/Makefile.in
index 72af752..6352c3d 100644
--- a/src/lib/crypto/openssl/aes/Makefile.in
+++ b/src/lib/crypto/openssl/aes/Makefile.in
@@ -1,5 +1,7 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/aes
+# Nothing here!  But we can't remove this directory as the build
+# system currently assumes that all modules have the same directory
+# structure.
+
 mydir=lib/crypto/openssl/aes
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../../krb/dk  -I$(srcdir)/../../../../include
@@ -12,14 +14,11 @@ DEFS=
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
-STLIBOBJS=\
-	aes_s2k.o
+STLIBOBJS=
 
-OBJS=\
-	$(OUTPRE)aes_s2k.$(OBJEXT)
+OBJS=
 
-SRCS=\
-	$(srcdir)/aes_s2k.c
+SRCS=
 
 
 ##DOS##LIBOBJS = $(OBJS)
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.c b/src/lib/crypto/openssl/aes/aes_s2k.c
deleted file mode 100644
index 9dd1402..0000000
--- a/src/lib/crypto/openssl/aes/aes_s2k.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * lib/crypto/openssl/aes/aes_s2k.c
- *
- * Copyright 2003, 2009 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- *
- * krb5int_aes_string_to_key
- */
-
-#include "k5-int.h"
-#include "dk.h"
-#include "aes_s2k.h"
-
-#define DEFAULT_ITERATION_COUNT		4096 /* was 0xb000L in earlier drafts */
-#define MAX_ITERATION_COUNT		0x1000000L
-
-krb5_error_code
-krb5int_aes_string_to_key(const struct krb5_enc_provider *enc,
-			  const krb5_data *string,
-			  const krb5_data *salt,
-			  const krb5_data *params,
-			  krb5_keyblock *key)
-{
-    unsigned long iter_count;
-    krb5_data out;
-    static const krb5_data usage = { KV5M_DATA, 8, "kerberos" };
-    krb5_key tempkey = NULL;
-    krb5_error_code err;
-
-    if (params) {
-	unsigned char *p = (unsigned char *) params->data;
-	if (params->length != 4)
-	    return KRB5_ERR_BAD_S2K_PARAMS;
-	/* The first two need casts in case 'int' is 16 bits.  */
-	iter_count = load_32_be(p);
-	if (iter_count == 0) {
-	    iter_count = (1UL << 16) << 16;
-	    if (((iter_count >> 16) >> 16) != 1)
-		return KRB5_ERR_BAD_S2K_PARAMS;
-	}
-    } else
-	iter_count = DEFAULT_ITERATION_COUNT;
-
-    /* This is not a protocol specification constraint; this is an
-       implementation limit, which should eventually be controlled by
-       a config file.  */
-    if (iter_count >= MAX_ITERATION_COUNT)
-	return KRB5_ERR_BAD_S2K_PARAMS;
-
-    /* Use the output keyblock contents for temporary space. */
-    out.data = (char *) key->contents;
-    out.length = key->length;
-    if (out.length != 16 && out.length != 32)
-	return KRB5_CRYPTO_INTERNAL;
-
-    err = krb5int_pbkdf2_hmac_sha1 (&out, iter_count, string, salt);
-    if (err)
-	goto cleanup;
-
-    err = krb5_k_create_key (NULL, key, &tempkey);
-    if (err)
-	goto cleanup;
-
-    err = krb5int_derive_keyblock (enc, tempkey, key, &usage);
-
-cleanup:
-    if (err)
-	memset (out.data, 0, out.length);
-    krb5_k_free_key (NULL, tempkey);
-    return err;
-}
diff --git a/src/lib/crypto/openssl/aes/aes_s2k.h b/src/lib/crypto/openssl/aes/aes_s2k.h
deleted file mode 100644
index f39b95a..0000000
--- a/src/lib/crypto/openssl/aes/aes_s2k.h
+++ /dev/null
@@ -1,9 +0,0 @@
-/*
- * lib/crypto/openssl/aes/aes_s2k.h
- */
-
-
-extern krb5_error_code
-krb5int_aes_string_to_key (const struct krb5_enc_provider *,
-			   const krb5_data *, const krb5_data *,
-			   const krb5_data *, krb5_keyblock *key);
diff --git a/src/lib/crypto/openssl/aes/deps b/src/lib/crypto/openssl/aes/deps
index 3503d1c..2feac3c 100644
--- a/src/lib/crypto/openssl/aes/deps
+++ b/src/lib/crypto/openssl/aes/deps
@@ -1,14 +1 @@
-# 
-# Generated makefile dependencies follow.
-#
-aes_s2k.so aes_s2k.po $(OUTPRE)aes_s2k.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/aes_s2k.c \
-  $(srcdir)/aes_s2k.h $(srcdir)/../../krb/dk/dk.h
+# No dependencies here.
diff --git a/src/lib/crypto/openssl/arcfour/arcfour-int.h b/src/lib/crypto/openssl/arcfour/arcfour-int.h
deleted file mode 100644
index bb4cf42..0000000
--- a/src/lib/crypto/openssl/arcfour/arcfour-int.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
-
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
-
-*/
-#ifndef ARCFOUR_INT_H
-#define ARCFOUR_INT_H
-
-#include "arcfour.h"
-#include <openssl/evp.h>
-
-#define CONFOUNDERLENGTH 8
-
-typedef struct
-{
-    EVP_CIPHER_CTX  evp_ctx;
-    unsigned int x;
-    unsigned int y;
-    unsigned char state[256];
-
-} ArcfourContext;
-
-typedef struct {
-    int initialized;
-    ArcfourContext ctx;
-} ArcFourCipherState;
-
-krb5_keyusage krb5int_arcfour_translate_usage(krb5_keyusage usage);
-
-extern const char *const krb5int_arcfour_l40;
-
-#endif /* ARCFOUR_INT_H */
diff --git a/src/lib/crypto/openssl/arcfour/arcfour.c b/src/lib/crypto/openssl/arcfour/arcfour.c
deleted file mode 100644
index ac96c86..0000000
--- a/src/lib/crypto/openssl/arcfour/arcfour.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
-
-ARCFOUR cipher (based on a cipher posted on the Usenet in Spring-95).
-This cipher is widely believed and has been tested to be equivalent
-with the RC4 cipher from RSA Data Security, Inc.  (RC4 is a trademark
-of RSA Data Security)
-
-*/
-#include "k5-int.h"
-#include "arcfour-int.h"
-#include "hash_provider/hash_provider.h"
-
-const char *const krb5int_arcfour_l40 = "fortybits";
-
-void
-krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    size_t inputlen, size_t *length)
-{
-  size_t blocksize, hashsize;
-
-  blocksize = enc->block_size;
-  hashsize = hash->hashsize;
-
-  /* checksum + (confounder + inputlen, in even blocksize) */
-  *length = hashsize + krb5_roundup(8 + inputlen, blocksize);
-}
-
- krb5_keyusage
- krb5int_arcfour_translate_usage(krb5_keyusage usage)
-{
-  switch (usage) {
-  case 1:			/* AS-REQ PA-ENC-TIMESTAMP padata timestamp,  */
-    return 1;
-  case 2:			/* ticket from kdc */
-    return 2;
-  case 3:			/* as-rep encrypted part */
-    return 8;
-  case 4:			/* tgs-req authz data */
-    return 4;
-  case 5:			/* tgs-req authz data in subkey */
-    return 5;
-  case 6:			/* tgs-req authenticator cksum */
-    return 6;
-case 7:				/* tgs-req authenticator */
-  return 7;
-    case 8:
-    return 8;
-  case 9:			/* tgs-rep encrypted with subkey */
-    return 9;
-  case 10:			/* ap-rep authentication cksum */
-    return 10;			/* xxx  Microsoft never uses this*/
-  case 11:			/* app-req authenticator */
-    return 11;
-  case 12:			/* app-rep encrypted part */
-    return 12;
-  case 23: /* sign wrap token*/
-    return 13;
-  default:
-      return usage;
-}
-}
-
-/* RFC 4757 */
-krb5_error_code
-krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
-{
-  krb5_keyblock k1, k2, k3;
-  krb5_key k3key = NULL;
-  krb5_data d1, d2, d3, salt, plaintext, checksum, ciphertext, confounder;
-  krb5_keyusage ms_usage;
-  size_t keylength, keybytes, blocksize, hashsize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = key->keyblock;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = key->keyblock;
-  k2.length=d2.length;
-  k2.contents=(void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = key->keyblock;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if (salt.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  /* is "input" already blocksize aligned?  if it is, then we need this
-     step, otherwise we do not */
-  plaintext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    free(salt.data);
-    return(ENOMEM);
-  }
-
-  /* setup convienient pointers into the allocated data */
-  checksum.length=hashsize;
-  checksum.data=output->data;
-  ciphertext.length=krb5_roundup(input->length+CONFOUNDERLENGTH,blocksize);
-  ciphertext.data=output->data+hashsize;
-  confounder.length=CONFOUNDERLENGTH;
-  confounder.data=plaintext.data;
-  output->length = plaintext.length+hashsize;
-
-  /* begin the encryption, computer K1 */
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-  if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-    strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-    store_32_le(ms_usage, salt.data+10);
-  } else {
-    salt.length=4;
-    store_32_le(ms_usage, salt.data);
-  }
-  krb5int_hmac(hash, key, 1, &salt, &d1);
-
-  memcpy(k2.contents, k1.contents, k2.length);
-
-  if (key->keyblock.enctype==ENCTYPE_ARCFOUR_HMAC_EXP)
-    memset(k1.contents+7, 0xab, 9);
-
-  ret=krb5_c_random_make_octets(/* XXX */ 0, &confounder);
-  memcpy(plaintext.data+confounder.length, input->data, input->length);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &checksum);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-  if (ret)
-    goto cleanup;
-
-  ret = krb5_k_create_key(NULL, &k3, &k3key);
-  if (ret)
-    goto cleanup;
-
-  ret=(*(enc->encrypt))(k3key, ivec, &plaintext, &ciphertext);
-
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d3.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  krb5_k_free_key(NULL, k3key);
-  return (ret);
-}
-
-/* This is the arcfour-hmac decryption routine */
-krb5_error_code
-krb5int_arcfour_decrypt(const struct krb5_enc_provider *enc,
-		     const struct krb5_hash_provider *hash,
-		     krb5_key key, krb5_keyusage usage,
-		     const krb5_data *ivec, const krb5_data *input,
-		     krb5_data *output)
-{
-  krb5_keyblock k1,k2,k3;
-  krb5_key k3key;
-  krb5_data d1,d2,d3,salt,ciphertext,plaintext,checksum;
-  krb5_keyusage ms_usage;
-  size_t keybytes, keylength, hashsize, blocksize;
-  krb5_error_code ret;
-
-  blocksize = enc->block_size;
-  keybytes = enc->keybytes;
-  keylength = enc->keylength;
-  hashsize = hash->hashsize;
-
-  d1.length=keybytes;
-  d1.data=malloc(d1.length);
-  if (d1.data == NULL)
-    return (ENOMEM);
-  k1 = key->keyblock;
-  k1.length=d1.length;
-  k1.contents= (void *) d1.data;
-
-  d2.length=keybytes;
-  d2.data=malloc(d2.length);
-  if (d2.data == NULL) {
-    free(d1.data);
-    return (ENOMEM);
-  }
-  k2 = key->keyblock;
-  k2.length=d2.length;
-  k2.contents= (void *) d2.data;
-
-  d3.length=keybytes;
-  d3.data=malloc(d3.length);
-  if  (d3.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    return (ENOMEM);
-  }
-  k3 = key->keyblock;
-  k3.length=d3.length;
-  k3.contents= (void *) d3.data;
-
-  salt.length=14;
-  salt.data=malloc(salt.length);
-  if(salt.data==NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    return (ENOMEM);
-  }
-
-  ciphertext.length=input->length-hashsize;
-  ciphertext.data=input->data+hashsize;
-  plaintext.length=ciphertext.length;
-  plaintext.data=malloc(plaintext.length);
-  if (plaintext.data == NULL) {
-    free(d1.data);
-    free(d2.data);
-    free(d3.data);
-    free(salt.data);
-    return (ENOMEM);
-  }
-
-  checksum.length=hashsize;
-  checksum.data=input->data;
-
-  ms_usage=krb5int_arcfour_translate_usage(usage);
-
-  /* We may have to try two ms_usage values; see below. */
-  do {
-      /* compute the salt */
-      if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	  strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	  store_32_le(ms_usage, salt.data + 10);
-      } else {
-	  salt.length = 4;
-	  store_32_le(ms_usage, salt.data);
-      }
-      ret = krb5int_hmac(hash, key, 1, &salt, &d1);
-      if (ret)
-	  goto cleanup;
-
-      memcpy(k2.contents, k1.contents, k2.length);
-
-      if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	  memset(k1.contents + 7, 0xab, 9);
-
-      ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-      if (ret)
-	  goto cleanup;
-
-      ret = krb5_k_create_key(NULL, &k3, &k3key);
-      if (ret)
-	goto cleanup;
-      ret = (*(enc->decrypt))(k3key, ivec, &ciphertext, &plaintext);
-      krb5_k_free_key(NULL, k3key);
-      if (ret)
-	  goto cleanup;
-
-      ret = krb5int_hmac_keyblock(hash, &k2, 1, &plaintext, &d1);
-      if (ret)
-	  goto cleanup;
-
-      if (memcmp(checksum.data, d1.data, hashsize) != 0) {
-	  if (ms_usage == 9) {
-	      /*
-	       * RFC 4757 specifies usage 8 for TGS-REP encrypted
-	       * parts encrypted in a subkey, but the value used by MS
-	       * is actually 9.  We now use 9 to start with, but fall
-	       * back to 8 on failure in case we are communicating
-	       * with a KDC using the value from the RFC.
-	       */
-	      ms_usage = 8;
-	      continue;
-	  }
-	  ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	  goto cleanup;
-      }
-
-      break;
-  } while (1);
-
-  memcpy(output->data, plaintext.data+CONFOUNDERLENGTH,
-	 (plaintext.length-CONFOUNDERLENGTH));
-  output->length=plaintext.length-CONFOUNDERLENGTH;
-
- cleanup:
-  memset(d1.data, 0, d1.length);
-  memset(d2.data, 0, d2.length);
-  memset(d3.data, 0, d2.length);
-  memset(salt.data, 0, salt.length);
-  memset(plaintext.data, 0, plaintext.length);
-
-  free(d1.data);
-  free(d2.data);
-  free(d3.data);
-  free(salt.data);
-  free(plaintext.data);
-  return (ret);
-}
diff --git a/src/lib/crypto/openssl/arcfour/arcfour.h b/src/lib/crypto/openssl/arcfour/arcfour.h
deleted file mode 100644
index e00708a..0000000
--- a/src/lib/crypto/openssl/arcfour/arcfour.h
+++ /dev/null
@@ -1,39 +0,0 @@
-#ifndef ARCFOUR_H
-#define ARCFOUR_H
-
-extern void
-krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			size_t,
-			size_t *);
-
-extern krb5_error_code
-krb5int_arcfour_encrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			krb5_key,
-			krb5_keyusage,
-			const krb5_data *,
-     			const krb5_data *,
-			krb5_data *);
-
-extern krb5_error_code
-krb5int_arcfour_decrypt(const struct krb5_enc_provider *,
-			const struct krb5_hash_provider *,
-			krb5_key,
-			krb5_keyusage,
-			const krb5_data *,
-			const krb5_data *,
-			krb5_data *);
-
-extern krb5_error_code
-krb5int_arcfour_string_to_key(
-     const struct krb5_enc_provider *,
-     const krb5_data *,
-     const krb5_data *,
-     const krb5_data *,
-     krb5_keyblock *);
-
-extern const struct krb5_enc_provider krb5int_enc_arcfour;
-extern const struct krb5_aead_provider krb5int_aead_arcfour;
-
-#endif /* ARCFOUR_H */
diff --git a/src/lib/crypto/openssl/arcfour/arcfour_aead.c b/src/lib/crypto/openssl/arcfour/arcfour_aead.c
deleted file mode 100644
index 66eb357..0000000
--- a/src/lib/crypto/openssl/arcfour/arcfour_aead.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * lib/crypto/arcfour/arcfour_aead.c
- *
- * Copyright 2008, 2009 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- *   require a specific license from the United States Government.
- *   It is the responsibility of any person or organization contemplating
- *   export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  Furthermore if you modify this software you must label
- * your software as modified software and not distribute it in such a
- * fashion that it might be confused with the original M.I.T. software.
- * M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
-
-
-#include "k5-int.h"
-#include "arcfour.h"
-#include "arcfour-int.h"
-#include "aead.h"
-
-/* AEAD */
-
-static krb5_error_code
-krb5int_arcfour_crypto_length(const struct krb5_aead_provider *aead,
-			      const struct krb5_enc_provider *enc,
-			      const struct krb5_hash_provider *hash,
-			      krb5_cryptotype type,
-			      unsigned int *length)
-{
-    switch (type) {
-    case KRB5_CRYPTO_TYPE_HEADER:
-	*length = hash->hashsize + CONFOUNDERLENGTH;
-	break;
-    case KRB5_CRYPTO_TYPE_PADDING:
-	*length = 0;
-	break;
-    case KRB5_CRYPTO_TYPE_TRAILER:
-	*length = 0;
-	break;
-    case KRB5_CRYPTO_TYPE_CHECKSUM:
-	*length = hash->hashsize;
-	break;
-    default:
-	assert(0 && "invalid cryptotype passed to krb5int_arcfour_crypto_length");
-	break;
-    }
-
-    return 0;
-}
-
-static krb5_error_code
-alloc_derived_key(const struct krb5_enc_provider *enc,
-		  krb5_keyblock *dst,
-		  krb5_data *data,
-		  const krb5_keyblock *src)
-{
-    data->length = enc->keybytes;
-    data->data = malloc(data->length);
-    if (data->data == NULL)
-	return ENOMEM;
-
-    *dst = *src;
-    dst->length = data->length;
-    dst->contents = (void *)data->data;
-
-    return 0;
-}
-
-static krb5_error_code
-krb5int_arcfour_encrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
-{
-    krb5_error_code ret;
-    krb5_crypto_iov *header, *trailer;
-    krb5_keyblock k1, k2, k3;
-    krb5_key k3key = NULL;
-    krb5_data d1, d2, d3;
-    krb5_data checksum, confounder, header_data;
-    krb5_keyusage ms_usage;
-    char salt_data[14];
-    krb5_data salt;
-    size_t i;
-
-    d1.length = d2.length = d3.length = 0;
-    d1.data = d2.data = d3.data = NULL;
-
-    /*
-     * Caller must have provided space for the header, padding
-     * and trailer; per RFC 4757 we will arrange it as:
-     *
-     *	    Checksum | E(Confounder | Plaintext)
-     */
-
-    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
-    if (header == NULL ||
-	header->data.length < hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
-
-    header_data = header->data;
-
-    /* Trailer may be absent */
-    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
-    if (trailer != NULL)
-	trailer->data.length = 0;
-
-    /* Ensure that there is no padding */
-    for (i = 0; i < num_data; i++) {
-	if (data[i].flags == KRB5_CRYPTO_TYPE_PADDING)
-	    data[i].data.length = 0;
-    }
-
-    ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Begin the encryption, compute K1 */
-    salt.data = salt_data;
-    salt.length = sizeof(salt_data);
-
-    ms_usage = krb5int_arcfour_translate_usage(usage);
-
-    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, salt.data + 10);
-    } else {
-	salt.length = 4;
-	store_32_le(ms_usage, salt.data);
-    }
-    ret = krb5int_hmac(hash, key, 1, &salt, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(k2.contents, k1.contents, k2.length);
-
-    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
-
-    header->data.length = hash->hashsize + CONFOUNDERLENGTH;
-
-    confounder.data = header->data.data + hash->hashsize;
-    confounder.length = CONFOUNDERLENGTH;
-
-    ret = krb5_c_random_make_octets(0, &confounder);
-    if (ret != 0)
-	goto cleanup;
-
-    checksum.data = header->data.data;
-    checksum.length = hash->hashsize;
-
-    /* Adjust pointers so confounder is at start of header */
-    header->data.length -= hash->hashsize;
-    header->data.data   += hash->hashsize;
-
-    ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &checksum);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5_k_create_key(NULL, &k3, &k3key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = enc->encrypt_iov(k3key, ivec, data, num_data);
-    if (ret != 0)
-	goto cleanup;
-
-cleanup:
-    header->data = header_data; /* restore header pointers */
-
-    if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
-    }
-    if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
-    }
-    if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
-    }
-
-    krb5_k_free_key(NULL, k3key);
-    return ret;
-}
-
-static krb5_error_code
-krb5int_arcfour_decrypt_iov(const struct krb5_aead_provider *aead,
-			    const struct krb5_enc_provider *enc,
-			    const struct krb5_hash_provider *hash,
-			    krb5_key key,
-			    krb5_keyusage usage,
-			    const krb5_data *ivec,
-			    krb5_crypto_iov *data,
-			    size_t num_data)
-{
-    krb5_error_code ret;
-    krb5_crypto_iov *header, *trailer;
-    krb5_keyblock k1, k2, k3;
-    krb5_key k3key = NULL;
-    krb5_data d1, d2, d3;
-    krb5_data checksum, header_data;
-    krb5_keyusage ms_usage;
-    char salt_data[14];
-    krb5_data salt;
-
-    d1.length = d2.length = d3.length = 0;
-    d1.data = d2.data = d3.data = NULL;
-
-    header = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_HEADER);
-    if (header == NULL ||
-        header->data.length != hash->hashsize + CONFOUNDERLENGTH)
-	return KRB5_BAD_MSIZE;
-
-    header_data = header->data;
-
-    trailer = krb5int_c_locate_iov(data, num_data, KRB5_CRYPTO_TYPE_TRAILER);
-    if (trailer != NULL && trailer->data.length != 0)
-	return KRB5_BAD_MSIZE;
-
-    ret = alloc_derived_key(enc, &k1, &d1, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k2, &d2, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = alloc_derived_key(enc, &k3, &d3, &key->keyblock);
-    if (ret != 0)
-	goto cleanup;
-
-    /* Begin the decryption, compute K1 */
-    salt.data = salt_data;
-    salt.length = sizeof(salt_data);
-
-    ms_usage = krb5int_arcfour_translate_usage(usage);
-
-    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
-	strncpy(salt.data, krb5int_arcfour_l40, salt.length);
-	store_32_le(ms_usage, (unsigned char *)salt.data + 10);
-    } else {
-	salt.length = 4;
-	store_32_le(ms_usage, (unsigned char *)salt.data);
-    }
-    ret = krb5int_hmac(hash, key, 1, &salt, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    memcpy(k2.contents, k1.contents, k2.length);
-
-    if (key->keyblock.enctype == ENCTYPE_ARCFOUR_HMAC_EXP)
-	memset(k1.contents + 7, 0xAB, 9);
-
-    checksum.data = header->data.data;
-    checksum.length = hash->hashsize;
-
-    /* Adjust pointers so confounder is at start of header */
-    header->data.length -= hash->hashsize;
-    header->data.data   += hash->hashsize;
-
-    ret = krb5int_hmac_keyblock(hash, &k1, 1, &checksum, &d3);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5_k_create_key(NULL, &k3, &k3key);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = enc->decrypt_iov(k3key, ivec, data, num_data);
-    if (ret != 0)
-	goto cleanup;
-
-    ret = krb5int_hmac_iov_keyblock(hash, &k2, data, num_data, &d1);
-    if (ret != 0)
-	goto cleanup;
-
-    if (memcmp(checksum.data, d1.data, hash->hashsize) != 0) {
-	ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-	goto cleanup;
-    }
-
-cleanup:
-    header->data = header_data; /* restore header pointers */
-
-    if (d1.data != NULL) {
-	memset(d1.data, 0, d1.length);
-	free(d1.data);
-    }
-    if (d2.data != NULL) {
-	memset(d2.data, 0, d2.length);
-	free(d2.data);
-    }
-    if (d3.data != NULL) {
-	memset(d3.data, 0, d3.length);
-	free(d3.data);
-    }
-
-    krb5_k_free_key(NULL, k3key);
-    return ret;
-}
-
-const struct krb5_aead_provider krb5int_aead_arcfour = {
-    krb5int_arcfour_crypto_length,
-    krb5int_arcfour_encrypt_iov,
-    krb5int_arcfour_decrypt_iov
-};
diff --git a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c b/src/lib/crypto/openssl/arcfour/arcfour_s2k.c
deleted file mode 100644
index 1aaaa1c..0000000
--- a/src/lib/crypto/openssl/arcfour/arcfour_s2k.c
+++ /dev/null
@@ -1,59 +0,0 @@
-#include "k5-int.h"
-#include "k5-utf8.h"
-#include "rsa-md4.h"
-#include "arcfour-int.h"
-
-#if TARGET_OS_MAC && !defined(DEPEND)
-#include <CoreFoundation/CFString.h>
-#endif
-
-krb5_error_code
-krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
-			      const krb5_data *string, const krb5_data *salt,
-			      const krb5_data *params, krb5_keyblock *key)
-{
-  krb5_error_code err = 0;
-  krb5_MD4_CTX md4_context;
-  unsigned char *copystr;
-  size_t copystrlen;
-
-  if (params != NULL)
-      return KRB5_ERR_BAD_S2K_PARAMS;
-
-  if (key->length != 16)
-    return (KRB5_BAD_MSIZE);
-
-  /* We ignore salt per the Microsoft spec*/
-
-  /* compute the space needed for the new string.
-     Since the password must be stored in unicode, we need to increase
-     that number by 2x.
-  */
-
-  err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr, &copystrlen);
-  if (err)
-    return err;
-
-  /* the actual MD4 hash of the data */
-  krb5int_MD4Init(&md4_context);
-  krb5int_MD4Update(&md4_context, copystr, copystrlen);
-  krb5int_MD4Final(&md4_context);
-  memcpy(key->contents, md4_context.digest, 16);
-
-#if 0
-  /* test the string_to_key function */
-  printf("Hash=");
-  {
-    int counter;
-    for(counter=0;counter<16;counter++)
-      printf("%02x", md4_context.digest[counter]);
-    printf("\n");
-  }
-#endif /* 0 */
-
-  /* Zero out the data behind us */
-  memset(copystr, 0, copystrlen);
-  memset(&md4_context, 0, sizeof(md4_context));
-  free(copystr);
-  return err;
-}
diff --git a/src/lib/crypto/openssl/arcfour/deps b/src/lib/crypto/openssl/arcfour/deps
deleted file mode 100644
index f3653b2..0000000
--- a/src/lib/crypto/openssl/arcfour/deps
+++ /dev/null
@@ -1,41 +0,0 @@
-# 
-# Generated makefile dependencies follow.
-#
-arcfour.so arcfour.po $(OUTPRE)arcfour.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/arcfour-int.h \
-  $(srcdir)/arcfour.c $(srcdir)/arcfour.h \
-  $(srcdir)/../hash_provider/hash_provider.h
-arcfour_aead.so arcfour_aead.po $(OUTPRE)arcfour_aead.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/arcfour-int.h $(srcdir)/arcfour.h \
-  $(srcdir)/arcfour_aead.c $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h
-arcfour_s2k.so arcfour_s2k.po $(OUTPRE)arcfour_s2k.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/arcfour-int.h \
-  $(srcdir)/arcfour.h $(srcdir)/arcfour_s2k.c \
-  $(srcdir)/../md4/rsa-md4.h
diff --git a/src/lib/crypto/openssl/deps b/src/lib/crypto/openssl/deps
index 2552b78..dba4cf8 100644
--- a/src/lib/crypto/openssl/deps
+++ b/src/lib/crypto/openssl/deps
@@ -3,23 +3,24 @@
 #
 hmac.so hmac.po $(OUTPRE)hmac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/hmac.c \
-  $(srcdir)/../krb/aead.h $(srcdir)/../krb/cksumtypes.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../krb/aead.h \
+  $(srcdir)/../krb/cksumtypes.h $(srcdir)/../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hmac.c
 pbkdf2.so pbkdf2.po $(OUTPRE)pbkdf2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/hash_provider/hash_provider.h \
-  $(srcdir)/pbkdf2.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pbkdf2.c
diff --git a/src/lib/crypto/openssl/des/Makefile.in b/src/lib/crypto/openssl/des/Makefile.in
index 4e88598..627b5cc 100644
--- a/src/lib/crypto/openssl/des/Makefile.in
+++ b/src/lib/crypto/openssl/des/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/des
 mydir=lib/crypto/openssl/des
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/.. -I$(srcdir)/../.. -I$(srcdir)/../../krb
diff --git a/src/lib/crypto/openssl/des/deps b/src/lib/crypto/openssl/des/deps
index bf83f01..3c0891e 100644
--- a/src/lib/crypto/openssl/des/deps
+++ b/src/lib/crypto/openssl/des/deps
@@ -4,44 +4,44 @@
 f_parity.so f_parity.po $(OUTPRE)f_parity.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/des_int.h $(srcdir)/f_parity.c
-des_oldapis.so des_oldapis.po $(OUTPRE)des_oldapis.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/des_int.h \
-  $(srcdir)/des_oldapis.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h f_parity.c
+des_oldapis.so des_oldapis.po $(OUTPRE)des_oldapis.$(OBJEXT): \
+  $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h des_oldapis.c
 weak_key.so weak_key.po $(OUTPRE)weak_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/des_int.h $(srcdir)/weak_key.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h weak_key.c
 string2key.so string2key.po $(OUTPRE)string2key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/des_int.h $(srcdir)/string2key.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des_int.h string2key.c
diff --git a/src/lib/crypto/openssl/des/des_int.h b/src/lib/crypto/openssl/des/des_int.h
index 84d678c..6cb54fd 100644
--- a/src/lib/crypto/openssl/des/des_int.h
+++ b/src/lib/crypto/openssl/des/des_int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/des/des_int.h
  *
@@ -53,7 +54,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
-/* only do the whole thing once	 */
+/* only do the whole thing once  */
 #ifndef DES_INTERNAL_DEFS
 #define DES_INTERNAL_DEFS
 
@@ -91,7 +92,7 @@
 #define DES_UINT32 unsigned long
 #endif
 
-typedef unsigned char des_cblock[8] 	/* crypto-block size */
+typedef unsigned char des_cblock[8]     /* crypto-block size */
 KRB5INT_DES_DEPRECATED;
 
 /*
@@ -119,11 +120,11 @@ typedef des_cblock mit_des_cblock;
 typedef des_key_schedule mit_des_key_schedule;
 
 /* Triple-DES structures */
-typedef mit_des_cblock		mit_des3_cblock[3];
-typedef mit_des_key_schedule	mit_des3_key_schedule[3];
+typedef mit_des_cblock          mit_des3_cblock[3];
+typedef mit_des_key_schedule    mit_des3_key_schedule[3];
 
-#define MIT_DES_ENCRYPT	1
-#define MIT_DES_DECRYPT	0
+#define MIT_DES_ENCRYPT 1
+#define MIT_DES_DECRYPT 0
 
 typedef struct mit_des_ran_key_seed {
     krb5_encrypt_block eblock;
@@ -132,22 +133,22 @@ typedef struct mit_des_ran_key_seed {
 
 /* the first byte of the key is already in the keyblock */
 
-#define MIT_DES_BLOCK_LENGTH 		(8*sizeof(krb5_octet))
-#define	MIT_DES_CBC_CRC_PAD_MINIMUM	CRC32_CKSUM_LENGTH
+#define MIT_DES_BLOCK_LENGTH            (8*sizeof(krb5_octet))
+#define MIT_DES_CBC_CRC_PAD_MINIMUM     CRC32_CKSUM_LENGTH
 /* This used to be 8*sizeof(krb5_octet) */
-#define MIT_DES_KEYSIZE		 	8
+#define MIT_DES_KEYSIZE                 8
 
-#define MIT_DES_CBC_CKSUM_LENGTH	(4*sizeof(krb5_octet))
+#define MIT_DES_CBC_CKSUM_LENGTH        (4*sizeof(krb5_octet))
 
 /*
  * Check if k5-int.h has been included before us.  If so, then check to see
  * that our view of the DES key size is the same as k5-int.h's.
  */
-#ifdef	KRB5_MIT_DES_KEYSIZE
-#if	MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
+#ifdef  KRB5_MIT_DES_KEYSIZE
+#if     MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE
 error(MIT_DES_KEYSIZE does not equal KRB5_MIT_DES_KEYSIZE)
-#endif	/* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
-#endif	/* KRB5_MIT_DES_KEYSIZE */
+#endif  /* MIT_DES_KEYSIZE != KRB5_MIT_DES_KEYSIZE */
+#endif  /* KRB5_MIT_DES_KEYSIZE */
 #endif /* KRB5_MIT_DES__ */
 /*
  * End "mit-des.h"
@@ -162,10 +163,10 @@ extern int mit_des_check_key_parity (mit_des_cblock );
 
 /* string2key.c */
 extern krb5_error_code mit_des_string_to_key
-    ( const krb5_encrypt_block *,
-	       krb5_keyblock *, const krb5_data *, const krb5_data *);
+( const krb5_encrypt_block *,
+  krb5_keyblock *, const krb5_data *, const krb5_data *);
 extern krb5_error_code mit_des_string_to_key_int
-	(krb5_keyblock *, const krb5_data *, const krb5_data *);
+(krb5_keyblock *, const krb5_data *, const krb5_data *);
 
 /* weak_key.c */
 extern int mit_des_is_weak_key (mit_des_cblock );
@@ -185,4 +186,4 @@ extern unsigned long swap_long_bytes_bit_number (unsigned long );
 /* XXX depends on FILE being a #define! */
 extern void test_set (FILE *, const char *, int, const char *, int);
 #endif
-#endif	/*DES_INTERNAL_DEFS*/
+#endif  /*DES_INTERNAL_DEFS*/
diff --git a/src/lib/crypto/openssl/des/des_oldapis.c b/src/lib/crypto/openssl/des/des_oldapis.c
index c931efc..eb1e586 100644
--- a/src/lib/crypto/openssl/des/des_oldapis.c
+++ b/src/lib/crypto/openssl/des/des_oldapis.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/des_oldapis.c
  *
@@ -33,8 +34,8 @@ const mit_des_cblock mit_des_zeroblock /* = all zero */;
 
 unsigned long
 mit_des_cbc_cksum(const krb5_octet *in, krb5_octet *out,
-		  unsigned long length, const mit_des_key_schedule schedule,
-		  const krb5_octet *ivec)
+                  unsigned long length, const mit_des_key_schedule schedule,
+                  const krb5_octet *ivec)
 {
     /* Unsupported operation */
     return KRB5_CRYPTO_INTERNAL;
diff --git a/src/lib/crypto/openssl/des/f_parity.c b/src/lib/crypto/openssl/des/f_parity.c
index bc33eb8..b8baac9 100644
--- a/src/lib/crypto/openssl/des/f_parity.c
+++ b/src/lib/crypto/openssl/des/f_parity.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/f_parity.c
  *
@@ -30,7 +31,7 @@
 void
 mit_des_fixup_key_parity(mit_des_cblock key)
 {
-   DES_set_odd_parity(key);
+    DES_set_odd_parity(key);
 }
 
 /*
@@ -42,6 +43,6 @@ int
 mit_des_check_key_parity(mit_des_cblock key)
 {
     if (!DES_check_key_parity(key))
-                return(0);
+        return(0);
     return (1);
 }
diff --git a/src/lib/crypto/openssl/des/string2key.c b/src/lib/crypto/openssl/des/string2key.c
index 6034e86..c192734 100644
--- a/src/lib/crypto/openssl/des/string2key.c
+++ b/src/lib/crypto/openssl/des/string2key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/string2key.c
  *
@@ -30,7 +31,7 @@
 
 krb5_error_code
 mit_des_string_to_key_int (krb5_keyblock *key,
-			   const krb5_data *pw, const krb5_data *salt)
+                           const krb5_data *pw, const krb5_data *salt)
 {
     DES_cblock outkey;
     DES_string_to_key(pw->data, &outkey);
diff --git a/src/lib/crypto/openssl/des/weak_key.c b/src/lib/crypto/openssl/des/weak_key.c
index 4d7e99b..eb49d58 100644
--- a/src/lib/crypto/openssl/des/weak_key.c
+++ b/src/lib/crypto/openssl/des/weak_key.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/des/weak_key.c
  *
@@ -76,11 +77,11 @@ mit_des_is_weak_key(mit_des_cblock key)
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
-	if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
-	    return 1;
+        if (!memcmp(weak_p++,key,sizeof(mit_des_cblock)))
+            return 1;
     }
     if ( DES_is_weak_key(key) == 1) /* Also OpenSSL's check */
-	    return 1;
+        return 1;
 
     return 0;
 }
diff --git a/src/lib/crypto/openssl/enc_provider/Makefile.in b/src/lib/crypto/openssl/enc_provider/Makefile.in
index 991ef4a..0ed82cb 100644
--- a/src/lib/crypto/openssl/enc_provider/Makefile.in
+++ b/src/lib/crypto/openssl/enc_provider/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/enc_provider
 mydir=lib/crypto/openssl/enc_provider
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/../des 	\
diff --git a/src/lib/crypto/openssl/enc_provider/aes.c b/src/lib/crypto/openssl/enc_provider/aes.c
index 51ba8af..7ba1f52 100644
--- a/src/lib/crypto/openssl/enc_provider/aes.c
+++ b/src/lib/crypto/openssl/enc_provider/aes.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/enc_provider/aes.c
  *
@@ -35,23 +36,17 @@
 
 /* proto's */
 static krb5_error_code
-cts_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data);
 static krb5_error_code
-cbc_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data);
 static krb5_error_code
-cts_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
 static krb5_error_code
-cbc_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output);
-static krb5_error_code
-cts_encr_iov(krb5_key key, const krb5_data *ivec,
-                    krb5_crypto_iov *data, size_t num_data, size_t dlen);
-static krb5_error_code
-cts_decr_iov(krb5_key key, const krb5_data *ivec,
-                    krb5_crypto_iov *data, size_t num_data, size_t dlen);
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen);
 
 #define BLOCK_SIZE 16
 #define NUM_BITS 8
@@ -68,194 +63,78 @@ map_mode(unsigned int len)
         return NULL;
 }
 
+/* Encrypt one block using CBC. */
 static krb5_error_code
-cbc_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+cbc_enc(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+        size_t num_data)
 {
-    int             ret = 0, tmp_len = 0;
-    unsigned char  *tmp_buf = NULL;
+    int             ret, olen = BLOCK_SIZE;
+    unsigned char   iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
     EVP_CIPHER_CTX  ciph_ctx;
-
-    tmp_len = input->length;
-    tmp_buf = OPENSSL_malloc(input->length);
-    if (!tmp_buf){
-        return ENOMEM;
-    }
+    struct iov_block_state input_pos, output_pos;
 
     EVP_CIPHER_CTX_init(&ciph_ctx);
-
     ret = EVP_EncryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
-                  NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
-
-    if (ret == 1){
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
-                           (unsigned char *)input->data, input->length);
-        output->length = tmp_len;
-        if(ret)
-            ret = EVP_EncryptFinal_ex(&ciph_ctx,tmp_buf+tmp_len,&tmp_len);
-    }
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0)
+        return KRB5_CRYPTO_INTERNAL;
 
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret == 1){
-        memcpy(output->data, tmp_buf, output->length);
-        ret = 0;
-    } else {
-        ret = KRB5_CRYPTO_INTERNAL;
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    IOV_BLOCK_STATE_INIT(&output_pos);
+    krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+    EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
+    ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
+    if (ret == 1) {
+        krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
+                                &output_pos);
     }
+    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    memset(tmp_buf, 0, input->length);
-    OPENSSL_free(tmp_buf);
-
-    return ret;
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
 }
 
+/* Decrypt one block using CBC. */
 static krb5_error_code
-cbc_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
+cbc_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data)
 {
-    int              ret = 0, tmp_len = 0;
-    unsigned char   *tmp_buf = NULL;
+    int              ret = 0, olen = BLOCK_SIZE;
+    unsigned char    iblock[BLOCK_SIZE], oblock[BLOCK_SIZE];
     EVP_CIPHER_CTX   ciph_ctx;
-
-    tmp_len = input->length;
-    tmp_buf = OPENSSL_malloc(input->length);
-    if (!tmp_buf){
-        return ENOMEM;
-    }
+    struct iov_block_state input_pos, output_pos;
 
     EVP_CIPHER_CTX_init(&ciph_ctx);
-
     ret = EVP_DecryptInit_ex(&ciph_ctx, map_mode(key->keyblock.length),
-                  NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (ret == 1) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
-                           (unsigned char *)input->data, input->length);
-        output->length = tmp_len;
-        if (ret == 1)
-            ret = EVP_DecryptFinal_ex(&ciph_ctx,tmp_buf+tmp_len,&tmp_len);
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+                             NULL, key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (ret == 0)
+        return KRB5_CRYPTO_INTERNAL;
 
+    IOV_BLOCK_STATE_INIT(&input_pos);
+    IOV_BLOCK_STATE_INIT(&output_pos);
+    krb5int_c_iov_get_block(iblock, BLOCK_SIZE, data, num_data, &input_pos);
+    EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
+    ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen, iblock, BLOCK_SIZE);
     if (ret == 1) {
-        output->length += tmp_len;
-        memcpy(output->data, tmp_buf, output->length);
-        ret = 0;
-    } else {
-        ret = KRB5_CRYPTO_INTERNAL;
-    }
-
-    memset(tmp_buf, 0, input->length);
-    OPENSSL_free(tmp_buf);
-
-    return ret;
-}
-
-static krb5_error_code
-cts_enc(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
-{
-    int             ret = 0, tmp_len = 0;
-    size_t          size = 0;
-    unsigned char   iv_cts[IV_CTS_BUF_SIZE];
-    unsigned char  *tmp_buf = NULL;
-    AES_KEY         enck;
-
-    memset(iv_cts,0,sizeof(iv_cts));
-    if (ivec && ivec->data){
-        if (ivec->length != sizeof(iv_cts))
-            return KRB5_CRYPTO_INTERNAL;
-        memcpy(iv_cts, ivec->data,ivec->length);
-    }
-
-    tmp_buf = OPENSSL_malloc(input->length);
-    if (!tmp_buf)
-        return ENOMEM;
-    tmp_len = input->length;
-
-    AES_set_encrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &enck);
-
-    size = CRYPTO_cts128_encrypt((unsigned char *)input->data, tmp_buf,
-                                 input->length, &enck,
-                                 iv_cts, (cbc128_f)AES_cbc_encrypt);
-    if (size <= 0 || output->length < size) {
-        ret = KRB5_CRYPTO_INTERNAL;
-    } else {
-        output->length = size;
-        memcpy(output->data, tmp_buf, output->length);
-        ret = 0;
-    }
-
-    if (!ret && ivec && ivec->data)
-        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
-
-    memset(tmp_buf, 0, input->length);
-    OPENSSL_free(tmp_buf);
-
-    return ret;
-}
-
-static krb5_error_code
-cts_decr(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
-{
-    int    ret = 0, tmp_len = 0;
-    size_t size = 0;
-    unsigned char   iv_cts[IV_CTS_BUF_SIZE];
-    unsigned char  *tmp_buf = NULL;
-    AES_KEY         deck;
-
-    memset(iv_cts,0,sizeof(iv_cts));
-    if (ivec && ivec->data){
-        if (ivec->length != sizeof(iv_cts))
-            return KRB5_CRYPTO_INTERNAL;
-        memcpy(iv_cts, ivec->data,ivec->length);
+        krb5int_c_iov_put_block(data, num_data, oblock, BLOCK_SIZE,
+                                &output_pos);
     }
+    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    tmp_buf = OPENSSL_malloc(input->length);
-    if (!tmp_buf)
-        return ENOMEM;
-    tmp_len = input->length;
-
-    AES_set_decrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &deck);
-
-    size = CRYPTO_cts128_decrypt((unsigned char *)input->data, tmp_buf,
-                                 input->length, &deck,
-                                 iv_cts, (cbc128_f)AES_cbc_encrypt);
-    if (size <= 0 || output->length < size) {
-        ret = KRB5_CRYPTO_INTERNAL;
-    } else {
-        output->length = size + 16;
-        memcpy(output->data, tmp_buf, output->length);
-        ret = 0;
-    }
-
-    if (!ret && ivec && ivec->data)
-        memcpy(ivec->data, iv_cts, sizeof(iv_cts));
-
-    memset(tmp_buf, 0, input->length);
-    OPENSSL_free(tmp_buf);
-
-    return ret;
+    zap(iblock, BLOCK_SIZE);
+    zap(oblock, BLOCK_SIZE);
+    return (ret == 1) ? 0 : KRB5_CRYPTO_INTERNAL;
 }
 
 static krb5_error_code
-cts_encr_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data, size_t dlen)
+cts_encr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
 {
     int                    ret = 0;
-    int                    oblock_len = BLOCK_SIZE * num_data;
-    size_t                 size = 0, tlen = 0;
+    size_t                 size = 0;
     unsigned char         *oblock = NULL, *dbuf = NULL;
     unsigned char          iv_cts[IV_CTS_BUF_SIZE];
-    unsigned char          iblock[BLOCK_SIZE];
     struct iov_block_state input_pos, output_pos;
     AES_KEY                enck;
 
@@ -266,7 +145,7 @@ cts_encr_iov(krb5_key key,
         memcpy(iv_cts, ivec->data,ivec->length);
     }
 
-    oblock = OPENSSL_malloc(oblock_len);
+    oblock = OPENSSL_malloc(dlen);
     if (!oblock){
         return ENOMEM;
     }
@@ -276,29 +155,13 @@ cts_encr_iov(krb5_key key,
         return ENOMEM;
     }
 
-    memset(oblock, 0, oblock_len);
-    memset(dbuf, 0, dlen);
-
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    tlen = 0;
-    for (;;) {
-        if (krb5int_c_iov_get_block(iblock, BLOCK_SIZE,
-                                     data, num_data, &input_pos)){
-            memcpy(dbuf+tlen,iblock, BLOCK_SIZE);
-
-            tlen += BLOCK_SIZE;
-       } else {
-            memcpy(dbuf+tlen,iblock, dlen - tlen);
-            break;
-       }
-
-        if (tlen > dlen) break;
-    }
+    krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
 
     AES_set_encrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &enck);
+                        NUM_BITS * key->keyblock.length, &enck);
 
     size = CRYPTO_cts128_encrypt((unsigned char *)dbuf, oblock, dlen, &enck,
                                  iv_cts, (cbc128_f)AES_cbc_encrypt);
@@ -312,8 +175,8 @@ cts_encr_iov(krb5_key key,
     if (!ret && ivec && ivec->data)
         memcpy(ivec->data, iv_cts, sizeof(iv_cts));
 
-    memset(oblock,0,oblock_len);
-    memset(dbuf,0,dlen);
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
     OPENSSL_free(oblock);
     OPENSSL_free(dbuf);
 
@@ -321,24 +184,20 @@ cts_encr_iov(krb5_key key,
 }
 
 static krb5_error_code
-cts_decr_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data, size_t dlen)
+cts_decr(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+         size_t num_data, size_t dlen)
 {
     int                    ret = 0;
-    int                    oblock_len = BLOCK_SIZE*num_data;
-    size_t                 size = 0, tlen = 0;
+    size_t                 size = 0;
     unsigned char         *oblock = NULL;
     unsigned char         *dbuf = NULL;
-    unsigned char          iblock[BLOCK_SIZE];
     unsigned char          iv_cts[IV_CTS_BUF_SIZE];
     struct iov_block_state input_pos, output_pos;
     AES_KEY                deck;
 
     memset(iv_cts,0,sizeof(iv_cts));
     if (ivec && ivec->data){
-        if (ivec->length <= sizeof(iv_cts))
+        if (ivec->length != sizeof(iv_cts))
             return KRB5_CRYPTO_INTERNAL;
         memcpy(iv_cts, ivec->data,ivec->length);
     }
@@ -346,7 +205,7 @@ cts_decr_iov(krb5_key key,
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    oblock = OPENSSL_malloc(oblock_len);
+    oblock = OPENSSL_malloc(dlen);
     if (!oblock)
         return ENOMEM;
     dbuf = OPENSSL_malloc(dlen);
@@ -355,26 +214,10 @@ cts_decr_iov(krb5_key key,
         return ENOMEM;
     }
 
-    memset(oblock, 0, oblock_len);
-    memset(dbuf, 0, dlen);
-
     AES_set_decrypt_key(key->keyblock.contents,
-			NUM_BITS * key->keyblock.length, &deck);
-
-    tlen = 0;
-    for (;;) {
-        if (krb5int_c_iov_get_block(iblock, BLOCK_SIZE,
-                                     data, num_data, &input_pos)){
-            memcpy(dbuf+tlen,iblock, BLOCK_SIZE);
+                        NUM_BITS * key->keyblock.length, &deck);
 
-            tlen += BLOCK_SIZE;
-       } else {
-            memcpy(dbuf+tlen,iblock, dlen - tlen);
-            break;
-       }
-
-        if (tlen > dlen) break;
-    }
+    krb5int_c_iov_get_block(dbuf, dlen, data, num_data, &input_pos);
 
     size = CRYPTO_cts128_decrypt((unsigned char *)dbuf, oblock,
                                  dlen, &deck,
@@ -388,8 +231,8 @@ cts_decr_iov(krb5_key key,
     if (!ret && ivec && ivec->data)
         memcpy(ivec->data, iv_cts, sizeof(iv_cts));
 
-    memset(oblock,0,oblock_len);
-    memset(dbuf,0,dlen);
+    zap(oblock, dlen);
+    zap(dbuf, dlen);
     OPENSSL_free(oblock);
     OPENSSL_free(dbuf);
 
@@ -398,43 +241,7 @@ cts_decr_iov(krb5_key key,
 
 krb5_error_code
 krb5int_aes_encrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
-{
-    int  ret = 0;
-
-    if (input->length <= BLOCK_SIZE){
-        ret = cbc_enc(key, ivec, input, output);
-    } else {
-        ret = cts_enc(key, ivec, input, output);
-    }
-
-    return ret;
-}
-
-krb5_error_code
-krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
-		    const krb5_data *input, krb5_data *output)
-{
-    int ret = 0;
-    int nblocks = 0;
-
-    if (input->length < BLOCK_SIZE)
-        abort();
-
-    if (input->length == BLOCK_SIZE){
-        ret = cbc_decr(key, ivec, input, output);
-    } else {
-        ret = cts_decr(key, ivec, input, output);
-    }
-
-    return ret;
-}
-
-static krb5_error_code
-krb5int_aes_encrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+                    krb5_crypto_iov *data, size_t num_data)
 {
     int    ret = 0;
     int    nblocks = 0;
@@ -448,18 +255,20 @@ krb5int_aes_encrypt_iov(krb5_key key,
     }
 
     nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-    assert(nblocks > 1);
-
-    ret = cts_encr_iov(key, ivec, data, num_data, input_length);
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_enc(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_encr(key, ivec, data, num_data, input_length);
+    }
 
     return ret;
 }
 
-static krb5_error_code
-krb5int_aes_decrypt_iov(krb5_key key,
-		        const krb5_data *ivec,
-		        krb5_crypto_iov *data,
-		        size_t num_data)
+krb5_error_code
+krb5int_aes_decrypt(krb5_key key, const krb5_data *ivec,
+                    krb5_crypto_iov *data, size_t num_data)
 {
     int    ret = 0;
     int    nblocks = 0;
@@ -473,22 +282,25 @@ krb5int_aes_decrypt_iov(krb5_key key,
     }
 
     nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
-
-    assert(nblocks > 1);
-
-    ret = cts_decr_iov(key, ivec, data, num_data, input_length);
+    if (nblocks == 1) {
+        if (input_length != BLOCK_SIZE)
+            return KRB5_BAD_MSIZE;
+        ret = cbc_decr(key, ivec, data, num_data);
+    } else if (nblocks > 1) {
+        ret = cts_decr(key, ivec, data, num_data, input_length);
+    }
 
     return ret;
 }
 
 static krb5_error_code
 krb5int_aes_init_state (const krb5_keyblock *key, krb5_keyusage usage,
-			krb5_data *state)
+                        krb5_data *state)
 {
     state->length = 16;
     state->data = (void *) malloc(16);
     if (state->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(state->data, 0, state->length);
     return 0;
 }
@@ -497,11 +309,10 @@ const struct krb5_enc_provider krb5int_enc_aes128 = {
     16, 16,
     krb5int_aes_encrypt,
     krb5int_aes_decrypt,
+    NULL,
     krb5int_aes_make_key,
     krb5int_aes_init_state,
-    krb5int_default_free_state,
-    krb5int_aes_encrypt_iov,
-    krb5int_aes_decrypt_iov
+    krb5int_default_free_state
 };
 
 const struct krb5_enc_provider krb5int_enc_aes256 = {
@@ -509,9 +320,8 @@ const struct krb5_enc_provider krb5int_enc_aes256 = {
     32, 32,
     krb5int_aes_encrypt,
     krb5int_aes_decrypt,
+    NULL,
     krb5int_aes_make_key,
     krb5int_aes_init_state,
-    krb5int_default_free_state,
-    krb5int_aes_encrypt_iov,
-    krb5int_aes_decrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/openssl/enc_provider/deps b/src/lib/crypto/openssl/enc_provider/deps
index 5ac919d..739c8dd 100644
--- a/src/lib/crypto/openssl/enc_provider/deps
+++ b/src/lib/crypto/openssl/enc_provider/deps
@@ -3,53 +3,52 @@
 #
 des.so des.po $(OUTPRE)des.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
-  $(srcdir)/des.c $(srcdir)/enc_provider.h \
-  $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
-  $(srcdir)/../../krb/rand2key/rand2key.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des.c
 des3.so des3.po $(OUTPRE)des3.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../des/des_int.h \
-  $(srcdir)/des3.c $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../des/des_int.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  des3.c
 aes.so aes.po $(OUTPRE)aes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/aes.c \
-  $(srcdir)/enc_provider.h \
-  $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
-  $(srcdir)/../../krb/rand2key/rand2key.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(srcdir)/../hash_provider/hash_provider.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  aes.c enc_provider.h
 rc4.so rc4.po $(OUTPRE)rc4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../arcfour/arcfour-int.h \
-  $(srcdir)/../arcfour/arcfour.h $(srcdir)/enc_provider.h \
-  $(srcdir)/rc4.c $(srcdir)/../../krb/aead.h \
-  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/rand2key/rand2key.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h \
+  $(srcdir)/../../krb/cksumtypes.h $(srcdir)/../../krb/etypes.h \
+  $(srcdir)/../../krb/rand2key/rand2key.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc4.c
diff --git a/src/lib/crypto/openssl/enc_provider/des.c b/src/lib/crypto/openssl/enc_provider/des.c
index 9c30ef1..a1a5245 100644
--- a/src/lib/crypto/openssl/enc_provider/des.c
+++ b/src/lib/crypto/openssl/enc_provider/des.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/enc_provider/des.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -60,24 +61,7 @@
 
 static krb5_error_code
 validate(krb5_key key, const krb5_data *ivec,
-                      const krb5_data *input, const krb5_data *output)
-{
-    /* key->keyblock.enctype was checked by the caller */
-    if (key->keyblock.length != KRB5_MIT_DES_KEYSIZE)
-        return(KRB5_BAD_KEYSIZE);
-    if ((input->length%8) != 0)
-        return(KRB5_BAD_MSIZE);
-    if (ivec && (ivec->length != 8))
-        return(KRB5_BAD_MSIZE);
-    if (input->length != output->length)
-        return(KRB5_BAD_MSIZE);
-
-    return 0;
-}
-
-static krb5_error_code
-validate_iov(krb5_key key, const krb5_data *ivec,
-                          const krb5_crypto_iov *data, size_t num_data)
+         const krb5_crypto_iov *data, size_t num_data)
 {
     size_t i, input_length;
 
@@ -87,7 +71,7 @@ validate_iov(krb5_key key, const krb5_data *ivec,
             input_length += iov->data.length;
     }
 
-    if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
+    if (key->keyblock.length != KRB5_MIT_DES_KEYSIZE)
         return(KRB5_BAD_KEYSIZE);
     if ((input_length%DES_BLOCK_SIZE) != 0)
         return(KRB5_BAD_MSIZE);
@@ -98,215 +82,79 @@ validate_iov(krb5_key key, const krb5_data *ivec,
 }
 
 static krb5_error_code
-k5_des_encrypt(krb5_key key, const krb5_data *ivec,
-           const krb5_data *input, krb5_data *output)
+k5_des_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+               size_t num_data)
 {
-    int              ret = 0, tmp_len = 0;
-    unsigned int     tmp_buf_len = 0;
-    unsigned char   *tmp_buf = NULL;
-    EVP_CIPHER_CTX   ciph_ctx;
-
-    ret = validate(key, ivec, input, output);
-    if (ret)
-        return ret;
-
-    tmp_buf_len = output->length*2;
-    tmp_buf=OPENSSL_malloc(tmp_buf_len);
-    if (!tmp_buf)
-        return ENOMEM;
-    memset(tmp_buf,0,output->length);
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-
-    ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, key->keyblock.contents,
-                             (ivec) ? (unsigned char*)ivec->data  : NULL);
-    if (ret) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf,  &tmp_len,
-                                (unsigned char *)input->data, input->length);
-        if (!ret || output->length < (unsigned int)tmp_len) {
-            ret =  KRB5_CRYPTO_INTERNAL;
-        } else {
-            output->length = tmp_len;
-            ret = EVP_EncryptFinal_ex(&ciph_ctx, tmp_buf + tmp_len, &tmp_len);
-        }
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret == 1)
-        memcpy(output->data,tmp_buf, output->length);
-
-    memset(tmp_buf, 0, tmp_buf_len);
-    OPENSSL_free(tmp_buf);
-
-    if (ret != 1)
-        return KRB5_CRYPTO_INTERNAL;
-    return 0;
-}
-
-
-static krb5_error_code
-k5_des_decrypt(krb5_key key, const krb5_data *ivec,
-           const krb5_data *input, krb5_data *output)
-{
-    /* key->keyblock.enctype was checked by the caller */
-    int              ret = 0, tmp_len = 0;
-    unsigned char   *tmp_buf;
-    EVP_CIPHER_CTX  ciph_ctx;
-
-    ret = validate(key, ivec, input, output);
-    if (ret)
-        return ret;
-
-
-    tmp_buf=OPENSSL_malloc(output->length);
-    if (!tmp_buf)
-        return ENOMEM;
-    memset(tmp_buf,0,output->length);
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-
-    ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL, key->keyblock.contents,
-                             (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (ret) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_DecryptUpdate(&ciph_ctx, tmp_buf,  &tmp_len,
-                                (unsigned char *)input->data, input->length);
-        if (ret) {
-            output->length = tmp_len;
-            ret = EVP_DecryptFinal_ex(&ciph_ctx, tmp_buf+tmp_len, &tmp_len);
-        }
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret == 1)
-        memcpy(output->data,tmp_buf, output->length);
-
-    memset(tmp_buf,0,output->length);
-    OPENSSL_free(tmp_buf);
-
-    if ( ret != 1)
-        return KRB5_CRYPTO_INTERNAL;
-    return 0;
-}
-
-static krb5_error_code
-k5_des_encrypt_iov(krb5_key key,
-            const krb5_data *ivec,
-            krb5_crypto_iov *data,
-            size_t num_data)
-{
-    int             ret = 0, tmp_len = MIT_DES_BLOCK_LENGTH;
-    int             oblock_len = MIT_DES_BLOCK_LENGTH * num_data;
-    unsigned char  *iblock = NULL, *oblock = NULL;
+    int ret, olen = MIT_DES_BLOCK_LENGTH;
+    unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
     struct iov_block_state input_pos, output_pos;
-    EVP_CIPHER_CTX  ciph_ctx;
-
-    iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH);
-    if (!iblock)
-        return ENOMEM;
-    oblock = OPENSSL_malloc(oblock_len);
-    if (!oblock){
-        OPENSSL_free(iblock);
-        return ENOMEM;
-    }
+    EVP_CIPHER_CTX ciph_ctx;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
 
-    ret = validate_iov(key, ivec, data, num_data);
+    ret = validate(key, ivec, data, num_data);
     if (ret)
         return ret;
 
-    memset(oblock, 0, oblock_len);
-
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL,
                              key->keyblock.contents, (ivec && ivec->data) ? (unsigned char*)ivec->data : NULL);
-    if (!ret){
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-        OPENSSL_free(iblock);
-        OPENSSL_free(oblock);
+    if (!ret)
         return KRB5_CRYPTO_INTERNAL;
-    }
 
     EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
 
     for (;;) {
 
-        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data, num_data, &input_pos))
+        if (!krb5int_c_iov_get_block(iblock, MIT_DES_BLOCK_LENGTH, data,
+                                     num_data, &input_pos))
             break;
 
-        if (input_pos.iov_pos == num_data)
+        ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen,
+                                (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH);
+        if (!ret)
             break;
 
-        ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &tmp_len,
-                                (unsigned char *)iblock, input_pos.data_pos);
-        if (!ret) break;
-
-        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH,
+                                &output_pos);
     }
 
-    if(ret)
-        ret = EVP_EncryptFinal_ex(&ciph_ctx, oblock+16, &tmp_len);
-
     EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    memset(iblock,0,sizeof(iblock));
-    memset(oblock,0,sizeof(oblock));
-    OPENSSL_free(iblock);
-    OPENSSL_free(oblock);
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
 
-    if ( ret != 1)
+    if (ret != 1)
         return KRB5_CRYPTO_INTERNAL;
     return 0;
 }
 
 static krb5_error_code
-k5_des_decrypt_iov(krb5_key key,
-           const krb5_data *ivec,
-           krb5_crypto_iov *data,
-           size_t num_data)
+k5_des_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+               size_t num_data)
 {
-    int                    ret = 0;
-    int                    tmp_len = MIT_DES_BLOCK_LENGTH;
-    int                    oblock_len = MIT_DES_BLOCK_LENGTH*num_data;
-    unsigned char         *iblock = NULL, *oblock = NULL;
+    int ret, olen = MIT_DES_BLOCK_LENGTH;
+    unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
     struct iov_block_state input_pos, output_pos;
-    EVP_CIPHER_CTX         ciph_ctx;
-
-    iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH);
-    if (!iblock)
-        return ENOMEM;
-    oblock = OPENSSL_malloc(oblock_len);
-    if (!oblock){
-        OPENSSL_free(iblock);
-        return ENOMEM;
-    }
+    EVP_CIPHER_CTX ciph_ctx;
 
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    ret = validate_iov(key, ivec, data, num_data);
+    ret = validate(key, ivec, data, num_data);
     if (ret)
         return ret;
 
-    memset(oblock, 0, oblock_len);
-
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_cbc(), NULL,
-                             key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (!ret){
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-        OPENSSL_free(iblock);
-        OPENSSL_free(oblock);
+                             key->keyblock.contents,
+                             (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (!ret)
         return KRB5_CRYPTO_INTERNAL;
-    }
 
     EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
 
@@ -316,27 +164,18 @@ k5_des_decrypt_iov(krb5_key key,
                                      data, num_data, &input_pos))
             break;
 
-        if (input_pos.iov_pos == num_data)
-            break;
-
-        ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &tmp_len,
-                                (unsigned char *)iblock,
-                                input_pos.data_pos);
+        ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen,
+                                iblock, MIT_DES_BLOCK_LENGTH);
         if (!ret) break;
 
         krb5int_c_iov_put_block(data, num_data, oblock,
                                 MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
-    if(ret)
-        ret = EVP_DecryptFinal_ex(&ciph_ctx, oblock+16, &tmp_len);
-
     EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    memset(iblock,0,sizeof(iblock));
-    memset(oblock,0,sizeof(oblock));
-    OPENSSL_free(iblock);
-    OPENSSL_free(oblock);
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
 
     if (ret != 1)
         return KRB5_CRYPTO_INTERNAL;
@@ -348,9 +187,8 @@ const struct krb5_enc_provider krb5int_enc_des = {
     DES_KEY_BYTES, KRB5_MIT_DES_KEYSIZE,
     k5_des_encrypt,
     k5_des_decrypt,
+    NULL,
     krb5int_des_make_key,
     krb5int_des_init_state,
-    krb5int_default_free_state,
-    k5_des_encrypt_iov,
-    k5_des_decrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/openssl/enc_provider/des3.c b/src/lib/crypto/openssl/enc_provider/des3.c
index 7228a46..3f0d213 100644
--- a/src/lib/crypto/openssl/enc_provider/des3.c
+++ b/src/lib/crypto/openssl/enc_provider/des3.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/enc_provider/des3.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -59,183 +60,49 @@
 
 static krb5_error_code
 validate(krb5_key key, const krb5_data *ivec,
-		      const krb5_data *input, const krb5_data *output)
-{
-    /* key->keyblock.enctype was checked by the caller */
-
-    if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
-	return(KRB5_BAD_KEYSIZE);
-    if ((input->length%DES_BLOCK_SIZE) != 0)
-	return(KRB5_BAD_MSIZE);
-    if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
-    if (input->length != output->length)
-	return(KRB5_BAD_MSIZE);
-
-    return 0;
-}
-
-static krb5_error_code
-validate_iov(krb5_key key, const krb5_data *ivec,
-			  const krb5_crypto_iov *data, size_t num_data)
+         const krb5_crypto_iov *data, size_t num_data)
 {
     size_t i, input_length;
 
     for (i = 0, input_length = 0; i < num_data; i++) {
-	const krb5_crypto_iov *iov = &data[i];
-	if (ENCRYPT_IOV(iov))
-	    input_length += iov->data.length;
+        const krb5_crypto_iov *iov = &data[i];
+        if (ENCRYPT_IOV(iov))
+            input_length += iov->data.length;
     }
 
     if (key->keyblock.length != KRB5_MIT_DES3_KEYSIZE)
-	return(KRB5_BAD_KEYSIZE);
+        return(KRB5_BAD_KEYSIZE);
     if ((input_length%DES_BLOCK_SIZE) != 0)
-	return(KRB5_BAD_MSIZE);
+        return(KRB5_BAD_MSIZE);
     if (ivec && (ivec->length != 8))
-	return(KRB5_BAD_MSIZE);
-
-    return 0;
-}
-
-static krb5_error_code
-k5_des3_encrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
-{
-    int              ret = 0, tmp_len = 0;
-    unsigned int     tmp_buf_len = 0;
-    unsigned char   *tmp_buf = NULL;
-    EVP_CIPHER_CTX   ciph_ctx;
-
-    ret = validate(key, ivec, input, output);
-    if (ret)
-	return ret;
-
-    tmp_buf_len = output->length * 2;
-    tmp_buf = OPENSSL_malloc(tmp_buf_len);
-    if (!tmp_buf)
-        return ENOMEM;
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-
-    ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, key->keyblock.contents,
-                             (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (ret) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf, &tmp_len,
-                                (unsigned char *)input->data, input->length);
-        if (!ret || output->length < (unsigned int)tmp_len) {
-            ret = KRB5_CRYPTO_INTERNAL;
-        } else {
-            output->length = tmp_len;
-            ret = EVP_EncryptFinal_ex(&ciph_ctx, tmp_buf+tmp_len, &tmp_len);
-        }
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret == 1)
-        memcpy(output->data,tmp_buf, output->length);
-
-    memset(tmp_buf, 0, tmp_buf_len);
-    OPENSSL_free(tmp_buf);
-
-    if (ret != 1)
-        return KRB5_CRYPTO_INTERNAL;
-
-    return 0;
-
-}
+        return(KRB5_BAD_MSIZE);
 
-static krb5_error_code
-k5_des3_decrypt(krb5_key key, const krb5_data *ivec,
-		const krb5_data *input, krb5_data *output)
-{
-    int              ret = 0, tmp_len = 0;
-    unsigned int     tmp_buf_len = 0;
-    unsigned char   *tmp_buf = NULL;
-    EVP_CIPHER_CTX   ciph_ctx;
-
-    ret = validate(key, ivec, input, output);
-    if (ret)
-	return ret;
-
-
-    tmp_buf_len = output->length;
-    tmp_buf=OPENSSL_malloc(tmp_buf_len);
-    if (!tmp_buf)
-        return ENOMEM;
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-
-    ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL, key->keyblock.contents,
-                             (ivec) ? (unsigned char*)ivec->data: NULL);
-    if (ret) {
-        EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
-        ret = EVP_DecryptUpdate(&ciph_ctx, tmp_buf,  &tmp_len,
-                                (unsigned char *)input->data, input->length);
-        if (!ret || output->length < (unsigned int)tmp_len) {
-            ret = KRB5_CRYPTO_INTERNAL;
-        } else {
-            output->length = tmp_len;
-            ret = EVP_DecryptFinal_ex(&ciph_ctx, tmp_buf+tmp_len, &tmp_len);
-        }
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret == 1)
-        memcpy(output->data,tmp_buf, output->length);
-
-    memset(tmp_buf,0,tmp_buf_len);
-    OPENSSL_free(tmp_buf);
-
-    if (ret != 1)
-        return KRB5_CRYPTO_INTERNAL;
     return 0;
-
 }
 
 static krb5_error_code
-k5_des3_encrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+k5_des3_encrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
 {
-    int                    ret = 0;
-    int                    tmp_len = MIT_DES_BLOCK_LENGTH;
-    int                    oblock_len = MIT_DES_BLOCK_LENGTH*num_data;
-    unsigned char         *iblock = NULL, *oblock = NULL;
+    int ret, olen = MIT_DES_BLOCK_LENGTH;
+    unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
     struct iov_block_state input_pos, output_pos;
-    EVP_CIPHER_CTX         ciph_ctx;
+    EVP_CIPHER_CTX ciph_ctx;
 
-    ret = validate_iov(key, ivec, data, num_data);
+    ret = validate(key, ivec, data, num_data);
     if (ret)
         return ret;
 
-    iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH);
-    if (!iblock)
-        return ENOMEM;
-    oblock = OPENSSL_malloc(oblock_len);
-    if (!oblock){
-        OPENSSL_free(iblock);
-        return ENOMEM;
-    }
-
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    memset(oblock, 0, oblock_len);
-
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
-                             key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (!ret){
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-        OPENSSL_free(iblock);
-        OPENSSL_free(oblock);
+                             key->keyblock.contents,
+                             (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (!ret)
         return KRB5_CRYPTO_INTERNAL;
-    }
 
     EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
 
@@ -245,29 +112,22 @@ k5_des3_encrypt_iov(krb5_key key,
                                      data, num_data, &input_pos))
             break;
 
-        if (input_pos.iov_pos == num_data)
+        ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &olen,
+                                (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH);
+        if (!ret)
             break;
 
-        ret = EVP_EncryptUpdate(&ciph_ctx, oblock, &tmp_len,
-                                (unsigned char *)iblock, input_pos.data_pos);
-        if (!ret) break;
-
         krb5int_c_iov_put_block(data, num_data,
                                 oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
     }
 
-    if(ret) {
-        /*if (ivec != NULL && ivec->data)
-            memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
-        ret = EVP_EncryptFinal_ex(&ciph_ctx, oblock+input_pos.data_pos, &tmp_len);
-    }
+    /*if (ivec != NULL && ivec->data)
+      memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
 
     EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    memset(iblock,0,sizeof(iblock));
-    memset(oblock,0,sizeof(oblock));
-    OPENSSL_free(iblock);
-    OPENSSL_free(oblock);
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
 
     if (ret != 1)
         return KRB5_CRYPTO_INTERNAL;
@@ -275,46 +135,28 @@ k5_des3_encrypt_iov(krb5_key key,
 }
 
 static krb5_error_code
-k5_des3_decrypt_iov(krb5_key key,
-		    const krb5_data *ivec,
-		    krb5_crypto_iov *data,
-		    size_t num_data)
+k5_des3_decrypt(krb5_key key, const krb5_data *ivec, krb5_crypto_iov *data,
+                size_t num_data)
 {
-    int                    ret = 0;
-    int                    tmp_len = MIT_DES_BLOCK_LENGTH;
-    int                    oblock_len = MIT_DES_BLOCK_LENGTH * num_data;
-    unsigned char         *iblock = NULL, *oblock = NULL;
+    int ret, olen = MIT_DES_BLOCK_LENGTH;
+    unsigned char iblock[MIT_DES_BLOCK_LENGTH], oblock[MIT_DES_BLOCK_LENGTH];
     struct iov_block_state input_pos, output_pos;
-    EVP_CIPHER_CTX         ciph_ctx;
+    EVP_CIPHER_CTX ciph_ctx;
 
-    ret = validate_iov(key, ivec, data, num_data);
+    ret = validate(key, ivec, data, num_data);
     if (ret)
         return ret;
 
-    iblock = OPENSSL_malloc(MIT_DES_BLOCK_LENGTH);
-    if (!iblock)
-        return ENOMEM;
-    oblock = OPENSSL_malloc(oblock_len);
-    if (!oblock){
-        OPENSSL_free(iblock);
-        return ENOMEM;
-    }
-
     IOV_BLOCK_STATE_INIT(&input_pos);
     IOV_BLOCK_STATE_INIT(&output_pos);
 
-    memset(oblock, 0, oblock_len);
-
     EVP_CIPHER_CTX_init(&ciph_ctx);
 
     ret = EVP_DecryptInit_ex(&ciph_ctx, EVP_des_ede3_cbc(), NULL,
-                             key->keyblock.contents, (ivec) ? (unsigned char*)ivec->data : NULL);
-    if (!ret){
-        EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-        OPENSSL_free(iblock);
-        OPENSSL_free(oblock);
+                             key->keyblock.contents,
+                             (ivec) ? (unsigned char*)ivec->data : NULL);
+    if (!ret)
         return KRB5_CRYPTO_INTERNAL;
-    }
 
     EVP_CIPHER_CTX_set_padding(&ciph_ctx,0);
 
@@ -324,30 +166,22 @@ k5_des3_decrypt_iov(krb5_key key,
                                      data, num_data, &input_pos))
             break;
 
-        if (input_pos.iov_pos == num_data)
+        ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &olen,
+                                (unsigned char *)iblock, MIT_DES_BLOCK_LENGTH);
+        if (!ret)
             break;
 
-        ret = EVP_DecryptUpdate(&ciph_ctx, oblock, &tmp_len,
-                                (unsigned char *)iblock, input_pos.data_pos);
-        if (!ret) break;
-
-        krb5int_c_iov_put_block(data, num_data,
-                                oblock, MIT_DES_BLOCK_LENGTH, &output_pos);
+        krb5int_c_iov_put_block(data, num_data, oblock, MIT_DES_BLOCK_LENGTH,
+                                &output_pos);
     }
 
-    if(ret) {
-        /*if (ivec != NULL && ivec->data)
-            memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
-        ret = EVP_DecryptFinal_ex(&ciph_ctx,
-                                  oblock + input_pos.data_pos, &tmp_len);
-    }
+    /*if (ivec != NULL && ivec->data)
+      memcpy(ivec->data, oblock, MIT_DES_BLOCK_LENGTH); */
 
     EVP_CIPHER_CTX_cleanup(&ciph_ctx);
 
-    memset(iblock,0,sizeof(iblock));
-    memset(oblock,0,sizeof(oblock));
-    OPENSSL_free(iblock);
-    OPENSSL_free(oblock);
+    zap(iblock, sizeof(iblock));
+    zap(oblock, sizeof(oblock));
 
     if (ret != 1)
         return KRB5_CRYPTO_INTERNAL;
@@ -359,9 +193,8 @@ const struct krb5_enc_provider krb5int_enc_des3 = {
     KRB5_MIT_DES3_KEY_BYTES, KRB5_MIT_DES3_KEYSIZE,
     k5_des3_encrypt,
     k5_des3_decrypt,
+    NULL,
     krb5int_des3_make_key,
     krb5int_des_init_state,
-    krb5int_default_free_state,
-    k5_des3_encrypt_iov,
-    k5_des3_decrypt_iov
+    krb5int_default_free_state
 };
diff --git a/src/lib/crypto/openssl/enc_provider/enc_provider.h b/src/lib/crypto/openssl/enc_provider/enc_provider.h
index 49ffaaf..8144b65 100644
--- a/src/lib/crypto/openssl/enc_provider/enc_provider.h
+++ b/src/lib/crypto/openssl/enc_provider/enc_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/openssl/enc_provider/rc4.c b/src/lib/crypto/openssl/enc_provider/rc4.c
index a7c3020..7ce9436 100644
--- a/src/lib/crypto/openssl/enc_provider/rc4.c
+++ b/src/lib/crypto/openssl/enc_provider/rc4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*  lib/crypto/openssl/enc_provider/rc4.c
  *
  * #include STD_DISCLAIMER
@@ -39,6 +40,20 @@
 #include <rand2key.h>
 #include <openssl/evp.h>
 
+typedef struct
+{
+    EVP_CIPHER_CTX  evp_ctx;
+    unsigned int x;
+    unsigned int y;
+    unsigned char state[256];
+
+} ArcfourContext;
+
+typedef struct {
+    int initialized;
+    ArcfourContext ctx;
+} ArcFourCipherState;
+
 #define RC4_KEY_SIZE 16
 #define RC4_BLOCK_SIZE 1
 
@@ -46,63 +61,19 @@
 
 /* prototypes */
 static krb5_error_code
-k5_arcfour_docrypt(krb5_key, const krb5_data *,
-           const krb5_data *, krb5_data *);
-static krb5_error_code
 k5_arcfour_free_state ( krb5_data *state);
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
-               krb5_keyusage keyusage, krb5_data *new_state);
+                       krb5_keyusage keyusage, krb5_data *new_state);
 
 /* The workhorse of the arcfour system,
  * this impliments the cipher
  */
 
-/* In-place rc4 crypto */
-static krb5_error_code
-k5_arcfour_docrypt(krb5_key key, const krb5_data *state,
-           const krb5_data *input, krb5_data *output)
-{
-    int ret = 0, tmp_len = 0;
-    unsigned char   *tmp_buf = NULL;
-    EVP_CIPHER_CTX  ciph_ctx;
-
-    if (key->keyblock.length != RC4_KEY_SIZE)
-        return(KRB5_BAD_KEYSIZE);
-
-    if (input->length != output->length)
-        return(KRB5_BAD_MSIZE);
-
-    EVP_CIPHER_CTX_init(&ciph_ctx);
-
-    ret = EVP_EncryptInit_ex(&ciph_ctx, EVP_rc4(), NULL, key->keyblock.contents, NULL);
-    if (ret) {
-        tmp_buf=(unsigned char *)output->data;
-        ret = EVP_EncryptUpdate(&ciph_ctx, tmp_buf,  &tmp_len,
-                                (unsigned char *)input->data, input->length);
-        output->length = tmp_len;
-    }
-    if (ret) {
-        tmp_buf += tmp_len;
-        ret = EVP_EncryptFinal_ex(&ciph_ctx, tmp_buf, &tmp_len);
-    }
-
-    EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-    if (ret != 1)
-        return KRB5_CRYPTO_INTERNAL;
-
-    output->length += tmp_len;
-
-    return 0;
-}
-
 /* In-place IOV crypto */
 static krb5_error_code
-k5_arcfour_docrypt_iov(krb5_key key,
-               const krb5_data *state,
-               krb5_crypto_iov *data,
-               size_t num_data)
+k5_arcfour_docrypt(krb5_key key,const krb5_data *state, krb5_crypto_iov *data,
+                   size_t num_data)
 {
     size_t i;
     int ret = 0, tmp_len = 0;
@@ -127,8 +98,8 @@ k5_arcfour_docrypt_iov(krb5_key key,
         if (ENCRYPT_IOV(iov)) {
             tmp_buf=(unsigned char *)iov->data.data;
             ret = EVP_EncryptUpdate(&ciph_ctx,
-                      tmp_buf, &tmp_len,
-                      (unsigned char *)iov->data.data, iov->data.length);
+                                    tmp_buf, &tmp_len,
+                                    (unsigned char *)iov->data.data, iov->data.length);
             if (!ret) break;
             iov->data.length = tmp_len;
         }
@@ -149,14 +120,14 @@ k5_arcfour_docrypt_iov(krb5_key key,
 static krb5_error_code
 k5_arcfour_free_state ( krb5_data *state)
 {
-   return 0; /* not implemented */
+    return 0; /* not implemented */
 }
 
 static krb5_error_code
 k5_arcfour_init_state (const krb5_keyblock *key,
                        krb5_keyusage keyusage, krb5_data *new_state)
 {
-   return 0; /* not implemented */
+    return 0; /* not implemented */
 
 }
 
@@ -174,9 +145,8 @@ const struct krb5_enc_provider krb5int_enc_arcfour = {
     RC4_KEY_SIZE, RC4_KEY_SIZE,
     k5_arcfour_docrypt,
     k5_arcfour_docrypt,
+    NULL,
     krb5int_arcfour_make_key,
     k5_arcfour_init_state, /*xxx not implemented */
-    k5_arcfour_free_state, /*xxx not implemented */
-    k5_arcfour_docrypt_iov,
-    k5_arcfour_docrypt_iov
+    k5_arcfour_free_state  /*xxx not implemented */
 };
diff --git a/src/lib/crypto/openssl/hash_provider/Makefile.in b/src/lib/crypto/openssl/hash_provider/Makefile.in
index 1c6bdd1..b5a7dcf 100644
--- a/src/lib/crypto/openssl/hash_provider/Makefile.in
+++ b/src/lib/crypto/openssl/hash_provider/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/hash_provider
 mydir=lib/crypto/openssl/hash_provider
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/../../krb/crc32 -I$(srcdir)/../md4 \
-	-I$(srcdir)/../md5 -I$(srcdir)/../sha1
+	-I$(srcdir)/../md5 -I$(srcdir)/../sha1 -I$(srcdir)/../../krb
 DEFS=
 
 ##DOS##BUILDTOP = ..\..\..\..
diff --git a/src/lib/crypto/openssl/hash_provider/deps b/src/lib/crypto/openssl/hash_provider/deps
index aae0b98..99e024e 100644
--- a/src/lib/crypto/openssl/hash_provider/deps
+++ b/src/lib/crypto/openssl/hash_provider/deps
@@ -4,49 +4,52 @@
 hash_crc32.so hash_crc32.po $(OUTPRE)hash_crc32.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/hash_crc32.c \
-  $(srcdir)/hash_provider.h \
-  $(srcdir)/../../krb/crc32/crc-32.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/crc32/crc-32.h $(srcdir)/../../krb/etypes.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_crc32.c hash_provider.h
 hash_md4.so hash_md4.po $(OUTPRE)hash_md4.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/hash_md4.c $(srcdir)/hash_provider.h \
-  $(srcdir)/../md4/rsa-md4.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../md4/rsa-md4.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md4.c hash_provider.h
 hash_md5.so hash_md5.po $(OUTPRE)hash_md5.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/hash_md5.c $(srcdir)/hash_provider.h \
-  $(srcdir)/../md5/rsa-md5.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../md5/rsa-md5.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_md5.c hash_provider.h
 hash_sha1.so hash_sha1.po $(OUTPRE)hash_sha1.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/hash_provider.h \
-  $(srcdir)/hash_sha1.c $(srcdir)/../sha1/shs.h
+  $(COM_ERR_DEPS) $(srcdir)/../../krb/aead.h $(srcdir)/../../krb/cksumtypes.h \
+  $(srcdir)/../../krb/etypes.h $(srcdir)/../sha1/shs.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hash_provider.h hash_sha1.c
diff --git a/src/lib/crypto/openssl/hash_provider/hash_crc32.c b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
index 771a7d6..68a01cb 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_crc32.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_crc32.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,21 +28,23 @@
 #include "k5-int.h"
 #include "crc-32.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_crc32_hash(unsigned int icount, const krb5_data *input,
-	      krb5_data *output)
+k5_crc32_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
-    unsigned long c, cn;
+    unsigned long c;
     unsigned int i;
 
     if (output->length != CRC32_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     c = 0;
-    for (i=0; i<icount; i++) {
-	mit_crc32(input[i].data, input[i].length, &cn);
-	c ^= cn;
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov))
+            mit_crc32(iov->data.data, iov->data.length, &c);
     }
 
     store_32_le(c, output->data);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md4.c b/src/lib/crypto/openssl/hash_provider/hash_md4.c
index 916da0f..85f18f6 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md4.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md4.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,20 +28,26 @@
 #include "k5-int.h"
 #include "rsa-md4.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_md4_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+k5_md4_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     krb5_MD4_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD4_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD4Init(&ctx);
-    for (i=0; i<icount; i++)
-	krb5int_MD4Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD4Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
     krb5int_MD4Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD4_CKSUM_LENGTH);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_md5.c b/src/lib/crypto/openssl/hash_provider/hash_md5.c
index e1e29f0..182e6c0 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_md5.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -27,20 +28,26 @@
 #include "k5-int.h"
 #include "rsa-md5.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_md5_hash(unsigned int icount, const krb5_data *input,
-	    krb5_data *output)
+k5_md5_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     krb5_MD5_CTX ctx;
     unsigned int i;
 
     if (output->length != RSA_MD5_CKSUM_LENGTH)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     krb5int_MD5Init(&ctx);
-    for (i=0; i<icount; i++)
-	krb5int_MD5Update(&ctx, (unsigned char *) input[i].data, input[i].length);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            krb5int_MD5Update(&ctx, (unsigned char *) iov->data.data,
+                              iov->data.length);
+        }
+    }
     krb5int_MD5Final(&ctx);
 
     memcpy(output->data, ctx.digest, RSA_MD5_CKSUM_LENGTH);
diff --git a/src/lib/crypto/openssl/hash_provider/hash_provider.h b/src/lib/crypto/openssl/hash_provider/hash_provider.h
index 1023d1a..eebe845 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_provider.h
+++ b/src/lib/crypto/openssl/hash_provider/hash_provider.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
diff --git a/src/lib/crypto/openssl/hash_provider/hash_sha1.c b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
index 18ee830..f602411 100644
--- a/src/lib/crypto/openssl/hash_provider/hash_sha1.c
+++ b/src/lib/crypto/openssl/hash_provider/hash_sha1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hash/yhash.h
  *
  * Copyright (C) 1998 by the FundsXpress, INC.
@@ -28,20 +29,26 @@
 #include "k5-int.h"
 #include "shs.h"
 #include "hash_provider.h"
+#include "aead.h"
 
 static krb5_error_code
-k5_sha1_hash(unsigned int icount, const krb5_data *input,
-	     krb5_data *output)
+k5_sha1_hash(const krb5_crypto_iov *data, size_t num_data, krb5_data *output)
 {
     SHS_INFO ctx;
     unsigned int i;
 
     if (output->length != SHS_DIGESTSIZE)
-	return(KRB5_CRYPTO_INTERNAL);
+        return(KRB5_CRYPTO_INTERNAL);
 
     shsInit(&ctx);
-    for (i=0; i<icount; i++)
-	shsUpdate(&ctx, (unsigned char *) input[i].data, input[i].length);
+    for (i = 0; i < num_data; i++) {
+        const krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov)) {
+            shsUpdate(&ctx, (unsigned char *) iov->data.data,
+                      iov->data.length);
+        }
+    }
     shsFinal(&ctx);
 
     if (ctx.digestLen > 0 && ctx.digestLen <= output->length){
diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c
index b1768e0..7ef3d3f 100644
--- a/src/lib/crypto/openssl/hmac.c
+++ b/src/lib/crypto/openssl/hmac.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hmac.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -82,8 +83,9 @@ map_digest(const struct krb5_hash_provider *hash)
 
 krb5_error_code
 krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
-		      const krb5_keyblock *key, unsigned int icount,
-		      const krb5_data *input, krb5_data *output)
+                      const krb5_keyblock *keyblock,
+                      const krb5_crypto_iov *data, size_t num_data,
+                      krb5_data *output)
 {
     unsigned int i = 0, md_len = 0;
     unsigned char md[EVP_MAX_MD_SIZE];
@@ -93,22 +95,21 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
     hashsize = hash->hashsize;
     blocksize = hash->blocksize;
 
-    if (key->length > blocksize)
+    if (keyblock->length > blocksize)
         return(KRB5_CRYPTO_INTERNAL);
     if (output->length < hashsize)
         return(KRB5_BAD_MSIZE);
-    /* if this isn't > 0, then there won't be enough space in this
-       array to compute the outer hash */
-    if (icount == 0)
-        return(KRB5_CRYPTO_INTERNAL);
 
     if (!map_digest(hash))
         return(KRB5_CRYPTO_INTERNAL); // unsupported alg
 
     HMAC_CTX_init(&c);
-    HMAC_Init(&c, key->contents, key->length, map_digest(hash));
-    for ( i = 0; i < icount; i++ ) {
-        HMAC_Update(&c,(const unsigned char*)input[i].data, input[i].length);
+    HMAC_Init(&c, keyblock->contents, keyblock->length, map_digest(hash));
+    for (i = 0; i < num_data; i++) {
+        krb5_crypto_iov *iov = &data[i];
+
+        if (SIGN_IOV(iov))
+            HMAC_Update(&c, (unsigned char*) iov->data.data, iov->data.length);
     }
     HMAC_Final(&c,(unsigned char *)md, &md_len);
     if ( md_len <= output->length) {
@@ -122,56 +123,9 @@ krb5int_hmac_keyblock(const struct krb5_hash_provider *hash,
 }
 
 krb5_error_code
-krb5int_hmac_iov_keyblock(const struct krb5_hash_provider *hash,
-                          const krb5_keyblock *key,
-                          const krb5_crypto_iov *data, size_t num_data,
-                          krb5_data *output)
-{
-    krb5_data *sign_data;
-    size_t num_sign_data;
-    krb5_error_code ret;
-    size_t i, j;
-
-    /* Create a checksum over all the data to be signed */
-    for (i = 0, num_sign_data = 0; i < num_data; i++) {
-        const krb5_crypto_iov *iov = &data[i];
-
-        if (SIGN_IOV(iov))
-            num_sign_data++;
-    }
-
-    /* XXX cleanup to avoid alloc */
-    sign_data = (krb5_data *)calloc(num_sign_data, sizeof(krb5_data));
-    if (sign_data == NULL)
-        return ENOMEM;
-
-    for (i = 0, j = 0; i < num_data; i++) {
-        const krb5_crypto_iov *iov = &data[i];
-
-        if (SIGN_IOV(iov))
-            sign_data[j++] = iov->data;
-    }
-
-    /* caller must store checksum in iov as it may be TYPE_TRAILER or TYPE_CHECKSUM */
-    ret = krb5int_hmac_keyblock(hash, key, num_sign_data, sign_data, output);
-
-    free(sign_data);
-
-    return ret;
-}
-
-krb5_error_code
 krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
-         unsigned int icount, const krb5_data *input, krb5_data *output)
-{
-    return krb5int_hmac_keyblock(hash, &key->keyblock, icount, input, output);
-}
-
-krb5_error_code
-krb5int_hmac_iov(const struct krb5_hash_provider *hash, krb5_key key,
-                const krb5_crypto_iov *data, size_t num_data,
-                krb5_data *output)
+             const krb5_crypto_iov *data, size_t num_data,
+             krb5_data *output)
 {
-    return krb5int_hmac_iov_keyblock(hash, &key->keyblock, data, num_data,
-                                    output);
+    return krb5int_hmac_keyblock(hash, &key->keyblock, data, num_data, output);
 }
diff --git a/src/lib/crypto/openssl/md4/Makefile.in b/src/lib/crypto/openssl/md4/Makefile.in
index 0bf0ffe..f212c6d 100644
--- a/src/lib/crypto/openssl/md4/Makefile.in
+++ b/src/lib/crypto/openssl/md4/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/md4
 mydir=lib/crypto/openssl/md4
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = -I$(srcdir)
diff --git a/src/lib/crypto/openssl/md4/deps b/src/lib/crypto/openssl/md4/deps
index dfb1d70..a28d9da 100644
--- a/src/lib/crypto/openssl/md4/deps
+++ b/src/lib/crypto/openssl/md4/deps
@@ -3,12 +3,11 @@
 #
 md4.so md4.po $(OUTPRE)md4.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/md4.c \
-  $(srcdir)/rsa-md4.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h md4.c rsa-md4.h
diff --git a/src/lib/crypto/openssl/md4/md4.c b/src/lib/crypto/openssl/md4/md4.c
index cd7684d..8d2cd48 100644
--- a/src/lib/crypto/openssl/md4/md4.c
+++ b/src/lib/crypto/openssl/md4/md4.c
@@ -1,5 +1,6 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
- *	lib/crypto/openssl/md4/md4.c
+ *      lib/crypto/openssl/md4/md4.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
  * All rights reserved.
diff --git a/src/lib/crypto/openssl/md4/rsa-md4.h b/src/lib/crypto/openssl/md4/rsa-md4.h
index 93737e6..3d32f08 100644
--- a/src/lib/crypto/openssl/md4/rsa-md4.h
+++ b/src/lib/crypto/openssl/md4/rsa-md4.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/md4/rsa-md4.h
  *
@@ -45,37 +46,37 @@
 #define RSA_MD4_DES_CONFOUND_LENGTH     8
 
 /*
- **********************************************************************
- ** md4.h -- Header file for implementation of MD4                   **
- ** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
- ** Created: 2/17/90 RLR                                             **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
- **********************************************************************
- */
+**********************************************************************
+** md4.h -- Header file for implementation of MD4                   **
+** RSA Data Security, Inc. MD4 Message Digest Algorithm             **
+** Created: 2/17/90 RLR                                             **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version              **
+**********************************************************************
+*/
 
 /*
- **********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- **                                                                  **
- ** License to copy and use this software is granted provided that   **
- ** it is identified as the "RSA Data Security, Inc. MD4 Message     **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function.                                       **
- **                                                                  **
- ** License is also granted to make and use derivative works         **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
- ** material mentioning or referencing the derived work.             **
- **                                                                  **
- ** RSA Data Security, Inc. makes no representations concerning      **
- ** either the merchantability of this software or the suitability   **
- ** of this software for any particular purpose.  It is provided "as **
- ** is" without express or implied warranty of any kind.             **
- **                                                                  **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software.                                   **
- **********************************************************************
- */
+**********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+**                                                                  **
+** License to copy and use this software is granted provided that   **
+** it is identified as the "RSA Data Security, Inc. MD4 Message     **
+** Digest Algorithm" in all material mentioning or referencing this **
+** software or this function.                                       **
+**                                                                  **
+** License is also granted to make and use derivative works         **
+** provided that such works are identified as "derived from the RSA **
+** Data Security, Inc. MD4 Message Digest Algorithm" in all         **
+** material mentioning or referencing the derived work.             **
+**                                                                  **
+** RSA Data Security, Inc. makes no representations concerning      **
+** either the merchantability of this software or the suitability   **
+** of this software for any particular purpose.  It is provided "as **
+** is" without express or implied warranty of any kind.             **
+**                                                                  **
+** These notices must be retained in any copies of any part of this **
+** documentation and/or software.                                   **
+**********************************************************************
+*/
 
 /* Data structure for MD4 (Message Digest) computation */
 typedef struct {
@@ -92,8 +93,8 @@ extern void krb5int_MD4Update(krb5_MD4_CTX *, const unsigned char *, unsigned in
 extern void krb5int_MD4Final(krb5_MD4_CTX *);
 
 /*
- **********************************************************************
- ** End of md4.h                                                     **
- ******************************* (cut) ********************************
- */
+**********************************************************************
+** End of md4.h                                                     **
+******************************* (cut) ********************************
+*/
 #endif /* __KRB5_RSA_MD4_H__ */
diff --git a/src/lib/crypto/openssl/md5/Makefile.in b/src/lib/crypto/openssl/md5/Makefile.in
index 073ab73..1b693c4 100644
--- a/src/lib/crypto/openssl/md5/Makefile.in
+++ b/src/lib/crypto/openssl/md5/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/md5
 mydir=lib/crypto/openssl/md5
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/crypto/openssl/md5/deps b/src/lib/crypto/openssl/md5/deps
index abfc549..876368d 100644
--- a/src/lib/crypto/openssl/md5/deps
+++ b/src/lib/crypto/openssl/md5/deps
@@ -3,12 +3,11 @@
 #
 md5.so md5.po $(OUTPRE)md5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/md5.c \
-  $(srcdir)/rsa-md5.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h md5.c rsa-md5.h
diff --git a/src/lib/crypto/openssl/md5/md5.c b/src/lib/crypto/openssl/md5/md5.c
index 84c6d49..41a8498 100644
--- a/src/lib/crypto/openssl/md5/md5.c
+++ b/src/lib/crypto/openssl/md5/md5.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/md5.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -30,7 +31,7 @@
 
 /* The routine krb5int_MD5Init initializes the message-digest context
    mdContext. All fields are set to zero.
- */
+*/
 void
 krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 {
@@ -41,7 +42,7 @@ krb5int_MD5Init (krb5_MD5_CTX *mdContext)
 /* The routine krb5int_MD5Update updates the message-digest context to
    account for the presence of each of the characters inBuf[0..inLen-1]
    in the message whose digest is being computed.
- */
+*/
 void
 krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned int inLen)
 {
@@ -50,7 +51,7 @@ krb5int_MD5Update (krb5_MD5_CTX *mdContext, const unsigned char *inBuf, unsigned
 
 /* The routine krb5int_MD5Final terminates the message-digest computation and
    ends with the desired message digest in mdContext->digest[0...15].
- */
+*/
 void
 krb5int_MD5Final (krb5_MD5_CTX *mdContext)
 {
diff --git a/src/lib/crypto/openssl/md5/rsa-md5.h b/src/lib/crypto/openssl/md5/rsa-md5.h
index c9a5f90..a8380f4 100644
--- a/src/lib/crypto/openssl/md5/rsa-md5.h
+++ b/src/lib/crypto/openssl/md5/rsa-md5.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/md5/rsa-md5.h
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
@@ -24,43 +25,43 @@
  */
 
 /*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5                    **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
- ** Created: 2/17/90 RLR                                              **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
- ** Revised (for MD5): RLR 4/27/91                                    **
- **   -- G modified to have y&~z instead of y&z                       **
- **   -- FF, GG, HH modified to add in last register done             **
- **   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
- **   -- distinct additive constant for each step                     **
- **   -- round 4 added, working mod 7                                 **
- ***********************************************************************
- */
+***********************************************************************
+** md5.h -- header file for implementation of MD5                    **
+** RSA Data Security, Inc. MD5 Message-Digest Algorithm              **
+** Created: 2/17/90 RLR                                              **
+** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version               **
+** Revised (for MD5): RLR 4/27/91                                    **
+**   -- G modified to have y&~z instead of y&z                       **
+**   -- FF, GG, HH modified to add in last register done             **
+**   -- Access pattern: round 2 works mod 5, round 3 works mod 3     **
+**   -- distinct additive constant for each step                     **
+**   -- round 4 added, working mod 7                                 **
+***********************************************************************
+*/
 
 /*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
- **                                                                   **
- ** License to copy and use this software is granted provided that    **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
- ** Digest Algorithm" in all material mentioning or referencing this  **
- ** software or this function.                                        **
- **                                                                   **
- ** License is also granted to make and use derivative works          **
- ** provided that such works are identified as "derived from the RSA  **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
- ** material mentioning or referencing the derived work.              **
- **                                                                   **
- ** RSA Data Security, Inc. makes no representations concerning       **
- ** either the merchantability of this software or the suitability    **
- ** of this software for any particular purpose.  It is provided "as  **
- ** is" without express or implied warranty of any kind.              **
- **                                                                   **
- ** These notices must be retained in any copies of any part of this  **
- ** documentation and/or software.                                    **
- ***********************************************************************
- */
+***********************************************************************
+** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved.  **
+**                                                                   **
+** License to copy and use this software is granted provided that    **
+** it is identified as the "RSA Data Security, Inc. MD5 Message-     **
+** Digest Algorithm" in all material mentioning or referencing this  **
+** software or this function.                                        **
+**                                                                   **
+** License is also granted to make and use derivative works          **
+** provided that such works are identified as "derived from the RSA  **
+** Data Security, Inc. MD5 Message-Digest Algorithm" in all          **
+** material mentioning or referencing the derived work.              **
+**                                                                   **
+** RSA Data Security, Inc. makes no representations concerning       **
+** either the merchantability of this software or the suitability    **
+** of this software for any particular purpose.  It is provided "as  **
+** is" without express or implied warranty of any kind.              **
+**                                                                   **
+** These notices must be retained in any copies of any part of this  **
+** documentation and/or software.                                    **
+***********************************************************************
+*/
 
 
 #ifndef    KRB5_RSA_MD5__
diff --git a/src/lib/crypto/openssl/pbkdf2.c b/src/lib/crypto/openssl/pbkdf2.c
index 2681739..e64e562 100644
--- a/src/lib/crypto/openssl/pbkdf2.c
+++ b/src/lib/crypto/openssl/pbkdf2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/crypto/openssl/pbkdf2.c
  *
@@ -39,13 +40,13 @@
 
 krb5_error_code
 krb5int_pbkdf2_hmac_sha1 (const krb5_data *out, unsigned long count,
-			  const krb5_data *pass, const krb5_data *salt)
+                          const krb5_data *pass, const krb5_data *salt)
 {
 /*
  * This is an implementation of PKCS#5 v2.0
  * Does not return an error
  */
-   PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
+    PKCS5_PBKDF2_HMAC_SHA1(pass->data, pass->length,
                            (unsigned char *)salt->data, salt->length, count,
                            out->length, (unsigned char *)out->data);
     return 0;
diff --git a/src/lib/crypto/openssl/sha1/Makefile.in b/src/lib/crypto/openssl/sha1/Makefile.in
index 249ab77..0ec2587 100644
--- a/src/lib/crypto/openssl/sha1/Makefile.in
+++ b/src/lib/crypto/openssl/sha1/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=lib/crypto/openssl/sha1
 mydir=lib/crypto/openssl/sha1
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFS=
@@ -24,25 +22,8 @@ all-unix:: all-libobjs
 includes:: depend
 
 depend:: $(SRCS)
-t_shs: t_shs.o shs.o $(SUPPORT_DEPLIB)
-	$(CC_LINK) -o t_shs t_shs.o shs.o $(SUPPORT_LIB)
-
-$(OUTPRE)t_shs.exe: $(OUTPRE)t_shs.obj $(OUTPRE)shs.obj
-	link -out:$@ $**
-
-t_shs3: t_shs3.o shs.o $(SUPPORT_DEPLIB)
-	$(CC_LINK) -o t_shs3 t_shs3.o shs.o $(SUPPORT_LIB)
-
-check-unix:: t_shs t_shs3
-	$(RUN_SETUP) $(VALGRIND) $(C)t_shs -x
-	$(RUN_SETUP) $(VALGRIND) $(C)t_shs3
-
-check-windows:: $(OUTPRE)t_shs.exe $(OUTPRE)t_shs3.exe
-	$(OUTPRE)$(C)t_shs.exe -x
-	$(OUTPRE)$(C)t_shs3.exe
 
 clean::
-	$(RM) t_shs$(EXEEXT) t_shs.$(OBJEXT) t_shs3$(EXEEXT) t_shs3.$(OBJEXT)
 
 clean-unix:: clean-libobjs
 
diff --git a/src/lib/crypto/openssl/sha1/deps b/src/lib/crypto/openssl/sha1/deps
index a5e424d..40fa5fa 100644
--- a/src/lib/crypto/openssl/sha1/deps
+++ b/src/lib/crypto/openssl/sha1/deps
@@ -3,12 +3,11 @@
 #
 shs.so shs.po $(OUTPRE)shs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/shs.c \
-  $(srcdir)/shs.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h shs.c shs.h
diff --git a/src/lib/crypto/openssl/sha1/shs.c b/src/lib/crypto/openssl/sha1/shs.c
index 98eeef3..42d260d 100644
--- a/src/lib/crypto/openssl/sha1/shs.c
+++ b/src/lib/crypto/openssl/sha1/shs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/sha1/shs.c
  *
  * Copyright (C) 2009 by the Massachusetts Institute of Technology.
diff --git a/src/lib/crypto/openssl/sha1/shs.h b/src/lib/crypto/openssl/sha1/shs.h
index 88ab172..60cf2ad 100644
--- a/src/lib/crypto/openssl/sha1/shs.h
+++ b/src/lib/crypto/openssl/sha1/shs.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _SHS_DEFINED
 
 #include "k5-int.h"
@@ -8,8 +9,8 @@
 
 /* Some useful types */
 
-typedef krb5_octet	SHS_BYTE;
-typedef krb5_ui_4	SHS_LONG;
+typedef krb5_octet      SHS_BYTE;
+typedef krb5_ui_4       SHS_LONG;
 
 /* Define the following to use the updated SHS implementation */
 #define NEW_SHS         /**/
@@ -35,13 +36,13 @@ void shsFinal(SHS_INFO *shsInfo);
 
 /* Keyed Message digest functions (hmac_sha.c) */
 krb5_error_code hmac_sha(krb5_octet *text,
-			int text_len,
-			krb5_octet *key,
-			int key_len,
-			krb5_octet *digest);
+                         int text_len,
+                         krb5_octet *key,
+                         int key_len,
+                         krb5_octet *digest);
 
 
-#define NIST_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
-#define HMAC_SHA_CKSUM_LENGTH		SHS_DIGESTSIZE
+#define NIST_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
+#define HMAC_SHA_CKSUM_LENGTH           SHS_DIGESTSIZE
 
 #endif /* _SHS_DEFINED */
diff --git a/src/lib/crypto/openssl/yhash.h b/src/lib/crypto/openssl/yhash.h
index 95fee18..151818f 100644
--- a/src/lib/crypto/openssl/yhash.h
+++ b/src/lib/crypto/openssl/yhash.h
@@ -1,4 +1,4 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* lib/crypto/openssl/hash/yhash.h
  */
 
@@ -16,13 +16,13 @@
 #define HASH_Init(x) shsInit(x)
 #define HASH_Update(x, buf, sz) shsUpdate(x, (const void*)buf, sz)
 
-#define HASH_Final(x, tdigest)  do { \
-  int loopvar; \
-  unsigned char *out2 = (void *)(tdigest); \
-  HASH_CTX  *ctx = (x); \
-  shsFinal(ctx); \
-  memcpy(out2, ctx->digestBuf, ctx->digestLen); \
-  } while(0)
+#define HASH_Final(x, tdigest)  do {                    \
+        int loopvar;                                    \
+        unsigned char *out2 = (void *)(tdigest);        \
+        HASH_CTX  *ctx = (x);                           \
+        shsFinal(ctx);                                  \
+        memcpy(out2, ctx->digestBuf, ctx->digestLen);   \
+    } while(0)
 
 #define HASH_DIGEST_SIZE SHS_DIGESTSIZE
 
diff --git a/src/lib/gssapi/Makefile.in b/src/lib/gssapi/Makefile.in
index 0a8c61e..1316c29 100644
--- a/src/lib/gssapi/Makefile.in
+++ b/src/lib/gssapi/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=lib/gssapi
 mydir=lib/gssapi
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS= generic krb5 spnego mechglue
@@ -56,7 +54,7 @@ merged-gssapi-header.h: $(EXPORTED_HEADERS)
 	cat $(EXPORTED_HEADERS) > merged.tmp
 	$(MV) merged.tmp merged-gssapi-header.h
 verify-calling-conventions-gssapi: merged-gssapi-header.h
-	$(PERL) -w $(SRCTOP)/util/def-check.pl merged-gssapi-header.h $(srcdir)/../gssapi32.def
+	$(PERL) -w $(top_srcdir)/util/def-check.pl merged-gssapi-header.h $(srcdir)/../gssapi32.def
 
 all-windows::
 	cd generic
diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in
index 42b4030..e4a0d58 100644
--- a/src/lib/gssapi/generic/Makefile.in
+++ b/src/lib/gssapi/generic/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/gssapi/generic
 mydir=lib/gssapi/generic
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/..
@@ -122,18 +120,20 @@ $(OBJS): $(EXPORTED_HEADERS) $(ETHDRS)
 all-unix:: $(EXPORTED_HEADERS) $(ETHDRS) $(HDRS)
 all-unix:: all-libobjs
 
-errmap.h: $(SRCTOP)/util/gen.pl $(SRCTOP)/util/t_array.pm \
-		$(SRCTOP)/util/t_bimap.pm
-	$(PERL) -w -I$(SRCTOP)/util $(SRCTOP)/util/gen.pl bimap errmap.h \
+errmap.h: $(top_srcdir)/util/gen.pl $(top_srcdir)/util/t_array.pm \
+		$(top_srcdir)/util/t_bimap.pm
+	$(PERL) -w -I$(top_srcdir)/util $(top_srcdir)/util/gen.pl bimap \
+		errmap.h \
 		NAME=mecherrmap LEFT=OM_uint32 RIGHT="struct mecherror" \
 		LEFTPRINT=print_OM_uint32 RIGHTPRINT=mecherror_print \
 		LEFTCMP=cmp_OM_uint32 RIGHTCMP=mecherror_cmp
 
-maptest.h: $(SRCTOP)/util/gen.pl $(SRCTOP)/util/t_array.pm \
-		$(SRCTOP)/util/t_bimap.pm
-	$(PERL) -w -I$(SRCTOP)/util $(SRCTOP)/util/gen.pl bimap maptest.h \
-		NAME=foo LEFT=int RIGHT=elt LEFTPRINT=intprt RIGHTPRINT=eltprt \
-		LEFTCMP=intcmp RIGHTCMP=eltcmp
+maptest.h: $(top_srcdir)/util/gen.pl $(top_srcdir)/util/t_array.pm \
+		$(top_srcdir)/util/t_bimap.pm
+	$(PERL) -w -I$(top_srcdir)/util $(top_srcdir)/util/gen.pl bimap \
+		maptest.h \
+		NAME=foo LEFT=int RIGHT=elt LEFTPRINT=intprt \
+		RIGHTPRINT=eltprt LEFTCMP=intcmp RIGHTCMP=eltcmp
 maptest.o: maptest.c maptest.h
 maptest: maptest.o
 	$(CC_LINK) -o maptest maptest.o
diff --git a/src/lib/gssapi/generic/deps b/src/lib/gssapi/generic/deps
index 652f808..16860d0 100644
--- a/src/lib/gssapi/generic/deps
+++ b/src/lib/gssapi/generic/deps
@@ -3,71 +3,82 @@
 #
 disp_com_err_status.so disp_com_err_status.po $(OUTPRE)disp_com_err_status.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h disp_com_err_status.c \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h disp_com_err_status.c \
   gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
   gssapi_generic.h
 disp_major_status.so disp_major_status.po $(OUTPRE)disp_major_status.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h disp_major_status.c gssapiP_generic.h \
-  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h disp_major_status.c \
+  gssapiP_generic.h gssapi_err_generic.h gssapi_ext.h \
+  gssapi_generic.h
 gssapi_generic.so gssapi_generic.po $(OUTPRE)gssapi_generic.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.c gssapi_generic.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.c \
+  gssapi_generic.h
 oid_ops.so oid_ops.po $(OUTPRE)oid_ops.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h oid_ops.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  oid_ops.c
 rel_buffer.so rel_buffer.po $(OUTPRE)rel_buffer.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h rel_buffer.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  rel_buffer.c
 rel_oid_set.so rel_oid_set.po $(OUTPRE)rel_oid_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h rel_oid_set.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  rel_oid_set.c
 util_buffer.so util_buffer.po $(OUTPRE)util_buffer.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_buffer.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_buffer.c
 util_buffer_set.so util_buffer_set.po $(OUTPRE)util_buffer_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_buffer_set.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_buffer_set.c
 util_errmap.so util_errmap.po $(OUTPRE)util_errmap.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h errmap.h gssapiP_generic.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h errmap.h gssapiP_generic.h \
   gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
   util_errmap.c
 util_ordering.so util_ordering.po $(OUTPRE)util_ordering.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_ordering.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_ordering.c
 util_set.so util_set.po $(OUTPRE)util_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_set.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_set.c
 util_token.so util_token.po $(OUTPRE)util_token.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_token.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_token.c
 util_validate.so util_validate.po $(OUTPRE)util_validate.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h gssapiP_generic.h gssapi_err_generic.h \
-  gssapi_ext.h gssapi_generic.h util_validate.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h gssapiP_generic.h \
+  gssapi_err_generic.h gssapi_ext.h gssapi_generic.h \
+  util_validate.c
 gssapi_err_generic.so gssapi_err_generic.po $(OUTPRE)gssapi_err_generic.$(OBJEXT): \
   $(COM_ERR_DEPS) gssapi_err_generic.c
diff --git a/src/lib/gssapi/generic/disp_com_err_status.c b/src/lib/gssapi/generic/disp_com_err_status.c
index d7a2e1d..4c410cc 100644
--- a/src/lib/gssapi/generic/disp_com_err_status.c
+++ b/src/lib/gssapi/generic/disp_com_err_status.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/disp_major_status.c b/src/lib/gssapi/generic/disp_major_status.c
index f9ff281..5098e3a 100644
--- a/src/lib/gssapi/generic/disp_major_status.c
+++ b/src/lib/gssapi/generic/disp_major_status.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -32,9 +32,9 @@
 /* This code has knowledge of the min and max errors of each type
    within the gssapi major status */
 
-#define GSS_ERROR_STR(value, array, select, min, max, num) \
-   (((select(value) < (min)) || (select(value) > (max))) ? NULL : \
-    (array)[num(value)])
+#define GSS_ERROR_STR(value, array, select, min, max, num)              \
+    (((select(value) < (min)) || (select(value) > (max))) ? NULL :      \
+     (array)[num(value)])
 
 /**/
 
@@ -47,10 +47,10 @@ static const char * const calling_error_string[] = {
 
 static const char * const calling_error = "calling error";
 
-#define GSS_CALLING_ERROR_STR(x) \
-   GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \
-                 GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
-                 GSS_CALLING_ERROR_FIELD)
+#define GSS_CALLING_ERROR_STR(x)                                        \
+    GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR,         \
+                  GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
+                  GSS_CALLING_ERROR_FIELD)
 
 /**/
 
@@ -76,10 +76,10 @@ static const char * const routine_error_string[] = {
 
 static const char * const routine_error = "routine error";
 
-#define GSS_ROUTINE_ERROR_STR(x) \
-   GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
-                 GSS_S_BAD_MECH, GSS_S_FAILURE, \
-                 GSS_ROUTINE_ERROR_FIELD)
+#define GSS_ROUTINE_ERROR_STR(x)                                \
+    GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
+                  GSS_S_BAD_MECH, GSS_S_FAILURE,                \
+                  GSS_ROUTINE_ERROR_FIELD)
 
 /**/
 
@@ -97,9 +97,9 @@ static const char * const sinfo_code = "supplementary info code";
 #define LSBGET(x) ((((x)^((x)-1))+1)>>1)
 #define LSBMASK(n) ((1<<(n))^((1<<(n))-1))
 
-#define GSS_SINFO_STR(x) \
-   ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
-    /**/NULL:sinfo_string[(x)])
+#define GSS_SINFO_STR(x)                                                \
+    ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
+     /**/NULL:sinfo_string[(x)])
 
 /**/
 
diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c
index 4973784..827cb6b 100644
--- a/src/lib/gssapi/generic/gssapi_generic.c
+++ b/src/lib/gssapi/generic/gssapi_generic.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h
index c5399dc..e11f938 100644
--- a/src/lib/gssapi/generic/gssapi_generic.h
+++ b/src/lib/gssapi/generic/gssapi_generic.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -38,8 +38,8 @@
 #define GSSAPIGENERIC_END_DECLS
 #endif
 
-#define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||\
-        (buf)->value == NULL || (buf)->length == 0)
+#define GSS_EMPTY_BUFFER(buf)   ((buf) == NULL ||                       \
+                                 (buf)->value == NULL || (buf)->length == 0)
 
 GSSAPIGENERIC_BEGIN_DECLS
 
diff --git a/src/lib/gssapi/generic/maptest.c b/src/lib/gssapi/generic/maptest.c
index ce59421..566d88c 100644
--- a/src/lib/gssapi/generic/maptest.c
+++ b/src/lib/gssapi/generic/maptest.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <stdarg.h>
 #include <assert.h>
diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
index bda3a5a..d7cd5a4 100644
--- a/src/lib/gssapi/generic/oid_ops.c
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -1,4 +1,4 @@
-/* #pragma ident	"@(#)oid_ops.c	1.19	04/02/23 SMI" */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/generic/oid_ops.c
  *
@@ -42,15 +42,13 @@
 #include <ctype.h>
 
 OM_uint32
-generic_gss_release_oid(minor_status, oid)
-    OM_uint32	*minor_status;
-    gss_OID	*oid;
+generic_gss_release_oid(OM_uint32 *minor_status, gss_OID *oid)
 {
     if (minor_status)
-	*minor_status = 0;
+        *minor_status = 0;
 
     if (oid == NULL || *oid == GSS_C_NO_OID)
-	return(GSS_S_COMPLETE);
+        return(GSS_S_COMPLETE);
 
     /*
      * The V2 API says the following!
@@ -70,107 +68,103 @@ generic_gss_release_oid(minor_status, oid)
      */
 
     if ((*oid != GSS_C_NT_USER_NAME) &&
-	(*oid != GSS_C_NT_MACHINE_UID_NAME) &&
-	(*oid != GSS_C_NT_STRING_UID_NAME) &&
-	(*oid != GSS_C_NT_HOSTBASED_SERVICE) &&
-	(*oid != GSS_C_NT_ANONYMOUS) &&
-	(*oid != GSS_C_NT_EXPORT_NAME) &&
-	(*oid != gss_nt_service_name)) {
-	free((*oid)->elements);
-	free(*oid);
+        (*oid != GSS_C_NT_MACHINE_UID_NAME) &&
+        (*oid != GSS_C_NT_STRING_UID_NAME) &&
+        (*oid != GSS_C_NT_HOSTBASED_SERVICE) &&
+        (*oid != GSS_C_NT_ANONYMOUS) &&
+        (*oid != GSS_C_NT_EXPORT_NAME) &&
+        (*oid != gss_nt_service_name)) {
+        free((*oid)->elements);
+        free(*oid);
     }
     *oid = GSS_C_NO_OID;
     return(GSS_S_COMPLETE);
 }
 
 OM_uint32
-generic_gss_copy_oid(minor_status, oid, new_oid)
-	OM_uint32	*minor_status;
-	const gss_OID_desc * const oid;
-	gss_OID		*new_oid;
+generic_gss_copy_oid(OM_uint32 *minor_status,
+                     const gss_OID_desc * const oid,
+                     gss_OID *new_oid)
 {
-	gss_OID		p;
-
-	*minor_status = 0;
-
-	p = (gss_OID) malloc(sizeof(gss_OID_desc));
-	if (!p) {
-	    *minor_status = ENOMEM;
-	    return GSS_S_FAILURE;
-	}
-	p->length = oid->length;
-	p->elements = malloc(p->length);
-	if (!p->elements) {
-		free(p);
-		return GSS_S_FAILURE;
-	}
-	memcpy(p->elements, oid->elements, p->length);
-	*new_oid = p;
-	return(GSS_S_COMPLETE);
+    gss_OID         p;
+
+    *minor_status = 0;
+
+    p = (gss_OID) malloc(sizeof(gss_OID_desc));
+    if (!p) {
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
+    }
+    p->length = oid->length;
+    p->elements = malloc(p->length);
+    if (!p->elements) {
+        free(p);
+        return GSS_S_FAILURE;
+    }
+    memcpy(p->elements, oid->elements, p->length);
+    *new_oid = p;
+    return(GSS_S_COMPLETE);
 }
 
 
 OM_uint32
-generic_gss_create_empty_oid_set(minor_status, oid_set)
-    OM_uint32	*minor_status;
-    gss_OID_set	*oid_set;
+generic_gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set)
 {
     *minor_status = 0;
 
     if ((*oid_set = (gss_OID_set) malloc(sizeof(gss_OID_set_desc)))) {
-	memset(*oid_set, 0, sizeof(gss_OID_set_desc));
-	return(GSS_S_COMPLETE);
+        memset(*oid_set, 0, sizeof(gss_OID_set_desc));
+        return(GSS_S_COMPLETE);
     }
     else {
-	*minor_status = ENOMEM;
-	return(GSS_S_FAILURE);
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
     }
 }
 
 OM_uint32
-generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)
-    OM_uint32	*minor_status;
-    const gss_OID_desc * const member_oid;
-    gss_OID_set	*oid_set;
+generic_gss_add_oid_set_member(OM_uint32 *minor_status,
+                               const gss_OID_desc * const member_oid,
+                               gss_OID_set *oid_set)
 {
-    gss_OID	elist;
-    gss_OID	lastel;
+    gss_OID     elist;
+    gss_OID     lastel;
 
     *minor_status = 0;
 
     if (member_oid == NULL || member_oid->length == 0 ||
-	member_oid->elements == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        member_oid->elements == NULL)
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     elist = (*oid_set)->elements;
     /* Get an enlarged copy of the array */
     if (((*oid_set)->elements = (gss_OID) malloc(((*oid_set)->count+1) *
-						  sizeof(gss_OID_desc)))) {
-	/* Copy in the old junk */
-	if (elist)
-	    memcpy((*oid_set)->elements,
-		   elist,
-		   ((*oid_set)->count * sizeof(gss_OID_desc)));
-
-	/* Duplicate the input element */
-	lastel = &(*oid_set)->elements[(*oid_set)->count];
-	if ((lastel->elements =
-	     (void *) malloc((size_t) member_oid->length))) {
-	    /* Success - copy elements */
-	    memcpy(lastel->elements, member_oid->elements,
-		   (size_t) member_oid->length);
-	    /* Set length */
-	    lastel->length = member_oid->length;
-
-	    /* Update count */
-	    (*oid_set)->count++;
-	    if (elist)
-		free(elist);
-	    *minor_status = 0;
-	    return(GSS_S_COMPLETE);
-	}
-	else
-	    free((*oid_set)->elements);
+                                                 sizeof(gss_OID_desc)))) {
+        /* Copy in the old junk */
+        if (elist)
+            memcpy((*oid_set)->elements,
+                   elist,
+                   ((*oid_set)->count * sizeof(gss_OID_desc)));
+
+        /* Duplicate the input element */
+        lastel = &(*oid_set)->elements[(*oid_set)->count];
+        if ((lastel->elements =
+             (void *) malloc((size_t) member_oid->length))) {
+            /* Success - copy elements */
+            memcpy(lastel->elements, member_oid->elements,
+                   (size_t) member_oid->length);
+            /* Set length */
+            lastel->length = member_oid->length;
+
+            /* Update count */
+            (*oid_set)->count++;
+            if (elist)
+                free(elist);
+            *minor_status = 0;
+            return(GSS_S_COMPLETE);
+        }
+        else
+            free((*oid_set)->elements);
     }
     /* Failure - restore old contents of list */
     (*oid_set)->elements = elist;
@@ -179,32 +173,31 @@ generic_gss_add_oid_set_member(minor_status, member_oid, oid_set)
 }
 
 OM_uint32
-generic_gss_test_oid_set_member(minor_status, member, set, present)
-    OM_uint32	*minor_status;
-    const gss_OID_desc * const member;
-    gss_OID_set	set;
-    int		*present;
+generic_gss_test_oid_set_member(OM_uint32 *minor_status,
+                                const gss_OID_desc * const member,
+                                gss_OID_set set,
+                                int * present)
 {
-    OM_uint32	i;
-    int		result;
+    OM_uint32   i;
+    int         result;
 
     *minor_status = 0;
 
     if (member == NULL || set == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     if (present == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     result = 0;
     for (i=0; i<set->count; i++) {
-	if ((set->elements[i].length == member->length) &&
-	    !memcmp(set->elements[i].elements,
-		    member->elements,
-		    (size_t) member->length)) {
-	    result = 1;
-	    break;
-	}
+        if ((set->elements[i].length == member->length) &&
+            !memcmp(set->elements[i].elements,
+                    member->elements,
+                    (size_t) member->length)) {
+            result = 1;
+            break;
+        }
     }
     *present = result;
     return(GSS_S_COMPLETE);
@@ -214,30 +207,29 @@ generic_gss_test_oid_set_member(minor_status, member, set, present)
  * OID<->string routines.  These are uuuuugly.
  */
 OM_uint32
-generic_gss_oid_to_str(minor_status, oid, oid_str)
-    OM_uint32		*minor_status;
-    const gss_OID_desc * const oid;
-    gss_buffer_t	oid_str;
+generic_gss_oid_to_str(OM_uint32 *minor_status,
+                       const gss_OID_desc * const oid,
+                       gss_buffer_t oid_str)
 {
-    OM_uint32		number;
+    OM_uint32           number;
     OM_uint32 i;
-    unsigned char	*cp;
-    char		*bp;
-    struct k5buf	buf;
+    unsigned char       *cp;
+    char                *bp;
+    struct k5buf        buf;
 
     if (minor_status != NULL)
-	*minor_status = 0;
+        *minor_status = 0;
 
     if (oid_str != GSS_C_NO_BUFFER) {
-	oid_str->length = 0;
-	oid_str->value = NULL;
+        oid_str->length = 0;
+        oid_str->value = NULL;
     }
 
     if (oid == NULL || oid->length == 0 || oid->elements == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     if (oid_str == GSS_C_NO_BUFFER)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     /* Decoded according to krb5/gssapi_krb5.c */
 
@@ -245,21 +237,21 @@ generic_gss_oid_to_str(minor_status, oid, oid_str)
     number = (unsigned long) cp[0];
     krb5int_buf_init_dynamic(&buf);
     krb5int_buf_add_fmt(&buf, "{ %lu %lu ", (unsigned long)number/40,
-			(unsigned long)number%40);
+                        (unsigned long)number%40);
     number = 0;
     cp = (unsigned char *) oid->elements;
     for (i=1; i<oid->length; i++) {
-	number = (number << 7) | (cp[i] & 0x7f);
-	if ((cp[i] & 0x80) == 0) {
-	    krb5int_buf_add_fmt(&buf, "%lu ", (unsigned long)number);
-	    number = 0;
-	}
+        number = (number << 7) | (cp[i] & 0x7f);
+        if ((cp[i] & 0x80) == 0) {
+            krb5int_buf_add_fmt(&buf, "%lu ", (unsigned long)number);
+            number = 0;
+        }
     }
     krb5int_buf_add(&buf, "}");
     bp = krb5int_buf_data(&buf);
     if (bp == NULL) {
-	*minor_status = ENOMEM;
-	return(GSS_S_FAILURE);
+        *minor_status = ENOMEM;
+        return(GSS_S_FAILURE);
     }
     oid_str->length = krb5int_buf_len(&buf)+1;
     oid_str->value = (void *) bp;
@@ -267,43 +259,42 @@ generic_gss_oid_to_str(minor_status, oid, oid_str)
 }
 
 OM_uint32
-generic_gss_str_to_oid(minor_status, oid_str, oid)
-    OM_uint32		*minor_status;
-    gss_buffer_t	oid_str;
-    gss_OID		*oid;
+generic_gss_str_to_oid(OM_uint32 *minor_status,
+                       gss_buffer_t oid_str,
+                       gss_OID * oid)
 {
-    unsigned char	*cp, *bp, *startp;
-    int		brace;
-    long	numbuf;
-    long	onumbuf;
-    OM_uint32	nbytes;
-    int		i;
+    unsigned char       *cp, *bp, *startp;
+    int         brace;
+    long        numbuf;
+    long        onumbuf;
+    OM_uint32   nbytes;
+    int         i;
     unsigned char *op;
 
     if (minor_status != NULL)
-	*minor_status = 0;
+        *minor_status = 0;
 
     if (oid != NULL)
-	*oid = GSS_C_NO_OID;
+        *oid = GSS_C_NO_OID;
 
     if (GSS_EMPTY_BUFFER(oid_str))
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     if (oid == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     brace = 0;
     bp = oid_str->value;
     cp = bp;
     /* Skip over leading space */
     while ((bp < &cp[oid_str->length]) && isspace(*bp))
-	bp++;
+        bp++;
     if (*bp == '{') {
-	brace = 1;
-	bp++;
+        brace = 1;
+        bp++;
     }
     while ((bp < &cp[oid_str->length]) && isspace(*bp))
-	bp++;
+        bp++;
     startp = bp;
     nbytes = 0;
 
@@ -311,118 +302,117 @@ generic_gss_str_to_oid(minor_status, oid_str, oid)
      * The first two numbers are chewed up by the first octet.
      */
     if (sscanf((char *)bp, "%ld", &numbuf) != 1) {
-	*minor_status = EINVAL;
-	return(GSS_S_FAILURE);
+        *minor_status = EINVAL;
+        return(GSS_S_FAILURE);
     }
     while ((bp < &cp[oid_str->length]) && isdigit(*bp))
-	bp++;
+        bp++;
     while ((bp < &cp[oid_str->length]) &&
-	   (isspace(*bp) || *bp == '.'))
-	bp++;
+           (isspace(*bp) || *bp == '.'))
+        bp++;
     if (sscanf((char *)bp, "%ld", &numbuf) != 1) {
-	*minor_status = EINVAL;
-	return(GSS_S_FAILURE);
+        *minor_status = EINVAL;
+        return(GSS_S_FAILURE);
     }
     while ((bp < &cp[oid_str->length]) && isdigit(*bp))
-	bp++;
+        bp++;
     while ((bp < &cp[oid_str->length]) &&
-	   (isspace(*bp) || *bp == '.'))
-	bp++;
+           (isspace(*bp) || *bp == '.'))
+        bp++;
     nbytes++;
     while (isdigit(*bp)) {
-	if (sscanf((char *)bp, "%ld", &numbuf) != 1) {
-	    return(GSS_S_FAILURE);
-	}
-	while (numbuf) {
-	    nbytes++;
-	    numbuf >>= 7;
-	}
-	while ((bp < &cp[oid_str->length]) && isdigit(*bp))
-	    bp++;
-	while ((bp < &cp[oid_str->length]) &&
-	       (isspace(*bp) || *bp == '.'))
-	    bp++;
+        if (sscanf((char *)bp, "%ld", &numbuf) != 1) {
+            return(GSS_S_FAILURE);
+        }
+        while (numbuf) {
+            nbytes++;
+            numbuf >>= 7;
+        }
+        while ((bp < &cp[oid_str->length]) && isdigit(*bp))
+            bp++;
+        while ((bp < &cp[oid_str->length]) &&
+               (isspace(*bp) || *bp == '.'))
+            bp++;
     }
     if (brace && (*bp != '}')) {
-	return(GSS_S_FAILURE);
+        return(GSS_S_FAILURE);
     }
 
     /*
      * Phew!  We've come this far, so the syntax is good.
      */
     if ((*oid = (gss_OID) malloc(sizeof(gss_OID_desc)))) {
-	if (((*oid)->elements = (void *) malloc(nbytes))) {
-	    (*oid)->length = nbytes;
-	    op = (unsigned char *) (*oid)->elements;
-	    bp = startp;
-	    (void) sscanf((char *)bp, "%ld", &numbuf);
-	    while (isdigit(*bp))
-		bp++;
-	    while (isspace(*bp) || *bp == '.')
-		bp++;
-	    onumbuf = 40*numbuf;
-	    (void) sscanf((char *)bp, "%ld", &numbuf);
-	    onumbuf += numbuf;
-	    *op = (unsigned char) onumbuf;
-	    op++;
-	    while (isdigit(*bp))
-		bp++;
-	    while (isspace(*bp) || *bp == '.')
-		bp++;
-	    while (isdigit(*bp)) {
-		(void) sscanf((char *)bp, "%ld", &numbuf);
-		nbytes = 0;
-		/* Have to fill in the bytes msb-first */
-		onumbuf = numbuf;
-		while (numbuf) {
-		    nbytes++;
-		    numbuf >>= 7;
-		}
-		numbuf = onumbuf;
-		op += nbytes;
-		i = -1;
-		while (numbuf) {
-		    op[i] = (unsigned char) numbuf & 0x7f;
-		    if (i != -1)
-			op[i] |= 0x80;
-		    i--;
-		    numbuf >>= 7;
-		}
-		while (isdigit(*bp))
-		    bp++;
-		while (isspace(*bp) || *bp == '.')
-		    bp++;
-	    }
-	    return(GSS_S_COMPLETE);
-	}
-	else {
-	    free(*oid);
-	    *oid = GSS_C_NO_OID;
-	}
+        if (((*oid)->elements = (void *) malloc(nbytes))) {
+            (*oid)->length = nbytes;
+            op = (unsigned char *) (*oid)->elements;
+            bp = startp;
+            (void) sscanf((char *)bp, "%ld", &numbuf);
+            while (isdigit(*bp))
+                bp++;
+            while (isspace(*bp) || *bp == '.')
+                bp++;
+            onumbuf = 40*numbuf;
+            (void) sscanf((char *)bp, "%ld", &numbuf);
+            onumbuf += numbuf;
+            *op = (unsigned char) onumbuf;
+            op++;
+            while (isdigit(*bp))
+                bp++;
+            while (isspace(*bp) || *bp == '.')
+                bp++;
+            while (isdigit(*bp)) {
+                (void) sscanf((char *)bp, "%ld", &numbuf);
+                nbytes = 0;
+                /* Have to fill in the bytes msb-first */
+                onumbuf = numbuf;
+                while (numbuf) {
+                    nbytes++;
+                    numbuf >>= 7;
+                }
+                numbuf = onumbuf;
+                op += nbytes;
+                i = -1;
+                while (numbuf) {
+                    op[i] = (unsigned char) numbuf & 0x7f;
+                    if (i != -1)
+                        op[i] |= 0x80;
+                    i--;
+                    numbuf >>= 7;
+                }
+                while (isdigit(*bp))
+                    bp++;
+                while (isspace(*bp) || *bp == '.')
+                    bp++;
+            }
+            return(GSS_S_COMPLETE);
+        }
+        else {
+            free(*oid);
+            *oid = GSS_C_NO_OID;
+        }
     }
     return(GSS_S_FAILURE);
 }
 
 /* Compose an OID of a prefix and an integer suffix */
 OM_uint32
-generic_gss_oid_compose(
-    OM_uint32 *minor_status,
-    const char *prefix,
-    size_t prefix_len,
-    int suffix,
-    gss_OID_desc *oid)
+generic_gss_oid_compose(OM_uint32 *minor_status,
+                        const char *prefix,
+                        size_t prefix_len,
+                        int suffix,
+                        gss_OID_desc *oid)
 {
     int osuffix, i;
     size_t nbytes;
     unsigned char *op;
 
     if (oid == GSS_C_NO_OID) {
-	*minor_status = EINVAL;
-	return GSS_S_FAILURE;
+        *minor_status = EINVAL;
+        return GSS_S_FAILURE;
     }
     if (oid->length < prefix_len) {
-	*minor_status = ERANGE;
-	return GSS_S_FAILURE;
+        *minor_status = ERANGE;
+        return GSS_S_FAILURE;
     }
 
     memcpy(oid->elements, prefix, prefix_len);
@@ -430,24 +420,24 @@ generic_gss_oid_compose(
     nbytes = 0;
     osuffix = suffix;
     while (suffix) {
-	nbytes++;
-	suffix >>= 7;
+        nbytes++;
+        suffix >>= 7;
     }
     suffix = osuffix;
 
     if (oid->length < prefix_len + nbytes) {
-	*minor_status = ERANGE;
-	return GSS_S_FAILURE;
+        *minor_status = ERANGE;
+        return GSS_S_FAILURE;
     }
 
     op = (unsigned char *) oid->elements + prefix_len + nbytes;
     i = -1;
     while (suffix) {
-	op[i] = (unsigned char)suffix & 0x7f;
-	if (i != -1)
-	    op[i] |= 0x80;
-	i--;
-	suffix >>= 7;
+        op[i] = (unsigned char)suffix & 0x7f;
+        if (i != -1)
+            op[i] |= 0x80;
+        i--;
+        suffix >>= 7;
     }
 
     oid->length = prefix_len + nbytes;
@@ -457,19 +447,18 @@ generic_gss_oid_compose(
 }
 
 OM_uint32
-generic_gss_oid_decompose(
-    OM_uint32 *minor_status,
-    const char *prefix,
-    size_t prefix_len,
-    gss_OID_desc *oid,
-    int *suffix)
+generic_gss_oid_decompose(OM_uint32 *minor_status,
+                          const char *prefix,
+                          size_t prefix_len,
+                          gss_OID_desc *oid,
+                          int *suffix)
 {
     size_t i, slen;
     unsigned char *op;
 
     if (oid->length < prefix_len ||
-	memcmp(oid->elements, prefix, prefix_len) != 0) {
-	return GSS_S_BAD_MECH;
+        memcmp(oid->elements, prefix, prefix_len) != 0) {
+        return GSS_S_BAD_MECH;
     }
 
     op = (unsigned char *) oid->elements + prefix_len;
@@ -479,11 +468,11 @@ generic_gss_oid_decompose(
     slen = oid->length - prefix_len;
 
     for (i = 0; i < slen; i++) {
-	*suffix = (*suffix << 7) | (op[i] & 0x7f);
-	if (i + 1 != slen && (op[i] & 0x80) == 0) {
-	    *minor_status = EINVAL;
-	    return GSS_S_FAILURE;
-	}
+        *suffix = (*suffix << 7) | (op[i] & 0x7f);
+        if (i + 1 != slen && (op[i] & 0x80) == 0) {
+            *minor_status = EINVAL;
+            return GSS_S_FAILURE;
+        }
     }
 
     return GSS_S_COMPLETE;
@@ -511,11 +500,9 @@ generic_gss_oid_decompose(
  * PERFORMANCE OF THIS SOFTWARE.
  */
 OM_uint32
-generic_gss_copy_oid_set(
-    OM_uint32 *minor_status,
-    const gss_OID_set_desc * const oidset,
-    gss_OID_set *new_oidset
-    )
+generic_gss_copy_oid_set(OM_uint32 *minor_status,
+                         const gss_OID_set_desc * const oidset,
+                         gss_OID_set *new_oidset)
 {
     gss_OID_set_desc *copy;
     OM_uint32 minor = 0;
@@ -523,45 +510,45 @@ generic_gss_copy_oid_set(
     OM_uint32 i;
 
     if (minor_status != NULL)
-	*minor_status = 0;
+        *minor_status = 0;
 
     if (new_oidset != NULL)
-	*new_oidset = GSS_C_NO_OID_SET;
+        *new_oidset = GSS_C_NO_OID_SET;
 
     if (oidset == GSS_C_NO_OID_SET)
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     if (new_oidset == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     if ((copy = (gss_OID_set_desc *) calloc(1, sizeof (*copy))) == NULL) {
-	major = GSS_S_FAILURE;
-	goto done;
+        major = GSS_S_FAILURE;
+        goto done;
     }
 
     if ((copy->elements = (gss_OID_desc *)
-	 calloc(oidset->count, sizeof (*copy->elements))) == NULL) {
-	major = GSS_S_FAILURE;
-	goto done;
+         calloc(oidset->count, sizeof (*copy->elements))) == NULL) {
+        major = GSS_S_FAILURE;
+        goto done;
     }
     copy->count = oidset->count;
 
     for (i = 0; i < copy->count; i++) {
-	gss_OID_desc *out = &copy->elements[i];
-	gss_OID_desc *in = &oidset->elements[i];
-
-	if ((out->elements = (void *) malloc(in->length)) == NULL) {
-	    major = GSS_S_FAILURE;
-	    goto done;
-	}
-	(void) memcpy(out->elements, in->elements, in->length);
-	out->length = in->length;
+        gss_OID_desc *out = &copy->elements[i];
+        gss_OID_desc *in = &oidset->elements[i];
+
+        if ((out->elements = (void *) malloc(in->length)) == NULL) {
+            major = GSS_S_FAILURE;
+            goto done;
+        }
+        (void) memcpy(out->elements, in->elements, in->length);
+        out->length = in->length;
     }
 
     *new_oidset = copy;
 done:
     if (major != GSS_S_COMPLETE) {
-	(void) gss_release_oid_set(&minor, &copy);
+        (void) gss_release_oid_set(&minor, &copy);
     }
 
     return (major);
diff --git a/src/lib/gssapi/generic/rel_buffer.c b/src/lib/gssapi/generic/rel_buffer.c
index 8b35e80..fb67123 100644
--- a/src/lib/gssapi/generic/rel_buffer.c
+++ b/src/lib/gssapi/generic/rel_buffer.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* #ident  "@(#)g_rel_buffer.c 1.2     96/02/06 SMI" */
 
 /*
diff --git a/src/lib/gssapi/generic/rel_oid_set.c b/src/lib/gssapi/generic/rel_oid_set.c
index 137a513..61c15cd 100644
--- a/src/lib/gssapi/generic/rel_oid_set.c
+++ b/src/lib/gssapi/generic/rel_oid_set.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* #ident  "@(#)gss_release_oid_set.c 1.12     95/08/23 SMI" */
 
 /*
diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c
index b707d15..cd16862 100644
--- a/src/lib/gssapi/generic/util_buffer.c
+++ b/src/lib/gssapi/generic/util_buffer.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/util_buffer_set.c b/src/lib/gssapi/generic/util_buffer_set.c
index 1e506e7..46ec66c 100644
--- a/src/lib/gssapi/generic/util_buffer_set.c
+++ b/src/lib/gssapi/generic/util_buffer_set.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -31,16 +32,16 @@
 #include <string.h>
 #include <errno.h>
 
-OM_uint32 generic_gss_create_empty_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set)
+OM_uint32
+generic_gss_create_empty_buffer_set(OM_uint32 * minor_status,
+                                    gss_buffer_set_t *buffer_set)
 {
     gss_buffer_set_t set;
 
     set = (gss_buffer_set_desc *) malloc(sizeof(*set));
     if (set == GSS_C_NO_BUFFER_SET) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
     }
 
     set->count = 0;
@@ -52,38 +53,38 @@ OM_uint32 generic_gss_create_empty_buffer_set
     return GSS_S_COMPLETE;
 }
 
-OM_uint32 generic_gss_add_buffer_set_member
-	   (OM_uint32 * minor_status,
-	    const gss_buffer_t member_buffer,
-	    gss_buffer_set_t *buffer_set)
+OM_uint32
+generic_gss_add_buffer_set_member(OM_uint32 * minor_status,
+                                  const gss_buffer_t member_buffer,
+                                  gss_buffer_set_t *buffer_set)
 {
     gss_buffer_set_t set;
     gss_buffer_t p;
     OM_uint32 ret;
 
     if (*buffer_set == GSS_C_NO_BUFFER_SET) {
-	ret = generic_gss_create_empty_buffer_set(minor_status,
-						  buffer_set);
-	if (ret) {
-	    return ret;
-	}
+        ret = generic_gss_create_empty_buffer_set(minor_status,
+                                                  buffer_set);
+        if (ret) {
+            return ret;
+        }
     }
 
     set = *buffer_set;
     set->elements = (gss_buffer_desc *)realloc(set->elements,
-					       (set->count + 1) *
-						sizeof(gss_buffer_desc));
+                                               (set->count + 1) *
+                                               sizeof(gss_buffer_desc));
     if (set->elements == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
     }
 
     p = &set->elements[set->count];
 
     p->value = malloc(member_buffer->length);
     if (p->value == NULL) {
-	*minor_status = ENOMEM;
-	return GSS_S_FAILURE;
+        *minor_status = ENOMEM;
+        return GSS_S_FAILURE;
     }
     memcpy(p->value, member_buffer->value, member_buffer->length);
     p->length = member_buffer->length;
@@ -94,9 +95,9 @@ OM_uint32 generic_gss_add_buffer_set_member
     return GSS_S_COMPLETE;
 }
 
-OM_uint32 generic_gss_release_buffer_set
-	   (OM_uint32 * minor_status,
-	    gss_buffer_set_t *buffer_set)
+OM_uint32
+generic_gss_release_buffer_set(OM_uint32 * minor_status,
+                               gss_buffer_set_t *buffer_set)
 {
     size_t i;
     OM_uint32 minor;
@@ -104,16 +105,16 @@ OM_uint32 generic_gss_release_buffer_set
     *minor_status = 0;
 
     if (*buffer_set == GSS_C_NO_BUFFER_SET) {
-	return GSS_S_COMPLETE;
+        return GSS_S_COMPLETE;
     }
 
     for (i = 0; i < (*buffer_set)->count; i++) {
-	generic_gss_release_buffer(&minor, &((*buffer_set)->elements[i]));
+        generic_gss_release_buffer(&minor, &((*buffer_set)->elements[i]));
     }
 
     if ((*buffer_set)->elements != NULL) {
-	free((*buffer_set)->elements);
-	(*buffer_set)->elements = NULL;
+        free((*buffer_set)->elements);
+        (*buffer_set)->elements = NULL;
     }
 
     (*buffer_set)->count = 0;
diff --git a/src/lib/gssapi/generic/util_canonhost.c b/src/lib/gssapi/generic/util_canonhost.c
index 6e95318..e27d656 100644
--- a/src/lib/gssapi/generic/util_canonhost.c
+++ b/src/lib/gssapi/generic/util_canonhost.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c
index 2634e66..5a863b6 100644
--- a/src/lib/gssapi/generic/util_errmap.c
+++ b/src/lib/gssapi/generic/util_errmap.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
diff --git a/src/lib/gssapi/generic/util_localhost.c b/src/lib/gssapi/generic/util_localhost.c
index 85e0980..7956a07 100644
--- a/src/lib/gssapi/generic/util_localhost.c
+++ b/src/lib/gssapi/generic/util_localhost.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index 274790e..95609a9 100644
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -133,8 +133,8 @@ g_order_check(void **vqueue, gssint_uint64 seqnum)
     seqnum -= q->firstnum;
     /* If we're only doing 32-bit values, adjust for that again.
 
-    Note that this will probably be the wrong thing to if we get
-    2**32 messages sent with 32-bit sequence numbers.  */
+       Note that this will probably be the wrong thing to if we get
+       2**32 messages sent with 32-bit sequence numbers.  */
     seqnum &= q->mask;
 
     /* rule 1: expected sequence number */
@@ -160,16 +160,16 @@ g_order_check(void **vqueue, gssint_uint64 seqnum)
     if ((seqnum < QELEM(q,q->start)) &&
         /* Is top bit of whatever width we're using set?
 
-        We used to check for greater than or equal to firstnum, but
-        (1) we've since switched to compute values relative to
-        firstnum, so the lowest we can have is 0, and (2) the effect
-        of the original scheme was highly dependent on whether
-        firstnum was close to either side of 0.  (Consider
-        firstnum==0xFFFFFFFE and we miss three packets; the next
-        packet is *new* but would look old.)
+           We used to check for greater than or equal to firstnum, but
+           (1) we've since switched to compute values relative to
+           firstnum, so the lowest we can have is 0, and (2) the effect
+           of the original scheme was highly dependent on whether
+           firstnum was close to either side of 0.  (Consider
+           firstnum==0xFFFFFFFE and we miss three packets; the next
+           packet is *new* but would look old.)
 
-        This check should give us 2**31 or 2**63 messages "new", and
-        just as many "old".  That's not quite right either.  */
+           This check should give us 2**31 or 2**63 messages "new", and
+           just as many "old".  That's not quite right either.  */
         (seqnum & (1 + (q->mask >> 1)))
     ) {
         if (q->do_replay && !q->do_sequence)
diff --git a/src/lib/gssapi/generic/util_set.c b/src/lib/gssapi/generic/util_set.c
index d437f1e..8866f52 100644
--- a/src/lib/gssapi/generic/util_set.c
+++ b/src/lib/gssapi/generic/util_set.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1995 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c
index b597788..3acbd8e 100644
--- a/src/lib/gssapi/generic/util_token.c
+++ b/src/lib/gssapi/generic/util_token.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/util_validate.c b/src/lib/gssapi/generic/util_validate.c
index 00dac32..afb47ea 100644
--- a/src/lib/gssapi/generic/util_validate.c
+++ b/src/lib/gssapi/generic/util_validate.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/generic/utl_nohash_validate.c b/src/lib/gssapi/generic/utl_nohash_validate.c
index d221b37..066780a 100644
--- a/src/lib/gssapi/generic/utl_nohash_validate.c
+++ b/src/lib/gssapi/generic/utl_nohash_validate.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  *  Copyright 1990,1994 by the Massachusetts Institute of Technology.
  *  All Rights Reserved.
diff --git a/src/lib/gssapi/krb5/Makefile.in b/src/lib/gssapi/krb5/Makefile.in
index 601acc5..01591b2 100644
--- a/src/lib/gssapi/krb5/Makefile.in
+++ b/src/lib/gssapi/krb5/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/gssapi/krb5
 mydir=lib/gssapi/krb5
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue
@@ -230,8 +228,10 @@ $(GSSAPI_KRB5_HDR): gssapi_krb5.h
 all-unix:: $(SRCS) $(HDRS) $(GSSAPI_KRB5_HDR) includes
 all-unix:: all-libobjs
 
-error_map.h: $(SRCTOP)/util/gen-map.pl $(SRCTOP)/util/ktemplate.pm Makefile
-	$(PERL) -I$(SRCTOP)/util $(SRCTOP)/util/gen-map.pl -oerror_map.new \
+error_map.h: $(top_srcdir)/util/gen-map.pl \
+		$(top_srcdir)/util/ktemplate.pm Makefile
+	$(PERL) -I$(top_srcdir)/util $(top_srcdir)/util/gen-map.pl \
+		-oerror_map.new \
 		NAME=gsserrmap \
 		KEY=OM_uint32 \
 		VALUE="char *" \
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index ccfdb5c..ce3075f 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2004, 2007, 2008  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -292,104 +292,104 @@ static OM_uint32
 kg_accept_dce(minor_status, context_handle, verifier_cred_handle,
               input_token, input_chan_bindings, src_name, mech_type,
               output_token, ret_flags, time_rec, delegated_cred_handle)
-     OM_uint32 *minor_status;
-     gss_ctx_id_t *context_handle;
-     gss_cred_id_t verifier_cred_handle;
-     gss_buffer_t input_token;
-     gss_channel_bindings_t input_chan_bindings;
-     gss_name_t *src_name;
-     gss_OID *mech_type;
-     gss_buffer_t output_token;
-     OM_uint32 *ret_flags;
-     OM_uint32 *time_rec;
-     gss_cred_id_t *delegated_cred_handle;
+    OM_uint32 *minor_status;
+    gss_ctx_id_t *context_handle;
+    gss_cred_id_t verifier_cred_handle;
+    gss_buffer_t input_token;
+    gss_channel_bindings_t input_chan_bindings;
+    gss_name_t *src_name;
+    gss_OID *mech_type;
+    gss_buffer_t output_token;
+    OM_uint32 *ret_flags;
+    OM_uint32 *time_rec;
+    gss_cred_id_t *delegated_cred_handle;
 {
-   krb5_error_code code;
-   krb5_gss_ctx_id_rec *ctx = 0;
-   krb5_timestamp now;
-   krb5_gss_name_t name = NULL;
-   krb5_ui_4 nonce = 0;
-   krb5_data ap_rep;
-   OM_uint32 major_status = GSS_S_FAILURE;
-
-   output_token->length = 0;
-   output_token->value = NULL;
-
-   if (mech_type)
-      *mech_type = GSS_C_NULL_OID;
-   /* return a bogus cred handle */
-   if (delegated_cred_handle)
-      *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-
-   ctx = (krb5_gss_ctx_id_rec *)*context_handle;
-
-   code = krb5_timeofday(ctx->k5_context, &now);
-   if (code != 0) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   if (ctx->krb_times.endtime < now) {
-       code = 0;
-       major_status = GSS_S_CREDENTIALS_EXPIRED;
-       goto fail;
-   }
-
-   ap_rep.data = input_token->value;
-   ap_rep.length = input_token->length;
-
-   code = krb5_rd_rep_dce(ctx->k5_context,
-                          ctx->auth_context,
-                          &ap_rep,
-                          &nonce);
-   if (code != 0) {
-       major_status = GSS_S_FAILURE;
-       goto fail;
-   }
-
-   ctx->established = 1;
-
-   if (src_name) {
-       if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
-                                     KG_INIT_NAME_INTERN, &name))) {
-           major_status = GSS_S_FAILURE;
-           goto fail;
-       }
-      *src_name = (gss_name_t) name;
-   }
-
-   if (mech_type)
-      *mech_type = ctx->mech_used;
-
-   if (time_rec)
-      *time_rec = ctx->krb_times.endtime - now;
-
-   if (ret_flags)
-      *ret_flags = ctx->gss_flags;
-
-   /* XXX no support for delegated credentials yet */
-
-   *minor_status = 0;
-
-   return GSS_S_COMPLETE;
-
- fail:
-   /* real failure code follows */
-
-   (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
-                                      NULL);
-   *context_handle = GSS_C_NO_CONTEXT;
-   *minor_status = code;
-
-   return major_status;
+    krb5_error_code code;
+    krb5_gss_ctx_id_rec *ctx = 0;
+    krb5_timestamp now;
+    krb5_gss_name_t name = NULL;
+    krb5_ui_4 nonce = 0;
+    krb5_data ap_rep;
+    OM_uint32 major_status = GSS_S_FAILURE;
+
+    output_token->length = 0;
+    output_token->value = NULL;
+
+    if (mech_type)
+        *mech_type = GSS_C_NULL_OID;
+    /* return a bogus cred handle */
+    if (delegated_cred_handle)
+        *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+    ctx = (krb5_gss_ctx_id_rec *)*context_handle;
+
+    code = krb5_timeofday(ctx->k5_context, &now);
+    if (code != 0) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    if (ctx->krb_times.endtime < now) {
+        code = 0;
+        major_status = GSS_S_CREDENTIALS_EXPIRED;
+        goto fail;
+    }
+
+    ap_rep.data = input_token->value;
+    ap_rep.length = input_token->length;
+
+    code = krb5_rd_rep_dce(ctx->k5_context,
+                           ctx->auth_context,
+                           &ap_rep,
+                           &nonce);
+    if (code != 0) {
+        major_status = GSS_S_FAILURE;
+        goto fail;
+    }
+
+    ctx->established = 1;
+
+    if (src_name) {
+        if ((code = kg_duplicate_name(ctx->k5_context, ctx->there,
+                                      KG_INIT_NAME_INTERN, &name))) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+        *src_name = (gss_name_t) name;
+    }
+
+    if (mech_type)
+        *mech_type = ctx->mech_used;
+
+    if (time_rec)
+        *time_rec = ctx->krb_times.endtime - now;
+
+    if (ret_flags)
+        *ret_flags = ctx->gss_flags;
+
+    /* XXX no support for delegated credentials yet */
+
+    *minor_status = 0;
+
+    return GSS_S_COMPLETE;
+
+fail:
+    /* real failure code follows */
+
+    (void) krb5_gss_delete_sec_context(minor_status, (gss_ctx_id_t *) &ctx,
+                                       NULL);
+    *context_handle = GSS_C_NO_CONTEXT;
+    *minor_status = code;
+
+    return major_status;
 }
 
 static OM_uint32
 kg_accept_krb5(minor_status, context_handle,
-              verifier_cred_handle, input_token,
-              input_chan_bindings, src_name, mech_type,
-              output_token, ret_flags, time_rec,
-              delegated_cred_handle)
+               verifier_cred_handle, input_token,
+               input_chan_bindings, src_name, mech_type,
+               output_token, ret_flags, time_rec,
+               delegated_cred_handle)
     OM_uint32 *minor_status;
     gss_ctx_id_t *context_handle;
     gss_cred_id_t verifier_cred_handle;
@@ -437,7 +437,6 @@ kg_accept_krb5(minor_status, context_handle,
     int no_encap = 0;
     krb5_flags ap_req_options = 0;
     krb5_enctype negotiated_etype;
-    krb5_keyblock *keyblock = NULL;
     krb5_authdata_context ad_context = NULL;
 
     code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
@@ -608,39 +607,37 @@ kg_accept_krb5(minor_status, context_handle,
     }
 #endif
 
-   if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
-      /* Samba does not send 0x8003 GSS-API checksums */
-      krb5_boolean valid;
-      krb5_keyblock *subkey;
-      krb5_data zero;
-
-      code = krb5_auth_con_getkey(context, auth_context, &subkey);
-      if (code) {
-         major_status = GSS_S_FAILURE;
-         goto fail;
-      }
-
-      zero.length = 0;
-      zero.data = "";
-
-      code = krb5_c_verify_checksum(context,
-                                    subkey,
-                                    KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
-                                    &zero,
-                                    authdat->checksum,
-                                    &valid);
-      if (code || !valid) {
-          major_status = GSS_S_BAD_SIG;
-          krb5_free_keyblock(context, subkey);
-          goto fail;
-      }
-
-      gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
-      bigend = 0;
-      decode_req_message = 0;
-
-      krb5_free_keyblock(context, subkey);
-   } else {
+    if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
+        /* Samba does not send 0x8003 GSS-API checksums */
+        krb5_boolean valid;
+        krb5_key subkey;
+        krb5_data zero;
+
+        code = krb5_auth_con_getkey_k(context, auth_context, &subkey);
+        if (code) {
+            major_status = GSS_S_FAILURE;
+            goto fail;
+        }
+
+        zero.length = 0;
+        zero.data = "";
+
+        code = krb5_k_verify_checksum(context,
+                                      subkey,
+                                      KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM,
+                                      &zero,
+                                      authdat->checksum,
+                                      &valid);
+        krb5_k_free_key(context, subkey);
+        if (code || !valid) {
+            major_status = GSS_S_BAD_SIG;
+            goto fail;
+        }
+
+        gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
+        bigend = 0;
+        decode_req_message = 0;
+    } else {
         /* gss krb5 v1 */
 
         /* stash this now, for later. */
@@ -859,9 +856,9 @@ kg_accept_krb5(minor_status, context_handle,
 
     /* XXX move this into gss_name_t */
     if (        (code = krb5_merge_authdata(context,
-                                   ticket->enc_part2->authorization_data,
+                                            ticket->enc_part2->authorization_data,
                                             authdat->authorization_data,
-                                   &ctx->authdata))) {
+                                            &ctx->authdata))) {
         major_status = GSS_S_FAILURE;
         goto fail;
     }
@@ -883,22 +880,23 @@ kg_accept_krb5(minor_status, context_handle,
     authdat->client = NULL;
     krb5_auth_con_set_authdata_context(context, auth_context, NULL);
 
-    if ((code = krb5_auth_con_getrecvsubkey(context, auth_context,
-                                            &keyblock))) {
+    if ((code = krb5_auth_con_getrecvsubkey_k(context, auth_context,
+                                              &ctx->subkey))) {
         major_status = GSS_S_FAILURE;
         goto fail;
     }
 
     /* use the session key if the subkey isn't present */
 
-    if (keyblock == NULL) {
-        if ((code = krb5_auth_con_getkey(context, auth_context, &keyblock))) {
+    if (ctx->subkey == NULL) {
+        if ((code = krb5_auth_con_getkey_k(context, auth_context,
+                                           &ctx->subkey))) {
             major_status = GSS_S_FAILURE;
             goto fail;
         }
     }
 
-    if (keyblock == NULL) {
+    if (ctx->subkey == NULL) {
         /* this isn't a very good error, but it's not clear to me this
            can actually happen */
         major_status = GSS_S_FAILURE;
@@ -906,12 +904,6 @@ kg_accept_krb5(minor_status, context_handle,
         goto fail;
     }
 
-    code = krb5_k_create_key(context, keyblock, &ctx->subkey);
-    if (code) {
-        major_status = GSS_S_FAILURE;
-        goto fail;
-    }
-
     ctx->enc = NULL;
     ctx->seq = NULL;
     ctx->have_acceptor_subkey = 0;
@@ -1038,20 +1030,13 @@ kg_accept_krb5(minor_status, context_handle,
         if (cfx_generate_subkey) {
             /* Get the new acceptor subkey.  With the code above, there
                should always be one if we make it to this point.  */
-            code = krb5_auth_con_getsendsubkey(context, auth_context,
-                                               &keyblock);
-            if (code != 0) {
-                major_status = GSS_S_FAILURE;
-                goto fail;
-            }
-            code = krb5_k_create_key(context, keyblock, &ctx->acceptor_subkey);
+            code = krb5_auth_con_getsendsubkey_k(context, auth_context,
+                                                 &ctx->acceptor_subkey);
             if (code != 0) {
                 major_status = GSS_S_FAILURE;
                 goto fail;
             }
             ctx->have_acceptor_subkey = 1;
-            krb5_free_keyblock(context, keyblock);
-            keyblock = NULL;
 
             code = kg_setup_keys(context, ctx, ctx->acceptor_subkey,
                                  &ctx->acceptor_subkey_cksumtype);
@@ -1135,7 +1120,7 @@ kg_accept_krb5(minor_status, context_handle,
         *src_name = (gss_name_t) name;
 
     if (delegated_cred_handle) {
-       if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
+        if (!kg_save_cred_id((gss_cred_id_t) deleg_cred)) {
             major_status = GSS_S_FAILURE;
             code = G_VALIDATE_FAILED;
             goto fail;
@@ -1163,8 +1148,6 @@ fail:
         xfree(reqcksum.contents);
     if (ap_rep.data)
         krb5_free_data_contents(context, &ap_rep);
-    if (keyblock)
-        krb5_free_keyblock(context, keyblock);
     if (major_status == GSS_S_COMPLETE ||
         (major_status == GSS_S_CONTINUE_NEEDED && code != KRB5KRB_AP_ERR_MSG_TYPE)) {
         ctx->k5_context = context;
@@ -1305,8 +1288,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
     }
 
     return kg_accept_krb5(minor_status, context_handle,
-                         verifier_cred_handle, input_token,
-                         input_chan_bindings, src_name, mech_type,
-                         output_token, ret_flags, time_rec,
-                         delegated_cred_handle);
+                          verifier_cred_handle, input_token,
+                          input_chan_bindings, src_name, mech_type,
+                          output_token, ret_flags, time_rec,
+                          delegated_cred_handle);
 }
diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 2c5ca9a..64efa1b 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -724,45 +724,45 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req,
 
 OM_uint32
 gss_krb5int_set_cred_rcache(OM_uint32 *minor_status,
-    gss_cred_id_t cred_handle,
-    const gss_OID desired_oid,
-    const gss_buffer_t value)
+                            gss_cred_id_t cred_handle,
+                            const gss_OID desired_oid,
+                            const gss_buffer_t value)
 {
-   krb5_gss_cred_id_t cred;
-   krb5_error_code code;
-   krb5_context context;
-   krb5_rcache rcache;
+    krb5_gss_cred_id_t cred;
+    krb5_error_code code;
+    krb5_context context;
+    krb5_rcache rcache;
 
-   assert(value->length == sizeof(rcache));
+    assert(value->length == sizeof(rcache));
 
-   if (value->length != sizeof(rcache))
-      return GSS_S_FAILURE;
+    if (value->length != sizeof(rcache))
+        return GSS_S_FAILURE;
 
-   rcache = (krb5_rcache)value->value;
+    rcache = (krb5_rcache)value->value;
 
-   if (cred_handle == GSS_C_NO_CREDENTIAL)
-      return GSS_S_NO_CRED;
+    if (cred_handle == GSS_C_NO_CREDENTIAL)
+        return GSS_S_NO_CRED;
 
-   cred = (krb5_gss_cred_id_t)cred_handle;
+    cred = (krb5_gss_cred_id_t)cred_handle;
 
-   code = krb5_gss_init_context(&context);
-   if (code) {
-       *minor_status = code;
-       return GSS_S_FAILURE;
-   }
-   if (cred->rcache != NULL) {
-      code = krb5_rc_close(context, cred->rcache);
-      if (code) {
-         *minor_status = code;
-         krb5_free_context(context);
-         return GSS_S_FAILURE;
-      }
-   }
+    code = krb5_gss_init_context(&context);
+    if (code) {
+        *minor_status = code;
+        return GSS_S_FAILURE;
+    }
+    if (cred->rcache != NULL) {
+        code = krb5_rc_close(context, cred->rcache);
+        if (code) {
+            *minor_status = code;
+            krb5_free_context(context);
+            return GSS_S_FAILURE;
+        }
+    }
 
-   cred->rcache = rcache;
+    cred->rcache = rcache;
 
-   krb5_free_context(context);
+    krb5_free_context(context);
 
-   *minor_status = 0;
-   return GSS_S_COMPLETE;
+    *minor_status = 0;
+    return GSS_S_COMPLETE;
 }
diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c
index cb14a5c..6f6707c 100644
--- a/src/lib/gssapi/krb5/add_cred.c
+++ b/src/lib/gssapi/krb5/add_cred.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
diff --git a/src/lib/gssapi/krb5/canon_name.c b/src/lib/gssapi/krb5/canon_name.c
index b4f4d4b..3dd01dc 100644
--- a/src/lib/gssapi/krb5/canon_name.c
+++ b/src/lib/gssapi/krb5/canon_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/canon_name.c
  *
diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c
index 1e106da..14f7076 100644
--- a/src/lib/gssapi/krb5/compare_name.c
+++ b/src/lib/gssapi/krb5/compare_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c
index b263b50..df8e088 100644
--- a/src/lib/gssapi/krb5/context_time.c
+++ b/src/lib/gssapi/krb5/context_time.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c
index 19fe1d7..632c866 100644
--- a/src/lib/gssapi/krb5/copy_ccache.c
+++ b/src/lib/gssapi/krb5/copy_ccache.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "gssapiP_krb5.h"
 
 OM_uint32 KRB5_CALLCONV
diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c
index 2032d55..d6b49a0 100644
--- a/src/lib/gssapi/krb5/delete_sec_context.c
+++ b/src/lib/gssapi/krb5/delete_sec_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/deps b/src/lib/gssapi/krb5/deps
index 3b1953b..d12ddba 100644
--- a/src/lib/gssapi/krb5/deps
+++ b/src/lib/gssapi/krb5/deps
@@ -5,692 +5,730 @@ accept_sec_context.so accept_sec_context.po $(OUTPRE)accept_sec_context.$(OBJEXT
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  accept_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \
-  gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h accept_sec_context.c \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
 acquire_cred.so acquire_cred.po $(OUTPRE)acquire_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  acquire_cred.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h acquire_cred.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 add_cred.so add_cred.po $(OUTPRE)add_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  add_cred.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h add_cred.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 canon_name.so canon_name.po $(OUTPRE)canon_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  canon_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h canon_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 compare_name.so compare_name.po $(OUTPRE)compare_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  compare_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h compare_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 context_time.so context_time.po $(OUTPRE)context_time.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  context_time.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h context_time.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 copy_ccache.so copy_ccache.po $(OUTPRE)copy_ccache.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  copy_ccache.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h copy_ccache.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 delete_sec_context.so delete_sec_context.po $(OUTPRE)delete_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  delete_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \
-  gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h delete_sec_context.c \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
 disp_name.so disp_name.po $(OUTPRE)disp_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  disp_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h disp_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 disp_status.so disp_status.po $(OUTPRE)disp_status.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  disp_status.c error_map.h gssapiP_krb5.h gssapi_err_krb5.h \
-  gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h disp_status.c error_map.h \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
 duplicate_name.so duplicate_name.po $(OUTPRE)duplicate_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  duplicate_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h duplicate_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 export_name.so export_name.po $(OUTPRE)export_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  export_name.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h export_name.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 export_sec_context.so export_sec_context.po $(OUTPRE)export_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  export_sec_context.c gssapiP_krb5.h gssapi_err_krb5.h \
-  gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h export_sec_context.c \
+  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
 get_tkt_flags.so get_tkt_flags.po $(OUTPRE)get_tkt_flags.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  get_tkt_flags.c gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h get_tkt_flags.c gssapiP_krb5.h \
+  gssapi_err_krb5.h gssapi_krb5.h
 gssapi_krb5.so gssapi_krb5.po $(OUTPRE)gssapi_krb5.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \
-  $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.c gssapi_krb5.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.c gssapi_krb5.h
 import_name.so import_name.po $(OUTPRE)import_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h import_name.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h import_name.c
 import_sec_context.so import_sec_context.po $(OUTPRE)import_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h import_sec_context.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h import_sec_context.c
 indicate_mechs.so indicate_mechs.po $(OUTPRE)indicate_mechs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \
-  $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h indicate_mechs.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h indicate_mechs.c
 init_sec_context.so init_sec_context.po $(OUTPRE)init_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h init_sec_context.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h init_sec_context.c
 inq_context.so inq_context.po $(OUTPRE)inq_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_context.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_context.c
 inq_cred.so inq_cred.po $(OUTPRE)inq_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_cred.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_cred.c
 inq_names.so inq_names.po $(OUTPRE)inq_names.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h inq_names.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h inq_names.c
 k5seal.so k5seal.po $(OUTPRE)k5seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h k5seal.c
 k5sealiov.so k5sealiov.po $(OUTPRE)k5sealiov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5sealiov.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealiov.c
 k5sealv3.so k5sealv3.po $(OUTPRE)k5sealv3.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5sealv3.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealv3.c
 k5sealv3iov.so k5sealv3iov.po $(OUTPRE)k5sealv3iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5sealv3iov.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5sealv3iov.c
 k5unseal.so k5unseal.po $(OUTPRE)k5unseal.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5unseal.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5unseal.c
 k5unsealiov.so k5unsealiov.po $(OUTPRE)k5unsealiov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h k5unsealiov.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h k5unsealiov.c
 krb5_gss_glue.so krb5_gss_glue.po $(OUTPRE)krb5_gss_glue.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h krb5_gss_glue.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h krb5_gss_glue.c
 lucid_context.so lucid_context.po $(OUTPRE)lucid_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h lucid_context.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h lucid_context.c
 naming_exts.so naming_exts.po $(OUTPRE)naming_exts.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h naming_exts.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h naming_exts.c
 process_context_token.so process_context_token.po $(OUTPRE)process_context_token.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h process_context_token.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h process_context_token.c
 rel_cred.so rel_cred.po $(OUTPRE)rel_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_cred.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h rel_cred.c
 rel_oid.so rel_oid.po $(OUTPRE)rel_oid.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h rel_oid.c
 rel_name.so rel_name.po $(OUTPRE)rel_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h rel_name.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h rel_name.c
 s4u_gss_glue.so s4u_gss_glue.po $(OUTPRE)s4u_gss_glue.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h s4u_gss_glue.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h s4u_gss_glue.c
 seal.so seal.po $(OUTPRE)seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h seal.c
 set_allowable_enctypes.so set_allowable_enctypes.po \
   $(OUTPRE)set_allowable_enctypes.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h set_allowable_enctypes.c
 ser_sctx.so ser_sctx.po $(OUTPRE)ser_sctx.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h ser_sctx.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h ser_sctx.c
 set_ccache.so set_ccache.po $(OUTPRE)set_ccache.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h set_ccache.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h set_ccache.c
 sign.so sign.po $(OUTPRE)sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h sign.c
 unseal.so unseal.po $(OUTPRE)unseal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h unseal.c
 util_cksum.so util_cksum.po $(OUTPRE)util_cksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_cksum.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_cksum.c
 util_crypt.so util_crypt.po $(OUTPRE)util_crypt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_crypt.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_crypt.c
 util_seed.so util_seed.po $(OUTPRE)util_seed.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_seed.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_seed.c
 util_seqnum.so util_seqnum.po $(OUTPRE)util_seqnum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h util_seqnum.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h util_seqnum.c
 val_cred.so val_cred.po $(OUTPRE)val_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h val_cred.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h val_cred.c
 verify.so verify.po $(OUTPRE)verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
   gssapi_krb5.h verify.c
 wrap_size_limit.so wrap_size_limit.po $(OUTPRE)wrap_size_limit.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h ../generic/gssapi_err_generic.h \
-  gssapiP_krb5.h gssapi_err_krb5.h gssapi_krb5.h wrap_size_limit.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_krb5.h gssapi_err_krb5.h \
+  gssapi_krb5.h wrap_size_limit.c
diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c
index 676dc4d..ac576f5 100644
--- a/src/lib/gssapi/krb5/disp_name.c
+++ b/src/lib/gssapi/krb5/disp_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c
index 6cc1bc1..6b164c2 100644
--- a/src/lib/gssapi/krb5/disp_status.c
+++ b/src/lib/gssapi/krb5/disp_status.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/duplicate_name.c b/src/lib/gssapi/krb5/duplicate_name.c
index 6783493..c054d74 100644
--- a/src/lib/gssapi/krb5/duplicate_name.c
+++ b/src/lib/gssapi/krb5/duplicate_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/duplicate_name.c
  *
diff --git a/src/lib/gssapi/krb5/export_name.c b/src/lib/gssapi/krb5/export_name.c
index 67d9ce0..52c2440 100644
--- a/src/lib/gssapi/krb5/export_name.c
+++ b/src/lib/gssapi/krb5/export_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/export_name.c
  *
diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c
index f408d09..271c58c 100644
--- a/src/lib/gssapi/krb5/export_sec_context.c
+++ b/src/lib/gssapi/krb5/export_sec_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/export_sec_context.c
  *
diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c
index 29126d6..07f0c97 100644
--- a/src/lib/gssapi/krb5/get_tkt_flags.c
+++ b/src/lib/gssapi/krb5/get_tkt_flags.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h
index fae3c83..2ac4b3a 100644
--- a/src/lib/gssapi/krb5/gssapiP_krb5.h
+++ b/src/lib/gssapi/krb5/gssapiP_krb5.h
@@ -299,14 +299,14 @@ krb5_error_code kg_encrypt_iov (krb5_context context,
                                 int iov_count);
 
 krb5_error_code
-kg_arcfour_docrypt (const krb5_keyblock *longterm_key , int ms_usage,
+kg_arcfour_docrypt (const krb5_keyblock *keyblock, int usage,
                     const unsigned char *kd_data, size_t kd_data_len,
                     const unsigned char *input_buf, size_t input_len,
                     unsigned char *output_buf);
 
 krb5_error_code
 kg_arcfour_docrypt_iov (krb5_context context,
-                        const krb5_keyblock *longterm_key , int ms_usage,
+                        const krb5_keyblock *keyblock, int usage,
                         const unsigned char *kd_data, size_t kd_data_len,
                         gss_iov_buffer_desc *iov,
                         int iov_count);
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index a6a9fad..b68bc9a 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -306,9 +306,9 @@ kg_set_ccache_name (OM_uint32 *minor_status, const char *name)
     return GSS_S_COMPLETE;
 }
 
-#define g_OID_prefix_equal(o1, o2) \
-        (((o1)->length >= (o2)->length) && \
-        (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
+#define g_OID_prefix_equal(o1, o2)                                      \
+    (((o1)->length >= (o2)->length) &&                                  \
+     (memcmp((o1)->elements, (o2)->elements, (o2)->length) == 0))
 
 /*
  * gss_inquire_sec_context_by_oid() methods
@@ -370,7 +370,7 @@ krb5_gss_inquire_sec_context_by_oid (OM_uint32 *minor_status,
         return GSS_S_NO_CONTEXT;
 
     for (i = 0; i < sizeof(krb5_gss_inquire_sec_context_by_oid_ops)/
-                    sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
+             sizeof(krb5_gss_inquire_sec_context_by_oid_ops[0]); i++) {
         if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_sec_context_by_oid_ops[i].oid)) {
             return (*krb5_gss_inquire_sec_context_by_oid_ops[i].func)(minor_status,
                                                                       context_handle,
@@ -432,7 +432,7 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
 
 #if 0
     for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
-                    sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
+             sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
         if (g_OID_prefix_equal(desired_object, &krb5_gss_inquire_cred_by_oid_ops[i].oid)) {
             return (*krb5_gss_inquire_cred_by_oid_ops[i].func)(minor_status,
                                                                cred_handle,
@@ -488,7 +488,7 @@ krb5_gss_set_sec_context_option (OM_uint32 *minor_status,
 
 #if 0
     for (i = 0; i < sizeof(krb5_gss_set_sec_context_option_ops)/
-                    sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
+             sizeof(krb5_gss_set_sec_context_option_ops[0]); i++) {
         if (g_OID_prefix_equal(desired_object, &krb5_gss_set_sec_context_option_ops[i].oid)) {
             return (*krb5_gss_set_sec_context_option_ops[i].func)(minor_status,
                                                                   context_handle,
@@ -551,7 +551,7 @@ krb5_gssspi_set_cred_option(OM_uint32 *minor_status,
         return major_status;
 
     for (i = 0; i < sizeof(krb5_gssspi_set_cred_option_ops)/
-                    sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
+             sizeof(krb5_gssspi_set_cred_option_ops[0]); i++) {
         if (g_OID_prefix_equal(desired_object, &krb5_gssspi_set_cred_option_ops[i].oid)) {
             return (*krb5_gssspi_set_cred_option_ops[i].func)(minor_status,
                                                               cred_handle,
@@ -610,7 +610,7 @@ krb5_gssspi_mech_invoke (OM_uint32 *minor_status,
         return GSS_S_CALL_INACCESSIBLE_READ;
 
     for (i = 0; i < sizeof(krb5_gssspi_mech_invoke_ops)/
-                    sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
+             sizeof(krb5_gssspi_mech_invoke_ops[0]); i++) {
         if (g_OID_prefix_equal(desired_object, &krb5_gssspi_mech_invoke_ops[i].oid)) {
             return (*krb5_gssspi_mech_invoke_ops[i].func)(minor_status,
                                                           desired_mech,
diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c
index b336195..cd2748b 100644
--- a/src/lib/gssapi/krb5/import_name.c
+++ b/src/lib/gssapi/krb5/import_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c
index b31d7ac..d4ef1e3 100644
--- a/src/lib/gssapi/krb5/import_sec_context.c
+++ b/src/lib/gssapi/krb5/import_sec_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/import_sec_context.c
  *
diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c
index d744af7..7707f65 100644
--- a/src/lib/gssapi/krb5/indicate_mechs.c
+++ b/src/lib/gssapi/krb5/indicate_mechs.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index e04818f..9b6f3ec 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2002, 2003, 2007, 2008 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -152,8 +152,8 @@ static krb5_error_code get_credentials(context, cred, server, now,
         krb5_creds mcreds;
 
         flags |= KRB5_GC_CANONICALIZE |
-                 KRB5_GC_NO_STORE |
-                 KRB5_GC_CONSTRAINED_DELEGATION;
+            KRB5_GC_NO_STORE |
+            KRB5_GC_CONSTRAINED_DELEGATION;
 
         memset(&mcreds, 0, sizeof(mcreds));
 
@@ -765,9 +765,9 @@ mutual_auth(
         ap_rep.length = input_token->length;
         ap_rep.data = (char *)input_token->value;
     } else if (g_verify_token_header(ctx->mech_used,
-                              &(ap_rep.length),
-                              &ptr, KG_TOK_CTX_AP_REP,
-                              input_token->length, 1)) {
+                                     &(ap_rep.length),
+                                     &ptr, KG_TOK_CTX_AP_REP,
+                                     input_token->length, 1)) {
         if (g_verify_token_header((gss_OID) ctx->mech_used,
                                   &(ap_rep.length),
                                   &ptr, KG_TOK_CTX_ERROR,
@@ -1006,11 +1006,11 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle,
     /*SUPPRESS 29*/
     if (*context_handle == GSS_C_NO_CONTEXT) {
         major_status = kg_new_connection(minor_status, cred, context_handle,
-                                        target_name, mech_type, req_flags,
-                                        time_req, input_chan_bindings,
-                                        input_token, actual_mech_type,
-                                        output_token, ret_flags, time_rec,
-                                        context, default_mech);
+                                         target_name, mech_type, req_flags,
+                                         time_req, input_chan_bindings,
+                                         input_token, actual_mech_type,
+                                         output_token, ret_flags, time_rec,
+                                         context, default_mech);
         k5_mutex_unlock(&cred->lock);
         if (*context_handle == GSS_C_NO_CONTEXT) {
             save_error_info (*minor_status, context);
diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c
index eaf1c4d..64604c4 100644
--- a/src/lib/gssapi/krb5/inq_context.c
+++ b/src/lib/gssapi/krb5/inq_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -235,10 +235,10 @@ cleanup:
 
 OM_uint32
 gss_krb5int_extract_authz_data_from_sec_context(
-   OM_uint32 *minor_status,
-   const gss_ctx_id_t context_handle,
-   const gss_OID desired_object,
-   gss_buffer_set_t *data_set)
+    OM_uint32 *minor_status,
+    const gss_ctx_id_t context_handle,
+    const gss_OID desired_object,
+    gss_buffer_set_t *data_set)
 {
     OM_uint32 major_status;
     krb5_gss_ctx_id_rec *ctx;
diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c
index 5c358eb..9af0e4e 100644
--- a/src/lib/gssapi/krb5/inq_cred.c
+++ b/src/lib/gssapi/krb5/inq_cred.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000, 2007 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
diff --git a/src/lib/gssapi/krb5/inq_names.c b/src/lib/gssapi/krb5/inq_names.c
index 5db0ae0..a3de420 100644
--- a/src/lib/gssapi/krb5/inq_names.c
+++ b/src/lib/gssapi/krb5/inq_names.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/inq_names.c
  *
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index d071462..51faaaa 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -336,10 +336,10 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
 
     /* Only default qop or matching established cryptosystem is allowed.
 
-    There are NO EXTENSIONS to this set for AES and friends!  The
-    new spec says "just use 0".  The old spec plus extensions would
-    actually allow for certain non-zero values.  Fix this to handle
-    them later.  */
+       There are NO EXTENSIONS to this set for AES and friends!  The
+       new spec says "just use 0".  The old spec plus extensions would
+       actually allow for certain non-zero values.  Fix this to handle
+       them later.  */
     if (qop_req != 0) {
         *minor_status = (OM_uint32) G_UNKNOWN_QOP;
         return GSS_S_FAILURE;
diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c
index 8eb5310..9ff823e 100644
--- a/src/lib/gssapi/krb5/k5sealiov.c
+++ b/src/lib/gssapi/krb5/k5sealiov.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/k5sealiov.c
  *
@@ -336,9 +336,9 @@ kg_seal_iov(OM_uint32 *minor_status,
     return (ctx->krb_times.endtime < now) ? GSS_S_CONTEXT_EXPIRED : GSS_S_COMPLETE;
 }
 
-#define INIT_IOV_DATA(_iov)     do { (_iov)->buffer.value = NULL; \
-                                     (_iov)->buffer.length = 0; } \
-                                while (0)
+#define INIT_IOV_DATA(_iov)     do { (_iov)->buffer.value = NULL;       \
+        (_iov)->buffer.length = 0; }                                    \
+    while (0)
 
 OM_uint32
 kg_seal_iov_length(OM_uint32 *minor_status,
@@ -418,7 +418,7 @@ kg_seal_iov_length(OM_uint32 *minor_status,
 
         code = krb5_c_crypto_length(context, enctype,
                                     conf_req_flag ?
-                                        KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    KRB5_CRYPTO_TYPE_TRAILER : KRB5_CRYPTO_TYPE_CHECKSUM,
                                     &k5_trailerlen);
         if (code != 0) {
             *minor_status = code;
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index ad5c03a..0e9b359 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/k5sealv3.c
  *
@@ -178,7 +178,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
 #ifdef CFX_EXERCISE
         rrc = rand() & 0xffff;
         if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
-                        (bufsize-16) - (rrc % (bufsize - 16))))
+                                    (bufsize-16) - (rrc % (bufsize - 16))))
             store_16_be(rrc, outbuf+6);
         /* If the rotate fails, don't worry about it.  */
 #endif
@@ -267,7 +267,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
             rrc = rand() & 0xffff;
             /* If the rotate fails, don't worry about it.  */
             if (gss_krb5int_rotate_left(outbuf+16, bufsize-16,
-                            (bufsize-16) - (rrc % (bufsize - 16))))
+                                        (bufsize-16) - (rrc % (bufsize - 16))))
                 store_16_be(rrc, outbuf+6);
 #endif
             /* Fix up EC field.  */
@@ -352,19 +352,19 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
 
     /* Two things to note here.
 
-    First, we can't really enforce the use of the acceptor's subkey,
-    if we're the acceptor; the initiator may have sent messages
-    before getting the subkey.  We could probably enforce it if
-    we're the initiator.
-
-    Second, if someone tweaks the code to not set the flag telling
-    the krb5 library to generate a new subkey in the AP-REP
-    message, the MIT library may include a subkey anyways --
-    namely, a copy of the AP-REQ subkey, if it was provided.  So
-    the initiator may think we wanted a subkey, and set the flag,
-    even though we weren't trying to set the subkey.  The "other"
-    key, the one not asserted by the acceptor, will have the same
-    value in that case, though, so we can just ignore the flag.  */
+       First, we can't really enforce the use of the acceptor's subkey,
+       if we're the acceptor; the initiator may have sent messages
+       before getting the subkey.  We could probably enforce it if
+       we're the initiator.
+
+       Second, if someone tweaks the code to not set the flag telling
+       the krb5 library to generate a new subkey in the AP-REP
+       message, the MIT library may include a subkey anyways --
+       namely, a copy of the AP-REQ subkey, if it was provided.  So
+       the initiator may think we wanted a subkey, and set the flag,
+       even though we weren't trying to set the subkey.  The "other"
+       key, the one not asserted by the acceptor, will have the same
+       value in that case, though, so we can just ignore the flag.  */
     if (ctx->have_acceptor_subkey && (ptr[2] & FLAG_ACCEPTOR_SUBKEY)) {
         key = ctx->acceptor_subkey;
         cksumtype = ctx->acceptor_subkey_cksumtype;
@@ -396,8 +396,8 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
                 *conf_state = 1;
             /* Do we have no decrypt_size function?
 
-            For all current cryptosystems, the ciphertext size will
-            be larger than the plaintext size.  */
+               For all current cryptosystems, the ciphertext size will
+               be larger than the plaintext size.  */
             cipher.enctype = key->keyblock.enctype;
             cipher.ciphertext.length = bodysize - 16;
             cipher.ciphertext.data = (char *)ptr + 16;
diff --git a/src/lib/gssapi/krb5/k5sealv3iov.c b/src/lib/gssapi/krb5/k5sealv3iov.c
index b5b9793..f977d9b 100644
--- a/src/lib/gssapi/krb5/k5sealv3iov.c
+++ b/src/lib/gssapi/krb5/k5sealv3iov.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/k5sealv3iov.c
  *
@@ -363,7 +363,7 @@ gss_krb5int_unseal_v3_iov(krb5_context context,
 
         code = krb5_c_crypto_length(context, key->keyblock.enctype,
                                     conf_flag ? KRB5_CRYPTO_TYPE_TRAILER :
-                                                KRB5_CRYPTO_TYPE_CHECKSUM,
+                                    KRB5_CRYPTO_TYPE_CHECKSUM,
                                     &k5_trailerlen);
         if (code != 0) {
             *minor_status = code;
diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c
index e96dce8..b56cd2d 100644
--- a/src/lib/gssapi/krb5/k5unseal.c
+++ b/src/lib/gssapi/krb5/k5unseal.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2001, 2007 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
index a9896c5..a489f0d 100644
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/k5unsealiov.c
  *
@@ -551,7 +551,7 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
 
         ttrailer->buffer.length = ec + (conf_req_flag ? 16 : 0 /* E(Header) */) + k5_trailerlen;
         ttrailer->buffer.value = (unsigned char *)stream->buffer.value +
-                                 stream->buffer.length - ttrailer->buffer.length;
+            stream->buffer.length - ttrailer->buffer.length;
         break;
     }
     case KG_TOK_MIC_MSG:
@@ -586,8 +586,8 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
 
     /* validate lengths */
     if (stream->buffer.length < theader->buffer.length +
-                                tpadding->buffer.length +
-                                ttrailer->buffer.length)
+        tpadding->buffer.length +
+        ttrailer->buffer.length)
     {
         code = (OM_uint32)KRB5_BAD_MSIZE;
         major_status = GSS_S_DEFECTIVE_TOKEN;
@@ -596,7 +596,7 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
 
     /* setup data */
     tdata->buffer.length = stream->buffer.length - ttrailer->buffer.length -
-                           tpadding->buffer.length - theader->buffer.length;
+        tpadding->buffer.length - theader->buffer.length;
 
     assert(data != NULL);
 
diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c
index f9bf030..0d87f90 100644
--- a/src/lib/gssapi/krb5/krb5_gss_glue.c
+++ b/src/lib/gssapi/krb5/krb5_gss_glue.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
@@ -55,10 +55,9 @@
 #include "gssapiP_krb5.h"
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_get_tkt_flags(
-    OM_uint32 *minor_status,
-    gss_ctx_id_t context_handle,
-    krb5_flags *ticket_flags)
+gss_krb5_get_tkt_flags(OM_uint32 *minor_status,
+                       gss_ctx_id_t context_handle,
+                       krb5_flags *ticket_flags)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_GET_TKT_FLAGS_OID_LENGTH,
@@ -93,10 +92,9 @@ gss_krb5_get_tkt_flags(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_copy_ccache(
-    OM_uint32 *minor_status,
-    gss_cred_id_t cred_handle,
-    krb5_ccache out_ccache)
+gss_krb5_copy_ccache(OM_uint32 *minor_status,
+                     gss_cred_id_t cred_handle,
+                     krb5_ccache out_ccache)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_COPY_CCACHE_OID_LENGTH,
@@ -119,11 +117,10 @@ gss_krb5_copy_ccache(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_export_lucid_sec_context(
-    OM_uint32 *minor_status,
-    gss_ctx_id_t *context_handle,
-    OM_uint32 version,
-    void **kctx)
+gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
+                                  gss_ctx_id_t *context_handle,
+                                  OM_uint32 version,
+                                  void **kctx)
 {
     unsigned char oid_buf[GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT_OID_LENGTH + 6];
     gss_OID_desc req_oid;
@@ -174,11 +171,10 @@ gss_krb5_export_lucid_sec_context(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_set_allowable_enctypes(
-    OM_uint32 *minor_status,
-    gss_cred_id_t cred,
-    OM_uint32 num_ktypes,
-    krb5_enctype *ktypes)
+gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
+                                gss_cred_id_t cred,
+                                OM_uint32 num_ktypes,
+                                krb5_enctype *ktypes)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_SET_ALLOWABLE_ENCTYPES_OID_LENGTH,
@@ -202,10 +198,9 @@ gss_krb5_set_allowable_enctypes(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_ccache_name(
-    OM_uint32 *minor_status,
-    const char *name,
-    const char **out_name)
+gss_krb5_ccache_name(OM_uint32 *minor_status,
+                     const char *name,
+                     const char **out_name)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_CCACHE_NAME_OID_LENGTH,
@@ -229,9 +224,7 @@ gss_krb5_ccache_name(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_free_lucid_sec_context(
-    OM_uint32 *minor_status,
-    void *kctx)
+gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status, void *kctx)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_FREE_LUCID_SEC_CONTEXT_OID_LENGTH,
@@ -306,11 +299,10 @@ krb5_gss_use_kdc_context(void)
  * into a gss_name_t.
  */
 OM_uint32 KRB5_CALLCONV
-gsskrb5_extract_authz_data_from_sec_context(
-    OM_uint32 *minor_status,
-    gss_ctx_id_t context_handle,
-    int ad_type,
-    gss_buffer_t ad_data)
+gsskrb5_extract_authz_data_from_sec_context(OM_uint32 *minor_status,
+                                            gss_ctx_id_t context_handle,
+                                            int ad_type,
+                                            gss_buffer_t ad_data)
 {
     gss_OID_desc req_oid;
     unsigned char oid_buf[GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH + 6];
@@ -358,10 +350,9 @@ gsskrb5_extract_authz_data_from_sec_context(
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_krb5_set_cred_rcache(
-    OM_uint32 *minor_status,
-    gss_cred_id_t cred,
-    krb5_rcache rcache)
+gss_krb5_set_cred_rcache(OM_uint32 *minor_status,
+                         gss_cred_id_t cred,
+                         krb5_rcache rcache)
 {
     static const gss_OID_desc req_oid = {
         GSS_KRB5_SET_CRED_RCACHE_OID_LENGTH,
diff --git a/src/lib/gssapi/krb5/lucid_context.c b/src/lib/gssapi/krb5/lucid_context.c
index fb5a8e7..b1454cf 100644
--- a/src/lib/gssapi/krb5/lucid_context.c
+++ b/src/lib/gssapi/krb5/lucid_context.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/lucid_context.c
  *
diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 4e7247e..8cb21bf 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/naming_exts.c
  *
diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c
index 9a4d282..ac41ad6 100644
--- a/src/lib/gssapi/krb5/process_context_token.c
+++ b/src/lib/gssapi/krb5/process_context_token.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c
index b6b2588..05e24b2 100644
--- a/src/lib/gssapi/krb5/rel_cred.c
+++ b/src/lib/gssapi/krb5/rel_cred.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/rel_name.c b/src/lib/gssapi/krb5/rel_name.c
index 5490b8a..8975865 100644
--- a/src/lib/gssapi/krb5/rel_name.c
+++ b/src/lib/gssapi/krb5/rel_name.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c
index 7a08da2..dfa2738 100644
--- a/src/lib/gssapi/krb5/rel_oid.c
+++ b/src/lib/gssapi/krb5/rel_oid.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/rel_oid.c
  *
diff --git a/src/lib/gssapi/krb5/s4u_gss_glue.c b/src/lib/gssapi/krb5/s4u_gss_glue.c
index 866159f..c47a15d 100644
--- a/src/lib/gssapi/krb5/s4u_gss_glue.c
+++ b/src/lib/gssapi/krb5/s4u_gss_glue.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2009  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -103,7 +103,7 @@ static int
 kg_is_initiator_cred(krb5_gss_cred_id_t cred)
 {
     return (cred->usage == GSS_C_INITIATE || cred->usage == GSS_C_BOTH) &&
-           (cred->ccache != NULL);
+        (cred->ccache != NULL);
 }
 
 static OM_uint32
@@ -311,7 +311,7 @@ kg_compose_deleg_cred(OM_uint32 *minor_status,
 
     code = krb5_cc_initialize(context, cred->ccache,
                               cred->proxy_cred ? impersonator_cred->name->princ :
-                                    subject_creds->client);
+                              subject_creds->client);
     if (code != 0)
         goto cleanup;
 
diff --git a/src/lib/gssapi/krb5/seal.c b/src/lib/gssapi/krb5/seal.c
index 7bdcb34..7f48c7a 100644
--- a/src/lib/gssapi/krb5/seal.c
+++ b/src/lib/gssapi/krb5/seal.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c
index 4987b2e..f5c1081 100644
--- a/src/lib/gssapi/krb5/ser_sctx.c
+++ b/src/lib/gssapi/krb5/ser_sctx.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/ser_sctx.c
  *
@@ -364,7 +364,7 @@ kg_ctx_size(kcontext, arg, sizep)
                                         &required);
             }
         }
-            *sizep += required;
+        *sizep += required;
     }
     return(kret);
 }
@@ -665,8 +665,8 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain)
             /* Now get substructure data */
             kret = krb5_internalize_opaque(kcontext,
                                            KV5M_PRINCIPAL,
-                                            (krb5_pointer *) &princ,
-                                            &bp, &remain);
+                                           (krb5_pointer *) &princ,
+                                           &bp, &remain);
             if (kret == 0) {
                 kret = kg_init_name(kcontext, princ, NULL,
                                     KG_INIT_NAME_NO_COPY, &ctx->here);
diff --git a/src/lib/gssapi/krb5/set_allowable_enctypes.c b/src/lib/gssapi/krb5/set_allowable_enctypes.c
index 5cc72df..cdfc965 100644
--- a/src/lib/gssapi/krb5/set_allowable_enctypes.c
+++ b/src/lib/gssapi/krb5/set_allowable_enctypes.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/set_allowable_enctypes.c
  *
diff --git a/src/lib/gssapi/krb5/set_ccache.c b/src/lib/gssapi/krb5/set_ccache.c
index 2731826..7d52608 100644
--- a/src/lib/gssapi/krb5/set_ccache.c
+++ b/src/lib/gssapi/krb5/set_ccache.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/gssapi/krb5/set_ccache.c
  *
diff --git a/src/lib/gssapi/krb5/sign.c b/src/lib/gssapi/krb5/sign.c
index 069768c..028423b 100644
--- a/src/lib/gssapi/krb5/sign.c
+++ b/src/lib/gssapi/krb5/sign.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/unseal.c b/src/lib/gssapi/krb5/unseal.c
index 4b612a2..a764a45 100644
--- a/src/lib/gssapi/krb5/unseal.c
+++ b/src/lib/gssapi/krb5/unseal.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c
index 88a55bb..5228df3 100644
--- a/src/lib/gssapi/krb5/util_cksum.c
+++ b/src/lib/gssapi/krb5/util_cksum.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/util_crypt.c b/src/lib/gssapi/krb5/util_crypt.c
index e097086..9699c26 100644
--- a/src/lib/gssapi/krb5/util_crypt.c
+++ b/src/lib/gssapi/krb5/util_crypt.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2001, 2008 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
@@ -282,73 +282,23 @@ kg_decrypt(krb5_context context, krb5_key key, int usage, krb5_pointer iv,
 }
 
 krb5_error_code
-kg_arcfour_docrypt(const krb5_keyblock *longterm_key , int ms_usage,
+kg_arcfour_docrypt(const krb5_keyblock *keyblock, int usage,
                    const unsigned char *kd_data, size_t kd_data_len,
                    const unsigned char *input_buf, size_t input_len,
                    unsigned char *output_buf)
 {
     krb5_error_code code;
-    krb5_data input, output;
+    krb5_data kd = make_data((char *) kd_data, kd_data_len);
+    krb5_crypto_iov kiov;
     krb5int_access kaccess;
-    krb5_key key;
-    krb5_keyblock seq_enc_key, usage_key;
-    unsigned char t[14];
-    size_t i = 0;
-    int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP);
-
-    usage_key.length = longterm_key->length;
-    usage_key.contents = malloc(usage_key.length);
-    if (usage_key.contents == NULL)
-        return (ENOMEM);
-    seq_enc_key.length = longterm_key->length;
-    seq_enc_key.contents = malloc(seq_enc_key.length);
-    if (seq_enc_key.contents == NULL) {
-        free ((void *) usage_key.contents);
-        return (ENOMEM);
-    }
-    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
-    if (code)
-        goto cleanup_arcfour;
 
-    if (exportable) {
-        memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
-        i += sizeof(kg_arcfour_l40);
-    }
-    store_32_le(ms_usage, &t[i]);
-    i += 4;
-    input.data = (void *) &t;
-    input.length = i;
-    output.data = (void *) usage_key.contents;
-    output.length = usage_key.length;
-    code = (*kaccess.hmac)(kaccess.md5_hash_provider, longterm_key, 1,
-                           &input, &output);
-    if (code)
-        goto cleanup_arcfour;
-    if (exportable)
-        memset(usage_key.contents + 7, 0xab, 9);
-
-    input.data = ( void *) kd_data;
-    input.length = kd_data_len;
-    output.data = (void *) seq_enc_key.contents;
-    code = (*kaccess.hmac)(kaccess.md5_hash_provider, &usage_key, 1,
-                           &input, &output);
-    if (code)
-        goto cleanup_arcfour;
-    input.data = ( void * ) input_buf;
-    input.length = input_len;
-    output.data = (void * ) output_buf;
-    output.length = input_len;
-    code = krb5_k_create_key(NULL, &seq_enc_key, &key);
+    code = krb5int_accessor(&kaccess, KRB5INT_ACCESS_VERSION);
     if (code)
-        goto cleanup_arcfour;
-    code = (*kaccess.arcfour_enc_provider->encrypt)(key, 0, &input, &output);
-    krb5_k_free_key(NULL, key);
-cleanup_arcfour:
-    memset (seq_enc_key.contents, 0, seq_enc_key.length);
-    memset (usage_key.contents, 0, usage_key.length);
-    free (usage_key.contents);
-    free (seq_enc_key.contents);
-    return (code);
+        return code;
+    memcpy(output_buf, input_buf, input_len);
+    kiov.flags = KRB5_CRYPTO_TYPE_DATA;
+    kiov.data = make_data(output_buf, input_len);
+    return (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, &kiov, 1);
 }
 
 /* AEAD */
@@ -626,81 +576,28 @@ kg_decrypt_iov(krb5_context context, int proto, int dce_style, size_t ec,
 }
 
 krb5_error_code
-kg_arcfour_docrypt_iov(krb5_context context,
-                       const krb5_keyblock *longterm_key, int ms_usage,
-                       const unsigned char *kd_data, size_t kd_data_len,
-                       gss_iov_buffer_desc *iov, int iov_count)
+kg_arcfour_docrypt_iov(krb5_context context, const krb5_keyblock *keyblock,
+                       int usage, const unsigned char *kd_data,
+                       size_t kd_data_len, gss_iov_buffer_desc *iov,
+                       int iov_count)
 {
     krb5_error_code code;
-    krb5_data input, output;
+    krb5_data kd = make_data((char *) kd_data, kd_data_len);
     krb5int_access kaccess;
-    krb5_key key;
-    krb5_keyblock seq_enc_key, usage_key;
-    unsigned char t[14];
-    size_t i = 0;
-    int exportable = (longterm_key->enctype == ENCTYPE_ARCFOUR_HMAC_EXP);
     krb5_crypto_iov *kiov = NULL;
     size_t kiov_count = 0;
 
-    usage_key.length = longterm_key->length;
-    usage_key.contents = malloc(usage_key.length);
-    if (usage_key.contents == NULL)
-        return (ENOMEM);
-    seq_enc_key.length = longterm_key->length;
-    seq_enc_key.contents = malloc(seq_enc_key.length);
-    if (seq_enc_key.contents == NULL) {
-        free ((void *) usage_key.contents);
-        return (ENOMEM);
-    }
     code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
     if (code)
-        goto cleanup_arcfour;
-
-    if (exportable) {
-        memcpy(t, kg_arcfour_l40, sizeof(kg_arcfour_l40));
-        i += sizeof(kg_arcfour_l40);
-    }
-    store_32_le(ms_usage, &t[i]);
-    i += 4;
-    input.data = (void *) &t;
-    input.length = i;
-    output.data = (void *) usage_key.contents;
-    output.length = usage_key.length;
-    code = (*kaccess.hmac)(kaccess.md5_hash_provider, longterm_key, 1,
-                           &input, &output);
-    if (code)
-        goto cleanup_arcfour;
-    if (exportable)
-        memset(usage_key.contents + 7, 0xab, 9);
-
-    input.data = ( void *) kd_data;
-    input.length = kd_data_len;
-    output.data = (void *) seq_enc_key.contents;
-    code = (*kaccess.hmac)(kaccess.md5_hash_provider, &usage_key, 1,
-                           &input, &output);
-    if (code)
-        goto cleanup_arcfour;
-
+        return code;
     code = kg_translate_iov(context, 0 /* proto */, 0 /* dce_style */,
-                            0 /* ec */, 0 /* rrc */, longterm_key->enctype,
+                            0 /* ec */, 0 /* rrc */, keyblock->enctype,
                             iov, iov_count, &kiov, &kiov_count);
     if (code)
-        goto cleanup_arcfour;
-
-    code = krb5_k_create_key(context, &seq_enc_key, &key);
-    if (code)
-        goto cleanup_arcfour;
-    code = (*kaccess.arcfour_enc_provider->encrypt_iov)(key, 0, kiov,
-                                                        kiov_count);
-    krb5_k_free_key(context, key);
-cleanup_arcfour:
-    memset (seq_enc_key.contents, 0, seq_enc_key.length);
-    memset (usage_key.contents, 0, usage_key.length);
-    free (usage_key.contents);
-    free (seq_enc_key.contents);
-    if (kiov != NULL)
-        free(kiov);
-    return (code);
+        return code;
+    code = (*kaccess.arcfour_gsscrypt)(keyblock, usage, &kd, kiov, kiov_count);
+    free(kiov);
+    return code;
 }
 
 krb5_cryptotype
diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c
index 5c696ea..6e1c9ac 100644
--- a/src/lib/gssapi/krb5/util_seed.c
+++ b/src/lib/gssapi/krb5/util_seed.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c
index 388990a..bef631d 100644
--- a/src/lib/gssapi/krb5/util_seqnum.c
+++ b/src/lib/gssapi/krb5/util_seqnum.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2001, 2009 by the Massachusetts Institute of Technology.
  * Copyright 1993 by OpenVision Technologies, Inc.
diff --git a/src/lib/gssapi/krb5/val_cred.c b/src/lib/gssapi/krb5/val_cred.c
index 747d822..2351d9f 100644
--- a/src/lib/gssapi/krb5/val_cred.c
+++ b/src/lib/gssapi/krb5/val_cred.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997, 2007 by Massachusetts Institute of Technology
  * All Rights Reserved.
diff --git a/src/lib/gssapi/krb5/verify.c b/src/lib/gssapi/krb5/verify.c
index 033a489..e443353 100644
--- a/src/lib/gssapi/krb5/verify.c
+++ b/src/lib/gssapi/krb5/verify.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 by OpenVision Technologies, Inc.
  *
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index 2b62386..b047483 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2000 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -118,7 +118,7 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
             krb5_enctype enctype;
 
             key = ctx->have_acceptor_subkey ? ctx->acceptor_subkey
-                                            : ctx->subkey;
+                : ctx->subkey;
             enctype = key->keyblock.enctype;
 
             while (sz > 0 && krb5_encrypt_size(sz, enctype) + 16 > req_output_size)
@@ -142,7 +142,7 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
             size_t cksumsize;
 
             cksumtype = ctx->have_acceptor_subkey ? ctx->acceptor_subkey_cksumtype
-                                                  : ctx->cksumtype;
+                : ctx->cksumtype;
 
             err = krb5_c_checksum_length(ctx->k5_context, cksumtype, &cksumsize);
             if (err) {
diff --git a/src/lib/gssapi/mechglue/Makefile.in b/src/lib/gssapi/mechglue/Makefile.in
index 8edacf6..0858a4a 100644
--- a/src/lib/gssapi/mechglue/Makefile.in
+++ b/src/lib/gssapi/mechglue/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/gssapi/mechglue
 mydir=lib/gssapi/mechglue
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../krb5 -I$(srcdir)/../krb5 -I../spnego -I$(srcdir)/../spnego
diff --git a/src/lib/gssapi/mechglue/deps b/src/lib/gssapi/mechglue/deps
index 34dd43e..e4b69a3 100644
--- a/src/lib/gssapi/mechglue/deps
+++ b/src/lib/gssapi/mechglue/deps
@@ -4,413 +4,413 @@
 g_accept_sec_context.so g_accept_sec_context.po $(OUTPRE)g_accept_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_accept_sec_context.c \
   mechglue.h mglueP.h
 g_acquire_cred.so g_acquire_cred.po $(OUTPRE)g_acquire_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_acquire_cred.c mechglue.h \
   mglueP.h
 g_acquire_cred_imp_name.so g_acquire_cred_imp_name.po \
   $(OUTPRE)g_acquire_cred_imp_name.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
-  ../generic/gssapi_err_generic.h g_acquire_cred_imp_name.c \
-  mechglue.h mglueP.h
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_acquire_cred_imp_name.c mechglue.h mglueP.h
 g_buffer_set.so g_buffer_set.po $(OUTPRE)g_buffer_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_buffer_set.c mechglue.h \
   mglueP.h
 g_canon_name.so g_canon_name.po $(OUTPRE)g_canon_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_canon_name.c mechglue.h \
   mglueP.h
 g_compare_name.so g_compare_name.po $(OUTPRE)g_compare_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_compare_name.c mechglue.h \
   mglueP.h
 g_complete_auth_token.so g_complete_auth_token.po $(OUTPRE)g_complete_auth_token.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_complete_auth_token.c \
   mechglue.h mglueP.h
 g_context_time.so g_context_time.po $(OUTPRE)g_context_time.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_context_time.c mechglue.h \
   mglueP.h
 g_delete_sec_context.so g_delete_sec_context.po $(OUTPRE)g_delete_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_delete_sec_context.c \
   mechglue.h mglueP.h
 g_del_name_attr.so g_del_name_attr.po $(OUTPRE)g_del_name_attr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_del_name_attr.c mechglue.h \
   mglueP.h
 g_dsp_name.so g_dsp_name.po $(OUTPRE)g_dsp_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_dsp_name.c mechglue.h \
   mglueP.h
 g_dsp_name_ext.so g_dsp_name_ext.po $(OUTPRE)g_dsp_name_ext.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_dsp_name_ext.c mechglue.h \
   mglueP.h
 g_dsp_status.so g_dsp_status.po $(OUTPRE)g_dsp_status.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_dsp_status.c mechglue.h \
   mglueP.h
 g_dup_name.so g_dup_name.po $(OUTPRE)g_dup_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_dup_name.c mechglue.h \
   mglueP.h
 g_exp_sec_context.so g_exp_sec_context.po $(OUTPRE)g_exp_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_exp_sec_context.c \
   mechglue.h mglueP.h
 g_export_name.so g_export_name.po $(OUTPRE)g_export_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_export_name.c mechglue.h \
   mglueP.h
 g_export_name_comp.so g_export_name_comp.po $(OUTPRE)g_export_name_comp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_export_name_comp.c \
   mechglue.h mglueP.h
 g_get_name_attr.so g_get_name_attr.po $(OUTPRE)g_get_name_attr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_get_name_attr.c mechglue.h \
   mglueP.h
 g_glue.so g_glue.po $(OUTPRE)g_glue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
-  ../generic/gssapi_err_generic.h g_glue.c mechglue.h \
-  mglueP.h
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_glue.c mechglue.h mglueP.h
 g_imp_name.so g_imp_name.po $(OUTPRE)g_imp_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_imp_name.c mechglue.h \
   mglueP.h
 g_imp_sec_context.so g_imp_sec_context.po $(OUTPRE)g_imp_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_imp_sec_context.c \
   mechglue.h mglueP.h
 g_init_sec_context.so g_init_sec_context.po $(OUTPRE)g_init_sec_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_init_sec_context.c \
   mechglue.h mglueP.h
 g_initialize.so g_initialize.po $(OUTPRE)g_initialize.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../krb5/gssapiP_krb5.h \
-  $(srcdir)/../spnego/gssapiP_spnego.h ../generic/gssapi_err_generic.h \
-  ../krb5/gssapi_err_krb5.h ../krb5/gssapi_krb5.h g_initialize.c \
-  mechglue.h mglueP.h
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../krb5/gssapiP_krb5.h $(srcdir)/../spnego/gssapiP_spnego.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h ../krb5/gssapi_err_krb5.h \
+  ../krb5/gssapi_krb5.h g_initialize.c mechglue.h mglueP.h
 g_inq_context.so g_inq_context.po $(OUTPRE)g_inq_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_context.c mechglue.h \
   mglueP.h
 g_inq_context_oid.so g_inq_context_oid.po $(OUTPRE)g_inq_context_oid.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_context_oid.c \
   mechglue.h mglueP.h
 g_inq_cred.so g_inq_cred.po $(OUTPRE)g_inq_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_cred.c mechglue.h \
   mglueP.h
 g_inq_cred_oid.so g_inq_cred_oid.po $(OUTPRE)g_inq_cred_oid.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_cred_oid.c mechglue.h \
   mglueP.h
 g_inq_name.so g_inq_name.po $(OUTPRE)g_inq_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_name.c mechglue.h \
   mglueP.h
 g_inq_names.so g_inq_names.po $(OUTPRE)g_inq_names.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_inq_names.c mechglue.h \
   mglueP.h
 g_map_name_to_any.so g_map_name_to_any.po $(OUTPRE)g_map_name_to_any.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_map_name_to_any.c \
   mechglue.h mglueP.h
 g_mech_invoke.so g_mech_invoke.po $(OUTPRE)g_mech_invoke.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_mech_invoke.c mechglue.h \
   mglueP.h
 g_mechname.so g_mechname.po $(OUTPRE)g_mechname.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_mechname.c mechglue.h \
   mglueP.h
 g_oid_ops.so g_oid_ops.po $(OUTPRE)g_oid_ops.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_oid_ops.c mechglue.h \
   mglueP.h
 g_process_context.so g_process_context.po $(OUTPRE)g_process_context.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_process_context.c \
   mechglue.h mglueP.h
 g_rel_buffer.so g_rel_buffer.po $(OUTPRE)g_rel_buffer.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_rel_buffer.c mechglue.h \
   mglueP.h
 g_rel_cred.so g_rel_cred.po $(OUTPRE)g_rel_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_rel_cred.c mechglue.h \
   mglueP.h
 g_rel_name.so g_rel_name.po $(OUTPRE)g_rel_name.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_rel_name.c mechglue.h \
   mglueP.h
 g_rel_name_mapping.so g_rel_name_mapping.po $(OUTPRE)g_rel_name_mapping.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_rel_name_mapping.c \
   mechglue.h mglueP.h
 g_rel_oid_set.so g_rel_oid_set.po $(OUTPRE)g_rel_oid_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_rel_oid_set.c mechglue.h \
   mglueP.h
 g_seal.so g_seal.po $(OUTPRE)g_seal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
-  ../generic/gssapi_err_generic.h g_seal.c mechglue.h \
-  mglueP.h
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_seal.c mechglue.h mglueP.h
 g_set_context_option.so g_set_context_option.po $(OUTPRE)g_set_context_option.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_set_context_option.c \
   mechglue.h mglueP.h
 g_set_cred_option.so g_set_cred_option.po $(OUTPRE)g_set_cred_option.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_set_cred_option.c \
   mechglue.h mglueP.h
 g_set_name_attr.so g_set_name_attr.po $(OUTPRE)g_set_name_attr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_set_name_attr.c mechglue.h \
   mglueP.h
 g_sign.so g_sign.po $(OUTPRE)g_sign.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
   $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
-  ../generic/gssapi_err_generic.h g_sign.c mechglue.h \
-  mglueP.h
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h ../generic/gssapi_err_generic.h \
+  g_sign.c mechglue.h mglueP.h
 g_store_cred.so g_store_cred.po $(OUTPRE)g_store_cred.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_store_cred.c mechglue.h \
   mglueP.h
 g_unseal.so g_unseal.po $(OUTPRE)g_unseal.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_unseal.c mechglue.h \
   mglueP.h
 g_unwrap_aead.so g_unwrap_aead.po $(OUTPRE)g_unwrap_aead.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_unwrap_aead.c mechglue.h \
   mglueP.h
 g_unwrap_iov.so g_unwrap_iov.po $(OUTPRE)g_unwrap_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_unwrap_iov.c mechglue.h \
   mglueP.h
 g_verify.so g_verify.po $(OUTPRE)g_verify.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_verify.c mechglue.h \
   mglueP.h
 g_wrap_aead.so g_wrap_aead.po $(OUTPRE)g_wrap_aead.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_wrap_aead.c mechglue.h \
   mglueP.h
 g_wrap_iov.so g_wrap_iov.po $(OUTPRE)g_wrap_iov.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(COM_ERR_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(srcdir)/../generic/gssapiP_generic.h \
-  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
+  $(srcdir)/../generic/gssapi_generic.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   ../generic/gssapi_err_generic.h g_wrap_iov.c mechglue.h \
   mglueP.h
diff --git a/src/lib/gssapi/mechglue/g_seal.c b/src/lib/gssapi/mechglue/g_seal.c
index acb4c36..f17241c 100644
--- a/src/lib/gssapi/mechglue/g_seal.c
+++ b/src/lib/gssapi/mechglue/g_seal.c
@@ -1,5 +1,4 @@
-/* #pragma ident	"@(#)g_seal.c	1.19	98/04/21 SMI" */
-
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1996 by Sun Microsystems, Inc.
  *
@@ -29,72 +28,63 @@
 #include "mglueP.h"
 
 static OM_uint32
-val_wrap_args(
-    OM_uint32 *minor_status,
-    gss_ctx_id_t context_handle,
-    int conf_req_flag,
-    gss_qop_t qop_req,
-    gss_buffer_t input_message_buffer,
-    int *conf_state,
-    gss_buffer_t output_message_buffer)
+val_wrap_args(OM_uint32 *minor_status,
+              gss_ctx_id_t context_handle,
+              int conf_req_flag,
+              gss_qop_t qop_req,
+              gss_buffer_t input_message_buffer,
+              int *conf_state,
+              gss_buffer_t output_message_buffer)
 {
-
     /* Initialize outputs. */
 
     if (minor_status != NULL)
-	*minor_status = 0;
+        *minor_status = 0;
 
     if (output_message_buffer != GSS_C_NO_BUFFER) {
-	output_message_buffer->length = 0;
-	output_message_buffer->value = NULL;
+        output_message_buffer->length = 0;
+        output_message_buffer->value = NULL;
     }
 
     /* Validate arguments. */
 
     if (minor_status == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     if (context_handle == GSS_C_NO_CONTEXT)
-	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+        return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
 
     if (input_message_buffer == GSS_C_NO_BUFFER)
-	return (GSS_S_CALL_INACCESSIBLE_READ);
+        return (GSS_S_CALL_INACCESSIBLE_READ);
 
     if (output_message_buffer == GSS_C_NO_BUFFER)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     return (GSS_S_COMPLETE);
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_wrap (minor_status,
-          context_handle,
-          conf_req_flag,
-          qop_req,
-          input_message_buffer,
-          conf_state,
-          output_message_buffer)
-
-OM_uint32 *		minor_status;
-gss_ctx_id_t		context_handle;
-int			conf_req_flag;
-gss_qop_t		qop_req;
-gss_buffer_t		input_message_buffer;
-int *			conf_state;
-gss_buffer_t		output_message_buffer;
+gss_wrap( OM_uint32 *minor_status,
+          gss_ctx_id_t context_handle,
+          int conf_req_flag,
+          gss_qop_t qop_req,
+          gss_buffer_t input_message_buffer,
+          int *conf_state,
+          gss_buffer_t output_message_buffer)
 {
- /* EXPORT DELETE START */
 
-    OM_uint32		status;
-    gss_union_ctx_id_t	ctx;
-    gss_mechanism	mech;
+    /* EXPORT DELETE START */
+
+    OM_uint32           status;
+    gss_union_ctx_id_t  ctx;
+    gss_mechanism       mech;
 
     status = val_wrap_args(minor_status, context_handle,
-			   conf_req_flag, qop_req,
-			   input_message_buffer, conf_state,
-			   output_message_buffer);
+                           conf_req_flag, qop_req,
+                           input_message_buffer, conf_state,
+                           output_message_buffer);
     if (status != GSS_S_COMPLETE)
-	return (status);
+        return (status);
 
     /*
      * select the approprate underlying mechanism routine and
@@ -105,60 +95,51 @@ gss_buffer_t		output_message_buffer;
     mech = gssint_get_mechanism (ctx->mech_type);
 
     if (mech) {
-	if (mech->gss_wrap) {
-	    status = mech->gss_wrap(
-				    minor_status,
-				    ctx->internal_ctx_id,
-				    conf_req_flag,
-				    qop_req,
-				    input_message_buffer,
-				    conf_state,
-				    output_message_buffer);
-	    if (status != GSS_S_COMPLETE)
-		map_error(minor_status, mech);
-	} else if (mech->gss_wrap_aead ||
-		   (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) {
-	    status = gssint_wrap_aead(mech,
-				      minor_status,
-				      ctx,
-				      conf_req_flag,
-				      (gss_qop_t)qop_req,
-				      GSS_C_NO_BUFFER,
-				      input_message_buffer,
-				      conf_state,
-				      output_message_buffer);
-	} else
-	    status = GSS_S_UNAVAILABLE;
-
-	return(status);
+        if (mech->gss_wrap) {
+            status = mech->gss_wrap(minor_status,
+                                    ctx->internal_ctx_id,
+                                    conf_req_flag,
+                                    qop_req,
+                                    input_message_buffer,
+                                    conf_state,
+                                    output_message_buffer);
+            if (status != GSS_S_COMPLETE)
+                map_error(minor_status, mech);
+        } else if (mech->gss_wrap_aead ||
+                   (mech->gss_wrap_iov && mech->gss_wrap_iov_length)) {
+            status = gssint_wrap_aead(mech,
+                                      minor_status,
+                                      ctx,
+                                      conf_req_flag,
+                                      (gss_qop_t)qop_req,
+                                      GSS_C_NO_BUFFER,
+                                      input_message_buffer,
+                                      conf_state,
+                                      output_message_buffer);
+        } else
+            status = GSS_S_UNAVAILABLE;
+
+        return(status);
     }
- /* EXPORT DELETE END */
+    /* EXPORT DELETE END */
 
     return (GSS_S_BAD_MECH);
 }
 
 OM_uint32 KRB5_CALLCONV
-gss_seal (minor_status,
-          context_handle,
-          conf_req_flag,
-          qop_req,
-          input_message_buffer,
-          conf_state,
-          output_message_buffer)
-
-OM_uint32 *		minor_status;
-gss_ctx_id_t		context_handle;
-int			conf_req_flag;
-int			qop_req;
-gss_buffer_t		input_message_buffer;
-int *			conf_state;
-gss_buffer_t		output_message_buffer;
-
+gss_seal(OM_uint32 *minor_status,
+         gss_ctx_id_t context_handle,
+         int conf_req_flag,
+         int qop_req,
+         gss_buffer_t input_message_buffer,
+         int *conf_state,
+         gss_buffer_t output_message_buffer)
 {
+
     return gss_wrap(minor_status, context_handle,
-		    conf_req_flag, (gss_qop_t) qop_req,
-		    input_message_buffer, conf_state,
-		    output_message_buffer);
+                    conf_req_flag, (gss_qop_t) qop_req,
+                    input_message_buffer, conf_state,
+                    output_message_buffer);
 }
 
 /*
@@ -168,16 +149,16 @@ gss_buffer_t		output_message_buffer;
  */
 static OM_uint32
 gssint_wrap_size_limit_iov_shim(gss_mechanism mech,
-				OM_uint32 *minor_status,
-				gss_ctx_id_t context_handle,
-				int conf_req_flag,
-				gss_qop_t qop_req,
-				OM_uint32 req_output_size,
-				OM_uint32 *max_input_size)
+                                OM_uint32 *minor_status,
+                                gss_ctx_id_t context_handle,
+                                int conf_req_flag,
+                                gss_qop_t qop_req,
+                                OM_uint32 req_output_size,
+                                OM_uint32 *max_input_size)
 {
-    gss_iov_buffer_desc	iov[4];
-    OM_uint32		status;
-    OM_uint32		ohlen;
+    gss_iov_buffer_desc iov[4];
+    OM_uint32           status;
+    OM_uint32           ohlen;
 
     iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
     iov[0].buffer.value = NULL;
@@ -198,20 +179,20 @@ gssint_wrap_size_limit_iov_shim(gss_mechanism mech,
     assert(mech->gss_wrap_iov_length);
 
     status = mech->gss_wrap_iov_length(minor_status, context_handle,
-				       conf_req_flag, qop_req,
-				       NULL, iov,
-				       sizeof(iov)/sizeof(iov[0]));
+                                       conf_req_flag, qop_req,
+                                       NULL, iov,
+                                       sizeof(iov)/sizeof(iov[0]));
     if (status != GSS_S_COMPLETE) {
-	map_error(minor_status, mech);
-	return status;
+        map_error(minor_status, mech);
+        return status;
     }
 
     ohlen = iov[0].buffer.length + iov[3].buffer.length;
 
     if (iov[2].buffer.length == 0 && ohlen < req_output_size)
-	*max_input_size = req_output_size - ohlen;
+        *max_input_size = req_output_size - ohlen;
     else
-	*max_input_size = 0;
+        *max_input_size = 0;
 
     return GSS_S_COMPLETE;
 }
@@ -220,28 +201,24 @@ gssint_wrap_size_limit_iov_shim(gss_mechanism mech,
  * New for V2
  */
 OM_uint32 KRB5_CALLCONV
-gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
-		    qop_req, req_output_size, max_input_size)
-    OM_uint32		*minor_status;
-    gss_ctx_id_t	context_handle;
-    int			conf_req_flag;
-    gss_qop_t		qop_req;
-    OM_uint32		req_output_size;
-    OM_uint32		*max_input_size;
+gss_wrap_size_limit(OM_uint32  *minor_status,
+                    gss_ctx_id_t context_handle,
+                    int conf_req_flag,
+                    gss_qop_t qop_req, OM_uint32 req_output_size, OM_uint32 *max_input_size)
 {
-    gss_union_ctx_id_t	ctx;
-    gss_mechanism	mech;
-    OM_uint32		major_status;
+    gss_union_ctx_id_t  ctx;
+    gss_mechanism       mech;
+    OM_uint32           major_status;
 
     if (minor_status == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
     *minor_status = 0;
 
     if (context_handle == GSS_C_NO_CONTEXT)
-	return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
+        return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT);
 
     if (max_input_size == NULL)
-	return (GSS_S_CALL_INACCESSIBLE_WRITE);
+        return (GSS_S_CALL_INACCESSIBLE_WRITE);
 
     /*
      * select the approprate underlying mechanism routine and
@@ -252,21 +229,21 @@ gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
     mech = gssint_get_mechanism (ctx->mech_type);
 
     if (!mech)
-	return (GSS_S_BAD_MECH);
+        return (GSS_S_BAD_MECH);
 
     if (mech->gss_wrap_size_limit)
-	major_status = mech->gss_wrap_size_limit(minor_status,
-						 ctx->internal_ctx_id,
-						 conf_req_flag, qop_req,
-						 req_output_size, max_input_size);
+        major_status = mech->gss_wrap_size_limit(minor_status,
+                                                 ctx->internal_ctx_id,
+                                                 conf_req_flag, qop_req,
+                                                 req_output_size, max_input_size);
     else if (mech->gss_wrap_iov_length)
-	major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status,
-						       ctx->internal_ctx_id,
-						       conf_req_flag, qop_req,
-						       req_output_size, max_input_size);
+        major_status = gssint_wrap_size_limit_iov_shim(mech, minor_status,
+                                                       ctx->internal_ctx_id,
+                                                       conf_req_flag, qop_req,
+                                                       req_output_size, max_input_size);
     else
-	major_status = GSS_S_UNAVAILABLE;
+        major_status = GSS_S_UNAVAILABLE;
     if (major_status != GSS_S_COMPLETE)
-	map_error(minor_status, mech);
+        map_error(minor_status, mech);
     return major_status;
 }
diff --git a/src/lib/gssapi/spnego/Makefile.in b/src/lib/gssapi/spnego/Makefile.in
index 95bfd1a..16741eb 100644
--- a/src/lib/gssapi/spnego/Makefile.in
+++ b/src/lib/gssapi/spnego/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/gssapi/spnego
 mydir=lib/gssapi/spnego
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I. -I$(srcdir) -I$(srcdir)/.. -I../generic -I$(srcdir)/../generic -I../mechglue -I$(srcdir)/../mechglue
diff --git a/src/lib/gssapi/spnego/deps b/src/lib/gssapi/spnego/deps
index 744da4f..3f0b907 100644
--- a/src/lib/gssapi/spnego/deps
+++ b/src/lib/gssapi/spnego/deps
@@ -5,14 +5,14 @@ spnego_mech.so spnego_mech.po $(OUTPRE)spnego_mech.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../generic/gssapiP_generic.h $(srcdir)/../generic/gssapi_ext.h \
-  $(srcdir)/../generic/gssapi_generic.h $(srcdir)/../mechglue/mechglue.h \
-  $(srcdir)/../mechglue/mglueP.h ../generic/gssapi_err_generic.h \
-  gssapiP_spnego.h spnego_mech.c
+  $(COM_ERR_DEPS) $(srcdir)/../generic/gssapiP_generic.h \
+  $(srcdir)/../generic/gssapi_ext.h $(srcdir)/../generic/gssapi_generic.h \
+  $(srcdir)/../mechglue/mechglue.h $(srcdir)/../mechglue/mglueP.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  ../generic/gssapi_err_generic.h gssapiP_spnego.h spnego_mech.c
diff --git a/src/lib/kadm5/Makefile.in b/src/lib/kadm5/Makefile.in
index 4c502eb..24da565 100644
--- a/src/lib/kadm5/Makefile.in
+++ b/src/lib/kadm5/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=lib/kadm5
 mydir=lib/kadm5
 BUILDTOP=$(REL)..$(S)..
 SUBDIRS = clnt srv unit-test
diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
index 13006c7..aceb949 100644
--- a/src/lib/kadm5/clnt/Makefile.in
+++ b/src/lib/kadm5/clnt/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/kadm5/clnt
 mydir=lib/kadm5/clnt
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
diff --git a/src/lib/kadm5/clnt/deps b/src/lib/kadm5/clnt/deps
index be6dc26..7d78d4e 100644
--- a/src/lib/kadm5/clnt/deps
+++ b/src/lib/kadm5/clnt/deps
@@ -6,36 +6,36 @@ clnt_policy.so clnt_policy.po $(OUTPRE)clnt_policy.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \
-  clnt_policy.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_policy.c
 client_rpc.so client_rpc.po $(OUTPRE)client_rpc.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h client_rpc.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_rpc.c
 client_principal.so client_principal.po $(OUTPRE)client_principal.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \
-  client_principal.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h client_principal.c
 client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
@@ -43,41 +43,42 @@ client_init.so client_init.po $(OUTPRE)client_init.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  client_init.c client_internal.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h client_init.c \
+  client_internal.h
 clnt_privs.so clnt_privs.po $(OUTPRE)clnt_privs.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h client_internal.h \
-  clnt_privs.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_privs.c
 clnt_chpass_util.so clnt_chpass_util.po $(OUTPRE)clnt_chpass_util.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h client_internal.h clnt_chpass_util.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h client_internal.h clnt_chpass_util.c
diff --git a/src/lib/kadm5/deps b/src/lib/kadm5/deps
index 8ebc1a8..a5c07b0 100644
--- a/src/lib/kadm5/deps
+++ b/src/lib/kadm5/deps
@@ -9,13 +9,13 @@ misc_free.so misc_free.po $(OUTPRE)misc_free.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h admin_internal.h misc_free.c \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h admin_internal.h misc_free.c \
   server_internal.h
 kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
@@ -23,72 +23,73 @@ kadm_rpc_xdr.so kadm_rpc_xdr.po $(OUTPRE)kadm_rpc_xdr.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/admin_xdr.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/kadm_rpc.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h kadm_rpc_xdr.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h kadm_rpc_xdr.c
 chpass_util.so chpass_util.po $(OUTPRE)chpass_util.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h admin_internal.h chpass_util.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h admin_internal.h chpass_util.c
 alt_prof.so alt_prof.po $(OUTPRE)alt_prof.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h $(top_srcdir)/include/iprop_hdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   alt_prof.c
 str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  admin_internal.h str_conv.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h admin_internal.h \
+  str_conv.c
 logger.so logger.po $(OUTPRE)logger.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   logger.c
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index b8da209..a3f4339 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -668,8 +668,11 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
         log_control.log_whoami = strdup(whoami);
         log_control.log_hostname = (char *) malloc(MAXHOSTNAMELEN + 1);
         if (log_control.log_hostname) {
-            gethostname(log_control.log_hostname, MAXHOSTNAMELEN);
-            log_control.log_hostname[MAXHOSTNAMELEN] = '\0';
+            if (gethostname(log_control.log_hostname, MAXHOSTNAMELEN) == -1) {
+                free(log_control.log_hostname);
+                log_control.log_hostname = NULL;
+            } else
+                log_control.log_hostname[MAXHOSTNAMELEN] = '\0';
         }
 #ifdef  HAVE_OPENLOG
         if (do_openlog) {
diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
index d49e37b..e813830 100644
--- a/src/lib/kadm5/srv/Makefile.in
+++ b/src/lib/kadm5/srv/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=lib/kadm5/srv
 mydir=lib/kadm5/srv
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5 \
-	-I$(SRCTOP)/lib/gssapi/krb5 -I$(SRCTOP)/lib/gssapi/generic \
+	-I$(top_srcdir)/lib/gssapi/krb5 -I$(top_srcdir)/lib/gssapi/generic \
 	-I$(BUILDTOP)/lib/gssapi/krb5 -I$(BUILDTOP)/lib/gssapi/generic
 DEFINES = @HESIOD_DEFS@
 DEFS=
diff --git a/src/lib/kadm5/srv/deps b/src/lib/kadm5/srv/deps
index 9dcc661..45977a5 100644
--- a/src/lib/kadm5/srv/deps
+++ b/src/lib/kadm5/srv/deps
@@ -6,25 +6,25 @@ svr_policy.so svr_policy.po $(OUTPRE)svr_policy.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h svr_policy.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h svr_policy.c
 svr_principal.so svr_principal.po $(OUTPRE)svr_principal.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h svr_principal.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h svr_principal.c
 server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \
@@ -32,19 +32,19 @@ server_acl.so server_acl.po $(OUTPRE)server_acl.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   server_acl.c server_acl.h
 server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
@@ -52,19 +52,19 @@ server_kdb.so server_kdb.po $(OUTPRE)server_kdb.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   server_kdb.c
 server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
@@ -72,19 +72,19 @@ server_misc.so server_misc.po $(OUTPRE)server_misc.$(OBJEXT): \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   server_misc.c
 server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
@@ -95,69 +95,71 @@ server_init.so server_init.po $(OUTPRE)server_init.$(OBJEXT): \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
   $(BUILDTOP)/lib/gssapi/generic/gssapi_err_generic.h \
   $(BUILDTOP)/lib/gssapi/krb5/gssapi_err_krb5.h $(BUILDTOP)/lib/gssapi/krb5/gssapi_krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../../gssapi/generic/gssapiP_generic.h $(srcdir)/../../gssapi/generic/gssapi_ext.h \
-  $(srcdir)/../../gssapi/generic/gssapi_generic.h $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h \
-  server_init.c
+  $(COM_ERR_DEPS) $(srcdir)/../../gssapi/generic/gssapiP_generic.h \
+  $(srcdir)/../../gssapi/generic/gssapi_ext.h $(srcdir)/../../gssapi/generic/gssapi_generic.h \
+  $(srcdir)/../../gssapi/krb5/gssapiP_krb5.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h server_init.c
 server_dict.so server_dict.po $(OUTPRE)server_dict.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h server_dict.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/adm_proto.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  server_dict.c
 svr_iters.so svr_iters.po $(OUTPRE)svr_iters.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h svr_iters.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h svr_iters.c
 svr_chpass_util.so svr_chpass_util.po $(OUTPRE)svr_chpass_util.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/server_internal.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h svr_chpass_util.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h svr_chpass_util.c
 adb_xdr.so adb_xdr.po $(OUTPRE)adb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
   $(BUILDTOP)/include/kadm5/admin_xdr.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/kadm5/kadm_rpc.h \
   $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h adb_xdr.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h adb_xdr.c
diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in
index caa4e2d..ecd64c1 100644
--- a/src/lib/kadm5/unit-test/Makefile.in
+++ b/src/lib/kadm5/unit-test/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/kadm5/unit-test
 mydir=lib/kadm5/unit-test
 BUILDTOP=$(REL)..$(S)..$(S)..
 DEFINES =
diff --git a/src/lib/kadm5/unit-test/deps b/src/lib/kadm5/unit-test/deps
index 5d831c7..16448dd 100644
--- a/src/lib/kadm5/unit-test/deps
+++ b/src/lib/kadm5/unit-test/deps
@@ -4,80 +4,82 @@
 $(OUTPRE)init-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h init-test.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h init-test.c
 $(OUTPRE)destroy-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h destroy-test.c
-$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
-  $(BUILDTOP)/include/kadm5/admin_internal.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
-  $(BUILDTOP)/include/kadm5/client_internal.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h handle-test.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h destroy-test.c
+$(OUTPRE)handle-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h handle-test.c
 $(OUTPRE)iter-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h iter-test.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h iter-test.c
 $(OUTPRE)setkey-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   setkey-test.c
 $(OUTPRE)randkey-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h randkey-test.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h randkey-test.c
 $(OUTPRE)lock-test.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h lock-test.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h lock-test.c
diff --git a/src/lib/kdb/Makefile.in b/src/lib/kdb/Makefile.in
index 2946ba9..c450a98 100644
--- a/src/lib/kdb/Makefile.in
+++ b/src/lib/kdb/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../..
-myfulldir=lib/kdb
 mydir=lib/kdb
 BUILDTOP=$(REL)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 CFLAGS=@CFLAGS@ -DKDB5_USE_LIB_KDB_DB2
diff --git a/src/lib/kdb/deps b/src/lib/kdb/deps
index e3bdfc8..2e3baaf 100644
--- a/src/lib/kdb/deps
+++ b/src/lib/kdb/deps
@@ -4,122 +4,122 @@
 kdb5.so kdb5.po $(OUTPRE)kdb5.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   adb_err.h kdb5.c kdb5.h kdb5int.h
 encrypt_key.so encrypt_key.po $(OUTPRE)encrypt_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  encrypt_key.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h encrypt_key.c
 decrypt_key.so decrypt_key.po $(OUTPRE)decrypt_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  decrypt_key.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h decrypt_key.c
 kdb_default.so kdb_default.po $(OUTPRE)kdb_default.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kdb_default.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_default.c
 kdb_cpw.so kdb_cpw.po $(OUTPRE)kdb_cpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kdb_cpw.c
 adb_err.so adb_err.po $(OUTPRE)adb_err.$(OBJEXT): $(COM_ERR_DEPS) \
   adb_err.c
 iprop_xdr.so iprop_xdr.po $(OUTPRE)iprop_xdr.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h iprop_xdr.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/iprop.h iprop_xdr.c
 kdb_convert.so kdb_convert.po $(OUTPRE)kdb_convert.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kdb_convert.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_convert.c
 kdb_log.so kdb_log.po $(OUTPRE)kdb_log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
-  $(SRCTOP)/include/iprop_hdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/kdb_log.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kdb5.h kdb5int.h kdb_log.c
 keytab.so keytab.po $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_kt.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h keytab.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_kt.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h keytab.c
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 81c70f3..ea24d36 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -98,7 +98,7 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
         }
 
 
-        if (ktype > 0) {
+        if (ktype != -1) {
             if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
                                               dbentp->key_data[i].key_data_type[0],
                                               &similar)))
@@ -106,7 +106,7 @@ krb5_dbe_def_search_enctype(kcontext, dbentp, start, ktype, stype, kvno, kdatap)
                 return(ret);
         }
 
-        if (((ktype <= 0) || similar) &&
+        if (((ktype == -1) || similar) &&
             ((db_stype == stype) || (stype < 0))) {
             if (kvno >= 0) {
                 if (kvno == dbentp->key_data[i].key_data_kvno) {
diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in
index 9e6cbf2..adaba32 100644
--- a/src/lib/krb5/Makefile.in
+++ b/src/lib/krb5/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=lib/krb5
 mydir=lib/krb5
 BUILDTOP=$(REL)..$(S)..
 LOCALINCLUDES = -I$(srcdir)/ccache -I$(srcdir)/keytab -I$(srcdir)/rcache -I$(srcdir)/os -I$(srcdir)/unicode
diff --git a/src/lib/krb5/asn.1/Makefile.in b/src/lib/krb5/asn.1/Makefile.in
index f7f1b21..d0566c1 100644
--- a/src/lib/krb5/asn.1/Makefile.in
+++ b/src/lib/krb5/asn.1/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/asn.1
 mydir=lib/krb5/asn.1
 BUILDTOP=$(REL)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c
index b73e769..a328306 100644
--- a/src/lib/krb5/asn.1/asn1_encode.c
+++ b/src/lib/krb5/asn.1/asn1_encode.c
@@ -325,11 +325,11 @@ asn1_encode_opaque(asn1buf *buf, unsigned int len, const void *val,
  */
 
 #ifdef POINTERS_ARE_ALL_THE_SAME
-#define LOADPTR(PTR,TYPE)                                       \
-    (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR))
-#else
 #define LOADPTR(PTR,TYPE)                       \
     (*(const void *const *)(PTR))
+#else
+#define LOADPTR(PTR,TYPE)                                       \
+    (assert((TYPE)->loadptr != NULL), (TYPE)->loadptr(PTR))
 #endif
 
 static int
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index 0257a8b..60d9455 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -658,6 +658,7 @@ asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part *val)
     val->last_req = NULL;
     val->server = NULL;
     val->caddrs = NULL;
+    val->enc_padata = NULL;
     { begin_structure();
         get_field(val->session,0,asn1_decode_encryption_key_ptr);
         get_field(val->last_req,1,asn1_decode_last_req);
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c
index 1cd6c8c..a35f561 100644
--- a/src/lib/krb5/asn.1/asn1_k_encode.c
+++ b/src/lib/krb5/asn.1/asn1_k_encode.c
@@ -1424,6 +1424,8 @@ MAKE_FULL_ENCODER(encode_krb5_safe_with_body, krb5_safe_with_body);
 
 MAKE_FULL_ENCODER(encode_krb5_priv, krb5_priv);
 MAKE_FULL_ENCODER(encode_krb5_enc_priv_part, priv_enc_part);
+MAKE_FULL_ENCODER(encode_krb5_checksum, checksum);
+
 MAKE_FULL_ENCODER(encode_krb5_cred, krb5_cred);
 MAKE_FULL_ENCODER(encode_krb5_enc_cred_part, enc_cred_part);
 MAKE_FULL_ENCODER(encode_krb5_error, krb5_error);
diff --git a/src/lib/krb5/asn.1/deps b/src/lib/krb5/asn.1/deps
index 098559b..6267f8d 100644
--- a/src/lib/krb5/asn.1/deps
+++ b/src/lib/krb5/asn.1/deps
@@ -4,126 +4,127 @@
 asn1_decode.so asn1_decode.po $(OUTPRE)asn1_decode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_decode.c asn1_decode.h asn1_get.h asn1buf.h krbasn1.h
 asn1_k_decode.so asn1_k_decode.po $(OUTPRE)asn1_k_decode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_decode.h asn1_get.h asn1_k_decode.c asn1_k_decode.h \
   asn1_misc.h asn1buf.h krbasn1.h
 asn1_encode.so asn1_encode.po $(OUTPRE)asn1_encode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_encode.c asn1_encode.h asn1_make.h asn1buf.h krbasn1.h
 asn1_get.so asn1_get.po $(OUTPRE)asn1_get.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_get.c asn1_get.h asn1buf.h krbasn1.h
 asn1_make.so asn1_make.po $(OUTPRE)asn1_make.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_make.c asn1_make.h asn1buf.h krbasn1.h
 asn1buf.so asn1buf.po $(OUTPRE)asn1buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h asn1_get.h asn1buf.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h asn1_get.h asn1buf.c \
   asn1buf.h krbasn1.h
 krb5_decode.so krb5_decode.po $(OUTPRE)krb5_decode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_decode.h asn1_get.h asn1_k_decode.h asn1buf.h \
   krb5_decode.c krbasn1.h
 krb5_encode.so krb5_encode.po $(OUTPRE)krb5_encode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_encode.h asn1_k_encode.h asn1_make.h asn1buf.h \
   krb5_encode.c krbasn1.h
 asn1_k_encode.so asn1_k_encode.po $(OUTPRE)asn1_k_encode.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_encode.h asn1_k_encode.c asn1_k_encode.h asn1_make.h \
   asn1buf.h krbasn1.h
 ldap_key_seq.so ldap_key_seq.po $(OUTPRE)ldap_key_seq.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  asn1_decode.h asn1_encode.h asn1_get.h asn1_k_encode.h \
-  asn1_make.h asn1buf.h krbasn1.h ldap_key_seq.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h asn1_decode.h \
+  asn1_encode.h asn1_get.h asn1_k_encode.h asn1_make.h \
+  asn1buf.h krbasn1.h ldap_key_seq.c
 asn1_misc.so asn1_misc.po $(OUTPRE)asn1_misc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   asn1_misc.c asn1_misc.h krbasn1.h
diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c
index e255551..542a626 100644
--- a/src/lib/krb5/asn.1/krb5_decode.c
+++ b/src/lib/krb5/asn.1/krb5_decode.c
@@ -703,6 +703,16 @@ error_out:
 }
 
 krb5_error_code
+decode_krb5_checksum(const krb5_data *code, krb5_checksum **repptr)
+{
+    setup_buf_only(krb5_checksum *);
+    alloc_field(rep);
+    retval = asn1_decode_checksum(&buf, rep);
+    if (retval) clean_return(retval);
+    cleanup(free);
+}
+
+krb5_error_code
 decode_krb5_cred(const krb5_data *code, krb5_cred **repptr)
 {
     setup(krb5_cred *);
diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in
index 731505d..b421c03 100644
--- a/src/lib/krb5/ccache/Makefile.in
+++ b/src/lib/krb5/ccache/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/ccache
 mydir=lib/krb5/ccache
 BUILDTOP=$(REL)..$(S)..$(S)..
 SUBDIRS = # ccapi
@@ -11,7 +9,7 @@ PROG_RPATH=$(KRB5_LIBDIR)
 
 LOCALINCLUDES = -I$(srcdir)$(S)ccapi $(WIN_INCLUDES)
 
-##DOS##WIN_INCLUDES = -I$(SRCTOP)\windows\lib
+##DOS##WIN_INCLUDES = -I$(top_srcdir)\windows\lib
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=ccache
@@ -109,7 +107,7 @@ check-unix:: t_cc t_cccursor
 clean-unix::
 	$(RM) t_cc t_cc.o t_cccursor t_cccursor.o
 
-##WIN32## $(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS)
+##WIN32## $(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(top_srcdir)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS)
 
 @libobj_frag@
 
diff --git a/src/lib/krb5/ccache/ccapi/Makefile.in b/src/lib/krb5/ccache/ccapi/Makefile.in
index 503a2c6..135672b 100644
--- a/src/lib/krb5/ccache/ccapi/Makefile.in
+++ b/src/lib/krb5/ccache/ccapi/Makefile.in
@@ -1,12 +1,10 @@
-thisconfigdir=../../../..
-myfulldir=lib/krb5/ccache/ccapi
 mydir=lib/krb5/ccache/ccapi
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 LOCALINCLUDES = $(WIN_INCLUDES)
 DEFS= -DUSE_CCAPI -DUSE_CCAPI_V3
 
 ##DOS##DEFS=
-##DOS##WIN_INCLUDES = -I$(SRCTOP)\windows\lib
+##DOS##WIN_INCLUDES = -I$(top_srcdir)\windows\lib
 
 ##DOS##BUILDTOP = ..\..\..\..
 ##DOS##PREFIXDIR = ccache\file
diff --git a/src/lib/krb5/ccache/ccapi/deps b/src/lib/krb5/ccache/ccapi/deps
index db881ca..7df6d68 100644
--- a/src/lib/krb5/ccache/ccapi/deps
+++ b/src/lib/krb5/ccache/ccapi/deps
@@ -3,16 +3,16 @@
 #
 stdcc.so stdcc.po $(OUTPRE)stdcc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h stdcc.c stdcc.h stdcc_util.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h stdcc.c stdcc.h stdcc_util.h
 stdcc_util.so stdcc_util.po $(OUTPRE)stdcc_util.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/CredentialsCache.h \
-  $(SRCTOP)/include/krb5.h stdcc_util.c stdcc_util.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/CredentialsCache.h \
+  $(top_srcdir)/include/krb5.h stdcc_util.c stdcc_util.h
 winccld.so winccld.po $(OUTPRE)winccld.$(OBJEXT): winccld.c
diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c
index 33fb97c..de2bc9d 100644
--- a/src/lib/krb5/ccache/ccapi/stdcc.c
+++ b/src/lib/krb5/ccache/ccapi/stdcc.c
@@ -805,7 +805,7 @@ krb5_stdccv3_get_flags (krb5_context context,
 krb5_error_code KRB5_CALLCONV
 krb5_stdccv3_remove (krb5_context context,
                      krb5_ccache id,
-                     krb5_flags flags,
+                     krb5_flags whichfields,
                      krb5_creds *in_creds)
 {
     krb5_error_code err = 0;
@@ -836,7 +836,10 @@ krb5_stdccv3_remove (krb5_context context,
                                                    credentials->data, &creds);
 
             if (!err) {
-                found = krb5_creds_compare (context, in_creds, &creds);
+                found = krb5int_cc_creds_match_request(context,
+                                                       whichfields,
+                                                       in_creds,
+                                                       &creds);
                 krb5_free_cred_contents (context, &creds);
             }
 
diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c
index fb3d7ec..7deb0a1 100644
--- a/src/lib/krb5/ccache/ccbase.c
+++ b/src/lib/krb5/ccache/ccbase.c
@@ -245,10 +245,9 @@ krb5_cc_resolve (krb5_context context, const char *name, krb5_ccache *cache)
  * prefix string.
  */
 static krb5_error_code
-krb5int_cc_getops(
-    krb5_context context,
-    const char *pfx,
-    const krb5_cc_ops **ops)
+krb5int_cc_getops(krb5_context context,
+                  const char *pfx,
+                  const krb5_cc_ops **ops)
 {
     krb5_error_code err;
     struct krb5_cc_typelist *tlist;
@@ -331,10 +330,9 @@ errout:
 }
 
 krb5_error_code
-krb5int_cc_typecursor_next(
-    krb5_context context,
-    krb5_cc_typecursor t,
-    const krb5_cc_ops **ops)
+krb5int_cc_typecursor_next(krb5_context context,
+                           krb5_cc_typecursor t,
+                           const krb5_cc_ops **ops)
 {
     krb5_error_code err = 0;
 
@@ -364,7 +362,7 @@ krb5int_cc_typecursor_free(krb5_context context, krb5_cc_typecursor *t)
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_cc_move (krb5_context context, krb5_ccache src, krb5_ccache dst)
+krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst)
 {
     krb5_error_code ret = 0;
     krb5_principal princ = NULL;
diff --git a/src/lib/krb5/ccache/cccursor.c b/src/lib/krb5/ccache/cccursor.c
index 852eff8..4272c04 100644
--- a/src/lib/krb5/ccache/cccursor.c
+++ b/src/lib/krb5/ccache/cccursor.c
@@ -65,9 +65,8 @@ static krb5_error_code
 cccol_pertype_next(krb5_context, krb5_cccol_cursor, krb5_ccache *);
 
 krb5_error_code KRB5_CALLCONV
-krb5_cccol_cursor_new(
-    krb5_context context,
-    krb5_cccol_cursor *cursor)
+krb5_cccol_cursor_new(krb5_context context,
+                      krb5_cccol_cursor *cursor)
 {
     krb5_error_code ret = 0;
     krb5_cccol_cursor n = NULL;
@@ -111,10 +110,9 @@ errout:
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_cccol_cursor_next(
-    krb5_context context,
-    krb5_cccol_cursor cursor,
-    krb5_ccache *ccache)
+krb5_cccol_cursor_next(krb5_context context,
+                       krb5_cccol_cursor cursor,
+                       krb5_ccache *ccache)
 {
     krb5_error_code ret = 0;
     char *name;
@@ -173,9 +171,8 @@ errout:
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_cccol_cursor_free(
-    krb5_context context,
-    krb5_cccol_cursor *cursor)
+krb5_cccol_cursor_free(krb5_context context,
+                       krb5_cccol_cursor *cursor)
 {
     krb5_cccol_cursor c = *cursor;
     int i;
@@ -200,9 +197,8 @@ krb5_cccol_cursor_free(
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_cccol_last_change_time(
-    krb5_context context,
-    krb5_timestamp *change_time)
+krb5_cccol_last_change_time(krb5_context context,
+                            krb5_timestamp *change_time)
 {
     krb5_error_code ret = 0;
     krb5_cccol_cursor c = NULL;
@@ -240,10 +236,9 @@ krb5_cccol_last_change_time(
  * higher-priority defaults.
  */
 static int
-cccol_already(
-    krb5_context context,
-    krb5_cccol_cursor c,
-    krb5_ccache *ccache)
+cccol_already(krb5_context context,
+              krb5_cccol_cursor c,
+              krb5_ccache *ccache)
 {
     const char *name = NULL, *prefix = NULL;
     int i;
@@ -270,10 +265,9 @@ cccol_already(
  * Compare {prefix, name} against a cc_fullname.
  */
 static int
-cccol_cmpname(
-    const char *prefix,
-    const char *name,
-    struct cc_fullname *fullname)
+cccol_cmpname(const char *prefix,
+              const char *name,
+              struct cc_fullname *fullname)
 {
     if (fullname->pfx == NULL || fullname->res == NULL)
         return 0;
@@ -292,11 +286,10 @@ cccol_cmpname(
  * name we're given.
  */
 static krb5_error_code
-cccol_do_resolve(
-    krb5_context context,
-    krb5_cccol_cursor cursor,
-    const char *name,
-    krb5_ccache *ccache)
+cccol_do_resolve(krb5_context context,
+                 krb5_cccol_cursor cursor,
+                 const char *name,
+                 krb5_ccache *ccache)
 {
     krb5_error_code ret = 0;
     struct cc_fullname *fullname;
@@ -321,10 +314,9 @@ cccol_do_resolve(
  * ccache list of the current backend is exhausted.
  */
 static krb5_error_code
-cccol_pertype_next(
-    krb5_context context,
-    krb5_cccol_cursor cursor,
-    krb5_ccache *ccache)
+cccol_pertype_next(krb5_context context,
+                   krb5_cccol_cursor cursor,
+                   krb5_ccache *ccache)
 {
     krb5_error_code ret = 0;
 
diff --git a/src/lib/krb5/ccache/ccfns.c b/src/lib/krb5/ccache/ccfns.c
index e12dd56..f08bfb9 100644
--- a/src/lib/krb5/ccache/ccfns.c
+++ b/src/lib/krb5/ccache/ccfns.c
@@ -191,3 +191,162 @@ krb5_cc_unlock (krb5_context context, krb5_ccache ccache)
 {
     return ccache->ops->unlock(context, ccache);
 }
+
+static const char conf_realm[] = "X-CACHECONF:";
+static const char conf_name[] = "krb5_ccache_conf_data";
+
+static krb5_error_code
+build_conf_principals (krb5_context context, krb5_ccache id,
+                       krb5_const_principal principal,
+                       const char *name, krb5_creds *cred)
+{
+    krb5_principal client;
+    krb5_error_code ret;
+    char *pname = NULL;
+
+    memset(cred, 0, sizeof(*cred));
+
+    ret = krb5_cc_get_principal(context, id, &client);
+    if (ret)
+        return ret;
+
+    if (principal) {
+        ret = krb5_unparse_name(context, principal, &pname);
+        if (ret)
+            return ret;
+    }
+
+    ret = krb5_build_principal(context, &cred->server,
+                               sizeof(conf_realm) - 1, conf_realm,
+                               conf_name, name, pname, (char *)NULL);
+    free(pname);
+    if (ret) {
+        krb5_free_principal(context, client);
+        return ret;
+    }
+    ret = krb5_copy_principal(context, client, &cred->client);
+    krb5_free_principal(context, client);
+    return ret;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param principal principal to check if it a configuration principal
+ *
+ * \brief Return TRUE (non zero) if the principal is a configuration
+ *        principal (generated part of krb5_cc_set_config()). Returns
+ *        FALSE (zero) if not a configuration principal.
+ *
+ */
+
+krb5_boolean KRB5_CALLCONV
+krb5_is_config_principal (krb5_context context,
+                          krb5_const_principal principal)
+{
+    const krb5_data *realm;
+
+    realm = krb5_princ_realm(context, principal);
+
+    if (realm->length != sizeof(conf_realm) - 1 ||
+        memcmp(realm->data, conf_realm, sizeof(conf_realm) - 1) != 0)
+        return FALSE;
+
+    if (principal->length == 0 ||
+        principal->data[0].length != (sizeof(conf_name) - 1) ||
+        memcmp(principal->data[0].data, conf_name, sizeof(conf_name) - 1) != 0)
+        return FALSE;
+
+    return TRUE;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param id the credential cache to store the data for
+ * \param principal configuration for a specific principal, if
+ * NULL, global for the whole cache.
+ * \param key name under which the configuraion is stored.
+ * \param data data to store
+ *
+ * \brief Store some configuration for the credential cache in the
+ *        cache.  Existing configuration under the same key is
+ *        over-written.
+ *
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_set_config (krb5_context context, krb5_ccache id,
+                    krb5_const_principal principal,
+                    const char *key, krb5_data *data)
+{
+    krb5_error_code ret;
+    krb5_creds cred;
+    memset(&cred, 0, sizeof(cred));
+
+    ret = build_conf_principals(context, id, principal, key, &cred);
+    if (ret)
+        goto out;
+
+    ret = krb5_cc_remove_cred(context, id, 0, &cred);
+    if (ret && ret != KRB5_CC_NOTFOUND && ret != KRB5_CC_NOSUPP)
+        goto out;
+
+    cred.ticket.data = malloc(data->length);
+    if (cred.ticket.data == NULL) {
+        krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+        return ENOMEM;
+    }
+    cred.ticket.length = data->length;
+    memcpy(cred.ticket.data, data->data, data->length);
+
+    ret = krb5_cc_store_cred(context, id, &cred);
+
+out:
+    krb5_free_cred_contents(context, &cred);
+    return ret;
+}
+
+/*!
+ * \param context a Keberos context
+ * \param id the credential cache to store the data for
+ * \param principal configuration for a specific principal, if
+ *        NULL, global for the whole cache.
+ * \param key name under which the configuraion is stored.
+ * \param data data to fetched, free with krb5_data_free()
+ *
+ * \brief Get some configuration for the credential cache in the cache.
+ */
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_cc_get_config (krb5_context context, krb5_ccache id,
+                    krb5_const_principal principal,
+                    const char *key, krb5_data *data)
+{
+    krb5_creds mcred, cred;
+    krb5_error_code ret;
+
+    memset(&cred, 0, sizeof(cred));
+    memset(data, 0, sizeof(*data));
+
+    ret = build_conf_principals(context, id, principal, key, &mcred);
+    if (ret)
+        goto out;
+
+    ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred);
+    if (ret)
+        goto out;
+
+    data->data = malloc(cred.ticket.length);
+    if (data->data == NULL) {
+        ret = ENOMEM;
+        krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
+        goto out;
+    }
+    data->length = cred.ticket.length;
+    memcpy(data->data, cred.ticket.data, data->length);
+
+out:
+    krb5_free_cred_contents(context, &cred);
+    krb5_free_cred_contents(context, &mcred);
+    return ret;
+}
diff --git a/src/lib/krb5/ccache/deps b/src/lib/krb5/ccache/deps
index b841dcb..6e07abe 100644
--- a/src/lib/krb5/ccache/deps
+++ b/src/lib/krb5/ccache/deps
@@ -3,130 +3,130 @@
 #
 ccbase.so ccbase.po $(OUTPRE)ccbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cc-int.h ccbase.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h ccbase.c \
   fcc.h
 cccopy.so cccopy.po $(OUTPRE)cccopy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cccopy.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cccopy.c
 cccursor.so cccursor.po $(OUTPRE)cccursor.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cc-int.h cccursor.c
 ccdefault.so ccdefault.po $(OUTPRE)ccdefault.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ccdefault.c
 ccdefops.so ccdefops.po $(OUTPRE)ccdefops.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ccdefops.c fcc.h
 cc_retr.so cc_retr.po $(OUTPRE)cc_retr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cc-int.h cc_retr.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cc_retr.c
 cc_file.so cc_file.po $(OUTPRE)cc_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cc-int.h cc_file.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cc-int.h cc_file.c
 cc_memory.so cc_memory.po $(OUTPRE)cc_memory.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cc-int.h cc_memory.c
 cc_keyring.so cc_keyring.po $(OUTPRE)cc_keyring.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cc-int.h cc_keyring.c
 ccfns.so ccfns.po $(OUTPRE)ccfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ccfns.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ccfns.c
 ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ser_cc.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ser_cc.c
 t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h t_cc.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_cc.c
 t_cccursor.so t_cccursor.po $(OUTPRE)t_cccursor.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_cccursor.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_cccursor.c
diff --git a/src/lib/krb5/deps b/src/lib/krb5/deps
index 7e3a9e7..04b1fa6 100644
--- a/src/lib/krb5/deps
+++ b/src/lib/krb5/deps
@@ -4,13 +4,13 @@
 krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/ccache/cc-int.h $(srcdir)/keytab/kt-int.h \
-  $(srcdir)/os/os-proto.h $(srcdir)/rcache/rc-int.h krb5_libinit.c \
+  $(COM_ERR_DEPS) $(srcdir)/ccache/cc-int.h $(srcdir)/keytab/kt-int.h \
+  $(srcdir)/os/os-proto.h $(srcdir)/rcache/rc-int.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h krb5_libinit.c \
   krb5_libinit.h
diff --git a/src/lib/krb5/error_tables/Makefile.in b/src/lib/krb5/error_tables/Makefile.in
index ec4c920..4972363 100644
--- a/src/lib/krb5/error_tables/Makefile.in
+++ b/src/lib/krb5/error_tables/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/error_tables
 mydir=lib/krb5/error_tables
 BUILDTOP=$(REL)..$(S)..$(S)..
 DEFS=
@@ -10,6 +8,7 @@ DEFS=
 
 THDRDIR=$(BUILDTOP)$(S)include
 EHDRDIR=$(BUILDTOP)$(S)include
+ETDIR=$(top_srcdir)$(S)util$(S)et
 
 STLIBOBJS= asn1_err.o kdb5_err.o krb5_err.o \
       kv5m_err.o krb524_err.o
@@ -28,16 +27,16 @@ all-libobjs: $(HDRS)
 includes: $(HDRS)
 
 awk-windows:
-	$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=asn1_err.h asn1_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kdb5_err.h kdb5_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb5_err.h krb5_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=kv5m_err.h kv5m_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=krb524_err.h krb524_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=asn1_err.c asn1_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kdb5_err.c kdb5_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb5_err.c krb5_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=kv5m_err.c kv5m_err.et
-	$(AWK) -f $(SRCTOP)/util/et/et_c.awk outfile=krb524_err.c krb524_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=asn1_err.h asn1_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=kdb5_err.h kdb5_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=krb5_err.h krb5_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=kv5m_err.h kv5m_err.et
+	$(AWK) -f $(ETDIR)/et_h.awk outfile=krb524_err.h krb524_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=asn1_err.c asn1_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=kdb5_err.c kdb5_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=krb5_err.c krb5_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=kv5m_err.c kv5m_err.et
+	$(AWK) -f $(ETDIR)/et_c.awk outfile=krb524_err.c krb524_err.et
 	if exist asn1_err.h copy asn1_err.h "$(EHDRDIR)"
 	if exist kdb5_err.h copy kdb5_err.h "$(EHDRDIR)"
 	if exist krb5_err.h copy krb5_err.h "$(EHDRDIR)"
diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in
index c422e9c..258eac7 100644
--- a/src/lib/krb5/keytab/Makefile.in
+++ b/src/lib/krb5/keytab/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/keytab
 mydir=lib/krb5/keytab
 BUILDTOP=$(REL)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/krb5/keytab/deps b/src/lib/krb5/keytab/deps
index 0056439..403a5f0 100644
--- a/src/lib/krb5/keytab/deps
+++ b/src/lib/krb5/keytab/deps
@@ -3,118 +3,118 @@
 #
 ktadd.so ktadd.po $(OUTPRE)ktadd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ktadd.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktadd.c
 ktbase.so ktbase.po $(OUTPRE)ktbase.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kt-int.h ktbase.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kt-int.h ktbase.c
 ktdefault.so ktdefault.po $(OUTPRE)ktdefault.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktdefault.c
 ktfr_entry.so ktfr_entry.po $(OUTPRE)ktfr_entry.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktfr_entry.c
 ktremove.so ktremove.po $(OUTPRE)ktremove.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktremove.c
 ktfns.so ktfns.po $(OUTPRE)ktfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ktfns.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ktfns.c
 kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kt_file.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kt_file.c
 kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kt-int.h kt_memory.c
 kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kt_srvtab.c
 read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   read_servi.c
 t_keytab.so t_keytab.po $(OUTPRE)t_keytab.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_keytab.c
diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in
index 3746746..a837797 100644
--- a/src/lib/krb5/krb/Makefile.in
+++ b/src/lib/krb5/krb/Makefile.in
@@ -1,11 +1,9 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/krb
 mydir=lib/krb5/krb
 BUILDTOP=$(REL)..$(S)..$(S)..
 RUN_SETUP = @KRB5_RUN_ENV@
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
-LOCALINCLUDES = -I$(srcdir)/../os -I$(SRCTOP)
+LOCALINCLUDES = -I$(srcdir)/../os -I$(top_srcdir)
 DEFS=-DLIBDIR=\"$(KRB5_LIBDIR)\"
 
 ##DOS##BUILDTOP = ..\..\..
diff --git a/src/lib/krb5/krb/auth_con.c b/src/lib/krb5/krb/auth_con.c
index e6bbac1..a53b7d5 100644
--- a/src/lib/krb5/krb/auth_con.c
+++ b/src/lib/krb5/krb/auth_con.c
@@ -176,6 +176,15 @@ krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context,
+                       krb5_key *key)
+{
+    krb5_k_reference_key(context, auth_context->key);
+    *key = auth_context->key;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)
 {
     return krb5_auth_con_getsendsubkey(context, auth_context, keyblock);
@@ -221,6 +230,15 @@ krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keybloc
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key *key)
+{
+    krb5_k_reference_key(ctx, ac->send_subkey);
+    *key = ac->send_subkey;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)
 {
     if (ac->recv_subkey != NULL)
@@ -230,6 +248,15 @@ krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keybloc
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac,
+                              krb5_key *key)
+{
+    krb5_k_reference_key(ctx, ac->recv_subkey);
+    *key = ac->recv_subkey;
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype)
 {
     auth_context->req_cksumtype = cksumtype;
diff --git a/src/lib/krb5/krb/copy_auth.c b/src/lib/krb5/krb/copy_auth.c
index d4c2700..88bc3fa 100644
--- a/src/lib/krb5/krb/copy_auth.c
+++ b/src/lib/krb5/krb/copy_auth.c
@@ -229,7 +229,7 @@ find_authdata_1(krb5_context context, krb5_authdata *const *in_authdat,
     int i = 0;
     krb5_error_code retval = 0;
 
-    for (i = 0; in_authdat[i]; i++) {
+    for (i = 0; in_authdat[i] && retval == 0; i++) {
         krb5_authdata *ad = in_authdat[i];
         krb5_authdata **decoded_container;
 
diff --git a/src/lib/krb5/krb/deps b/src/lib/krb5/krb/deps
index 8bbef35..b94967d 100644
--- a/src/lib/krb5/krb/deps
+++ b/src/lib/krb5/krb/deps
@@ -4,1043 +4,1045 @@
 addr_comp.so addr_comp.po $(OUTPRE)addr_comp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   addr_comp.c
 addr_order.so addr_order.po $(OUTPRE)addr_order.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   addr_order.c
 addr_srch.so addr_srch.po $(OUTPRE)addr_srch.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   addr_srch.c
 appdefault.so appdefault.po $(OUTPRE)appdefault.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   appdefault.c
 auth_con.so auth_con.po $(OUTPRE)auth_con.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.c auth_con.h
 authdata.so authdata.po $(OUTPRE)authdata.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h authdata.c authdata.h int-proto.h
 bld_pr_ext.so bld_pr_ext.po $(OUTPRE)bld_pr_ext.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   bld_pr_ext.c
 bld_princ.so bld_princ.po $(OUTPRE)bld_princ.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   bld_princ.c
-brand.so brand.po $(OUTPRE)brand.$(OBJEXT): $(SRCTOP)/patchlevel.h \
+brand.so brand.po $(OUTPRE)brand.$(OBJEXT): $(top_srcdir)/patchlevel.h \
   brand.c
 chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   chk_trans.c
 chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h chpw.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h chpw.c
 conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   conv_creds.c
 conv_princ.so conv_princ.po $(OUTPRE)conv_princ.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   conv_princ.c
 copy_addrs.so copy_addrs.po $(OUTPRE)copy_addrs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_addrs.c
 copy_auth.so copy_auth.po $(OUTPRE)copy_auth.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_auth.c
 copy_athctr.so copy_athctr.po $(OUTPRE)copy_athctr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_athctr.c
 copy_cksum.so copy_cksum.po $(OUTPRE)copy_cksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_cksum.c
 copy_creds.so copy_creds.po $(OUTPRE)copy_creds.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_creds.c
 copy_data.so copy_data.po $(OUTPRE)copy_data.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_data.c
 copy_key.so copy_key.po $(OUTPRE)copy_key.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_key.c
 copy_princ.so copy_princ.po $(OUTPRE)copy_princ.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_princ.c
 copy_tick.so copy_tick.po $(OUTPRE)copy_tick.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   copy_tick.c
 cp_key_cnt.so cp_key_cnt.po $(OUTPRE)cp_key_cnt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cp_key_cnt.c
 decode_kdc.so decode_kdc.po $(OUTPRE)decode_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  decode_kdc.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  decode_kdc.c int-proto.h
 decrypt_tk.so decrypt_tk.po $(OUTPRE)decrypt_tk.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   decrypt_tk.c
 deltat.so deltat.po $(OUTPRE)deltat.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h deltat.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h deltat.c
 enc_helper.so enc_helper.po $(OUTPRE)enc_helper.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   enc_helper.c
 encode_kdc.so encode_kdc.po $(OUTPRE)encode_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   encode_kdc.c
 encrypt_tk.so encrypt_tk.po $(OUTPRE)encrypt_tk.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   encrypt_tk.c
 fast.so fast.po $(OUTPRE)fast.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h fast.c fast.h int-proto.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fast.c fast.h \
+  int-proto.h
 free_rtree.so free_rtree.po $(OUTPRE)free_rtree.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   free_rtree.c
 fwd_tgt.so fwd_tgt.po $(OUTPRE)fwd_tgt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h fwd_tgt.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fwd_tgt.c
 gc_frm_kdc.so gc_frm_kdc.po $(OUTPRE)gc_frm_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gc_frm_kdc.c int-proto.h
 gc_via_tkt.so gc_via_tkt.po $(OUTPRE)gc_via_tkt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gc_via_tkt.c int-proto.h
 gen_seqnum.so gen_seqnum.po $(OUTPRE)gen_seqnum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gen_seqnum.c
 gen_subkey.so gen_subkey.po $(OUTPRE)gen_subkey.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gen_subkey.c
 get_creds.so get_creds.po $(OUTPRE)get_creds.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   get_creds.c int-proto.h
 get_in_tkt.so get_in_tkt.po $(OUTPRE)get_in_tkt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../os/os-proto.h fast.h get_in_tkt.c int-proto.h
+  $(COM_ERR_DEPS) $(srcdir)/../os/os-proto.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h fast.h get_in_tkt.c \
+  init_creds_ctx.h int-proto.h
 gic_keytab.so gic_keytab.po $(OUTPRE)gic_keytab.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  gic_keytab.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  gic_keytab.c init_creds_ctx.h
 gic_opt.so gic_opt.po $(OUTPRE)gic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h gic_opt.c int-proto.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gic_opt.c int-proto.h
 gic_pwd.so gic_pwd.po $(OUTPRE)gic_pwd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h gic_pwd.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gic_pwd.c init_creds_ctx.h
 in_tkt_sky.so in_tkt_sky.po $(OUTPRE)in_tkt_sky.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   in_tkt_sky.c
 init_ctx.so init_ctx.po $(OUTPRE)init_ctx.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/patchlevel.h $(srcdir)/../krb5_libinit.h \
+  $(COM_ERR_DEPS) $(srcdir)/../krb5_libinit.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/patchlevel.h \
   brand.c init_ctx.c
 init_keyblock.so init_keyblock.po $(OUTPRE)init_keyblock.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   init_keyblock.c
 kdc_rep_dc.so kdc_rep_dc.po $(OUTPRE)kdc_rep_dc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kdc_rep_dc.c
 kerrs.so kerrs.po $(OUTPRE)kerrs.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kerrs.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kerrs.c
 kfree.so kfree.po $(OUTPRE)kfree.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kfree.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kfree.c
 mk_cred.so mk_cred.po $(OUTPRE)mk_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   mk_cred.c
 mk_error.so mk_error.po $(OUTPRE)mk_error.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   mk_error.c
 mk_priv.so mk_priv.po $(OUTPRE)mk_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   mk_priv.c
 mk_rep.so mk_rep.po $(OUTPRE)mk_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h mk_rep.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h mk_rep.c
 mk_req.so mk_req.po $(OUTPRE)mk_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h mk_req.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h mk_req.c
 mk_req_ext.so mk_req_ext.po $(OUTPRE)mk_req_ext.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h mk_req_ext.c
 mk_safe.so mk_safe.po $(OUTPRE)mk_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   mk_safe.c
 pac.so pac.po $(OUTPRE)pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   authdata.h pac.c
 parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h parse.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h parse.c
 pr_to_salt.so pr_to_salt.po $(OUTPRE)pr_to_salt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   pr_to_salt.c
 preauth.so preauth.po $(OUTPRE)preauth.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h preauth.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h preauth.c
 preauth2.so preauth2.po $(OUTPRE)preauth2.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   fast.h int-proto.h preauth2.c
 princ_comp.so princ_comp.po $(OUTPRE)princ_comp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-unicode.h $(SRCTOP)/include/k5-utf8.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-unicode.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   princ_comp.c
 rd_cred.so rd_cred.po $(OUTPRE)rd_cred.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   rd_cred.c
 rd_error.so rd_error.po $(OUTPRE)rd_error.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   rd_error.c
 rd_priv.so rd_priv.po $(OUTPRE)rd_priv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   rd_priv.c
 rd_rep.so rd_rep.po $(OUTPRE)rd_rep.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h rd_rep.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h rd_rep.c
 rd_req.so rd_req.po $(OUTPRE)rd_req.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h rd_req.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h rd_req.c
 rd_req_dec.so rd_req_dec.po $(OUTPRE)rd_req_dec.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h authdata.h int-proto.h rd_req_dec.c
 rd_safe.so rd_safe.po $(OUTPRE)rd_safe.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h cleanup.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h cleanup.h \
   rd_safe.c
 recvauth.so recvauth.po $(OUTPRE)recvauth.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h recvauth.c
 s4u_creds.so s4u_creds.po $(OUTPRE)s4u_creds.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h s4u_creds.c
 sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h sendauth.c
 send_tgs.so send_tgs.po $(OUTPRE)send_tgs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  send_tgs.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  int-proto.h send_tgs.c
 ser_actx.so ser_actx.po $(OUTPRE)ser_actx.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   auth_con.h int-proto.h ser_actx.c
 ser_adata.so ser_adata.po $(OUTPRE)ser_adata.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h ser_adata.c
 ser_addr.so ser_addr.po $(OUTPRE)ser_addr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h ser_addr.c
 ser_auth.so ser_auth.po $(OUTPRE)ser_auth.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h ser_auth.c
 ser_cksum.so ser_cksum.po $(OUTPRE)ser_cksum.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h ser_cksum.c
 ser_ctx.so ser_ctx.po $(OUTPRE)ser_ctx.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ser_ctx.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ser_ctx.c
 ser_key.so ser_key.po $(OUTPRE)ser_key.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h int-proto.h ser_key.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h ser_key.c
 ser_princ.so ser_princ.po $(OUTPRE)ser_princ.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h ser_princ.c
 serialize.so serialize.po $(OUTPRE)serialize.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   serialize.c
 set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   set_realm.c
 srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   srv_dec_tkt.c
 srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   srv_rcache.c
 str_conv.so str_conv.po $(OUTPRE)str_conv.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  str_conv.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h str_conv.c
 t_ad_fx_armor.so t_ad_fx_armor.po $(OUTPRE)t_ad_fx_armor.$(OBJEXT): \
   $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) t_ad_fx_armor.c
 tgtname.so tgtname.po $(OUTPRE)tgtname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h int-proto.h tgtname.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h int-proto.h tgtname.c
 unparse.so unparse.po $(OUTPRE)unparse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h unparse.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h unparse.c
 valid_times.so valid_times.po $(OUTPRE)valid_times.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   valid_times.c
 vfy_increds.so vfy_increds.po $(OUTPRE)vfy_increds.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h vfy_increds.c
 vic_opt.so vic_opt.po $(OUTPRE)vic_opt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h vic_opt.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h vic_opt.c
 walk_rtree.so walk_rtree.po $(OUTPRE)walk_rtree.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   int-proto.h walk_rtree.c
 t_walk_rtree.so t_walk_rtree.po $(OUTPRE)t_walk_rtree.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_walk_rtree.c
 t_kerb.so t_kerb.po $(OUTPRE)t_kerb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   t_kerb.c
 t_ser.so t_ser.po $(OUTPRE)t_ser.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h auth_con.h t_ser.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h auth_con.h t_ser.c
 t_deltat.so t_deltat.po $(OUTPRE)t_deltat.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_deltat.c
 t_expand.so t_expand.po $(OUTPRE)t_expand.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   chk_trans.c t_expand.c
 t_pac.so t_pac.po $(OUTPRE)t_pac.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h t_pac.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_pac.c
 t_princ.so t_princ.po $(OUTPRE)t_princ.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h t_princ.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h t_princ.c
 t_etypes.so t_etypes.po $(OUTPRE)t_etypes.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_etypes.c
diff --git a/src/lib/krb5/krb/fast.c b/src/lib/krb5/krb/fast.c
index 7d6bc27..2791651 100644
--- a/src/lib/krb5/krb/fast.c
+++ b/src/lib/krb5/krb/fast.c
@@ -56,7 +56,7 @@
 static krb5_error_code
 fast_armor_ap_request(krb5_context context,
                       struct krb5int_fast_request_state *state,
-                      krb5_ccache ccache, krb5_data *target_realm)
+                      krb5_ccache ccache, krb5_principal target_principal)
 {
     krb5_error_code retval = 0;
     krb5_creds creds, *out_creds = NULL;
@@ -66,9 +66,8 @@ fast_armor_ap_request(krb5_context context,
     krb5_keyblock *subkey = NULL, *armor_key = NULL;
     encoded_authenticator.data = NULL;
     memset(&creds, 0, sizeof(creds));
-    retval = krb5_tgtname(context, target_realm, target_realm, &creds.server);
-    if (retval ==0)
-        retval = krb5_cc_get_principal(context, ccache, &creds.client);
+    creds.server = target_principal;
+    retval = krb5_cc_get_principal(context, ccache, &creds.client);
     if (retval == 0)
         retval = krb5_get_credentials(context, 0, ccache,  &creds, &out_creds);
     if (retval == 0)
@@ -98,6 +97,8 @@ fast_armor_ap_request(krb5_context context,
     krb5_free_keyblock(context, subkey);
     if (out_creds)
         krb5_free_creds(context, out_creds);
+    /* target_principal is owned by caller. */
+    creds.server = NULL;
     krb5_free_cred_contents(context, &creds);
     if (encoded_authenticator.data)
         krb5_free_data_contents(context, &encoded_authenticator);
@@ -138,13 +139,34 @@ krb5int_fast_as_armor(krb5_context context,
 {
     krb5_error_code retval = 0;
     krb5_ccache ccache = NULL;
+    krb5_principal target_principal = NULL;
+    krb5_data *target_realm;
     krb5_clear_error_message(context);
+    target_realm = krb5_princ_realm(context, request->server);
     if (opte->opt_private->fast_ccache_name) {
+        state->fast_state_flags |= KRB5INT_FAST_ARMOR_AVAIL;
         retval = krb5_cc_resolve(context, opte->opt_private->fast_ccache_name,
                                  &ccache);
-        if (retval==0)
+        if (retval == 0) {
+            retval = krb5_tgtname(context, target_realm, target_realm,
+                                  &target_principal);
+        }
+        if (retval == 0) {
+            krb5_data config_data;
+            config_data.data = NULL;
+            retval = krb5_cc_get_config(context, ccache, target_principal,
+                                        KRB5_CONF_FAST_AVAIL, &config_data);
+            if ((retval == 0) && config_data.data )
+                state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+            krb5_free_data_contents(context, &config_data);
+            retval = 0;
+        }
+        if (opte->opt_private->fast_flags& KRB5_FAST_REQUIRED)
+            state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+        if (retval == 0 && (state->fast_state_flags & KRB5INT_FAST_DO_FAST)) {
             retval = fast_armor_ap_request(context, state, ccache,
-                                           krb5_princ_realm(context, request->server));
+                                           target_principal);
+        }
         if (retval != 0) {
             const char * errmsg;
             errmsg = krb5_get_error_message(context, retval);
@@ -156,6 +178,8 @@ krb5int_fast_as_armor(krb5_context context,
     }
     if (ccache)
         krb5_cc_close(context, ccache);
+    if (target_principal)
+        krb5_free_principal(context, target_principal);
     return retval;
 }
 
@@ -373,7 +397,7 @@ krb5int_fast_process_error(krb5_context context,
          * ever changed then this will need to be a copy not a cast.
          */
         if (retval == 0)
-            retval = encode_krb5_typed_data( (krb5_typed_data **) fast_response->padata,
+            retval = encode_krb5_typed_data( (const krb5_typed_data **)fast_response->padata,
                                              &encoded_td);
         if (retval == 0) {
             fx_error->e_data = *encoded_td;
@@ -528,3 +552,61 @@ krb5int_find_pa_data(krb5_context context, krb5_pa_data *const *padata,
 
     return *tmppa;
 }
+
+
+krb5_error_code
+krb5int_fast_verify_nego(krb5_context context,
+                         struct krb5int_fast_request_state *state,
+                         krb5_kdc_rep *rep, krb5_data *request,
+                         krb5_keyblock *decrypting_key,
+                         krb5_boolean *fast_avail)
+{
+    krb5_error_code retval = 0;
+    krb5_checksum *checksum = NULL;
+    krb5_pa_data *pa;
+    krb5_data scratch;
+    krb5_boolean valid;
+
+    if (rep->enc_part2->flags& TKT_FLG_ENC_PA_REP) {
+        pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
+                                  KRB5_ENCPADATA_REQ_ENC_PA_REP);
+        if (pa == NULL)
+            retval = KRB5_KDCREP_MODIFIED;
+        else {
+            scratch.data = (char *) pa->contents;
+            scratch.length = pa->length;
+        }
+        if (retval == 0)
+            retval = decode_krb5_checksum(&scratch, &checksum);
+        if (retval == 0)
+            retval = krb5_c_verify_checksum(context, decrypting_key,
+                                            KRB5_KEYUSAGE_AS_REQ,
+                                            request, checksum, &valid);
+        if (retval == 0 &&valid == 0)
+            retval = KRB5_KDCREP_MODIFIED;
+        if (retval == 0) {
+            pa = krb5int_find_pa_data(context, rep->enc_part2->enc_padata,
+                                      KRB5_PADATA_FX_FAST);
+            *fast_avail = (pa != NULL);
+        }
+    }
+    if (checksum)
+        krb5_free_checksum(context, checksum);
+    return retval;
+}
+
+krb5_boolean
+krb5int_upgrade_to_fast_p(krb5_context context,
+                          struct krb5int_fast_request_state *state,
+                          krb5_pa_data **padata)
+{
+    if (state->armor_key != NULL)
+        return 0; /*already using FAST*/
+    if (!(state->fast_state_flags & KRB5INT_FAST_ARMOR_AVAIL))
+        return 0;
+    if (krb5int_find_pa_data(context, padata, KRB5_PADATA_FX_FAST) != NULL) {
+        state->fast_state_flags |= KRB5INT_FAST_DO_FAST;
+        return 1;
+    }
+    return 0;
+}
diff --git a/src/lib/krb5/krb/fast.h b/src/lib/krb5/krb/fast.h
index 443f3e1..66dc985 100644
--- a/src/lib/krb5/krb/fast.h
+++ b/src/lib/krb5/krb/fast.h
@@ -42,6 +42,9 @@ struct krb5int_fast_request_state {
     krb5_int32 nonce;
 };
 
+#define KRB5INT_FAST_DO_FAST     (1l<<0)  /* Perform FAST */
+#define KRB5INT_FAST_ARMOR_AVAIL (1l<<1)
+
 krb5_error_code
 krb5int_fast_prep_req_body(krb5_context context, struct krb5int_fast_request_state *state,
                            krb5_kdc_req *request, krb5_data **encoded_req_body);
@@ -79,5 +82,16 @@ krb5_error_code krb5int_fast_reply_key(krb5_context context,
                                        krb5_keyblock *output_key);
 
 
+krb5_error_code
+krb5int_fast_verify_nego(krb5_context context,
+                         struct krb5int_fast_request_state *state,
+                         krb5_kdc_rep *rep, krb5_data *request,
+                         krb5_keyblock *decrypting_key,
+                         krb5_boolean *fast_avail);
+
+krb5_boolean
+krb5int_upgrade_to_fast_p(krb5_context context,
+                          struct krb5int_fast_request_state *state,
+                          krb5_pa_data **padata);
 
 #endif
diff --git a/src/lib/krb5/krb/gc_via_tkt.c b/src/lib/krb5/krb/gc_via_tkt.c
index 8b202d2..df54621 100644
--- a/src/lib/krb5/krb/gc_via_tkt.c
+++ b/src/lib/krb5/krb/gc_via_tkt.c
@@ -167,33 +167,29 @@ krb5_get_cred_via_tkt (krb5_context context, krb5_creds *tkt,
 }
 
 krb5_error_code
-krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
-                           krb5_flags kdcoptions, krb5_address *const *address,
-                           krb5_pa_data **in_padata,
-                           krb5_creds *in_cred,
-                           krb5_error_code (*pacb_fct)(krb5_context,
-                                                       krb5_keyblock *,
-                                                       krb5_kdc_req *,
-                                                       void *),
-                           void *pacb_data,
-                           krb5_pa_data ***out_padata,
-                           krb5_pa_data ***out_enc_padata,
-                           krb5_creds **out_cred,
-                           krb5_keyblock **out_subkey)
+krb5int_make_tgs_request(krb5_context context,
+                         krb5_creds *tkt,
+                         krb5_flags kdcoptions,
+                         krb5_address *const *address,
+                         krb5_pa_data **in_padata,
+                         krb5_creds *in_cred,
+                         krb5_error_code (*pacb_fct)(krb5_context,
+                                                     krb5_keyblock *,
+                                                     krb5_kdc_req *,
+                                                     void *),
+                         void *pacb_data,
+                         krb5_data *request_data,
+                         krb5_timestamp *timestamp,
+                         krb5_int32 *nonce,
+                         krb5_keyblock **subkey)
 {
     krb5_error_code retval;
-    krb5_kdc_rep *dec_rep;
-    krb5_error *err_reply;
-    krb5_response tgsrep;
-    krb5_enctype *enctypes = 0;
-    krb5_keyblock *subkey = NULL;
-    krb5_boolean s4u2self = FALSE, second_tkt;
+    krb5_enctype *enctypes = NULL;
+    krb5_boolean second_tkt;
 
-#ifdef DEBUG_REFERRALS
-    printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
-    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
-    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
-#endif
+    request_data->data = NULL;
+    *timestamp = 0;
+    *subkey = NULL;
 
     /* tkt->client must be equal to in_cred->client */
     if (!krb5_principal_compare(context, tkt->client, in_cred->client))
@@ -202,74 +198,64 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
     if (!tkt->ticket.length)
         return KRB5_NO_TKT_SUPPLIED;
 
-    second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY | KDC_OPT_CNAME_IN_ADDL_TKT)) != 0);
-
+    second_tkt = ((kdcoptions & (KDC_OPT_ENC_TKT_IN_SKEY |
+                                 KDC_OPT_CNAME_IN_ADDL_TKT)) != 0);
     if (second_tkt && !in_cred->second_ticket.length)
-        return(KRB5_NO_2ND_TKT);
-
-    s4u2self = krb5int_find_pa_data(context, in_padata, KRB5_PADATA_S4U_X509_USER) ||
-        krb5int_find_pa_data(context, in_padata, KRB5_PADATA_FOR_USER);
-
-    /* check if we have the right TGT                    */
-    /* tkt->server must be equal to                      */
-    /* krbtgt/realmof(cred->server)@realmof(tgt->server) */
-/*
-  {
-  krb5_principal tempprinc;
-  if (retval = krb5_tgtname(context,
-  krb5_princ_realm(context, in_cred->server),
-  krb5_princ_realm(context, tkt->server), &tempprinc))
-  return(retval);
-
-  if (!krb5_principal_compare(context, tempprinc, tkt->server)) {
-  krb5_free_principal(context, tempprinc);
-  return (KRB5_PRINC_NOMATCH);
-  }
-  krb5_free_principal(context, tempprinc);
-  }
-*/
+        return KRB5_NO_2ND_TKT;
 
     if (in_cred->keyblock.enctype) {
-        enctypes = (krb5_enctype *) malloc(sizeof(krb5_enctype)*2);
-        if (!enctypes)
+        enctypes = (krb5_enctype *)malloc(sizeof(krb5_enctype)*2);
+        if (enctypes == NULL)
             return ENOMEM;
         enctypes[0] = in_cred->keyblock.enctype;
         enctypes[1] = 0;
     }
 
-    retval = krb5int_send_tgs(context, kdcoptions, &in_cred->times, enctypes,
-                              in_cred->server, address, in_cred->authdata,
-                              in_padata,
-                              second_tkt ? &in_cred->second_ticket : NULL,
-                              tkt, pacb_fct, pacb_data, &tgsrep, &subkey);
-    if (enctypes)
+    retval = krb5int_make_tgs_request_ext(context, kdcoptions, &in_cred->times,
+                                          enctypes, in_cred->server, address,
+                                          in_cred->authdata, in_padata,
+                                          second_tkt ?
+                                            &in_cred->second_ticket : 0,
+                                          tkt, pacb_fct, pacb_data,
+                                          request_data,
+                                          timestamp, nonce, subkey);
+    if (enctypes != NULL)
         free(enctypes);
-    if (retval) {
-#ifdef DEBUG_REFERRALS
-        printf("krb5_get_cred_via_tkt ending early after send_tgs with: %s\n",
-               error_message(retval));
-#endif
-        return retval;
-    }
-
-    switch (tgsrep.message_type) {
-    case KRB5_TGS_REP:
-        break;
-    case KRB5_ERROR:
-    default:
-        if (krb5_is_krb_error(&tgsrep.response))
-            retval = decode_krb5_error(&tgsrep.response, &err_reply);
-        else
-            retval = KRB5KRB_AP_ERR_MSG_TYPE;
 
-        if (retval)                     /* neither proper reply nor error! */
-            goto error_4;
+    return retval;
+}
 
+krb5_error_code
+krb5int_process_tgs_reply(krb5_context context,
+                          krb5_data *response_data,
+                          krb5_creds *tkt,
+                          krb5_flags kdcoptions,
+                          krb5_address *const *address,
+                          krb5_pa_data **in_padata,
+                          krb5_creds *in_cred,
+                          krb5_timestamp timestamp,
+                          krb5_int32 nonce,
+                          krb5_keyblock *subkey,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***out_enc_padata,
+                          krb5_creds **out_cred)
+{
+    krb5_error_code retval;
+    krb5_kdc_rep *dec_rep = NULL;
+    krb5_error *err_reply = NULL;
+    krb5_boolean s4u2self;
+
+    s4u2self = krb5int_find_pa_data(context, in_padata,
+                                    KRB5_PADATA_S4U_X509_USER) ||
+               krb5int_find_pa_data(context, in_padata,
+                                    KRB5_PADATA_FOR_USER);
+
+    if (krb5_is_krb_error(response_data)) {
+        retval = decode_krb5_error(response_data, &err_reply);
+        if (retval != 0)
+            goto cleanup;
         retval = (krb5_error_code) err_reply->error + ERROR_TABLE_BASE_krb5;
         if (err_reply->text.length > 0) {
-#if 0
-            const char *m;
-#endif
             switch (err_reply->error) {
             case KRB_ERR_GENERIC:
                 krb5_set_error_message(context, retval,
@@ -280,7 +266,8 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
             case KDC_ERR_S_PRINCIPAL_UNKNOWN:
             {
                 char *s_name;
-                if (krb5_unparse_name(context, in_cred->server, &s_name) == 0) {
+                if (err_reply->server &&
+                    krb5_unparse_name(context, err_reply->server, &s_name) == 0) {
                     krb5_set_error_message(context, retval,
                                            "Server %s not found in Kerberos database",
                                            s_name);
@@ -291,45 +278,33 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
                     krb5_clear_error_message(context);
             }
             break;
-            default:
-#if 0 /* We should stop the KDC from sending back this text, because
-         if the local language doesn't match the KDC's language, we'd
-         just wind up printing out the error message in two languages.
-         Well, when we get some localization.  Which is already
-         happening in KfM.  */
-                m = error_message(retval);
-                /* Special case: MIT KDC may return this same string
-                   in the e-text field.  */
-                if (strlen (m) == err_reply->text.length-1
-                    && !strcmp(m, err_reply->text.data))
-                    break;
-                krb5_set_error_message(context, retval,
-                                       "%s (KDC supplied additional data: %s)",
-                                       m, err_reply->text.data);
-#endif
-                break;
             }
         }
-
         krb5_free_error(context, err_reply);
-        goto error_4;
+        goto cleanup;
+     } else if (!krb5_is_tgs_rep(response_data)) {
+        retval = KRB5KRB_AP_ERR_MSG_TYPE;
+        goto cleanup;
     }
 
     /* Unfortunately, Heimdal at least up through 1.2  encrypts using
        the session key not the subsession key.  So we try both. */
-    if ((retval = krb5int_decode_tgs_rep(context, &tgsrep.response,
-                                         subkey,
-                                         KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY, &dec_rep))) {
-        if ((krb5int_decode_tgs_rep(context, &tgsrep.response,
+    retval = krb5int_decode_tgs_rep(context, response_data,
+                                    subkey,
+                                    KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY,
+                                    &dec_rep);
+    if (retval) {
+        if ((krb5int_decode_tgs_rep(context, response_data,
                                     &tkt->keyblock,
                                     KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY, &dec_rep)) == 0)
             retval = 0;
-        else goto error_4;
+        else
+            goto cleanup;
     }
 
     if (dec_rep->msg_type != KRB5_TGS_REP) {
         retval = KRB5KRB_AP_ERR_MSG_TYPE;
-        goto error_3;
+        goto cleanup;
     }
 
     /*
@@ -358,7 +333,7 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
     if (retval == 0)
         retval = check_reply_server(context, kdcoptions, in_cred, dec_rep);
 
-    if (dec_rep->enc_part2->nonce != tgsrep.expected_nonce)
+    if (dec_rep->enc_part2->nonce != nonce)
         retval = KRB5_KDCREP_MODIFIED;
 
     if ((kdcoptions & KDC_OPT_POSTDATED) &&
@@ -382,13 +357,13 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
         retval = KRB5_KDCREP_MODIFIED;
 
     if (retval != 0)
-        goto error_3;
+        goto cleanup;
 
     if (!in_cred->times.starttime &&
         !in_clock_skew(dec_rep->enc_part2->times.starttime,
-                       tgsrep.request_time)) {
+                       timestamp)) {
         retval = KRB5_KDCREP_SKEW;
-        goto error_3;
+        goto cleanup;
     }
 
     if (out_padata != NULL) {
@@ -401,9 +376,103 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
     }
 
     retval = krb5_kdcrep2creds(context, dec_rep, address,
-                               &in_cred->second_ticket,  out_cred);
+                               &in_cred->second_ticket, out_cred);
+    if (retval != 0)
+        goto cleanup;
+
+cleanup:
+    if (dec_rep != NULL) {
+        memset(dec_rep->enc_part2->session->contents, 0,
+               dec_rep->enc_part2->session->length);
+        krb5_free_kdc_rep(context, dec_rep);
+    }
+
+    return retval;
+}
+
+krb5_error_code
+krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
+                           krb5_flags kdcoptions, krb5_address *const *address,
+                           krb5_pa_data **in_padata,
+                           krb5_creds *in_cred,
+                           krb5_error_code (*pacb_fct)(krb5_context,
+                                                       krb5_keyblock *,
+                                                       krb5_kdc_req *,
+                                                       void *),
+                           void *pacb_data,
+                           krb5_pa_data ***out_padata,
+                           krb5_pa_data ***out_enc_padata,
+                           krb5_creds **out_cred,
+                           krb5_keyblock **out_subkey)
+{
+    krb5_error_code retval;
+    krb5_data request_data;
+    krb5_data response_data;
+    krb5_timestamp timestamp;
+    krb5_int32 nonce;
+    krb5_keyblock *subkey = NULL;
+    int tcp_only = 0, use_master = 0;
+
+    request_data.data = NULL;
+    request_data.length = 0;
+    response_data.data = NULL;
+    response_data.length = 0;
+
+#ifdef DEBUG_REFERRALS
+    printf("krb5_get_cred_via_tkt starting; referral flag is %s\n", kdcoptions&KDC_OPT_CANONICALIZE?"on":"off");
+    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt requested ticket", in_cred->server);
+    krb5int_dbgref_dump_principal("krb5_get_cred_via_tkt TGT in use", tkt->server);
+#endif
+
+    retval = krb5int_make_tgs_request(context, tkt, kdcoptions,
+                                      address, in_padata, in_cred,
+                                      pacb_fct, pacb_data,
+                                      &request_data, &timestamp, &nonce,
+                                      &subkey);
+    if (retval != 0)
+        goto cleanup;
+
+send_again:
+    use_master = 0;
+    retval = krb5_sendto_kdc(context, &request_data,
+                             krb5_princ_realm(context, in_cred->server),
+                             &response_data, &use_master, tcp_only);
+    if (retval == 0) {
+        if (krb5_is_krb_error(&response_data)) {
+            if (!tcp_only) {
+                krb5_error *err_reply;
+                retval = decode_krb5_error(&response_data, &err_reply);
+                if (retval != 0)
+                    goto cleanup;
+                if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
+                    tcp_only = 1;
+                    krb5_free_error(context, err_reply);
+                    krb5_free_data_contents(context, &response_data);
+                    goto send_again;
+                }
+                krb5_free_error(context, err_reply);
+            }
+        }
+    } else
+        goto cleanup;
+
+    retval = krb5int_process_tgs_reply(context, &response_data,
+                                       tkt, kdcoptions, address,
+                                       in_padata, in_cred,
+                                       timestamp, nonce, subkey,
+                                       out_padata,
+                                       out_enc_padata, out_cred);
+    if (retval != 0)
+        goto cleanup;
+
+cleanup:
+#ifdef DEBUG_REFERRALS
+    printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
+#endif
+
+    krb5_free_data_contents(context, &request_data);
+    krb5_free_data_contents(context, &response_data);
 
-error_3:;
     if (subkey != NULL) {
         if (retval == 0 && out_subkey != NULL)
             *out_subkey = subkey;
@@ -411,14 +480,5 @@ error_3:;
             krb5_free_keyblock(context, subkey);
     }
 
-    memset(dec_rep->enc_part2->session->contents, 0,
-           dec_rep->enc_part2->session->length);
-    krb5_free_kdc_rep(context, dec_rep);
-
-error_4:;
-    free(tgsrep.response.data);
-#ifdef DEBUG_REFERRALS
-    printf("krb5_get_cred_via_tkt ending; %s\n", retval?error_message(retval):"no error");
-#endif
     return retval;
 }
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 15da288..15c67b8 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -34,6 +34,7 @@
 #include "int-proto.h"
 #include "os-proto.h"
 #include "fast.h"
+#include "init_creds_ctx.h"
 
 #if APPLE_PKINIT
 #define     IN_TKT_DEBUG    0
@@ -544,6 +545,30 @@ tgt_is_local_realm(krb5_creds *tgt)
             && data_eq(tgt->server->realm, tgt->client->realm));
 }
 
+static krb5_error_code
+request_enc_pa_rep(krb5_pa_data ***padptr)
+{
+    size_t size = 0;
+    krb5_pa_data **pad = *padptr;
+    krb5_pa_data *pa= NULL;
+    if (pad)
+        for (size=0; pad[size]; size++);
+    pad = realloc(pad, sizeof(*pad)*(size+2));
+
+    if (pad == NULL)
+        return ENOMEM;
+    pad[size+1] = NULL;
+    pa = malloc(sizeof(krb5_pa_data));
+    if (pa == NULL)
+        return ENOMEM;
+    pa->contents = NULL;
+    pa->length = 0;
+    pa->pa_type = KRB5_ENCPADATA_REQ_ENC_PA_REP;
+    pad[size] = pa;
+    *padptr = pad;
+    return 0;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_get_in_tkt(krb5_context context,
                 krb5_flags options,
@@ -1057,457 +1082,806 @@ build_in_tkt_name(krb5_context context,
     return ret;
 }
 
+void KRB5_CALLCONV
+krb5_init_creds_free(krb5_context context,
+                     krb5_init_creds_context ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    if (ctx->opte != NULL && krb5_gic_opt_is_shadowed(ctx->opte)) {
+        krb5_get_init_creds_opt_free(context,
+                                     (krb5_get_init_creds_opt *)ctx->opte);
+    }
+    free(ctx->in_tkt_service);
+    zap(ctx->password.data, ctx->password.length);
+    krb5_free_data_contents(context, &ctx->password);
+    krb5_free_error(context, ctx->err_reply);
+    krb5_free_cred_contents(context, &ctx->cred);
+    krb5_free_kdc_req(context, ctx->request);
+    krb5_free_kdc_rep(context, ctx->reply);
+    krb5_free_data(context, ctx->encoded_request_body);
+    krb5_free_data(context, ctx->encoded_previous_request);
+    krb5int_fast_free_state(context, ctx->fast_state);
+    krb5_free_pa_data(context, ctx->preauth_to_use);
+    krb5_free_data_contents(context, &ctx->salt);
+    krb5_free_data_contents(context, &ctx->s2kparams);
+    krb5_free_keyblock_contents(context, &ctx->as_key);
+    free(ctx);
+}
+
+static krb5_error_code
+init_creds_get(krb5_context context,
+               krb5_init_creds_context ctx,
+               int *use_master)
+{
+    krb5_error_code code;
+    krb5_data request;
+    krb5_data reply;
+    krb5_data realm;
+    unsigned int flags = 0;
+    int tcp_only = 0;
+
+    request.length = 0;
+    request.data = NULL;
+    reply.length = 0;
+    reply.data = NULL;
+    realm.length = 0;
+    realm.data = NULL;
+
+    for (;;) {
+        code = krb5_init_creds_step(context,
+                                    ctx,
+                                    &reply,
+                                    &request,
+                                    &realm,
+                                    &flags);
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !tcp_only)
+            tcp_only = 1;
+        else if (code != 0 || (flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE))
+            break;
+
+        krb5_free_data_contents(context, &reply);
+
+        code = krb5_sendto_kdc(context, &request, &realm,
+                               &reply, use_master, tcp_only);
+        if (code != 0)
+            break;
+
+        krb5_free_data_contents(context, &request);
+        krb5_free_data_contents(context, &realm);
+    }
+
+    krb5_free_data_contents(context, &request);
+    krb5_free_data_contents(context, &reply);
+    krb5_free_data_contents(context, &realm);
+
+    return code;
+}
+
+/* Heimdal API */
 krb5_error_code KRB5_CALLCONV
-krb5_get_init_creds(krb5_context context,
-                    krb5_creds *creds,
-                    krb5_principal client,
-                    krb5_prompter_fct prompter,
-                    void *prompter_data,
-                    krb5_deltat start_time,
-                    char *in_tkt_service,
-                    krb5_gic_opt_ext *options,
-                    krb5_gic_get_as_key_fct gak_fct,
-                    void *gak_data,
-                    int  *use_master,
-                    krb5_kdc_rep **as_reply)
+krb5_init_creds_get(krb5_context context,
+                    krb5_init_creds_context ctx)
 {
-    krb5_error_code ret;
-    krb5_kdc_req request;
-    krb5_data *encoded_request_body, *encoded_previous_request;
-    krb5_pa_data **preauth_to_use, **kdc_padata;
-    int tempint;
-    char *tempstr;
-    krb5_deltat tkt_life;
-    krb5_deltat renew_life;
-    int loopcount;
-    krb5_data salt;
-    krb5_data s2kparams;
-    krb5_keyblock as_key, encrypting_key;
-    krb5_keyblock *strengthen_key = NULL;
-    krb5_error *err_reply;
-    krb5_kdc_rep *local_as_reply;
-    krb5_timestamp time_now;
-    krb5_enctype etype = 0;
-    krb5_preauth_client_rock get_data_rock;
-    int canon_flag = 0;
-    krb5_principal_data referred_client;
-    krb5_boolean retry = 0;
-    struct krb5int_fast_request_state *fast_state = NULL;
-    krb5_pa_data **out_padata = NULL;
-
-
-    /* initialize everything which will be freed at cleanup */
-
-    s2kparams.data = NULL;
-    s2kparams.length = 0;
-    request.server = NULL;
-    request.ktype = NULL;
-    request.addresses = NULL;
-    request.padata = NULL;
-    encoded_request_body = NULL;
-    encoded_previous_request = NULL;
-    preauth_to_use = NULL;
-    kdc_padata = NULL;
-    as_key.length = 0;
-    encrypting_key.length = 0;
-    encrypting_key.contents = NULL;
-    salt.length = 0;
-    salt.data = NULL;
+    int use_master = 0;
 
-    local_as_reply = 0;
-#if APPLE_PKINIT
-    inTktDebug("krb5_get_init_creds top\n");
-#endif /* APPLE_PKINIT */
+    return init_creds_get(context, ctx, &use_master);
+}
 
-    err_reply = NULL;
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_creds(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_creds *creds)
+{
+    if ((ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) == 0)
+        return KRB5_NO_TKT_SUPPLIED;
 
-    /* referred_client is used to rewrite the client realm for referrals */
-    referred_client = *client;
-    referred_client.realm.data = NULL;
-    referred_client.realm.length = 0;
-    ret = krb5int_fast_make_state(context, &fast_state);
-    if (ret)
+    return krb5int_copy_creds_contents(context, &ctx->cred, creds);
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_times(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_ticket_times *times)
+{
+    if ((ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE) == 0)
+        return KRB5_NO_TKT_SUPPLIED;
+
+    *times = ctx->cred.times;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_get_error(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_error **error)
+{
+    krb5_error_code code;
+    krb5_error *ret = NULL;
+
+    *error = NULL;
+
+    if (ctx->err_reply == NULL)
+        return 0;
+
+    ret = k5alloc(sizeof(*ret), &code);
+    if (code != 0)
+        goto cleanup;
+
+    ret->magic = KV5M_ERROR;
+    ret->ctime = ctx->err_reply->ctime;
+    ret->cusec = ctx->err_reply->cusec;
+    ret->susec = ctx->err_reply->susec;
+    ret->stime = ctx->err_reply->stime;
+    ret->error = ctx->err_reply->error;
+
+    if (ctx->err_reply->client != NULL) {
+        code = krb5_copy_principal(context, ctx->err_reply->client,
+                                   &ret->client);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5_copy_principal(context, ctx->err_reply->server, &ret->server);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_copy_data_contents(context, &ctx->err_reply->text,
+                                      &ret->text);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_copy_data_contents(context, &ctx->err_reply->e_data,
+                                      &ret->e_data);
+    if (code != 0)
+        goto cleanup;
+
+    *error = ret;
+
+cleanup:
+    if (code != 0)
+        krb5_free_error(context, ret);
+
+    return code;
+}
+
+/**
+ * Throw away any state related to specific realm either at the beginning of a
+ * request, or when a realm changes, or when we start to use FAST after
+ * assuming we would not do so.
+ *
+ * @param padata padata from an error if an error from the realm we now expect
+ * to talk to caused the restart.  Used to infer negotiation characteristics
+ * such as whether FAST is used.
+ */
+static krb5_error_code
+restart_init_creds_loop(krb5_context context, krb5_init_creds_context ctx,
+                        krb5_pa_data **padata)
+{
+    krb5_error_code code = 0;
+    unsigned char random_buf[4];
+    krb5_data random_data;
+    if (ctx->preauth_to_use) {
+        krb5_free_pa_data(context, ctx->preauth_to_use);
+        ctx->preauth_to_use = NULL;
+    }
+
+    if (ctx->fast_state) {
+        krb5int_fast_free_state(context, ctx->fast_state);
+        ctx->fast_state = NULL;
+    }
+    code = krb5int_fast_make_state(context, &ctx->fast_state);
+    if (code != 0)
         goto cleanup;
+    ctx->get_data_rock.fast_state = ctx->fast_state;
+    krb5_preauth_request_context_init(context);
+    if (ctx->encoded_request_body) {
+        krb5_free_data(context, ctx->encoded_request_body);
+        ctx->encoded_request_body = NULL;
+    }
+    if (ctx->opte &&
+        (ctx->opte->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)) {
+        if ((code = make_preauth_list(context, ctx->opte->preauth_list,
+                                      ctx->opte->preauth_list_length,
+                                      &ctx->preauth_to_use)))
+            goto cleanup;
+    }
 
+    /* Set the request nonce. */
+    random_data.length = 4;
+    random_data.data = (char *)random_buf;
+    code = krb5_c_random_make_octets(context, &random_data);
+    if (code !=0)
+        goto cleanup;
     /*
-     * Set up the basic request structure
+     * See RT ticket 3196 at MIT.  If we set the high bit, we may have
+     * compatibility problems with Heimdal, because we (incorrectly) encode
+     * this value as signed.
      */
-    request.magic = KV5M_KDC_REQ;
-    request.msg_type = KRB5_AS_REQ;
+    ctx->request->nonce = 0x7fffffff & load_32_n(random_buf);
+    krb5_free_principal(context, ctx->request->server);
+    ctx->request->server = NULL;
+
+    code = build_in_tkt_name(context, ctx->in_tkt_service,
+                             ctx->request->client,
+                             &ctx->request->server);
+    if (code != 0)
+        goto cleanup;
 
-    /* request.nonce is filled in when we send a request to the kdc */
-    request.nonce = 0;
+    code = krb5_timeofday(context, &ctx->request_time);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5int_fast_as_armor(context, ctx->fast_state,
+                                 ctx->opte, ctx->request);
+    if (code != 0)
+        goto cleanup;
+    if (krb5int_upgrade_to_fast_p(context, ctx->fast_state, padata)) {
+        code = krb5int_fast_as_armor(context, ctx->fast_state,
+                                     ctx->opte, ctx->request);
+        if (code != 0)
+            goto cleanup;
+    }
+    /* give the preauth plugins a chance to prep the request body */
+    krb5_preauth_prepare_request(context, ctx->opte, ctx->request);
+
+    ctx->request->from = krb5int_addint32(ctx->request_time,
+                                          ctx->start_time);
+    ctx->request->till = krb5int_addint32(ctx->request->from,
+                                          ctx->tkt_life);
+
+    if (ctx->renew_life > 0) {
+        ctx->request->rtime =
+            krb5int_addint32(ctx->request->from, ctx->renew_life);
+        if (ctx->request->rtime < ctx->request->till) {
+            /* don't ask for a smaller renewable time than the lifetime */
+            ctx->request->rtime = ctx->request->till;
+        }
+        ctx->request->kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
+    } else
+        ctx->request->rtime = 0;
+    code = krb5int_fast_prep_req_body(context, ctx->fast_state,
+                                      ctx->request,
+                                      &ctx->encoded_request_body);
+    if (code != 0)
+        goto cleanup;
+cleanup:
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_init(krb5_context context,
+                     krb5_principal client,
+                     krb5_prompter_fct prompter,
+                     void *data,
+                     krb5_deltat start_time,
+                     krb5_get_init_creds_opt *options,
+                     krb5_init_creds_context *pctx)
+{
+    krb5_error_code code;
+    krb5_init_creds_context ctx;
+    int tmp;
+    char *str = NULL;
+    krb5_gic_opt_ext *opte;
+
+    ctx = k5alloc(sizeof(*ctx), &code);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->request = k5alloc(sizeof(krb5_kdc_req), &code);
+    if (code != 0)
+        goto cleanup;
+    ctx->enc_pa_rep_permitted = 1;
+    code = krb5_copy_principal(context, client, &ctx->request->client);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->prompter = prompter;
+    ctx->prompter_data = data;
+    ctx->gak_fct = krb5_get_as_key_password;
+    ctx->gak_data = &ctx->password;
+
+    ctx->request_time = 0; /* filled in later */
+    ctx->start_time = start_time;
+
+    if (options == NULL) {
+        code = krb5_get_init_creds_opt_alloc(context, &options);
+        if (code != 0)
+            goto cleanup;
+    }
+
+    code = krb5int_gic_opt_to_opte(context, options,
+                                   &ctx->opte, 1, "krb5_init_creds_init");
+    if (code != 0)
+        goto cleanup;
 
-    /* request.padata is filled in later */
+    opte = ctx->opte;
 
-    request.kdc_options = context->kdc_default_options;
+    ctx->get_data_rock.magic = CLIENT_ROCK_MAGIC;
+    ctx->get_data_rock.etype = &ctx->etype;
 
-    /* forwardable */
+    /* Initialise request parameters as per krb5_get_init_creds() */
+    ctx->request->kdc_options = context->kdc_default_options;
 
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE))
-        tempint = options->forwardable;
-    else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                            KRB5_CONF_FORWARDABLE, &tempint)) == 0)
+    /* forwaradble */
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_FORWARDABLE)
+        tmp = opte->forwardable;
+    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
+                                     KRB5_CONF_FORWARDABLE, &tmp) == 0)
         ;
     else
-        tempint = 0;
-    if (tempint)
-        request.kdc_options |= KDC_OPT_FORWARDABLE;
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_FORWARDABLE;
 
     /* proxiable */
-
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE))
-        tempint = options->proxiable;
-    else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                            KRB5_CONF_PROXIABLE, &tempint)) == 0)
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_PROXIABLE)
+        tmp = opte->proxiable;
+    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
+                                     KRB5_CONF_PROXIABLE, &tmp) == 0)
         ;
     else
-        tempint = 0;
-    if (tempint)
-        request.kdc_options |= KDC_OPT_PROXIABLE;
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_PROXIABLE;
 
     /* canonicalize */
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE))
-        tempint = 1;
-    else if ((ret = krb5_libdefault_boolean(context, &client->realm,
-                                            KRB5_CONF_CANONICALIZE, &tempint)) == 0)
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_CANONICALIZE)
+        tmp = 1;
+    else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
+                                     KRB5_CONF_CANONICALIZE, &tmp) == 0)
         ;
     else
-        tempint = 0;
-    if (tempint)
-        request.kdc_options |= KDC_OPT_CANONICALIZE;
+        tmp = 0;
+    if (tmp)
+        ctx->request->kdc_options |= KDC_OPT_CANONICALIZE;
 
     /* allow_postdate */
-
-    if (start_time > 0)
-        request.kdc_options |= (KDC_OPT_ALLOW_POSTDATE|KDC_OPT_POSTDATED);
+    if (ctx->start_time > 0)
+        ctx->request->kdc_options |= KDC_OPT_ALLOW_POSTDATE | KDC_OPT_POSTDATED;
 
     /* ticket lifetime */
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)
+        ctx->tkt_life = options->tkt_life;
+    else if (krb5_libdefault_string(context, &ctx->request->client->realm,
+                                    KRB5_CONF_TICKET_LIFETIME, &str) == 0) {
+        code = krb5_string_to_deltat(str, &ctx->tkt_life);
+        if (code != 0)
+            goto cleanup;
+        free(str);
+        str = NULL;
+    } else
+        ctx->tkt_life = 24 * 60 * 60; /* previously hardcoded in kinit */
 
-    if ((ret = krb5_timeofday(context, &request.from)))
-        goto cleanup;
-    request.from = krb5int_addint32(request.from, start_time);
-
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_TKT_LIFE)) {
-        tkt_life = options->tkt_life;
-    } else if ((ret = krb5_libdefault_string(context, &client->realm,
-                                             KRB5_CONF_TICKET_LIFETIME, &tempstr))
-               == 0) {
-        ret = krb5_string_to_deltat(tempstr, &tkt_life);
-        free(tempstr);
-        if (ret) {
+    /* renewable lifetime */
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)
+        ctx->renew_life = options->renew_life;
+    else if (krb5_libdefault_string(context, &ctx->request->client->realm,
+                                    KRB5_CONF_RENEW_LIFETIME, &str) == 0) {
+        code = krb5_string_to_deltat(str, &ctx->renew_life);
+        if (code != 0)
             goto cleanup;
-        }
+        free(str);
+        str = NULL;
+    } else
+        ctx->renew_life = 0;
+
+    if (ctx->renew_life > 0)
+        ctx->request->kdc_options |= KDC_OPT_RENEWABLE;
+
+    /* enctypes */
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST) {
+        ctx->request->ktype =
+            k5alloc((opte->etype_list_length * sizeof(krb5_enctype)),
+                    &code);
+        if (code != 0)
+            goto cleanup;
+        ctx->request->nktypes = opte->etype_list_length;
+        memcpy(ctx->request->ktype, opte->etype_list,
+               ctx->request->nktypes * sizeof(krb5_enctype));
+    } else if (krb5_get_default_in_tkt_ktypes(context,
+                                              &ctx->request->ktype) == 0) {
+        for (ctx->request->nktypes = 0;
+             ctx->request->ktype[ctx->request->nktypes] != ENCTYPE_NULL;
+             ctx->request->nktypes++)
+            ;
     } else {
-        /* this used to be hardcoded in kinit.c */
-        tkt_life = 24*60*60;
+        /* there isn't any useful default here. */
+        code = KRB5_CONFIG_ETYPE_NOSUPP;
+        goto cleanup;
     }
-    request.till = krb5int_addint32(request.from, tkt_life);
 
-    /* renewable lifetime */
-
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE)) {
-        renew_life = options->renew_life;
-    } else if ((ret = krb5_libdefault_string(context, &client->realm,
-                                             KRB5_CONF_RENEW_LIFETIME, &tempstr))
-               == 0) {
-        ret = krb5_string_to_deltat(tempstr, &renew_life);
-        free(tempstr);
-        if (ret) {
+    /* addresess */
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST) {
+        code = krb5_copy_addresses(context, opte->address_list,
+                                   &ctx->request->addresses);
+        if (code != 0)
             goto cleanup;
-        }
+    } else if (krb5_libdefault_boolean(context, &ctx->request->client->realm,
+                                       KRB5_CONF_NOADDRESSES, &tmp) != 0
+               || tmp) {
+        ctx->request->addresses = NULL;
     } else {
-        renew_life = 0;
+        code = krb5_os_localaddr(context, &ctx->request->addresses);
+        if (code != 0)
+            goto cleanup;
     }
-    if (renew_life > 0)
-        request.kdc_options |= KDC_OPT_RENEWABLE;
 
-    if (renew_life > 0) {
-        request.rtime = krb5int_addint32(request.from, renew_life);
-        if (request.rtime < request.till) {
-            /* don't ask for a smaller renewable time than the lifetime */
-            request.rtime = request.till;
-        }
-        /* we are already asking for renewable tickets so strip this option */
-        request.kdc_options &= ~(KDC_OPT_RENEWABLE_OK);
+    if (opte->flags & KRB5_GET_INIT_CREDS_OPT_SALT) {
+        code = krb5int_copy_data_contents(context, opte->salt, &ctx->salt);
+        if (code != 0)
+            goto cleanup;
     } else {
-        request.rtime = 0;
+        ctx->salt.length = SALT_TYPE_AFS_LENGTH;
+        ctx->salt.data = NULL;
     }
 
-    /* client */
+    code = restart_init_creds_loop(context, ctx, NULL);
 
-    request.client = client;
+    *pctx = ctx;
 
-    /* per referrals draft, enterprise principals imply canonicalization */
-    canon_flag = ((request.kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
-        client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
+cleanup:
+    if (code != 0)
+        krb5_init_creds_free(context, ctx);
+    if (str != NULL)
+        free(str);
 
-    /* service */
-    if ((ret = build_in_tkt_name(context, in_tkt_service,
-                                 request.client, &request.server)))
-        goto cleanup;
+    return code;
+}
 
-    krb5_preauth_request_context_init(context);
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_service(krb5_context context,
+                            krb5_init_creds_context ctx,
+                            const char *service)
+{
+    char *s;
 
+    s = strdup(service);
+    if (s == NULL)
+        return ENOMEM;
 
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST)) {
-        request.ktype = options->etype_list;
-        request.nktypes = options->etype_list_length;
-    } else if ((ret = krb5_get_default_in_tkt_ktypes(context,
-                                                     &request.ktype)) == 0) {
-        for (request.nktypes = 0;
-             request.ktype[request.nktypes];
-             request.nktypes++)
-            ;
-    } else {
-        /* there isn't any useful default here.  ret is set from above */
-        goto cleanup;
-    }
+    free(ctx->in_tkt_service);
+    ctx->in_tkt_service = s;
 
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST)) {
-        request.addresses = options->address_list;
-    }
-    /* it would be nice if this parsed out an address list, but
-       that would be work. */
-    else if (((ret = krb5_libdefault_boolean(context, &client->realm,
-                                             KRB5_CONF_NOADDRESSES, &tempint)) != 0)
-             || (tempint == 1)) {
-        ;
-    } else {
-        if ((ret = krb5_os_localaddr(context, &request.addresses)))
-            goto cleanup;
+    krb5_preauth_request_context_fini(context);
+    return restart_init_creds_loop(context, ctx, NULL);
+}
+
+static krb5_error_code
+init_creds_validate_reply(krb5_context context,
+                          krb5_init_creds_context ctx,
+                          krb5_data *reply)
+{
+    krb5_error_code code;
+    krb5_error *error = NULL;
+    krb5_kdc_rep *as_reply = NULL;
+
+    krb5_free_error(context, ctx->err_reply);
+    ctx->err_reply = NULL;
+
+    krb5_free_kdc_rep(context, ctx->reply);
+    ctx->reply = NULL;
+
+    if (krb5_is_krb_error(reply)) {
+        code = decode_krb5_error(reply, &error);
+        if (code != 0)
+            return code;
+
+        assert(error != NULL);
+
+        if (error->error == KRB_ERR_RESPONSE_TOO_BIG) {
+            krb5_free_error(context, error);
+            return KRB5KRB_ERR_RESPONSE_TOO_BIG;
+        } else {
+            ctx->err_reply = error;
+            return 0;
+        }
     }
 
-    request.authorization_data.ciphertext.length = 0;
-    request.authorization_data.ciphertext.data = 0;
-    request.unenc_authdata = 0;
-    request.second_ticket = 0;
+    /*
+     * Check to make sure it isn't a V4 reply.
+     */
+    if (reply->length != 0 && !krb5_is_as_rep(reply)) {
+/* these are in <kerberosIV/prot.h> as well but it isn't worth including. */
+#define V4_KRB_PROT_VERSION     4
+#define V4_AUTH_MSG_ERR_REPLY   (5<<1)
+        /* check here for V4 reply */
+        unsigned int t_switch;
 
-    /* set up the other state.  */
+        /* From v4 g_in_tkt.c: This used to be
+           switch (pkt_msg_type(rpkt) & ~1) {
+           but SCO 3.2v4 cc compiled that incorrectly.  */
+        t_switch = reply->data[1];
+        t_switch &= ~1;
 
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST)) {
-        if ((ret = make_preauth_list(context, options->preauth_list,
-                                     options->preauth_list_length,
-                                     &preauth_to_use)))
-            goto cleanup;
+        if (t_switch == V4_AUTH_MSG_ERR_REPLY
+            && reply->data[0] == V4_KRB_PROT_VERSION) {
+            code = KRB5KRB_AP_ERR_V4_REPLY;
+        } else {
+            code = KRB5KRB_AP_ERR_MSG_TYPE;
+        }
+        return code;
     }
 
-    /* the salt is allocated from somewhere, unless it is from the caller,
-       then it is a reference */
+    /* It must be a KRB_AS_REP message, or an bad returned packet */
+    code = decode_krb5_as_rep(reply, &as_reply);
+    if (code != 0)
+        return code;
 
-    if (options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT)) {
-        salt = *options->salt;
-    } else {
-        salt.length = SALT_TYPE_AFS_LENGTH;
-        salt.data = NULL;
+    if (as_reply->msg_type != KRB5_AS_REP) {
+        krb5_free_kdc_rep(context, as_reply);
+        return KRB5KRB_AP_ERR_MSG_TYPE;
     }
 
+    ctx->reply = as_reply;
+
+    return 0;
+}
+
+static krb5_error_code
+init_creds_step_request(krb5_context context,
+                        krb5_init_creds_context ctx,
+                        krb5_data *out)
+{
+    krb5_error_code code;
 
-    /* set the request nonce */
-    if ((ret = krb5_timeofday(context, &time_now)))
+    if (ctx->loopcount >= MAX_IN_TKT_LOOPS) {
+        code = KRB5_GET_IN_TKT_LOOP;
         goto cleanup;
-    /*
-     * XXX we know they are the same size... and we should do
-     * something better than just the current time
-     */
-    {
-        unsigned char random_buf[4];
-        krb5_data random_data;
-
-        random_data.length = 4;
-        random_data.data = (char *)random_buf;
-        if (krb5_c_random_make_octets(context, &random_data) == 0)
-            /* See RT ticket 3196 at MIT.  If we set the high bit, we
-               may have compatibility problems with Heimdal, because
-               we (incorrectly) encode this value as signed.  */
-            request.nonce = 0x7fffffff & load_32_n(random_buf);
-        else
-            /* XXX  Yuck.  Old version.  */
-            request.nonce = (krb5_int32) time_now;
     }
-    ret = krb5int_fast_as_armor(context, fast_state, options, &request);
-    if (ret != 0)
+
+    if (ctx->err_reply == NULL) {
+        /* either our first attempt, or retrying after PREAUTH_NEEDED */
+        code = krb5_do_preauth(context,
+                               ctx->request,
+                               ctx->encoded_request_body,
+                               ctx->encoded_previous_request,
+                               ctx->preauth_to_use,
+                               &ctx->request->padata,
+                               &ctx->salt,
+                               &ctx->s2kparams,
+                               &ctx->etype,
+                               &ctx->as_key,
+                               ctx->prompter,
+                               ctx->prompter_data,
+                               ctx->gak_fct,
+                               ctx->gak_data,
+                               &ctx->get_data_rock,
+                               ctx->opte);
+        if (code != 0)
+            goto cleanup;
+    } else {
+        if (ctx->preauth_to_use != NULL) {
+            /*
+             * Retry after an error other than PREAUTH_NEEDED,
+             * using e-data to figure out what to change.
+             */
+            code = krb5_do_preauth_tryagain(context,
+                                            ctx->request,
+                                            ctx->encoded_request_body,
+                                            ctx->encoded_previous_request,
+                                            ctx->preauth_to_use,
+                                            &ctx->request->padata,
+                                            ctx->err_reply,
+                                            &ctx->salt,
+                                            &ctx->s2kparams,
+                                            &ctx->etype,
+                                            &ctx->as_key,
+                                            ctx->prompter,
+                                            ctx->prompter_data,
+                                            ctx->gak_fct,
+                                            ctx->gak_data,
+                                            &ctx->get_data_rock,
+                                            ctx->opte);
+        } else {
+            /* No preauth supplied, so can't query the plugins. */
+            code = KRB5KRB_ERR_GENERIC;
+        }
+        if (code != 0) {
+            /* couldn't come up with anything better */
+            code = ctx->err_reply->error + ERROR_TABLE_BASE_krb5;
+            goto cleanup;
+        }
+    }
+
+    if (ctx->encoded_previous_request != NULL) {
+        krb5_free_data(context, ctx->encoded_previous_request);
+        ctx->encoded_previous_request = NULL;
+    }
+    if (ctx->request->padata)
+        ctx->sent_nontrivial_preauth = 1;
+    if (ctx->enc_pa_rep_permitted)
+        code = request_enc_pa_rep(&ctx->request->padata);
+    if (code)
         goto cleanup;
-    /* give the preauth plugins a chance to prep the request body */
-    krb5_preauth_prepare_request(context, options, &request);
-    ret = krb5int_fast_prep_req_body(context, fast_state,
-                                     &request, &encoded_request_body);
-    if (ret)
+    code = krb5int_fast_prep_req(context, ctx->fast_state,
+                                 ctx->request, ctx->encoded_request_body,
+                                 encode_krb5_as_req,
+                                 &ctx->encoded_previous_request);
+    if (code != 0)
         goto cleanup;
 
-    get_data_rock.magic = CLIENT_ROCK_MAGIC;
-    get_data_rock.etype = &etype;
-    get_data_rock.fast_state = fast_state;
+    code = krb5int_copy_data_contents(context,
+                                      ctx->encoded_previous_request,
+                                      out);
+    if (code != 0)
+        goto cleanup;
 
-    /* now, loop processing preauth data and talking to the kdc */
-    for (loopcount = 0; loopcount < MAX_IN_TKT_LOOPS; loopcount++) {
-        if (request.padata) {
-            krb5_free_pa_data(context, request.padata);
-            request.padata = NULL;
-        }
-        if (!err_reply) {
-            /* either our first attempt, or retrying after PREAUTH_NEEDED */
-            if ((ret = krb5_do_preauth(context,
-                                       &request,
-                                       encoded_request_body,
-                                       encoded_previous_request,
-                                       preauth_to_use, &request.padata,
-                                       &salt, &s2kparams, &etype, &as_key,
-                                       prompter, prompter_data,
-                                       gak_fct, gak_data,
-                                       &get_data_rock, options)))
-                goto cleanup;
-            if (out_padata) {
-                krb5_free_pa_data(context, out_padata);
-                out_padata = NULL;
-            }
-        } else {
-            if (preauth_to_use != NULL) {
-                /*
-                 * Retry after an error other than PREAUTH_NEEDED,
-                 * using e-data to figure out what to change.
-                 */
-                ret = krb5_do_preauth_tryagain(context,
-                                               &request,
-                                               encoded_request_body,
-                                               encoded_previous_request,
-                                               preauth_to_use, &request.padata,
-                                               err_reply,
-                                               &salt, &s2kparams, &etype,
-                                               &as_key,
-                                               prompter, prompter_data,
-                                               gak_fct, gak_data,
-                                               &get_data_rock, options);
-            } else {
-                /* No preauth supplied, so can't query the plug-ins. */
-                ret = KRB5KRB_ERR_GENERIC;
-            }
-            if (ret) {
-                /* couldn't come up with anything better */
-                ret = err_reply->error + ERROR_TABLE_BASE_krb5;
-            }
-            krb5_free_error(context, err_reply);
-            err_reply = NULL;
-            if (ret)
-                goto cleanup;
-        }
+cleanup:
+    return code;
+}
 
-        if (encoded_previous_request != NULL) {
-            krb5_free_data(context, encoded_previous_request);
-            encoded_previous_request = NULL;
-        }
-        ret = krb5int_fast_prep_req(context, fast_state,
-                                    &request, encoded_request_body,
-                                    encode_krb5_as_req, &encoded_previous_request);
-        if (ret)
-            goto cleanup;
+/*
+ * The control flow is complicated.  In order to switch from non-FAST mode to
+ * FAST mode, we need to reset our pre-authentication state.  FAST negotiation
+ * attempts to make sure we rarely have to do this.  When FAST negotiation is
+ * working, we record whether FAST is available when we obtain an armor ticket;
+ * if so, we start out with FAST enabled .  There are two complicated
+ * situations.
+ *
+ * First, if we get a PREAUTH_REQUIRED error including PADATA_FX_FAST back from
+ * a KDC in a case where we were not expecting to use FAST, and we have an
+ * armor ticket available, then we want to use FAST.  That involves clearing
+ * out the pre-auth state, reinitializing the plugins and trying again with an
+ * armor key.
+ *
+ * Secondly, using the negotiation can cause problems with some older KDCs.
+ * Negotiation involves including a special padata item.  Some KDCs, including
+ * MIT prior to 1.7, will return PREAUTH_FAILED rather than PREAUTH_REQUIRED in
+ * pre-authentication is required and unknown padata are included in the
+ * request.  To make matters worse, these KDCs typically do not include a list
+ * of padata in PREAUTH_FAILED errors.  So, if we get PREAUTH_FAILED and we
+ * generated no pre-authentication other than the negotiation then we want to
+ * retry without negotiation.  In this case it is probably also desirable to
+ * retry with the preauth plugin state cleared.
+ *
+ * In all these cases we should not start over more than once.  Control flow is
+ * managed by several variables.
+ *
+ *   sent_nontrivial_preauth: if true, we sent preauth other than negotiation;
+ *   no restart on PREAUTH_FAILED
+ *
+ *   KRB5INT_FAST_ARMOR_AVAIL: fast_state_flag if desired we could generate
+ *   armor; if not set, then we can't use FAST even if the KDC wants to.
+ *
+ *   have_restarted: true if we've already restarted
+ */
+static krb5_boolean
+negotiation_requests_restart(krb5_context context, krb5_init_creds_context ctx,
+                             krb5_pa_data **padata)
+{
+    if (!ctx->have_restarted &&
+        (krb5int_upgrade_to_fast_p(context, ctx->fast_state, padata) ||
+         (ctx->err_reply->error == KDC_ERR_PREAUTH_FAILED &&
+          !ctx->sent_nontrivial_preauth)))
+        return 1;
+    return 0;
+}
 
-        err_reply = 0;
-        local_as_reply = 0;
-        if ((ret = send_as_request(context, encoded_previous_request,
-                                   krb5_princ_realm(context, request.client), &err_reply,
-                                   &local_as_reply, use_master)))
-            goto cleanup;
+static krb5_error_code
+init_creds_step_reply(krb5_context context,
+                      krb5_init_creds_context ctx,
+                      krb5_data *in)
+{
+    krb5_error_code code;
+    krb5_pa_data **padata = NULL;
+    krb5_pa_data **kdc_padata = NULL;
+    krb5_boolean retry = FALSE;
+    int canon_flag = 0;
+    krb5_keyblock *strengthen_key = NULL;
+    krb5_keyblock encrypting_key;
+    krb5_boolean fast_avail;
 
-        if (err_reply) {
-            ret = krb5int_fast_process_error(context, fast_state, &err_reply,
-                                             &out_padata, &retry);
-            if (ret !=0)
-                goto cleanup;
-            if (err_reply->error == KDC_ERR_PREAUTH_REQUIRED && retry) {
-                /* reset the list of preauth types to try */
-                if (preauth_to_use) {
-                    krb5_free_pa_data(context, preauth_to_use);
-                    preauth_to_use = NULL;
-                }
-                preauth_to_use = out_padata;
-                out_padata = NULL;
-                krb5_free_error(context, err_reply);
-                err_reply = NULL;
-                ret = sort_krb5_padata_sequence(context,
-                                                &request.server->realm,
-                                                preauth_to_use);
-                if (ret)
-                    goto cleanup;
-                /* continue to next iteration */
-            } else if (canon_flag && err_reply->error == KDC_ERR_WRONG_REALM) {
-                if (err_reply->client == NULL ||
-                    err_reply->client->realm.length == 0) {
-                    ret = KRB5KDC_ERR_WRONG_REALM;
-                    krb5_free_error(context, err_reply);
-                    goto cleanup;
-                }
-                /* Rewrite request.client with realm from error reply */
-                if (referred_client.realm.data) {
-                    krb5_free_data_contents(context, &referred_client.realm);
-                    referred_client.realm.data = NULL;
-                }
-                ret = krb5int_copy_data_contents(context,
-                                                 &err_reply->client->realm,
-                                                 &referred_client.realm);
-                krb5_free_error(context, err_reply);
-                err_reply = NULL;
-                if (ret)
-                    goto cleanup;
-                request.client = &referred_client;
+    encrypting_key.length = 0;
+    encrypting_key.contents = NULL;
 
-                krb5_free_principal(context, request.server);
-                request.server = NULL;
+    /* process previous KDC response */
+    code = init_creds_validate_reply(context, ctx, in);
+    if (code != 0)
+        goto cleanup;
 
-                ret = build_in_tkt_name(context, in_tkt_service,
-                                        request.client, &request.server);
-                if (ret)
-                    goto cleanup;
-            } else {
-                if (retry)  {
-                    /* continue to next iteration */
-                } else {
-                    /* error + no hints = give up */
-                    ret = (krb5_error_code) err_reply->error
-                        + ERROR_TABLE_BASE_krb5;
-                    krb5_free_error(context, err_reply);
-                    goto cleanup;
-                }
+    /* per referrals draft, enterprise principals imply canonicalization */
+    canon_flag = ((ctx->request->kdc_options & KDC_OPT_CANONICALIZE) != 0) ||
+        ctx->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
+
+    if (ctx->err_reply != NULL) {
+        code = krb5int_fast_process_error(context, ctx->fast_state,
+                                          &ctx->err_reply, &padata, &retry);
+        if (code != 0)
+            goto cleanup;
+        if (negotiation_requests_restart(context, ctx, padata)) {
+            ctx->have_restarted = 1;
+            krb5_preauth_request_context_fini(context);
+            if ((ctx->fast_state->fast_state_flags & KRB5INT_FAST_DO_FAST) ==0)
+                ctx->enc_pa_rep_permitted = 0;
+            code = restart_init_creds_loop(context, ctx, padata);
+            krb5_free_error(context, ctx->err_reply);
+            ctx->err_reply = NULL;
+        } else if (ctx->err_reply->error == KDC_ERR_PREAUTH_REQUIRED &&
+                   retry) {
+            /* reset the list of preauth types to try */
+            krb5_free_pa_data(context, ctx->preauth_to_use);
+            ctx->preauth_to_use = padata;
+            padata = NULL;
+            /* this will trigger a new call to krb5_do_preauth() */
+            krb5_free_error(context, ctx->err_reply);
+            ctx->err_reply = NULL;
+            code = sort_krb5_padata_sequence(context,
+                                             &ctx->request->client->realm,
+                                             ctx->preauth_to_use);
+
+        } else if (canon_flag && ctx->err_reply->error == KDC_ERR_WRONG_REALM) {
+            if (ctx->err_reply->client == NULL ||
+                !krb5_princ_realm(context, ctx->err_reply->client)->length) {
+                code = KRB5KDC_ERR_WRONG_REALM;
+                goto cleanup;
             }
-        } else if (local_as_reply) {
-            break;
+            /* Rewrite request.client with realm from error reply */
+            krb5_free_data_contents(context, &ctx->request->client->realm);
+            code = krb5int_copy_data_contents(context,
+                                              &ctx->err_reply->client->realm,
+                                              &ctx->request->client->realm);
+            /* this will trigger a new call to krb5_do_preauth() */
+            krb5_free_error(context, ctx->err_reply);
+            ctx->err_reply = NULL;
+            krb5_preauth_request_context_fini(context);
+            /* Permit another negotiation based restart. */
+            ctx->have_restarted = 0;
+            ctx->sent_nontrivial_preauth = 0;
+            code = restart_init_creds_loop(context, ctx, NULL);
+            if (code != 0)
+                goto cleanup;
         } else {
-            ret = KRB5KRB_AP_ERR_MSG_TYPE;
-            goto cleanup;
+            if (retry) {
+                code = 0;
+            } else {
+                /* error + no hints = give up */
+                code = (krb5_error_code)ctx->err_reply->error +
+                    ERROR_TABLE_BASE_krb5;
+            }
         }
-    }
 
-#if APPLE_PKINIT
-    inTktDebug("krb5_get_init_creds done with send_as_request loop lc %d\n",
-               (int)loopcount);
-#endif /* APPLE_PKINIT */
-    if (loopcount == MAX_IN_TKT_LOOPS) {
-        ret = KRB5_GET_IN_TKT_LOOP;
+        /* Return error code, or continue with next iteration */
         goto cleanup;
     }
 
+    /* We have a response. Process it. */
+    assert(ctx->reply != NULL);
+
     /* process any preauth data in the as_reply */
     krb5_clear_preauth_context_use_counts(context);
-    ret = krb5int_fast_process_response(context, fast_state,
-                                        local_as_reply, &strengthen_key);
-    if (ret)
+    code = krb5int_fast_process_response(context, ctx->fast_state,
+                                         ctx->reply, &strengthen_key);
+    if (code != 0)
         goto cleanup;
-    if ((ret = sort_krb5_padata_sequence(context, &request.server->realm,
-                                         local_as_reply->padata)))
+
+    code = sort_krb5_padata_sequence(context, &ctx->request->client->realm,
+                                     ctx->reply->padata);
+    if (code != 0)
         goto cleanup;
-    etype = local_as_reply->enc_part.enctype;
-    if ((ret = krb5_do_preauth(context,
-                               &request,
-                               encoded_request_body, encoded_previous_request,
-                               local_as_reply->padata, &kdc_padata,
-                               &salt, &s2kparams, &etype, &as_key, prompter,
-                               prompter_data, gak_fct, gak_data,
-                               &get_data_rock, options))) {
-#if APPLE_PKINIT
-        inTktDebug("krb5_get_init_creds krb5_do_preauth returned %d\n", (int)ret);
-#endif /* APPLE_PKINIT */
+
+    ctx->etype = ctx->reply->enc_part.enctype;
+
+    code = krb5_do_preauth(context,
+                           ctx->request,
+                           ctx->encoded_request_body,
+                           ctx->encoded_previous_request,
+                           ctx->reply->padata,
+                           &kdc_padata,
+                           &ctx->salt,
+                           &ctx->s2kparams,
+                           &ctx->etype,
+                           &ctx->as_key,
+                           ctx->prompter,
+                           ctx->prompter_data,
+                           ctx->gak_fct,
+                           ctx->gak_data,
+                           &ctx->get_data_rock,
+                           ctx->opte);
+    if (code != 0)
         goto cleanup;
-    }
 
     /*
      * If we haven't gotten a salt from another source yet, set up one
@@ -1519,9 +1893,9 @@ krb5_get_init_creds(krb5_context context,
      * salt.  local_as_reply->client will be checked later on in
      * verify_as_reply.
      */
-    if (salt.length == SALT_TYPE_AFS_LENGTH && salt.data == NULL) {
-        ret = krb5_principal2salt(context, local_as_reply->client, &salt);
-        if (ret)
+    if (ctx->salt.length == SALT_TYPE_AFS_LENGTH && ctx->salt.data == NULL) {
+        code = krb5_principal2salt(context, ctx->reply->client, &ctx->salt);
+        if (code != 0)
             goto cleanup;
     }
 
@@ -1537,113 +1911,224 @@ krb5_get_init_creds(krb5_context context,
        it.  If decrypting the as_rep fails, or if there isn't an
        as_key at all yet, then use the gak_fct to get one, and try
        again.  */
-    if (as_key.length) {
-        ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
-                                     &encrypting_key);
-        if (ret)
+    if (ctx->as_key.length) {
+        code = krb5int_fast_reply_key(context, strengthen_key, &ctx->as_key,
+                                      &encrypting_key);
+        if (code != 0)
             goto cleanup;
-        ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
-                               NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
-                               NULL);
+        code = decrypt_as_reply(context, NULL, ctx->reply, NULL, NULL,
+                                &encrypting_key, krb5_kdc_rep_decrypt_proc,
+                                NULL);
     } else
-        ret = -1;
+        code = -1;
 
-    if (ret) {
+    if (code != 0) {
         /* if we haven't get gotten a key, get it now */
-
-        if ((ret = ((*gak_fct)(context, request.client,
-                               local_as_reply->enc_part.enctype,
-                               prompter, prompter_data, &salt, &s2kparams,
-                               &as_key, gak_data))))
+        code = (*ctx->gak_fct)(context, ctx->request->client,
+                               ctx->reply->enc_part.enctype,
+                               ctx->prompter, ctx->prompter_data,
+                               &ctx->salt, &ctx->s2kparams,
+                               &ctx->as_key, ctx->gak_data);
+        if (code != 0)
             goto cleanup;
 
-        ret = krb5int_fast_reply_key(context, strengthen_key, &as_key,
-                                     &encrypting_key);
-        if (ret)
+        code = krb5int_fast_reply_key(context, strengthen_key, &ctx->as_key,
+                                      &encrypting_key);
+        if (code != 0)
             goto cleanup;
-        if ((ret = decrypt_as_reply(context, NULL, local_as_reply, NULL,
-                                    NULL, &encrypting_key, krb5_kdc_rep_decrypt_proc,
-                                    NULL)))
+
+        code = decrypt_as_reply(context, NULL, ctx->reply, NULL, NULL,
+                                &encrypting_key, krb5_kdc_rep_decrypt_proc,
+                                NULL);
+        if (code != 0)
             goto cleanup;
     }
 
-    if ((ret = verify_as_reply(context, time_now, &request, local_as_reply)))
+    code = krb5int_fast_verify_nego(context, ctx->fast_state,
+                                    ctx->reply, ctx->encoded_previous_request,
+                                    &encrypting_key, &fast_avail);
+    if (code)
+        goto cleanup;
+    code = verify_as_reply(context, ctx->request_time,
+                           ctx->request, ctx->reply);
+    if (code != 0)
         goto cleanup;
 
-    /* XXX this should be inside stash_as_reply, but as long as
-       get_in_tkt is still around using that arg as an in/out, I can't
-       do that */
-    memset(creds, 0, sizeof(*creds));
-
-    if ((ret = stash_as_reply(context, time_now, &request, local_as_reply,
-                              creds, NULL)))
+    code = stash_as_reply(context, ctx->request_time, ctx->request,
+                          ctx->reply, &ctx->cred, NULL);
+    if (code != 0)
         goto cleanup;
+    if (ctx->opte && ctx->opte->opt_private->out_ccache) {
+        krb5_ccache out_ccache = ctx->opte->opt_private->out_ccache;
+        krb5_data config_data;
+        code = krb5_cc_initialize(context, out_ccache, ctx->cred.client);
+        if (code != 0)
+            goto cc_cleanup;
+        code = krb5_cc_store_cred(context, out_ccache, &ctx->cred);
+        if (code != 0)
+            goto cc_cleanup;
+        if (fast_avail) {
+            config_data.data = "yes";
+            config_data.length = strlen(config_data.data);
+            code = krb5_cc_set_config(context, out_ccache, ctx->cred.server,
+                                      KRB5_CONF_FAST_AVAIL, &config_data);
+        }
+    cc_cleanup:
+        if (code !=0) {
+            const char *msg;
+            msg = krb5_get_error_message(context, code);
+            krb5_set_error_message(context, code,
+                                   "%s while storing credentials", msg);
+            krb5_free_error_message(context, msg);
+        }
+    }
+
+    krb5_preauth_request_context_fini(context);
 
     /* success */
+    code = 0;
+    ctx->flags |= KRB5_INIT_CREDS_STEP_FLAG_COMPLETE;
+
+cleanup:
+    krb5_free_pa_data(context, padata);
+    krb5_free_pa_data(context, kdc_padata);
+    krb5_free_keyblock(context, strengthen_key);
+    krb5_free_keyblock_contents(context, &encrypting_key);
+
+    return code;
+}
+
+/*
+ * Do next step of credentials acquisition.
+ *
+ * On success returns 0 or KRB5KRB_ERR_RESPONSE_TOO_BIG if the request
+ * should be sent with TCP.
+ */
+krb5_error_code KRB5_CALLCONV
+krb5_init_creds_step(krb5_context context,
+                     krb5_init_creds_context ctx,
+                     krb5_data *in,
+                     krb5_data *out,
+                     krb5_data *realm,
+                     unsigned int *flags)
+{
+    krb5_error_code code = 0, code2;
+
+    *flags = 0;
+
+    out->data = NULL;
+    out->length = 0;
+
+    realm->data = NULL;
+    realm->length = 0;
+
+    if (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE)
+        goto cleanup;
+
+    if (in->length != 0) {
+        code = init_creds_step_reply(context, ctx, in);
+        if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG) {
+            code2 = krb5int_copy_data_contents(context,
+                                               ctx->encoded_previous_request,
+                                               out);
+            if (code2 != 0) {
+                code = code2;
+                goto cleanup;
+            }
+            goto copy_realm;
+        }
+        if (code != 0 || (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE))
+            goto cleanup;
+    }
 
-    ret = 0;
+    code = init_creds_step_request(context, ctx, out);
+    if (code != 0)
+        goto cleanup;
+
+    /* Only a new request increments the loop count, not a TCP retry */
+    ctx->loopcount++;
+
+copy_realm:
+    assert(ctx->request->server != NULL);
+
+    code2 = krb5int_copy_data_contents(context,
+                                       &ctx->request->server->realm,
+                                       realm);
+    if (code2 != 0) {
+        code = code2;
+        goto cleanup;
+    }
 
 cleanup:
-    if (ret != 0) {
+    if (code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN) {
         char *client_name;
-        /* See if we can produce a more detailed error message.  */
-        switch (ret) {
-        case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-            client_name = NULL;
-            if (krb5_unparse_name(context, client, &client_name) == 0) {
-                krb5_set_error_message(context, ret,
-                                       "Client '%s' not found in Kerberos database",
-                                       client_name);
-                free(client_name);
-            }
-            break;
-        default:
-            break;
+
+        /* See if we can produce a more detailed error message */
+        code2 = krb5_unparse_name(context, ctx->request->client, &client_name);
+        if (code2 == 0) {
+            krb5_set_error_message(context, code,
+                                   "Client '%s' not found in Kerberos database",
+                                   client_name);
+            krb5_free_unparsed_name(context, client_name);
         }
     }
-    krb5_preauth_request_context_fini(context);
-    krb5_free_keyblock(context, strengthen_key);
-    if (encrypting_key.contents)
-        krb5_free_keyblock_contents(context, &encrypting_key);
-    if (fast_state)
-        krb5int_fast_free_state(context, fast_state);
-    if (out_padata)
-        krb5_free_pa_data(context, out_padata);
-    if (encoded_previous_request != NULL) {
-        krb5_free_data(context, encoded_previous_request);
-        encoded_previous_request = NULL;
+
+    *flags = (ctx->flags & KRB5_INIT_CREDS_STEP_FLAG_COMPLETE);
+
+    return code;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5int_get_init_creds(krb5_context context,
+                       krb5_creds *creds,
+                       krb5_principal client,
+                       krb5_prompter_fct prompter,
+                       void *prompter_data,
+                       krb5_deltat start_time,
+                       char *in_tkt_service,
+                       krb5_get_init_creds_opt *options,
+                       krb5_gic_get_as_key_fct gak_fct,
+                       void *gak_data,
+                       int  *use_master,
+                       krb5_kdc_rep **as_reply)
+{
+    krb5_error_code code;
+    krb5_init_creds_context ctx = NULL;
+
+    code = krb5_init_creds_init(context,
+                                client,
+                                prompter,
+                                prompter_data,
+                                start_time,
+                                options,
+                                &ctx);
+    if (code != 0)
+        goto cleanup;
+
+    ctx->gak_fct = gak_fct;
+    ctx->gak_data = gak_data;
+
+    if (in_tkt_service) {
+        code = krb5_init_creds_set_service(context, ctx, in_tkt_service);
+        if (code != 0)
+            goto cleanup;
     }
-    if (encoded_request_body != NULL) {
-        krb5_free_data(context, encoded_request_body);
-        encoded_request_body = NULL;
+
+    code = init_creds_get(context, ctx, use_master);
+    if (code != 0)
+        goto cleanup;
+
+    code = krb5_init_creds_get_creds(context, ctx, creds);
+    if (code != 0)
+        goto cleanup;
+
+    if (as_reply != NULL) {
+        *as_reply = ctx->reply;
+        ctx->reply = NULL;
     }
-    if (request.server)
-        krb5_free_principal(context, request.server);
-    if (request.ktype &&
-        (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST))))
-        free(request.ktype);
-    if (request.addresses &&
-        (!(options &&
-           (options->flags & KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST))))
-        krb5_free_addresses(context, request.addresses);
-    if (preauth_to_use)
-        krb5_free_pa_data(context, preauth_to_use);
-    if (kdc_padata)
-        krb5_free_pa_data(context, kdc_padata);
-    if (request.padata)
-        krb5_free_pa_data(context, request.padata);
-    if (as_key.length)
-        krb5_free_keyblock_contents(context, &as_key);
-    if (salt.data &&
-        (!(options && (options->flags & KRB5_GET_INIT_CREDS_OPT_SALT))))
-        free(salt.data);
-    krb5_free_data_contents(context, &s2kparams);
-    if (as_reply)
-        *as_reply = local_as_reply;
-    else if (local_as_reply)
-        krb5_free_kdc_rep(context, local_as_reply);
-    if (referred_client.realm.data)
-        krb5_free_data_contents(context, &referred_client.realm);
 
-    return(ret);
+cleanup:
+    krb5_init_creds_free(context, ctx);
+
+    return code;
 }
diff --git a/src/lib/krb5/krb/gic_keytab.c b/src/lib/krb5/krb/gic_keytab.c
index ab064eb..c4c6d32 100644
--- a/src/lib/krb5/krb/gic_keytab.c
+++ b/src/lib/krb5/krb/gic_keytab.c
@@ -27,18 +27,18 @@
 #ifndef LEAN_CLIENT
 
 #include "k5-int.h"
+#include "init_creds_ctx.h"
 
 static krb5_error_code
-krb5_get_as_key_keytab(
-    krb5_context context,
-    krb5_principal client,
-    krb5_enctype etype,
-    krb5_prompter_fct prompter,
-    void *prompter_data,
-    krb5_data *salt,
-    krb5_data *params,
-    krb5_keyblock *as_key,
-    void *gak_data)
+get_as_key_keytab(krb5_context context,
+                  krb5_principal client,
+                  krb5_enctype etype,
+                  krb5_prompter_fct prompter,
+                  void *prompter_data,
+                  krb5_data *salt,
+                  krb5_data *params,
+                  krb5_keyblock *as_key,
+                  void *gak_data)
 {
     krb5_keytab keytab = (krb5_keytab) gak_data;
     krb5_error_code ret;
@@ -78,6 +78,17 @@ krb5_get_as_key_keytab(
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_keytab(krb5_context context,
+                           krb5_init_creds_context ctx,
+                           krb5_keytab keytab)
+{
+    ctx->gak_fct = get_as_key_keytab;
+    ctx->gak_data = keytab;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_keytab(krb5_context context,
                            krb5_creds *creds,
                            krb5_principal client,
@@ -89,7 +100,6 @@ krb5_get_init_creds_keytab(krb5_context context,
     krb5_error_code ret, ret2;
     int use_master;
     krb5_keytab keytab;
-    krb5_gic_opt_ext *opte = NULL;
 
     if (arg_keytab == NULL) {
         if ((ret = krb5_kt_default(context, &keytab)))
@@ -98,19 +108,14 @@ krb5_get_init_creds_keytab(krb5_context context,
         keytab = arg_keytab;
     }
 
-    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-                                  "krb5_get_init_creds_keytab");
-    if (ret)
-        return ret;
-
     use_master = 0;
 
     /* first try: get the requested tkt from any kdc */
 
-    ret = krb5_get_init_creds(context, creds, client, NULL, NULL,
-                              start_time, in_tkt_service, opte,
-                              krb5_get_as_key_keytab, (void *) keytab,
-                              &use_master,NULL);
+    ret = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+                                 start_time, in_tkt_service, options,
+                                 get_as_key_keytab, (void *) keytab,
+                                 &use_master,NULL);
 
     /* check for success */
 
@@ -128,10 +133,10 @@ krb5_get_init_creds_keytab(krb5_context context,
     if (!use_master) {
         use_master = 1;
 
-        ret2 = krb5_get_init_creds(context, creds, client, NULL, NULL,
-                                   start_time, in_tkt_service, opte,
-                                   krb5_get_as_key_keytab, (void *) keytab,
-                                   &use_master, NULL);
+        ret2 = krb5int_get_init_creds(context, creds, client, NULL, NULL,
+                                      start_time, in_tkt_service, options,
+                                      get_as_key_keytab, (void *) keytab,
+                                      &use_master, NULL);
 
         if (ret2 == 0) {
             ret = 0;
@@ -153,8 +158,6 @@ krb5_get_init_creds_keytab(krb5_context context,
        do any prompting or changing for keytabs, that's it. */
 
 cleanup:
-    if (opte && krb5_gic_opt_is_shadowed(opte))
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     if (arg_keytab == NULL)
         krb5_kt_close(context, keytab);
 
@@ -168,13 +171,13 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
                             krb5_creds *creds, krb5_kdc_rep **ret_as_reply)
 {
     krb5_error_code retval;
-    krb5_gic_opt_ext *opte;
+    krb5_get_init_creds_opt *opts;
     char * server = NULL;
     krb5_keytab keytab;
     krb5_principal client_princ, server_princ;
     int use_master = 0;
 
-    retval = krb5int_populate_gic_opt(context, &opte,
+    retval = krb5int_populate_gic_opt(context, &opts,
                                       options, addrs, ktypes,
                                       pre_auth_types, creds);
     if (retval)
@@ -183,7 +186,7 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     if (arg_keytab == NULL) {
         retval = krb5_kt_default(context, &keytab);
         if (retval)
-            return retval;
+            goto cleanup;
     }
     else keytab = arg_keytab;
 
@@ -192,14 +195,12 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
         goto cleanup;
     server_princ = creds->server;
     client_princ = creds->client;
-    retval = krb5_get_init_creds (context,
-                                  creds, creds->client,
-                                  krb5_prompter_posix,  NULL,
-                                  0, server, opte,
-                                  krb5_get_as_key_keytab, (void *)keytab,
-                                  &use_master, ret_as_reply);
+    retval = krb5int_get_init_creds(context, creds, creds->client,
+                                    krb5_prompter_posix,  NULL,
+                                    0, server, opts,
+                                    get_as_key_keytab, (void *)keytab,
+                                    &use_master, ret_as_reply);
     krb5_free_unparsed_name( context, server);
-    krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     if (retval) {
         goto cleanup;
     }
@@ -212,7 +213,9 @@ krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options,
     if (ccache)
         if ((retval = krb5_cc_store_cred(context, ccache, creds)))
             goto cleanup;
-cleanup:    if (arg_keytab == NULL)
+cleanup:
+    krb5_get_init_creds_opt_free(context, opts);
+    if (arg_keytab == NULL)
         krb5_kt_close(context, keytab);
     return retval;
 }
diff --git a/src/lib/krb5/krb/gic_opt.c b/src/lib/krb5/krb/gic_opt.c
index bff4539..f4cfd92 100644
--- a/src/lib/krb5/krb/gic_opt.c
+++ b/src/lib/krb5/krb/gic_opt.c
@@ -149,6 +149,8 @@ krb5int_gic_opte_private_free(krb5_context context, krb5_gic_opt_ext *opte)
         free_gic_opt_ext_preauth_data(context, opte);
     if (opte->opt_private->fast_ccache_name)
         free(opte->opt_private->fast_ccache_name);
+    if (opte->opt_private->out_ccache)
+        krb5_cc_close(context, opte->opt_private->out_ccache);
     free(opte->opt_private);
     opte->opt_private = NULL;
     return 0;
@@ -486,3 +488,59 @@ krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_set_fast_ccache_name
         retval = ENOMEM;
     return retval;
 }
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_out_ccache(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_ccache ccache)
+{
+    krb5_error_code retval = 0;
+    krb5_gic_opt_ext *opte;
+
+    retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+                                     "krb5_get_init_creds_opt_set_out_ccache");
+    if (retval)
+        return retval;
+    if (opte->opt_private->out_ccache) {
+        krb5_cc_close(context,  opte->opt_private->out_ccache);
+        opte->opt_private->out_ccache = NULL;
+    }
+    retval = krb5_cc_resolve(context, krb5_cc_get_name(context, ccache),
+                            &opte->opt_private->out_ccache);
+        return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_set_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags flags)
+{
+    krb5_error_code retval = 0;
+    krb5_gic_opt_ext *opte;
+
+    retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+                                     "krb5_get_init_creds_opt_set_fast_flags");
+    if (retval)
+        return retval;
+    opte->opt_private->fast_flags = flags;
+        return retval;
+}
+
+krb5_error_code KRB5_CALLCONV
+krb5_get_init_creds_opt_get_fast_flags(krb5_context context,
+                                       krb5_get_init_creds_opt *opt,
+                                       krb5_flags *out_flags)
+{
+    krb5_error_code retval = 0;
+    krb5_gic_opt_ext *opte;
+    if (out_flags == NULL)
+        return EINVAL;
+    *out_flags = 0;
+    retval = krb5int_gic_opt_to_opte(context, opt, &opte, 0,
+                                     "krb5_get_init_creds_opt_get_fast_flags");
+    if (retval)
+        return retval;
+    *out_flags = opte->opt_private->fast_flags;
+        return retval;
+}
+
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 84e5b49..eac2afb 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -1,8 +1,9 @@
 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "com_err.h"
+#include "init_creds_ctx.h"
 
-static krb5_error_code
+krb5_error_code
 krb5_get_as_key_password(
     krb5_context context,
     krb5_principal client,
@@ -39,7 +40,7 @@ krb5_get_as_key_password(
         }
     }
 
-    if (password->data[0] == '\0') {
+    if (password->length == 0 || password->data[0] == '\0') {
         if (prompter == NULL)
             return(EIO);
 
@@ -83,6 +84,30 @@ krb5_get_as_key_password(
 }
 
 krb5_error_code KRB5_CALLCONV
+krb5_init_creds_set_password(krb5_context context,
+                             krb5_init_creds_context ctx,
+                             const char *password)
+{
+    char *s;
+
+    s = strdup(password);
+    if (s == NULL)
+        return ENOMEM;
+
+    if (ctx->password.data != NULL) {
+        zap(ctx->password.data, ctx->password.length);
+        krb5_free_data_contents(context, &ctx->password);
+    }
+
+    ctx->password.data = s;
+    ctx->password.length = strlen(s);
+    ctx->gak_fct = krb5_get_as_key_password;
+    ctx->gak_data = &ctx->password;
+
+    return 0;
+}
+
+krb5_error_code KRB5_CALLCONV
 krb5_get_init_creds_password(krb5_context context,
                              krb5_creds *creds,
                              krb5_principal client,
@@ -103,8 +128,6 @@ krb5_get_init_creds_password(krb5_context context,
     char banner[1024], pw0array[1024], pw1array[1024];
     krb5_prompt prompt[2];
     krb5_prompt_type prompt_types[sizeof(prompt)/sizeof(prompt[0])];
-    krb5_gic_opt_ext *opte = NULL;
-    krb5_gic_opt_ext *chpw_opte = NULL;
 
     use_master = 0;
     as_reply = NULL;
@@ -127,17 +150,12 @@ krb5_get_init_creds_password(krb5_context context,
     pw1.data[0] = '\0';
     pw1.length = sizeof(pw1array);
 
-    ret = krb5int_gic_opt_to_opte(context, options, &opte, 1,
-                                  "krb5_get_init_creds_password");
-    if (ret)
-        goto cleanup;
-
     /* first try: get the requested tkt from any kdc */
 
-    ret = krb5_get_init_creds(context, creds, client, prompter, data,
-                              start_time, in_tkt_service, opte,
-                              krb5_get_as_key_password, (void *) &pw0,
-                              &use_master, &as_reply);
+    ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                 start_time, in_tkt_service, options,
+                                 krb5_get_as_key_password, (void *) &pw0,
+                                 &use_master, &as_reply);
 
     /* check for success */
 
@@ -162,10 +180,10 @@ krb5_get_init_creds_password(krb5_context context,
             krb5_free_kdc_rep( context, as_reply);
             as_reply = NULL;
         }
-        ret2 = krb5_get_init_creds(context, creds, client, prompter, data,
-                                   start_time, in_tkt_service, opte,
-                                   krb5_get_as_key_password, (void *) &pw0,
-                                   &use_master, &as_reply);
+        ret2 = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                      start_time, in_tkt_service, options,
+                                      krb5_get_as_key_password, (void *) &pw0,
+                                      &use_master, &as_reply);
 
         if (ret2 == 0) {
             ret = 0;
@@ -216,16 +234,12 @@ krb5_get_init_creds_password(krb5_context context,
     krb5_get_init_creds_opt_set_renew_life(chpw_opts, 0);
     krb5_get_init_creds_opt_set_forwardable(chpw_opts, 0);
     krb5_get_init_creds_opt_set_proxiable(chpw_opts, 0);
-    ret = krb5int_gic_opt_to_opte(context, chpw_opts, &chpw_opte, 0,
-                                  "krb5_get_init_creds_password (changing password)");
-    if (ret)
-        goto cleanup;
 
-    if ((ret = krb5_get_init_creds(context, &chpw_creds, client,
-                                   prompter, data,
-                                   start_time, "kadmin/changepw", chpw_opte,
-                                   krb5_get_as_key_password, (void *) &pw0,
-                                   &use_master, NULL)))
+    if ((ret = krb5int_get_init_creds(context, &chpw_creds, client,
+                                      prompter, data,
+                                      start_time, "kadmin/changepw", chpw_opts,
+                                      krb5_get_as_key_password, (void *) &pw0,
+                                      &use_master, NULL)))
         goto cleanup;
 
     prompt[0].prompt = "Enter new password";
@@ -313,10 +327,10 @@ krb5_get_init_creds_password(krb5_context context,
        from the master.  this is the last try.  the return from this
        is final.  */
 
-    ret = krb5_get_init_creds(context, creds, client, prompter, data,
-                              start_time, in_tkt_service, opte,
-                              krb5_get_as_key_password, (void *) &pw0,
-                              &use_master, &as_reply);
+    ret = krb5int_get_init_creds(context, creds, client, prompter, data,
+                                 start_time, in_tkt_service, options,
+                                 krb5_get_as_key_password, (void *) &pw0,
+                                 &use_master, &as_reply);
 
 cleanup:
     krb5int_set_prompt_types(context, 0);
@@ -397,8 +411,6 @@ cleanup:
 
     if (chpw_opts)
         krb5_get_init_creds_opt_free(context, chpw_opts);
-    if (opte && krb5_gic_opt_is_shadowed(opte))
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
     memset(pw0array, 0, sizeof(pw0array));
     memset(pw1array, 0, sizeof(pw1array));
     krb5_free_cred_contents(context, &chpw_creds);
@@ -409,7 +421,7 @@ cleanup:
 }
 
 krb5_error_code
-krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
+krb5int_populate_gic_opt(krb5_context context, krb5_get_init_creds_opt **out,
                          krb5_flags options, krb5_address *const *addrs,
                          krb5_enctype *ktypes,
                          krb5_preauthtype *pre_auth_types, krb5_creds *creds)
@@ -419,7 +431,7 @@ krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
     krb5_get_init_creds_opt *opt;
     krb5_error_code retval;
 
-    *opte = NULL;
+    *out = NULL;
     retval = krb5_get_init_creds_opt_alloc(context, &opt);
     if (retval)
         return(retval);
@@ -449,8 +461,8 @@ krb5int_populate_gic_opt(krb5_context context, krb5_gic_opt_ext **opte,
         if (creds->times.starttime) starttime = creds->times.starttime;
         krb5_get_init_creds_opt_set_tkt_life(opt, creds->times.endtime - starttime);
     }
-    return krb5int_gic_opt_to_opte(context, opt, opte, 0,
-                                   "krb5int_populate_gic_opt");
+    *out = opt;
+    return 0;
 cleanup:
     krb5_get_init_creds_opt_free(context, opt);
     return retval;
@@ -489,7 +501,7 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
     char * server;
     krb5_principal server_princ, client_princ;
     int use_master = 0;
-    krb5_gic_opt_ext *opte = NULL;
+    krb5_get_init_creds_opt *opts = NULL;
 
     pw0.data = pw0array;
     if (password && password[0]) {
@@ -500,26 +512,25 @@ krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options,
         pw0.data[0] = '\0';
         pw0.length = sizeof(pw0array);
     }
-    retval = krb5int_populate_gic_opt(context, &opte,
+    retval = krb5int_populate_gic_opt(context, &opts,
                                       options, addrs, ktypes,
                                       pre_auth_types, creds);
     if (retval)
         return (retval);
     retval = krb5_unparse_name( context, creds->server, &server);
     if (retval) {
-        krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+        krb5_get_init_creds_opt_free(context, opts);
         return (retval);
     }
     server_princ = creds->server;
     client_princ = creds->client;
-    retval = krb5_get_init_creds (context,
-                                  creds, creds->client,
-                                  krb5_prompter_posix,  NULL,
-                                  0, server, opte,
-                                  krb5_get_as_key_password, &pw0,
-                                  &use_master, ret_as_reply);
+    retval = krb5int_get_init_creds(context, creds, creds->client,
+                                    krb5_prompter_posix, NULL,
+                                    0, server, opts,
+                                    krb5_get_as_key_password, &pw0,
+                                    &use_master, ret_as_reply);
     krb5_free_unparsed_name( context, server);
-    krb5_get_init_creds_opt_free(context, (krb5_get_init_creds_opt *)opte);
+    krb5_get_init_creds_opt_free(context, opts);
     if (retval) {
         return (retval);
     }
diff --git a/src/lib/krb5/krb/init_creds_ctx.h b/src/lib/krb5/krb/init_creds_ctx.h
new file mode 100644
index 0000000..1d41a44
--- /dev/null
+++ b/src/lib/krb5/krb/init_creds_ctx.h
@@ -0,0 +1,51 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+#ifndef KRB5_INIT_CREDS_CONTEXT
+#define KRB5_INIT_CREDS_CONTEXT 1
+
+struct _krb5_init_creds_context {
+    krb5_gic_opt_ext *opte;
+    char *in_tkt_service;
+    krb5_prompter_fct prompter;
+    void *prompter_data;
+    krb5_gic_get_as_key_fct gak_fct;
+    void *gak_data;
+    krb5_timestamp request_time;
+    krb5_deltat start_time;
+    krb5_deltat tkt_life;
+    krb5_deltat renew_life;
+    unsigned int flags;
+    unsigned int loopcount;
+    krb5_data password;
+    krb5_error *err_reply;
+    krb5_creds cred;
+    krb5_kdc_req *request;
+    krb5_kdc_rep *reply;
+    krb5_data *encoded_request_body;
+    krb5_data *encoded_previous_request;
+    struct krb5int_fast_request_state *fast_state;
+    krb5_pa_data **preauth_to_use;
+    krb5_data salt;
+    krb5_data s2kparams;
+    krb5_keyblock as_key;
+    krb5_enctype etype;
+    krb5_preauth_client_rock get_data_rock;
+    krb5_boolean enc_pa_rep_permitted;
+    krb5_boolean have_restarted;
+    krb5_boolean sent_nontrivial_preauth;
+};
+
+#define KRB5_INIT_CREDS_STEP_FLAG_COMPLETE          0x1
+
+krb5_error_code
+krb5_get_as_key_password(krb5_context context,
+                         krb5_principal client,
+                         krb5_enctype etype,
+                         krb5_prompter_fct prompter,
+                         void *prompter_data,
+                         krb5_data *salt,
+                         krb5_data *params,
+                         krb5_keyblock *as_key,
+                         void *gak_data);
+
+#endif /* !KRB5_INIT_CREDS_CONTEXT */
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c
index 8667897..6ffee90 100644
--- a/src/lib/krb5/krb/init_ctx.c
+++ b/src/lib/krb5/krb/init_ctx.c
@@ -61,9 +61,6 @@
 #include "../krb5_libinit.h"
 #endif
 
-/* This must be the largest enctype value defined in krb5.h. */
-#define MAX_ENCTYPE ENCTYPE_ARCFOUR_HMAC_EXP
-
 /* The des-mdX entries are last for now, because it's easy to
    configure KDCs to issue TGTs with des-mdX keys and then not accept
    them.  This'll be fixed, but for better compatibility, let's prefer
@@ -347,33 +344,50 @@ krb5_set_default_tgs_ktypes(krb5_context context, const krb5_enctype *etypes)
 }
 
 /*
- * Add etype to, or remove etype from, list (of size MAX_ENCTYPE + 1)
- * which has *count entries.  Filter out weak enctypes if allow_weak
- * is false.
+ * Add etype to, or remove etype from, the zero-terminated list *list_ptr,
+ * reallocating if the list size changes.  Filter out weak enctypes if
+ * allow_weak is false.  If memory allocation fails, set *list_ptr to NULL and
+ * do nothing for subsequent operations.
  */
 static void
 mod_list(krb5_enctype etype, krb5_boolean add, krb5_boolean allow_weak,
-         krb5_enctype *list, unsigned int *count)
+         krb5_enctype **list_ptr)
 {
-    unsigned int i;
+    size_t i;
+    krb5_enctype *list = *list_ptr;
 
-    assert(etype > 0 && etype <= MAX_ENCTYPE);
-    if (!allow_weak && krb5int_c_weak_enctype(etype))
+    /* Stop now if a previous allocation failed or the enctype is filtered. */
+    if (list == NULL || (!allow_weak && krb5int_c_weak_enctype(etype)))
         return;
-    for (i = 0; i < *count; i++) {
-        if (list[i] == etype) {
-            if (!add) {
-                for (; i < *count - 1; i++)
-                    list[i] = list[i + 1];
-                (*count)--;
-            }
-            return;
-        }
-    }
     if (add) {
-        assert(*count < MAX_ENCTYPE);
-        list[(*count)++] = etype;
+        /* Count entries; do nothing if etype is a duplicate. */
+        for (i = 0; list[i] != 0; i++) {
+            if (list[i] == etype)
+                return;
+        }
+        /* Make room for the new entry and add it. */
+        list = realloc(list, (i + 2) * sizeof(krb5_enctype));
+        if (list != NULL) {
+            list[i] = etype;
+            list[i + 1] = 0;
+        }
+    } else {
+        /* Look for etype in the list. */
+        for (i = 0; list[i] != 0; i++) {
+            if (list[i] != etype)
+                continue;
+            /* Perform removal. */
+            for (; list[i + 1] != 0; i++)
+                list[i] = list[i + 1];
+            list[i] = 0;
+            list = realloc(list, (i + 1) * sizeof(krb5_enctype));
+            break;
+        }
     }
+    /* Update *list_ptr, freeing the old value if realloc failed. */
+    if (list == NULL)
+        free(*list_ptr);
+    *list_ptr = list;
 }
 
 /*
@@ -386,11 +400,16 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr,
 {
     char *token, *delim = " \t\r\n,", *save = NULL;
     krb5_boolean sel, weak = context->allow_weak_crypto;
-    krb5_enctype etype, list[MAX_ENCTYPE];
-    unsigned int i, count = 0;
+    krb5_enctype etype, *list;
+    unsigned int i;
 
     *result = NULL;
 
+    /* Set up an empty list.  Allocation failure is detected at the end. */
+    list = malloc(sizeof(krb5_enctype));
+    if (list != NULL)
+        list[0] = 0;
+
     /* Walk through the words in profstr. */
     for (token = strtok_r(profstr, delim, &save); token;
          token = strtok_r(NULL, delim, &save)) {
@@ -402,26 +421,28 @@ krb5int_parse_enctype_list(krb5_context context, char *profstr,
         if (strcasecmp(token, "DEFAULT") == 0) {
             /* Set all enctypes in the default list. */
             for (i = 0; default_list[i]; i++)
-                mod_list(default_list[i], sel, weak, list, &count);
+                mod_list(default_list[i], sel, weak, &list);
         } else if (strcasecmp(token, "des") == 0) {
-            mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, list, &count);
-            mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, list, &count);
-            mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, list, &count);
+            mod_list(ENCTYPE_DES_CBC_CRC, sel, weak, &list);
+            mod_list(ENCTYPE_DES_CBC_MD5, sel, weak, &list);
+            mod_list(ENCTYPE_DES_CBC_MD4, sel, weak, &list);
         } else if (strcasecmp(token, "des3") == 0) {
-            mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, list, &count);
+            mod_list(ENCTYPE_DES3_CBC_SHA1, sel, weak, &list);
         } else if (strcasecmp(token, "aes") == 0) {
-            mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, list, &count);
-            mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, list, &count);
+            mod_list(ENCTYPE_AES256_CTS_HMAC_SHA1_96, sel, weak, &list);
+            mod_list(ENCTYPE_AES128_CTS_HMAC_SHA1_96, sel, weak, &list);
         } else if (strcasecmp(token, "rc4") == 0) {
-            mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, list, &count);
+            mod_list(ENCTYPE_ARCFOUR_HMAC, sel, weak, &list);
         } else if (krb5_string_to_enctype(token, &etype) == 0) {
             /* Set a specific enctype. */
-            mod_list(etype, sel, weak, list, &count);
+            mod_list(etype, sel, weak, &list);
         }
     }
 
-    list[count] = 0;
-    return copy_enctypes(context, list, result);
+    if (list == NULL)
+        return ENOMEM;
+    *result = list;
+    return 0;
 }
 
 /*
diff --git a/src/lib/krb5/krb/int-proto.h b/src/lib/krb5/krb/int-proto.h
index 44ea69d..47555d6 100644
--- a/src/lib/krb5/krb/int-proto.h
+++ b/src/lib/krb5/krb/int-proto.h
@@ -85,6 +85,59 @@ krb5_get_cred_via_tkt_ext (krb5_context context, krb5_creds *tkt,
                            krb5_creds **out_cred,
                            krb5_keyblock **out_subkey);
 
+krb5_error_code
+krb5int_make_tgs_request_ext(krb5_context context,
+                             krb5_flags kdcoptions,
+                             const krb5_ticket_times *timestruct,
+                             const krb5_enctype *ktypes,
+                             krb5_const_principal sname,
+                             krb5_address *const *addrs,
+                             krb5_authdata *const *authorization_data,
+                             krb5_pa_data *const *padata,
+                             const krb5_data *second_ticket,
+                             krb5_creds *in_cred,
+                             krb5_error_code (*pacb_fct)(krb5_context,
+                                                         krb5_keyblock *,
+                                                         krb5_kdc_req *,
+                                                         void *),
+                             void *pacb_data,
+                             krb5_data *request_data,
+                             krb5_timestamp *timestamp,
+                             krb5_int32 *nonce,
+                             krb5_keyblock **subkey);
+
+krb5_error_code
+krb5int_make_tgs_request(krb5_context context,
+                         krb5_creds *tkt,
+                         krb5_flags kdcoptions,
+                         krb5_address *const *address,
+                         krb5_pa_data **in_padata,
+                         krb5_creds *in_cred,
+                         krb5_error_code (*pacb_fct)(krb5_context,
+                                                     krb5_keyblock *,
+                                                     krb5_kdc_req *,
+                                                     void *),
+                         void *pacb_data,
+                         krb5_data *request_data,
+                         krb5_timestamp *timestamp,
+                         krb5_int32 *nonce,
+                         krb5_keyblock **subkey);
+
+krb5_error_code
+krb5int_process_tgs_reply(krb5_context context,
+                          krb5_data *response_data,
+                          krb5_creds *tkt,
+                          krb5_flags kdcoptions,
+                          krb5_address *const *address,
+                          krb5_pa_data **in_padata,
+                          krb5_creds *in_cred,
+                          krb5_timestamp timestamp,
+                          krb5_int32 nonce,
+                          krb5_keyblock *subkey,
+                          krb5_pa_data ***out_padata,
+                          krb5_pa_data ***out_enc_padata,
+                          krb5_creds **out_cred);
+
 krb5_error_code krb5int_send_tgs(krb5_context, krb5_flags,
                                  const krb5_ticket_times *,
                                  const krb5_enctype *,
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index 95f04e9..c0f9f83 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -181,17 +181,7 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
                                                &(*auth_context)->local_seq_number)))
             goto cleanup;
 
-
     /* generate subkey if needed */
-    if (!in_data &&(*auth_context)->checksum_func) {
-        retval = (*auth_context)->checksum_func( context,
-                                                 *auth_context,
-                                                 (*auth_context)->checksum_func_data,
-                                                 &in_data);
-        if (retval)
-            goto cleanup;
-    }
-
     if ((ap_req_options & AP_OPTS_USE_SUBKEY)&&(!(*auth_context)->send_subkey)) {
         retval = krb5int_generate_and_save_subkey (context, *auth_context,
                                                    &in_creds->keyblock,
@@ -201,8 +191,16 @@ krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context,
     }
 
 
-    if (in_data) {
+    if (!in_data && (*auth_context)->checksum_func) {
+        retval = (*auth_context)->checksum_func( context,
+                                                 *auth_context,
+                                                 (*auth_context)->checksum_func_data,
+                                                 &in_data);
+        if (retval)
+            goto cleanup;
+    }
 
+    if (in_data) {
         if ((*auth_context)->req_cksumtype == 0x8003) {
             /* XXX Special hack for GSSAPI */
             checksum.checksum_type = 0x8003;
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index e9e5839..8b9cd36 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -526,25 +526,25 @@ krb5_preauth_prepare_request(krb5_context kcontext,
  * hasn't had a chance to run yet (INFO modules don't count, because as a rule
  * they don't generate preauth data), and run it. */
 static krb5_error_code
-krb5_run_preauth_plugins(krb5_context kcontext,
-                         int module_required_flags,
-                         krb5_kdc_req *request,
-                         krb5_data *encoded_request_body,
-                         krb5_data *encoded_previous_request,
-                         krb5_pa_data *in_padata,
-                         krb5_prompter_fct prompter,
-                         void *prompter_data,
-                         preauth_get_as_key_proc gak_fct,
-                         krb5_data *salt,
-                         krb5_data *s2kparams,
-                         void *gak_data,
-                         krb5_preauth_client_rock *get_data_rock,
-                         krb5_keyblock *as_key,
-                         krb5_pa_data ***out_pa_list,
-                         int *out_pa_list_size,
-                         int *module_ret,
-                         int *module_flags,
-                         krb5_gic_opt_ext *opte)
+run_preauth_plugins(krb5_context kcontext,
+                    int module_required_flags,
+                    krb5_kdc_req *request,
+                    krb5_data *encoded_request_body,
+                    krb5_data *encoded_previous_request,
+                    krb5_pa_data *in_padata,
+                    krb5_prompter_fct prompter,
+                    void *prompter_data,
+                    preauth_get_as_key_proc gak_fct,
+                    krb5_data *salt,
+                    krb5_data *s2kparams,
+                    void *gak_data,
+                    krb5_preauth_client_rock *get_data_rock,
+                    krb5_keyblock *as_key,
+                    krb5_pa_data ***out_pa_list,
+                    int *out_pa_list_size,
+                    int *module_ret,
+                    int *module_flags,
+                    krb5_gic_opt_ext *opte)
 {
     int i;
     krb5_pa_data **out_pa_data;
@@ -1052,19 +1052,19 @@ pa_sam(krb5_context context, krb5_kdc_req *request, krb5_pa_data *in_padata,
 #define kdcPkinitDebug(args...)
 #endif
 
-static krb5_error_code pa_pkinit_gen_req(
-    krb5_context context,
-    krb5_kdc_req *request,
-    krb5_pa_data *in_padata,
-    krb5_pa_data **out_padata,
-    krb5_data *salt,
-    krb5_data *s2kparams,
-    krb5_enctype *etype,
-    krb5_keyblock *as_key,
-    krb5_prompter_fct prompter,
-    void *prompter_data,
-    krb5_gic_get_as_key_fct gak_fct,
-    void *gak_data)
+static krb5_error_code
+pa_pkinit_gen_req(krb5_context context,
+                  krb5_kdc_req *request,
+                  krb5_pa_data *in_padata,
+                  krb5_pa_data **out_padata,
+                  krb5_data *salt,
+                  krb5_data *s2kparams,
+                  krb5_enctype *etype,
+                  krb5_keyblock *as_key,
+                  krb5_prompter_fct prompter,
+                  void *prompter_data,
+                  krb5_gic_get_as_key_fct gak_fct,
+                  void *gak_data)
 {
     krb5_error_code             krtn;
     krb5_data                   out_data = {0, 0, NULL};
@@ -1196,10 +1196,10 @@ cleanup:
  * the KDC certificate as valid if its hash matches the
  * realm.
  */
-static krb5_boolean local_kdc_cert_match(
-    krb5_context context,
-    krb5_data *signer_cert,
-    krb5_principal client)
+static krb5_boolean
+local_kdc_cert_match(krb5_context context,
+                     krb5_data *signer_cert,
+                     krb5_principal client)
 {
     static const char lkdcprefix[] = "LKDC:SHA1.";
     krb5_boolean match = FALSE;
@@ -1226,19 +1226,19 @@ static krb5_boolean local_kdc_cert_match(
     return match;
 }
 
-static krb5_error_code pa_pkinit_parse_rep(
-    krb5_context context,
-    krb5_kdc_req *request,
-    krb5_pa_data *in_padata,
-    krb5_pa_data **out_padata,
-    krb5_data *salt,
-    krb5_data *s2kparams,
-    krb5_enctype *etype,
-    krb5_keyblock *as_key,
-    krb5_prompter_fct prompter,
-    void *prompter_data,
-    krb5_gic_get_as_key_fct gak_fct,
-    void *gak_data)
+static krb5_error_code
+pa_pkinit_parse_rep(krb5_context context,
+                    krb5_kdc_req *request,
+                    krb5_pa_data *in_padata,
+                    krb5_pa_data **out_padata,
+                    krb5_data *salt,
+                    krb5_data *s2kparams,
+                    krb5_enctype *etype,
+                    krb5_keyblock *as_key,
+                    krb5_prompter_fct prompter,
+                    void *prompter_data,
+                    krb5_gic_get_as_key_fct gak_fct,
+                    void *gak_data)
 {
     krb5int_cert_sig_status     sig_status = (krb5int_cert_sig_status)-999;
     krb5_error_code             krtn;
@@ -2055,24 +2055,24 @@ krb5_do_preauth(krb5_context context,
                     fprintf (stderr, "trying modules for pa_type %d, flag %d\n",
                              in_padata[i]->pa_type, paorder[h]);
 #endif
-                    ret = krb5_run_preauth_plugins(context,
-                                                   paorder[h],
-                                                   request,
-                                                   encoded_request_body,
-                                                   encoded_previous_request,
-                                                   in_padata[i],
-                                                   prompter,
-                                                   prompter_data,
-                                                   gak_fct,
-                                                   salt, s2kparams,
-                                                   gak_data,
-                                                   get_data_rock,
-                                                   as_key,
-                                                   &out_pa_list,
-                                                   &out_pa_list_size,
-                                                   &module_ret,
-                                                   &module_flags,
-                                                   opte);
+                    ret = run_preauth_plugins(context,
+                                              paorder[h],
+                                              request,
+                                              encoded_request_body,
+                                              encoded_previous_request,
+                                              in_padata[i],
+                                              prompter,
+                                              prompter_data,
+                                              gak_fct,
+                                              salt, s2kparams,
+                                              gak_data,
+                                              get_data_rock,
+                                              as_key,
+                                              &out_pa_list,
+                                              &out_pa_list_size,
+                                              &module_ret,
+                                              &module_flags,
+                                              opte);
                     if (ret == 0) {
                         if (module_ret == 0) {
                             if (paorder[h] == PA_REAL) {
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
index adfa4de..a20eb4c 100644
--- a/src/lib/krb5/krb/rd_req_dec.c
+++ b/src/lib/krb5/krb/rd_req_dec.c
@@ -62,9 +62,9 @@
  *  returns system errors, encryption errors, replay errors
  */
 
-static krb5_error_code decrypt_authenticator
-(krb5_context, const krb5_ap_req *, krb5_authenticator **,
- int);
+static krb5_error_code
+decrypt_authenticator(krb5_context, const krb5_ap_req *,
+                      krb5_authenticator **, int);
 static krb5_error_code
 decode_etype_list(krb5_context context,
                   const krb5_authenticator *authp,
@@ -79,24 +79,10 @@ negotiate_etype(krb5_context context,
                 int permitted_etypes_len,
                 krb5_enctype *negotiated_etype);
 
-krb5_error_code
-krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
-{
-    krb5_timestamp currenttime;
-    krb5_error_code retval;
-
-    retval = krb5_timeofday(context, &currenttime);
-    if (retval)
-        return retval;
-    if (!(labs((date)-currenttime) < context->clockskew))
-        return KRB5KRB_AP_ERR_SKEW;
-    return 0;
-}
-
 static krb5_error_code
-krb5_rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req,
-                             krb5_const_principal server, krb5_keytab keytab,
-                             krb5_keyblock *key)
+rd_req_decrypt_tkt_part(krb5_context context, const krb5_ap_req *req,
+                        krb5_const_principal server, krb5_keytab keytab,
+                        krb5_keyblock *key)
 {
     krb5_error_code       retval;
     krb5_keytab_entry     ktent;
@@ -209,19 +195,19 @@ debug_log_authz_data(const char *which, krb5_authdata **a)
 #endif
 
 static krb5_error_code
-krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
-                        const krb5_ap_req *req, krb5_const_principal server,
-                        krb5_keytab keytab, krb5_flags *ap_req_options,
-                        krb5_ticket **ticket, int check_valid_flag)
+rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
+                   const krb5_ap_req *req, krb5_const_principal server,
+                   krb5_keytab keytab, krb5_flags *ap_req_options,
+                   krb5_ticket **ticket, int check_valid_flag)
 {
     krb5_error_code       retval = 0;
-    krb5_principal_data princ_data;
+    krb5_principal_data   princ_data;
     krb5_enctype         *desired_etypes = NULL;
     int                   desired_etypes_len = 0;
     int                   rfc4537_etypes_len = 0;
     krb5_enctype         *permitted_etypes = NULL;
     int                   permitted_etypes_len = 0;
-    krb5_keyblock        decrypt_key;
+    krb5_keyblock         decrypt_key;
 
     decrypt_key.enctype = ENCTYPE_NULL;
     decrypt_key.contents = NULL;
@@ -255,9 +241,9 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
         krb5_k_free_key(context, (*auth_context)->key);
         (*auth_context)->key = NULL;
     } else {
-        if ((retval = krb5_rd_req_decrypt_tkt_part(context, req,
-                                                   server, keytab,
-                                                   check_valid_flag ? &decrypt_key : NULL)))
+        if ((retval = rd_req_decrypt_tkt_part(context, req,
+                                              server, keytab,
+                                              check_valid_flag ? &decrypt_key : NULL)))
             goto cleanup;
     }
 
@@ -291,8 +277,7 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
         && ((*auth_context)->auth_context_flags & KRB5_AUTH_CONTEXT_DO_TIME)
         && server) {
         if ((retval = krb5_get_server_rcache(context,
-                                             krb5_princ_component(context,
-                                                                  server,0),
+                                             krb5_princ_component(context,server,0),
                                              &(*auth_context)->rcache)))
             goto cleanup;
     }
@@ -353,8 +338,7 @@ krb5_rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context,
         if (trans->tr_contents.data && trans->tr_contents.data[0]) {
             retval = krb5_check_transited_list(context, &(trans->tr_contents),
                                                realm,
-                                               krb5_princ_realm (context,
-                                                                 server));
+                                               krb5_princ_realm (context,server));
         }
     }
 
@@ -568,10 +552,10 @@ krb5_rd_req_decoded(krb5_context context, krb5_auth_context *auth_context,
                     krb5_ticket **ticket)
 {
     krb5_error_code retval;
-    retval = krb5_rd_req_decoded_opt(context, auth_context,
-                                     req, server, keytab,
-                                     ap_req_options, ticket,
-                                     1); /* check_valid_flag */
+    retval = rd_req_decoded_opt(context, auth_context,
+                                req, server, keytab,
+                                ap_req_options, ticket,
+                                1); /* check_valid_flag */
     return retval;
 }
 
@@ -583,10 +567,10 @@ krb5_rd_req_decoded_anyflag(krb5_context context,
                             krb5_flags *ap_req_options, krb5_ticket **ticket)
 {
     krb5_error_code retval;
-    retval = krb5_rd_req_decoded_opt(context, auth_context,
-                                     req, server, keytab,
-                                     ap_req_options, ticket,
-                                     0); /* don't check_valid_flag */
+    retval = rd_req_decoded_opt(context, auth_context,
+                                req, server, keytab,
+                                ap_req_options, ticket,
+                                0); /* don't check_valid_flag */
     return retval;
 }
 
diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index 4733865..c0c9fe2 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -66,7 +66,6 @@ s4u_identify_user(krb5_context context,
     krb5_creds creds;
     int use_master = 0;
     krb5_get_init_creds_opt *opts = NULL;
-    krb5_gic_opt_ext *opte = NULL;
     krb5_principal_data client_data;
     krb5_principal client;
     krb5_s4u_userid userid;
@@ -98,10 +97,6 @@ s4u_identify_user(krb5_context context,
     krb5_get_init_creds_opt_set_proxiable(opts, 0);
     krb5_get_init_creds_opt_set_canonicalize(opts, 1);
     krb5_get_init_creds_opt_set_preauth_list(opts, ptypes, 1);
-    code = krb5int_gic_opt_to_opte(context, opts, &opte,
-                                   0, "s4u_identify_user");
-    if (code != 0)
-        goto cleanup;
 
     if (in_creds->client != NULL)
         client = in_creds->client;
@@ -115,10 +110,10 @@ s4u_identify_user(krb5_context context,
         client = &client_data;
     }
 
-    code = krb5_get_init_creds(context, &creds, client,
-                               NULL, NULL, 0, NULL, opte,
-                               krb5_get_as_key_noop, &userid,
-                               &use_master, NULL);
+    code = krb5int_get_init_creds(context, &creds, client,
+                                  NULL, NULL, 0, NULL, opts,
+                                  krb5_get_as_key_noop, &userid,
+                                  &use_master, NULL);
     if (code == 0 ||
         code == KDC_ERR_PREAUTH_REQUIRED ||
         code == KDC_ERR_PREAUTH_FAILED) {
diff --git a/src/lib/krb5/krb/send_tgs.c b/src/lib/krb5/krb/send_tgs.c
index bee982b..2baba8a 100644
--- a/src/lib/krb5/krb/send_tgs.c
+++ b/src/lib/krb5/krb/send_tgs.c
@@ -148,19 +148,27 @@ cleanup:
  * The pacb_fct callback allows the caller access to the nonce
  * and request subkey, for binding preauthentication data
  */
+
 krb5_error_code
-krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
-                 const krb5_ticket_times *timestruct, const krb5_enctype *ktypes,
-                 krb5_const_principal sname, krb5_address *const *addrs,
-                 krb5_authdata *const *authorization_data,
-                 krb5_pa_data *const *padata, const krb5_data *second_ticket,
-                 krb5_creds *in_cred,
-                 krb5_error_code (*pacb_fct)(krb5_context,
-                                             krb5_keyblock *,
-                                             krb5_kdc_req *,
-                                             void *),
-                 void *pacb_data,
-                 krb5_response *rep, krb5_keyblock **subkey)
+krb5int_make_tgs_request_ext(krb5_context context,
+                             krb5_flags kdcoptions,
+                             const krb5_ticket_times *timestruct,
+                             const krb5_enctype *ktypes,
+                             krb5_const_principal sname,
+                             krb5_address *const *addrs,
+                             krb5_authdata *const *authorization_data,
+                             krb5_pa_data *const *padata,
+                             const krb5_data *second_ticket,
+                             krb5_creds *in_cred,
+                             krb5_error_code (*pacb_fct)(krb5_context,
+                                                         krb5_keyblock *,
+                                                         krb5_kdc_req *,
+                                                         void *),
+                             void *pacb_data,
+                             krb5_data *request_data,
+                             krb5_timestamp *timestamp,
+                             krb5_int32 *nonce,
+                             krb5_keyblock **subkey)
 {
     krb5_error_code retval;
     krb5_kdc_req tgsreq;
@@ -170,7 +178,6 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     krb5_timestamp time_now;
     krb5_pa_data **combined_padata = NULL;
     krb5_pa_data ap_req_padata;
-    int tcp_only = 0, use_master;
     krb5_keyblock *local_subkey = NULL;
 
     assert (subkey != NULL);
@@ -195,10 +202,8 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     if ((retval = krb5_timeofday(context, &time_now)))
         return(retval);
     /* XXX we know they are the same size... */
-    rep->expected_nonce = tgsreq.nonce = (krb5_int32) time_now;
-    rep->request_time = time_now;
-    rep->message_type = KRB5_ERROR;  /*caller only uses the response
-                                      * element on successful return*/
+    *nonce = tgsreq.nonce = (krb5_int32)time_now;
+    *timestamp = time_now;
 
     tgsreq.addresses = (krb5_address **) addrs;
 
@@ -332,38 +337,9 @@ krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
     krb5_free_pa_data(context, tgsreq.padata);
     tgsreq.padata = NULL;
 
-send_again:
-    use_master = 0;
-    retval = krb5_sendto_kdc(context, scratch,
-                             krb5_princ_realm(context, sname),
-                             &rep->response, &use_master, tcp_only);
-    if (retval == 0) {
-        if (krb5_is_krb_error(&rep->response)) {
-            if (!tcp_only) {
-                krb5_error *err_reply;
-                retval = decode_krb5_error(&rep->response, &err_reply);
-                if (retval)
-                    goto send_tgs_error_3;
-                if (err_reply->error == KRB_ERR_RESPONSE_TOO_BIG) {
-                    tcp_only = 1;
-                    krb5_free_error(context, err_reply);
-                    free(rep->response.data);
-                    rep->response.data = NULL;
-                    goto send_again;
-                }
-                krb5_free_error(context, err_reply);
-            send_tgs_error_3:
-                ;
-            }
-            rep->message_type = KRB5_ERROR;
-        } else if (krb5_is_tgs_rep(&rep->response)) {
-            rep->message_type = KRB5_TGS_REP;
-            *subkey = local_subkey;
-        } else /* XXX: assume it's an error */
-            rep->message_type = KRB5_ERROR;
-    }
-
-    krb5_free_data(context, scratch);
+    *request_data = *scratch;
+    free(scratch);
+    scratch = NULL;
 
 send_tgs_error_2:;
     if (tgsreq.padata)
@@ -379,9 +355,86 @@ send_tgs_error_1:;
                tgsreq.authorization_data.ciphertext.length);
         free(tgsreq.authorization_data.ciphertext.data);
     }
-    if (rep->message_type != KRB5_TGS_REP && local_subkey){
-        krb5_free_keyblock(context, *subkey);
+
+    if (retval)
+        krb5_free_keyblock(context, local_subkey);
+    else
+        *subkey = local_subkey;
+
+    return retval;
+
+}
+
+krb5_error_code
+krb5int_send_tgs(krb5_context context, krb5_flags kdcoptions,
+                 const krb5_ticket_times *timestruct,
+                 const krb5_enctype *ktypes,
+                 krb5_const_principal sname, krb5_address *const *addrs,
+                 krb5_authdata *const *authorization_data,
+                 krb5_pa_data *const *padata, const krb5_data *second_ticket,
+                 krb5_creds *in_cred,
+                 krb5_error_code (*pacb_fct)(krb5_context,
+                                             krb5_keyblock *,
+                                             krb5_kdc_req *,
+                                             void *),
+                 void *pacb_data,
+                 krb5_response *rep, krb5_keyblock **subkey_out)
+{
+    krb5_error_code retval;
+    krb5_data request;
+    int tcp_only = 0, use_master;
+    krb5_timestamp now;
+    krb5_int32 nonce;
+    krb5_keyblock *subkey;
+    krb5_error *err_reply = NULL;
+    krb5_ui_4 err;
+
+    *subkey_out = NULL;
+    rep->message_type = KRB5_ERROR;
+
+    retval = krb5int_make_tgs_request_ext(context, kdcoptions, timestruct,
+                                          ktypes, sname, addrs,
+                                          authorization_data, padata,
+                                          second_ticket, in_cred,
+                                          pacb_fct, pacb_data, &request, &now,
+                                          &nonce, &subkey);
+    if (retval != 0)
+        return retval;
+
+    rep->expected_nonce = nonce;
+    rep->request_time = now;
+
+    for (tcp_only = 0; tcp_only <= 1; tcp_only++) {
+        use_master = 0;
+        retval = krb5_sendto_kdc(context, &request,
+                                 krb5_princ_realm(context, sname),
+                                 &rep->response, &use_master, tcp_only);
+        if (retval != 0)
+            break;
+
+        if (krb5_is_tgs_rep(&rep->response)) {
+            /* Successful response; set the output subkey. */
+            rep->message_type = KRB5_TGS_REP;
+            *subkey_out = subkey;
+            subkey = NULL;
+            break;
+        } else if (krb5_is_krb_error(&rep->response) && !tcp_only) {
+            /* Decode the error response to extract the code. */
+            retval = decode_krb5_error(&rep->response, &err_reply);
+            err = (retval == 0) ? err_reply->error : 0;
+            krb5_free_error(context, err_reply);
+            if (err == KRB_ERR_RESPONSE_TOO_BIG) {
+                /* Try again with TCP. */
+                krb5_free_data_contents(context, &rep->response);
+                continue;
+            }
+        }
+        /* Unexpected message type, or an error other than RESPONSE_TOO_BIG. */
+        rep->message_type = KRB5_ERROR;
+        break;
     }
 
+    krb5_free_data_contents(context, &request);
+    krb5_free_keyblock(context, subkey);
     return retval;
 }
diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index 2b9beeb..f71e7a9 100644
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -3,7 +3,8 @@
 #include "int-proto.h"
 
 static krb5_error_code
-krb5_cc_copy_creds_except(krb5_context context, krb5_ccache incc, krb5_ccache outcc, krb5_principal princ)
+copy_creds_except(krb5_context context, krb5_ccache incc,
+                  krb5_ccache outcc, krb5_principal princ)
 {
     krb5_error_code code;
     krb5_flags flags;
@@ -117,8 +118,7 @@ krb5_verify_init_creds(krb5_context context,
         } else if (krb5_libdefault_boolean(context,
                                            &creds->client->realm,
                                            KRB5_CONF_VERIFY_AP_REQ_NOFAIL,
-                                           &nofail)
-                   == 0) {
+                                           &nofail) == 0) {
             if (nofail)
                 goto cleanup;
         }
@@ -129,8 +129,9 @@ krb5_verify_init_creds(krb5_context context,
 
     krb5_kt_free_entry(context, &kte);
 
-    /* If the creds are for the server principal, we're set, just do
-       a mk_req.  Otherwise, do a get_credentials first. */
+    /* If the creds are for the server principal, we're set, just do a mk_req.
+     * Otherwise, do a get_credentials first.
+     */
 
     if (krb5_principal_compare(context, server, creds->server)) {
         /* make an ap_req */
@@ -199,21 +200,22 @@ krb5_verify_init_creds(krb5_context context,
 
             if ((ret = krb5_cc_resolve(context, "MEMORY:rd_req2", &retcc)) ||
                 (ret = krb5_cc_initialize(context, retcc, creds->client)) ||
-                (ret = krb5_cc_copy_creds_except(context, ccache, retcc,
-                                                 creds->server))) {
+                (ret = copy_creds_except(context, ccache, retcc,
+                                         creds->server))) {
                 if (retcc)
                     krb5_cc_destroy(context, retcc);
             } else {
                 *ccache_arg = retcc;
             }
         } else {
-            ret = krb5_cc_copy_creds_except(context, ccache, *ccache_arg,
-                                            server);
+            ret = copy_creds_except(context, ccache, *ccache_arg,
+                                    server);
         }
     }
 
-    /* if any of the above paths returned an errors, then ret is set
-       accordingly.  either that, or it's zero, which is fine, too */
+    /* if any of the above paths returned an errors, then ret is set accordingly.
+     * Either that, or it's zero, which is fine, too
+     */
 
 cleanup:
     if ( server)
diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports
index 8ef3a9d..a1dfd94 100644
--- a/src/lib/krb5/libkrb5.exports
+++ b/src/lib/krb5/libkrb5.exports
@@ -53,6 +53,7 @@ encode_krb5_as_rep
 encode_krb5_as_req
 encode_krb5_authdata
 encode_krb5_authenticator
+encode_krb5_checksum
 encode_krb5_cred
 encode_krb5_enc_cred_part
 encode_krb5_enc_data
@@ -119,14 +120,17 @@ krb5_auth_con_getauthenticator
 krb5_auth_con_getflags
 krb5_auth_con_getivector
 krb5_auth_con_getkey
+krb5_auth_con_getkey_k
 krb5_auth_con_getlocalseqnumber
 krb5_auth_con_getlocalsubkey
 krb5_auth_con_getpermetypes
 krb5_auth_con_getrcache
 krb5_auth_con_getrecvsubkey
+krb5_auth_con_getrecvsubkey_k
 krb5_auth_con_getremoteseqnumber
 krb5_auth_con_getremotesubkey
 krb5_auth_con_getsendsubkey
+krb5_auth_con_getsendsubkey_k
 krb5_auth_con_init
 krb5_auth_con_initivector
 krb5_auth_con_set_authdata_context
@@ -168,6 +172,7 @@ krb5_cc_dfl_ops
 krb5_cc_end_seq_get
 krb5_cc_file_ops
 krb5_cc_gen_new
+krb5_cc_get_config
 krb5_cc_get_name
 krb5_cc_get_principal
 krb5_cc_get_type
@@ -179,6 +184,7 @@ krb5_cc_remove_cred
 krb5_cc_resolve
 krb5_cc_retrieve_cred
 krb5_cc_retrieve_cred_default
+krb5_cc_set_config
 krb5_cc_set_default_name
 krb5_cc_set_flags
 krb5_cc_start_seq_get
@@ -323,11 +329,11 @@ krb5_get_in_tkt
 krb5_get_in_tkt_with_keytab
 krb5_get_in_tkt_with_password
 krb5_get_in_tkt_with_skey
-krb5_get_init_creds
 krb5_get_init_creds_keytab
 krb5_get_init_creds_opt_alloc
 krb5_get_init_creds_opt_free
 krb5_get_init_creds_opt_free_pa
+krb5_get_init_creds_opt_get_fast_flags
 krb5_get_init_creds_opt_get_pa
 krb5_get_init_creds_opt_init
 krb5_get_init_creds_opt_set_address_list
@@ -335,7 +341,9 @@ krb5_get_init_creds_opt_set_canonicalize
 krb5_get_init_creds_opt_set_change_password_prompt
 krb5_get_init_creds_opt_set_etype_list
 krb5_get_init_creds_opt_set_fast_ccache_name
+krb5_get_init_creds_opt_set_fast_flags
 krb5_get_init_creds_opt_set_forwardable
+krb5_get_init_creds_opt_set_out_ccache
 krb5_get_init_creds_opt_set_pa
 krb5_get_init_creds_opt_set_preauth_list
 krb5_get_init_creds_opt_set_proxiable
@@ -355,9 +363,20 @@ krb5_get_tgs_ktypes
 krb5_get_time_offsets
 krb5_get_validated_creds
 krb5_init_context
+krb5_init_creds_free
+krb5_init_creds_get
+krb5_init_creds_get_creds
+krb5_init_creds_get_error
+krb5_init_creds_get_times
+krb5_init_creds_init
+krb5_init_creds_set_keytab
+krb5_init_creds_set_password
+krb5_init_creds_set_service
+krb5_init_creds_step
 krb5_init_keyblock
 krb5_init_secure_context
 krb5_internalize_opaque
+krb5_is_config_principal
 krb5_is_permitted_enctype
 krb5_is_referral_realm
 krb5_is_thread_safe
diff --git a/src/lib/krb5/os/Makefile.in b/src/lib/krb5/os/Makefile.in
index 824f913..8a410ea 100644
--- a/src/lib/krb5/os/Makefile.in
+++ b/src/lib/krb5/os/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/os
 mydir=lib/krb5/os
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
@@ -7,7 +5,7 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 DEFS=
 DEFINES=-DLIBDIR=\"$(KRB5_LIBDIR)\"
-LOCALINCLUDES=-I$(SRCTOP)/util/profile
+LOCALINCLUDES=-I$(top_srcdir)/util/profile
 
 ##DOS##BUILDTOP = ..\..\..
 ##DOS##PREFIXDIR=os
diff --git a/src/lib/krb5/os/accessor.c b/src/lib/krb5/os/accessor.c
index 20fb30d..fa97c57 100644
--- a/src/lib/krb5/os/accessor.c
+++ b/src/lib/krb5/os/accessor.c
@@ -52,11 +52,9 @@ krb5int_accessor(krb5int_access *internals, krb5_int32 version)
 #define S(FIELD, VAL)   internals_temp.FIELD = VAL
             krb5int_access internals_temp;
 #endif
+            S (arcfour_gsscrypt, krb5int_arcfour_gsscrypt),
             S (free_addrlist, krb5int_free_addrlist),
-            S (hmac, krb5int_hmac_keyblock),
             S (auth_con_get_subkey_enctype, krb5_auth_con_get_subkey_enctype),
-            S (md5_hash_provider, &krb5int_hash_md5),
-            S (arcfour_enc_provider, &krb5int_enc_arcfour),
             S (sendto_udp, &krb5int_sendto),
             S (add_host_to_list, krb5int_add_host_to_list),
 
diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c
index 0c043a2..46bb828 100644
--- a/src/lib/krb5/os/changepw.c
+++ b/src/lib/krb5/os/changepw.c
@@ -58,8 +58,8 @@ struct sendto_callback_context {
  */
 
 static krb5_error_code
-krb5_locate_kpasswd(krb5_context context, const krb5_data *realm,
-                    struct addrlist *addrlist, krb5_boolean useTcp)
+locate_kpasswd(krb5_context context, const krb5_data *realm,
+               struct addrlist *addrlist, krb5_boolean useTcp)
 {
     krb5_error_code code;
     int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);
@@ -99,12 +99,14 @@ static void
 kpasswd_sendto_msg_cleanup (void* callback_context, krb5_data* message)
 {
     struct sendto_callback_context *ctx = callback_context;
+
     krb5_free_data_contents(ctx->context, message);
 }
 
 
 static int
-kpasswd_sendto_msg_callback(struct conn_state *conn, void *callback_context,
+kpasswd_sendto_msg_callback(struct conn_state *conn,
+                            void *callback_context,
                             krb5_data *message)
 {
     krb5_error_code                     code = 0;
@@ -195,15 +197,18 @@ cleanup:
 
 /*
 ** The logic for setting and changing a password is mostly the same
-** krb5_change_set_password handles both cases
+** change_set_password handles both cases
 **      if set_password_for is NULL, then a password change is performed,
 **  otherwise, the password is set for the principal indicated in set_password_for
 */
-static krb5_error_code KRB5_CALLCONV
-krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
-                         krb5_principal set_password_for,
-                         int *result_code, krb5_data *result_code_string,
-                         krb5_data *result_string)
+static krb5_error_code
+change_set_password(krb5_context context,
+                    krb5_creds *creds,
+                    char *newpw,
+                    krb5_principal set_password_for,
+                    int *result_code,
+                    krb5_data *result_code_string,
+                    krb5_data *result_string)
 {
     krb5_data                   chpw_rep;
     krb5_address                remote_kaddr;
@@ -240,10 +245,10 @@ krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
     callback_ctx.local_seq_num = callback_ctx.auth_context->local_seq_number;
 
     do {
-        if ((code = krb5_locate_kpasswd(callback_ctx.context,
-                                        krb5_princ_realm(callback_ctx.context,
-                                                         creds->server),
-                                        &al, useTcp)))
+        if ((code = locate_kpasswd(callback_ctx.context,
+                                   krb5_princ_realm(callback_ctx.context,
+                                                    creds->server),
+                                   &al, useTcp)))
             break;
 
         addrlen = sizeof(remote_addr);
@@ -350,10 +355,15 @@ cleanup:
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)
+krb5_change_password(krb5_context context,
+                     krb5_creds *creds,
+                     char *newpw,
+                     int *result_code,
+                     krb5_data *result_code_string,
+                     krb5_data *result_string)
 {
-    return krb5_change_set_password(
-        context, creds, newpw, NULL, result_code, result_code_string, result_string );
+    return change_set_password(context, creds, newpw, NULL,
+                               result_code, result_code_string, result_string );
 }
 
 /*
@@ -362,25 +372,27 @@ krb5_change_password(krb5_context context, krb5_creds *creds, char *newpw, int *
  */
 
 krb5_error_code KRB5_CALLCONV
-krb5_set_password(
-    krb5_context context,
-    krb5_creds *creds,
-    char *newpw,
-    krb5_principal change_password_for,
-    int *result_code, krb5_data *result_code_string, krb5_data *result_string
+krb5_set_password(krb5_context context,
+                  krb5_creds *creds,
+                  char *newpw,
+                  krb5_principal change_password_for,
+                  int *result_code,
+                  krb5_data *result_code_string,
+                  krb5_data *result_string
 )
 {
-    return krb5_change_set_password(
-        context, creds, newpw, change_password_for, result_code, result_code_string, result_string );
+    return change_set_password(context, creds, newpw, change_password_for,
+                               result_code, result_code_string, result_string );
 }
 
 krb5_error_code KRB5_CALLCONV
-krb5_set_password_using_ccache(
-    krb5_context context,
-    krb5_ccache ccache,
-    char *newpw,
-    krb5_principal change_password_for,
-    int *result_code, krb5_data *result_code_string, krb5_data *result_string
+krb5_set_password_using_ccache(krb5_context context,
+                               krb5_ccache ccache,
+                               char *newpw,
+                               krb5_principal change_password_for,
+                               int *result_code,
+                               krb5_data *result_code_string,
+                               krb5_data *result_string
 )
 {
     krb5_creds          creds;
diff --git a/src/lib/krb5/os/deps b/src/lib/krb5/os/deps
index a729e38..8c13f1f 100644
--- a/src/lib/krb5/os/deps
+++ b/src/lib/krb5/os/deps
@@ -4,492 +4,499 @@
 accessor.so accessor.po $(OUTPRE)accessor.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   accessor.c os-proto.h
 an_to_ln.so an_to_ln.po $(OUTPRE)an_to_ln.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   an_to_ln.c
 c_ustime.so c_ustime.po $(OUTPRE)c_ustime.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   c_ustime.c
 def_realm.so def_realm.po $(OUTPRE)def_realm.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   def_realm.c os-proto.h
 ccdefname.so ccdefname.po $(OUTPRE)ccdefname.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ccdefname.c
 changepw.so changepw.po $(OUTPRE)changepw.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(srcdir)/../krb/auth_con.h changepw.c os-proto.h
+  $(COM_ERR_DEPS) $(srcdir)/../krb/auth_con.h $(top_srcdir)/include/cm.h \
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h changepw.c os-proto.h
 dnsglue.so dnsglue.po $(OUTPRE)dnsglue.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h dnsglue.c dnsglue.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dnsglue.c dnsglue.h \
   os-proto.h
 dnssrv.so dnssrv.po $(OUTPRE)dnssrv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h dnsglue.h dnssrv.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h dnsglue.h dnssrv.c \
   os-proto.h
 free_krbhs.so free_krbhs.po $(OUTPRE)free_krbhs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   free_krbhs.c
 free_hstrl.so free_hstrl.po $(OUTPRE)free_hstrl.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   free_hstrl.c
 full_ipadr.so full_ipadr.po $(OUTPRE)full_ipadr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   full_ipadr.c os-proto.h
 get_krbhst.so get_krbhst.po $(OUTPRE)get_krbhst.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   get_krbhst.c
 gen_port.so gen_port.po $(OUTPRE)gen_port.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gen_port.c os-proto.h
 genaddrs.so genaddrs.po $(OUTPRE)genaddrs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   genaddrs.c os-proto.h
 gen_rname.so gen_rname.po $(OUTPRE)gen_rname.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   gen_rname.c os-proto.h
 hostaddr.so hostaddr.po $(OUTPRE)hostaddr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h hostaddr.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  hostaddr.c
 hst_realm.so hst_realm.po $(OUTPRE)hst_realm.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h dnsglue.h hst_realm.c \
-  os-proto.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  dnsglue.h hst_realm.c os-proto.h
 init_os_ctx.so init_os_ctx.po $(OUTPRE)init_os_ctx.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/util/profile/prof_int.h init_os_ctx.c os-proto.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/util/profile/prof_int.h init_os_ctx.c \
+  os-proto.h
 krbfileio.so krbfileio.po $(OUTPRE)krbfileio.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   krbfileio.c
 ktdefname.so ktdefname.po $(OUTPRE)ktdefname.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktdefname.c
 kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kuserok.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kuserok.c
 mk_faddr.so mk_faddr.po $(OUTPRE)mk_faddr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   mk_faddr.c os-proto.h
 localaddr.so localaddr.po $(OUTPRE)localaddr.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/foreachaddr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h localaddr.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/foreachaddr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  localaddr.c
 locate_kdc.so locate_kdc.po $(OUTPRE)locate_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h locate_kdc.c os-proto.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  locate_kdc.c os-proto.h
 lock_file.so lock_file.po $(OUTPRE)lock_file.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   lock_file.c
 net_read.so net_read.po $(OUTPRE)net_read.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   net_read.c
 net_write.so net_write.po $(OUTPRE)net_write.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   net_write.c os-proto.h
 osconfig.so osconfig.po $(OUTPRE)osconfig.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   osconfig.c
 prompter.so prompter.po $(OUTPRE)prompter.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   prompter.c
 read_msg.so read_msg.po $(OUTPRE)read_msg.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   read_msg.c
 read_pwd.so read_pwd.po $(OUTPRE)read_pwd.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   read_pwd.c
 realm_dom.so realm_dom.po $(OUTPRE)realm_dom.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   realm_dom.c
 realm_iter.so realm_iter.po $(OUTPRE)realm_iter.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   realm_iter.c
 port2ip.so port2ip.po $(OUTPRE)port2ip.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h os-proto.h port2ip.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h os-proto.h port2ip.c
 sendto_kdc.so sendto_kdc.po $(OUTPRE)sendto_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/cm.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/cm.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   os-proto.h sendto_kdc.c
 sn2princ.so sn2princ.po $(OUTPRE)sn2princ.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h os-proto.h sn2princ.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h sn2princ.c
 thread_safe.so thread_safe.po $(OUTPRE)thread_safe.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   thread_safe.c
 timeofday.so timeofday.po $(OUTPRE)timeofday.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   timeofday.c
 toffset.so toffset.po $(OUTPRE)toffset.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h toffset.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h toffset.c
 unlck_file.so unlck_file.po $(OUTPRE)unlck_file.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   unlck_file.c
 ustime.so ustime.po $(OUTPRE)ustime.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h ustime.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h ustime.c
 write_msg.so write_msg.po $(OUTPRE)write_msg.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   os-proto.h write_msg.c
 t_an_to_ln.so t_an_to_ln.po $(OUTPRE)t_an_to_ln.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   t_an_to_ln.c
 t_gifconf.so t_gifconf.po $(OUTPRE)t_gifconf.$(OBJEXT): \
   t_gifconf.c
 t_locate_kdc.so t_locate_kdc.po $(OUTPRE)t_locate_kdc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h dnsglue.c dnsglue.h \
-  dnssrv.c locate_kdc.c os-proto.h t_locate_kdc.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  dnsglue.c dnsglue.h dnssrv.c locate_kdc.c os-proto.h \
+  t_locate_kdc.c
 t_realm_iter.so t_realm_iter.po $(OUTPRE)t_realm_iter.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   t_realm_iter.c
 t_std_conf.so t_std_conf.po $(OUTPRE)t_std_conf.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h os-proto.h t_std_conf.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  os-proto.h t_std_conf.c
diff --git a/src/lib/krb5/os/read_pwd.c b/src/lib/krb5/os/read_pwd.c
index 192c873..df93c65 100644
--- a/src/lib/krb5/os/read_pwd.c
+++ b/src/lib/krb5/os/read_pwd.c
@@ -42,7 +42,9 @@
 #endif /* ECHO_PASSWORD */
 
 krb5_error_code
-krb5_read_password(krb5_context context, const char *prompt, const char *prompt2, char *return_pwd, unsigned int *size_return)
+krb5_read_password(krb5_context context,
+                   const char *prompt, const char *prompt2,
+                   char *return_pwd, unsigned int *size_return)
 {
     krb5_data reply_data;
     krb5_prompt k5prompt;
@@ -117,12 +119,11 @@ center_dialog(HWND hwnd)
 
 #ifdef _WIN32
 static krb5_error_code
-read_console_password(
-    krb5_context        context,
-    const char          * prompt,
-    const char          * prompt2,
-    char                * password,
-    int                 * pwsize)
+read_console_password(krb5_context        context,
+                      const char          * prompt,
+                      const char          * prompt2,
+                      char                * password,
+                      int                 * pwsize)
 {
     HANDLE              handle;
     DWORD               old_mode, new_mode;
diff --git a/src/lib/krb5/os/timeofday.c b/src/lib/krb5/os/timeofday.c
index a711b04..7c4534e 100644
--- a/src/lib/krb5/os/timeofday.c
+++ b/src/lib/krb5/os/timeofday.c
@@ -55,3 +55,18 @@ krb5_timeofday(krb5_context context, register krb5_timestamp *timeret)
     *timeret = tval;
     return 0;
 }
+
+krb5_error_code
+krb5int_check_clockskew(krb5_context context, krb5_timestamp date)
+{
+    krb5_timestamp currenttime;
+    krb5_error_code retval;
+
+    retval = krb5_timeofday(context, &currenttime);
+    if (retval)
+        return retval;
+    if (!(labs((date)-currenttime) < context->clockskew))
+        return KRB5KRB_AP_ERR_SKEW;
+
+    return 0;
+}
diff --git a/src/lib/krb5/posix/Makefile.in b/src/lib/krb5/posix/Makefile.in
index 65a7b60..0d835a9 100644
--- a/src/lib/krb5/posix/Makefile.in
+++ b/src/lib/krb5/posix/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=lib/krb5/posix
 mydir=posix
 BUILDTOP=$(REL)..$(S)..$(S)..
 DEFS=
diff --git a/src/lib/krb5/rcache/Makefile.in b/src/lib/krb5/rcache/Makefile.in
index abbcc32..fec270b 100644
--- a/src/lib/krb5/rcache/Makefile.in
+++ b/src/lib/krb5/rcache/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/rcache
 mydir=lib/krb5/rcache
 BUILDTOP=$(REL)..$(S)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/lib/krb5/rcache/deps b/src/lib/krb5/rcache/deps
index 6a3840f..008c183 100644
--- a/src/lib/krb5/rcache/deps
+++ b/src/lib/krb5/rcache/deps
@@ -3,96 +3,96 @@
 #
 rc_base.so rc_base.po $(OUTPRE)rc_base.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h rc_base.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_base.c \
   rc_base.h
 rc_dfl.so rc_dfl.po $(OUTPRE)rc_dfl.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h rc_base.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_base.h \
   rc_dfl.c rc_dfl.h rc_io.h
 rc_io.so rc_io.po $(OUTPRE)rc_io.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc_base.h rc_dfl.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc_base.h rc_dfl.h \
   rc_io.c rc_io.h
 rcdef.so rcdef.po $(OUTPRE)rcdef.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h rc_dfl.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_dfl.h \
   rcdef.c
 rc_none.so rc_none.po $(OUTPRE)rc_none.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h rc_none.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rc_none.c
 rc_conv.so rc_conv.po $(OUTPRE)rc_conv.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc_base.h rc_conv.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc_base.h rc_conv.c
 ser_rc.so ser_rc.po $(OUTPRE)ser_rc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h ser_rc.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h ser_rc.c
 rcfns.so rcfns.po $(OUTPRE)rcfns.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h rc-int.h rcfns.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h rc-int.h rcfns.c
 t_replay.so t_replay.po $(OUTPRE)t_replay.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_replay.c
diff --git a/src/lib/krb5/unicode/Makefile.in b/src/lib/krb5/unicode/Makefile.in
index 04d426a..5ae89fb 100644
--- a/src/lib/krb5/unicode/Makefile.in
+++ b/src/lib/krb5/unicode/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/krb5/unicode
 mydir=lib/krb5/unicode
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
diff --git a/src/lib/krb5/unicode/deps b/src/lib/krb5/unicode/deps
index 5d0ffc4..89e1c95 100644
--- a/src/lib/krb5/unicode/deps
+++ b/src/lib/krb5/unicode/deps
@@ -3,13 +3,13 @@
 #
 ucstr.so ucstr.po $(OUTPRE)ucstr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-unicode.h \
-  $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/ucdata/ucdata.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/ucdata/ucdata.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-unicode.h $(top_srcdir)/include/k5-utf8.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ucstr.c
diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in
index ec164a8..578a2d1 100644
--- a/src/lib/rpc/Makefile.in
+++ b/src/lib/rpc/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=lib/rpc
 mydir=lib/rpc
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DGSSAPI_KRB5 -DDEBUG_GSSAPI=0 -DGSSRPC__IMPL
@@ -226,8 +224,8 @@ do-dyn-lclint::
 	$(LCLINT) $(LCLINTOPTS) $(LOCALINCLUDES) $(DEFS) dyn.c dyntest.c
 
 $(BUILDTOP)/include/gssrpc/types.h: types.stamp
-types.stamp: $(SRCTOP)/include/gssrpc/types.hin $(thisconfigdir)/config.status
-	cd $(thisconfigdir) && $(SHELL) config.status include/gssrpc/types.h
+types.stamp: $(top_srcdir)/include/gssrpc/types.hin $(BUILDTOP)/config.status
+	cd $(BUILDTOP) && $(SHELL) config.status include/gssrpc/types.h
 	touch types.stamp
 
 clean-unix::
diff --git a/src/lib/rpc/deps b/src/lib/rpc/deps
index 53ea7ae..d088bf0 100644
--- a/src/lib/rpc/deps
+++ b/src/lib/rpc/deps
@@ -2,322 +2,323 @@
 # Generated makefile dependencies follow.
 #
 auth_none.so auth_none.po $(OUTPRE)auth_none.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   auth_none.c
 auth_unix.so auth_unix.po $(OUTPRE)auth_unix.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   auth_unix.c
 authgss_prot.so authgss_prot.po $(OUTPRE)authgss_prot.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   authgss_prot.c
 authunix_prot.so authunix_prot.po $(OUTPRE)authunix_prot.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h authunix_prot.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h authunix_prot.c
 auth_gss.so auth_gss.po $(OUTPRE)auth_gss.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h auth_gss.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h auth_gss.c
 auth_gssapi.so auth_gssapi.po $(OUTPRE)auth_gssapi.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_ext.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \
-  auth_gssapi.c gssrpcint.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h auth_gssapi.c gssrpcint.h
 auth_gssapi_misc.so auth_gssapi_misc.po $(OUTPRE)auth_gssapi_misc.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h auth_gssapi_misc.c gssrpcint.h
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h auth_gssapi_misc.c \
+  gssrpcint.h
 bindresvport.so bindresvport.po $(OUTPRE)bindresvport.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   bindresvport.c
 clnt_generic.so clnt_generic.po $(OUTPRE)clnt_generic.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h clnt_generic.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h clnt_generic.c
 clnt_perror.so clnt_perror.po $(OUTPRE)clnt_perror.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   clnt_perror.c
 clnt_raw.so clnt_raw.po $(OUTPRE)clnt_raw.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   clnt_raw.c
 clnt_simple.so clnt_simple.po $(OUTPRE)clnt_simple.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/port-sockets.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/port-sockets.h \
   clnt_simple.c
 clnt_tcp.so clnt_tcp.po $(OUTPRE)clnt_tcp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/port-sockets.h clnt_tcp.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/port-sockets.h clnt_tcp.c
 clnt_udp.so clnt_udp.po $(OUTPRE)clnt_udp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/port-sockets.h clnt_udp.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/port-sockets.h clnt_udp.c
 dyn.so dyn.po $(OUTPRE)dyn.$(OBJEXT): dyn.c dyn.h dynP.h
 rpc_dtablesize.so rpc_dtablesize.po $(OUTPRE)rpc_dtablesize.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   rpc_dtablesize.c
 get_myaddress.so get_myaddress.po $(OUTPRE)get_myaddress.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/krb5.h get_myaddress.c
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h get_myaddress.c
 getrpcport.so getrpcport.po $(OUTPRE)getrpcport.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   getrpcport.c
 pmap_clnt.so pmap_clnt.po $(OUTPRE)pmap_clnt.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   pmap_clnt.c
 pmap_getmaps.so pmap_getmaps.po $(OUTPRE)pmap_getmaps.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   pmap_getmaps.c
 pmap_getport.so pmap_getport.po $(OUTPRE)pmap_getport.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   pmap_getport.c
 pmap_prot.so pmap_prot.po $(OUTPRE)pmap_prot.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   pmap_prot.c
 pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/pmap_prot.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/pmap_prot.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   pmap_prot2.c
 pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h pmap_rmt.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/pmap_clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_prot.h $(top_srcdir)/include/gssrpc/pmap_rmt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h pmap_rmt.c
 rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   rpc_prot.c
 rpc_commondata.so rpc_commondata.po $(OUTPRE)rpc_commondata.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   rpc_commondata.c
 rpc_callmsg.so rpc_callmsg.po $(OUTPRE)rpc_callmsg.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   rpc_callmsg.c
 svc.so svc.po $(OUTPRE)svc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h svc.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc.c
 svc_auth.so svc_auth.po $(OUTPRE)svc_auth.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   svc_auth.c
 svc_auth_gss.so svc_auth_gss.po $(OUTPRE)svc_auth_gss.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h svc_auth_gss.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h svc_auth_gss.c
 svc_auth_none.so svc_auth_none.po $(OUTPRE)svc_auth_none.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   svc_auth_none.c
 svc_auth_unix.so svc_auth_unix.po $(OUTPRE)svc_auth_unix.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
   svc_auth_unix.c
 svc_auth_gssapi.so svc_auth_gssapi.po $(OUTPRE)svc_auth_gssapi.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/krb5.h \
-  gssrpcint.h svc_auth_gssapi.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/krb5.h gssrpcint.h svc_auth_gssapi.c
 svc_raw.so svc_raw.po $(OUTPRE)svc_raw.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h svc_raw.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_raw.c
 svc_run.so svc_run.po $(OUTPRE)svc_run.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h svc_run.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_run.c
 svc_simple.so svc_simple.po $(OUTPRE)svc_simple.$(OBJEXT): \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h svc_simple.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h svc_simple.c
 svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h svc_tcp.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h svc_tcp.c
 svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h svc_udp.c
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h svc_udp.c
 xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   xdr.c
 xdr_array.so xdr_array.po $(OUTPRE)xdr_array.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h xdr_array.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_array.c
 xdr_float.so xdr_float.po $(OUTPRE)xdr_float.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h xdr_float.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_float.c
 xdr_mem.so xdr_mem.po $(OUTPRE)xdr_mem.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   xdr_mem.c
 xdr_rec.so xdr_rec.po $(OUTPRE)xdr_rec.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
   xdr_rec.c
 xdr_reference.so xdr_reference.po $(OUTPRE)xdr_reference.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h xdr_reference.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_reference.c
 xdr_stdio.so xdr_stdio.po $(OUTPRE)xdr_stdio.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h xdr_stdio.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_stdio.c
 xdr_sizeof.so xdr_sizeof.po $(OUTPRE)xdr_sizeof.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h xdr_sizeof.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h xdr_sizeof.c
 xdr_alloc.so xdr_alloc.po $(OUTPRE)xdr_alloc.$(OBJEXT): \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h dyn.h xdr_alloc.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h dyn.h xdr_alloc.c
diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in
index 2b98dbb..71ddef8 100644
--- a/src/lib/rpc/unit-test/Makefile.in
+++ b/src/lib/rpc/unit-test/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=lib/rpc/unit-test
 mydir=lib/rpc/unit-test
 BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I.
diff --git a/src/lib/rpc/unit-test/deps b/src/lib/rpc/unit-test/deps
index 94e4c8f..6b24703 100644
--- a/src/lib/rpc/unit-test/deps
+++ b/src/lib/rpc/unit-test/deps
@@ -3,33 +3,33 @@
 #
 $(OUTPRE)client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
-  $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_gssapi.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h client.c rpc_test.h
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_gssapi.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h client.c rpc_test.h
 $(OUTPRE)rpc_test_clnt.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_clnt.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h rpc_test.h rpc_test_clnt.c
 $(OUTPRE)rpc_test_svc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h rpc_test.h rpc_test_svc.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h rpc_test.h rpc_test_svc.c
 $(OUTPRE)server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_gssapi.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h rpc_test.h server.c
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_gssapi.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/pmap_clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h rpc_test.h server.c
diff --git a/src/plugins/authdata/greet/Makefile.in b/src/plugins/authdata/greet/Makefile.in
index 1c71c45..840ebc2 100644
--- a/src/plugins/authdata/greet/Makefile.in
+++ b/src/plugins/authdata/greet/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/authdata/greet
 mydir=plugins/authdata/greet
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
diff --git a/src/plugins/authdata/greet/deps b/src/plugins/authdata/greet/deps
index b754fcf..ea4b503 100644
--- a/src/plugins/authdata/greet/deps
+++ b/src/plugins/authdata/greet/deps
@@ -2,5 +2,5 @@
 # Generated makefile dependencies follow.
 #
 greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/authdata_plugin.h \
   greet_auth.c
diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c
index e759128..1c88b2c 100644
--- a/src/plugins/authdata/greet/greet_auth.c
+++ b/src/plugins/authdata/greet/greet_auth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet/
  *
@@ -46,9 +47,9 @@ greet_fini(krb5_context ctx, void *blob)
 
 static krb5_error_code
 greet_authdata(krb5_context ctx, krb5_db_entry *client,
-	       krb5_data *req_pkt,
-	       krb5_kdc_req *request,
-	       krb5_enc_tkt_part * enc_tkt_reply)
+               krb5_data *req_pkt,
+               krb5_kdc_req *request,
+               krb5_enc_tkt_part * enc_tkt_reply)
 {
 #define GREET_SIZE (20)
 
@@ -61,9 +62,9 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
     a = calloc(1, sizeof(*a));
 
     if (p == NULL || a == NULL) {
-	free(p);
-	free(a);
-	return ENOMEM;
+        free(p);
+        free(a);
+        return ENOMEM;
     }
     strncpy(p, "hello there", GREET_SIZE-1);
     a->magic = KV5M_AUTHDATA;
@@ -71,17 +72,17 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
     a->length = GREET_SIZE;
     a->contents = (unsigned char *)p;
     if (enc_tkt_reply->authorization_data == 0) {
-	count = 0;
+        count = 0;
     } else {
-	for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++)
-	    ;
+        for (count = 0; enc_tkt_reply->authorization_data[count] != 0; count++)
+            ;
     }
     new_ad = realloc(enc_tkt_reply->authorization_data,
-		     (count+2) * sizeof(krb5_authdata *));
+                     (count+2) * sizeof(krb5_authdata *));
     if (new_ad == NULL) {
-	free(p);
-	free(a);
-	return ENOMEM;
+        free(p);
+        free(a);
+        return ENOMEM;
     }
     enc_tkt_reply->authorization_data = new_ad;
     new_ad[count] = a;
diff --git a/src/plugins/authdata/greet_client/Makefile.in b/src/plugins/authdata/greet_client/Makefile.in
index 72d665a..52f2e72 100644
--- a/src/plugins/authdata/greet_client/Makefile.in
+++ b/src/plugins/authdata/greet_client/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/authdata/greet_client
 mydir=plugins/authdata/greet_client
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
diff --git a/src/plugins/authdata/greet_client/deps b/src/plugins/authdata/greet_client/deps
index b754fcf..ea4b503 100644
--- a/src/plugins/authdata/greet_client/deps
+++ b/src/plugins/authdata/greet_client/deps
@@ -2,5 +2,5 @@
 # Generated makefile dependencies follow.
 #
 greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/authdata_plugin.h \
   greet_auth.c
diff --git a/src/plugins/authdata/greet_client/greet.c b/src/plugins/authdata/greet_client/greet.c
index 4c7af82..8a49471 100644
--- a/src/plugins/authdata/greet_client/greet.c
+++ b/src/plugins/authdata/greet_client/greet.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet_client/
  *
@@ -242,10 +243,10 @@ greet_set_attribute(krb5_context kcontext,
 
 static krb5_error_code
 greet_delete_attribute(krb5_context kcontext,
-                        krb5_authdata_context context,
-                        void *plugin_context,
-                        void *request_context,
-                        const krb5_data *attribute)
+                       krb5_authdata_context context,
+                       void *plugin_context,
+                       void *request_context,
+                       const krb5_data *attribute)
 {
     struct greet_context *greet = (struct greet_context *)request_context;
 
@@ -265,8 +266,8 @@ greet_size(krb5_context kcontext,
     struct greet_context *greet = (struct greet_context *)request_context;
 
     *sizep += sizeof(krb5_int32) +
-              greet->greeting.length +
-              sizeof(krb5_int32);
+        greet->greeting.length +
+        sizeof(krb5_int32);
 
     return 0;
 }
diff --git a/src/plugins/authdata/greet_server/Makefile.in b/src/plugins/authdata/greet_server/Makefile.in
index 3924f1b..2793aaf 100644
--- a/src/plugins/authdata/greet_server/Makefile.in
+++ b/src/plugins/authdata/greet_server/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/authdata/greet_server
 mydir=plugins/authdata/greet_server
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_AD_MODULE_DIR)
diff --git a/src/plugins/authdata/greet_server/deps b/src/plugins/authdata/greet_server/deps
index b754fcf..ea4b503 100644
--- a/src/plugins/authdata/greet_server/deps
+++ b/src/plugins/authdata/greet_server/deps
@@ -2,5 +2,5 @@
 # Generated makefile dependencies follow.
 #
 greet_auth.so greet_auth.po $(OUTPRE)greet_auth.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/authdata_plugin.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/authdata_plugin.h \
   greet_auth.c
diff --git a/src/plugins/authdata/greet_server/greet_auth.c b/src/plugins/authdata/greet_server/greet_auth.c
index fad044a..0048af4 100644
--- a/src/plugins/authdata/greet_server/greet_auth.c
+++ b/src/plugins/authdata/greet_server/greet_auth.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/authdata/greet_server/
  *
@@ -174,7 +175,7 @@ greet_authdata(krb5_context context,
     krb5_data *greeting = NULL;
 
     if (request->msg_type != KRB5_TGS_REQ)
-	return 0;
+        return 0;
 
     code = greet_hello(context, &greeting);
     if (code != 0)
diff --git a/src/plugins/kdb/db2/Makefile.in b/src/plugins/kdb/db2/Makefile.in
index b2532a4..fb176f4 100644
--- a/src/plugins/kdb/db2/Makefile.in
+++ b/src/plugins/kdb/db2/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/kdb/db2
 mydir=plugins/kdb/db2
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_DB_MODULE_DIR)
diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
index 58c4932..5c09a9b 100644
--- a/src/plugins/kdb/db2/adb_openclose.c
+++ b/src/plugins/kdb/db2/adb_openclose.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,409 +9,416 @@
 static char *rcsid = "$Header$";
 #endif
 
-#include	<sys/file.h>
-#include	<fcntl.h>
-#include	<unistd.h>
+#include        <sys/file.h>
+#include        <fcntl.h>
+#include        <unistd.h>
 #include        <k5-int.h>
-#include	"policy_db.h"
-#include	<stdlib.h>
+#include        "policy_db.h"
+#include        <stdlib.h>
 #include        <db.h>
 
 #define MAX_LOCK_TRIES 5
 
 struct _locklist {
-     osa_adb_lock_ent lockinfo;
-     struct _locklist *next;
+    osa_adb_lock_ent lockinfo;
+    struct _locklist *next;
 };
 
-krb5_error_code osa_adb_create_db(char *filename, char *lockfilename,
-				  int magic)
+krb5_error_code
+osa_adb_create_db(char *filename, char *lockfilename, int magic)
 {
-     int lf;
-     DB *db;
-     BTREEINFO btinfo;
-
-     memset(&btinfo, 0, sizeof(btinfo));
-     btinfo.flags = 0;
-     btinfo.cachesize = 0;
-     btinfo.psize = 4096;
-     btinfo.lorder = 0;
-     btinfo.minkeypage = 0;
-     btinfo.compare = NULL;
-     btinfo.prefix = NULL;
-     db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
-     if (db == NULL)
-	  return errno;
-     if (db->close(db) < 0)
-	  return errno;
-
-     /* only create the lock file if we successfully created the db */
-     lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
-     if (lf == -1)
-	  return errno;
-     (void) close(lf);
-
-     return OSA_ADB_OK;
+    int lf;
+    DB *db;
+    BTREEINFO btinfo;
+
+    memset(&btinfo, 0, sizeof(btinfo));
+    btinfo.flags = 0;
+    btinfo.cachesize = 0;
+    btinfo.psize = 4096;
+    btinfo.lorder = 0;
+    btinfo.minkeypage = 0;
+    btinfo.compare = NULL;
+    btinfo.prefix = NULL;
+    db = dbopen(filename, O_RDWR | O_CREAT | O_EXCL, 0600, DB_BTREE, &btinfo);
+    if (db == NULL)
+        return errno;
+    if (db->close(db) < 0)
+        return errno;
+
+    /* only create the lock file if we successfully created the db */
+    lf = THREEPARAMOPEN(lockfilename, O_RDWR | O_CREAT | O_EXCL, 0600);
+    if (lf == -1)
+        return errno;
+    (void) close(lf);
+
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_destroy_db(char *filename, char *lockfilename,
-				 int magic)
+krb5_error_code
+osa_adb_destroy_db(char *filename, char *lockfilename, int magic)
 {
-     /* the admin databases do not contain security-critical data */
-     if (unlink(filename) < 0 ||
-	 unlink(lockfilename) < 0)
-	  return errno;
-     return OSA_ADB_OK;
+    /* the admin databases do not contain security-critical data */
+    if (unlink(filename) < 0 ||
+        unlink(lockfilename) < 0)
+        return errno;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
-				char *fileto, char *lockto, int magic)
+krb5_error_code
+osa_adb_rename_db(char *filefrom, char *lockfrom, char *fileto, char *lockto,
+                  int magic)
 {
-     osa_adb_db_t fromdb, todb;
-     krb5_error_code ret;
-
-     /* make sure todb exists */
-     if ((ret = osa_adb_create_db(fileto, lockto, magic)) &&
-	 ret != EEXIST)
-	  return ret;
-
-     if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
-	  return ret;
-     if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
-	  (void) osa_adb_fini_db(fromdb, magic);
-	  return ret;
-     }
-     if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) {
-	  (void) osa_adb_fini_db(fromdb, magic);
-	  (void) osa_adb_fini_db(todb, magic);
-	  return ret;
-     }
-     if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) {
-	  (void) osa_adb_fini_db(fromdb, magic);
-	  (void) osa_adb_fini_db(todb, magic);
-	  return ret;
-     }
-     if ((rename(filefrom, fileto) < 0)) {
-	  (void) osa_adb_fini_db(fromdb, magic);
-	  (void) osa_adb_fini_db(todb, magic);
-	  return errno;
-     }
-     /*
-      * Do not release the lock on fromdb because it is being renamed
-      * out of existence; no one can ever use it again.
-      */
-     if ((ret = osa_adb_release_lock(todb))) {
-	  (void) osa_adb_fini_db(fromdb, magic);
-	  (void) osa_adb_fini_db(todb, magic);
-	  return ret;
-     }
-
-     (void) osa_adb_fini_db(fromdb, magic);
-     (void) osa_adb_fini_db(todb, magic);
-     return 0;
+    osa_adb_db_t fromdb, todb;
+    krb5_error_code ret;
+
+    /* make sure todb exists */
+    if ((ret = osa_adb_create_db(fileto, lockto, magic)) &&
+        ret != EEXIST)
+        return ret;
+
+    if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)))
+        return ret;
+    if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        return ret;
+    }
+    if ((ret = osa_adb_get_lock(fromdb, KRB5_DB_LOCKMODE_PERMANENT))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+    if ((ret = osa_adb_get_lock(todb, KRB5_DB_LOCKMODE_PERMANENT))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+    if ((rename(filefrom, fileto) < 0)) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return errno;
+    }
+    /*
+     * Do not release the lock on fromdb because it is being renamed
+     * out of existence; no one can ever use it again.
+     */
+    if ((ret = osa_adb_release_lock(todb))) {
+        (void) osa_adb_fini_db(fromdb, magic);
+        (void) osa_adb_fini_db(todb, magic);
+        return ret;
+    }
+
+    (void) osa_adb_fini_db(fromdb, magic);
+    (void) osa_adb_fini_db(todb, magic);
+    return 0;
 }
 
-krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-			      char *lockfilename, int magic)
+krb5_error_code
+osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
+                int magic)
 {
-     osa_adb_db_t db;
-     static struct _locklist *locklist = NULL;
-     struct _locklist *lockp;
-     krb5_error_code code;
-
-     if (dbp == NULL || filename == NULL)
-	  return EINVAL;
-
-     db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
-     if (db == NULL)
-	  return ENOMEM;
-
-     memset(db, 0, sizeof(*db));
-     db->info.hash = NULL;
-     db->info.bsize = 256;
-     db->info.ffactor = 8;
-     db->info.nelem = 25000;
-     db->info.lorder = 0;
-
-     db->btinfo.flags = 0;
-     db->btinfo.cachesize = 0;
-     db->btinfo.psize = 4096;
-     db->btinfo.lorder = 0;
-     db->btinfo.minkeypage = 0;
-     db->btinfo.compare = NULL;
-     db->btinfo.prefix = NULL;
-     /*
-      * A process is allowed to open the same database multiple times
-      * and access it via different handles.  If the handles use
-      * distinct lockinfo structures, things get confused: lock(A),
-      * lock(B), release(B) will result in the kernel unlocking the
-      * lock file but handle A will still think the file is locked.
-      * Therefore, all handles using the same lock file must share a
-      * single lockinfo structure.
-      *
-      * It is not sufficient to have a single lockinfo structure,
-      * however, because a single process may also wish to open
-      * multiple different databases simultaneously, with different
-      * lock files.  This code used to use a single static lockinfo
-      * structure, which means that the second database opened used
-      * the first database's lock file.  This was Bad.
-      *
-      * We now maintain a linked list of lockinfo structures, keyed by
-      * lockfilename.  An entry is added when this function is called
-      * with a new lockfilename, and all subsequent calls with that
-      * lockfilename use the existing entry, updating the refcnt.
-      * When the database is closed with fini_db(), the refcnt is
-      * decremented, and when it is zero the lockinfo structure is
-      * freed and reset.  The entry in the linked list, however, is
-      * never removed; it will just be reinitialized the next time
-      * init_db is called with the right lockfilename.
-      */
-
-     /* find or create the lockinfo structure for lockfilename */
-     lockp = locklist;
-     while (lockp) {
-	  if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
-	       break;
-	  else
-	       lockp = lockp->next;
-     }
-     if (lockp == NULL) {
-	  /* doesn't exist, create it, add to list */
-	  lockp = (struct _locklist *) malloc(sizeof(*lockp));
-	  if (lockp == NULL) {
-	       free(db);
-	       return ENOMEM;
-	  }
-	  memset(lockp, 0, sizeof(*lockp));
-	  lockp->next = locklist;
-	  locklist = lockp;
-     }
-
-     /* now initialize lockp->lockinfo if necessary */
-     if (lockp->lockinfo.lockfile == NULL) {
-	  if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
-	       free(db);
-	       return((krb5_error_code) code);
-	  }
-
-	  /*
-	   * needs be open read/write so that write locking can work with
-	   * POSIX systems
-	   */
-	  lockp->lockinfo.filename = strdup(lockfilename);
-	  if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
-	       /*
-		* maybe someone took away write permission so we could only
-		* get shared locks?
-		*/
-	       if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
-		   == NULL) {
-		    free(db);
-		    return OSA_ADB_NOLOCKFILE;
-	       }
-	  }
-	  set_cloexec_file(lockp->lockinfo.lockfile);
-	  lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
-     }
-
-     /* lockp is set, lockinfo is initialized, update the reference count */
-     db->lock = &lockp->lockinfo;
-     db->lock->refcnt++;
-
-     db->opencnt = 0;
-     db->filename = strdup(filename);
-     db->magic = magic;
-
-     *dbp = db;
-
-     return OSA_ADB_OK;
+    osa_adb_db_t db;
+    static struct _locklist *locklist = NULL;
+    struct _locklist *lockp;
+    krb5_error_code code;
+
+    if (dbp == NULL || filename == NULL)
+        return EINVAL;
+
+    db = (osa_adb_princ_t) malloc(sizeof(osa_adb_db_ent));
+    if (db == NULL)
+        return ENOMEM;
+
+    memset(db, 0, sizeof(*db));
+    db->info.hash = NULL;
+    db->info.bsize = 256;
+    db->info.ffactor = 8;
+    db->info.nelem = 25000;
+    db->info.lorder = 0;
+
+    db->btinfo.flags = 0;
+    db->btinfo.cachesize = 0;
+    db->btinfo.psize = 4096;
+    db->btinfo.lorder = 0;
+    db->btinfo.minkeypage = 0;
+    db->btinfo.compare = NULL;
+    db->btinfo.prefix = NULL;
+    /*
+     * A process is allowed to open the same database multiple times
+     * and access it via different handles.  If the handles use
+     * distinct lockinfo structures, things get confused: lock(A),
+     * lock(B), release(B) will result in the kernel unlocking the
+     * lock file but handle A will still think the file is locked.
+     * Therefore, all handles using the same lock file must share a
+     * single lockinfo structure.
+     *
+     * It is not sufficient to have a single lockinfo structure,
+     * however, because a single process may also wish to open
+     * multiple different databases simultaneously, with different
+     * lock files.  This code used to use a single static lockinfo
+     * structure, which means that the second database opened used
+     * the first database's lock file.  This was Bad.
+     *
+     * We now maintain a linked list of lockinfo structures, keyed by
+     * lockfilename.  An entry is added when this function is called
+     * with a new lockfilename, and all subsequent calls with that
+     * lockfilename use the existing entry, updating the refcnt.
+     * When the database is closed with fini_db(), the refcnt is
+     * decremented, and when it is zero the lockinfo structure is
+     * freed and reset.  The entry in the linked list, however, is
+     * never removed; it will just be reinitialized the next time
+     * init_db is called with the right lockfilename.
+     */
+
+    /* find or create the lockinfo structure for lockfilename */
+    lockp = locklist;
+    while (lockp) {
+        if (strcmp(lockp->lockinfo.filename, lockfilename) == 0)
+            break;
+        else
+            lockp = lockp->next;
+    }
+    if (lockp == NULL) {
+        /* doesn't exist, create it, add to list */
+        lockp = (struct _locklist *) malloc(sizeof(*lockp));
+        if (lockp == NULL) {
+            free(db);
+            return ENOMEM;
+        }
+        memset(lockp, 0, sizeof(*lockp));
+        lockp->next = locklist;
+        locklist = lockp;
+    }
+
+    /* now initialize lockp->lockinfo if necessary */
+    if (lockp->lockinfo.lockfile == NULL) {
+        if ((code = krb5int_init_context_kdc(&lockp->lockinfo.context))) {
+            free(db);
+            return((krb5_error_code) code);
+        }
+
+        /*
+         * needs be open read/write so that write locking can work with
+         * POSIX systems
+         */
+        lockp->lockinfo.filename = strdup(lockfilename);
+        if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) {
+            /*
+             * maybe someone took away write permission so we could only
+             * get shared locks?
+             */
+            if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r"))
+                == NULL) {
+                free(db);
+                return OSA_ADB_NOLOCKFILE;
+            }
+        }
+        set_cloexec_file(lockp->lockinfo.lockfile);
+        lockp->lockinfo.lockmode = lockp->lockinfo.lockcnt = 0;
+    }
+
+    /* lockp is set, lockinfo is initialized, update the reference count */
+    db->lock = &lockp->lockinfo;
+    db->lock->refcnt++;
+
+    db->opencnt = 0;
+    db->filename = strdup(filename);
+    db->magic = magic;
+
+    *dbp = db;
+
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic)
+krb5_error_code
+osa_adb_fini_db(osa_adb_db_t db, int magic)
 {
-     if (db->magic != magic)
-	  return EINVAL;
-     if (db->lock->refcnt == 0) {
-	  /* barry says this can't happen */
-	  return OSA_ADB_FAILURE;
-     } else {
-	  db->lock->refcnt--;
-     }
-
-     if (db->lock->refcnt == 0) {
-	  /*
-	   * Don't free db->lock->filename, it is used as a key to
-	   * find the lockinfo entry in the linked list.  If the
-	   * lockfile doesn't exist, we must be closing the database
-	   * after trashing it.  This has to be allowed, so don't
-	   * generate an error.
-	   */
-	  if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
-	       (void) fclose(db->lock->lockfile);
-	  db->lock->lockfile = NULL;
-	  krb5_free_context(db->lock->context);
-     }
-
-     db->magic = 0;
-     free(db->filename);
-     free(db);
-     return OSA_ADB_OK;
+    if (db->magic != magic)
+        return EINVAL;
+    if (db->lock->refcnt == 0) {
+        /* barry says this can't happen */
+        return OSA_ADB_FAILURE;
+    } else {
+        db->lock->refcnt--;
+    }
+
+    if (db->lock->refcnt == 0) {
+        /*
+         * Don't free db->lock->filename, it is used as a key to
+         * find the lockinfo entry in the linked list.  If the
+         * lockfile doesn't exist, we must be closing the database
+         * after trashing it.  This has to be allowed, so don't
+         * generate an error.
+         */
+        if (db->lock->lockmode != KRB5_DB_LOCKMODE_PERMANENT)
+            (void) fclose(db->lock->lockfile);
+        db->lock->lockfile = NULL;
+        krb5_free_context(db->lock->context);
+    }
+
+    db->magic = 0;
+    free(db->filename);
+    free(db);
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode)
+krb5_error_code
+osa_adb_get_lock(osa_adb_db_t db, int mode)
 {
-     int tries, gotlock, perm, krb5_mode, ret = 0;
-
-     if (db->lock->lockmode >= mode) {
-	  /* No need to upgrade lock, just incr refcnt and return */
-	  db->lock->lockcnt++;
-	  return(OSA_ADB_OK);
-     }
-
-     perm = 0;
-     switch (mode) {
-	case KRB5_DB_LOCKMODE_PERMANENT:
-	  perm = 1;
-	case KRB5_DB_LOCKMODE_EXCLUSIVE:
-	  krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
-	  break;
-	case KRB5_DB_LOCKMODE_SHARED:
-	  krb5_mode = KRB5_LOCKMODE_SHARED;
-	  break;
-	default:
-	  return(EINVAL);
-     }
-
-     for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
-	  if ((ret = krb5_lock_file(db->lock->context,
-				    fileno(db->lock->lockfile),
-				    krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
-	       gotlock++;
-	       break;
-	  } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
-	       /* tried to exclusive-lock something we don't have */
-	       /* write access to */
-	       return OSA_ADB_NOEXCL_PERM;
-
-	  sleep(1);
-     }
-
-     /* test for all the likely "can't get lock" error codes */
-     if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
-	  return OSA_ADB_CANTLOCK_DB;
-     else if (ret != 0)
-	  return ret;
-
-     /*
-      * If the file no longer exists, someone acquired a permanent
-      * lock.  If that process terminates its exclusive lock is lost,
-      * but if we already had the file open we can (probably) lock it
-      * even though it has been unlinked.  So we need to insist that
-      * it exist.
-      */
-     if (access(db->lock->filename, F_OK) < 0) {
-	  (void) krb5_lock_file(db->lock->context,
-				fileno(db->lock->lockfile),
-				KRB5_LOCKMODE_UNLOCK);
-	  return OSA_ADB_NOLOCKFILE;
-     }
-
-     /* we have the shared/exclusive lock */
-
-     if (perm) {
-	  if (unlink(db->lock->filename) < 0) {
-	       /* somehow we can't delete the file, but we already */
-	       /* have the lock, so release it and return */
-
-	       ret = errno;
-	       (void) krb5_lock_file(db->lock->context,
-				     fileno(db->lock->lockfile),
-				     KRB5_LOCKMODE_UNLOCK);
-
-	       /* maybe we should return CANTLOCK_DB.. but that would */
-	       /* look just like the db was already locked */
-	       return ret;
-	  }
-
-	  /* this releases our exclusive lock.. which is okay because */
-	  /* now no one else can get one either */
-	  (void) fclose(db->lock->lockfile);
-     }
-
-     db->lock->lockmode = mode;
-     db->lock->lockcnt++;
-     return OSA_ADB_OK;
+    int tries, gotlock, perm, krb5_mode, ret = 0;
+
+    if (db->lock->lockmode >= mode) {
+        /* No need to upgrade lock, just incr refcnt and return */
+        db->lock->lockcnt++;
+        return(OSA_ADB_OK);
+    }
+
+    perm = 0;
+    switch (mode) {
+    case KRB5_DB_LOCKMODE_PERMANENT:
+        perm = 1;
+    case KRB5_DB_LOCKMODE_EXCLUSIVE:
+        krb5_mode = KRB5_LOCKMODE_EXCLUSIVE;
+        break;
+    case KRB5_DB_LOCKMODE_SHARED:
+        krb5_mode = KRB5_LOCKMODE_SHARED;
+        break;
+    default:
+        return(EINVAL);
+    }
+
+    for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
+        if ((ret = krb5_lock_file(db->lock->context,
+                                  fileno(db->lock->lockfile),
+                                  krb5_mode|KRB5_LOCKMODE_DONTBLOCK)) == 0) {
+            gotlock++;
+            break;
+        } else if (ret == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+            /* tried to exclusive-lock something we don't have */
+            /* write access to */
+            return OSA_ADB_NOEXCL_PERM;
+
+        sleep(1);
+    }
+
+    /* test for all the likely "can't get lock" error codes */
+    if (ret == EACCES || ret == EAGAIN || ret == EWOULDBLOCK)
+        return OSA_ADB_CANTLOCK_DB;
+    else if (ret != 0)
+        return ret;
+
+    /*
+     * If the file no longer exists, someone acquired a permanent
+     * lock.  If that process terminates its exclusive lock is lost,
+     * but if we already had the file open we can (probably) lock it
+     * even though it has been unlinked.  So we need to insist that
+     * it exist.
+     */
+    if (access(db->lock->filename, F_OK) < 0) {
+        (void) krb5_lock_file(db->lock->context,
+                              fileno(db->lock->lockfile),
+                              KRB5_LOCKMODE_UNLOCK);
+        return OSA_ADB_NOLOCKFILE;
+    }
+
+    /* we have the shared/exclusive lock */
+
+    if (perm) {
+        if (unlink(db->lock->filename) < 0) {
+            /* somehow we can't delete the file, but we already */
+            /* have the lock, so release it and return */
+
+            ret = errno;
+            (void) krb5_lock_file(db->lock->context,
+                                  fileno(db->lock->lockfile),
+                                  KRB5_LOCKMODE_UNLOCK);
+
+            /* maybe we should return CANTLOCK_DB.. but that would */
+            /* look just like the db was already locked */
+            return ret;
+        }
+
+        /* this releases our exclusive lock.. which is okay because */
+        /* now no one else can get one either */
+        (void) fclose(db->lock->lockfile);
+    }
+
+    db->lock->lockmode = mode;
+    db->lock->lockcnt++;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_release_lock(osa_adb_db_t db)
+krb5_error_code
+osa_adb_release_lock(osa_adb_db_t db)
 {
-     int ret, fd;
-
-     if (!db->lock->lockcnt)		/* lock already unlocked */
-	  return OSA_ADB_NOTLOCKED;
-
-     if (--db->lock->lockcnt == 0) {
-	  if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
-	       /* now we need to create the file since it does not exist */
-               fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
-                                   0600);
-	       if (fd < 0)
-		   return OSA_ADB_NOLOCKFILE;
-	       set_cloexec_fd(fd);
-	       if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
-		    return OSA_ADB_NOLOCKFILE;
-	  } else if ((ret = krb5_lock_file(db->lock->context,
-					  fileno(db->lock->lockfile),
-					  KRB5_LOCKMODE_UNLOCK)))
-	       return ret;
-
-	  db->lock->lockmode = 0;
-     }
-     return OSA_ADB_OK;
+    int ret, fd;
+
+    if (!db->lock->lockcnt)            /* lock already unlocked */
+        return OSA_ADB_NOTLOCKED;
+
+    if (--db->lock->lockcnt == 0) {
+        if (db->lock->lockmode == KRB5_DB_LOCKMODE_PERMANENT) {
+            /* now we need to create the file since it does not exist */
+            fd = THREEPARAMOPEN(db->lock->filename,O_RDWR | O_CREAT | O_EXCL,
+                                0600);
+            if (fd < 0)
+                return OSA_ADB_NOLOCKFILE;
+            set_cloexec_fd(fd);
+            if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL)
+                return OSA_ADB_NOLOCKFILE;
+        } else if ((ret = krb5_lock_file(db->lock->context,
+                                         fileno(db->lock->lockfile),
+                                         KRB5_LOCKMODE_UNLOCK)))
+            return ret;
+
+        db->lock->lockmode = 0;
+    }
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
+krb5_error_code
+osa_adb_open_and_lock(osa_adb_princ_t db, int locktype)
 {
-     int ret;
-
-     ret = osa_adb_get_lock(db, locktype);
-     if (ret != OSA_ADB_OK)
-	  return ret;
-     if (db->opencnt)
-	  goto open_ok;
-
-     db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
-     if (db->db != NULL)
-	 goto open_ok;
-     switch (errno) {
+    int ret;
+
+    ret = osa_adb_get_lock(db, locktype);
+    if (ret != OSA_ADB_OK)
+        return ret;
+    if (db->opencnt)
+        goto open_ok;
+
+    db->db = dbopen(db->filename, O_RDWR, 0600, DB_BTREE, &db->btinfo);
+    if (db->db != NULL)
+        goto open_ok;
+    switch (errno) {
 #ifdef EFTYPE
-     case EFTYPE:
+    case EFTYPE:
 #endif
-     case EINVAL:
-	  db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
-	  if (db->db != NULL)
-	       goto open_ok;
-     default:
-	  (void) osa_adb_release_lock(db);
-	  if (errno == EINVAL)
-	       return OSA_ADB_BAD_DB;
-	  return errno;
-     }
+    case EINVAL:
+        db->db = dbopen(db->filename, O_RDWR, 0600, DB_HASH, &db->info);
+        if (db->db != NULL)
+            goto open_ok;
+    default:
+        (void) osa_adb_release_lock(db);
+        if (errno == EINVAL)
+            return OSA_ADB_BAD_DB;
+        return errno;
+    }
 open_ok:
-     db->opencnt++;
-     return OSA_ADB_OK;
+    db->opencnt++;
+    return OSA_ADB_OK;
 }
 
-krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db)
+krb5_error_code
+osa_adb_close_and_unlock(osa_adb_princ_t db)
 {
-     if (--db->opencnt)
-	  return osa_adb_release_lock(db);
-     if(db->db != NULL && db->db->close(db->db) == -1) {
-	  (void) osa_adb_release_lock(db);
-	  return OSA_ADB_FAILURE;
-     }
+    if (--db->opencnt)
+        return osa_adb_release_lock(db);
+    if(db->db != NULL && db->db->close(db->db) == -1) {
+        (void) osa_adb_release_lock(db);
+        return OSA_ADB_FAILURE;
+    }
 
-     db->db = NULL;
+    db->db = NULL;
 
-     return(osa_adb_release_lock(db));
+    return(osa_adb_release_lock(db));
 }
diff --git a/src/plugins/kdb/db2/adb_policy.c b/src/plugins/kdb/db2/adb_policy.c
index d585c08..2b6c121 100644
--- a/src/plugins/kdb/db2/adb_policy.c
+++ b/src/plugins/kdb/db2/adb_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved
  *
@@ -8,30 +9,30 @@
 static char *rcsid = "$Header$";
 #endif
 
-#include	<sys/file.h>
-#include	<fcntl.h>
-#include	"policy_db.h"
-#include	<stdlib.h>
-#include	<string.h>
+#include        <sys/file.h>
+#include        <fcntl.h>
+#include        "policy_db.h"
+#include        <stdlib.h>
+#include        <string.h>
 #include <errno.h>
 
-#define OPENLOCK(db, mode) \
-{ \
-       int olret; \
-	    if (db == NULL) \
-		 return EINVAL; \
-	    else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \
-		 return OSA_ADB_DBINIT; \
-	    else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
-		 return olret; \
-	    }
-
-#define CLOSELOCK(db) \
-{ \
-     int cl_ret; \
-     if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \
-	  return cl_ret; \
-}
+#define OPENLOCK(db, mode)                                              \
+    {                                                                   \
+        int olret;                                                      \
+        if (db == NULL)                                                 \
+            return EINVAL;                                              \
+        else if (db->magic != OSA_ADB_POLICY_DB_MAGIC)                  \
+            return OSA_ADB_DBINIT;                                      \
+        else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \
+            return olret;                                               \
+    }
+
+#define CLOSELOCK(db)                                                   \
+    {                                                                   \
+        int cl_ret;                                                     \
+        if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK)      \
+            return cl_ret;                                              \
+    }
 
 
 /*
@@ -40,66 +41,66 @@ static char *rcsid = "$Header$";
  * Purpose: create a policy entry in the policy db.
  *
  * Arguments:
- *	entry		(input) pointer to the entry to be added
- * 	<return value>	OSA_ADB_OK on success, else error code.
+ *      entry           (input) pointer to the entry to be added
+ *      <return value>  OSA_ADB_OK on success, else error code.
  *
  * Requires:
- *	entry have a valid name.
+ *      entry have a valid name.
  *
  * Effects:
- *	creates the entry in the db
+ *      creates the entry in the db
  *
  * Modifies:
- *	the policy db.
+ *      the policy db.
  *
  */
 krb5_error_code
 osa_adb_create_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
-    DBT			dbkey;
-    DBT			dbdata;
-    XDR			xdrs;
-    int			ret;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(entry->name == NULL) {
-	 ret = EINVAL;
-	 goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = entry->name;
     dbkey.size = (strlen(entry->name) + 1);
 
     switch(db->db->get(db->db, &dbkey, &dbdata, 0)) {
     case 0:
-	 ret = OSA_ADB_DUP;
-	 goto error;
+        ret = OSA_ADB_DUP;
+        goto error;
     case 1:
-	break;
+        break;
     default:
-	 ret = errno;
-	 goto error;
+        ret = errno;
+        goto error;
     }
     xdralloc_create(&xdrs, XDR_ENCODE);
     if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-	xdr_destroy(&xdrs);
-	ret = OSA_ADB_XDR_FAILURE;
-	goto error;
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
     }
     dbdata.data = xdralloc_getdata(&xdrs);
     dbdata.size = xdr_getpos(&xdrs);
     switch(db->db->put(db->db, &dbkey, &dbdata, R_NOOVERWRITE)) {
     case 0:
-	if((db->db->sync(db->db, 0)) == -1)
-	    ret = OSA_ADB_FAILURE;
-	ret = OSA_ADB_OK;
-	break;
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
     case 1:
-	ret = OSA_ADB_DUP;
-	break;
+        ret = OSA_ADB_DUP;
+        break;
     default:
-	ret = OSA_ADB_FAILURE;
-	break;
+        ret = OSA_ADB_FAILURE;
+        break;
     }
     xdr_destroy(&xdrs);
 
@@ -114,31 +115,31 @@ error:
  * Purpose: destroy a policy entry
  *
  * Arguments:
- *	db		(input) database handle
- *	name		(input) name of policy
- * 	<return value>	OSA_ADB_OK on success, or error code.
+ *      db              (input) database handle
+ *      name            (input) name of policy
+ *      <return value>  OSA_ADB_OK on success, or error code.
  *
  * Requires:
- *	db being valid.
- *	name being non-null.
+ *      db being valid.
+ *      name being non-null.
  * Effects:
- *	deletes policy from db.
+ *      deletes policy from db.
  *
  * Modifies:
- *	policy db.
+ *      policy db.
  *
  */
 krb5_error_code
 osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
 {
-    DBT	    dbkey;
-    int	    status, ret;
+    DBT     dbkey;
+    int     status, ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(name == NULL) {
-	 ret = EINVAL;
-	 goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = name;
     dbkey.size = (strlen(name) + 1);
@@ -146,18 +147,18 @@ osa_adb_destroy_policy(osa_adb_policy_t db, char *name)
     status = db->db->del(db->db, &dbkey, 0);
     switch(status) {
     case 1:
-	 ret = OSA_ADB_NOENT;
-	 goto error;
+        ret = OSA_ADB_NOENT;
+        goto error;
     case 0:
-	 if ((db->db->sync(db->db, 0)) == -1) {
-	      ret = OSA_ADB_FAILURE;
-	      goto error;
-	 }
-	 ret = OSA_ADB_OK;
-	 break;
+        if ((db->db->sync(db->db, 0)) == -1) {
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        ret = OSA_ADB_OK;
+        break;
     default:
-	 ret = OSA_ADB_FAILURE;
-	 goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
 
 error:
@@ -171,11 +172,11 @@ error:
  * Purpose: retrieve policy
  *
  * Arguments:
- *	db		(input) db handle
- *	name		(input) name of policy
- *	entry		(output) policy entry
+ *      db              (input) db handle
+ *      name            (input) name of policy
+ *      entry           (output) policy entry
  *      cnt             (inout) Number of entries
- * 	<return value>	0 on success, error code on failure.
+ *      <return value>  0 on success, error code on failure.
  *
  * Requires:
  * Effects:
@@ -183,21 +184,21 @@ error:
  */
 krb5_error_code
 osa_adb_get_policy(osa_adb_policy_t db, char *name,
-		   osa_policy_ent_t *entry, int *cnt)
+                   osa_policy_ent_t *entry, int *cnt)
 {
-    DBT			dbkey;
-    DBT			dbdata;
-    XDR			xdrs;
-    int			ret;
-    char		*aligned_data;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    XDR                 xdrs;
+    int                 ret;
+    char                *aligned_data;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_SHARED);
 
     *cnt = 1;
 
     if(name == NULL) {
-	 ret = EINVAL;
-	 goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = name;
     dbkey.size = (strlen(dbkey.data) + 1);
@@ -205,28 +206,28 @@ osa_adb_get_policy(osa_adb_policy_t db, char *name,
     dbdata.size = 0;
     switch((db->db->get(db->db, &dbkey, &dbdata, 0))) {
     case 1:
-	 ret = 0;
-	 *cnt = 0;
-	 goto error;
+        ret = 0;
+        *cnt = 0;
+        goto error;
     case 0:
-	break;
+        break;
     default:
-	 ret = OSA_ADB_FAILURE;
-	 goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
     if (!(*(entry) = (osa_policy_ent_t)malloc(sizeof(osa_policy_ent_rec)))) {
-	 ret = ENOMEM;
-	 goto error;
+        ret = ENOMEM;
+        goto error;
     }
     if (!(aligned_data = (char *) malloc(dbdata.size))) {
-	 ret = ENOMEM;
-	 goto error;
+        ret = ENOMEM;
+        goto error;
     }
     memcpy(aligned_data, dbdata.data, dbdata.size);
     memset(*entry, 0, sizeof(osa_policy_ent_rec));
     xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
     if (!xdr_osa_policy_ent_rec(&xdrs, *entry))
-	ret =  OSA_ADB_FAILURE;
+        ret =  OSA_ADB_FAILURE;
     else ret = OSA_ADB_OK;
     xdr_destroy(&xdrs);
     free(aligned_data);
@@ -242,64 +243,64 @@ error:
  * Purpose: update a policy in the dababase
  *
  * Arguments:
- *	db		(input) db handle
- *	entry		(input) policy entry
- * 	<return value>	0 on success error code on failure.
+ *      db              (input) db handle
+ *      entry           (input) policy entry
+ *      <return value>  0 on success error code on failure.
  *
  * Requires:
- *	[requires]
+ *      [requires]
  *
  * Effects:
- *	[effects]
+ *      [effects]
  *
  * Modifies:
- *	[modifies]
+ *      [modifies]
  *
  */
 krb5_error_code
 osa_adb_put_policy(osa_adb_policy_t db, osa_policy_ent_t entry)
 {
-    DBT			dbkey;
-    DBT			dbdata;
-    DBT			tmpdb;
-    XDR			xdrs;
-    int			ret;
+    DBT                 dbkey;
+    DBT                 dbdata;
+    DBT                 tmpdb;
+    XDR                 xdrs;
+    int                 ret;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE);
 
     if(entry->name == NULL) {
-	 ret = EINVAL;
-	 goto error;
+        ret = EINVAL;
+        goto error;
     }
     dbkey.data = entry->name;
     dbkey.size = (strlen(entry->name) + 1);
     switch(db->db->get(db->db, &dbkey, &tmpdb, 0)) {
     case 0:
-	break;
+        break;
     case 1:
-	ret = OSA_ADB_NOENT;
-	goto error;
+        ret = OSA_ADB_NOENT;
+        goto error;
     default:
-	ret = OSA_ADB_FAILURE;
-	goto error;
+        ret = OSA_ADB_FAILURE;
+        goto error;
     }
     xdralloc_create(&xdrs, XDR_ENCODE);
     if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-	xdr_destroy(&xdrs);
-	ret = OSA_ADB_XDR_FAILURE;
-	goto error;
+        xdr_destroy(&xdrs);
+        ret = OSA_ADB_XDR_FAILURE;
+        goto error;
     }
     dbdata.data = xdralloc_getdata(&xdrs);
     dbdata.size = xdr_getpos(&xdrs);
     switch(db->db->put(db->db, &dbkey, &dbdata, 0)) {
     case 0:
-	if((db->db->sync(db->db, 0)) == -1)
-	    ret = OSA_ADB_FAILURE;
-	ret = OSA_ADB_OK;
-	break;
+        if((db->db->sync(db->db, 0)) == -1)
+            ret = OSA_ADB_FAILURE;
+        ret = OSA_ADB_OK;
+        break;
     default:
-	ret = OSA_ADB_FAILURE;
-	break;
+        ret = OSA_ADB_FAILURE;
+        break;
     }
     xdr_destroy(&xdrs);
 
@@ -314,10 +315,10 @@ error:
  * Purpose: iterate over the policy database.
  *
  * Arguments:
- *	db		(input) db handle
- *	func		(input) fucntion pointer to call
- *	data		opaque data type
- * 	<return value>	0 on success error code on failure
+ *      db              (input) db handle
+ *      func            (input) fucntion pointer to call
+ *      data            opaque data type
+ *      <return value>  0 on success error code on failure
  *
  * Requires:
  * Effects:
@@ -325,51 +326,51 @@ error:
  */
 krb5_error_code
 osa_adb_iter_policy(osa_adb_policy_t db, osa_adb_iter_policy_func func,
-		    void *data)
+                    void *data)
 {
-    DBT			    dbkey,
-			    dbdata;
-    XDR			    xdrs;
-    int			    ret;
-    osa_policy_ent_t	    entry;
-    char		    *aligned_data;
+    DBT                     dbkey,
+        dbdata;
+    XDR                     xdrs;
+    int                     ret;
+    osa_policy_ent_t        entry;
+    char                    *aligned_data;
 
     OPENLOCK(db, KRB5_DB_LOCKMODE_EXCLUSIVE); /* hmmm */
 
     if((ret = db->db->seq(db->db, &dbkey, &dbdata, R_FIRST)) == -1) {
-	 ret = errno;
-	 goto error;
+        ret = errno;
+        goto error;
     }
 
     while (ret == 0) {
-	if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) {
-	     ret = ENOMEM;
-	     goto error;
-	}
-
-	if(!(aligned_data = (char *) malloc(dbdata.size))) {
-	     ret = ENOMEM;
-	     goto error;
-	}
-	memcpy(aligned_data, dbdata.data, dbdata.size);
-
-	memset(entry, 0, sizeof(osa_policy_ent_rec));
-	xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
-	if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
-	    xdr_destroy(&xdrs);
-	    free(aligned_data);
-	    osa_free_policy_ent(entry);
-	    ret = OSA_ADB_FAILURE;
-	    goto error;
-	}
-	(*func)(data, entry);
-	xdr_destroy(&xdrs);
-	free(aligned_data);
-	osa_free_policy_ent(entry);
-	ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
+        if (!(entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec)))) {
+            ret = ENOMEM;
+            goto error;
+        }
+
+        if(!(aligned_data = (char *) malloc(dbdata.size))) {
+            ret = ENOMEM;
+            goto error;
+        }
+        memcpy(aligned_data, dbdata.data, dbdata.size);
+
+        memset(entry, 0, sizeof(osa_policy_ent_rec));
+        xdrmem_create(&xdrs, aligned_data, dbdata.size, XDR_DECODE);
+        if(!xdr_osa_policy_ent_rec(&xdrs, entry)) {
+            xdr_destroy(&xdrs);
+            free(aligned_data);
+            osa_free_policy_ent(entry);
+            ret = OSA_ADB_FAILURE;
+            goto error;
+        }
+        (*func)(data, entry);
+        xdr_destroy(&xdrs);
+        free(aligned_data);
+        osa_free_policy_ent(entry);
+        ret = db->db->seq(db->db, &dbkey, &dbdata, R_NEXT);
     }
     if(ret == -1)
-	 ret = errno;
+        ret = errno;
     else ret = OSA_ADB_OK;
 
 error:
@@ -380,11 +381,11 @@ error:
 void
 osa_free_policy_ent(osa_policy_ent_t val)
 {
-  XDR xdrs;
+    XDR xdrs;
 
-  xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
+    xdrmem_create(&xdrs, NULL, 0, XDR_FREE);
 
-  xdr_osa_policy_ent_rec(&xdrs, val);
+    xdr_osa_policy_ent_rec(&xdrs, val);
 
-  free(val);
+    free(val);
 }
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c
index 356f6df..f96c1a4 100644
--- a/src/plugins/kdb/db2/db2_exp.c
+++ b/src/plugins/kdb/db2/db2_exp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2006 by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -23,14 +24,14 @@
  */
 
 /**********************************************************************
-*
-*	C %name:		db2_exp.c %
-*	Instance:		idc_sec_2
-*	Description:
-*	%created_by:	spradeep %
-*	%date_created:	Tue Apr  5 11:44:00 2005 %
-*
-**********************************************************************/
+ *
+ *       C %name:                db2_exp.c %
+ *       Instance:               idc_sec_2
+ *       Description:
+ *       %created_by:    spradeep %
+ *       %date_created:  Tue Apr  5 11:44:00 2005 %
+ *
+ **********************************************************************/
 #ifndef lint
 static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~5:csrc:idc_sec#2 %)";
 #endif
@@ -61,148 +62,148 @@ static char *_csrc = "@(#) %filespec: db2_exp.c~5 %  (%full_filespec: db2_exp.c~
 
 k5_mutex_t *krb5_db2_mutex;
 
-#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES,ERROR_RESULT)	\
-	static TYPE wrap_##NAME ARGLIST			\
-	{						\
-	    TYPE result;				\
-	    int code = k5_mutex_lock (krb5_db2_mutex);	\
-	    if (code) { return ERROR_RESULT; }		\
-	    result = NAME ARGNAMES;			\
-	    k5_mutex_unlock (krb5_db2_mutex);		\
-	    return result;				\
-	}						\
-	/* hack: decl to allow a following ";" */	\
-	static TYPE wrap_##NAME ()
+#define WRAP(NAME,TYPE,ARGLIST,ARGNAMES,ERROR_RESULT)   \
+    static TYPE wrap_##NAME ARGLIST                     \
+    {                                                   \
+        TYPE result;                                    \
+        int code = k5_mutex_lock (krb5_db2_mutex);      \
+        if (code) { return ERROR_RESULT; }              \
+        result = NAME ARGNAMES;                         \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+        return result;                                  \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static TYPE wrap_##NAME ()
 
 /* Two special cases: void (can't assign result), and krb5_error_code
    (return error from locking code).  */
 
-#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)		\
-	static void wrap_##NAME ARGLIST			\
-	{						\
-	    int code = k5_mutex_lock (krb5_db2_mutex);	\
-	    if (code) { return; }			\
-	    NAME ARGNAMES;				\
-	    k5_mutex_unlock (krb5_db2_mutex);		\
-	}						\
-	/* hack: decl to allow a following ";" */	\
-	static void wrap_##NAME ()
+#define WRAP_VOID(NAME,ARGLIST,ARGNAMES)                \
+    static void wrap_##NAME ARGLIST                     \
+    {                                                   \
+        int code = k5_mutex_lock (krb5_db2_mutex);      \
+        if (code) { return; }                           \
+        NAME ARGNAMES;                                  \
+        k5_mutex_unlock (krb5_db2_mutex);               \
+    }                                                   \
+    /* hack: decl to allow a following ";" */           \
+    static void wrap_##NAME ()
 
-#define WRAP_K(NAME,ARGLIST,ARGNAMES)			\
-	WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES,code)
+#define WRAP_K(NAME,ARGLIST,ARGNAMES)                   \
+    WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES,code)
 
 WRAP_K (krb5_db2_open,
-	( krb5_context kcontext,
-	  char *conf_section,
-	  char **db_args,
-	  int mode ),
-	(kcontext, conf_section, db_args, mode));
+        ( krb5_context kcontext,
+          char *conf_section,
+          char **db_args,
+          int mode ),
+        (kcontext, conf_section, db_args, mode));
 WRAP_K (krb5_db2_db_fini, (krb5_context ctx), (ctx));
 WRAP_K (krb5_db2_create,
-	( krb5_context kcontext, char *conf_section, char **db_args ),
-	(kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 WRAP_K (krb5_db2_destroy,
-	( krb5_context kcontext, char *conf_section, char **db_args ),
-	(kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 WRAP_K (krb5_db2_db_get_age,
-	(krb5_context ctx,
-		   char *s,
-	 time_t *t),
-	(ctx, s, t));
+        (krb5_context ctx,
+         char *s,
+         time_t *t),
+        (ctx, s, t));
 WRAP_K (krb5_db2_db_set_option,
-	( krb5_context kcontext,
-	  int option,
-	  void *value ),
-	(kcontext, option, value));
+        ( krb5_context kcontext,
+          int option,
+          void *value ),
+        (kcontext, option, value));
 
 WRAP_K (krb5_db2_db_lock,
-	( krb5_context 	  context,
-	  int 	 	  in_mode),
-	(context, in_mode));
+        ( krb5_context    context,
+          int             in_mode),
+        (context, in_mode));
 WRAP_K (krb5_db2_db_unlock, (krb5_context ctx), (ctx));
 
 WRAP_K (krb5_db2_db_get_principal,
-	(krb5_context ctx,
-		   krb5_const_principal p,
-		   unsigned int flags,
-		   krb5_db_entry *d,
-		   int * i,
-	 krb5_boolean *b),
-	(ctx, p, d, i, b));
+        (krb5_context ctx,
+         krb5_const_principal p,
+         unsigned int flags,
+         krb5_db_entry *d,
+         int * i,
+         krb5_boolean *b),
+        (ctx, p, d, i, b));
 WRAP_K (krb5_db2_db_free_principal,
-	(krb5_context ctx,
-		   krb5_db_entry *d,
-	 int i),
-	(ctx, d, i));
+        (krb5_context ctx,
+         krb5_db_entry *d,
+         int i),
+        (ctx, d, i));
 WRAP_K (krb5_db2_db_put_principal,
-	(krb5_context ctx,
-	 krb5_db_entry *d,
-	 int *i,
-	 char **db_args),
-	(ctx, d, i, db_args));
+        (krb5_context ctx,
+         krb5_db_entry *d,
+         int *i,
+         char **db_args),
+        (ctx, d, i, db_args));
 WRAP_K (krb5_db2_db_delete_principal,
-	(krb5_context context,
-	 krb5_const_principal searchfor,
-	 int *nentries),
-	(context, searchfor, nentries));
+        (krb5_context context,
+         krb5_const_principal searchfor,
+         int *nentries),
+        (context, searchfor, nentries));
 
 WRAP_K (krb5_db2_db_iterate,
-	(krb5_context ctx, char *s,
-	 krb5_error_code (*f) (krb5_pointer,
-			      krb5_db_entry *),
-	 krb5_pointer p),
-	(ctx, s, f, p));
+        (krb5_context ctx, char *s,
+         krb5_error_code (*f) (krb5_pointer,
+                               krb5_db_entry *),
+         krb5_pointer p),
+        (ctx, s, f, p));
 
 WRAP_K (krb5_db2_create_policy,
-	(krb5_context context, osa_policy_ent_t entry),
-	(context, entry));
+        (krb5_context context, osa_policy_ent_t entry),
+        (context, entry));
 WRAP_K (krb5_db2_get_policy,
-	( krb5_context kcontext,
-	  char *name,
-	  osa_policy_ent_t *policy,
-	  int *cnt),
-	(kcontext, name, policy, cnt));
+        ( krb5_context kcontext,
+          char *name,
+          osa_policy_ent_t *policy,
+          int *cnt),
+        (kcontext, name, policy, cnt));
 WRAP_K (krb5_db2_put_policy,
-	( krb5_context kcontext, osa_policy_ent_t policy ),
-	(kcontext, policy));
+        ( krb5_context kcontext, osa_policy_ent_t policy ),
+        (kcontext, policy));
 WRAP_K (krb5_db2_iter_policy,
-	( krb5_context kcontext,
-	  char *match_entry,
-	  osa_adb_iter_policy_func func,
-	  void *data ),
-	(kcontext, match_entry, func, data));
+        ( krb5_context kcontext,
+          char *match_entry,
+          osa_adb_iter_policy_func func,
+          void *data ),
+        (kcontext, match_entry, func, data));
 WRAP_K (krb5_db2_delete_policy,
-	( krb5_context kcontext, char *policy ),
-	(kcontext, policy));
+        ( krb5_context kcontext, char *policy ),
+        (kcontext, policy));
 WRAP_VOID (krb5_db2_free_policy,
-	   ( krb5_context kcontext, osa_policy_ent_t entry ),
-	   (kcontext, entry));
+           ( krb5_context kcontext, osa_policy_ent_t entry ),
+           (kcontext, entry));
 
 WRAP_K (krb5_db2_set_master_key_ext,
-	( krb5_context kcontext, char *pwd, krb5_keyblock *key),
-	(kcontext, pwd, key));
+        ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
+        (kcontext, pwd, key));
 WRAP_K (krb5_db2_db_get_mkey,
-	( krb5_context context, krb5_keyblock **key),
-	(context, key));
+        ( krb5_context context, krb5_keyblock **key),
+        (context, key));
 
 WRAP_K (krb5_db2_db_set_mkey_list,
-	( krb5_context kcontext, krb5_keylist_node *keylist),
-	(kcontext, keylist));
+        ( krb5_context kcontext, krb5_keylist_node *keylist),
+        (kcontext, keylist));
 
 WRAP_K (krb5_db2_db_get_mkey_list,
-	( krb5_context context, krb5_keylist_node **keylist),
-	(context, keylist));
+        ( krb5_context context, krb5_keylist_node **keylist),
+        (context, keylist));
 
 WRAP_K (krb5_db2_promote_db,
-	( krb5_context kcontext, char *conf_section, char **db_args ),
-	(kcontext, conf_section, db_args));
+        ( krb5_context kcontext, char *conf_section, char **db_args ),
+        (kcontext, conf_section, db_args));
 
 WRAP_K (krb5_db2_invoke,
-	(krb5_context kcontext,
-	 unsigned int method,
-	 const krb5_data *request,
-	 krb5_data *response),
-	(kcontext, method, request, response));
+        (krb5_context kcontext,
+         unsigned int method,
+         const krb5_data *request,
+         krb5_data *response),
+        (kcontext, method, request, response));
 
 static krb5_error_code
 hack_init ()
@@ -210,7 +211,7 @@ hack_init ()
     krb5_error_code c;
     c = krb5int_mutex_alloc (&krb5_db2_mutex);
     if (c)
-	return c;
+        return c;
     return krb5_db2_lib_init ();
 }
 
@@ -228,41 +229,41 @@ hack_cleanup (void)
  */
 
 kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
-  1,                                      /* major version number 1 */
-  0,                                      /* minor version number 0 */
-  /* init_library */			       hack_init,
-  /* fini_library */			       hack_cleanup,
-  /* init_module */			       wrap_krb5_db2_open,
-  /* fini_module */			       wrap_krb5_db2_db_fini,
-  /* db_create */			       wrap_krb5_db2_create,
-  /* db_destroy */			       wrap_krb5_db2_destroy,
-  /* db_get_age */                             wrap_krb5_db2_db_get_age,
-  /* db_set_option */			       wrap_krb5_db2_db_set_option,
-  /* db_lock */				       wrap_krb5_db2_db_lock,
-  /* db_unlock */			       wrap_krb5_db2_db_unlock,
-  /* db_get_principal */		       wrap_krb5_db2_db_get_principal,
-  /* db_free_principal */		       wrap_krb5_db2_db_free_principal,
-  /* db_put_principal */		       wrap_krb5_db2_db_put_principal,
-  /* db_delete_principal */		       wrap_krb5_db2_db_delete_principal,
-  /* db_iterate */			       wrap_krb5_db2_db_iterate,
-  /* db_create_policy */                       wrap_krb5_db2_create_policy,
-  /* db_get_policy */                          wrap_krb5_db2_get_policy,
-  /* db_put_policy */                          wrap_krb5_db2_put_policy,
-  /* db_iter_policy */                         wrap_krb5_db2_iter_policy,
-  /* db_delete_policy */                       wrap_krb5_db2_delete_policy,
-  /* db_free_policy */                         wrap_krb5_db2_free_policy,
-  /* db_supported_realms */		       NULL,
-  /* db_free_supported_realms */	       NULL,
-  /* errcode_2_string */                       NULL,
-  /* release_errcode_string */		       NULL,
-  /* db_alloc */                               krb5_db2_alloc,
-  /* db_free */                                krb5_db2_free,
-  /* set_master_key */			       wrap_krb5_db2_set_master_key_ext,
-  /* get_master_key */			       wrap_krb5_db2_db_get_mkey,
-  /* set_master_key_list */		       wrap_krb5_db2_db_set_mkey_list,
-  /* get_master_key_list */	    	       wrap_krb5_db2_db_get_mkey_list,
-  /* blah blah blah */ 0,0,0,0,0,0,0,0,
-  /* promote_db */			       wrap_krb5_db2_promote_db,
-  0, 0,
-  /* invoke */				       wrap_krb5_db2_invoke
+    1,                                      /* major version number 1 */
+    0,                                      /* minor version number 0 */
+    /* init_library */                           hack_init,
+    /* fini_library */                           hack_cleanup,
+    /* init_module */                            wrap_krb5_db2_open,
+    /* fini_module */                            wrap_krb5_db2_db_fini,
+    /* db_create */                              wrap_krb5_db2_create,
+    /* db_destroy */                             wrap_krb5_db2_destroy,
+    /* db_get_age */                             wrap_krb5_db2_db_get_age,
+    /* db_set_option */                          wrap_krb5_db2_db_set_option,
+    /* db_lock */                                wrap_krb5_db2_db_lock,
+    /* db_unlock */                              wrap_krb5_db2_db_unlock,
+    /* db_get_principal */                       wrap_krb5_db2_db_get_principal,
+    /* db_free_principal */                      wrap_krb5_db2_db_free_principal,
+    /* db_put_principal */                       wrap_krb5_db2_db_put_principal,
+    /* db_delete_principal */                    wrap_krb5_db2_db_delete_principal,
+    /* db_iterate */                             wrap_krb5_db2_db_iterate,
+    /* db_create_policy */                       wrap_krb5_db2_create_policy,
+    /* db_get_policy */                          wrap_krb5_db2_get_policy,
+    /* db_put_policy */                          wrap_krb5_db2_put_policy,
+    /* db_iter_policy */                         wrap_krb5_db2_iter_policy,
+    /* db_delete_policy */                       wrap_krb5_db2_delete_policy,
+    /* db_free_policy */                         wrap_krb5_db2_free_policy,
+    /* db_supported_realms */                    NULL,
+    /* db_free_supported_realms */               NULL,
+    /* errcode_2_string */                       NULL,
+    /* release_errcode_string */                 NULL,
+    /* db_alloc */                               krb5_db2_alloc,
+    /* db_free */                                krb5_db2_free,
+    /* set_master_key */                         wrap_krb5_db2_set_master_key_ext,
+    /* get_master_key */                         wrap_krb5_db2_db_get_mkey,
+    /* set_master_key_list */                    wrap_krb5_db2_db_set_mkey_list,
+    /* get_master_key_list */                    wrap_krb5_db2_db_get_mkey_list,
+    /* blah blah blah */ 0,0,0,0,0,0,0,0,
+    /* promote_db */                             wrap_krb5_db2_promote_db,
+    0, 0,
+    /* invoke */                                 wrap_krb5_db2_invoke
 };
diff --git a/src/plugins/kdb/db2/deps b/src/plugins/kdb/db2/deps
index aa21fa6..8d80027 100644
--- a/src/plugins/kdb/db2/deps
+++ b/src/plugins/kdb/db2/deps
@@ -3,72 +3,107 @@
 #
 kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kdb_xdr.c kdb_xdr.h
 adb_openclose.so adb_openclose.po $(OUTPRE)adb_openclose.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(BUILDTOP)/lib/kdb/adb_err.h \
-  $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   adb_openclose.c policy_db.h
 adb_policy.so adb_policy.po $(OUTPRE)adb_policy.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \
-  $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h adb_policy.c policy_db.h
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h adb_policy.c policy_db.h
 kdb_db2.so kdb_db2.po $(OUTPRE)kdb_db2.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
   $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_db2.c kdb_db2.h kdb_xdr.h \
-  policy_db.h
+  $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_db2.c kdb_db2.h \
+  kdb_xdr.h policy_db.h
+kdb_ext.so kdb_ext.po $(OUTPRE)kdb_ext.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  kdb_db2.h kdb_ext.c policy_db.h
 pol_xdr.so pol_xdr.po $(OUTPRE)pol_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/lib/kdb/adb_err.h \
-  $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h pol_xdr.c policy_db.h
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h pol_xdr.c policy_db.h
 db2_exp.so db2_exp.po $(OUTPRE)db2_exp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
   $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h db2_exp.c kdb_db2.h kdb_xdr.h \
+  $(srcdir)/../../../lib/kdb/kdb5.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h db2_exp.c kdb_db2.h \
+  kdb_xdr.h policy_db.h
+lockout.so lockout.po $(OUTPRE)lockout.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
+  $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/admin_internal.h \
+  $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
+  $(BUILDTOP)/include/kadm5/server_internal.h $(BUILDTOP)/include/krb5/krb5.h \
+  $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
+  $(BUILDTOP)/lib/kdb/adb_err.h $(COM_ERR_DEPS) $(DB_DEPS) \
+  $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb_db2.h lockout.c \
   policy_db.h
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
index 363a1f3..50d427e 100644
--- a/src/plugins/kdb/db2/kdb_db2.c
+++ b/src/plugins/kdb/db2/kdb_db2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_db2.c
  *
@@ -130,8 +131,8 @@ static char default_db_name[] = DEFAULT_KDB_FILE;
 /*
  * Routines to deal with context.
  */
-#define	k5db2_inited(c)	(c && c->dal_handle \
-			 && c->dal_handle->db_context \
+#define k5db2_inited(c) (c && c->dal_handle                             \
+                         && c->dal_handle->db_context                   \
                          && ((krb5_db2_context *) c->dal_handle->db_context)->db_inited)
 
 static krb5_error_code
@@ -139,23 +140,23 @@ krb5_db2_get_db_opt(char *input, char **opt, char **val)
 {
     char   *pos = strchr(input, '=');
     if (pos == NULL) {
-	*opt = NULL;
-	*val = strdup(input);
-	if (*val == NULL) {
-	    return ENOMEM;
-	}
+        *opt = NULL;
+        *val = strdup(input);
+        if (*val == NULL) {
+            return ENOMEM;
+        }
     } else {
-	*opt = malloc((pos - input) + 1);
-	*val = strdup(pos + 1);
-	if (!*opt || !*val) {
-	    free(*opt);
-	    *opt = NULL;
-	    free(*val);
-	    *val = NULL;
-	    return ENOMEM;
-	}
-	memcpy(*opt, input, pos - input);
-	(*opt)[pos - input] = '\0';
+        *opt = malloc((pos - input) + 1);
+        *val = strdup(pos + 1);
+        if (!*opt || !*val) {
+            free(*opt);
+            *opt = NULL;
+            free(*val);
+            *val = NULL;
+            return ENOMEM;
+        }
+        memcpy(*opt, input, pos - input);
+        (*opt)[pos - input] = '\0';
     }
     return (0);
 
@@ -172,9 +173,9 @@ k5db2_clear_context(krb5_db2_context *dbctx)
      * are the caller's problem.
      */
     if (dbctx->db_lf_name)
-	free(dbctx->db_lf_name);
+        free(dbctx->db_lf_name);
     if (dbctx->db_name && (dbctx->db_name != default_db_name))
-	free(dbctx->db_name);
+        free(dbctx->db_name);
     /*
      * Clear the structure and reset the defaults.
      */
@@ -193,14 +194,14 @@ k5db2_init_context(krb5_context context)
     dal_handle = context->dal_handle;
 
     if (dal_handle->db_context == NULL) {
-	db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
-	if (db_ctx == NULL)
-	    return ENOMEM;
-	else {
-	    memset(db_ctx, 0, sizeof(krb5_db2_context));
-	    k5db2_clear_context((krb5_db2_context *) db_ctx);
-	    dal_handle->db_context = (void *) db_ctx;
-	}
+        db_ctx = (krb5_db2_context *) malloc(sizeof(krb5_db2_context));
+        if (db_ctx == NULL)
+            return ENOMEM;
+        else {
+            memset(db_ctx, 0, sizeof(krb5_db2_context));
+            k5db2_clear_context((krb5_db2_context *) db_ctx);
+            dal_handle->db_context = (void *) db_ctx;
+        }
     }
     return (0);
 }
@@ -215,10 +216,10 @@ gen_dbsuffix(char *db_name, char *sfx)
     char   *dbsuffix;
 
     if (sfx == NULL)
-	return ((char *) NULL);
+        return ((char *) NULL);
 
     if (asprintf(&dbsuffix, "%s%s", db_name, sfx) < 0)
-	return (0);
+        return (0);
     return dbsuffix;
 }
 
@@ -237,14 +238,14 @@ k5db2_dbopen(krb5_db2_context *dbc, char *fname, int flags, int mode, int tempdb
     bti.prefix = NULL;
 
     if (tempdb) {
-	fname = gen_dbsuffix(fname, "~");
+        fname = gen_dbsuffix(fname, "~");
     } else {
-	fname = strdup(fname);
+        fname = strdup(fname);
     }
     if (fname == NULL)
     {
-	errno = ENOMEM;
-	return NULL;
+        errno = ENOMEM;
+        return NULL;
     }
 
 
@@ -256,25 +257,25 @@ k5db2_dbopen(krb5_db2_context *dbc, char *fname, int flags, int mode, int tempdb
     hashi.nelem = 1;
 
     db = dbopen(fname, flags, mode,
-		dbc->hashfirst ? DB_HASH : DB_BTREE,
-		dbc->hashfirst ? (void *) &hashi : (void *) &bti);
+                dbc->hashfirst ? DB_HASH : DB_BTREE,
+                dbc->hashfirst ? (void *) &hashi : (void *) &bti);
     if (db != NULL) {
-	free(fname);
-	return db;
+        free(fname);
+        return db;
     }
     switch (errno) {
 #ifdef EFTYPE
     case EFTYPE:
 #endif
     case EINVAL:
-	db = dbopen(fname, flags, mode,
-		    dbc->hashfirst ? DB_BTREE : DB_HASH,
-		    dbc->hashfirst ? (void *) &bti : (void *) &hashi);
-	if (db != NULL)
-	    dbc->hashfirst = !dbc->hashfirst;
+        db = dbopen(fname, flags, mode,
+                    dbc->hashfirst ? DB_BTREE : DB_HASH,
+                    dbc->hashfirst ? (void *) &bti : (void *) &hashi);
+        if (db != NULL)
+            dbc->hashfirst = !dbc->hashfirst;
     default:
-	free(fname);
-	return db;
+        free(fname);
+        return db;
     }
 }
 
@@ -285,7 +286,7 @@ krb5_db2_db_set_hashfirst(krb5_context context, int hashfirst)
     kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
     dal_handle = context->dal_handle;
     dbc = (krb5_db2_context *) dal_handle->db_context;
     dbc->hashfirst = hashfirst;
@@ -306,51 +307,50 @@ krb5_db2_db_init(krb5_context context)
     char    policy_db_name[1024], policy_lock_name[1024];
 
     if (k5db2_inited(context))
-	return 0;
+        return 0;
 
     /* Check for presence of our context, if not present, allocate one. */
     if ((retval = k5db2_init_context(context)))
-	return (retval);
+        return (retval);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     db_ctx->db = NULL;
 
     if (!(filename = gen_dbsuffix(db_ctx->db_name, db_ctx->tempdb
-				  ?KDB2_TEMP_LOCK_EXT:KDB2_LOCK_EXT)))
-	return ENOMEM;
-    db_ctx->db_lf_name = filename;	/* so it gets freed by clear_context */
+                                  ?KDB2_TEMP_LOCK_EXT:KDB2_LOCK_EXT)))
+        return ENOMEM;
+    db_ctx->db_lf_name = filename;      /* so it gets freed by clear_context */
 
     /*
      * should be opened read/write so that write locking can work with
      * POSIX systems
      */
     if ((db_ctx->db_lf_file = open(filename, O_RDWR, 0666)) < 0) {
-	if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
-	    retval = errno;
-	    goto err_out;
-	}
+        if ((db_ctx->db_lf_file = open(filename, O_RDONLY, 0666)) < 0) {
+            retval = errno;
+            goto err_out;
+        }
     }
     set_cloexec_fd(db_ctx->db_lf_file);
     db_ctx->db_inited++;
 
     if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time)))
-	goto err_out;
+        goto err_out;
 
-    snprintf(policy_db_name, sizeof(policy_db_name),
-	     db_ctx->tempdb ? "%s~.kadm5" : "%s.kadm5",
-	     db_ctx->db_name);
+    snprintf(policy_db_name, sizeof(policy_db_name), "%s%s.kadm5",
+             db_ctx->db_name, db_ctx->tempdb ? "~" : "");
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-	     "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     if ((retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name,
-				  policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
+                                  policy_lock_name, OSA_ADB_POLICY_DB_MAGIC)))
     {
-	goto err_out;
+        goto err_out;
     }
     return 0;
 
-  err_out:
+err_out:
     db_ctx->db = NULL;
     k5db2_clear_context(db_ctx);
     return (retval);
@@ -369,28 +369,28 @@ krb5_db2_db_fini(krb5_context context)
 
     dal_handle = context->dal_handle;
     if (dal_handle == NULL) {
-	return 0;
+        return 0;
     }
 
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if (k5db2_inited(context)) {
-	if (close(db_ctx->db_lf_file))
-	    retval = errno;
-	else
-	    retval = 0;
+        if (close(db_ctx->db_lf_file))
+            retval = errno;
+        else
+            retval = 0;
     }
     if (db_ctx) {
-	if (db_ctx->policy_db) {
-	    retval =
-		osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC);
-	    if (retval)
-		return retval;
-	}
+        if (db_ctx->policy_db) {
+            retval =
+                osa_adb_fini_db(db_ctx->policy_db, OSA_ADB_POLICY_DB_MAGIC);
+            if (retval)
+                return retval;
+        }
 
-	k5db2_clear_context(db_ctx);
-	/*      free(dal_handle->db_context); */
-	dal_handle->db_context = NULL;
+        k5db2_clear_context(db_ctx);
+        /*      free(dal_handle->db_context); */
+        dal_handle->db_context = NULL;
     }
     return retval;
 }
@@ -405,7 +405,7 @@ krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -420,7 +420,7 @@ krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -436,7 +436,7 @@ krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -451,7 +451,7 @@ krb5_db2_db_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
@@ -478,21 +478,21 @@ krb5_db2_db_set_name(krb5_context context, char *name, int tempdb)
     kdb5_dal_handle *dal_handle;
 
     if (k5db2_inited(context))
-	return KRB5_KDB_DBINITED;
+        return KRB5_KDB_DBINITED;
 
     /* Check for presence of our context, if not present, allocate one. */
     if ((kret = k5db2_init_context(context)))
-	return (kret);
+        return (kret);
 
     if (name == NULL)
-	name = default_db_name;
+        name = default_db_name;
 
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     db_ctx->tempdb = tempdb;
     db = k5db2_dbopen(db_ctx, name, O_RDONLY, 0, tempdb);
     if (db == NULL)
-	return errno;
+        return errno;
 
     db_ctx->db_name = strdup(name);
     (*db->close) (db);
@@ -513,14 +513,14 @@ krb5_db2_db_get_age(krb5_context context, char *db_name, time_t *age)
     struct stat st;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if (fstat(db_ctx->db_lf_file, &st) < 0)
-	*age = -1;
+        *age = -1;
     else
-	*age = st.st_mtime;
+        *age = st.st_mtime;
     return 0;
 }
 
@@ -549,29 +549,29 @@ krb5_db2_db_end_update(krb5_context context)
     struct utimbuf utbuf;
 
     if (!k5db2_inited(context))
-	return (KRB5_KDB_DBNOTINITED);
+        return (KRB5_KDB_DBNOTINITED);
 
     retval = 0;
     dal_handle = context->dal_handle;
     db_ctx = dal_handle->db_context;
     now = time((time_t *) NULL);
     if (fstat(db_ctx->db_lf_file, &st) == 0) {
-	if (st.st_mtime >= now) {
-	    utbuf.actime = st.st_mtime + 1;
-	    utbuf.modtime = st.st_mtime + 1;
-	    if (utime(db_ctx->db_lf_name, &utbuf))
-		retval = errno;
-	} else {
-	    if (utime(db_ctx->db_lf_name, (struct utimbuf *) NULL))
-		retval = errno;
-	}
+        if (st.st_mtime >= now) {
+            utbuf.actime = st.st_mtime + 1;
+            utbuf.modtime = st.st_mtime + 1;
+            if (utime(db_ctx->db_lf_name, &utbuf))
+                retval = errno;
+        } else {
+            if (utime(db_ctx->db_lf_name, (struct utimbuf *) NULL))
+                retval = errno;
+        }
     } else
-	retval = errno;
+        retval = errno;
     if (!retval) {
-	if (fstat(db_ctx->db_lf_file, &st) == 0)
-	    db_ctx->db_lf_time = st.st_mtime;
-	else
-	    retval = errno;
+        if (fstat(db_ctx->db_lf_file, &st) == 0)
+            db_ctx->db_lf_time = st.st_mtime;
+        else
+            retval = errno;
     }
     return (retval);
 }
@@ -591,76 +591,76 @@ krb5_db2_db_lock(krb5_context context, int in_mode)
 
     switch (in_mode) {
     case KRB5_DB_LOCKMODE_PERMANENT:
-	mode = KRB5_DB_LOCKMODE_EXCLUSIVE;
-	break;
+        mode = KRB5_DB_LOCKMODE_EXCLUSIVE;
+        break;
     case KRB5_DB_LOCKMODE_EXCLUSIVE:
-	mode = KRB5_LOCKMODE_EXCLUSIVE;
-	break;
+        mode = KRB5_LOCKMODE_EXCLUSIVE;
+        break;
 
     case KRB5_DB_LOCKMODE_SHARED:
-	mode = KRB5_LOCKMODE_SHARED;
-	break;
+        mode = KRB5_LOCKMODE_SHARED;
+        break;
     default:
-	return EINVAL;
+        return EINVAL;
     }
 
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if (db_ctx->db_locks_held && (db_ctx->db_lock_mode >= mode)) {
-	/* No need to upgrade lock, just return */
-	db_ctx->db_locks_held++;
-	goto policy_lock;
+        /* No need to upgrade lock, just return */
+        db_ctx->db_locks_held++;
+        goto policy_lock;
     }
 
     if ((mode != KRB5_LOCKMODE_SHARED) && (mode != KRB5_LOCKMODE_EXCLUSIVE))
-	return KRB5_KDB_BADLOCKMODE;
+        return KRB5_KDB_BADLOCKMODE;
 
     krb5_lock_mode = mode | KRB5_LOCKMODE_DONTBLOCK;
     for (gotlock = tries = 0; tries < MAX_LOCK_TRIES; tries++) {
-	retval = krb5_lock_file(context, db_ctx->db_lf_file, krb5_lock_mode);
-	if (retval == 0) {
-	    gotlock++;
-	    break;
-	} else if (retval == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
-	    /* tried to exclusive-lock something we don't have */
-	    /* write access to */
-	    return KRB5_KDB_CANTLOCK_DB;
-	sleep(1);
+        retval = krb5_lock_file(context, db_ctx->db_lf_file, krb5_lock_mode);
+        if (retval == 0) {
+            gotlock++;
+            break;
+        } else if (retval == EBADF && mode == KRB5_DB_LOCKMODE_EXCLUSIVE)
+            /* tried to exclusive-lock something we don't have */
+            /* write access to */
+            return KRB5_KDB_CANTLOCK_DB;
+        sleep(1);
     }
     if (retval == EACCES)
-	return KRB5_KDB_CANTLOCK_DB;
+        return KRB5_KDB_CANTLOCK_DB;
     else if (retval == EAGAIN || retval == EWOULDBLOCK)
-	return OSA_ADB_CANTLOCK_DB;
+        return OSA_ADB_CANTLOCK_DB;
     else if (retval != 0)
-	return retval;
+        return retval;
 
     if ((retval = krb5_db2_db_get_age(context, NULL, &mod_time)))
-	goto lock_error;
+        goto lock_error;
 
     db = k5db2_dbopen(db_ctx, db_ctx->db_name,
-		      mode == KRB5_LOCKMODE_SHARED ? O_RDONLY : O_RDWR, 0600, db_ctx->tempdb);
+                      mode == KRB5_LOCKMODE_SHARED ? O_RDONLY : O_RDWR, 0600, db_ctx->tempdb);
     if (db) {
-	db_ctx->db_lf_time = mod_time;
-	db_ctx->db = db;
+        db_ctx->db_lf_time = mod_time;
+        db_ctx->db = db;
     } else {
-	retval = errno;
-	db_ctx->db = NULL;
-	goto lock_error;
+        retval = errno;
+        db_ctx->db = NULL;
+        goto lock_error;
     }
 
     db_ctx->db_lock_mode = mode;
     db_ctx->db_locks_held++;
 
-  policy_lock:
+policy_lock:
     if ((retval = osa_adb_get_lock(db_ctx->policy_db, in_mode))) {
-	krb5_db2_db_unlock(context);
+        krb5_db2_db_unlock(context);
     }
     return retval;
 
-  lock_error:;
+lock_error:;
     db_ctx->db_lock_mode = 0;
     db_ctx->db_locks_held = 0;
     krb5_db2_db_unlock(context);
@@ -676,26 +676,26 @@ krb5_db2_db_unlock(krb5_context context)
     krb5_error_code retval;
 
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     if ((retval = osa_adb_release_lock(db_ctx->policy_db))) {
-	return retval;
+        return retval;
     }
 
-    if (!db_ctx->db_locks_held)	/* lock already unlocked */
-	return KRB5_KDB_NOTLOCKED;
+    if (!db_ctx->db_locks_held) /* lock already unlocked */
+        return KRB5_KDB_NOTLOCKED;
     db = db_ctx->db;
     if (--(db_ctx->db_locks_held) == 0) {
-	(*db->close) (db);
-	db_ctx->db = NULL;
+        (*db->close) (db);
+        db_ctx->db = NULL;
 
-	retval = krb5_lock_file(context, db_ctx->db_lf_file,
-				KRB5_LOCKMODE_UNLOCK);
-	db_ctx->db_lock_mode = 0;
-	return (retval);
+        retval = krb5_lock_file(context, db_ctx->db_lf_file,
+                                KRB5_LOCKMODE_UNLOCK);
+        db_ctx->db_lock_mode = 0;
+        return (retval);
     }
     return 0;
 }
@@ -716,49 +716,49 @@ krb5_db2_db_create(krb5_context context, char *db_name, krb5_int32 flags)
     char    policy_db_name[1024], policy_lock_name[1024];
 
     if ((retval = k5db2_init_context(context)))
-	return (retval);
+        return (retval);
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     switch (flags) {
     case KRB5_KDB_CREATE_HASH:
-	if ((retval = krb5_db2_db_set_hashfirst(context, TRUE)))
-	    return retval;
-	break;
+        if ((retval = krb5_db2_db_set_hashfirst(context, TRUE)))
+            return retval;
+        break;
     case KRB5_KDB_CREATE_BTREE:
     case 0:
-	if ((retval = krb5_db2_db_set_hashfirst(context, FALSE)))
-	    return retval;
-	break;
+        if ((retval = krb5_db2_db_set_hashfirst(context, FALSE)))
+            return retval;
+        break;
     default:
-	return KRB5_KDB_BAD_CREATEFLAGS;
+        return KRB5_KDB_BAD_CREATEFLAGS;
     }
     db = k5db2_dbopen(db_ctx, db_name, O_RDWR | O_CREAT | O_EXCL, 0600, db_ctx->tempdb);
     if (db == NULL)
-	return errno;
+        return errno;
     (*db->close) (db);
 
     db_name2 = db_ctx->tempdb ? gen_dbsuffix(db_name, "~") : strdup(db_name);
     if (db_name2 == NULL)
-	return ENOMEM;
+        return ENOMEM;
     okname = gen_dbsuffix(db_name2, KDB2_LOCK_EXT);
     if (!okname)
-	retval = ENOMEM;
+        retval = ENOMEM;
     else {
-	fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
-	if (fd < 0)
-	    retval = errno;
-	else
-	    close(fd);
-	free_dbsuffix(okname);
+        fd = open(okname, O_CREAT | O_RDWR | O_TRUNC, 0600);
+        if (fd < 0)
+            retval = errno;
+        else
+            close(fd);
+        free_dbsuffix(okname);
     }
 
     snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", db_name2);
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-	     "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     retval = osa_adb_create_db(policy_db_name,
-			       policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+                               policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
     free(db_name2);
     return retval;
 }
@@ -772,7 +772,7 @@ destroy_file_suffix(char *dbname, char *suffix)
     char   *filename;
     struct stat statb;
     int     nb, fd;
-    int	    j;
+    int     j;
     off_t   pos;
     char    buf[BUFSIZ];
     char    zbuf[BUFSIZ];
@@ -780,19 +780,19 @@ destroy_file_suffix(char *dbname, char *suffix)
 
     filename = gen_dbsuffix(dbname, suffix);
     if (filename == 0)
-	return ENOMEM;
+        return ENOMEM;
     if ((fd = open(filename, O_RDWR, 0)) < 0) {
-	free(filename);
-	return errno;
+        free(filename);
+        return errno;
     }
     set_cloexec_fd(fd);
     /* fstat() will probably not fail unless using a remote filesystem
      * (which is inappropriate for the kerberos database) so this check
      * is mostly paranoia.  */
     if (fstat(fd, &statb) == -1) {
-	int     retval = errno;
-	free(filename);
-	return retval;
+        int     retval = errno;
+        free(filename);
+        return retval;
     }
     /*
      * Stroll through the file, reading in BUFSIZ chunks.  If everything
@@ -805,31 +805,31 @@ destroy_file_suffix(char *dbname, char *suffix)
     memset(zbuf, 0, BUFSIZ);
     pos = 0;
     while (pos < statb.st_size) {
-	dowrite = 0;
-	nb = read(fd, buf, BUFSIZ);
-	if (nb < 0) {
-	    int     retval = errno;
-	    free(filename);
-	    return retval;
-	}
-	for (j = 0; j < nb; j++) {
-	    if (buf[j] != '\0') {
-		dowrite = 1;
-		break;
-	    }
-	}
-	/* For signedness */
-	j = nb;
-	if (dowrite) {
-	    lseek(fd, pos, SEEK_SET);
-	    nb = write(fd, zbuf, j);
-	    if (nb < 0) {
-		int     retval = errno;
-		free(filename);
-		return retval;
-	    }
-	}
-	pos += nb;
+        dowrite = 0;
+        nb = read(fd, buf, BUFSIZ);
+        if (nb < 0) {
+            int     retval = errno;
+            free(filename);
+            return retval;
+        }
+        for (j = 0; j < nb; j++) {
+            if (buf[j] != '\0') {
+                dowrite = 1;
+                break;
+            }
+        }
+        /* For signedness */
+        j = nb;
+        if (dowrite) {
+            lseek(fd, pos, SEEK_SET);
+            nb = write(fd, zbuf, j);
+            if (nb < 0) {
+                int     retval = errno;
+                free(filename);
+                return retval;
+            }
+        }
+        pos += nb;
     }
     /* ??? Is fsync really needed?  I don't know of any non-networked
      * filesystem which will discard queued writes to disk if a file
@@ -840,8 +840,8 @@ destroy_file_suffix(char *dbname, char *suffix)
     close(fd);
 
     if (unlink(filename)) {
-	free(filename);
-	return (errno);
+        free(filename);
+        return (errno);
     }
     free(filename);
     return (0);
@@ -866,10 +866,10 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
 
     tmpcontext = 0;
     if (!context->dal_handle
-	|| !context->dal_handle->db_context) {
-	tmpcontext = 1;
-	if ((retval1 = k5db2_init_context(context)))
-	    return (retval1);
+        || !context->dal_handle->db_context) {
+        tmpcontext = 1;
+        if ((retval1 = k5db2_init_context(context)))
+            return (retval1);
     }
 
     retval1 = retval2 = 0;
@@ -877,20 +877,20 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
     retval2 = destroy_file_suffix(dbname, KDB2_LOCK_EXT);
 
     if (tmpcontext) {
-	k5db2_clear_context((krb5_db2_context *) context->dal_handle->db_context);
-	free(context->dal_handle->db_context);
-	context->dal_handle->db_context = NULL;
+        k5db2_clear_context((krb5_db2_context *) context->dal_handle->db_context);
+        free(context->dal_handle->db_context);
+        context->dal_handle->db_context = NULL;
     }
 
     if (retval1 || retval2)
-	return (retval1 ? retval1 : retval2);
+        return (retval1 ? retval1 : retval2);
 
     snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", dbname);
     snprintf(policy_lock_name, sizeof(policy_lock_name),
-	     "%s.lock", policy_db_name);
+             "%s.lock", policy_db_name);
 
     retval1 = osa_adb_destroy_db(policy_db_name,
-				 policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
+                                 policy_lock_name, OSA_ADB_POLICY_DB_MAGIC);
 
     return retval1;
 }
@@ -903,10 +903,10 @@ krb5_db2_db_destroy(krb5_context context, char *dbname)
 
 krb5_error_code
 krb5_db2_db_get_principal(krb5_context context,
-			  krb5_const_principal searchfor,
-			  krb5_db_entry *entries, /* filled in */
-			  int *nentries, /* how much room/how many found */
-			  krb5_boolean *more) /* are there more? */
+                          krb5_const_principal searchfor,
+                          krb5_db_entry *entries, /* filled in */
+                          int *nentries, /* how much room/how many found */
+                          krb5_boolean *more) /* are there more? */
 {
     krb5_db2_context *db_ctx;
     krb5_error_code retval;
@@ -920,27 +920,27 @@ krb5_db2_db_get_principal(krb5_context context,
     *nentries = 0;
 
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     for (trynum = 0; trynum < KRB5_DB2_MAX_RETRY; trynum++) {
-	if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
-	    if (db_ctx->db_nb_locks)
-		return (retval);
-	    sleep(1);
-	    continue;
-	}
-	break;
+        if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED))) {
+            if (db_ctx->db_nb_locks)
+                return (retval);
+            sleep(1);
+            continue;
+        }
+        break;
     }
     if (trynum == KRB5_DB2_MAX_RETRY)
-	return KRB5_KDB_DB_INUSE;
+        return KRB5_KDB_DB_INUSE;
 
     /* XXX deal with wildcard lookups */
     retval = krb5_encode_princ_dbkey(context, &keydata, searchfor);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     key.data = keydata.data;
     key.size = keydata.length;
 
@@ -950,35 +950,35 @@ krb5_db2_db_get_principal(krb5_context context,
     krb5_free_data_contents(context, &keydata);
     switch (dbret) {
     case 1:
-	retval = 0;
+        retval = 0;
     case -1:
     default:
-	*nentries = 0;
-	goto cleanup;
+        *nentries = 0;
+        goto cleanup;
     case 0:
-	contdata.data = contents.data;
-	contdata.length = contents.size;
-	retval = krb5_decode_princ_contents(context, &contdata, entries);
-	if (!retval)
-	    *nentries = 1;
-	break;
+        contdata.data = contents.data;
+        contdata.length = contents.size;
+        retval = krb5_decode_princ_contents(context, &contdata, entries);
+        if (!retval)
+            *nentries = 1;
+        break;
     }
 
-  cleanup:
-    (void) krb5_db2_db_unlock(context);	/* unlock read lock */
+cleanup:
+    (void) krb5_db2_db_unlock(context); /* unlock read lock */
     return retval;
 }
 
 /*
   Free stuff returned by krb5_db2_db_get_principal.
- */
+*/
 krb5_error_code
 krb5_db2_db_free_principal(krb5_context context, krb5_db_entry *entries,
-			   int nentries)
+                           int nentries)
 {
     register int i;
     for (i = 0; i < nentries; i++)
-	krb5_dbe_free_contents(context, &entries[i]);
+        krb5_dbe_free_contents(context, &entries[i]);
     return 0;
 }
 
@@ -990,13 +990,13 @@ krb5_db2_db_free_principal(krb5_context context, krb5_db_entry *entries,
   acutally stored; the first *"nstored" records will have been stored in the
   database (even if an error occurs).
 
- */
+*/
 
 krb5_error_code
 krb5_db2_db_put_principal(krb5_context context,
-			  krb5_db_entry *entries,
-			  int *nentries, /* number of entry structs to update */
-			  char **db_args)
+                          krb5_db_entry *entries,
+                          int *nentries, /* number of entry structs to update */
+                          char **db_args)
 {
     int     i, n, dbret;
     DB     *db;
@@ -1008,55 +1008,55 @@ krb5_db2_db_put_principal(krb5_context context,
 
     krb5_clear_error_message (context);
     if (db_args) {
-	/* DB2 does not support db_args DB arguments for principal */
-	krb5_set_error_message(context, EINVAL,
-			       "Unsupported argument \"%s\" for db2",
-			       db_args[0]);
-	return EINVAL;
+        /* DB2 does not support db_args DB arguments for principal */
+        krb5_set_error_message(context, EINVAL,
+                               "Unsupported argument \"%s\" for db2",
+                               db_args[0]);
+        return EINVAL;
     }
 
     n = *nentries;
     *nentries = 0;
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-	return retval;
+        return retval;
 
     db = db_ctx->db;
     if ((retval = krb5_db2_db_start_update(context))) {
-	(void) krb5_db2_db_unlock(context);
-	return retval;
+        (void) krb5_db2_db_unlock(context);
+        return retval;
     }
 
     /* for each one, stuff temps, and do replace/append */
     for (i = 0; i < n; i++) {
-	retval = krb5_encode_princ_contents(context, &contdata, entries);
-	if (retval)
-	    break;
-	contents.data = contdata.data;
-	contents.size = contdata.length;
-	retval = krb5_encode_princ_dbkey(context, &keydata, entries->princ);
-	if (retval) {
-	    krb5_free_data_contents(context, &contdata);
-	    break;
-	}
-
-	key.data = keydata.data;
-	key.size = keydata.length;
-	dbret = (*db->put) (db, &key, &contents, 0);
-	retval = dbret ? errno : 0;
-	krb5_free_data_contents(context, &keydata);
-	krb5_free_data_contents(context, &contdata);
-	if (retval)
-	    break;
-	entries++;		/* bump to next struct */
+        retval = krb5_encode_princ_contents(context, &contdata, entries);
+        if (retval)
+            break;
+        contents.data = contdata.data;
+        contents.size = contdata.length;
+        retval = krb5_encode_princ_dbkey(context, &keydata, entries->princ);
+        if (retval) {
+            krb5_free_data_contents(context, &contdata);
+            break;
+        }
+
+        key.data = keydata.data;
+        key.size = keydata.length;
+        dbret = (*db->put) (db, &key, &contents, 0);
+        retval = dbret ? errno : 0;
+        krb5_free_data_contents(context, &keydata);
+        krb5_free_data_contents(context, &contdata);
+        if (retval)
+            break;
+        entries++;              /* bump to next struct */
     }
 
     (void) krb5_db2_db_end_update(context);
-    (void) krb5_db2_db_unlock(context);	/* unlock database */
+    (void) krb5_db2_db_unlock(context); /* unlock database */
     *nentries = i;
     return (retval);
 }
@@ -1068,8 +1068,8 @@ krb5_db2_db_put_principal(krb5_context context,
 
 krb5_error_code
 krb5_db2_db_delete_principal(krb5_context context,
-			     krb5_const_principal searchfor,
-			     int *nentries) /* how many found & deleted */
+                             krb5_const_principal searchfor,
+                             int *nentries) /* how many found & deleted */
 {
     krb5_error_code retval;
     krb5_db_entry entry;
@@ -1081,20 +1081,20 @@ krb5_db2_db_delete_principal(krb5_context context,
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-	return (retval);
+        return (retval);
 
     if ((retval = krb5_db2_db_start_update(context))) {
-	(void) krb5_db2_db_unlock(context);	/* unlock write lock */
-	return (retval);
+        (void) krb5_db2_db_unlock(context);     /* unlock write lock */
+        return (retval);
     }
 
     if ((retval = krb5_encode_princ_dbkey(context, &keydata, searchfor)))
-	goto cleanup;
+        goto cleanup;
     key.data = keydata.data;
     key.size = keydata.length;
 
@@ -1103,34 +1103,34 @@ krb5_db2_db_delete_principal(krb5_context context,
     retval = errno;
     switch (dbret) {
     case 1:
-	retval = KRB5_KDB_NOENTRY;
+        retval = KRB5_KDB_NOENTRY;
     case -1:
     default:
-	*nentries = 0;
-	goto cleankey;
+        *nentries = 0;
+        goto cleankey;
     case 0:
-	;
+        ;
     }
     memset(&entry, 0, sizeof(entry));
     contdata.data = contents.data;
     contdata.length = contents.size;
     retval = krb5_decode_princ_contents(context, &contdata, &entry);
     if (retval)
-	goto cleankey;
+        goto cleankey;
     *nentries = 1;
 
     /* Clear encrypted key contents */
     for (i = 0; i < entry.n_key_data; i++) {
-	if (entry.key_data[i].key_data_length[0]) {
-	    memset(entry.key_data[i].key_data_contents[0], 0,
-		   (unsigned) entry.key_data[i].key_data_length[0]);
-	}
+        if (entry.key_data[i].key_data_length[0]) {
+            memset(entry.key_data[i].key_data_contents[0], 0,
+                   (unsigned) entry.key_data[i].key_data_length[0]);
+        }
     }
 
     retval = krb5_encode_princ_contents(context, &contdata, &entry);
     krb5_dbe_free_contents(context, &entry);
     if (retval)
-	goto cleankey;
+        goto cleankey;
 
     contents.data = contdata.data;
     contents.size = contdata.length;
@@ -1138,23 +1138,23 @@ krb5_db2_db_delete_principal(krb5_context context,
     retval = dbret ? errno : 0;
     krb5_free_data_contents(context, &contdata);
     if (retval)
-	goto cleankey;
+        goto cleankey;
     dbret = (*db->del) (db, &key, 0);
     retval = dbret ? errno : 0;
-  cleankey:
+cleankey:
     krb5_free_data_contents(context, &keydata);
 
-  cleanup:
+cleanup:
     (void) krb5_db2_db_end_update(context);
-    (void) krb5_db2_db_unlock(context);	/* unlock write lock */
+    (void) krb5_db2_db_unlock(context); /* unlock write lock */
     return retval;
 }
 
 krb5_error_code
 krb5_db2_db_iterate_ext(krb5_context context,
-			krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
-			krb5_pointer func_arg,
-			int backwards, int recursive)
+                        krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
+                        krb5_pointer func_arg,
+                        int backwards, int recursive)
 {
     krb5_db2_context *db_ctx;
     DB     *db;
@@ -1168,75 +1168,75 @@ krb5_db2_db_iterate_ext(krb5_context context,
 
     cookie = NULL;
     if (!k5db2_inited(context))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = context->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
     retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_SHARED);
 
     if (retval)
-	return retval;
+        return retval;
 
     db = db_ctx->db;
     if (recursive && db->type != DB_BTREE) {
-	(void) krb5_db2_db_unlock(context);
-	return KRB5_KDB_UK_RERROR;	/* Not optimal, but close enough. */
+        (void) krb5_db2_db_unlock(context);
+        return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
     }
 
     if (!recursive) {
-	dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST);
+        dbret = (*db->seq) (db, &key, &contents, backwards ? R_LAST : R_FIRST);
     } else {
 #ifdef HAVE_BT_RSEQ
-	dbret = bt_rseq(db, &key, &contents, &cookie,
-			backwards ? R_LAST : R_FIRST);
+        dbret = bt_rseq(db, &key, &contents, &cookie,
+                        backwards ? R_LAST : R_FIRST);
 #else
-	(void) krb5_db2_db_unlock(context);
-	return KRB5_KDB_UK_RERROR;	/* Not optimal, but close enough. */
+        (void) krb5_db2_db_unlock(context);
+        return KRB5_KDB_UK_RERROR;      /* Not optimal, but close enough. */
 #endif
     }
     while (dbret == 0) {
-	krb5_error_code retval2;
-
-	contdata.data = contents.data;
-	contdata.length = contents.size;
-	retval = krb5_decode_princ_contents(context, &contdata, &entries);
-	if (retval)
-	    break;
-	retval = k5_mutex_unlock(krb5_db2_mutex);
-	if (retval)
-	    break;
-	retval = (*func) (func_arg, &entries);
-	krb5_dbe_free_contents(context, &entries);
-	retval2 = k5_mutex_lock(krb5_db2_mutex);
-	/* Note: If re-locking fails, the wrapper in db2_exp.c will
-	   still try to unlock it again.  That would be a bug.  Fix
-	   when integrating the locking better.  */
-	if (retval)
-	    break;
-	if (retval2) {
-	    retval = retval2;
-	    break;
-	}
-	if (!recursive) {
-	    dbret = (*db->seq) (db, &key, &contents,
-				backwards ? R_PREV : R_NEXT);
-	} else {
+        krb5_error_code retval2;
+
+        contdata.data = contents.data;
+        contdata.length = contents.size;
+        retval = krb5_decode_princ_contents(context, &contdata, &entries);
+        if (retval)
+            break;
+        retval = k5_mutex_unlock(krb5_db2_mutex);
+        if (retval)
+            break;
+        retval = (*func) (func_arg, &entries);
+        krb5_dbe_free_contents(context, &entries);
+        retval2 = k5_mutex_lock(krb5_db2_mutex);
+        /* Note: If re-locking fails, the wrapper in db2_exp.c will
+           still try to unlock it again.  That would be a bug.  Fix
+           when integrating the locking better.  */
+        if (retval)
+            break;
+        if (retval2) {
+            retval = retval2;
+            break;
+        }
+        if (!recursive) {
+            dbret = (*db->seq) (db, &key, &contents,
+                                backwards ? R_PREV : R_NEXT);
+        } else {
 #ifdef HAVE_BT_RSEQ
-	    dbret = bt_rseq(db, &key, &contents, &cookie,
-			    backwards ? R_PREV : R_NEXT);
+            dbret = bt_rseq(db, &key, &contents, &cookie,
+                            backwards ? R_PREV : R_NEXT);
 #else
-	    (void) krb5_db2_db_unlock(context);
-	    return KRB5_KDB_UK_RERROR;	/* Not optimal, but close enough. */
+            (void) krb5_db2_db_unlock(context);
+            return KRB5_KDB_UK_RERROR;  /* Not optimal, but close enough. */
 #endif
-	}
+        }
     }
     switch (dbret) {
     case 1:
     case 0:
-	break;
+        break;
     case -1:
     default:
-	retval = errno;
+        retval = errno;
     }
     (void) krb5_db2_db_unlock(context);
     return retval;
@@ -1244,9 +1244,9 @@ krb5_db2_db_iterate_ext(krb5_context context,
 
 krb5_error_code
 krb5_db2_db_iterate(krb5_context context,
-		    char *match_expr,
-		    krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
-		    krb5_pointer func_arg)
+                    char *match_expr,
+                    krb5_error_code(*func) (krb5_pointer, krb5_db_entry *),
+                    krb5_pointer func_arg)
 {
     return krb5_db2_db_iterate_ext(context, func, func_arg, 0, 0);
 }
@@ -1261,8 +1261,8 @@ krb5_db2_db_set_lockmode(krb5_context context, krb5_boolean mode)
     dal_handle = context->dal_handle;
     old = mode;
     if (dal_handle && (db_ctx = (krb5_db2_context *) dal_handle->db_context)) {
-	old = db_ctx->db_nb_locks;
-	db_ctx->db_nb_locks = mode;
+        old = db_ctx->db_nb_locks;
+        db_ctx->db_nb_locks = mode;
     }
     return old;
 }
@@ -1285,7 +1285,7 @@ krb5_db2_lib_cleanup()
 
 krb5_error_code
 krb5_db2_open(krb5_context kcontext,
-	      char *conf_section, char **db_args, int mode)
+              char *conf_section, char **db_args, int mode)
 {
     krb5_error_code status = 0;
     char  **t_ptr = db_args;
@@ -1295,75 +1295,75 @@ krb5_db2_open(krb5_context kcontext,
     krb5_clear_error_message (kcontext);
 
     if (k5db2_inited(kcontext))
-	return 0;
+        return 0;
 
     while (t_ptr && *t_ptr) {
-	char   *opt = NULL, *val = NULL;
-
-	krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-	if (opt && !strcmp(opt, "dbname")) {
-	    if (dbname) free(dbname);
-	    dbname = strdup(val);
-	    if (dbname == NULL) {
-		free(opt);
-		free(val);
-		return ENOMEM;
-	    }
-	}
-	else if (!opt && !strcmp(val, "temporary") ) {
-	    tempdb = 1;
-	}
-	else if (!opt && !strcmp(val, "merge_nra")) {
-	    ;
-	}
-	/* ignore hash argument. Might have been passed from create */
-	else if (!opt || strcmp(opt, "hash")) {
-	    krb5_set_error_message(kcontext, EINVAL,
-				   "Unsupported argument \"%s\" for db2",
-				   opt ? opt : val);
-	    free(opt);
-	    free(val);
-	    return EINVAL;
-	}
-
-	free(opt);
-	free(val);
-	t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            if (dbname) free(dbname);
+            dbname = strdup(val);
+            if (dbname == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary") ) {
+            tempdb = 1;
+        }
+        else if (!opt && !strcmp(val, "merge_nra")) {
+            ;
+        }
+        /* ignore hash argument. Might have been passed from create */
+        else if (!opt || strcmp(opt, "hash")) {
+            krb5_set_error_message(kcontext, EINVAL,
+                                   "Unsupported argument \"%s\" for db2",
+                                   opt ? opt : val);
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     if(dbname) {
-	status = krb5_db2_db_set_name(kcontext, dbname, tempdb);
-	free(dbname);
-	if (status) {
-	    goto clean_n_exit;
-	}
-	db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, dbname, tempdb);
+        free(dbname);
+        if (status) {
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-	char   *value = NULL;
-	status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,	/* under given conf section */
-				    NULL, &value);
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
+                                    NULL, &value);
 
-	if (value == NULL) {
-	    /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
-	    status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,	/* under given realm */
-					default_db_name, &value);
-	    if (status) {
-		goto clean_n_exit;
-	    }
-	}
+        if (value == NULL) {
+            /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
 
-	status = krb5_db2_db_set_name(kcontext, value, tempdb);
-	profile_release_string(value);
-	if (status) {
-	    goto clean_n_exit;
-	}
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (status) {
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_init(kcontext);
 
-  clean_n_exit:
+clean_n_exit:
     return status;
 }
 
@@ -1379,97 +1379,97 @@ krb5_db2_create(krb5_context kcontext, char *conf_section, char **db_args)
     krb5_clear_error_message (kcontext);
 
     if (k5db2_inited(kcontext))
-	return 0;
+        return 0;
 
     while (t_ptr && *t_ptr) {
-	char   *opt = NULL, *val = NULL;
-
-	krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-	if (opt && !strcmp(opt, "dbname")) {
-	    db_name = strdup(val);
-	    if (db_name == NULL) {
-		free(opt);
-		free(val);
-		return ENOMEM;
-	    }
-	}
-	else if (!opt && !strcmp(val, "temporary")) {
-	    tempdb = 1;
-	} else if (!opt && !strcmp(val, "merge_nra")) {
-	    ;
-	} else if (opt && !strcmp(opt, "hash")) {
-	    flags = KRB5_KDB_CREATE_HASH;
-	} else {
-	    krb5_set_error_message(kcontext, EINVAL,
-				   "Unsupported argument \"%s\" for db2",
-				   opt ? opt : val);
-	    free(opt);
-	    free(val);
-	    return EINVAL;
-	}
-
-	free(opt);
-	free(val);
-	t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            db_name = strdup(val);
+            if (db_name == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary")) {
+            tempdb = 1;
+        } else if (!opt && !strcmp(val, "merge_nra")) {
+            ;
+        } else if (opt && !strcmp(opt, "hash")) {
+            flags = KRB5_KDB_CREATE_HASH;
+        } else {
+            krb5_set_error_message(kcontext, EINVAL,
+                                   "Unsupported argument \"%s\" for db2",
+                                   opt ? opt : val);
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
     if (db_name) {
-	    status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
-	    if (!status) {
-		status = EEXIST;
-		goto clean_n_exit;
-	    }
-	    db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
+        if (!status) {
+            status = EEXIST;
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-	char   *value = NULL;
-	status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
-				    KDB_MODULE_SECTION, conf_section,
-				    /* under given conf section */
-				    KDB_DB2_DATABASE_NAME, NULL, &value);
-
-	if (value == NULL) {
-	    /* Special case for db2.  We might actually be looking at
-	     * old type config file where database is specified as
-	     * part of realm.  */
-	    status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
-					KDB_REALM_SECTION,
-					KRB5_DB_GET_REALM(kcontext),
-					/* under given realm */
-					KDB_DB2_DATABASE_NAME,
-					default_db_name, &value);
-	    if (status) {
-		goto clean_n_exit;
-	    }
-	}
-
-	db_name = strdup(value);
-	if (db_name == NULL) {
-	    status = ENOMEM;
-	    profile_release_string(value);
-	    goto clean_n_exit;
-	}
-	status = krb5_db2_db_set_name(kcontext, value, tempdb);
-	profile_release_string(value);
-	if (!status) {
-	    status = EEXIST;
-	    goto clean_n_exit;
-	}
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
+                                    KDB_MODULE_SECTION, conf_section,
+                                    /* under given conf section */
+                                    KDB_DB2_DATABASE_NAME, NULL, &value);
+
+        if (value == NULL) {
+            /* Special case for db2.  We might actually be looking at
+             * old type config file where database is specified as
+             * part of realm.  */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext),
+                                        KDB_REALM_SECTION,
+                                        KRB5_DB_GET_REALM(kcontext),
+                                        /* under given realm */
+                                        KDB_DB2_DATABASE_NAME,
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
+
+        db_name = strdup(value);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            profile_release_string(value);
+            goto clean_n_exit;
+        }
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (!status) {
+            status = EEXIST;
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_create(kcontext, db_name, flags);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
     /* db2 has a problem of needing to close and open the database again. This removes that need */
     status = krb5_db2_db_fini(kcontext);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
     status = krb5_db2_open(kcontext, conf_section, db_args, KRB5_KDB_OPEN_RW);
 
-  clean_n_exit:
+clean_n_exit:
     if (db_name)
-	free(db_name);
+        free(db_name);
     return status;
 }
 
@@ -1482,77 +1482,77 @@ krb5_db2_destroy(krb5_context kcontext, char *conf_section, char **db_args)
     char   *db_name = NULL;
 
     while (t_ptr && *t_ptr) {
-	char   *opt = NULL, *val = NULL;
-
-	krb5_db2_get_db_opt(*t_ptr, &opt, &val);
-	if (opt && !strcmp(opt, "dbname")) {
-	    db_name = strdup(val);
-	    if (db_name == NULL) {
-		free(opt);
-		free(val);
-		return ENOMEM;
-	    }
-	}
-	else if (!opt && !strcmp(val, "temporary")) {
-	    tempdb = 1;
-	}
-	/* ignore hash argument. Might have been passed from create */
-	else if (!opt || strcmp(opt, "hash")) {
-	    free(opt);
-	    free(val);
-	    return EINVAL;
-	}
-
-	free(opt);
-	free(val);
-	t_ptr++;
+        char   *opt = NULL, *val = NULL;
+
+        krb5_db2_get_db_opt(*t_ptr, &opt, &val);
+        if (opt && !strcmp(opt, "dbname")) {
+            db_name = strdup(val);
+            if (db_name == NULL) {
+                free(opt);
+                free(val);
+                return ENOMEM;
+            }
+        }
+        else if (!opt && !strcmp(val, "temporary")) {
+            tempdb = 1;
+        }
+        /* ignore hash argument. Might have been passed from create */
+        else if (!opt || strcmp(opt, "hash")) {
+            free(opt);
+            free(val);
+            return EINVAL;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     if (db_name) {
-	status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
-	if (status) {
-	    goto clean_n_exit;
-	}
-	db_name_set = 1;
+        status = krb5_db2_db_set_name(kcontext, db_name, tempdb);
+        if (status) {
+            goto clean_n_exit;
+        }
+        db_name_set = 1;
     }
     if (!db_name_set) {
-	char   *value = NULL;
-	status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,	/* under given conf section */
-				    NULL, &value);
-
-	if (value == NULL) {
-	    /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
-	    status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,	/* under given realm */
-					default_db_name, &value);
-	    if (status) {
-		goto clean_n_exit;
-	    }
-	}
-
-	db_name = strdup(value);
-	if (db_name == NULL) {
-	    status = ENOMEM;
-	    goto clean_n_exit;
-	}
-	status = krb5_db2_db_set_name(kcontext, value, tempdb);
-	profile_release_string(value);
-	if (status) {
-	    goto clean_n_exit;
-	}
+        char   *value = NULL;
+        status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_MODULE_SECTION, conf_section, KDB_DB2_DATABASE_NAME,     /* under given conf section */
+                                    NULL, &value);
+
+        if (value == NULL) {
+            /* special case for db2. We might actually be looking at old type config file where database is specified as part of realm */
+            status = profile_get_string(KRB5_DB_GET_PROFILE(kcontext), KDB_REALM_SECTION, KRB5_DB_GET_REALM(kcontext), KDB_DB2_DATABASE_NAME,   /* under given realm */
+                                        default_db_name, &value);
+            if (status) {
+                goto clean_n_exit;
+            }
+        }
+
+        db_name = strdup(value);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            goto clean_n_exit;
+        }
+        status = krb5_db2_db_set_name(kcontext, value, tempdb);
+        profile_release_string(value);
+        if (status) {
+            goto clean_n_exit;
+        }
 
     }
 
     status = krb5_db2_db_destroy(kcontext, db_name);
 
-  clean_n_exit:
+clean_n_exit:
     if (db_name)
-	free(db_name);
+        free(db_name);
     return status;
 }
 
 krb5_error_code
 krb5_db2_set_master_key_ext(krb5_context kcontext,
-			    char *pwd, krb5_keyblock * key)
+                            char *pwd, krb5_keyblock * key)
 {
     return krb5_db2_db_set_mkey(kcontext, key);
 }
@@ -1566,7 +1566,7 @@ krb5_db2_db_set_option(krb5_context kcontext, int option, void *value)
     kdb5_dal_handle *dal_handle;
 
     if (!k5db2_inited(kcontext))
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     dal_handle = kcontext->dal_handle;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
@@ -1574,17 +1574,17 @@ krb5_db2_db_set_option(krb5_context kcontext, int option, void *value)
 
     switch (option) {
     case KRB5_KDB_OPT_SET_DB_NAME:
-	status = krb5_db2_db_set_name(kcontext, (char *) value, db_ctx->tempdb);
-	break;
+        status = krb5_db2_db_set_name(kcontext, (char *) value, db_ctx->tempdb);
+        break;
 
     case KRB5_KDB_OPT_SET_LOCK_MODE:
-	oldval = krb5_db2_db_set_lockmode(kcontext, *((krb5_boolean *) value));
-	*((krb5_boolean *) value) = oldval;
-	break;
+        oldval = krb5_db2_db_set_lockmode(kcontext, *((krb5_boolean *) value));
+        *((krb5_boolean *) value) = oldval;
+        break;
 
     default:
-	status = -1;		/* TBD */
-	break;
+        status = -1;            /* TBD */
+        break;
     }
 
     return status;
@@ -1617,7 +1617,7 @@ krb5_db2_create_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db2_get_policy(krb5_context kcontext,
-		    char *name, osa_policy_ent_t * policy, int *cnt)
+                    char *name, osa_policy_ent_t * policy, int *cnt)
 {
     kdb5_dal_handle *dal_handle;
     krb5_db2_context *dbc;
@@ -1642,8 +1642,8 @@ krb5_db2_put_policy(krb5_context kcontext, osa_policy_ent_t policy)
 
 krb5_error_code
 krb5_db2_iter_policy(krb5_context kcontext,
-		     char *match_entry,
-		     osa_adb_iter_policy_func func, void *data)
+                     char *match_entry,
+                     osa_adb_iter_policy_func func, void *data)
 {
     kdb5_dal_handle *dal_handle;
     krb5_db2_context *dbc;
@@ -1687,38 +1687,38 @@ krb5_db2_promote_db(krb5_context kcontext, char *conf_section, char **db_args)
     krb5_clear_error_message (kcontext);
 
     {
-	kdb5_dal_handle *dal_handle = kcontext->dal_handle;
-	krb5_db2_context *db_ctx = dal_handle->db_context;
-	db_name = strdup(db_ctx->db_name);
-	if (db_name == NULL) {
-	    status = ENOMEM;
-	    goto clean_n_exit;
-	}
+        kdb5_dal_handle *dal_handle = kcontext->dal_handle;
+        krb5_db2_context *db_ctx = dal_handle->db_context;
+        db_name = strdup(db_ctx->db_name);
+        if (db_name == NULL) {
+            status = ENOMEM;
+            goto clean_n_exit;
+        }
     }
 
     assert(kcontext->dal_handle != NULL);
     temp_db_name = gen_dbsuffix(db_name, "~");
     if (temp_db_name == NULL) {
-	status = ENOMEM;
-	goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
 
     for (db_argp = db_args; *db_argp; db_argp++) {
-	if (!strcmp(*db_argp, "merge_nra")) {
-	    merge_nra++;
-	    break;
-	}
+        if (!strcmp(*db_argp, "merge_nra")) {
+            merge_nra++;
+            break;
+        }
     }
 
     status = krb5_db2_db_rename (kcontext, temp_db_name, db_name, merge_nra);
     if (status)
-	goto clean_n_exit;
+        goto clean_n_exit;
 
 clean_n_exit:
     if (db_name)
-	free(db_name);
+        free(db_name);
     if (temp_db_name)
-	free(temp_db_name);
+        free(temp_db_name);
     return status;
 }
 
@@ -1731,25 +1731,25 @@ clean_n_exit:
  */
 static krb5_error_code
 krb5_db2_merge_principal(krb5_context kcontext,
-			 krb5_db_entry *src,
-			 krb5_db_entry *dst,
-			 int *changed)
+                         krb5_db_entry *src,
+                         krb5_db_entry *dst,
+                         int *changed)
 {
     *changed = 0;
 
     if (dst->last_success != src->last_success) {
-	dst->last_success = src->last_success;
-	(*changed)++;
+        dst->last_success = src->last_success;
+        (*changed)++;
     }
 
     if (dst->last_failed != src->last_failed) {
-	dst->last_failed = src->last_failed;
-	(*changed)++;
+        dst->last_failed = src->last_failed;
+        (*changed)++;
     }
 
     if (dst->fail_auth_count != src->fail_auth_count) {
-	dst->fail_auth_count = src->fail_auth_count;
-	(*changed)++;
+        dst->fail_auth_count = src->fail_auth_count;
+        (*changed)++;
     }
 
     return 0;
@@ -1782,14 +1782,14 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
 
     /* look up the new principal in the old DB */
     retval = krb5_db2_db_get_principal(nra->kcontext,
-				       entry->princ,
-				       &s_entry,
-				       &n_entries,
-				       &more);
+                                       entry->princ,
+                                       &s_entry,
+                                       &n_entries,
+                                       &more);
     if (retval != 0 || n_entries == 0) {
-	/* principal may be newly created, so ignore */
-	dal_handle->db_context = dst_db;
-	return 0;
+        /* principal may be newly created, so ignore */
+        dal_handle->db_context = dst_db;
+        return 0;
     }
 
     /* merge non-replicated attributes from the old entry in */
@@ -1799,12 +1799,12 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
 
     /* if necessary, commit the modified new entry to the new DB */
     if (changed) {
-	retval = krb5_db2_db_put_principal(nra->kcontext,
-					   entry,
-					   &n_entries,
-					   NULL);
+        retval = krb5_db2_db_put_principal(nra->kcontext,
+                                           entry,
+                                           &n_entries,
+                                           NULL);
     } else {
-	retval = 0;
+        retval = 0;
     }
 
     return retval;
@@ -1819,8 +1819,8 @@ krb5_db2_merge_nra_iterator(krb5_pointer ptr, krb5_db_entry *entry)
  */
 static krb5_error_code
 krb5_db2_begin_nra_merge(krb5_context kcontext,
-			 krb5_db2_context *src_db,
-			 krb5_db2_context *dst_db)
+                         krb5_db2_context *src_db,
+                         krb5_db2_context *dst_db)
 {
     krb5_error_code retval;
     kdb5_dal_handle *dal_handle = kcontext->dal_handle;
@@ -1834,17 +1834,17 @@ krb5_db2_begin_nra_merge(krb5_context kcontext,
 
     retval = krb5_db2_db_lock(kcontext, KRB5_LOCKMODE_EXCLUSIVE);
     if (retval) {
-	dal_handle->db_context = dst_db;
-	return retval;
+        dal_handle->db_context = dst_db;
+        return retval;
     }
 
     retval = krb5_db2_db_iterate_ext(kcontext,
-				     krb5_db2_merge_nra_iterator,
-				     &nra,
-				     0,
-				     0);
+                                     krb5_db2_merge_nra_iterator,
+                                     &nra,
+                                     0,
+                                     0);
     if (retval != 0)
-	(void) krb5_db2_db_unlock(kcontext);
+        (void) krb5_db2_db_unlock(kcontext);
 
     dal_handle->db_context = dst_db;
 
@@ -1857,8 +1857,8 @@ krb5_db2_begin_nra_merge(krb5_context kcontext,
  */
 static krb5_error_code
 krb5_db2_end_nra_merge(krb5_context kcontext,
-		       krb5_db2_context *src_db,
-		       krb5_db2_context *dst_db)
+                       krb5_db2_context *src_db,
+                       krb5_db2_context *dst_db)
 {
     krb5_error_code retval;
     kdb5_dal_handle *dal_handle = kcontext->dal_handle;
@@ -1896,7 +1896,7 @@ krb5_db2_db_rename(context, from, to, merge_nra)
     s_context = dal_handle->db_context;
     dal_handle->db_context = NULL;
     if ((retval = k5db2_init_context(context)))
-	return retval;
+        return retval;
     db_ctx = (krb5_db2_context *) dal_handle->db_context;
 
     /*
@@ -1906,7 +1906,7 @@ krb5_db2_db_rename(context, from, to, merge_nra)
      */
     retval = krb5_db2_db_create(context, to, 0);
     if (retval != 0 && retval != EEXIST)
-	goto errout;
+        goto errout;
 
     /*
      * Set the database to the target, so that other processes sharing
@@ -1914,21 +1914,21 @@ krb5_db2_db_rename(context, from, to, merge_nra)
      */
     retval = krb5_db2_db_set_name(context, to, 0);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = krb5_db2_db_init(context);
     if (retval)
-	goto errout;
+        goto errout;
 
     db_ctx->db_lf_name = gen_dbsuffix(db_ctx->db_name, KDB2_LOCK_EXT);
     if (db_ctx->db_lf_name == NULL) {
-	retval = ENOMEM;
-	goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
     db_ctx->db_lf_file = open(db_ctx->db_lf_name, O_RDWR|O_CREAT, 0600);
     if (db_ctx->db_lf_file < 0) {
-	retval = errno;
-	goto errout;
+        retval = errno;
+        goto errout;
     }
     set_cloexec_fd(db_ctx->db_lf_file);
 
@@ -1936,76 +1936,76 @@ krb5_db2_db_rename(context, from, to, merge_nra)
 
     retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time);
     if (retval)
-	goto errout;
+        goto errout;
 
     fromok = gen_dbsuffix(from, KDB2_LOCK_EXT);
     if (fromok == NULL) {
-	retval = ENOMEM;
-	goto errout;
+        retval = ENOMEM;
+        goto errout;
     }
 
     if ((retval = krb5_db2_db_lock(context, KRB5_LOCKMODE_EXCLUSIVE)))
-	goto errfromok;
+        goto errfromok;
 
     if ((retval = krb5_db2_db_start_update(context)))
-	goto errfromok;
+        goto errfromok;
 
     if (merge_nra) {
-	if ((retval = krb5_db2_begin_nra_merge(context, s_context, db_ctx)))
-	    goto errfromok;
+        if ((retval = krb5_db2_begin_nra_merge(context, s_context, db_ctx)))
+            goto errfromok;
     }
 
     if (rename(from, to)) {
-	retval = errno;
-	goto errfromok;
+        retval = errno;
+        goto errfromok;
     }
     if (unlink(fromok)) {
-	retval = errno;
-	goto errfromok;
+        retval = errno;
+        goto errfromok;
     }
 
     if (merge_nra) {
-	krb5_db2_end_nra_merge(context, s_context, db_ctx);
+        krb5_db2_end_nra_merge(context, s_context, db_ctx);
     }
 
     retval = krb5_db2_db_end_update(context);
     if (retval)
-	goto errfromok;
+        goto errfromok;
 
     {
-	/* XXX moved so that NRA merge works */
-	/* Ugly brute force hack.
-
-	   Should be going through nice friendly helper routines for
-	   this, but it's a mess of jumbled so-called interfaces right
-	   now.  */
-	char    policy[2048], new_policy[2048];
-	assert (strlen(db_ctx->db_name) < 2000);
-	snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
-	snprintf(new_policy, sizeof(new_policy),
-		 "%s~.kadm5", db_ctx->db_name);
-	if (0 != rename(new_policy, policy)) {
-	    retval = errno;
-	    goto errfromok;
-	}
-	strlcat(new_policy, ".lock",sizeof(new_policy));
-	(void) unlink(new_policy);
+        /* XXX moved so that NRA merge works */
+        /* Ugly brute force hack.
+
+           Should be going through nice friendly helper routines for
+           this, but it's a mess of jumbled so-called interfaces right
+           now.  */
+        char    policy[2048], new_policy[2048];
+        assert (strlen(db_ctx->db_name) < 2000);
+        snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name);
+        snprintf(new_policy, sizeof(new_policy),
+                 "%s~.kadm5", db_ctx->db_name);
+        if (0 != rename(new_policy, policy)) {
+            retval = errno;
+            goto errfromok;
+        }
+        strlcat(new_policy, ".lock",sizeof(new_policy));
+        (void) unlink(new_policy);
     }
 
 errfromok:
     free_dbsuffix(fromok);
 errout:
     if (dal_handle->db_context) {
-	if (db_ctx->db_lf_file >= 0) {
-	    krb5_db2_db_unlock(context);
-	    close(db_ctx->db_lf_file);
-	}
-	k5db2_clear_context((krb5_db2_context *) dal_handle->db_context);
-	free(dal_handle->db_context);
+        if (db_ctx->db_lf_file >= 0) {
+            krb5_db2_db_unlock(context);
+            close(db_ctx->db_lf_file);
+        }
+        k5db2_clear_context((krb5_db2_context *) dal_handle->db_context);
+        free(dal_handle->db_context);
     }
 
     dal_handle->db_context = s_context;
-    (void) krb5_db2_db_unlock(context);	/* unlock saved context db */
+    (void) krb5_db2_db_unlock(context); /* unlock saved context db */
 
     return retval;
 }
diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h
index 9f3cbc5..7e6fea1 100644
--- a/src/plugins/kdb/db2/kdb_db2.h
+++ b/src/plugins/kdb/db2/kdb_db2.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_db2.h
  *
@@ -34,8 +35,8 @@
 typedef struct _krb5_db2_context {
     krb5_boolean        db_inited;      /* Context initialized          */
     char *              db_name;        /* Name of database             */
-    DB *		db;		/* DB handle			*/
-    krb5_boolean	hashfirst;	/* Try hash database type first	*/
+    DB *                db;             /* DB handle                    */
+    krb5_boolean        hashfirst;      /* Try hash database type first */
     char *              db_lf_name;     /* Name of lock file            */
     int                 db_lf_file;     /* File descriptor of lock file */
     time_t              db_lf_time;     /* Time last updated            */
@@ -53,169 +54,102 @@ typedef struct _krb5_db2_context {
 #define KDB2_LOCK_EXT ".ok"
 #define KDB2_TEMP_LOCK_EXT "~.ok"
 
-krb5_error_code krb5_db2_db_init
-	(krb5_context);
-krb5_error_code krb5_db2_db_fini
-	(krb5_context);
-krb5_error_code krb5_db2_db_get_age
-	(krb5_context,
-		   char *,
-		   time_t * );
-krb5_error_code krb5_db2_db_create
-	(krb5_context,
-		   char *,
-		   krb5_int32);
-krb5_error_code krb5_db2_db_destroy
-	(krb5_context,
-		   char * );
-krb5_error_code krb5_db2_db_rename
-	(krb5_context,
-		   char *,
-		   char *,
-		   int );
-krb5_error_code krb5_db2_db_get_principal
-	(krb5_context,
-		   krb5_const_principal,
-		   krb5_db_entry *,
-		   int *,
-		   krb5_boolean * );
-krb5_error_code krb5_db2_db_free_principal
-	(krb5_context,
-		   krb5_db_entry *,
-		   int );
-krb5_error_code krb5_db2_db_put_principal
-	(krb5_context,
-	 krb5_db_entry *,
-	 int *,
-	 char **db_args
-	 );
-krb5_error_code krb5_db2_db_iterate_ext
-    	(krb5_context,
-		   krb5_error_code (*) (krb5_pointer,
-					          krb5_db_entry *),
-	           krb5_pointer, int, int );
-krb5_error_code krb5_db2_db_iterate
-(krb5_context,char *,
-		   krb5_error_code (*) (krb5_pointer,
-					          krb5_db_entry *),
-	           krb5_pointer );
-krb5_error_code krb5_db2_db_set_nonblocking
-	(krb5_context,
-		   krb5_boolean,
-		   krb5_boolean * );
-krb5_boolean krb5_db2_db_set_lockmode
-	(krb5_context,
-		   krb5_boolean );
-krb5_error_code krb5_db2_db_open_database
-	(krb5_context);
-krb5_error_code krb5_db2_db_close_database
-	(krb5_context);
+krb5_error_code krb5_db2_db_init(krb5_context);
+krb5_error_code krb5_db2_db_fini(krb5_context);
+krb5_error_code krb5_db2_db_get_age(krb5_context, char *, time_t *);
+krb5_error_code krb5_db2_db_create(krb5_context, char *, krb5_int32);
+krb5_error_code krb5_db2_db_destroy(krb5_context, char *);
+krb5_error_code krb5_db2_db_rename(krb5_context, char *, char *, int );
+krb5_error_code krb5_db2_db_get_principal(krb5_context, krb5_const_principal,
+                                          krb5_db_entry *, int *,
+                                          krb5_boolean *);
+krb5_error_code krb5_db2_db_free_principal(krb5_context, krb5_db_entry *, int);
+krb5_error_code krb5_db2_db_put_principal(krb5_context, krb5_db_entry *,
+                                          int *, char **db_args);
+krb5_error_code krb5_db2_db_iterate_ext(krb5_context,
+                                        krb5_error_code (*)(krb5_pointer,
+                                                            krb5_db_entry *),
+                                        krb5_pointer, int, int);
+krb5_error_code krb5_db2_db_iterate(krb5_context, char *,
+                                    krb5_error_code (*)(krb5_pointer,
+                                                        krb5_db_entry *),
+                                    krb5_pointer);
+krb5_error_code krb5_db2_db_set_nonblocking(krb5_context, krb5_boolean,
+                                            krb5_boolean *);
+krb5_boolean krb5_db2_db_set_lockmode(krb5_context, krb5_boolean);
+krb5_error_code krb5_db2_db_open_database(krb5_context);
+krb5_error_code krb5_db2_db_close_database(krb5_context);
 
 krb5_error_code
-krb5_db2_set_master_key_ext ( krb5_context kcontext,
-			      char *pwd,
-			      krb5_keyblock *key);
+krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd,
+                            krb5_keyblock *key);
 
 krb5_error_code
-krb5_db2_db_set_mkey( krb5_context context,
-		      krb5_keyblock *key);
+krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key);
 
 krb5_error_code
-krb5_db2_db_get_mkey( krb5_context context,
-		      krb5_keyblock **key);
+krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key);
+
 krb5_error_code
-krb5_db2_db_set_mkey_list( krb5_context context,
-		      krb5_keylist_node *keylist);
+krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist);
 
 krb5_error_code
-krb5_db2_db_get_mkey_list( krb5_context context,
-		      krb5_keylist_node **keylist);
+krb5_db2_db_get_mkey_list(krb5_context context, krb5_keylist_node **keylist);
 
 krb5_error_code
-krb5_db2_db_put_principal( krb5_context context,
-			   krb5_db_entry *entries,
-			   register int *nentries,
-			   char **db_args);
+krb5_db2_db_put_principal(krb5_context context, krb5_db_entry *entries,
+                          register int *nentries, char **db_args);
 
 krb5_error_code
 krb5_db2_db_delete_principal(krb5_context context,
-			     krb5_const_principal searchfor,
-			     int *nentries);
+                             krb5_const_principal searchfor, int *nentries);
 
 krb5_error_code krb5_db2_lib_init(void);
-
 krb5_error_code krb5_db2_lib_cleanup(void);
+krb5_error_code krb5_db2_db_unlock(krb5_context);
 
 krb5_error_code
-krb5_db2_db_unlock(krb5_context);
+krb5_db2_promote_db(krb5_context kcontext, char *conf_section, char **db_args);
 
 krb5_error_code
-krb5_db2_promote_db(krb5_context kcontext,
-		    char *conf_section,
-		    char **db_args);
+krb5_db2_db_set_option(krb5_context kcontext, int option, void *value );
 
 krb5_error_code
-krb5_db2_db_set_option ( krb5_context kcontext,
-			 int option,
-			 void *value );
-
-krb5_error_code
-krb5_db2_db_lock( krb5_context 	  context,
-		  int 	 	  in_mode);
-
+krb5_db2_db_lock(krb5_context context, int in_mode);
 
 krb5_error_code
-krb5_db2_open( krb5_context kcontext,
-			       char *conf_section,
-			       char **db_args,
-			       int mode );
-
-krb5_error_code krb5_db2_create( krb5_context kcontext,
-				 char *conf_section,
-				 char **db_args );
-
-krb5_error_code krb5_db2_destroy( krb5_context kcontext,
-				  char *conf_section,
-				  char **db_args );
-
-const char * krb5_db2_err2str( krb5_context kcontext,
-			       long err_code );
-
-void *
-krb5_db2_alloc( krb5_context kcontext,
-		void *ptr,
-		size_t size );
-
-void
-krb5_db2_free( krb5_context kcontext,
-		    void *ptr );
+krb5_db2_open(krb5_context kcontext, char *conf_section, char **db_args,
+              int mode);
 
+krb5_error_code krb5_db2_create(krb5_context kcontext, char *conf_section,
+                                char **db_args);
 
+krb5_error_code krb5_db2_destroy(krb5_context kcontext, char *conf_section,
+                                 char **db_args);
 
+const char *krb5_db2_err2str(krb5_context kcontext, long err_code);
+void *krb5_db2_alloc(krb5_context kcontext, void *ptr, size_t size);
+void krb5_db2_free(krb5_context kcontext, void *ptr);
 
 
 /* policy management functions */
 krb5_error_code
 krb5_db2_create_policy(krb5_context context, osa_policy_ent_t entry);
 
-krb5_error_code krb5_db2_get_policy ( krb5_context kcontext,
-				      char *name,
-				      osa_policy_ent_t *policy,
-				      int *cnt);
+krb5_error_code krb5_db2_get_policy(krb5_context kcontext,
+                                    char *name, osa_policy_ent_t *policy,
+                                    int *cnt);
 
-krb5_error_code krb5_db2_put_policy ( krb5_context kcontext,
-				      osa_policy_ent_t policy );
+krb5_error_code krb5_db2_put_policy(krb5_context kcontext,
+                                    osa_policy_ent_t policy);
 
-krb5_error_code krb5_db2_iter_policy ( krb5_context kcontext,
-				       char *match_entry,
-				       osa_adb_iter_policy_func func,
-				       void *data );
+krb5_error_code krb5_db2_iter_policy(krb5_context kcontext, char *match_entry,
+                                     osa_adb_iter_policy_func func,
+                                     void *data);
 
-krb5_error_code krb5_db2_delete_policy ( krb5_context kcontext,
-					 char *policy );
+krb5_error_code krb5_db2_delete_policy(krb5_context kcontext, char *policy);
 
-void krb5_db2_free_policy( krb5_context kcontext,
-			   osa_policy_ent_t entry );
+void krb5_db2_free_policy(krb5_context kcontext, osa_policy_ent_t entry);
 
 /* Thread-safety wrapper slapped on top of original implementation.  */
 extern k5_mutex_t *krb5_db2_mutex;
diff --git a/src/plugins/kdb/db2/kdb_ext.c b/src/plugins/kdb/db2/kdb_ext.c
index 69c5522..d000e42 100644
--- a/src/plugins/kdb/db2/kdb_ext.c
+++ b/src/plugins/kdb/db2/kdb_ext.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/db2/kdb_ext.c
  *
diff --git a/src/plugins/kdb/db2/kdb_xdr.c b/src/plugins/kdb/db2/kdb_xdr.c
index 38dc658..81a3cc4 100644
--- a/src/plugins/kdb/db2/kdb_xdr.c
+++ b/src/plugins/kdb/db2/kdb_xdr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_xdr.c
  *
@@ -32,10 +33,8 @@
 #include "kdb_xdr.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey(context, key, principal)
-    krb5_context context;
-    krb5_data  *key;
-    krb5_const_principal principal;
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal)
 {
     char *princ_name;
     krb5_error_code retval;
@@ -49,26 +48,22 @@ krb5_encode_princ_dbkey(context, key, principal)
 }
 
 void
-krb5_free_princ_dbkey(context, key)
-    krb5_context context;
-    krb5_data  *key;
+krb5_free_princ_dbkey(krb5_context context, krb5_data *key)
 {
     (void) krb5_free_data_contents(context, key);
 }
 
 krb5_error_code
-krb5_encode_princ_contents(context, content, entry)
-    krb5_context 	  context;
-    krb5_data  		* content;
-    krb5_db_entry 	* entry;
+krb5_encode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry)
 {
-    int 		  i, j;
-    unsigned int	  unparse_princ_size;
-    char 		* unparse_princ;
-    unsigned char	* nextloc;
-    krb5_tl_data	* tl_data;
-    krb5_error_code 	  retval;
-    krb5_int16		  psize16;
+    int                   i, j;
+    unsigned int          unparse_princ_size;
+    char                * unparse_princ;
+    unsigned char       * nextloc;
+    krb5_tl_data        * tl_data;
+    krb5_error_code       retval;
+    krb5_int16            psize16;
 
     /*
      * Generate one lump of data from the krb5_db_entry.
@@ -81,7 +76,7 @@ krb5_encode_princ_contents(context, content, entry)
      * Need  2 bytes for the length of the base structure
      * then 36 [ 8 * 4 + 2 * 2] bytes for the base information
      *         [ attributes, max_life, max_renewable_life, expiration,
-     *	  	 pw_expiration, last_success, last_failed, fail_auth_count ]
+     *           pw_expiration, last_success, last_failed, fail_auth_count ]
      *         [ n_key_data, n_tl_data ]
      * then XX bytes [ e_length ] for the extra data [ e_data ]
      * then XX bytes [ 2 for length + length for string ] for the principal,
@@ -91,7 +86,7 @@ krb5_encode_princ_contents(context, content, entry)
     content->length = entry->len + entry->e_length;
 
     if ((retval = krb5_unparse_name(context, entry->princ, &unparse_princ)))
-	return(retval);
+        return(retval);
 
     unparse_princ_size = strlen(unparse_princ) + 1;
     content->length += unparse_princ_size;
@@ -100,28 +95,28 @@ krb5_encode_princ_contents(context, content, entry)
     i = 0;
     /* tl_data is a linked list */
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-	content->length += tl_data->tl_data_length;
-	content->length += 4; /* type, length */
-	i++;
+        content->length += tl_data->tl_data_length;
+        content->length += 4; /* type, length */
+        i++;
     }
 
     if (i != entry->n_tl_data) {
-	retval = KRB5_KDB_TRUNCATED_RECORD;
-	goto epc_error;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto epc_error;
     }
 
     /* key_data is an array */
     for (i = 0; i < entry->n_key_data; i++) {
-	content->length += 4; /* Version, KVNO */
-	for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-	    content->length += entry->key_data[i].key_data_length[j];
-	    content->length += 4; /* type + length */
-	}
+        content->length += 4; /* Version, KVNO */
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            content->length += entry->key_data[i].key_data_length[j];
+            content->length += 4; /* type + length */
+        }
     }
 
     if ((content->data = malloc(content->length)) == NULL) {
-	retval = ENOMEM;
-	goto epc_error;
+        retval = ENOMEM;
+        goto epc_error;
     }
 
     /*
@@ -130,103 +125,103 @@ krb5_encode_princ_contents(context, content, entry)
      */
     nextloc = (unsigned char *)content->data;
 
-	/* Base Length */
+    /* Base Length */
     krb5_kdb_encode_int16(entry->len, nextloc);
     nextloc += 2;
 
-	/* Attributes */
+    /* Attributes */
     krb5_kdb_encode_int32(entry->attributes, nextloc);
     nextloc += 4;
 
-	/* Max Life */
+    /* Max Life */
     krb5_kdb_encode_int32(entry->max_life, nextloc);
     nextloc += 4;
 
-	/* Max Renewable Life */
+    /* Max Renewable Life */
     krb5_kdb_encode_int32(entry->max_renewable_life, nextloc);
     nextloc += 4;
 
-	/* When the client expires */
+    /* When the client expires */
     krb5_kdb_encode_int32(entry->expiration, nextloc);
     nextloc += 4;
 
-	/* When its passwd expires */
+    /* When its passwd expires */
     krb5_kdb_encode_int32(entry->pw_expiration, nextloc);
     nextloc += 4;
 
-	/* Last successful passwd */
+    /* Last successful passwd */
     krb5_kdb_encode_int32(entry->last_success, nextloc);
     nextloc += 4;
 
-	/* Last failed passwd attempt */
+    /* Last failed passwd attempt */
     krb5_kdb_encode_int32(entry->last_failed, nextloc);
     nextloc += 4;
 
-	/* # of failed passwd attempt */
+    /* # of failed passwd attempt */
     krb5_kdb_encode_int32(entry->fail_auth_count, nextloc);
     nextloc += 4;
 
-	/* # tl_data strutures */
+    /* # tl_data strutures */
     krb5_kdb_encode_int16(entry->n_tl_data, nextloc);
     nextloc += 2;
 
-	/* # key_data strutures */
+    /* # key_data strutures */
     krb5_kdb_encode_int16(entry->n_key_data, nextloc);
     nextloc += 2;
 
-    	/* Put extended fields here */
+    /* Put extended fields here */
     if (entry->len != KRB5_KDB_V1_BASE_LENGTH)
-	abort();
+        abort();
 
-	/* Any extra data that this version doesn't understand. */
+    /* Any extra data that this version doesn't understand. */
     if (entry->e_length) {
-	memcpy(nextloc, entry->e_data, entry->e_length);
-	nextloc += entry->e_length;
+        memcpy(nextloc, entry->e_data, entry->e_length);
+        nextloc += entry->e_length;
     }
 
-	/*
-	 * Now we get to the principal.
-	 * To squeze a few extra bytes out it is always assumed to come
-	 * after the base type.
-	 */
+    /*
+     * Now we get to the principal.
+     * To squeze a few extra bytes out it is always assumed to come
+     * after the base type.
+     */
     psize16 = (krb5_int16) unparse_princ_size;
     krb5_kdb_encode_int16(psize16, nextloc);
     nextloc += 2;
     (void) memcpy(nextloc, unparse_princ, unparse_princ_size);
     nextloc += unparse_princ_size;
 
-    	/* tl_data is a linked list, of type, legth, contents */
+    /* tl_data is a linked list, of type, legth, contents */
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-	krb5_kdb_encode_int16(tl_data->tl_data_type, nextloc);
-	nextloc += 2;
-	krb5_kdb_encode_int16(tl_data->tl_data_length, nextloc);
-	nextloc += 2;
+        krb5_kdb_encode_int16(tl_data->tl_data_type, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(tl_data->tl_data_length, nextloc);
+        nextloc += 2;
 
-	memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
-	nextloc += tl_data->tl_data_length;
+        memcpy(nextloc, tl_data->tl_data_contents, tl_data->tl_data_length);
+        nextloc += tl_data->tl_data_length;
     }
 
-    	/* key_data is an array */
+    /* key_data is an array */
     for (i = 0; i < entry->n_key_data; i++) {
-	krb5_kdb_encode_int16(entry->key_data[i].key_data_ver, nextloc);
-	nextloc += 2;
-	krb5_kdb_encode_int16(entry->key_data[i].key_data_kvno, nextloc);
-	nextloc += 2;
-
-	for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-	    krb5_int16 type = entry->key_data[i].key_data_type[j];
-	    krb5_ui_2  length = entry->key_data[i].key_data_length[j];
-
-    	    krb5_kdb_encode_int16(type, nextloc);
-	    nextloc += 2;
-    	    krb5_kdb_encode_int16(length, nextloc);
-	    nextloc += 2;
-
-	    if (length) {
-	        memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
-	        nextloc += length;
-	    }
-	}
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_ver, nextloc);
+        nextloc += 2;
+        krb5_kdb_encode_int16(entry->key_data[i].key_data_kvno, nextloc);
+        nextloc += 2;
+
+        for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+            krb5_int16 type = entry->key_data[i].key_data_type[j];
+            krb5_ui_2  length = entry->key_data[i].key_data_length[j];
+
+            krb5_kdb_encode_int16(type, nextloc);
+            nextloc += 2;
+            krb5_kdb_encode_int16(length, nextloc);
+            nextloc += 2;
+
+            if (length) {
+                memcpy(nextloc, entry->key_data[i].key_data_contents[j],length);
+                nextloc += length;
+            }
+        }
     }
 
 epc_error:;
@@ -235,24 +230,20 @@ epc_error:;
 }
 
 void
-krb5_free_princ_contents(context, contents)
-    krb5_context 	  context;
-    krb5_data *contents;
+krb5_free_princ_contents(krb5_context context, krb5_data *contents)
 {
     krb5_free_data_contents(context, contents);
     return;
 }
 
 krb5_error_code
-krb5_decode_princ_contents(context, content, entry)
-    krb5_context 	  context;
-    krb5_data  		* content;
-    krb5_db_entry 	* entry;
+krb5_decode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry)
 {
-    int			  sizeleft, i;
-    unsigned char 	* nextloc;
+    int                   sizeleft, i;
+    unsigned char       * nextloc;
     krb5_tl_data       ** tl_data;
-    krb5_int16		  i16;
+    krb5_int16            i16;
 
     krb5_error_code retval;
 
@@ -272,67 +263,67 @@ krb5_decode_princ_contents(context, content, entry)
     nextloc = (unsigned char *)content->data;
     sizeleft = content->length;
     if ((sizeleft -= KRB5_KDB_V1_BASE_LENGTH) < 0)
-	return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-	/* Base Length */
+    /* Base Length */
     krb5_kdb_decode_int16(nextloc, entry->len);
     nextloc += 2;
 
-	/* Attributes */
+    /* Attributes */
     krb5_kdb_decode_int32(nextloc, entry->attributes);
     nextloc += 4;
 
-	/* Max Life */
+    /* Max Life */
     krb5_kdb_decode_int32(nextloc, entry->max_life);
     nextloc += 4;
 
-	/* Max Renewable Life */
+    /* Max Renewable Life */
     krb5_kdb_decode_int32(nextloc, entry->max_renewable_life);
     nextloc += 4;
 
-	/* When the client expires */
+    /* When the client expires */
     krb5_kdb_decode_int32(nextloc, entry->expiration);
     nextloc += 4;
 
-	/* When its passwd expires */
+    /* When its passwd expires */
     krb5_kdb_decode_int32(nextloc, entry->pw_expiration);
     nextloc += 4;
 
-	/* Last successful passwd */
+    /* Last successful passwd */
     krb5_kdb_decode_int32(nextloc, entry->last_success);
     nextloc += 4;
 
-	/* Last failed passwd attempt */
+    /* Last failed passwd attempt */
     krb5_kdb_decode_int32(nextloc, entry->last_failed);
     nextloc += 4;
 
-	/* # of failed passwd attempt */
+    /* # of failed passwd attempt */
     krb5_kdb_decode_int32(nextloc, entry->fail_auth_count);
     nextloc += 4;
 
-	/* # tl_data strutures */
+    /* # tl_data strutures */
     krb5_kdb_decode_int16(nextloc, entry->n_tl_data);
     nextloc += 2;
 
     if (entry->n_tl_data < 0)
-	return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-	/* # key_data strutures */
+    /* # key_data strutures */
     krb5_kdb_decode_int16(nextloc, entry->n_key_data);
     nextloc += 2;
 
     if (entry->n_key_data < 0)
-	return KRB5_KDB_TRUNCATED_RECORD;
+        return KRB5_KDB_TRUNCATED_RECORD;
 
-	/* Check for extra data */
+    /* Check for extra data */
     if (entry->len > KRB5_KDB_V1_BASE_LENGTH) {
-	entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
-	if ((entry->e_data = (krb5_octet *)malloc(entry->e_length))) {
-	    memcpy(entry->e_data, nextloc, entry->e_length);
-	    nextloc += entry->e_length;
-	} else {
-	    return ENOMEM;
-	}
+        entry->e_length = entry->len - KRB5_KDB_V1_BASE_LENGTH;
+        if ((entry->e_data = (krb5_octet *)malloc(entry->e_length))) {
+            memcpy(entry->e_data, nextloc, entry->e_length);
+            nextloc += entry->e_length;
+        } else {
+            return ENOMEM;
+        }
     }
 
     /*
@@ -340,8 +331,8 @@ krb5_decode_princ_contents(context, content, entry)
      * (stored as a string which gets unparsed.)
      */
     if ((sizeleft -= 2) < 0) {
-	retval = KRB5_KDB_TRUNCATED_RECORD;
-	goto error_out;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
     }
 
     i = 0;
@@ -350,99 +341,99 @@ krb5_decode_princ_contents(context, content, entry)
     nextloc += 2;
 
     if ((retval = krb5_parse_name(context, (char *)nextloc, &(entry->princ))))
-	goto error_out;
+        goto error_out;
     if (((size_t) i != (strlen((char *)nextloc) + 1)) || (sizeleft < i)) {
-	retval = KRB5_KDB_TRUNCATED_RECORD;
-	goto error_out;
+        retval = KRB5_KDB_TRUNCATED_RECORD;
+        goto error_out;
     }
     sizeleft -= i;
     nextloc += i;
 
-    	/* tl_data is a linked list */
+    /* tl_data is a linked list */
     tl_data = &entry->tl_data;
     for (i = 0; i < entry->n_tl_data; i++) {
-    	if ((sizeleft -= 4) < 0) {
-	    retval = KRB5_KDB_TRUNCATED_RECORD;
-	    goto error_out;
-	}
-	if ((*tl_data = (krb5_tl_data *)
-	  malloc(sizeof(krb5_tl_data))) == NULL) {
-	    retval = ENOMEM;
-	    goto error_out;
-	}
-	(*tl_data)->tl_data_next = NULL;
-	(*tl_data)->tl_data_contents = NULL;
-	krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type);
-	nextloc += 2;
-	krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length);
-	nextloc += 2;
-
-    	if ((sizeleft -= (*tl_data)->tl_data_length) < 0) {
-	    retval = KRB5_KDB_TRUNCATED_RECORD;
-	    goto error_out;
-	}
-	if (((*tl_data)->tl_data_contents = (krb5_octet *)
-	  malloc((*tl_data)->tl_data_length)) == NULL) {
-	    retval = ENOMEM;
-	    goto error_out;
-	}
-	memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
-	nextloc += (*tl_data)->tl_data_length;
-	tl_data = &((*tl_data)->tl_data_next);
+        if ((sizeleft -= 4) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        if ((*tl_data = (krb5_tl_data *)
+             malloc(sizeof(krb5_tl_data))) == NULL) {
+            retval = ENOMEM;
+            goto error_out;
+        }
+        (*tl_data)->tl_data_next = NULL;
+        (*tl_data)->tl_data_contents = NULL;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_type);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, (*tl_data)->tl_data_length);
+        nextloc += 2;
+
+        if ((sizeleft -= (*tl_data)->tl_data_length) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        if (((*tl_data)->tl_data_contents = (krb5_octet *)
+             malloc((*tl_data)->tl_data_length)) == NULL) {
+            retval = ENOMEM;
+            goto error_out;
+        }
+        memcpy((*tl_data)->tl_data_contents,nextloc,(*tl_data)->tl_data_length);
+        nextloc += (*tl_data)->tl_data_length;
+        tl_data = &((*tl_data)->tl_data_next);
     }
 
-    	/* key_data is an array */
+    /* key_data is an array */
     if (entry->n_key_data && ((entry->key_data = (krb5_key_data *)
-      malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) {
+                               malloc(sizeof(krb5_key_data) * entry->n_key_data)) == NULL)) {
         retval = ENOMEM;
-	goto error_out;
+        goto error_out;
     }
     for (i = 0; i < entry->n_key_data; i++) {
-	krb5_key_data * key_data;
+        krb5_key_data * key_data;
         int j;
 
-    	if ((sizeleft -= 4) < 0) {
-	    retval = KRB5_KDB_TRUNCATED_RECORD;
-	    goto error_out;
-	}
-	key_data = entry->key_data + i;
-	memset(key_data, 0, sizeof(krb5_key_data));
-	krb5_kdb_decode_int16(nextloc, key_data->key_data_ver);
-	nextloc += 2;
-	krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno);
-	nextloc += 2;
-
-	/* key_data_ver determins number of elements and how to unparse them. */
-	if (key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) {
-	    for (j = 0; j < key_data->key_data_ver; j++) {
-    	        if ((sizeleft -= 4) < 0) {
-	            retval = KRB5_KDB_TRUNCATED_RECORD;
-	            goto error_out;
-	        }
-		krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]);
-		nextloc += 2;
-		krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]);
-		nextloc += 2;
-
-    	        if ((sizeleft -= key_data->key_data_length[j]) < 0) {
-	            retval = KRB5_KDB_TRUNCATED_RECORD;
-	            goto error_out;
-	        }
-	        if (key_data->key_data_length[j]) {
-	    	    if ((key_data->key_data_contents[j] = (krb5_octet *)
-	    	      malloc(key_data->key_data_length[j])) == NULL) {
-	                retval = ENOMEM;
-	                goto error_out;
-	            }
-	            memcpy(key_data->key_data_contents[j], nextloc,
-		           key_data->key_data_length[j]);
-	            nextloc += key_data->key_data_length[j];
-		}
-	    }
-	} else {
-	    /* This isn't right. I'll fix it later */
-	    abort();
-	}
+        if ((sizeleft -= 4) < 0) {
+            retval = KRB5_KDB_TRUNCATED_RECORD;
+            goto error_out;
+        }
+        key_data = entry->key_data + i;
+        memset(key_data, 0, sizeof(krb5_key_data));
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_ver);
+        nextloc += 2;
+        krb5_kdb_decode_int16(nextloc, key_data->key_data_kvno);
+        nextloc += 2;
+
+        /* key_data_ver determins number of elements and how to unparse them. */
+        if (key_data->key_data_ver <= KRB5_KDB_V1_KEY_DATA_ARRAY) {
+            for (j = 0; j < key_data->key_data_ver; j++) {
+                if ((sizeleft -= 4) < 0) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_type[j]);
+                nextloc += 2;
+                krb5_kdb_decode_int16(nextloc, key_data->key_data_length[j]);
+                nextloc += 2;
+
+                if ((sizeleft -= key_data->key_data_length[j]) < 0) {
+                    retval = KRB5_KDB_TRUNCATED_RECORD;
+                    goto error_out;
+                }
+                if (key_data->key_data_length[j]) {
+                    if ((key_data->key_data_contents[j] = (krb5_octet *)
+                         malloc(key_data->key_data_length[j])) == NULL) {
+                        retval = ENOMEM;
+                        goto error_out;
+                    }
+                    memcpy(key_data->key_data_contents[j], nextloc,
+                           key_data->key_data_length[j]);
+                    nextloc += key_data->key_data_length[j];
+                }
+            }
+        } else {
+            /* This isn't right. I'll fix it later */
+            abort();
+        }
     }
     return 0;
 
@@ -452,41 +443,39 @@ error_out:;
 }
 
 void
-krb5_dbe_free_contents(context, entry)
-     krb5_context 	  context;
-     krb5_db_entry 	* entry;
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry)
 {
-    krb5_tl_data 	* tl_data_next;
-    krb5_tl_data 	* tl_data;
+    krb5_tl_data        * tl_data_next;
+    krb5_tl_data        * tl_data;
     int i, j;
 
     if (entry->e_data)
-	free(entry->e_data);
+        free(entry->e_data);
     if (entry->princ)
-	krb5_free_principal(context, entry->princ);
+        krb5_free_principal(context, entry->princ);
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
-	tl_data_next = tl_data->tl_data_next;
-	if (tl_data->tl_data_contents)
-	    free(tl_data->tl_data_contents);
-	free(tl_data);
+        tl_data_next = tl_data->tl_data_next;
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
     }
     if (entry->key_data) {
-    	for (i = 0; i < entry->n_key_data; i++) {
-	    for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-	    	if (entry->key_data[i].key_data_length[j]) {
-		    if (entry->key_data[i].key_data_contents[j]) {
-		        memset(entry->key_data[i].key_data_contents[j],
-			       0,
-			       (unsigned) entry->key_data[i].key_data_length[j]);
-		    	free (entry->key_data[i].key_data_contents[j]);
-		    }
-		}
-		entry->key_data[i].key_data_contents[j] = NULL;
-		entry->key_data[i].key_data_length[j] = 0;
-		entry->key_data[i].key_data_type[j] = 0;
-	    }
-	}
-	free(entry->key_data);
+        for (i = 0; i < entry->n_key_data; i++) {
+            for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+                if (entry->key_data[i].key_data_length[j]) {
+                    if (entry->key_data[i].key_data_contents[j]) {
+                        memset(entry->key_data[i].key_data_contents[j],
+                               0,
+                               (unsigned) entry->key_data[i].key_data_length[j]);
+                        free (entry->key_data[i].key_data_contents[j]);
+                    }
+                }
+                entry->key_data[i].key_data_contents[j] = NULL;
+                entry->key_data[i].key_data_length[j] = 0;
+                entry->key_data[i].key_data_type[j] = 0;
+            }
+        }
+        free(entry->key_data);
     }
     memset(entry, 0, sizeof(*entry));
     return;
diff --git a/src/plugins/kdb/db2/kdb_xdr.h b/src/plugins/kdb/db2/kdb_xdr.h
index bd01ead..e4a202b 100644
--- a/src/plugins/kdb/db2/kdb_xdr.h
+++ b/src/plugins/kdb/db2/kdb_xdr.h
@@ -1,34 +1,28 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _KDB2_XDR_H
 #define _KDB2_XDR_H
 
 #include "kdb.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey( krb5_context context,
-			 krb5_data  *key,
-			 krb5_const_principal principal);
+krb5_encode_princ_dbkey(krb5_context context, krb5_data *key,
+                        krb5_const_principal principal);
 
 krb5_error_code
-krb5_decode_princ_contents( krb5_context 	  context,
-			    krb5_data  		* content,
-			    krb5_db_entry 	* entry);
+krb5_decode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_dbe_free_contents( krb5_context 	  context,
-			krb5_db_entry 	* entry);
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry);
 
 krb5_error_code
-krb5_encode_princ_contents( krb5_context 	  context,
-			    krb5_data  		* content,
-			    krb5_db_entry 	* entry);
-
+krb5_encode_princ_contents(krb5_context context, krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_free_princ_dbkey( krb5_context context,
-		       krb5_data  *key);
+krb5_free_princ_dbkey(krb5_context context, krb5_data *key);
 
 void
-krb5_free_princ_contents( krb5_context context,
-			  krb5_data *contents);
+krb5_free_princ_contents(krb5_context context, krb5_data *contents);
 
 #endif
diff --git a/src/plugins/kdb/db2/libdb2/Makefile.in b/src/plugins/kdb/db2/libdb2/Makefile.in
index 536d31c..9faf054 100644
--- a/src/plugins/kdb/db2/libdb2/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../..
-myfulldir=plugins/kdb/db2/libdb2
 mydir=plugins/kdb/db2/libdb2
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 SUBDIRS=hash btree db mpool recno test
diff --git a/src/plugins/kdb/db2/libdb2/btree/Makefile.in b/src/plugins/kdb/db2/libdb2/btree/Makefile.in
index 2904b50..29a3ba8 100644
--- a/src/plugins/kdb/db2/libdb2/btree/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/btree/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/btree
 mydir=plugins/kdb/db2/libdb2/btree
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 STLIBOBJS=	bt_close.o bt_conv.o bt_debug.o bt_delete.o bt_get.o \
diff --git a/src/plugins/kdb/db2/libdb2/btree/deps b/src/plugins/kdb/db2/libdb2/btree/deps
index b35c4b7..ac3f0f3 100644
--- a/src/plugins/kdb/db2/libdb2/btree/deps
+++ b/src/plugins/kdb/db2/libdb2/btree/deps
@@ -22,9 +22,9 @@ bt_get.so bt_get.po $(OUTPRE)bt_get.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
   bt_get.c btree.h extern.h
 bt_open.so bt_open.po $(OUTPRE)bt_open.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(DB_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
+  $(DB_DEPS) $(srcdir)/../include/config.h $(srcdir)/../include/db-int.h \
   $(srcdir)/../include/db-queue.h $(srcdir)/../mpool/mpool.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   bt_open.c btree.h extern.h
 bt_overflow.so bt_overflow.po $(OUTPRE)bt_overflow.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(DB_DEPS) $(srcdir)/../include/config.h \
diff --git a/src/plugins/kdb/db2/libdb2/db/Makefile.in b/src/plugins/kdb/db2/libdb2/db/Makefile.in
index 0b26388..a1c1db4 100644
--- a/src/plugins/kdb/db2/libdb2/db/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/db/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/db
 mydir=plugins/kdb/db2/libdb2/db
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 STLIBOBJS=db.o
diff --git a/src/plugins/kdb/db2/libdb2/hash/Makefile.in b/src/plugins/kdb/db2/libdb2/hash/Makefile.in
index 468124b..9fedc04 100644
--- a/src/plugins/kdb/db2/libdb2/hash/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/hash/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/hash
 mydir=plugins/kdb/db2/libdb2/hash
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 STLIBOBJS=	hash.o hash_bigkey.o hash_debug.o hash_func.o hash_log2.o \
diff --git a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
index e554d59..c8340fc 100644
--- a/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/mpool
 mydir=plugins/kdb/db2/libdb2/mpool
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 STLIBOBJS=mpool.o
diff --git a/src/plugins/kdb/db2/libdb2/recno/Makefile.in b/src/plugins/kdb/db2/libdb2/recno/Makefile.in
index b3a6ef4..022dca4 100644
--- a/src/plugins/kdb/db2/libdb2/recno/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/recno/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/recno
 mydir=plugins/kdb/db2/libdb2/recno
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 STLIBOBJS=	rec_close.o rec_delete.o rec_get.o rec_open.o rec_put.o \
diff --git a/src/plugins/kdb/db2/libdb2/test/Makefile.in b/src/plugins/kdb/db2/libdb2/test/Makefile.in
index efffae5..7e3485e 100644
--- a/src/plugins/kdb/db2/libdb2/test/Makefile.in
+++ b/src/plugins/kdb/db2/libdb2/test/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../../../..
-myfulldir=plugins/kdb/db2/libdb2/test
 mydir=plugins/kdb/db2/libdb2/test
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..$(S)..
 
diff --git a/src/plugins/kdb/db2/libdb2/test/run.test b/src/plugins/kdb/db2/libdb2/test/run.test
index d029862..d2d54e9 100644
--- a/src/plugins/kdb/db2/libdb2/test/run.test
+++ b/src/plugins/kdb/db2/libdb2/test/run.test
@@ -409,13 +409,25 @@ test8()
 {
 	echo "Test 8: btree: repeated small key, big data pairs"
 	rm -f $TMP1
+	# /bin/csh is no longer ubiquitous - find a substitute
+	# The test stores contents of a known file
+	tfile=""
+	for tp in /bin/csh /bin/ls /usr/bin/ls /bin/cat /usr/bin/cat; do
+	    if [ "x$tfile" = "x" -a -f $tp ]; then
+		tfile=$tp
+	    fi
+	done
+	if [ "x$tfile" = "x" ]; then
+	    echo "No suitable file for testing purposes"
+	    exit 1
+	fi
 	echo "" | 
 	awk 'BEGIN {
 		for (i = 1; i <= 10; ++i) {
 			printf("p\nkkey1\nD/bin/sh\n");
-			printf("p\nkkey2\nD/bin/csh\n");
+			printf("p\nkkey2\nD'$tfile'\n");
 			if (i % 8 == 0) {
-				printf("c\nkkey2\nD/bin/csh\n");
+				printf("c\nkkey2\nD'$tfile'\n");
 				printf("c\nkkey1\nD/bin/sh\n");
 				printf("e\t%d of 10 (comparison)\n", i);
 			} else
diff --git a/src/plugins/kdb/db2/lockout.c b/src/plugins/kdb/db2/lockout.c
index e6c4b65..498c0de 100644
--- a/src/plugins/kdb/db2/lockout.c
+++ b/src/plugins/kdb/db2/lockout.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/db2/lockout.c
  *
diff --git a/src/plugins/kdb/db2/policy_db.h b/src/plugins/kdb/db2/policy_db.h
index 54af70c..f2842e9 100644
--- a/src/plugins/kdb/db2/policy_db.h
+++ b/src/plugins/kdb/db2/policy_db.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Data Types for policy and principal information that
  * exists in the respective databases.
@@ -33,70 +34,70 @@
 #include "adb_err.h"
 #include <com_err.h>
 
-typedef	long		osa_adb_ret_t;
+typedef long            osa_adb_ret_t;
 
-#define OSA_ADB_POLICY_DB_MAGIC	0x12345A00
+#define OSA_ADB_POLICY_DB_MAGIC 0x12345A00
 
-#define OSA_ADB_POLICY_VERSION_MASK	0x12345D00
-#define OSA_ADB_POLICY_VERSION_1	0x12345D01
-#define OSA_ADB_POLICY_VERSION_2	0x12345D02
+#define OSA_ADB_POLICY_VERSION_MASK     0x12345D00
+#define OSA_ADB_POLICY_VERSION_1        0x12345D01
+#define OSA_ADB_POLICY_VERSION_2        0x12345D02
 
 
 
 typedef struct _osa_adb_db_lock_ent_t {
-     FILE     *lockfile;
-     char     *filename;
-     int      refcnt, lockmode, lockcnt;
-     krb5_context context;
+    FILE     *lockfile;
+    char     *filename;
+    int      refcnt, lockmode, lockcnt;
+    krb5_context context;
 } osa_adb_lock_ent, *osa_adb_lock_t;
 
 typedef struct _osa_adb_db_ent_t {
-     int        magic;
-     DB         *db;
-     HASHINFO   info;
-     BTREEINFO  btinfo;
-     char       *filename;
-     osa_adb_lock_t lock;
-     int        opencnt;
+    int        magic;
+    DB         *db;
+    HASHINFO   info;
+    BTREEINFO  btinfo;
+    char       *filename;
+    osa_adb_lock_t lock;
+    int        opencnt;
 } osa_adb_db_ent, *osa_adb_db_t, *osa_adb_princ_t, *osa_adb_policy_t;
 
 /*
  * Return Code (the rest are in adb_err.h)
  */
 
-#define OSA_ADB_OK		0
+#define OSA_ADB_OK              0
 
 /*
  * Functions
  */
 
-krb5_error_code	osa_adb_create_db(char *filename, char *lockfile, int magic);
-krb5_error_code	osa_adb_destroy_db(char *filename, char *lockfile, int magic);
-krb5_error_code   osa_adb_rename_db(char *filefrom, char *lockfrom,
-				  char *fileto, char *lockto, int magic);
-krb5_error_code	osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
-				char *lockfile, int magic);
-krb5_error_code	osa_adb_fini_db(osa_adb_db_t db, int magic);
-krb5_error_code	osa_adb_get_lock(osa_adb_db_t db, int mode);
-krb5_error_code	osa_adb_release_lock(osa_adb_db_t db);
+krb5_error_code osa_adb_create_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_destroy_db(char *filename, char *lockfile, int magic);
+krb5_error_code osa_adb_rename_db(char *filefrom, char *lockfrom,
+                                  char *fileto, char *lockto, int magic);
+krb5_error_code osa_adb_init_db(osa_adb_db_t *dbp, char *filename,
+                                char *lockfile, int magic);
+krb5_error_code osa_adb_fini_db(osa_adb_db_t db, int magic);
+krb5_error_code osa_adb_get_lock(osa_adb_db_t db, int mode);
+krb5_error_code osa_adb_release_lock(osa_adb_db_t db);
 krb5_error_code osa_adb_open_and_lock(osa_adb_princ_t db, int locktype);
 krb5_error_code osa_adb_close_and_unlock(osa_adb_princ_t db);
-krb5_error_code	osa_adb_close_policy(osa_adb_policy_t db);
-krb5_error_code	osa_adb_create_policy(osa_adb_policy_t db,
-				      osa_policy_ent_t entry);
-krb5_error_code	osa_adb_destroy_policy(osa_adb_policy_t db,
-				       char * name);
-krb5_error_code	osa_adb_get_policy(osa_adb_policy_t db,
-				   char * name,
-				   osa_policy_ent_t *entry,
-				   int *cnt);
-krb5_error_code	osa_adb_put_policy(osa_adb_policy_t db,
-				   osa_policy_ent_t entry);
-krb5_error_code	osa_adb_iter_policy(osa_adb_policy_t db,
-				    osa_adb_iter_policy_func func,
-				    void * data);
-void		osa_free_policy_ent(osa_policy_ent_t val);
-
-bool_t  xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
+krb5_error_code osa_adb_close_policy(osa_adb_policy_t db);
+krb5_error_code osa_adb_create_policy(osa_adb_policy_t db,
+                                      osa_policy_ent_t entry);
+krb5_error_code osa_adb_destroy_policy(osa_adb_policy_t db,
+                                       char * name);
+krb5_error_code osa_adb_get_policy(osa_adb_policy_t db,
+                                   char * name,
+                                   osa_policy_ent_t *entry,
+                                   int *cnt);
+krb5_error_code osa_adb_put_policy(osa_adb_policy_t db,
+                                   osa_policy_ent_t entry);
+krb5_error_code osa_adb_iter_policy(osa_adb_policy_t db,
+                                    osa_adb_iter_policy_func func,
+                                    void * data);
+void osa_free_policy_ent(osa_policy_ent_t val);
+
+bool_t xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp);
 
 #endif /* __ADB_H__ */
diff --git a/src/plugins/kdb/hdb/Makefile.in b/src/plugins/kdb/hdb/Makefile.in
index cc265a6..fa14852 100644
--- a/src/plugins/kdb/hdb/Makefile.in
+++ b/src/plugins/kdb/hdb/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/kdb/hdb
 mydir=plugins/kdb/hdb
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_DB_MODULE_DIR)
diff --git a/src/plugins/kdb/hdb/deps b/src/plugins/kdb/hdb/deps
index b4892b2..96e3d30 100644
--- a/src/plugins/kdb/hdb/deps
+++ b/src/plugins/kdb/hdb/deps
@@ -4,40 +4,40 @@
 kdb_hdb.so kdb_hdb.po $(OUTPRE)kdb_hdb.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(DB_DEPS) \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h hdb.h hdb_asn1.h hdb_err.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h hdb.h hdb_asn1.h hdb_err.h \
   kdb_hdb.c kdb_hdb.h windc_plugin.h
 kdb_marshal.so kdb_marshal.po $(OUTPRE)kdb_marshal.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
   hdb.h hdb_asn1.h hdb_err.h kdb_hdb.h kdb_marshal.c \
   windc_plugin.h
 kdb_windc.so kdb_windc.po $(OUTPRE)kdb_windc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(DB_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  $(COM_ERR_DEPS) $(DB_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
   hdb.h hdb_asn1.h hdb_err.h kdb_hdb.h kdb_windc.c windc_plugin.h
diff --git a/src/plugins/kdb/hdb/kdb_hdb.c b/src/plugins/kdb/hdb/kdb_hdb.c
index e42b055..f3668fa 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.c
+++ b/src/plugins/kdb/hdb/kdb_hdb.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_hdb.c
  *
@@ -153,11 +153,11 @@ kh_db_context_init(krb5_context context,
         goto cleanup;
     }
 
-#define GET_PLUGIN_FUNC(_lib, _sym, _member)     do { \
-    code = krb5int_get_plugin_func(kh->_lib, _sym, \
-                                   (void (**)())&kh->_member, &errinfo); \
-    if (code != 0) \
-        goto cleanup; \
+#define GET_PLUGIN_FUNC(_lib, _sym, _member)     do {                   \
+        code = krb5int_get_plugin_func(kh->_lib, _sym,                  \
+                                       (void (**)())&kh->_member, &errinfo); \
+        if (code != 0)                                                  \
+            goto cleanup;                                               \
     } while (0)
 
     /* libkrb5 */
@@ -568,8 +568,8 @@ kh_db_get_age(krb5_context context,
 
 static krb5_error_code
 kh_db_set_option(krb5_context context,
-                  int option,
-                  void *value)
+                 int option,
+                 void *value)
 {
     return KRB5_KDB_DBTYPE_NOSUP;
 }
diff --git a/src/plugins/kdb/hdb/kdb_hdb.h b/src/plugins/kdb/hdb/kdb_hdb.h
index 6ba5fbc..0d04059 100644
--- a/src/plugins/kdb/hdb/kdb_hdb.h
+++ b/src/plugins/kdb/hdb/kdb_hdb.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_hdb.c
  *
@@ -74,10 +74,10 @@ typedef struct _kh_db_context {
     void *windc_ctx;
 } kh_db_context;
 
-#define KH_DB_CONTEXT(_context)    \
+#define KH_DB_CONTEXT(_context)                                 \
     ((kh_db_context *)(_context)->dal_handle->db_context)
 
-#define KH_DB_ENTRY(_entry)         \
+#define KH_DB_ENTRY(_entry)                     \
     ((hdb_entry_ex *)(_entry)->e_data)
 
 /* kdb_hdb.c */
@@ -111,10 +111,10 @@ kh_hdb_free_entry(krb5_context context,
 
 /* kdb_marshal.c */
 
-#define KH_MARSHAL_KEY(_kkey, _hkey)        do {        \
-    (_hkey)->keytype            = (_kkey)->enctype;     \
-    (_hkey)->keyvalue.data      = (_kkey)->contents;    \
-    (_hkey)->keyvalue.length    = (_kkey)->length;      \
+#define KH_MARSHAL_KEY(_kkey, _hkey)        do {                \
+        (_hkey)->keytype            = (_kkey)->enctype;         \
+        (_hkey)->keyvalue.data      = (_kkey)->contents;        \
+        (_hkey)->keyvalue.length    = (_kkey)->length;          \
     } while (0)
 
 krb5_error_code
diff --git a/src/plugins/kdb/hdb/kdb_marshal.c b/src/plugins/kdb/hdb/kdb_marshal.c
index d5e4693..624b17f 100644
--- a/src/plugins/kdb/hdb/kdb_marshal.c
+++ b/src/plugins/kdb/hdb/kdb_marshal.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_marshal.c
  *
@@ -69,8 +69,8 @@ kh_free_HostAddresses(krb5_context context,
 #if 0
 static krb5_error_code
 kh_marshal_octet_string(krb5_context context,
-                         const krb5_data *in_data,
-                         heim_octet_string *out_data)
+                        const krb5_data *in_data,
+                        heim_octet_string *out_data)
 {
     out_data->data = malloc(in_data->length);
     if (out_data->data == NULL)
@@ -198,7 +198,7 @@ kh_marshal_Principal(krb5_context context,
     }
     for (i = 0; i < kprinc->length; i++) {
         code = kh_marshal_general_string(context, &kprinc->data[i],
-                                          &hprinc->name.name_string.val[i]);
+                                         &hprinc->name.name_string.val[i]);
         if (code != 0) {
             kh_free_Principal(context, hprinc);
             return code;
@@ -778,7 +778,7 @@ kh_unmarshal_hdb_entry(krb5_context context,
 
     code = kh_unmarshal_Event(context,
                               hentry->modified_by ? hentry->modified_by :
-                                                    &hentry->created_by,
+                              &hentry->created_by,
                               kentry);
     if (code != 0)
         goto cleanup;
diff --git a/src/plugins/kdb/hdb/kdb_windc.c b/src/plugins/kdb/hdb/kdb_windc.c
index 9481876..6c8db85 100644
--- a/src/plugins/kdb/hdb/kdb_windc.c
+++ b/src/plugins/kdb/hdb/kdb_windc.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/hdb/kdb_windc.c
  *
@@ -311,7 +311,7 @@ kh_db_sign_auth_data(krb5_context context,
 
         code = kh_windc_pac_verify(context, kh, client_hprinc,
                                    req->client ?
-                                        KH_DB_ENTRY(req->client) : NULL,
+                                   KH_DB_ENTRY(req->client) : NULL,
                                    KH_DB_ENTRY(req->server),
                                    &hpac);
         if (code != 0)
diff --git a/src/plugins/kdb/ldap/Makefile.in b/src/plugins/kdb/ldap/Makefile.in
index 7f45c15..437bcc4 100644
--- a/src/plugins/kdb/ldap/Makefile.in
+++ b/src/plugins/kdb/ldap/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/kdb/ldap
 mydir=plugins/kdb/ldap
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 DEFS =
diff --git a/src/plugins/kdb/ldap/deps b/src/plugins/kdb/ldap/deps
index ef0d4c1..5d1b6b4 100644
--- a/src/plugins/kdb/ldap/deps
+++ b/src/plugins/kdb/ldap/deps
@@ -4,15 +4,15 @@
 ldap_exp.so ldap_exp.po $(OUTPRE)ldap_exp.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h $(srcdir)/libkdb_ldap/kdb_ldap.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h $(srcdir)/libkdb_ldap/kdb_ldap.h \
   $(srcdir)/libkdb_ldap/ldap_krbcontainer.h $(srcdir)/libkdb_ldap/ldap_principal.h \
   $(srcdir)/libkdb_ldap/ldap_pwd_policy.h $(srcdir)/libkdb_ldap/ldap_realm.h \
   $(srcdir)/libkdb_ldap/ldap_tkt_policy.h ldap_exp.c
diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c
index 742e3ce..8deaf37 100644
--- a/src/plugins/kdb/ldap/ldap_exp.c
+++ b/src/plugins/kdb/ldap/ldap_exp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_exp.c
  *
@@ -46,51 +47,51 @@
  */
 
 kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
-  1,                                      /* major version number 1 */
-  0,                                      /* minor version number 0 */
-  /* init_library */			       krb5_ldap_lib_init,
-  /* fini_library */			       krb5_ldap_lib_cleanup,
-  /* init_module */			       krb5_ldap_open,
-  /* fini_module */			       krb5_ldap_close,
-  /* db_create */			       krb5_ldap_create,
-  /* db_destroy */			       krb5_ldap_delete_realm_1,
-  /* db_get_age */                             krb5_ldap_db_get_age,
-  /* db_set_option */			       krb5_ldap_set_option,
-  /* db_lock */				       krb5_ldap_lock,
-  /* db_unlock */			       krb5_ldap_unlock,
-  /* db_get_principal */		       krb5_ldap_get_principal,
-  /* db_free_principal */		       krb5_ldap_free_principal,
-  /* db_put_principal */		       krb5_ldap_put_principal,
-  /* db_delete_principal */		       krb5_ldap_delete_principal,
-  /* db_iterate */			       krb5_ldap_iterate,
-  /* db_create_policy */                       krb5_ldap_create_password_policy,
-  /* db_get_policy */                          krb5_ldap_get_password_policy,
-  /* db_put_policy */                          krb5_ldap_put_password_policy,
-  /* db_iter_policy */                         krb5_ldap_iterate_password_policy,
-  /* db_delete_policy */                       krb5_ldap_delete_password_policy,
-  /* db_free_policy */                         krb5_ldap_free_password_policy,
-  /* db_supported_realms */		       krb5_ldap_supported_realms,
-  /* db_free_supported_realms */	       krb5_ldap_free_supported_realms,
-  /* errcode_2_string */                       krb5_ldap_errcode_2_string,
-  /* release_errcode_string */		       krb5_ldap_release_errcode_string,
-  /* db_alloc */                               krb5_ldap_alloc,
-  /* db_free */                                krb5_ldap_free,
-            /* optional functions */
-  /* set_master_key */			       krb5_ldap_set_mkey,
-  /* get_master_key */			       krb5_ldap_get_mkey,
-  /* set_master_key_list */		       krb5_ldap_set_mkey_list,
-  /* get_master_key_list */		       krb5_ldap_get_mkey_list,
-  /* setup_master_key_name */		       NULL,
-  /* store_master_key */		       NULL,
-  /* fetch_master_key */		       NULL /* krb5_ldap_fetch_mkey */,
-  /* verify_master_key */		       NULL /* krb5_ldap_verify_master_key */,
-  /* fetch_master_key_list */		       NULL,
-  /* store_master_key_list */		       NULL,
-  /* Search enc type */                        NULL,
-  /* Change pwd   */                           NULL,
-  /* promote_db */                             NULL,
-  /* dbekd_decrypt_key_data */                 NULL,
-  /* dbekd_encrypt_key_data */                 NULL,
-  /* db_invoke */			       krb5_ldap_invoke,
+    1,                                      /* major version number 1 */
+    0,                                      /* minor version number 0 */
+    /* init_library */                      krb5_ldap_lib_init,
+    /* fini_library */                      krb5_ldap_lib_cleanup,
+    /* init_module */                       krb5_ldap_open,
+    /* fini_module */                       krb5_ldap_close,
+    /* db_create */                         krb5_ldap_create,
+    /* db_destroy */                        krb5_ldap_delete_realm_1,
+    /* db_get_age */                        krb5_ldap_db_get_age,
+    /* db_set_option */                     krb5_ldap_set_option,
+    /* db_lock */                           krb5_ldap_lock,
+    /* db_unlock */                         krb5_ldap_unlock,
+    /* db_get_principal */                  krb5_ldap_get_principal,
+    /* db_free_principal */                 krb5_ldap_free_principal,
+    /* db_put_principal */                  krb5_ldap_put_principal,
+    /* db_delete_principal */               krb5_ldap_delete_principal,
+    /* db_iterate */                        krb5_ldap_iterate,
+    /* db_create_policy */                  krb5_ldap_create_password_policy,
+    /* db_get_policy */                     krb5_ldap_get_password_policy,
+    /* db_put_policy */                     krb5_ldap_put_password_policy,
+    /* db_iter_policy */                    krb5_ldap_iterate_password_policy,
+    /* db_delete_policy */                  krb5_ldap_delete_password_policy,
+    /* db_free_policy */                    krb5_ldap_free_password_policy,
+    /* db_supported_realms */               krb5_ldap_supported_realms,
+    /* db_free_supported_realms */          krb5_ldap_free_supported_realms,
+    /* errcode_2_string */                  krb5_ldap_errcode_2_string,
+    /* release_errcode_string */            krb5_ldap_release_errcode_string,
+    /* db_alloc */                          krb5_ldap_alloc,
+    /* db_free */                           krb5_ldap_free,
+    /* optional functions */
+    /* set_master_key */                    krb5_ldap_set_mkey,
+    /* get_master_key */                    krb5_ldap_get_mkey,
+    /* set_master_key_list */               krb5_ldap_set_mkey_list,
+    /* get_master_key_list */               krb5_ldap_get_mkey_list,
+    /* setup_master_key_name */             NULL,
+    /* store_master_key */                  NULL,
+    /* fetch_master_key */                  NULL /* krb5_ldap_fetch_mkey */,
+    /* verify_master_key */                 NULL /* krb5_ldap_verify_master_key */,
+    /* fetch_master_key_list */             NULL,
+    /* store_master_key_list */             NULL,
+    /* Search enc type */                   NULL,
+    /* Change pwd   */                      NULL,
+    /* promote_db */                        NULL,
+    /* dbekd_decrypt_key_data */            NULL,
+    /* dbekd_encrypt_key_data */            NULL,
+    /* db_invoke */                         krb5_ldap_invoke,
 
 };
diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in
index 7c6317a..e269a46 100644
--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in
+++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in
@@ -1,10 +1,8 @@
-thisconfigdir=../../../..
-myfulldir=plugins/kdb/ldap/ldap_util
 mydir=plugins/kdb/ldap/ldap_util
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 DEFINES = -DKDB4_DISABLE
 DEFS=
-LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(SRCTOP)/lib/kdb
+LOCALINCLUDES = -I. -I$(srcdir)/../libkdb_ldap -I$(top_srcdir)/lib/kdb
 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
 PROG_RPATH=$(KRB5_LIBDIR)
 #KDB_DEP_LIB=$(DL_LIB) $(THREAD_LINKOPTS)
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
index 09b5079..f8dce07 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_list.c
  */
@@ -39,15 +40,16 @@
 /*
  * Counts the number of entries in the given array of strings
  */
-int list_count_str_array(char **list)
+int
+list_count_str_array(char **list)
 {
     int i = 0;
 
     if (list == NULL)
-	return 0;
+        return 0;
 
     for (i = 0; *list != NULL; list++) {
-	i++;
+        i++;
     }
 
     return i;
@@ -57,15 +59,16 @@ int list_count_str_array(char **list)
 /*
  * Counts the number of entries in the given array of integers
  */
-int list_count_int_array(int *list)
+int
+list_count_int_array(int *list)
 {
     int i = 0;
 
     if (list == NULL)
-	return 0;
+        return 0;
 
     for (i = 0; *list != END_OF_LIST; list++) {
-	i++;
+        i++;
     }
 
     return i;
@@ -75,14 +78,14 @@ int list_count_int_array(int *list)
 /*
  * Frees the entries in a given list and not the list pointer
  */
-void krb5_free_list_entries(list)
-    char **list;
+void
+krb5_free_list_entries(char **list)
 {
     if (list == NULL)
-	return;
+        return;
     for (; *list != NULL; list++) {
-	free(*list);
-	*list = NULL;
+        free(*list);
+        *list = NULL;
     }
 
     return;
@@ -94,10 +97,7 @@ void krb5_free_list_entries(list)
  * and return the result as a list
  */
 krb5_error_code
-krb5_parse_list(buffer, delimiter, list)
-    char *buffer;
-    char *delimiter;
-    char **list;
+krb5_parse_list(char *buffer, char *delimiter, char **list)
 {
     char *str = NULL;
     char *token = NULL;
@@ -107,40 +107,39 @@ krb5_parse_list(buffer, delimiter, list)
     int count = 0;
 
     if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) {
-	return EINVAL;
+        return EINVAL;
     }
 
     str = strdup(buffer);
     if (str == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     token = strtok_r(str, delimiter, &ptrptr);
     for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
-	 plist++, count++) {
-	*plist = strdup(token);
-	if (*plist == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	token = strtok_r(NULL, delimiter, &ptrptr);
+         plist++, count++) {
+        *plist = strdup(token);
+        if (*plist == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        token = strtok_r(NULL, delimiter, &ptrptr);
     }
     *plist = NULL;
 
 cleanup:
     if (str) {
-	free(str);
-	str = NULL;
+        free(str);
+        str = NULL;
     }
     if (retval)
-	krb5_free_list_entries(list);
+        krb5_free_list_entries(list);
 
     return retval;
 }
 
 
-int compare_int(m1, m2)
-    const void *m1;
-    const void *m2;
+int
+compare_int(const void *m1, const void *m2)
 {
     int mi1 = *(const int *)m1;
     int mi2 = *(const int *)m2;
@@ -154,10 +153,8 @@ int compare_int(m1, m2)
  * entries present in the source list, depending on the mode
  * (ADD or DELETE).
  */
-void list_modify_str_array(destlist, sourcelist, mode)
-    char ***destlist;
-    const char **sourcelist;
-    int mode;
+void
+list_modify_str_array(char ***destlist, const char **sourcelist, int mode)
 {
     char **dlist = NULL, **tmplist = NULL;
     const char **slist = NULL;
@@ -165,52 +162,52 @@ void list_modify_str_array(destlist, sourcelist, mode)
     int found = 0;
 
     if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
-	return;
+        return;
 
     /* We need to add every entry present in the source list to
      * the destination list */
     if (mode == LIST_MODE_ADD) {
-	/* Traverse throught the end of destlist for appending */
-	for (dlist = *destlist, dcount = 0; *dlist != NULL;
-	     dlist++, dcount++) {
-	    ;   /* NULL statement */
-	}
-	/* Count the number of entries in the source list */
-	for (slist = sourcelist, scount = 0; *slist != NULL;
-	     slist++, scount++) {
-	    ;   /* NULL statement */
-	}
-	/* Reset the slist pointer to the start of source list */
-	slist = sourcelist;
-
-	/* Now append the source list to the existing destlist */
-	if ((dcount + scount) < MAX_LIST_ENTRIES)
-	    copycount = scount;
-	else
-	    /* Leave the last entry for list terminator(=NULL) */
-	    copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-	memcpy(dlist, slist, (sizeof(char *) * copycount));
-	dlist += copycount;
-	*dlist = NULL;
+        /* Traverse throught the end of destlist for appending */
+        for (dlist = *destlist, dcount = 0; *dlist != NULL;
+             dlist++, dcount++) {
+            ;   /* NULL statement */
+        }
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != NULL;
+             slist++, scount++) {
+            ;   /* NULL statement */
+        }
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(char *) * copycount));
+        dlist += copycount;
+        *dlist = NULL;
     } else if (mode == LIST_MODE_DELETE) {
-	/* We need to delete every entry present in the source list
-	 * from the destination list */
-	for (slist = sourcelist; *slist != NULL; slist++) {
-	    for (dlist = *destlist; *dlist != NULL; dlist++) {
-		found = 0; /* value not found */
-		/* DN is case insensitive string */
-		if (strcasecmp(*dlist, *slist) == 0) {
-		    found = 1;
-		    free(*dlist);
-		    /* Advance the rest of the entries by one */
-		    for (tmplist = dlist; *tmplist != NULL; tmplist++) {
-			*tmplist = *(tmplist+1);
-		    }
-		    break;
-		}
-	    }
-	}
+        /* We need to delete every entry present in the source list
+         * from the destination list */
+        for (slist = sourcelist; *slist != NULL; slist++) {
+            for (dlist = *destlist; *dlist != NULL; dlist++) {
+                found = 0; /* value not found */
+                /* DN is case insensitive string */
+                if (strcasecmp(*dlist, *slist) == 0) {
+                    found = 1;
+                    free(*dlist);
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != NULL; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
     }
 
     return;
@@ -222,10 +219,8 @@ void list_modify_str_array(destlist, sourcelist, mode)
  * entries present in the source list, depending on the mode
  * (ADD or DELETE). where the list is array of integers.
  */
-int list_modify_int_array(destlist, sourcelist, mode)
-    int *destlist;
-    const int *sourcelist;
-    int mode;
+int
+list_modify_int_array(int *destlist, const int *sourcelist, int mode)
 {
     int *dlist = NULL, *tmplist = NULL;
     const int *slist = NULL;
@@ -233,53 +228,53 @@ int list_modify_int_array(destlist, sourcelist, mode)
     int tcount = 0;
 
     if ((destlist == NULL) || (sourcelist == NULL))
-	return 0;
+        return 0;
 
     /* We need to add every entry present in the source list to the
      * destination list */
     if (mode == LIST_MODE_ADD) {
-	/* Traverse throught the end of destlist for appending */
-	for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
-	     dlist++, dcount++)
-	    ;   /* NULL statement */
-
-	/* Count the number of entries in the source list */
-	for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
-	     slist++, scount++)
-	    ;   /* NULL statement */
-
-	/* Reset the slist pointer to the start of source list */
-	slist = sourcelist;
-
-	/* Now append the source list to the existing destlist */
-	if ((dcount + scount) < MAX_LIST_ENTRIES)
-	    copycount = scount;
-	else
-	    /* Leave the last entry for list terminator(=NULL) */
-	    copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-	memcpy(dlist, slist, (sizeof(int) * copycount));
-	dlist += copycount;
-	*dlist = END_OF_LIST;
-	tcount = dcount + copycount;
+        /* Traverse throught the end of destlist for appending */
+        for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
+             dlist++, dcount++)
+            ;   /* NULL statement */
+
+        /* Count the number of entries in the source list */
+        for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
+             slist++, scount++)
+            ;   /* NULL statement */
+
+        /* Reset the slist pointer to the start of source list */
+        slist = sourcelist;
+
+        /* Now append the source list to the existing destlist */
+        if ((dcount + scount) < MAX_LIST_ENTRIES)
+            copycount = scount;
+        else
+            /* Leave the last entry for list terminator(=NULL) */
+            copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+        memcpy(dlist, slist, (sizeof(int) * copycount));
+        dlist += copycount;
+        *dlist = END_OF_LIST;
+        tcount = dcount + copycount;
     } else if (mode == LIST_MODE_DELETE) {
-	/* We need to delete every entry present in the source list from
-	 * the destination list */
-	for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
-	    for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
-		if (*dlist == *slist) {
-		    /* Advance the rest of the entries by one */
-		    for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
-			*tmplist = *(tmplist+1);
-		    }
-		    break;
-		}
-	    }
-	}
-	/* count the number of entries */
-	for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
-	    tcount++;
-	}
+        /* We need to delete every entry present in the source list from
+         * the destination list */
+        for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
+            for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
+                if (*dlist == *slist) {
+                    /* Advance the rest of the entries by one */
+                    for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
+                        *tmplist = *(tmplist+1);
+                    }
+                    break;
+                }
+            }
+        }
+        /* count the number of entries */
+        for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
+            tcount++;
+        }
     }
 
     return tcount;
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
index a251fde..ff6bde2 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_list.h
  */
@@ -30,12 +31,12 @@
  */
 
 
-#define MAX_LIST_ENTRIES	64
-#define END_OF_LIST		-1      /* End of List */
-#define LIST_DELIMITER		":"     /* List entry separator */
-#define LIST_MODE_ADD 		0x701   /* Add to the List */
-#define LIST_MODE_DELETE 	0x702   /* Delete from the list */
-#define MAX_LEN_LIST_ENTRY 	512     /* Max len of an entry */
+#define MAX_LIST_ENTRIES        64
+#define END_OF_LIST             -1      /* End of List */
+#define LIST_DELIMITER          ":"     /* List entry separator */
+#define LIST_MODE_ADD           0x701   /* Add to the List */
+#define LIST_MODE_DELETE        0x702   /* Delete from the list */
+#define MAX_LEN_LIST_ENTRY      512     /* Max len of an entry */
 
 extern krb5_error_code krb5_parse_list(char *buffer, char *delimiter, char **list);
 extern void krb5_free_list_entries(char **list);
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
index b22e631..4cb3c46 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_policy.c
  */
@@ -48,7 +49,9 @@ static char *strdur(time_t duration);
 extern char *yes;
 extern kadm5_config_params global_params;
 
-static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
+static krb5_error_code
+init_ldap_realm(int argc, char *argv[])
+{
     /* This operation is being performed in the context of a realm. So,
      * initialize the realm */
     int mask = 0;
@@ -65,7 +68,7 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
 
     if (ldap_context->krbcontainer == NULL) {
         retval = krb5_ldap_read_krbcontainer_params (util_context,
-                &(ldap_context->krbcontainer));
+                                                     &(ldap_context->krbcontainer));
         if (retval != 0) {
             com_err(progname, retval, "while reading kerberos container information");
             goto cleanup;
@@ -74,9 +77,9 @@ static krb5_error_code init_ldap_realm (int argc, char *argv[]) {
 
     if (ldap_context->lrparams == NULL) {
         retval = krb5_ldap_read_realm_params(util_context,
-                global_params.realm,
-                &(ldap_context->lrparams),
-                &mask);
+                                             global_params.realm,
+                                             &(ldap_context->lrparams),
+                                             &mask);
 
         if (retval != 0) {
             goto cleanup;
@@ -91,9 +94,7 @@ cleanup:
  * specified attributes.
  */
 void
-kdb5_ldap_create_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_create_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -107,14 +108,14 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 2) || (argc > 16)) {
-	goto err_usage;
+        goto err_usage;
     }
 
     /* Allocate memory for policy parameters structure */
     policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params));
     if (policyparams == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* Get current time */
@@ -122,161 +123,161 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-	if (!strcmp(argv[i], "-maxtktlife")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    date = get_date(argv[i]);
-	    if (date == (time_t)(-1)) {
-		retval = EINVAL;
-		com_err (me, retval, "while providing time specification");
-		goto err_nomsg;
-	    }
-
-	    policyparams->maxtktlife = date - now;
-
-	    mask |= LDAP_POLICY_MAXTKTLIFE;
-	} else if (!strcmp(argv[i], "-maxrenewlife")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    date = get_date(argv[i]);
-	    if (date == (time_t)(-1)) {
-		retval = EINVAL;
-		com_err (me, retval, "while providing time specification");
-		goto err_nomsg;
-	    }
-
-	    policyparams->maxrenewlife = date - now;
-
-	    mask |= LDAP_POLICY_MAXRENEWLIFE;
-	} else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_svr")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_tix")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "needchange")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-	    else
-		goto err_usage;
-
-	    mask |= LDAP_POLICY_TKTFLAGS;
-	} else { /* Any other argument must be policy DN */
-	    /* First check if policy DN is already provided --
-	       if so, there's a usage error */
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            mask |= LDAP_POLICY_TKTFLAGS;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policyparams->policy != NULL)
-		goto err_usage;
+                goto err_usage;
 
-	    /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policyparams->policy = strdup(argv[i]);
             if (policyparams->policy == NULL) {
-		retval = ENOMEM;
-		com_err(me, retval, "while creating policy object");
-		goto err_nomsg;
-	    }
-	}
+                retval = ENOMEM;
+                com_err(me, retval, "while creating policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* policy DN is a mandatory argument. If not provided, print usage */
     if (policyparams->policy == NULL)
-	goto err_usage;
+        goto err_usage;
 
     if ((retval = init_ldap_realm (argc, argv))) {
         com_err(me, retval, "while reading realm information");
@@ -285,7 +286,7 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     goto cleanup;
 
@@ -300,13 +301,13 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (print_usage)
-	db_usage(CREATE_POLICY);
+        db_usage(CREATE_POLICY);
 
     if (retval) {
-	if (!no_msg)
-	    com_err(me, retval, "while creating policy object");
+        if (!no_msg)
+            com_err(me, retval, "while creating policy object");
 
-	exit_status++;
+        exit_status++;
     }
 
     return;
@@ -318,9 +319,7 @@ cleanup:
  * object interactively, unless forced through an option.
  */
 void
-kdb5_ldap_destroy_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -334,55 +333,55 @@ kdb5_ldap_destroy_policy(argc, argv)
     int i = 0;
 
     if ((argc < 2) || (argc > 3)) {
-	goto err_usage;
+        goto err_usage;
     }
 
     for (i = 1; i < argc; i++) {
-	if (strcmp(argv[i], "-force") == 0) {
-	    force++;
-	} else { /* Any other argument must be policy DN */
-	    /* First check if policy DN is already provided --
-	       if so, there's a usage error */
+        if (strcmp(argv[i], "-force") == 0) {
+            force++;
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policy != NULL)
-		goto err_usage;
+                goto err_usage;
 
-	    /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policy = strdup(argv[i]);
             if (policy == NULL) {
-		retval = ENOMEM;
-		com_err(me, retval, "while destroying policy object");
-		goto err_nomsg;
-	    }
-	}
+                retval = ENOMEM;
+                com_err(me, retval, "while destroying policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     if (policy == NULL)
-	goto err_usage;
+        goto err_usage;
 
     if (!force) {
         printf("This will delete the policy object '%s', are you sure?\n", policy);
-	printf("(type 'yes' to confirm)? ");
+        printf("(type 'yes' to confirm)? ");
 
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    retval = EINVAL;
-	    goto cleanup;
-	}
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            retval = EINVAL;
+            goto cleanup;
+        }
 
-	if (strcmp(buf, yes)) {
-	    exit_status++;
-	    goto cleanup;
-	}
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
         goto err_nomsg;
 
     if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask)))
-	goto cleanup;
+        goto cleanup;
 
 
     if ((retval = krb5_ldap_delete_policy(util_context, policy)))
-	goto cleanup;
+        goto cleanup;
 
     printf("** policy object '%s' deleted.\n", policy);
     goto cleanup;
@@ -399,18 +398,18 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (policy) {
-	free (policy);
+        free (policy);
     }
 
     if (print_usage) {
-	db_usage(DESTROY_POLICY);
+        db_usage(DESTROY_POLICY);
     }
 
     if (retval) {
-	if (!no_msg)
-	    com_err(me, retval, "while destroying policy object");
+        if (!no_msg)
+            com_err(me, retval, "while destroying policy object");
 
-	exit_status++;
+        exit_status++;
     }
 
     return;
@@ -422,9 +421,7 @@ cleanup:
  * policy object.
  */
 void
-kdb5_ldap_modify_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_modify_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -441,57 +438,57 @@ kdb5_ldap_modify_policy(argc, argv)
        since atleast one parameter should be given in
        addition to 'modify_policy' and policy DN */
     if ((argc < 3) || (argc > 16)) {
-	goto err_usage;
+        goto err_usage;
     }
 
     /* Parse all arguments, only to pick up policy DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-	/* Skip arguments next to 'maxtktlife'
-	   and 'maxrenewlife' arguments */
-	if (!strcmp(argv[i], "-maxtktlife")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-maxrenewlife")) {
-	    ++i;
-	}
-	/* Do nothing for ticket flag arguments */
-	else if (!strcmp((argv[i] + 1), "allow_postdated") ||
-		 !strcmp((argv[i] + 1), "allow_forwardable") ||
-		 !strcmp((argv[i] + 1), "allow_renewable") ||
-		 !strcmp((argv[i] + 1), "allow_proxiable") ||
-		 !strcmp((argv[i] + 1), "allow_dup_skey") ||
-		 !strcmp((argv[i] + 1), "requires_preauth") ||
-		 !strcmp((argv[i] + 1), "requires_hwauth") ||
-		 !strcmp((argv[i] + 1), "allow_svr") ||
-		 !strcmp((argv[i] + 1), "allow_tgs_req") ||
-		 !strcmp((argv[i] + 1), "allow_tix") ||
-		 !strcmp((argv[i] + 1), "needchange") ||
-		 !strcmp((argv[i] + 1), "password_changing_service")) {
-	} else { /* Any other argument must be policy DN */
-	    /* First check if policy DN is already provided --
-	       if so, there's a usage error */
+        /* Skip arguments next to 'maxtktlife'
+           and 'maxrenewlife' arguments */
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            ++i;
+        }
+        /* Do nothing for ticket flag arguments */
+        else if (!strcmp((argv[i] + 1), "allow_postdated") ||
+                 !strcmp((argv[i] + 1), "allow_forwardable") ||
+                 !strcmp((argv[i] + 1), "allow_renewable") ||
+                 !strcmp((argv[i] + 1), "allow_proxiable") ||
+                 !strcmp((argv[i] + 1), "allow_dup_skey") ||
+                 !strcmp((argv[i] + 1), "requires_preauth") ||
+                 !strcmp((argv[i] + 1), "requires_hwauth") ||
+                 !strcmp((argv[i] + 1), "allow_svr") ||
+                 !strcmp((argv[i] + 1), "allow_tgs_req") ||
+                 !strcmp((argv[i] + 1), "allow_tix") ||
+                 !strcmp((argv[i] + 1), "needchange") ||
+                 !strcmp((argv[i] + 1), "password_changing_service")) {
+        } else { /* Any other argument must be policy DN */
+            /* First check if policy DN is already provided --
+               if so, there's a usage error */
             if (policy != NULL)
-		goto err_usage;
+                goto err_usage;
 
-	    /* If not present already, fill up policy DN */
+            /* If not present already, fill up policy DN */
             policy = strdup(argv[i]);
             if (policy == NULL) {
-		retval = ENOMEM;
-		com_err(me, retval, "while modifying policy object");
-		goto err_nomsg;
-	    }
-	}
+                retval = ENOMEM;
+                com_err(me, retval, "while modifying policy object");
+                goto err_nomsg;
+            }
+        }
     }
 
     if (policy == NULL)
-	goto err_usage;
+        goto err_usage;
 
     if ((retval = init_ldap_realm (argc, argv)))
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &in_mask);
     if (retval) {
         com_err(me, retval, "while reading information of policy '%s'", policy);
-	goto err_nomsg;
+        goto err_nomsg;
     }
 
     /* Get current time */
@@ -499,151 +496,151 @@ kdb5_ldap_modify_policy(argc, argv)
 
     /* Parse all arguments, but skip policy DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-	if (!strcmp(argv[i], "-maxtktlife")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    date = get_date(argv[i]);
-	    if (date == (time_t)(-1)) {
-		retval = EINVAL;
-		com_err (me, retval, "while providing time specification");
-		goto err_nomsg;
-	    }
-
-	    policyparams->maxtktlife = date - now;
-
-	    out_mask |= LDAP_POLICY_MAXTKTLIFE;
-	} else if (!strcmp(argv[i], "-maxrenewlife")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    date = get_date(argv[i]);
-	    if (date == (time_t)(-1)) {
-		retval = EINVAL;
-		com_err (me, retval, "while providing time specification");
-		goto err_nomsg;
-	    }
-
-	    policyparams->maxrenewlife = date - now;
-
-	    out_mask |= LDAP_POLICY_MAXRENEWLIFE;
-	} else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_svr")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "allow_tix")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "needchange")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-	    if (*(argv[i]) == '+')
-		policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-	    else if (*(argv[i]) == '-')
-		policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-	    else
-		goto err_usage;
-
-	    out_mask |= LDAP_POLICY_TKTFLAGS;
-	} else {
-	    /* Any other argument must be policy DN
-	       -- skip it */
-	}
+        if (!strcmp(argv[i], "-maxtktlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxtktlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXTKTLIFE;
+        } else if (!strcmp(argv[i], "-maxrenewlife")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            date = get_date(argv[i]);
+            if (date == (time_t)(-1)) {
+                retval = EINVAL;
+                com_err (me, retval, "while providing time specification");
+                goto err_nomsg;
+            }
+
+            policyparams->maxrenewlife = date - now;
+
+            out_mask |= LDAP_POLICY_MAXRENEWLIFE;
+        } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "needchange")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+            if (*(argv[i]) == '+')
+                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+            else if (*(argv[i]) == '-')
+                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+            else
+                goto err_usage;
+
+            out_mask |= LDAP_POLICY_TKTFLAGS;
+        } else {
+            /* Any other argument must be policy DN
+               -- skip it */
+        }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask)))
-	goto cleanup;
+        goto cleanup;
 
     goto cleanup;
 
@@ -661,13 +658,13 @@ cleanup:
         free (policy);
 
     if (print_usage)
-	db_usage(MODIFY_POLICY);
+        db_usage(MODIFY_POLICY);
 
     if (retval) {
-	if (!no_msg)
-	    com_err(me, retval, "while modifying policy object");
+        if (!no_msg)
+            com_err(me, retval, "while modifying policy object");
 
-	exit_status++;
+        exit_status++;
     }
 
     return;
@@ -679,9 +676,7 @@ cleanup:
  * fetching the information from the LDAP Server.
  */
 void
-kdb5_ldap_view_policy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_view_policy(int argc, char *argv[])
 {
     char *me = progname;
     krb5_ldap_policy_params *policyparams = NULL;
@@ -691,23 +686,23 @@ kdb5_ldap_view_policy(argc, argv)
     int mask = 0;
 
     if (argc != 2) {
-	goto err_usage;
+        goto err_usage;
     }
 
     policy = strdup(argv[1]);
     if (policy == NULL) {
-	com_err(me, ENOMEM, "while viewing policy");
-	exit_status++;
-	goto cleanup;
+        com_err(me, ENOMEM, "while viewing policy");
+        exit_status++;
+        goto cleanup;
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
         goto cleanup;
 
     if ((retval = krb5_ldap_read_policy(util_context, policy, &policyparams, &mask))) {
-	com_err(me, retval, "while viewing policy '%s'", policy);
-	exit_status++;
-	goto cleanup;
+        com_err(me, retval, "while viewing policy '%s'", policy);
+        exit_status++;
+        goto cleanup;
     }
 
     print_policy_params (policyparams, mask);
@@ -721,10 +716,10 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (policy)
-	free (policy);
+        free (policy);
 
     if (print_usage) {
-	db_usage(VIEW_POLICY);
+        db_usage(VIEW_POLICY);
     }
 
     return;
@@ -736,59 +731,57 @@ cleanup:
  * standard output.
  */
 static void
-print_policy_params(policyparams, mask)
-    krb5_ldap_policy_params *policyparams;
-    int mask;
+print_policy_params(krb5_ldap_policy_params *policyparams, int mask)
 {
     /* Print the policy DN */
     printf("%25s: %s\n", "Ticket policy", policyparams->policy);
 
     /* Print max. ticket life and max. renewable life, if present */
     if (mask & LDAP_POLICY_MAXTKTLIFE)
-	printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
+        printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
     if (mask & LDAP_POLICY_MAXRENEWLIFE)
-	printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
+        printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
 
     /* Service flags are printed */
     printf("%25s: ", "Ticket flags");
     if (mask & LDAP_POLICY_TKTFLAGS) {
-	int ticketflags = policyparams->tktflags;
+        int ticketflags = policyparams->tktflags;
 
-	if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-	    printf("%s ","DISALLOW_POSTDATED");
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-	    printf("%s ","DISALLOW_FORWARDABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-	    printf("%s ","DISALLOW_RENEWABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-	    printf("%s ","DISALLOW_PROXIABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-	    printf("%s ","DISALLOW_DUP_SKEY");
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-	    printf("%s ","REQUIRES_PRE_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-	    printf("%s ","REQUIRES_HW_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-	    printf("%s ","DISALLOW_SVR");
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-	    printf("%s ","DISALLOW_TGT_BASED");
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-	    printf("%s ","DISALLOW_ALL_TIX");
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-	    printf("%s ","REQUIRES_PWCHANGE");
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
 
-	if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-	    printf("%s ","PWCHANGE_SERVICE");
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
     }
     printf("\n");
 
@@ -800,9 +793,8 @@ print_policy_params(policyparams, mask)
  * This function will list the DNs of policy objects under a specific
  * sub-tree (entire tree by default)
  */
-void kdb5_ldap_list_policies(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list_policies(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -813,18 +805,18 @@ void kdb5_ldap_list_policies(argc, argv)
 
     /* Check for number of arguments */
     if ((argc != 1) && (argc != 3)) {
-	goto err_usage;
+        goto err_usage;
     }
 
     if ((retval = init_ldap_realm (argc, argv)))
-	goto cleanup;
+        goto cleanup;
 
     retval = krb5_ldap_list_policy(util_context, basedn, &list);
     if ((retval != 0) || (list == NULL))
-	goto cleanup;
+        goto cleanup;
 
     for (plist = list; *plist != NULL; plist++) {
-	printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -834,20 +826,20 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-	krb5_free_list_entries (list);
-	free (list);
+        krb5_free_list_entries (list);
+        free (list);
     }
 
     if (basedn)
-	free (basedn);
+        free (basedn);
 
     if (print_usage) {
-	db_usage(LIST_POLICY);
+        db_usage(LIST_POLICY);
     }
 
     if (retval) {
-	com_err(me, retval, "while listing policy objects");
-	exit_status++;
+        com_err(me, retval, "while listing policy objects");
+        exit_status++;
     }
 
     return;
@@ -856,17 +848,17 @@ cleanup:
 
 /* Reproduced from kadmin.c, instead of linking
    the entire kadmin.o */
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-	duration *= -1;
-	neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-	neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -875,6 +867,6 @@ static char *strdur(duration)
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-	     days, days == 1 ? "day" : "days", hours, minutes, seconds);
+             days, days == 1 ? "day" : "days", hours, minutes, seconds);
     return out;
 }
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
index 105b0a0..a176a9f 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_policy.h
  */
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
index 017a5cd..d96ce0f 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_realm.c
  *
@@ -116,11 +117,11 @@ krb5_data db_creator_entries[] = {
 
 
 static krb5_principal_data db_create_princ = {
-    0,					/* magic number */
-    {0, 0, 0},				/* krb5_data realm */
-    db_creator_entries,			/* krb5_data *data */
-    1,					/* int length */
-    KRB5_NT_SRV_INST			/* int type */
+    0,                                  /* magic number */
+    {0, 0, 0},                          /* krb5_data realm */
+    db_creator_entries,                 /* krb5_data *data */
+    1,                                  /* int length */
+    KRB5_NT_SRV_INST                    /* int type */
 };
 
 extern char *mkey_password;
@@ -129,7 +130,7 @@ extern kadm5_config_params global_params;
 
 static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
 static int kdb_ldap_create_principal (krb5_context context, krb5_principal
-				      princ, enum ap_op op, struct realm_info *pblock);
+                                      princ, enum ap_op op, struct realm_info *pblock);
 
 
 static char *strdur(time_t duration);
@@ -141,18 +142,16 @@ static krb5_error_code krb5_dbe_update_tl_data_new ( krb5_context context, krb5_
 #define CHANGEPW_LIFETIME 60*5 /* 5 minutes */
 
 #ifdef HAVE_EDIRECTORY
-#define FREE_DN_LIST(dnlist)    if (dnlist != NULL) { \
-                                   for (idx=0; dnlist[idx] != NULL; idx++) \
-                                        free(dnlist[idx]); \
-                                   free(dnlist); \
-                                }
+#define FREE_DN_LIST(dnlist)    if (dnlist != NULL) {   \
+        for (idx=0; dnlist[idx] != NULL; idx++)         \
+            free(dnlist[idx]);                          \
+        free(dnlist);                                   \
+    }
 #endif
 
-static int get_ticket_policy(rparams,i,argv,argc)
-    krb5_ldap_realm_params *rparams;
-    int *i;
-    char *argv[];
-    int argc;
+static int
+get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv[],
+                  int argc)
 {
     time_t date;
     time_t now;
@@ -165,142 +164,142 @@ static int get_ticket_policy(rparams,i,argv,argc)
 
     time(&now);
     if (!strcmp(argv[*i], "-maxtktlife")) {
-	if (++(*i) > argc-1)
-	    goto err_usage;
-	date = get_date(argv[*i]);
-	if (date == (time_t)(-1)) {
-	    retval = EINVAL;
-	    com_err (me, retval, "while providing time specification");
-	    goto err_nomsg;
-	}
-	rparams->max_life = date-now;
-	mask |= LDAP_REALM_MAXTICKETLIFE;
+        if (++(*i) > argc-1)
+            goto err_usage;
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err (me, retval, "while providing time specification");
+            goto err_nomsg;
+        }
+        rparams->max_life = date-now;
+        mask |= LDAP_REALM_MAXTICKETLIFE;
     }
 
 
     else if (!strcmp(argv[*i], "-maxrenewlife")) {
-	if (++(*i) > argc-1)
-	    goto err_usage;
-
-	date = get_date(argv[*i]);
-	if (date == (time_t)(-1)) {
-	    retval = EINVAL;
-	    com_err (me, retval, "while providing time specification");
-	    goto err_nomsg;
-	}
-	rparams->max_renewable_life = date-now;
-	mask |= LDAP_REALM_MAXRENEWLIFE;
+        if (++(*i) > argc-1)
+            goto err_usage;
+
+        date = get_date(argv[*i]);
+        if (date == (time_t)(-1)) {
+            retval = EINVAL;
+            com_err (me, retval, "while providing time specification");
+            goto err_nomsg;
+        }
+        rparams->max_renewable_life = date-now;
+        mask |= LDAP_REALM_MAXRENEWLIFE;
     } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
 
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-	else
-	    goto err_usage;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+        else
+            goto err_usage;
 
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-	else
-	    goto err_usage;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+        else
+            goto err_usage;
 
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     }
 
     else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "needchange")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-	else
-	    goto err_usage;
-
-	mask |= LDAP_REALM_KRBTICKETFLAGS;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+        else
+            goto err_usage;
+
+        mask |= LDAP_REALM_KRBTICKETFLAGS;
     } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
-	if (*(argv[*i]) == '+')
-	    rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-	else if (*(argv[*i]) == '-')
-	    rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-	else
-	    goto err_usage;
+        if (*(argv[*i]) == '+')
+            rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+        else if (*(argv[*i]) == '-')
+            rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+        else
+            goto err_usage;
 
-	mask |=LDAP_REALM_KRBTICKETFLAGS;
+        mask |=LDAP_REALM_KRBTICKETFLAGS;
     }
 err_usage:
     print_usage = TRUE;
@@ -315,9 +314,8 @@ err_nomsg:
  * This function will create a realm on the LDAP Server, with
  * the specified attributes.
  */
-void kdb5_ldap_create(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_create(int argc, char *argv[])
 {
     krb5_error_code retval = 0;
     krb5_keyblock master_keyblock;
@@ -342,140 +340,140 @@ void kdb5_ldap_create(argc, argv)
     memset(&master_keyblock, 0, sizeof(master_keyblock));
 
     rparams = (krb5_ldap_realm_params *)malloc(
-	sizeof(krb5_ldap_realm_params));
+        sizeof(krb5_ldap_realm_params));
     if (rparams == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memset(rparams, 0, sizeof(krb5_ldap_realm_params));
 
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-	if (!strcmp(argv[i], "-subtrees")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
-		list = (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
-		if (list == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    free(list);
-		    list = NULL;
-		    goto cleanup;
-		}
-
-		rparams->subtreecount=0;
-		while (list[rparams->subtreecount]!=NULL)
-		    (rparams->subtreecount)++;
-		rparams->subtree = list;
-	    } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-		/* dont allow subtree value to be set at the root(NULL, "") of the tree */
-		com_err(progname, EINVAL,
-			"for subtree while creating realm '%s'",
-			global_params.realm);
-		goto err_nomsg;
-	    }
-	    rparams->subtree[rparams->subtreecount] = NULL;
-	    mask |= LDAP_REALM_SUBTREE;
-	} else if (!strcmp(argv[i], "-containerref")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-		/* dont allow containerref value to be set at the root(NULL, "") of the tree */
-		com_err(progname, EINVAL,
-			"for container reference while creating realm '%s'",
-			global_params.realm);
-		goto err_nomsg;
-	    }
-	    rparams->containerref = strdup(argv[i]);
-	    if (rparams->containerref == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_CONTREF;
-	} else if (!strcmp(argv[i], "-sscope")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    /* Possible values for search scope are
-	     * one (or 1) and sub (or 2)
-	     */
-	    if (!strcasecmp(argv[i], "one")) {
-		rparams->search_scope = 1;
-	    } else if (!strcasecmp(argv[i], "sub")) {
-		rparams->search_scope = 2;
-	    } else {
-		rparams->search_scope = atoi(argv[i]);
-		if ((rparams->search_scope != 1) &&
-		    (rparams->search_scope != 2)) {
-		    com_err(progname, EINVAL,
-			    "invalid search scope while creating realm '%s'",
-			    global_params.realm);
-		    goto err_nomsg;
-		}
-	    }
-	    mask |= LDAP_REALM_SEARCHSCOPE;
-	}
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if (strncmp(argv[i], "", strlen(argv[i]))!=0) {
+                list = (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    free(list);
+                    list = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (list[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree = list;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for subtree while creating realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strcmp(argv[i], "-containerref")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for container reference while creating realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (!strcasecmp(argv[i], "one")) {
+                rparams->search_scope = 1;
+            } else if (!strcasecmp(argv[i], "sub")) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    com_err(progname, EINVAL,
+                            "invalid search scope while creating realm '%s'",
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
 #ifdef HAVE_EDIRECTORY
-	else if (!strcmp(argv[i], "-kdcdn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    rparams->kdcservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->kdcservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->kdcservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_KDCSERVERS;
-	} else if (!strcmp(argv[i], "-admindn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    rparams->adminservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->adminservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->adminservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_ADMINSERVERS;
-	} else if (!strcmp(argv[i], "-pwddn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    rparams->passwdservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->passwdservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->passwdservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_PASSWDSERVERS;
-	}
+        else if (!strcmp(argv[i], "-kdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->kdcservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->kdcservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->kdcservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_KDCSERVERS;
+        } else if (!strcmp(argv[i], "-admindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->adminservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->adminservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->adminservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_ADMINSERVERS;
+        } else if (!strcmp(argv[i], "-pwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            rparams->passwdservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->passwdservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->passwdservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_PASSWDSERVERS;
+        }
 #endif
-	else if (!strcmp(argv[i], "-s")) {
-	    do_stash = 1;
-	} else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
-	    mask|=ret_mask;
-	}
+        else if (!strcmp(argv[i], "-s")) {
+            do_stash = 1;
+        } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        }
 
-	else {
-	    printf("'%s' is an invalid option\n", argv[i]);
-	    goto err_usage;
-	}
+        else {
+            printf("'%s' is an invalid option\n", argv[i]);
+            goto err_usage;
+        }
     }
 
     /* If the default enctype/salttype is not provided, use the
@@ -496,21 +494,21 @@ void kdb5_ldap_create(argc, argv)
     printf("Initializing database for realm '%s'\n", global_params.realm);
 
     if (!mkey_password) {
-	unsigned int pw_size;
-	printf("You will be prompted for the database Master Password.\n");
-	printf("It is important that you NOT FORGET this password.\n");
-	fflush(stdout);
-
-	pw_size = sizeof (pw_str);
-	memset(pw_str, 0, pw_size);
-
-	retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
-				    pw_str, &pw_size);
-	if (retval) {
-	    com_err(progname, retval, "while reading master key from keyboard");
-	    goto err_nomsg;
-	}
-	mkey_password = pw_str;
+        unsigned int pw_size;
+        printf("You will be prompted for the database Master Password.\n");
+        printf("It is important that you NOT FORGET this password.\n");
+        fflush(stdout);
+
+        pw_size = sizeof (pw_str);
+        memset(pw_str, 0, pw_size);
+
+        retval = krb5_read_password(util_context, KRB5_KDC_MKEY_1, KRB5_KDC_MKEY_2,
+                                    pw_str, &pw_size);
+        if (retval) {
+            com_err(progname, retval, "while reading master key from keyboard");
+            goto err_nomsg;
+        }
+        mkey_password = pw_str;
     }
 
     rparams->mkey.enctype = global_params.enctype;
@@ -518,335 +516,335 @@ void kdb5_ldap_create(argc, argv)
     rparams->mkey.length = strlen(mkey_password) + 1;
     rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
     if (rparams->mkey.contents == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     rparams->realm_name = strdup(global_params.realm);
     if (rparams->realm_name == NULL) {
-	retval = ENOMEM;
-	com_err(progname, ENOMEM, "while creating realm '%s'",
-		global_params.realm);
-	goto err_nomsg;
+        retval = ENOMEM;
+        com_err(progname, ENOMEM, "while creating realm '%s'",
+                global_params.realm);
+        goto err_nomsg;
     }
 
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!ldap_context) {
-	retval = EINVAL;
-	goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     /* read the kerberos container */
     if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
-						    &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-	/* Prompt the user for entering the DN of Kerberos container */
-	char krb_location[MAX_KRB_CONTAINER_LEN];
-	krb5_ldap_krbcontainer_params kparams;
-	int krb_location_len = 0;
-	memset(&kparams, 0, sizeof(kparams));
-
-	/* Read the kerberos container location from configuration file */
-	if (ldap_context->conf_section) {
-	    if ((retval=profile_get_string(util_context->profile,
-					   KDB_MODULE_SECTION, ldap_context->conf_section,
-					   "ldap_kerberos_container_dn", NULL,
-					   &kparams.DN)) != 0) {
-		goto cleanup;
-	    }
-	}
-	if (kparams.DN == NULL) {
-	    if ((retval=profile_get_string(util_context->profile,
-					   KDB_MODULE_DEF_SECTION,
-					   "ldap_kerberos_container_dn", NULL,
-					   NULL, &kparams.DN)) != 0) {
-		goto cleanup;
-	    }
-	}
-
-	printf("\nKerberos container is missing. Creating now...\n");
-	if (kparams.DN == NULL) {
+                                                    &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+        /* Prompt the user for entering the DN of Kerberos container */
+        char krb_location[MAX_KRB_CONTAINER_LEN];
+        krb5_ldap_krbcontainer_params kparams;
+        int krb_location_len = 0;
+        memset(&kparams, 0, sizeof(kparams));
+
+        /* Read the kerberos container location from configuration file */
+        if (ldap_context->conf_section) {
+            if ((retval=profile_get_string(util_context->profile,
+                                           KDB_MODULE_SECTION, ldap_context->conf_section,
+                                           "ldap_kerberos_container_dn", NULL,
+                                           &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+        if (kparams.DN == NULL) {
+            if ((retval=profile_get_string(util_context->profile,
+                                           KDB_MODULE_DEF_SECTION,
+                                           "ldap_kerberos_container_dn", NULL,
+                                           NULL, &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+
+        printf("\nKerberos container is missing. Creating now...\n");
+        if (kparams.DN == NULL) {
 #ifdef HAVE_EDIRECTORY
-	    printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
+            printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
 #else
-	    printf("Enter DN of Kerberos container: ");
+            printf("Enter DN of Kerberos container: ");
 #endif
-	    if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
-		/* Remove the newline character at the end */
-		krb_location_len = strlen(krb_location);
-		if ((krb_location[krb_location_len - 1] == '\n') ||
-		    (krb_location[krb_location_len - 1] == '\r')) {
-		    krb_location[krb_location_len - 1] = '\0';
-		    krb_location_len--;
-		}
-		/* If the user has not given any input, take the default location */
-		else if (krb_location[0] == '\0')
-		    kparams.DN = NULL;
-		else
-		    kparams.DN = krb_location;
-	    } else
-		kparams.DN = NULL;
-	}
-
-	/* create the kerberos container */
-	retval = krb5_ldap_create_krbcontainer(util_context,
-					       ((kparams.DN != NULL) ? &kparams : NULL));
-	if (retval)
-	    goto cleanup;
-
-	retval = krb5_ldap_read_krbcontainer_params(util_context,
-						    &(ldap_context->krbcontainer));
-	if (retval) {
-	    com_err(progname, retval, "while reading kerberos container information");
-	    goto cleanup;
-	}
+            if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+                /* Remove the newline character at the end */
+                krb_location_len = strlen(krb_location);
+                if ((krb_location[krb_location_len - 1] == '\n') ||
+                    (krb_location[krb_location_len - 1] == '\r')) {
+                    krb_location[krb_location_len - 1] = '\0';
+                    krb_location_len--;
+                }
+                /* If the user has not given any input, take the default location */
+                else if (krb_location[0] == '\0')
+                    kparams.DN = NULL;
+                else
+                    kparams.DN = krb_location;
+            } else
+                kparams.DN = NULL;
+        }
+
+        /* create the kerberos container */
+        retval = krb5_ldap_create_krbcontainer(util_context,
+                                               ((kparams.DN != NULL) ? &kparams : NULL));
+        if (retval)
+            goto cleanup;
+
+        retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer));
+        if (retval) {
+            com_err(progname, retval, "while reading kerberos container information");
+            goto cleanup;
+        }
     } else if (retval) {
-	com_err(progname, retval, "while reading kerberos container information");
-	goto cleanup;
+        com_err(progname, retval, "while reading kerberos container information");
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_create_realm(util_context,
-					 /* global_params.realm, */ rparams, mask))) {
-	goto cleanup;
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
     }
 
     /* We just created the Realm container. Here starts our transaction tracking */
     realm_obj_created = TRUE;
 
     if ((retval = krb5_ldap_read_realm_params(util_context,
-					      global_params.realm,
-					      &(ldap_context->lrparams),
-					      &mask))) {
-	com_err(progname, retval, "while reading information of realm '%s'",
-		global_params.realm);
-	goto err_nomsg;
+                                              global_params.realm,
+                                              &(ldap_context->lrparams),
+                                              &mask))) {
+        com_err(progname, retval, "while reading information of realm '%s'",
+                global_params.realm);
+        goto err_nomsg;
     }
     ldap_context->lrparams->realm_name = strdup(global_params.realm);
     if (ldap_context->lrparams->realm_name == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
-					  global_params.mkey_name,
-					  global_params.realm,
-					  0, &master_princ))) {
-	com_err(progname, retval, "while setting up master key name");
-	goto err_nomsg;
+                                          global_params.mkey_name,
+                                          global_params.realm,
+                                          0, &master_princ))) {
+        com_err(progname, retval, "while setting up master key name");
+        goto err_nomsg;
     }
 
     /* Obtain master key from master password */
     {
-	krb5_data master_salt, pwd;
-
-	pwd.data = mkey_password;
-	pwd.length = strlen(mkey_password);
-	retval = krb5_principal2salt(util_context, master_princ, &master_salt);
-	if (retval) {
-	    com_err(progname, retval, "while calculating master key salt");
-	    goto err_nomsg;
-	}
+        krb5_data master_salt, pwd;
+
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(util_context, master_princ, &master_salt);
+        if (retval) {
+            com_err(progname, retval, "while calculating master key salt");
+            goto err_nomsg;
+        }
 
-	retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
-				      &pwd, &master_salt, &master_keyblock);
+        retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+                                      &pwd, &master_salt, &master_keyblock);
 
-	if (master_salt.data)
-	    free(master_salt.data);
+        if (master_salt.data)
+            free(master_salt.data);
 
-	if (retval) {
-	    com_err(progname, retval, "while transforming master key from password");
-	    goto err_nomsg;
-	}
+        if (retval) {
+            com_err(progname, retval, "while transforming master key from password");
+            goto err_nomsg;
+        }
 
     }
 
     rblock.key = &master_keyblock;
     ldap_context->lrparams->mkey = master_keyblock;
     ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
-	(master_keyblock.length);
+        (master_keyblock.length);
     if (ldap_context->lrparams->mkey.contents == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
-	    master_keyblock.length);
+            master_keyblock.length);
 
     /* Create special principals inside the realm subtree */
     {
-	char princ_name[MAX_PRINC_SIZE];
-	krb5_principal_data tgt_princ = {
-	    0,					/* magic number */
-	    {0, 0, 0},				/* krb5_data realm */
-	    tgt_princ_entries,			/* krb5_data *data */
-	    2,					/* int length */
-	    KRB5_NT_SRV_INST			/* int type */
-	};
-	krb5_principal p, temp_p=NULL;
-
-	krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
-	krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
-	krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
-	krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
-	/* The container reference value is set to NULL, to avoid service principals
-	 * getting created within the container reference at realm creation */
-	if (ldap_context->lrparams->containerref != NULL) {
-	    oldcontainerref = ldap_context->lrparams->containerref;
-	    ldap_context->lrparams->containerref = NULL;
-	}
-
-	/* Create 'K/M' ... */
-	rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
-	if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-
-	/* Create 'krbtgt' ... */
-	rblock.flags = 0; /* reset the flags */
-	if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-
-	/* Create 'kadmin/admin' ... */
-	snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
-	if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	rblock.max_life = ADMIN_LIFETIME;
-	rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-	if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-	    krb5_free_principal(util_context, p);
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	krb5_free_principal(util_context, p);
-
-	/* Create 'kadmin/changepw' ... */
-	snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
-	if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	rblock.max_life = CHANGEPW_LIFETIME;
-	rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
-	    KRB5_KDB_PWCHANGE_SERVICE;
-	if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-	    krb5_free_principal(util_context, p);
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	krb5_free_principal(util_context, p);
-
-	/* Create 'kadmin/history' ... */
-	snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
-	if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	rblock.max_life = global_params.max_life;
-	rblock.flags = 0;
-	if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
-	    krb5_free_principal(util_context, p);
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	krb5_free_principal(util_context, p);
-
-	/* Create 'kadmin/<hostname>' ... */
-	if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
-	    com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
-	    goto err_nomsg;
-	}
-
-	if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
-	    com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
-	    goto err_nomsg;
-	}
-
-	/* change the realm portion to the default realm */
-	free(temp_p->realm.data);
-	temp_p->realm.length = strlen(util_context->default_realm);
-	temp_p->realm.data = strdup(util_context->default_realm);
-	if (temp_p->realm.data == NULL) {
-	    com_err(progname, ENOMEM, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-
-	rblock.max_life = ADMIN_LIFETIME;
-	rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-	if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
-	    krb5_free_principal(util_context, p);
-	    com_err(progname, retval, "while adding entries to the database");
-	    goto err_nomsg;
-	}
-	krb5_free_principal(util_context, temp_p);
-	krb5_free_principal(util_context, p);
-
-	if (oldcontainerref != NULL) {
-	    ldap_context->lrparams->containerref = oldcontainerref;
-	    oldcontainerref=NULL;
-	}
+        char princ_name[MAX_PRINC_SIZE];
+        krb5_principal_data tgt_princ = {
+            0,                                  /* magic number */
+            {0, 0, 0},                          /* krb5_data realm */
+            tgt_princ_entries,                  /* krb5_data *data */
+            2,                                  /* int length */
+            KRB5_NT_SRV_INST                    /* int type */
+        };
+        krb5_principal p, temp_p=NULL;
+
+        krb5_princ_set_realm_data(util_context, &tgt_princ, global_params.realm);
+        krb5_princ_set_realm_length(util_context, &tgt_princ, strlen(global_params.realm));
+        krb5_princ_component(util_context, &tgt_princ,1)->data = global_params.realm;
+        krb5_princ_component(util_context, &tgt_princ,1)->length = strlen(global_params.realm);
+        /* The container reference value is set to NULL, to avoid service principals
+         * getting created within the container reference at realm creation */
+        if (ldap_context->lrparams->containerref != NULL) {
+            oldcontainerref = ldap_context->lrparams->containerref;
+            ldap_context->lrparams->containerref = NULL;
+        }
+
+        /* Create 'K/M' ... */
+        rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
+        if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* Create 'krbtgt' ... */
+        rblock.flags = 0; /* reset the flags */
+        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* Create 'kadmin/admin' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_ADMIN_SERVICE, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = ADMIN_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/changepw' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = CHANGEPW_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
+            KRB5_KDB_PWCHANGE_SERVICE;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/history' ... */
+        snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
+        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        rblock.max_life = global_params.max_life;
+        rblock.flags = 0;
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, p);
+
+        /* Create 'kadmin/<hostname>' ... */
+        if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
+            com_err(progname, retval, "krb5_sname_to_principal, while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
+            com_err(progname, retval, "krb5_copy_principal, while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        /* change the realm portion to the default realm */
+        free(temp_p->realm.data);
+        temp_p->realm.length = strlen(util_context->default_realm);
+        temp_p->realm.data = strdup(util_context->default_realm);
+        if (temp_p->realm.data == NULL) {
+            com_err(progname, ENOMEM, "while adding entries to the database");
+            goto err_nomsg;
+        }
+
+        rblock.max_life = ADMIN_LIFETIME;
+        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
+        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
+            krb5_free_principal(util_context, p);
+            com_err(progname, retval, "while adding entries to the database");
+            goto err_nomsg;
+        }
+        krb5_free_principal(util_context, temp_p);
+        krb5_free_principal(util_context, p);
+
+        if (oldcontainerref != NULL) {
+            ldap_context->lrparams->containerref = oldcontainerref;
+            oldcontainerref=NULL;
+        }
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-	(mask & LDAP_REALM_PASSWDSERVERS)) {
-
-	printf("Changing rights for the service object. Please wait ... ");
-	fflush(stdout);
-
-	rightsmask =0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-	    for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-		if ((retval=krb5_ldap_add_service_rights(util_context,
-							 LDAP_KDC_SERVICE, rparams->kdcservers[i],
-							 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    goto err_nomsg;
-		}
-	    }
-	}
-
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-	    for (i=0; (rparams->adminservers[i] != NULL); i++) {
-		if ((retval=krb5_ldap_add_service_rights(util_context,
-							 LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-							 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    goto err_nomsg;
-		}
-	    }
-	}
-
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-	    for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-		if ((retval=krb5_ldap_add_service_rights(util_context,
-							 LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-							 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    goto err_nomsg;
-		}
-	    }
-	}
-
-	printf("done\n");
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                         LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    goto err_nomsg;
+                }
+            }
+        }
+
+        printf("done\n");
     }
 #endif
     /* The Realm creation is completed. Here is the end of transaction */
@@ -864,15 +862,15 @@ void kdb5_ldap_create(argc, argv)
         else
             mkey_kvno = 1;  /* Default */
 
-	retval = krb5_def_store_mkey(util_context,
-				     global_params.stash_file,
-				     master_princ,
+        retval = krb5_def_store_mkey(util_context,
+                                     global_params.stash_file,
+                                     master_princ,
                                      mkey_kvno,
-				     &master_keyblock, NULL);
-	if (retval) {
-	    com_err(progname, errno, "while storing key");
-	    printf("Warning: couldn't stash master key.\n");
-	}
+                                     &master_keyblock, NULL);
+        if (retval) {
+            com_err(progname, errno, "while storing key");
+            printf("Warning: couldn't stash master key.\n");
+        }
     }
 
     goto cleanup;
@@ -887,22 +885,22 @@ err_nomsg:
 cleanup:
     /* If the Realm creation is not complete, do the roll-back here */
     if ((realm_obj_created) && (!create_complete))
-	krb5_ldap_delete_realm(util_context, global_params.realm);
+        krb5_ldap_delete_realm(util_context, global_params.realm);
 
     if (rparams)
-	krb5_ldap_free_realm_params(rparams);
+        krb5_ldap_free_realm_params(rparams);
 
     memset (pw_str, 0, sizeof (pw_str));
 
     if (print_usage)
-	db_usage(CREATE_REALM);
+        db_usage(CREATE_REALM);
 
     if (retval) {
-	if (!no_msg) {
-	    com_err(progname, retval, "while creating realm '%s'",
-		    global_params.realm);
-	}
-	exit_status++;
+        if (!no_msg) {
+            com_err(progname, retval, "while creating realm '%s'",
+                    global_params.realm);
+        }
+        exit_status++;
     }
 
     return;
@@ -912,9 +910,8 @@ cleanup:
 /*
  * This function will modify the attributes of a given realm object
  */
-void kdb5_ldap_modify(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_modify(int argc, char *argv[])
 {
     krb5_error_code retval = 0;
     krb5_ldap_realm_params *rparams = NULL;
@@ -947,514 +944,514 @@ void kdb5_ldap_modify(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-	retval = EINVAL;
-	goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer)))) {
-	com_err(progname, retval, "while reading Kerberos container information");
-	goto err_nomsg;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(progname, retval, "while reading Kerberos container information");
+        goto err_nomsg;
     }
 
     retval = krb5_ldap_read_realm_params(util_context,
-					 global_params.realm, &rparams, &rmask);
+                                         global_params.realm, &rparams, &rmask);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-	int k = 0;
-	if (!strcmp(argv[i], "-subtrees")) {
-	    if (++i > argc-1)
-		goto err_usage;
+        int k = 0;
+        if (!strcmp(argv[i], "-subtrees")) {
+            if (++i > argc-1)
+                goto err_usage;
 
-	    if (rmask & LDAP_REALM_SUBTREE) {
-		if (rparams->subtree) {
+            if (rmask & LDAP_REALM_SUBTREE) {
+                if (rparams->subtree) {
 #ifdef HAVE_EDIRECTORY
-		    oldsubtrees =  (char **) calloc(rparams->subtreecount+1, sizeof(char *));
-		    if (oldsubtrees == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    for (k=0; rparams->subtree[k]!=NULL && rparams->subtreecount; k++) {
-			oldsubtrees[k] = strdup(rparams->subtree[k]);
-			if (oldsubtrees[k] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
+                    oldsubtrees =  (char **) calloc(rparams->subtreecount+1, sizeof(char *));
+                    if (oldsubtrees == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    for (k=0; rparams->subtree[k]!=NULL && rparams->subtreecount; k++) {
+                        oldsubtrees[k] = strdup(rparams->subtree[k]);
+                        if (oldsubtrees[k] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
 #endif
-		    for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
-			free(rparams->subtree[k]);
-		    rparams->subtreecount=0;
-		}
-	    }
-	    if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
-		slist =  (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
-		if (slist == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, slist))) {
-		    free(slist);
-		    slist = NULL;
-		    goto cleanup;
-		}
-
-		rparams->subtreecount=0;
-		while (slist[rparams->subtreecount]!=NULL)
-		    (rparams->subtreecount)++;
-		rparams->subtree =  slist;
-	    } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-		/* dont allow subtree value to be set at the root(NULL, "") of the tree */
-		com_err(progname, EINVAL,
-			"for subtree while modifying realm '%s'",
-			global_params.realm);
-		goto err_nomsg;
-	    }
-	    rparams->subtree[rparams->subtreecount] = NULL;
-	    mask |= LDAP_REALM_SUBTREE;
-	} else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if (strncmp(argv[i], "", strlen(argv[i]))==0) {
-		/* dont allow containerref value to be set at the root(NULL, "") of the tree */
-		com_err(progname, EINVAL,
-			"for container reference while modifying realm '%s'",
-			global_params.realm);
-		goto err_nomsg;
-	    }
+                    for (k=0; k<rparams->subtreecount && rparams->subtree[k]; k++)
+                        free(rparams->subtree[k]);
+                    rparams->subtreecount=0;
+                }
+            }
+            if (strncmp(argv[i] ,"", strlen(argv[i]))!=0) {
+                slist =  (char **) calloc(MAX_LIST_ENTRIES, sizeof(char *));
+                if (slist == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, slist))) {
+                    free(slist);
+                    slist = NULL;
+                    goto cleanup;
+                }
+
+                rparams->subtreecount=0;
+                while (slist[rparams->subtreecount]!=NULL)
+                    (rparams->subtreecount)++;
+                rparams->subtree =  slist;
+            } else if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow subtree value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for subtree while modifying realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
+            rparams->subtree[rparams->subtreecount] = NULL;
+            mask |= LDAP_REALM_SUBTREE;
+        } else if (!strncmp(argv[i], "-containerref", strlen(argv[i]))) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (strncmp(argv[i], "", strlen(argv[i]))==0) {
+                /* dont allow containerref value to be set at the root(NULL, "") of the tree */
+                com_err(progname, EINVAL,
+                        "for container reference while modifying realm '%s'",
+                        global_params.realm);
+                goto err_nomsg;
+            }
 #ifdef HAVE_EDIRECTORY
             if (rparams->containerref != NULL) {
                 oldcontainerref = rparams->containerref;
             }
 #endif
-	    rparams->containerref = strdup(argv[i]);
-	    if (rparams->containerref == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_CONTREF;
-	} else if (!strcmp(argv[i], "-sscope")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    /* Possible values for search scope are
-	     * one (or 1) and sub (or 2)
-	     */
-	    if (strcasecmp(argv[i], "one") == 0) {
-		rparams->search_scope = 1;
-	    } else if (strcasecmp(argv[i], "sub") == 0) {
-		rparams->search_scope = 2;
-	    } else {
-		rparams->search_scope = atoi(argv[i]);
-		if ((rparams->search_scope != 1) &&
-		    (rparams->search_scope != 2)) {
-		    retval = EINVAL;
-		    com_err(progname, retval,
-			    "specified for search scope while modifying information of realm '%s'",
-			    global_params.realm);
-		    goto err_nomsg;
-		}
-	    }
-	    mask |= LDAP_REALM_SEARCHSCOPE;
-	}
+            rparams->containerref = strdup(argv[i]);
+            if (rparams->containerref == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_CONTREF;
+        } else if (!strcmp(argv[i], "-sscope")) {
+            if (++i > argc-1)
+                goto err_usage;
+            /* Possible values for search scope are
+             * one (or 1) and sub (or 2)
+             */
+            if (strcasecmp(argv[i], "one") == 0) {
+                rparams->search_scope = 1;
+            } else if (strcasecmp(argv[i], "sub") == 0) {
+                rparams->search_scope = 2;
+            } else {
+                rparams->search_scope = atoi(argv[i]);
+                if ((rparams->search_scope != 1) &&
+                    (rparams->search_scope != 2)) {
+                    retval = EINVAL;
+                    com_err(progname, retval,
+                            "specified for search scope while modifying information of realm '%s'",
+                            global_params.realm);
+                    goto err_nomsg;
+                }
+            }
+            mask |= LDAP_REALM_SEARCHSCOPE;
+        }
 #ifdef HAVE_EDIRECTORY
-	else if (!strcmp(argv[i], "-kdcdn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
-		if (!oldkdcdns) {
-		    /* Store the old kdc dns list for removing rights */
-		    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldkdcdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->kdcservers[j] != NULL; j++) {
-			oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-			if (oldkdcdns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldkdcdns[j] = NULL;
-		}
-
-		krb5_free_list_entries(rparams->kdcservers);
-		free(rparams->kdcservers);
-	    }
-
-	    rparams->kdcservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->kdcservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->kdcservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_KDCSERVERS;
-	    /* Going to replace the existing value by this new value. Hence
-	     * setting flag indicating that add or clear options will be ignored
-	     */
-	    newkdcdn = 1;
-	} else if (!strcmp(argv[i], "-clearkdcdn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
-		if (!oldkdcdns) {
-		    /* Store the old kdc dns list for removing rights */
-		    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldkdcdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->kdcservers[j] != NULL; j++) {
-			oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-			if (oldkdcdns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldkdcdns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		list_modify_str_array(&rparams->kdcservers, (const char **)list,
-				      LIST_MODE_DELETE);
-		mask |= LDAP_REALM_KDCSERVERS;
-		krb5_free_list_entries(list);
-	    }
-	} else if (!strcmp(argv[i], "-addkdcdn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if (!newkdcdn) {
-		if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
-		    /* Store the old kdc dns list for removing rights */
-		    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldkdcdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j = 0; rparams->kdcservers[j] != NULL; j++) {
-			oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-			if (oldkdcdns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldkdcdns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		existing_entries = list_count_str_array(rparams->kdcservers);
-		list_entries = list_count_str_array(list);
-		if (rmask & LDAP_REALM_KDCSERVERS) {
-		    tempstr = (char **)realloc(
-			rparams->kdcservers,
-			sizeof(char *) * (existing_entries+list_entries+1));
-		    if (tempstr == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    rparams->kdcservers = tempstr;
-		} else {
-		    rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-		    if (rparams->kdcservers == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
-		}
-		list_modify_str_array(&rparams->kdcservers, (const char **)list,
-				      LIST_MODE_ADD);
-		mask |= LDAP_REALM_KDCSERVERS;
-	    }
-	} else if (!strcmp(argv[i], "-admindn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
-		if (!oldadmindns) {
-		    /* Store the old admin dns list for removing rights */
-		    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldadmindns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->adminservers[j] != NULL; j++) {
-			oldadmindns[j] = strdup(rparams->adminservers[j]);
-			if (oldadmindns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldadmindns[j] = NULL;
-		}
-
-		krb5_free_list_entries(rparams->adminservers);
-		free(rparams->adminservers);
-	    }
-
-	    rparams->adminservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->adminservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->adminservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_ADMINSERVERS;
-	    /* Going to replace the existing value by this new value. Hence
-	     * setting flag indicating that add or clear options will be ignored
-	     */
-	    newadmindn = 1;
-	} else if (!strcmp(argv[i], "-clearadmindn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
-		if (!oldadmindns) {
-		    /* Store the old admin dns list for removing rights */
-		    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldadmindns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->adminservers[j] != NULL; j++) {
-			oldadmindns[j] = strdup(rparams->adminservers[j]);
-			if (oldadmindns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldadmindns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		list_modify_str_array(&rparams->adminservers, (const char **)list,
-				      LIST_MODE_DELETE);
-		mask |= LDAP_REALM_ADMINSERVERS;
-		krb5_free_list_entries(list);
-	    }
-	} else if (!strcmp(argv[i], "-addadmindn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if (!newadmindn) {
-		if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
-		    /* Store the old admin dns list for removing rights */
-		    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldadmindns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->adminservers[j] != NULL; j++) {
-			oldadmindns[j] = strdup(rparams->adminservers[j]);
-			if (oldadmindns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldadmindns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		existing_entries = list_count_str_array(rparams->adminservers);
-		list_entries = list_count_str_array(list);
-		if (rmask & LDAP_REALM_ADMINSERVERS) {
-		    tempstr = (char **)realloc(
-			rparams->adminservers,
-			sizeof(char *) * (existing_entries+list_entries+1));
-		    if (tempstr == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    rparams->adminservers = tempstr;
-		} else {
-		    rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-		    if (rparams->adminservers == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
-		}
-		list_modify_str_array(&rparams->adminservers, (const char **)list,
-				      LIST_MODE_ADD);
-		mask |= LDAP_REALM_ADMINSERVERS;
-	    }
-	} else if (!strcmp(argv[i], "-pwddn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-		if (!oldpwddns) {
-		    /* Store the old pwd dns list for removing rights */
-		    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldpwddns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->passwdservers[j] != NULL; j++) {
-			oldpwddns[j] = strdup(rparams->passwdservers[j]);
-			if (oldpwddns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldpwddns[j] = NULL;
-		}
-
-		krb5_free_list_entries(rparams->passwdservers);
-		free(rparams->passwdservers);
-	    }
-
-	    rparams->passwdservers = (char **)malloc(
-		sizeof(char *) * MAX_LIST_ENTRIES);
-	    if (rparams->passwdservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  rparams->passwdservers))) {
-		goto cleanup;
-	    }
-	    mask |= LDAP_REALM_PASSWDSERVERS;
-	    /* Going to replace the existing value by this new value. Hence
-	     * setting flag indicating that add or clear options will be ignored
-	     */
-	    newpwddn = 1;
-	} else if (!strcmp(argv[i], "-clearpwddn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-
-	    if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-		if (!oldpwddns) {
-		    /* Store the old pwd dns list for removing rights */
-		    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldpwddns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->passwdservers[j] != NULL; j++) {
-			oldpwddns[j] = strdup(rparams->passwdservers[j]);
-			if (oldpwddns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldpwddns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		list_modify_str_array(&rparams->passwdservers, (const char**)list,
-				      LIST_MODE_DELETE);
-		mask |= LDAP_REALM_PASSWDSERVERS;
-		krb5_free_list_entries(list);
-	    }
-	} else if (!strcmp(argv[i], "-addpwddn")) {
-	    if (++i > argc-1)
-		goto err_usage;
-	    if (!newpwddn) {
-		if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
-		    /* Store the old pwd dns list for removing rights */
-		    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldpwddns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j=0; rparams->passwdservers[j] != NULL; j++) {
-			oldpwddns[j] = strdup(rparams->passwdservers[j]);
-			if (oldpwddns[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldpwddns[j] = NULL;
-		}
-
-		memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-		    goto cleanup;
-		}
-		existing_entries = list_count_str_array(rparams->passwdservers);
-		list_entries = list_count_str_array(list);
-		if (rmask & LDAP_REALM_PASSWDSERVERS) {
-		    tempstr = (char **)realloc(
-			rparams->passwdservers,
-			sizeof(char *) * (existing_entries+list_entries+1));
-		    if (tempstr == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    rparams->passwdservers = tempstr;
-		} else {
-		    rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-		    if (rparams->passwdservers == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
-		}
-		list_modify_str_array(&rparams->passwdservers, (const char**)list,
-				      LIST_MODE_ADD);
-		mask |= LDAP_REALM_PASSWDSERVERS;
-	    }
-	}
+        else if (!strcmp(argv[i], "-kdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+                if (!oldkdcdns) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->kdcservers);
+                free(rparams->kdcservers);
+            }
+
+            rparams->kdcservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->kdcservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->kdcservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_KDCSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newkdcdn = 1;
+        } else if (!strcmp(argv[i], "-clearkdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+                if (!oldkdcdns) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_KDCSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addkdcdn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newkdcdn) {
+                if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
+                    /* Store the old kdc dns list for removing rights */
+                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldkdcdns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; rparams->kdcservers[j] != NULL; j++) {
+                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                        if (oldkdcdns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldkdcdns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->kdcservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_KDCSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->kdcservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->kdcservers = tempstr;
+                } else {
+                    rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->kdcservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_KDCSERVERS;
+            }
+        } else if (!strcmp(argv[i], "-admindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+                if (!oldadmindns) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->adminservers);
+                free(rparams->adminservers);
+            }
+
+            rparams->adminservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->adminservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->adminservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_ADMINSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newadmindn = 1;
+        } else if (!strcmp(argv[i], "-clearadmindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+                if (!oldadmindns) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_ADMINSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addadmindn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newadmindn) {
+                if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
+                    /* Store the old admin dns list for removing rights */
+                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldadmindns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->adminservers[j] != NULL; j++) {
+                        oldadmindns[j] = strdup(rparams->adminservers[j]);
+                        if (oldadmindns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldadmindns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->adminservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_ADMINSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->adminservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->adminservers = tempstr;
+                } else {
+                    rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->adminservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_ADMINSERVERS;
+            }
+        } else if (!strcmp(argv[i], "-pwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+                if (!oldpwddns) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                krb5_free_list_entries(rparams->passwdservers);
+                free(rparams->passwdservers);
+            }
+
+            rparams->passwdservers = (char **)malloc(
+                sizeof(char *) * MAX_LIST_ENTRIES);
+            if (rparams->passwdservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          rparams->passwdservers))) {
+                goto cleanup;
+            }
+            mask |= LDAP_REALM_PASSWDSERVERS;
+            /* Going to replace the existing value by this new value. Hence
+             * setting flag indicating that add or clear options will be ignored
+             */
+            newpwddn = 1;
+        } else if (!strcmp(argv[i], "-clearpwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+
+            if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+                if (!oldpwddns) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                      LIST_MODE_DELETE);
+                mask |= LDAP_REALM_PASSWDSERVERS;
+                krb5_free_list_entries(list);
+            }
+        } else if (!strcmp(argv[i], "-addpwddn")) {
+            if (++i > argc-1)
+                goto err_usage;
+            if (!newpwddn) {
+                if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
+                    /* Store the old pwd dns list for removing rights */
+                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldpwddns == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                        oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                        if (oldpwddns[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldpwddns[j] = NULL;
+                }
+
+                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                    goto cleanup;
+                }
+                existing_entries = list_count_str_array(rparams->passwdservers);
+                list_entries = list_count_str_array(list);
+                if (rmask & LDAP_REALM_PASSWDSERVERS) {
+                    tempstr = (char **)realloc(
+                        rparams->passwdservers,
+                        sizeof(char *) * (existing_entries+list_entries+1));
+                    if (tempstr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    rparams->passwdservers = tempstr;
+                } else {
+                    rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                    if (rparams->passwdservers == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
+                }
+                list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                      LIST_MODE_ADD);
+                mask |= LDAP_REALM_PASSWDSERVERS;
+            }
+        }
 #endif
-	else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
-	    mask|=ret_mask;
-	} else {
-	    printf("'%s' is an invalid option\n", argv[i]);
-	    goto err_usage;
-	}
+        else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+            mask|=ret_mask;
+        } else {
+            printf("'%s' is an invalid option\n", argv[i]);
+            goto err_usage;
+        }
     }
 
     if ((retval = krb5_ldap_modify_realm(util_context,
-					 /* global_params.realm, */ rparams, mask))) {
-	goto cleanup;
+                                         /* global_params.realm, */ rparams, mask))) {
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_CONTREF) || (mask & LDAP_REALM_KDCSERVERS) ||
-	(mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
+        (mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
 
-	printf("Changing rights for the service object. Please wait ... ");
-	fflush(stdout);
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
 
         if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_CONTREF)) {
             subtree_changed = 1;
-	}
+        }
 
         if ((subtree_changed) || (mask & LDAP_REALM_KDCSERVERS)) {
 
@@ -1469,27 +1466,27 @@ void kdb5_ldap_modify(argc, argv)
                         /* Remove the rights on the old subtrees */
                         for (i=0; (kdcdns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-									LDAP_KDC_SERVICE, kdcdns[i],
-									rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_KDC_SERVICE, kdcdns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-					rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
-			    }
-			}
-		    }
+                            }
+                        }
+                    }
                     for (i=0; (kdcdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_KDC_SERVICE, kdcdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, kdcdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-			}
-		    }
-		}
-	    }
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1500,45 +1497,45 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldkdcdns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-		    if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-			for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+                        for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->kdcservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-				retval = ENOMEM;
-				goto cleanup;
-			    }
-			}
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-		    }
+                    }
 
                     disjoint_members(oldkdcdns, newdns);
 
                     for (i=0; (oldkdcdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-								    LDAP_KDC_SERVICE, oldkdcdns[i],
-								    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_KDC_SERVICE, oldkdcdns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
-		    }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_KDC_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
@@ -1548,42 +1545,42 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->kdcservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_KDC_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_KDC_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-			}
-		    }
-		}
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_KDCSERVERS)) {
                 char **newdns = rparams->kdcservers;
 
-		rightsmask =0;
+                rightsmask =0;
                 rightsmask = LDAP_REALM_RIGHTS;
-		rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldkdcdns != NULL) {
-		    for (i=0; (oldkdcdns[i] != NULL); i++) {
-			if ((retval=krb5_ldap_delete_service_rights(util_context,
-								    LDAP_KDC_SERVICE, oldkdcdns[i],
-								    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-			    printf("failed\n");
-			    com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
-			    goto err_nomsg;
-			}
-		    }
-		}
+                    for (i=0; (oldkdcdns[i] != NULL); i++) {
+                        if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                                    LDAP_KDC_SERVICE, oldkdcdns[i],
+                                                                    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
                     if ((retval=krb5_ldap_add_service_rights(util_context,
-							     LDAP_KDC_SERVICE, newdns[i],
-							     rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                             LDAP_KDC_SERVICE, newdns[i],
+                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                         printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-				rparams->realm_name);
+                                rparams->realm_name);
                         goto err_nomsg;
                     }
                 }
@@ -1596,34 +1593,34 @@ void kdb5_ldap_modify(argc, argv)
                 if (rparams->adminservers != NULL) {
                     char **admindns = rparams->adminservers;
                     /* Only subtree and/or container ref has changed */
-		    rightsmask =0;
+                    rightsmask =0;
                     /*  KADMINSERVERS have not changed. Realm rights need not be changed */;
-		    rightsmask |= LDAP_SUBTREE_RIGHTS;
+                    rightsmask |= LDAP_SUBTREE_RIGHTS;
                     if ((oldsubtrees != NULL) || (oldcontainerref != NULL)) {
                         /* Remove the rights on the old subtrees */
                         for (i=0; (admindns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-									LDAP_ADMIN_SERVICE, admindns[i],
-									rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_ADMIN_SERVICE, admindns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-					rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
                             }
                         }
                     }
                     for (i=0; (admindns[i] != NULL); i++) {
-			if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_ADMIN_SERVICE, admindns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-			    printf("failed\n");
+                        if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                                 LDAP_ADMIN_SERVICE, admindns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                            printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
-			    goto err_nomsg;
-			}
-		    }
-		}
-	    }
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1634,46 +1631,46 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldadmindns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-		    if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-			for (j=0;  rparams->adminservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+                        for (j=0;  rparams->adminservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->adminservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-				retval = ENOMEM;
-				goto cleanup;
-			    }
-			}
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-		    }
+                    }
 
                     disjoint_members(oldadmindns, newdns);
 
                     for (i=0; (oldadmindns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-								    LDAP_ADMIN_SERVICE, oldadmindns[i],
-								    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_ADMIN_SERVICE, oldadmindns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_ADMIN_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_ADMIN_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
-		    }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
                     }
@@ -1682,42 +1679,42 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->adminservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_ADMIN_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_ADMIN_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-			}
-		    }
-		}
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_ADMINSERVERS)) {
                 char **newdns = rparams->adminservers;
 
-		rightsmask = 0;
+                rightsmask = 0;
                 rightsmask = LDAP_REALM_RIGHTS;
-		rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldadmindns != NULL) {
-		    for (i=0; (oldadmindns[i] != NULL); i++) {
-			if ((retval=krb5_ldap_delete_service_rights(util_context,
-								    LDAP_ADMIN_SERVICE, oldadmindns[i],
-								    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-			    printf("failed\n");
-			    com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
-			    goto err_nomsg;
-			}
-		    }
-		}
+                    for (i=0; (oldadmindns[i] != NULL); i++) {
+                        if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                                    LDAP_ADMIN_SERVICE, oldadmindns[i],
+                                                                    rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
                     if ((retval=krb5_ldap_add_service_rights(util_context,
-							     LDAP_ADMIN_SERVICE, newdns[i],
-							     rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                             LDAP_ADMIN_SERVICE, newdns[i],
+                                                             rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                         printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-				rparams->realm_name);
+                                rparams->realm_name);
                         goto err_nomsg;
                     }
                 }
@@ -1730,34 +1727,34 @@ void kdb5_ldap_modify(argc, argv)
                 if (rparams->passwdservers != NULL) {
                     char **passwddns = rparams->passwdservers;
                     /* Only subtree and/or container ref has changed */
-		    rightsmask = 0;
+                    rightsmask = 0;
                     /*  KPASSWDSERVERS have not changed. Realm rights need not be changed */;
-		    rightsmask |= LDAP_SUBTREE_RIGHTS;
+                    rightsmask |= LDAP_SUBTREE_RIGHTS;
                     if ((oldsubtrees != NULL) || (oldcontainerref != NULL)) {
                         /* Remove the rights on the old subtrees */
                         for (i=0; (passwddns[i] != NULL); i++) {
                             if ((retval=krb5_ldap_delete_service_rights(util_context,
-									LDAP_PASSWD_SERVICE, passwddns[i],
-									rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                                                                        LDAP_PASSWD_SERVICE, passwddns[i],
+                                                                        rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
                                 printf("failed\n");
                                 com_err(progname, retval, "while assigning rights '%s'",
-					rparams->realm_name);
+                                        rparams->realm_name);
                                 goto err_nomsg;
                             }
                         }
                     }
                     for (i=0; (passwddns[i] != NULL); i++) {
-			if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_PASSWD_SERVICE, passwddns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-			    printf("failed\n");
+                        if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                                 LDAP_PASSWD_SERVICE, passwddns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                            printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
-			    goto err_nomsg;
-			}
-		    }
-		}
-	    }
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
+            }
 
             if (!subtree_changed) {
                 char **newdns = NULL;
@@ -1768,45 +1765,45 @@ void kdb5_ldap_modify(argc, argv)
                 if (oldpwddns != NULL) {
                     newdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                     if (newdns == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
 
-		    if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-			for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
+                    if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+                        for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
                             newdns[j] = strdup(rparams->passwdservers[j]);
                             if (newdns[j] == NULL) {
                                 FREE_DN_LIST(newdns);
-				retval = ENOMEM;
-				goto cleanup;
-			    }
-			}
+                                retval = ENOMEM;
+                                goto cleanup;
+                            }
+                        }
                         newdns[j] = NULL;
-		    }
+                    }
 
                     disjoint_members(oldpwddns, newdns);
 
                     for (i=0; (oldpwddns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_delete_service_rights(util_context,
-								    LDAP_PASSWD_SERVICE, oldpwddns[i],
-								    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                    LDAP_PASSWD_SERVICE, oldpwddns[i],
+                                                                    rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
-		    }
+                        }
+                    }
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_PASSWD_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_PASSWD_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             FREE_DN_LIST(newdns);
                             goto err_nomsg;
-			}
+                        }
                     }
                     for (i=0; (newdns[i] != NULL); i++) {
                         free(newdns[i]);
@@ -1816,48 +1813,48 @@ void kdb5_ldap_modify(argc, argv)
                     newdns = rparams->passwdservers;
                     for (i=0; (newdns[i] != NULL); i++) {
                         if ((retval=krb5_ldap_add_service_rights(util_context,
-								 LDAP_PASSWD_SERVICE, newdns[i],
-								 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                                                                 LDAP_PASSWD_SERVICE, newdns[i],
+                                                                 rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
                             printf("failed\n");
                             com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
+                                    rparams->realm_name);
                             goto err_nomsg;
-			}
-		    }
-		}
+                        }
+                    }
+                }
             }
 
             if (subtree_changed && (mask & LDAP_REALM_PASSWDSERVERS)) {
                 char **newdns = rparams->passwdservers;
 
-		rightsmask =0;
+                rightsmask =0;
                 rightsmask = LDAP_REALM_RIGHTS;
-		rightsmask |= LDAP_SUBTREE_RIGHTS;
+                rightsmask |= LDAP_SUBTREE_RIGHTS;
                 if (oldpwddns != NULL) {
-		    for (i=0; (oldpwddns[i] != NULL); i++) {
-			if ((retval = krb5_ldap_delete_service_rights(util_context,
-								      LDAP_PASSWD_SERVICE, oldpwddns[i],
-								      rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
-			    printf("failed\n");
-			    com_err(progname, retval, "while assigning rights '%s'",
-				    rparams->realm_name);
-			    goto err_nomsg;
-			}
-		    }
-		}
+                    for (i=0; (oldpwddns[i] != NULL); i++) {
+                        if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                                      LDAP_PASSWD_SERVICE, oldpwddns[i],
+                                                                      rparams->realm_name, oldsubtrees, oldcontainerref, rightsmask)) != 0) {
+                            printf("failed\n");
+                            com_err(progname, retval, "while assigning rights '%s'",
+                                    rparams->realm_name);
+                            goto err_nomsg;
+                        }
+                    }
+                }
                 for (i=0; (newdns[i] != NULL); i++) {
-		    if ((retval = krb5_ldap_add_service_rights(util_context,
-							       LDAP_PASSWD_SERVICE, newdns[i],
-							       rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-			printf("failed\n");
+                    if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                               LDAP_PASSWD_SERVICE, newdns[i],
+                                                               rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                        printf("failed\n");
                         com_err(progname, retval, "while assigning rights '%s'",
-				rparams->realm_name);
-			goto err_nomsg;
-		    }
-		}
-	    }
-	}
-	printf("done\n");
+                                rparams->realm_name);
+                        goto err_nomsg;
+                    }
+                }
+            }
+        }
+        printf("done\n");
     }
 #endif
 
@@ -1875,55 +1872,55 @@ cleanup:
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcdns) {
-	for (i=0; oldkdcdns[i] != NULL; i++)
-	    free(oldkdcdns[i]);
-	free(oldkdcdns);
+        for (i=0; oldkdcdns[i] != NULL; i++)
+            free(oldkdcdns[i]);
+        free(oldkdcdns);
     }
     if (oldpwddns) {
-	for (i=0; oldpwddns[i] != NULL; i++)
-	    free(oldpwddns[i]);
-	free(oldpwddns);
+        for (i=0; oldpwddns[i] != NULL; i++)
+            free(oldpwddns[i]);
+        free(oldpwddns);
     }
     if (oldadmindns) {
-	for (i=0; oldadmindns[i] != NULL; i++)
-	    free(oldadmindns[i]);
-	free(oldadmindns);
+        for (i=0; oldadmindns[i] != NULL; i++)
+            free(oldadmindns[i]);
+        free(oldadmindns);
     }
     if (newkdcdns) {
-	for (i=0; newkdcdns[i] != NULL; i++)
-	    free(newkdcdns[i]);
-	free(newkdcdns);
+        for (i=0; newkdcdns[i] != NULL; i++)
+            free(newkdcdns[i]);
+        free(newkdcdns);
     }
     if (newpwddns) {
-	for (i=0; newpwddns[i] != NULL; i++)
-	    free(newpwddns[i]);
-	free(newpwddns);
+        for (i=0; newpwddns[i] != NULL; i++)
+            free(newpwddns[i]);
+        free(newpwddns);
     }
     if (newadmindns) {
-	for (i=0; newadmindns[i] != NULL; i++)
-	    free(newadmindns[i]);
-	free(newadmindns);
+        for (i=0; newadmindns[i] != NULL; i++)
+            free(newadmindns[i]);
+        free(newadmindns);
     }
     if (oldsubtrees) {
-	for (i=0;oldsubtrees[i]!=NULL; i++)
-	    free(oldsubtrees[i]);
-	free(oldsubtrees);
+        for (i=0;oldsubtrees[i]!=NULL; i++)
+            free(oldsubtrees[i]);
+        free(oldsubtrees);
     }
     if (newsubtrees) {
-	for (i=0;newsubtrees[i]!=NULL; i++)
-	    free(newsubtrees[i]);
-	free(oldsubtrees);
+        for (i=0;newsubtrees[i]!=NULL; i++)
+            free(newsubtrees[i]);
+        free(oldsubtrees);
     }
 #endif
     if (print_usage) {
-	db_usage(MODIFY_REALM);
+        db_usage(MODIFY_REALM);
     }
 
     if (retval) {
-	if (!no_msg)
-	    com_err(progname, retval, "while modifying information of realm '%s'",
-		    global_params.realm);
-	exit_status++;
+        if (!no_msg)
+            com_err(progname, retval, "while modifying information of realm '%s'",
+                    global_params.realm);
+        exit_status++;
     }
 
     return;
@@ -1934,9 +1931,8 @@ cleanup:
 /*
  * This function displays the attributes of a Realm
  */
-void kdb5_ldap_view(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_view(int argc, char *argv[])
 {
     krb5_ldap_realm_params *rparams = NULL;
     krb5_error_code retval = 0;
@@ -1947,26 +1943,26 @@ void kdb5_ldap_view(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-	retval = EINVAL;
-	com_err(progname, retval, "while initializing database");
-	exit_status++;
-	return;
+        retval = EINVAL;
+        com_err(progname, retval, "while initializing database");
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container information */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer))) != 0) {
-	com_err(progname, retval, "while reading kerberos container information");
-	exit_status++;
-	return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     if ((retval = krb5_ldap_read_realm_params(util_context,
-					      global_params.realm, &rparams, &mask)) || (!rparams)) {
-	com_err(progname, retval, "while reading information of realm '%s'",
-		global_params.realm);
-	exit_status++;
-	return;
+                                              global_params.realm, &rparams, &mask)) || (!rparams)) {
+        com_err(progname, retval, "while reading information of realm '%s'",
+                global_params.realm);
+        exit_status++;
+        return;
     }
     print_realm_params(rparams, mask);
     krb5_ldap_free_realm_params(rparams);
@@ -1974,17 +1970,17 @@ void kdb5_ldap_view(argc, argv)
     return;
 }
 
-static char *strdur(duration)
-    time_t duration;
+static char *
+strdur(time_t duration)
 {
     static char out[50];
     int neg, days, hours, minutes, seconds;
 
     if (duration < 0) {
-	duration *= -1;
-	neg = 1;
+        duration *= -1;
+        neg = 1;
     } else
-	neg = 0;
+        neg = 0;
     days = duration / (24 * 3600);
     duration %= 24 * 3600;
     hours = duration / 3600;
@@ -1993,8 +1989,8 @@ static char *strdur(duration)
     duration %= 60;
     seconds = duration;
     snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-	    days, days == 1 ? "day" : "days",
-	    hours, minutes, seconds);
+             days, days == 1 ? "day" : "days",
+             hours, minutes, seconds);
     return out;
 }
 
@@ -2002,7 +1998,8 @@ static char *strdur(duration)
  * This function prints the attributes of a given realm to the
  * standard output.
  */
-static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
+static void
+print_realm_params(krb5_ldap_realm_params *rparams, int mask)
 {
     char **slist = NULL;
     unsigned int num_entry_printed = 0, i = 0;
@@ -2010,117 +2007,117 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
     /* Print the Realm Attributes on the standard output */
     printf("%25s: %-50s\n", "Realm Name", global_params.realm);
     if (mask & LDAP_REALM_SUBTREE) {
-	for (i=0; rparams->subtree[i]!=NULL; i++)
-	    printf("%25s: %-50s\n", "Subtree", rparams->subtree[i]);
+        for (i=0; rparams->subtree[i]!=NULL; i++)
+            printf("%25s: %-50s\n", "Subtree", rparams->subtree[i]);
     }
     if (mask & LDAP_REALM_CONTREF)
-	printf("%25s: %-50s\n", "Principal Container Reference", rparams->containerref);
+        printf("%25s: %-50s\n", "Principal Container Reference", rparams->containerref);
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-	if ((rparams->search_scope != 1) &&
-	    (rparams->search_scope != 2)) {
-	    printf("%25s: %-50s\n", "SearchScope", "Invalid !");
-	} else {
-	    printf("%25s: %-50s\n", "SearchScope",
-		   (rparams->search_scope == 1) ? "ONE" : "SUB");
-	}
+        if ((rparams->search_scope != 1) &&
+            (rparams->search_scope != 2)) {
+            printf("%25s: %-50s\n", "SearchScope", "Invalid !");
+        } else {
+            printf("%25s: %-50s\n", "SearchScope",
+                   (rparams->search_scope == 1) ? "ONE" : "SUB");
+        }
     }
     if (mask & LDAP_REALM_KDCSERVERS) {
-	printf("%25s:", "KDC Services");
-	if (rparams->kdcservers != NULL) {
-	    num_entry_printed = 0;
-	    for (slist = rparams->kdcservers; *slist != NULL; slist++) {
-		if (num_entry_printed)
-		    printf(" %25s %-50s\n", " ", *slist);
-		else
-		    printf(" %-50s\n", *slist);
-		num_entry_printed++;
-	    }
-	}
-	if (num_entry_printed == 0)
-	    printf("\n");
+        printf("%25s:", "KDC Services");
+        if (rparams->kdcservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->kdcservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
     if (mask & LDAP_REALM_ADMINSERVERS) {
-	printf("%25s:", "Admin Services");
-	if (rparams->adminservers != NULL) {
-	    num_entry_printed = 0;
-	    for (slist = rparams->adminservers; *slist != NULL; slist++) {
-		if (num_entry_printed)
-		    printf(" %25s %-50s\n", " ", *slist);
-		else
-		    printf(" %-50s\n", *slist);
-		num_entry_printed++;
-	    }
-	}
-	if (num_entry_printed == 0)
-	    printf("\n");
+        printf("%25s:", "Admin Services");
+        if (rparams->adminservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->adminservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-	printf("%25s:", "Passwd Services");
-	if (rparams->passwdservers != NULL) {
-	    num_entry_printed = 0;
-	    for (slist = rparams->passwdservers; *slist != NULL; slist++) {
-		if (num_entry_printed)
-		    printf(" %25s %-50s\n", " ", *slist);
-		else
-		    printf(" %-50s\n", *slist);
-		num_entry_printed++;
-	    }
-	}
-	if (num_entry_printed == 0)
-	    printf("\n");
+        printf("%25s:", "Passwd Services");
+        if (rparams->passwdservers != NULL) {
+            num_entry_printed = 0;
+            for (slist = rparams->passwdservers; *slist != NULL; slist++) {
+                if (num_entry_printed)
+                    printf(" %25s %-50s\n", " ", *slist);
+                else
+                    printf(" %-50s\n", *slist);
+                num_entry_printed++;
+            }
+        }
+        if (num_entry_printed == 0)
+            printf("\n");
     }
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
-	printf("%25s:", "Maximum Ticket Life");
-	printf(" %s \n", strdur(rparams->max_life));
+        printf("%25s:", "Maximum Ticket Life");
+        printf(" %s \n", strdur(rparams->max_life));
     }
 
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
-	printf("%25s:", "Maximum Renewable Life");
-	printf(" %s \n", strdur(rparams->max_renewable_life));
+        printf("%25s:", "Maximum Renewable Life");
+        printf(" %s \n", strdur(rparams->max_renewable_life));
     }
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
-	int ticketflags = rparams->tktflags;
+        int ticketflags = rparams->tktflags;
 
-	printf("%25s: ", "Ticket flags");
-	if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-	    printf("%s ","DISALLOW_POSTDATED");
+        printf("%25s: ", "Ticket flags");
+        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+            printf("%s ","DISALLOW_POSTDATED");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-	    printf("%s ","DISALLOW_FORWARDABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+            printf("%s ","DISALLOW_FORWARDABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-	    printf("%s ","DISALLOW_RENEWABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+            printf("%s ","DISALLOW_RENEWABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-	    printf("%s ","DISALLOW_PROXIABLE");
+        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+            printf("%s ","DISALLOW_PROXIABLE");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-	    printf("%s ","DISALLOW_DUP_SKEY");
+        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+            printf("%s ","DISALLOW_DUP_SKEY");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-	    printf("%s ","REQUIRES_PRE_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+            printf("%s ","REQUIRES_PRE_AUTH");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-	    printf("%s ","REQUIRES_HW_AUTH");
+        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+            printf("%s ","REQUIRES_HW_AUTH");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-	    printf("%s ","DISALLOW_SVR");
+        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+            printf("%s ","DISALLOW_SVR");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-	    printf("%s ","DISALLOW_TGT_BASED");
+        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+            printf("%s ","DISALLOW_TGT_BASED");
 
-	if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-	    printf("%s ","DISALLOW_ALL_TIX");
+        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+            printf("%s ","DISALLOW_ALL_TIX");
 
-	if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-	    printf("%s ","REQUIRES_PWCHANGE");
+        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+            printf("%s ","REQUIRES_PWCHANGE");
 
-	if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-	    printf("%s ","PWCHANGE_SERVICE");
+        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+            printf("%s ","PWCHANGE_SERVICE");
 
-	printf("\n");
+        printf("\n");
     }
 
 
@@ -2133,9 +2130,8 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
  * This function lists the Realm(s) present under the Kerberos container
  * on the LDAP Server.
  */
-void kdb5_ldap_list(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list(int argc, char *argv[])
 {
     char **list = NULL;
     char **plist = NULL;
@@ -2146,36 +2142,36 @@ void kdb5_ldap_list(argc, argv)
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-	retval = EINVAL;
-	exit_status++;
-	return;
+        retval = EINVAL;
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container information */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer))) != 0) {
-	com_err(progname, retval, "while reading kerberos container information");
-	exit_status++;
-	return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     retval = krb5_ldap_list_realm(util_context, &list);
     if (retval != 0) {
-	krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
-	ldap_context->krbcontainer = NULL;
-	com_err (progname, retval, "while listing realms");
-	exit_status++;
-	return;
+        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+        ldap_context->krbcontainer = NULL;
+        com_err (progname, retval, "while listing realms");
+        exit_status++;
+        return;
     }
     /* This is to handle the case of realm not present */
     if (list == NULL) {
-	krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
-	ldap_context->krbcontainer = NULL;
-	return;
+        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+        ldap_context->krbcontainer = NULL;
+        return;
     }
 
     for (plist = list; *plist != NULL; plist++) {
-	printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
@@ -2197,10 +2193,8 @@ void kdb5_ldap_list(argc, argv)
 /* Start duplicate code ... */
 
 static krb5_error_code
-krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
-    krb5_context context;
-    krb5_db_entry *entry;
-    krb5_tl_data *new_tl_data;
+krb5_dbe_update_tl_data_new(krb5_context context, krb5_db_entry *entry,
+                            krb5_tl_data *new_tl_data)
 {
     krb5_tl_data *tl_data = NULL;
     krb5_octet *tmp;
@@ -2208,46 +2202,46 @@ krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
     /* copy the new data first, so we can fail cleanly if malloc()
      * fails */
 /*
-    if ((tmp =
-	 (krb5_octet *) krb5_db_alloc(context, NULL,
-				      new_tl_data->tl_data_length)) == NULL)
+  if ((tmp =
+  (krb5_octet *) krb5_db_alloc(context, NULL,
+  new_tl_data->tl_data_length)) == NULL)
 */
     if ((tmp = (krb5_octet *) malloc (new_tl_data->tl_data_length)) == NULL)
-	return (ENOMEM);
+        return (ENOMEM);
 
     /* Find an existing entry of the specified type and point at
      * it, or NULL if not found */
 
-    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) {	/* db_args can be multiple */
-	for (tl_data = entry->tl_data; tl_data;
-	     tl_data = tl_data->tl_data_next)
-	    if (tl_data->tl_data_type == new_tl_data->tl_data_type)
-		break;
+    if (new_tl_data->tl_data_type != KRB5_TL_DB_ARGS) { /* db_args can be multiple */
+        for (tl_data = entry->tl_data; tl_data;
+             tl_data = tl_data->tl_data_next)
+            if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+                break;
     }
 
     /* if necessary, chain a new record in the beginning and point at it */
 
     if (!tl_data) {
 /*
-	if ((tl_data =
-	     (krb5_tl_data *) krb5_db_alloc(context, NULL,
-					    sizeof(krb5_tl_data)))
-	    == NULL) {
+  if ((tl_data =
+  (krb5_tl_data *) krb5_db_alloc(context, NULL,
+  sizeof(krb5_tl_data)))
+  == NULL) {
 */
-	if ((tl_data = (krb5_tl_data *) malloc (sizeof(krb5_tl_data))) == NULL) {
-	    free(tmp);
-	    return (ENOMEM);
-	}
-	memset(tl_data, 0, sizeof(krb5_tl_data));
-	tl_data->tl_data_next = entry->tl_data;
-	entry->tl_data = tl_data;
-	entry->n_tl_data++;
+        if ((tl_data = (krb5_tl_data *) malloc (sizeof(krb5_tl_data))) == NULL) {
+            free(tmp);
+            return (ENOMEM);
+        }
+        memset(tl_data, 0, sizeof(krb5_tl_data));
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
     }
 
     /* fill in the record */
 
     if (tl_data->tl_data_contents)
-	krb5_db_free(context, tl_data->tl_data_contents);
+        krb5_db_free(context, tl_data->tl_data_contents);
 
     tl_data->tl_data_type = new_tl_data->tl_data_type;
     tl_data->tl_data_length = new_tl_data->tl_data_length;
@@ -2258,29 +2252,27 @@ krb5_dbe_update_tl_data_new(context, entry, new_tl_data)
 }
 
 static krb5_error_code
-krb5_dbe_update_mod_princ_data_new(context, entry, mod_date, mod_princ)
-    krb5_context	  context;
-    krb5_db_entry	* entry;
-    krb5_timestamp	  mod_date;
-    krb5_const_principal  mod_princ;
+krb5_dbe_update_mod_princ_data_new(krb5_context context, krb5_db_entry *entry,
+                                   krb5_timestamp mod_date,
+                                   krb5_const_principal mod_princ)
 {
     krb5_tl_data          tl_data;
 
-    krb5_error_code 	  retval = 0;
-    krb5_octet		* nextloc = 0;
-    char		* unparse_mod_princ = 0;
-    unsigned int	unparse_mod_princ_size;
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
 
     if ((retval = krb5_unparse_name(context, mod_princ,
-				    &unparse_mod_princ)))
-	return(retval);
+                                    &unparse_mod_princ)))
+        return(retval);
 
     unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
 
     if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
-	== NULL) {
-	free(unparse_mod_princ);
-	return(ENOMEM);
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
     }
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
@@ -2302,9 +2294,7 @@ krb5_dbe_update_mod_princ_data_new(context, entry, mod_date, mod_princ)
 }
 
 static krb5_error_code
-kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
-    krb5_key_salt_tuple *ksent;
-    krb5_pointer        ptr;
+kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr)
 {
     krb5_context        context;
     krb5_error_code     kret;
@@ -2328,27 +2318,27 @@ kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
     pwd.length = strlen(mkey_password);
     kret = krb5_c_random_seed(context, &pwd);
     if (kret)
-	return kret;
+        return kret;
 
     /*if (!(kret = krb5_dbe_create_key_data(iargs->ctx, iargs->dbentp))) {*/
     if ((entry->key_data =
-	 (krb5_key_data *) realloc(entry->key_data,
-				   (sizeof(krb5_key_data) *
-				    (entry->n_key_data + 1)))) == NULL)
-	return (ENOMEM);
+         (krb5_key_data *) realloc(entry->key_data,
+                                   (sizeof(krb5_key_data) *
+                                    (entry->n_key_data + 1)))) == NULL)
+        return (ENOMEM);
 
     memset(entry->key_data + entry->n_key_data, 0, sizeof(krb5_key_data));
     ind = entry->n_key_data++;
 
     if (!(kret = krb5_c_make_random_key(context, ksent->ks_enctype,
-					&key))) {
-	kret = krb5_dbekd_encrypt_key_data(context,
-					   iargs->rblock->key,
-					   &key,
-					   NULL,
-					   1,
-					   &entry->key_data[ind]);
-	krb5_free_keyblock_contents(context, &key);
+                                        &key))) {
+        kret = krb5_dbekd_encrypt_key_data(context,
+                                           iargs->rblock->key,
+                                           &key,
+                                           NULL,
+                                           1,
+                                           &entry->key_data[ind]);
+        krb5_free_keyblock_contents(context, &key);
     }
     /*}*/
 
@@ -2361,11 +2351,8 @@ kdb_ldap_tgt_keysalt_iterate(ksent, ptr)
  * creating the realm object.
  */
 static int
-kdb_ldap_create_principal (context, princ, op, pblock)
-    krb5_context context;
-    krb5_principal princ;
-    enum ap_op op;
-    struct realm_info *pblock;
+kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
+                          enum ap_op op, struct realm_info *pblock)
 {
     int              retval=0, currlen=0, princtype = 2 /* Service Principal */;
     unsigned char    *curr=NULL;
@@ -2383,30 +2370,30 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     krb5_actkvno_node     actkvno;
 
     if ((pblock == NULL) || (context == NULL)) {
-	retval = EINVAL;
-	goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-	retval = EINVAL;
-	goto cleanup;
+        retval = EINVAL;
+        goto cleanup;
     }
 
     memset(&entry, 0, sizeof(entry));
 
     tl_data = malloc(sizeof(*tl_data));
     if (tl_data == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memset(tl_data, 0, sizeof(*tl_data));
     tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4;
     tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */
     curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length);
     if (tl_data->tl_data_contents == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     memset(curr, 1, 1); /* Passing the mask as principal type */
@@ -2439,74 +2426,74 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     entry.expiration = pblock->expiration;
     entry.mask = mask;
     if ((retval = krb5_copy_principal(context, princ, &entry.princ)))
-	goto cleanup;
+        goto cleanup;
 
 
     switch (op) {
     case TGT_KEY:
-	if ((pdata = krb5_princ_component(context, princ, 1)) &&
-	    pdata->length == strlen("history") &&
-	    !memcmp(pdata->data, "history", strlen("history"))) {
-
-	    /* Allocate memory for storing the key */
-	    if ((entry.key_data = (krb5_key_data *) malloc(
-		     sizeof(krb5_key_data))) == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-
-	    memset(entry.key_data, 0, sizeof(krb5_key_data));
-	    entry.n_key_data++;
-
-	    retval = krb5_c_make_random_key(context, global_params.enctype, &key);
-	    if (retval) {
-		goto cleanup;
-	    }
-	    kvno = 1; /* New key is getting set */
-	    retval = krb5_dbekd_encrypt_key_data(context,
-						 &ldap_context->lrparams->mkey,
-						 &key, NULL, kvno,
-						 &entry.key_data[entry.n_key_data - 1]);
-	    krb5_free_keyblock_contents(context, &key);
-	    if (retval) {
-		goto cleanup;
-	    }
-	} else {
-	    /*retval = krb5_c_make_random_key(context, 16, &key) ;*/
-	    iargs.ctx = context;
-	    iargs.rblock = pblock;
-	    iargs.dbentp = &entry;
-
-	    /*
-	     * Iterate through the key/salt list, ignoring salt types.
-	     */
-	    if ((retval = krb5_keysalt_iterate(pblock->kslist,
-					       pblock->nkslist,
-					       1,
-					       kdb_ldap_tgt_keysalt_iterate,
-					       (krb5_pointer) &iargs)))
-		return retval;
-	}
-	break;
+        if ((pdata = krb5_princ_component(context, princ, 1)) &&
+            pdata->length == strlen("history") &&
+            !memcmp(pdata->data, "history", strlen("history"))) {
+
+            /* Allocate memory for storing the key */
+            if ((entry.key_data = (krb5_key_data *) malloc(
+                     sizeof(krb5_key_data))) == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            memset(entry.key_data, 0, sizeof(krb5_key_data));
+            entry.n_key_data++;
+
+            retval = krb5_c_make_random_key(context, global_params.enctype, &key);
+            if (retval) {
+                goto cleanup;
+            }
+            kvno = 1; /* New key is getting set */
+            retval = krb5_dbekd_encrypt_key_data(context,
+                                                 &ldap_context->lrparams->mkey,
+                                                 &key, NULL, kvno,
+                                                 &entry.key_data[entry.n_key_data - 1]);
+            krb5_free_keyblock_contents(context, &key);
+            if (retval) {
+                goto cleanup;
+            }
+        } else {
+            /*retval = krb5_c_make_random_key(context, 16, &key) ;*/
+            iargs.ctx = context;
+            iargs.rblock = pblock;
+            iargs.dbentp = &entry;
+
+            /*
+             * Iterate through the key/salt list, ignoring salt types.
+             */
+            if ((retval = krb5_keysalt_iterate(pblock->kslist,
+                                               pblock->nkslist,
+                                               1,
+                                               kdb_ldap_tgt_keysalt_iterate,
+                                               (krb5_pointer) &iargs)))
+                return retval;
+        }
+        break;
 
     case MASTER_KEY:
-	/* Allocate memory for storing the key */
-	if ((entry.key_data = (krb5_key_data *) malloc(
-		 sizeof(krb5_key_data))) == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-
-	memset(entry.key_data, 0, sizeof(krb5_key_data));
-	entry.n_key_data++;
-	kvno = 1; /* New key is getting set */
-	retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-					     &ldap_context->lrparams->mkey,
-					     NULL, kvno,
-					     &entry.key_data[entry.n_key_data - 1]);
-	if (retval) {
-	    goto cleanup;
-	}
+        /* Allocate memory for storing the key */
+        if ((entry.key_data = (krb5_key_data *) malloc(
+                 sizeof(krb5_key_data))) == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        memset(entry.key_data, 0, sizeof(krb5_key_data));
+        entry.n_key_data++;
+        kvno = 1; /* New key is getting set */
+        retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
+                                             &ldap_context->lrparams->mkey,
+                                             NULL, kvno,
+                                             &entry.key_data[entry.n_key_data - 1]);
+        if (retval) {
+            goto cleanup;
+        }
         /*
          * There should always be at least one "active" mkey so creating the
          * KRB5_TL_ACTKVNO entry now so the initial mkey is active.
@@ -2515,20 +2502,20 @@ kdb_ldap_create_principal (context, princ, op, pblock)
         actkvno.act_kvno = kvno;
         actkvno.act_time = now;
         retval = krb5_dbe_update_actkvno(context, &entry, &actkvno);
-	if (retval)
-	    goto cleanup;
+        if (retval)
+            goto cleanup;
 
-	break;
+        break;
 
     case NULL_KEY:
     default:
-	break;
+        break;
     } /* end of switch */
 
     retval = krb5_ldap_put_principal(context, &entry, &nentry, NULL);
     if (retval) {
-	com_err(NULL, retval, "while adding entries to database");
-	goto cleanup;
+        com_err(NULL, retval, "while adding entries to database");
+        goto cleanup;
     }
 
 cleanup:
@@ -2541,9 +2528,7 @@ cleanup:
  * This function destroys the realm object and the associated principals
  */
 void
-kdb5_ldap_destroy(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy(int argc, char *argv[])
 {
     extern char *optarg;
     extern int optind;
@@ -2561,118 +2546,118 @@ kdb5_ldap_destroy(argc, argv)
 
     optind = 1;
     while ((optchar = getopt(argc, argv, "f")) != -1) {
-	switch (optchar) {
-	case 'f':
-	    force++;
-	    break;
-	case '?':
-	default:
-	    db_usage(DESTROY_REALM);
-	    return;
-	    /*NOTREACHED*/
-	}
+        switch (optchar) {
+        case 'f':
+            force++;
+            break;
+        case '?':
+        default:
+            db_usage(DESTROY_REALM);
+            return;
+            /*NOTREACHED*/
+        }
     }
 
     if (!force) {
-	printf("Deleting KDC database of '%s', are you sure?\n", global_params.realm);
-	printf("(type 'yes' to confirm)? ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    exit_status++;
-	    return;
-	}
-	if (strcmp(buf, yes)) {
-	    exit_status++;
-	    return;
-	}
-	printf("OK, deleting database of '%s'...\n", global_params.realm);
+        printf("Deleting KDC database of '%s', are you sure?\n", global_params.realm);
+        printf("(type 'yes' to confirm)? ");
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            return;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            return;
+        }
+        printf("OK, deleting database of '%s'...\n", global_params.realm);
     }
 
     dal_handle = util_context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-	com_err(progname, EINVAL, "while initializing database");
-	exit_status++;
-	return;
+        com_err(progname, EINVAL, "while initializing database");
+        exit_status++;
+        return;
     }
 
     /* Read the kerberos container from the LDAP Server */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer))) != 0) {
-	com_err(progname, retval, "while reading kerberos container information");
-	exit_status++;
-	return;
+                                                     &(ldap_context->krbcontainer))) != 0) {
+        com_err(progname, retval, "while reading kerberos container information");
+        exit_status++;
+        return;
     }
 
     /* Read the Realm information from the LDAP Server */
     if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
-					      &(ldap_context->lrparams), &mask)) != 0) {
-	com_err(progname, retval, "while reading realm information");
-	exit_status++;
-	return;
+                                              &(ldap_context->lrparams), &mask)) != 0) {
+        com_err(progname, retval, "while reading realm information");
+        exit_status++;
+        return;
     }
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-	(mask & LDAP_REALM_PASSWDSERVERS)) {
-
-	printf("Changing rights for the service object. Please wait ... ");
-	fflush(stdout);
-
-	rparams = ldap_context->lrparams;
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-	    for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-		if ((retval = krb5_ldap_delete_service_rights(util_context,
-							      LDAP_KDC_SERVICE, rparams->kdcservers[i],
-							      rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    return;
-		}
-	    }
-	}
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-	    for (i=0; (rparams->adminservers[i] != NULL); i++) {
-		if ((retval = krb5_ldap_delete_service_rights(util_context,
-							      LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-							      rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    return;
-		}
-	    }
-	}
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-	    for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-		if ((retval = krb5_ldap_delete_service_rights(util_context,
-							      LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-							      rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    printf("failed\n");
-		    com_err(progname, retval, "while assigning rights to '%s'",
-			    rparams->realm_name);
-		    return;
-		}
-	    }
-	}
-	printf("done\n");
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        printf("Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rparams = ldap_context->lrparams;
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                              rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    printf("failed\n");
+                    com_err(progname, retval, "while assigning rights to '%s'",
+                            rparams->realm_name);
+                    return;
+                }
+            }
+        }
+        printf("done\n");
     }
 #endif
     /* Delete the realm container and all the associated principals */
     retval = krb5_ldap_delete_realm(util_context, global_params.realm);
     if (retval) {
-	com_err(progname, retval, "deleting database of '%s'", global_params.realm);
-	exit_status++;
-	return;
+        com_err(progname, retval, "deleting database of '%s'", global_params.realm);
+        exit_status++;
+        return;
     }
 
     printf("** Database of '%s' destroyed.\n", global_params.realm);
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
index 9a2972a..a822521 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_realm.h
  */
@@ -29,13 +30,13 @@
  * POSSIBILITY OF SUCH DAMAGE.
  */
 
-#define BUFF_LEN 		64      /* Max len of enctype string */
-#define MAX_PRINC_SIZE 		256
+#define BUFF_LEN                64      /* Max len of enctype string */
+#define MAX_PRINC_SIZE          256
 
 enum ap_op {
-    NULL_KEY,	/* setup null keys */
-    MASTER_KEY,	/* use master key as new key */
-    TGT_KEY	/* special handling for tgt key */
+    NULL_KEY,   /* setup null keys */
+    MASTER_KEY, /* use master key as new key */
+    TGT_KEY     /* special handling for tgt key */
 };
 
 struct realm_info {
@@ -49,13 +50,13 @@ struct realm_info {
 };
 
 struct iterate_args {
-    krb5_context	ctx;
-    struct realm_info	*rblock;
-    krb5_db_entry	*dbentp;
+    krb5_context        ctx;
+    struct realm_info   *rblock;
+    krb5_db_entry       *dbentp;
 };
 
-extern void kdb5_ldap_create (int argc, char **argv);
-extern void kdb5_ldap_destroy (int argc, char **argv);
-extern void kdb5_ldap_modify (int argc, char **argv);
-extern void kdb5_ldap_view (int argc, char **argv);
-extern void kdb5_ldap_list (int argc, char **argv);
+extern void kdb5_ldap_create(int argc, char **argv);
+extern void kdb5_ldap_destroy(int argc, char **argv);
+extern void kdb5_ldap_modify(int argc, char **argv);
+extern void kdb5_ldap_view(int argc, char **argv);
+extern void kdb5_ldap_list(int argc, char **argv);
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
index 48cbe5a..fb384d3 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_services.c
  */
@@ -50,9 +51,9 @@ convert_realm_name2dn_list(char **list, const char *krbcontainer_loc);
 
 static krb5_error_code
 rem_service_entry_from_file(int argc,
-			    char *argv[],
-			    char *file_name,
-			    char *service_object);
+                            char *argv[],
+                            char *file_name,
+                            char *service_object);
 
 static void
 print_service_params(krb5_ldap_service_params *lserparams, int mask);
@@ -60,7 +61,8 @@ print_service_params(krb5_ldap_service_params *lserparams, int mask);
 extern char *yes;
 extern krb5_boolean db_inited;
 
-static int process_host_list(char **host_list, int servicetype)
+static int
+process_host_list(char **host_list, int servicetype)
 {
     krb5_error_code retval = 0;
     char *pchr = NULL;
@@ -69,93 +71,93 @@ static int process_host_list(char **host_list, int servicetype)
 
     /* Protocol and port number processing */
     for (j = 0; host_list[j]; j++) {
-	/* Look for one hash */
-	if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
-	    unsigned int hostname_len = pchr - host_list[j];
-
-	    /* Check input for buffer overflow */
-	    if (hostname_len >= MAX_LEN_LIST_ENTRY) {
-		retval = EINVAL;
-		goto cleanup;
-	    }
-
-	    /* First copy off the host name portion */
-	    strncpy (host_str, host_list[j], hostname_len);
-
-	    /* Parse for the protocol string and translate to number */
-	    strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
-	    if (!strcmp(proto_str, "udp"))
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_NUM_UDP);
-	    else if (!strcmp(proto_str, "tcp"))
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_NUM_TCP);
-	    else
-		proto_str[0] = '\0'; /* Make the string null if invalid */
-
-	    /* Look for one more hash */
-	    if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
-		/* Parse for the port string and check if it is numeric */
-		strncpy (port_str, pchr + 1, PORT_STR_LEN);
-		if (!strtol(port_str, NULL, 10)) /* Not a valid number */
-		    port_str[0] = '\0';
-	    } else
-		port_str[0] = '\0';
-	} else { /* We have only host name */
-	    strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
-	    proto_str[0] = '\0';
-	    port_str[0] = '\0';
-	}
-
-	/* Now, based on service type, fill in suitable protocol
-	   and port values if they are absent or not matching */
-	if (servicetype == LDAP_KDC_SERVICE) {
-	    if (proto_str[0] == '\0')
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_DEFAULT_KDC);
-
-	    if (port_str[0] == '\0')
-		snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC);
-	} else if (servicetype == LDAP_ADMIN_SERVICE) {
-	    if (proto_str[0] == '\0')
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_DEFAULT_ADM);
-	    else if (strcmp(proto_str, "1")) {
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_DEFAULT_ADM);
-
-		/* Print warning message */
-		printf ("Admin Server supports only TCP protocol, hence setting that\n");
-	    }
-
-	    if (port_str[0] == '\0')
-		snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM);
-	} else if (servicetype == LDAP_PASSWD_SERVICE) {
-	    if (proto_str[0] == '\0')
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_DEFAULT_PWD);
-	    else if (strcmp(proto_str, "0")) {
-		snprintf (proto_str, sizeof(proto_str), "%d",
-			  PROTOCOL_DEFAULT_PWD);
-
-		/* Print warning message */
-		printf ("Password Server supports only UDP protocol, hence setting that\n");
-	    }
-
-	    if (port_str[0] == '\0')
-		sprintf (port_str, "%d", PORT_DEFAULT_PWD);
-	}
-
-	/* Finally form back the string */
-	free (host_list[j]);
-	host_list[j] = (char*) malloc(sizeof(char) *
-				      (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
-	if (host_list[j] == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
-		  "%s#%s#%s", host_str, proto_str, port_str);
+        /* Look for one hash */
+        if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
+            unsigned int hostname_len = pchr - host_list[j];
+
+            /* Check input for buffer overflow */
+            if (hostname_len >= MAX_LEN_LIST_ENTRY) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+
+            /* First copy off the host name portion */
+            strncpy (host_str, host_list[j], hostname_len);
+
+            /* Parse for the protocol string and translate to number */
+            strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
+            if (!strcmp(proto_str, "udp"))
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_NUM_UDP);
+            else if (!strcmp(proto_str, "tcp"))
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_NUM_TCP);
+            else
+                proto_str[0] = '\0'; /* Make the string null if invalid */
+
+            /* Look for one more hash */
+            if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
+                /* Parse for the port string and check if it is numeric */
+                strncpy (port_str, pchr + 1, PORT_STR_LEN);
+                if (!strtol(port_str, NULL, 10)) /* Not a valid number */
+                    port_str[0] = '\0';
+            } else
+                port_str[0] = '\0';
+        } else { /* We have only host name */
+            strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
+            proto_str[0] = '\0';
+            port_str[0] = '\0';
+        }
+
+        /* Now, based on service type, fill in suitable protocol
+           and port values if they are absent or not matching */
+        if (servicetype == LDAP_KDC_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_KDC);
+
+            if (port_str[0] == '\0')
+                snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC);
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_ADM);
+            else if (strcmp(proto_str, "1")) {
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_ADM);
+
+                /* Print warning message */
+                printf ("Admin Server supports only TCP protocol, hence setting that\n");
+            }
+
+            if (port_str[0] == '\0')
+                snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM);
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            if (proto_str[0] == '\0')
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_PWD);
+            else if (strcmp(proto_str, "0")) {
+                snprintf (proto_str, sizeof(proto_str), "%d",
+                          PROTOCOL_DEFAULT_PWD);
+
+                /* Print warning message */
+                printf ("Password Server supports only UDP protocol, hence setting that\n");
+            }
+
+            if (port_str[0] == '\0')
+                sprintf (port_str, "%d", PORT_DEFAULT_PWD);
+        }
+
+        /* Finally form back the string */
+        free (host_list[j]);
+        host_list[j] = (char*) malloc(sizeof(char) *
+                                      (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
+        if (host_list[j] == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
+                  "%s#%s#%s", host_str, proto_str, port_str);
     }
 
 cleanup:
@@ -168,9 +170,7 @@ cleanup:
  * Kerberos container location.
  */
 static krb5_error_code
-convert_realm_name2dn_list(list, krbcontainer_loc)
-    char **list;
-    const char *krbcontainer_loc;
+convert_realm_name2dn_list(char **list, const char *krbcontainer_loc)
 {
     krb5_error_code retval = 0;
     char temp_str[MAX_DN_CHARS] = "\0";
@@ -178,24 +178,24 @@ convert_realm_name2dn_list(list, krbcontainer_loc)
     int i = 0;
 
     if (list == NULL) {
-	return EINVAL;
+        return EINVAL;
     }
 
     for (i = 0; (list[i] != NULL) && (i < MAX_LIST_ENTRIES); i++) {
-	/* Restrict copying to max. length to avoid buffer overflow */
-	snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
+        /* Restrict copying to max. length to avoid buffer overflow */
+        snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
 
-	/* Make copy of string to temporary node */
-	temp_node = strdup(temp_str);
-	if (list[i] == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
+        /* Make copy of string to temporary node */
+        temp_node = strdup(temp_str);
+        if (list[i] == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
 
-	/* On success, free list node and attach new one */
-	free (list[i]);
-	list[i] = temp_node;
-	temp_node = NULL;
+        /* On success, free list node and attach new one */
+        free (list[i]);
+        list[i] = temp_node;
+        temp_node = NULL;
     }
 
 cleanup:
@@ -207,9 +207,8 @@ cleanup:
  * This function will create a service object on the LDAP Server, with the
  * specified attributes.
  */
-void kdb5_ldap_create_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_create_service(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -231,15 +230,15 @@ void kdb5_ldap_create_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     /* Allocate memory for service parameters structure */
     srvparams = (krb5_ldap_service_params*) calloc(1, sizeof(krb5_ldap_service_params));
     if (srvparams == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     dal_handle = util_context->dal_handle;
@@ -250,8 +249,8 @@ void kdb5_ldap_create_service(argc, argv)
        of arguments */
     extra_argv = (char **) calloc((unsigned int)argc, sizeof(char*));
     if (extra_argv == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* Set first of the extra arguments as the program name */
@@ -262,128 +261,128 @@ void kdb5_ldap_create_service(argc, argv)
      * and for assigning rights
      */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer)))) {
-	com_err(me, retval, "while reading Kerberos container information");
-	goto cleanup;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(me, retval, "while reading Kerberos container information");
+        goto cleanup;
     }
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-	if (!strcmp(argv[i], "-kdc")) {
-	    srvparams->servicetype = LDAP_KDC_SERVICE;
-	} else if (!strcmp(argv[i], "-admin")) {
-	    srvparams->servicetype = LDAP_ADMIN_SERVICE;
-	} else if (!strcmp(argv[i], "-pwd")) {
-	    srvparams->servicetype = LDAP_PASSWD_SERVICE;
-	} else if (!strcmp(argv[i], "-servicehost")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-							sizeof(char *));
-	    if (srvparams->krbhostservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  srvparams->krbhostservers))) {
-		goto cleanup;
-	    }
-
-	    if ((retval = process_host_list (srvparams->krbhostservers,
-					     srvparams->servicetype))) {
-		goto cleanup;
-	    }
-
-	    mask |= LDAP_SERVICE_HOSTSERVER;
-	} else if (!strcmp(argv[i], "-realm")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-							    sizeof(char *));
-	    if (srvparams->krbrealmreferences == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  srvparams->krbrealmreferences))) {
-		goto cleanup;
-	    }
-
-	    /* Convert realm names to realm DNs */
-	    if ((retval = convert_realm_name2dn_list(
-		     srvparams->krbrealmreferences,
-		     ldap_context->krbcontainer->DN))) {
-		goto cleanup;
-	    }
-
-	    mask |= LDAP_SERVICE_REALMREFERENCE;
-	}
-	/* If argument is none of the above and beginning with '-',
-	 * it must be related to password -- collect it
-	 * to pass onto kdb5_ldap_set_service_password()
-	 */
-	else if (*(argv[i]) == '-') {
-	    /* Checking for options of setting the password for the
-	     * service (by using 'setsrvpw') is not modular. --need to
-	     * have a common function that can be shared with 'setsrvpw'
-	     */
-	    if (!strcmp(argv[i], "-randpw")) {
-		extra_argv[extra_argc] = argv[i];
-		extra_argc++;
-	    } else if (!strcmp(argv[i], "-fileonly")) {
-		extra_argv[extra_argc] = argv[i];
-		extra_argc++;
-	    }
-	    /* For '-f' option alone, pick up the following argument too */
-	    else if (!strcmp(argv[i], "-f")) {
-		extra_argv[extra_argc] = argv[i];
-		extra_argc++;
-
-		if (++i > argc - 1)
-		    goto err_usage;
-
-		extra_argv[extra_argc] = argv[i];
-		extra_argc++;
-	    } else { /* Any other option is invalid */
-		exit_status++;
-		goto err_usage;
-	    }
-	} else { /* Any other argument must be service DN */
-	    /* First check if service DN is already provided --
-	     * if so, there's a usage error
-	     */
-	    if (srvparams->servicedn != NULL) {
-		com_err(me, EINVAL, "while creating service object");
-		goto err_usage;
-	    }
-
-	    /* If not present already, fill up service DN */
-	    srvparams->servicedn = strdup(argv[i]);
-	    if (srvparams->servicedn == NULL) {
-		com_err(me, ENOMEM, "while creating service object");
-		goto err_nomsg;
-	    }
-	}
+        if (!strcmp(argv[i], "-kdc")) {
+            srvparams->servicetype = LDAP_KDC_SERVICE;
+        } else if (!strcmp(argv[i], "-admin")) {
+            srvparams->servicetype = LDAP_ADMIN_SERVICE;
+        } else if (!strcmp(argv[i], "-pwd")) {
+            srvparams->servicetype = LDAP_PASSWD_SERVICE;
+        } else if (!strcmp(argv[i], "-servicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                        sizeof(char *));
+            if (srvparams->krbhostservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbhostservers))) {
+                goto cleanup;
+            }
+
+            if ((retval = process_host_list (srvparams->krbhostservers,
+                                             srvparams->servicetype))) {
+                goto cleanup;
+            }
+
+            mask |= LDAP_SERVICE_HOSTSERVER;
+        } else if (!strcmp(argv[i], "-realm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                            sizeof(char *));
+            if (srvparams->krbrealmreferences == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbrealmreferences))) {
+                goto cleanup;
+            }
+
+            /* Convert realm names to realm DNs */
+            if ((retval = convert_realm_name2dn_list(
+                     srvparams->krbrealmreferences,
+                     ldap_context->krbcontainer->DN))) {
+                goto cleanup;
+            }
+
+            mask |= LDAP_SERVICE_REALMREFERENCE;
+        }
+        /* If argument is none of the above and beginning with '-',
+         * it must be related to password -- collect it
+         * to pass onto kdb5_ldap_set_service_password()
+         */
+        else if (*(argv[i]) == '-') {
+            /* Checking for options of setting the password for the
+             * service (by using 'setsrvpw') is not modular. --need to
+             * have a common function that can be shared with 'setsrvpw'
+             */
+            if (!strcmp(argv[i], "-randpw")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            } else if (!strcmp(argv[i], "-fileonly")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            }
+            /* For '-f' option alone, pick up the following argument too */
+            else if (!strcmp(argv[i], "-f")) {
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+
+                if (++i > argc - 1)
+                    goto err_usage;
+
+                extra_argv[extra_argc] = argv[i];
+                extra_argc++;
+            } else { /* Any other option is invalid */
+                exit_status++;
+                goto err_usage;
+            }
+        } else { /* Any other argument must be service DN */
+            /* First check if service DN is already provided --
+             * if so, there's a usage error
+             */
+            if (srvparams->servicedn != NULL) {
+                com_err(me, EINVAL, "while creating service object");
+                goto err_usage;
+            }
+
+            /* If not present already, fill up service DN */
+            srvparams->servicedn = strdup(argv[i]);
+            if (srvparams->servicedn == NULL) {
+                com_err(me, ENOMEM, "while creating service object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (srvparams->servicedn == NULL) {
-	com_err(me, EINVAL, "while creating service object");
-	goto err_usage;
+        com_err(me, EINVAL, "while creating service object");
+        goto err_usage;
     }
 
     if (srvparams->servicetype == 0) { /* Not provided and hence not set */
-	com_err(me, EINVAL, "while creating service object");
-	goto err_usage;
+        com_err(me, EINVAL, "while creating service object");
+        goto err_usage;
     }
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_service(util_context, srvparams, mask)))
-	goto cleanup;
+        goto cleanup;
 
     service_obj_created = TRUE;
 
@@ -394,66 +393,66 @@ void kdb5_ldap_create_service(argc, argv)
 
     /* Set password too */
     if (extra_argc >= 1) {
-	/* Set service DN as the last argument */
-	extra_argv[extra_argc] = strdup(srvparams->servicedn);
-	if (extra_argv[extra_argc] == NULL) {
+        /* Set service DN as the last argument */
+        extra_argv[extra_argc] = strdup(srvparams->servicedn);
+        if (extra_argv[extra_argc] == NULL) {
             retval = ENOMEM;
             goto cleanup;
         }
-	extra_argc++;
+        extra_argc++;
 
-	if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
-	    goto err_nomsg;
-	}
+        if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
+            goto err_nomsg;
+        }
     }
     /* Rights assignment */
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
 
-	printf("%s","Changing rights for the service object. Please wait ... ");
-	fflush(stdout);
-
-	rightsmask =0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-	if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
-	    for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
-
-		/* Get the realm name, not the dn */
-		temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
-
-		if (temprdns[0] == NULL) {
-		    retval = EINVAL;
-		    goto cleanup;
-		}
-
-		realmName = strdup(temprdns[0]);
-		if (realmName == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_ldap_read_realm_params(util_context,
-							  realmName, &rparams, &rmask))) {
-		    com_err(me, retval, "while reading information of realm '%s'",
-			    realmName);
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_ldap_add_service_rights(util_context,
-							   srvparams->servicetype, srvparams->servicedn,
-							   realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-		    printf("failed\n");
-		    com_err(me, retval, "while assigning rights '%s'",
-			    srvparams->servicedn);
-		    goto cleanup;
-		}
-
-		if (rparams)
-		    krb5_ldap_free_realm_params(rparams);
-	    }
-	}
-	printf("done\n");
+        printf("%s","Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+        if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+            for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
+
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                           srvparams->servicetype, srvparams->servicedn,
+                                                           realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto cleanup;
+                }
+
+                if (rparams)
+                    krb5_ldap_free_realm_params(rparams);
+            }
+        }
+        printf("done\n");
     }
     goto cleanup;
 
@@ -466,35 +465,35 @@ err_nomsg:
 cleanup:
 
     if ((retval != 0) && (service_obj_created == TRUE)) {
-	/* This is for deleting the service object if something goes
-	 * wrong in creating the service object
-	 */
+        /* This is for deleting the service object if something goes
+         * wrong in creating the service object
+         */
 
-	/* srvparams is populated from the user input and should be correct as
-	 * we were successful in creating a service object. Reusing the same
-	 */
-	krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
+        /* srvparams is populated from the user input and should be correct as
+         * we were successful in creating a service object. Reusing the same
+         */
+        krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
     }
 
     /* Clean-up structure */
     krb5_ldap_free_service (util_context, srvparams);
 
     if (extra_argv) {
-	free (extra_argv);
-	extra_argv = NULL;
+        free (extra_argv);
+        extra_argv = NULL;
     }
     if (realmName) {
-	free(realmName);
-	realmName = NULL;
+        free(realmName);
+        realmName = NULL;
     }
     if (print_usage)
-	db_usage (CREATE_SERVICE);
+        db_usage (CREATE_SERVICE);
 
     if (retval) {
-	if (!no_msg)
-	    com_err(me, retval, "while creating service object");
+        if (!no_msg)
+            com_err(me, retval, "while creating service object");
 
-	exit_status++;
+        exit_status++;
     }
 
     return;
@@ -505,9 +504,8 @@ cleanup:
  * This function will modify the attributes of a given service
  * object on the LDAP Server
  */
-void kdb5_ldap_modify_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_modify_service(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -534,8 +532,8 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     dal_handle = util_context->dal_handle;
@@ -543,475 +541,475 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Parse all arguments, only to pick up service DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-	/* Skip arguments next to 'servicehost'
-	   and 'realmdn' arguments */
-	if (!strcmp(argv[i], "-servicehost")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-clearservicehost")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-addservicehost")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-realm")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-clearrealm")) {
-	    ++i;
-	} else if (!strcmp(argv[i], "-addrealm")) {
-	    ++i;
-	} else { /* Any other argument must be service DN */
-	    /* First check if service DN is already provided --
-	       if so, there's a usage error */
-	    if (servicedn != NULL) {
-		com_err(me, EINVAL, "while modifying service object");
-		goto err_usage;
-	    }
-
-	    /* If not present already, fill up service DN */
-	    servicedn = strdup(argv[i]);
-	    if (servicedn == NULL) {
-		com_err(me, ENOMEM, "while modifying service object");
-		goto err_nomsg;
-	    }
-	}
+        /* Skip arguments next to 'servicehost'
+           and 'realmdn' arguments */
+        if (!strcmp(argv[i], "-servicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-clearservicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-addservicehost")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-realm")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-clearrealm")) {
+            ++i;
+        } else if (!strcmp(argv[i], "-addrealm")) {
+            ++i;
+        } else { /* Any other argument must be service DN */
+            /* First check if service DN is already provided --
+               if so, there's a usage error */
+            if (servicedn != NULL) {
+                com_err(me, EINVAL, "while modifying service object");
+                goto err_usage;
+            }
+
+            /* If not present already, fill up service DN */
+            servicedn = strdup(argv[i]);
+            if (servicedn == NULL) {
+                com_err(me, ENOMEM, "while modifying service object");
+                goto err_nomsg;
+            }
+        }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (servicedn == NULL) {
-	com_err(me, EINVAL, "while modifying service object");
-	goto err_usage;
+        com_err(me, EINVAL, "while modifying service object");
+        goto err_usage;
     }
 
     retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
     if (retval) {
-	com_err(me, retval, "while reading information of service '%s'",
-		servicedn);
-	goto err_nomsg;
+        com_err(me, retval, "while reading information of service '%s'",
+                servicedn);
+        goto err_nomsg;
     }
 
     /* Read Kerberos container info, to construct realm DN from name
      * and for assigning rights
      */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-						     &(ldap_context->krbcontainer)))) {
-	com_err(me, retval, "while reading Kerberos container information");
-	goto cleanup;
+                                                     &(ldap_context->krbcontainer)))) {
+        com_err(me, retval, "while reading Kerberos container information");
+        goto cleanup;
     }
 
     /* Parse all arguments, but skip the service DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-	if (!strcmp(argv[i], "-servicehost")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    /* Free the old list if available */
-	    if (srvparams->krbhostservers) {
-		krb5_free_list_entries (srvparams->krbhostservers);
-		free (srvparams->krbhostservers);
-	    }
-
-	    srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-							sizeof(char *));
-	    if (srvparams->krbhostservers == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  srvparams->krbhostservers))) {
-		goto cleanup;
-	    }
-
-	    if ((retval = process_host_list (srvparams->krbhostservers,
-					     srvparams->servicetype))) {
-		goto cleanup;
-	    }
-
-	    out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-	    /* Set flag to ignore 'add' and 'clear' */
-	    srvhost_flag = 1;
-	} else if (!strcmp(argv[i], "-clearservicehost")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    if (!srvhost_flag) {
-		/* If attribute doesn't exist, don't permit 'clear' option */
-		if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
-		    /* Send out some proper error message here */
-		    com_err(me, EINVAL, "service host list is empty\n");
-		    goto err_nomsg;
-		}
-
-		/* Allocate list for processing */
-		list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		if (list == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-		    goto cleanup;
-
-		if ((retval = process_host_list (list, srvparams->servicetype))) {
-		    goto cleanup;
-		}
-
-		list_modify_str_array(&(srvparams->krbhostservers),
-				      (const char**)list, LIST_MODE_DELETE);
-
-		out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-		/* Clean up */
-		free (list);
-		list = NULL;
-	    }
-	} else if (!strcmp(argv[i], "-addservicehost")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    if (!srvhost_flag) {
-		/* Allocate list for processing */
-		list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		if (list == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-		    goto cleanup;
-
-		if ((retval = process_host_list (list, srvparams->servicetype))) {
-		    goto cleanup;
-		}
-
-		/* Call list_modify_str_array() only if host server attribute
-		 * exists already --Actually, it's better to handle this
-		 * within list_modify_str_array()
-		 */
-		if (in_mask & LDAP_SERVICE_HOSTSERVER) {
-		    /* Re-size existing list */
-		    existing_entries = list_count_str_array(srvparams->krbhostservers);
-		    new_entries = list_count_str_array(list);
-		    temp_ptr = (char **) realloc(srvparams->krbhostservers,
-						 sizeof(char *) * (existing_entries + new_entries + 1));
-		    if (temp_ptr == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    srvparams->krbhostservers = temp_ptr;
-
-		    list_modify_str_array(&(srvparams->krbhostservers),
-					  (const char**)list, LIST_MODE_ADD);
-
-		    /* Clean up */
-		    free (list);
-		    list = NULL;
-		} else
-		    srvparams->krbhostservers = list;
-
-		out_mask |= LDAP_SERVICE_HOSTSERVER;
-	    }
-	} else if (!strcmp(argv[i], "-realm")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
-		if (!oldrealmrefs) {
-		    /* Store the old realm list for removing rights */
-		    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldrealmrefs == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-			oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-			if (oldrealmrefs[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldrealmrefs[j] = NULL;
-		}
-
-		/* Free the old list if available */
-		krb5_free_list_entries (srvparams->krbrealmreferences);
-		free (srvparams->krbrealmreferences);
-	    }
-
-	    srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-							    sizeof(char *));
-	    if (srvparams->krbrealmreferences == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-
-	    if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-					  srvparams->krbrealmreferences))) {
-		goto cleanup;
-	    }
-
-	    /* Convert realm names to realm DNs */
-	    if ((retval = convert_realm_name2dn_list(
-		     srvparams->krbrealmreferences,
-		     ldap_context->krbcontainer->DN))) {
-		goto cleanup;
-	    }
-
-	    out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-	    /* Set flag to ignore 'add' and 'clear' */
-	    realmdn_flag = 1;
-	} else if (!strcmp(argv[i], "-clearrealm")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    if (!realmdn_flag) {
-		/* If attribute doesn't exist, don't permit 'clear' option */
-		if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
-		    /* Send out some proper error message here */
-		    goto err_nomsg;
-		}
-
-		if (!oldrealmrefs) {
-		    /* Store the old realm list for removing rights */
-		    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldrealmrefs == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-			oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-			if (oldrealmrefs[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldrealmrefs[j] = NULL;
-		}
-
-		/* Allocate list for processing */
-		list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		if (list == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-		    goto cleanup;
-
-		/* Convert realm names to realm DNs */
-		if ((retval = convert_realm_name2dn_list(list,
-							 ldap_context->krbcontainer->DN))) {
-		    goto cleanup;
-		}
-
-		list_modify_str_array(&(srvparams->krbrealmreferences),
-				      (const char**)list, LIST_MODE_DELETE);
-
-		out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-		/* Clean up */
-		free (list);
-		list = NULL;
-	    }
-	} else if (!strcmp(argv[i], "-addrealm")) {
-	    if (++i > argc - 1)
-		goto err_usage;
-
-	    if (!realmdn_flag) {
-		/* Allocate list for processing */
-		list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		if (list == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-		    goto cleanup;
-
-		/* Convert realm names to realm DNs */
-		if ((retval = convert_realm_name2dn_list(list,
-							 ldap_context->krbcontainer->DN))) {
-		    goto cleanup;
-		}
-
-		if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
-		    /* Store the old realm list for removing rights */
-		    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-		    if (oldrealmrefs == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-
-		    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-			oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-			if (oldrealmrefs[j] == NULL) {
-			    retval = ENOMEM;
-			    goto cleanup;
-			}
-		    }
-		    oldrealmrefs[j] = NULL;
-		}
-
-		/* Call list_modify_str_array() only if realm DN attribute
-		 * exists already -- Actually, it's better to handle this
-		 * within list_modify_str_array() */
-		if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
-		    /* Re-size existing list */
-		    existing_entries = list_count_str_array(
-			srvparams->krbrealmreferences);
-		    new_entries = list_count_str_array(list);
-		    temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
-						 sizeof(char *) * (existing_entries + new_entries + 1));
-		    if (temp_ptr == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    srvparams->krbrealmreferences = temp_ptr;
-
-		    list_modify_str_array(&(srvparams->krbrealmreferences),
-					  (const char**)list, LIST_MODE_ADD);
-
-		    /* Clean up */
-		    free (list);
-		    list = NULL;
-		} else
-		    srvparams->krbrealmreferences = list;
-
-		out_mask |= LDAP_SERVICE_REALMREFERENCE;
-	    }
-	} else {
-	    /* Any other argument must be service DN
-	       -- skip it */
-	}
+        if (!strcmp(argv[i], "-servicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            /* Free the old list if available */
+            if (srvparams->krbhostservers) {
+                krb5_free_list_entries (srvparams->krbhostservers);
+                free (srvparams->krbhostservers);
+            }
+
+            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                        sizeof(char *));
+            if (srvparams->krbhostservers == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbhostservers))) {
+                goto cleanup;
+            }
+
+            if ((retval = process_host_list (srvparams->krbhostservers,
+                                             srvparams->servicetype))) {
+                goto cleanup;
+            }
+
+            out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+            /* Set flag to ignore 'add' and 'clear' */
+            srvhost_flag = 1;
+        } else if (!strcmp(argv[i], "-clearservicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!srvhost_flag) {
+                /* If attribute doesn't exist, don't permit 'clear' option */
+                if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
+                    /* Send out some proper error message here */
+                    com_err(me, EINVAL, "service host list is empty\n");
+                    goto err_nomsg;
+                }
+
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                if ((retval = process_host_list (list, srvparams->servicetype))) {
+                    goto cleanup;
+                }
+
+                list_modify_str_array(&(srvparams->krbhostservers),
+                                      (const char**)list, LIST_MODE_DELETE);
+
+                out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+                /* Clean up */
+                free (list);
+                list = NULL;
+            }
+        } else if (!strcmp(argv[i], "-addservicehost")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!srvhost_flag) {
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                if ((retval = process_host_list (list, srvparams->servicetype))) {
+                    goto cleanup;
+                }
+
+                /* Call list_modify_str_array() only if host server attribute
+                 * exists already --Actually, it's better to handle this
+                 * within list_modify_str_array()
+                 */
+                if (in_mask & LDAP_SERVICE_HOSTSERVER) {
+                    /* Re-size existing list */
+                    existing_entries = list_count_str_array(srvparams->krbhostservers);
+                    new_entries = list_count_str_array(list);
+                    temp_ptr = (char **) realloc(srvparams->krbhostservers,
+                                                 sizeof(char *) * (existing_entries + new_entries + 1));
+                    if (temp_ptr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    srvparams->krbhostservers = temp_ptr;
+
+                    list_modify_str_array(&(srvparams->krbhostservers),
+                                          (const char**)list, LIST_MODE_ADD);
+
+                    /* Clean up */
+                    free (list);
+                    list = NULL;
+                } else
+                    srvparams->krbhostservers = list;
+
+                out_mask |= LDAP_SERVICE_HOSTSERVER;
+            }
+        } else if (!strcmp(argv[i], "-realm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
+                if (!oldrealmrefs) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Free the old list if available */
+                krb5_free_list_entries (srvparams->krbrealmreferences);
+                free (srvparams->krbrealmreferences);
+            }
+
+            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                            sizeof(char *));
+            if (srvparams->krbrealmreferences == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+
+            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                          srvparams->krbrealmreferences))) {
+                goto cleanup;
+            }
+
+            /* Convert realm names to realm DNs */
+            if ((retval = convert_realm_name2dn_list(
+                     srvparams->krbrealmreferences,
+                     ldap_context->krbcontainer->DN))) {
+                goto cleanup;
+            }
+
+            out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+            /* Set flag to ignore 'add' and 'clear' */
+            realmdn_flag = 1;
+        } else if (!strcmp(argv[i], "-clearrealm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!realmdn_flag) {
+                /* If attribute doesn't exist, don't permit 'clear' option */
+                if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
+                    /* Send out some proper error message here */
+                    goto err_nomsg;
+                }
+
+                if (!oldrealmrefs) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                /* Convert realm names to realm DNs */
+                if ((retval = convert_realm_name2dn_list(list,
+                                                         ldap_context->krbcontainer->DN))) {
+                    goto cleanup;
+                }
+
+                list_modify_str_array(&(srvparams->krbrealmreferences),
+                                      (const char**)list, LIST_MODE_DELETE);
+
+                out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+                /* Clean up */
+                free (list);
+                list = NULL;
+            }
+        } else if (!strcmp(argv[i], "-addrealm")) {
+            if (++i > argc - 1)
+                goto err_usage;
+
+            if (!realmdn_flag) {
+                /* Allocate list for processing */
+                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                if (list == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                    goto cleanup;
+
+                /* Convert realm names to realm DNs */
+                if ((retval = convert_realm_name2dn_list(list,
+                                                         ldap_context->krbcontainer->DN))) {
+                    goto cleanup;
+                }
+
+                if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
+                    /* Store the old realm list for removing rights */
+                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                    if (oldrealmrefs == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+
+                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                        oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                        if (oldrealmrefs[j] == NULL) {
+                            retval = ENOMEM;
+                            goto cleanup;
+                        }
+                    }
+                    oldrealmrefs[j] = NULL;
+                }
+
+                /* Call list_modify_str_array() only if realm DN attribute
+                 * exists already -- Actually, it's better to handle this
+                 * within list_modify_str_array() */
+                if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
+                    /* Re-size existing list */
+                    existing_entries = list_count_str_array(
+                        srvparams->krbrealmreferences);
+                    new_entries = list_count_str_array(list);
+                    temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
+                                                 sizeof(char *) * (existing_entries + new_entries + 1));
+                    if (temp_ptr == NULL) {
+                        retval = ENOMEM;
+                        goto cleanup;
+                    }
+                    srvparams->krbrealmreferences = temp_ptr;
+
+                    list_modify_str_array(&(srvparams->krbrealmreferences),
+                                          (const char**)list, LIST_MODE_ADD);
+
+                    /* Clean up */
+                    free (list);
+                    list = NULL;
+                } else
+                    srvparams->krbrealmreferences = list;
+
+                out_mask |= LDAP_SERVICE_REALMREFERENCE;
+            }
+        } else {
+            /* Any other argument must be service DN
+               -- skip it */
+        }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_service(util_context, srvparams, out_mask)))
-	goto cleanup;
+        goto cleanup;
 
     /* Service rights modification code */
     if (out_mask & LDAP_SERVICE_REALMREFERENCE) {
 
-	printf("%s","Changing rights for the service object. Please wait ... ");
-	fflush(stdout);
-
-	newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-	if (newrealmrefs == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-
-	if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
-	    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-		newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-		if (newrealmrefs[j] == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-	    }
-	    newrealmrefs[j] = NULL;
-	}
-	disjoint_members(oldrealmrefs, newrealmrefs);
-
-	/* Delete the rights for the given service, on each of the realm
-	 * container & subtree in the old realm reference list.
-	 */
-	if (oldrealmrefs) {
-	    rightsmask = 0;
-	    rightsmask |= LDAP_REALM_RIGHTS;
-	    rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-	    for (i = 0; (oldrealmrefs[i] != NULL); i++) {
-		/* Get the realm name, not the dn */
-		temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
-
-		if (temprdns[0] == NULL) {
-		    retval = EINVAL;
-		    goto cleanup;
-		}
-
-		realmName = strdup(temprdns[0]);
-		if (realmName == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_ldap_read_realm_params(util_context,
-							  realmName, &rparams, &rmask))) {
-		    com_err(me, retval, "while reading information of realm '%s'",
-			    realmName);
-		    goto err_nomsg;
-		}
-
-		if ((retval = krb5_ldap_delete_service_rights(util_context,
-							      srvparams->servicetype, srvparams->servicedn,
-							      realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-		    printf("failed\n");
-		    com_err(me, retval, "while assigning rights '%s'",
-			    srvparams->servicedn);
-		    goto err_nomsg;
-		}
-
-		if (rparams)
-		    krb5_ldap_free_realm_params(rparams);
-	    }
-	}
-
-	/* Add the rights for the given service, on each of the realm
-	 * container & subtree in the new realm reference list.
-	 */
-	if (newrealmrefs) {
-	    rightsmask = 0;
-	    rightsmask |= LDAP_REALM_RIGHTS;
-	    rightsmask |= LDAP_SUBTREE_RIGHTS;
-
-	    for (i = 0; (newrealmrefs[i] != NULL); i++) {
-		/* Get the realm name, not the dn */
-		temprdns = ldap_explode_dn(newrealmrefs[i], 1);
-
-		if (temprdns[0] == NULL) {
-		    retval = EINVAL;
-		    goto cleanup;
-		}
-
-		realmName = strdup(temprdns[0]);
-		if (realmName == NULL) {
-		    retval = ENOMEM;
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-								 &(ldap_context->krbcontainer)))) {
-		    com_err(me, retval,
-			    "while reading Kerberos container information");
-		    goto cleanup;
-		}
-
-		if ((retval = krb5_ldap_read_realm_params(util_context,
-							  realmName, &rparams, &rmask))) {
-		    com_err(me, retval, "while reading information of realm '%s'",
-			    realmName);
-		    goto err_nomsg;
-		}
-
-		if ((retval = krb5_ldap_add_service_rights(util_context,
-							   srvparams->servicetype, srvparams->servicedn,
-							   realmName, rparams->subtree, rparams->containerref, rightsmask))) {
-		    printf("failed\n");
-		    com_err(me, retval, "while assigning rights '%s'",
-			    srvparams->servicedn);
-		    goto err_nomsg;
-		}
-
-		if (rparams) {
-		    krb5_ldap_free_realm_params(rparams);
-		    rparams = NULL;
-		}
-	    }
-	    printf("done\n");
-	}
+        printf("%s","Changing rights for the service object. Please wait ... ");
+        fflush(stdout);
+
+        newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+        if (newrealmrefs == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+
+        if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+            for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
+                newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                if (newrealmrefs[j] == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+            }
+            newrealmrefs[j] = NULL;
+        }
+        disjoint_members(oldrealmrefs, newrealmrefs);
+
+        /* Delete the rights for the given service, on each of the realm
+         * container & subtree in the old realm reference list.
+         */
+        if (oldrealmrefs) {
+            rightsmask = 0;
+            rightsmask |= LDAP_REALM_RIGHTS;
+            rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+            for (i = 0; (oldrealmrefs[i] != NULL); i++) {
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto err_nomsg;
+                }
+
+                if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                              srvparams->servicetype, srvparams->servicedn,
+                                                              realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto err_nomsg;
+                }
+
+                if (rparams)
+                    krb5_ldap_free_realm_params(rparams);
+            }
+        }
+
+        /* Add the rights for the given service, on each of the realm
+         * container & subtree in the new realm reference list.
+         */
+        if (newrealmrefs) {
+            rightsmask = 0;
+            rightsmask |= LDAP_REALM_RIGHTS;
+            rightsmask |= LDAP_SUBTREE_RIGHTS;
+
+            for (i = 0; (newrealmrefs[i] != NULL); i++) {
+                /* Get the realm name, not the dn */
+                temprdns = ldap_explode_dn(newrealmrefs[i], 1);
+
+                if (temprdns[0] == NULL) {
+                    retval = EINVAL;
+                    goto cleanup;
+                }
+
+                realmName = strdup(temprdns[0]);
+                if (realmName == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                                 &(ldap_context->krbcontainer)))) {
+                    com_err(me, retval,
+                            "while reading Kerberos container information");
+                    goto cleanup;
+                }
+
+                if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                          realmName, &rparams, &rmask))) {
+                    com_err(me, retval, "while reading information of realm '%s'",
+                            realmName);
+                    goto err_nomsg;
+                }
+
+                if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                           srvparams->servicetype, srvparams->servicedn,
+                                                           realmName, rparams->subtree, rparams->containerref, rightsmask))) {
+                    printf("failed\n");
+                    com_err(me, retval, "while assigning rights '%s'",
+                            srvparams->servicedn);
+                    goto err_nomsg;
+                }
+
+                if (rparams) {
+                    krb5_ldap_free_realm_params(rparams);
+                    rparams = NULL;
+                }
+            }
+            printf("done\n");
+        }
     }
     goto cleanup;
 
@@ -1026,36 +1024,36 @@ cleanup:
     krb5_ldap_free_service(util_context, srvparams);
 
     if (servicedn)
-	free(servicedn);
+        free(servicedn);
 
     if (list) {
-	free(list);
-	list = NULL;
+        free(list);
+        list = NULL;
     }
 
     if (oldrealmrefs) {
-	for (i = 0; oldrealmrefs[i] != NULL; i++)
-	    free(oldrealmrefs[i]);
-	free(oldrealmrefs);
+        for (i = 0; oldrealmrefs[i] != NULL; i++)
+            free(oldrealmrefs[i]);
+        free(oldrealmrefs);
     }
 
     if (newrealmrefs) {
-	for (i = 0; newrealmrefs[i] != NULL; i++)
-	    free(newrealmrefs[i]);
-	free(newrealmrefs);
+        for (i = 0; newrealmrefs[i] != NULL; i++)
+            free(newrealmrefs[i]);
+        free(newrealmrefs);
     }
     if (realmName) {
-	free(realmName);
-	realmName = NULL;
+        free(realmName);
+        realmName = NULL;
     }
 
     if (print_usage)
-	db_usage(MODIFY_SERVICE);
+        db_usage(MODIFY_SERVICE);
 
     if (retval) {
-	if (!no_msg)
-	    com_err(me, retval, "while modifying service object");
-	exit_status++;
+        if (!no_msg)
+            com_err(me, retval, "while modifying service object");
+        exit_status++;
     }
 
     return;
@@ -1067,11 +1065,8 @@ cleanup:
  * from the service password file.
  */
 static krb5_error_code
-rem_service_entry_from_file(argc, argv, file_name, service_object)
-    int argc;
-    char *argv[];
-    char *file_name;
-    char *service_object;
+rem_service_entry_from_file(int argc, char *argv[], char *file_name,
+                            char *service_object)
 {
     int     st        = EINVAL;
     char    *me       = progname;
@@ -1084,31 +1079,31 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
 
     /* Check for permissions on the password file */
     if (access(file_name, W_OK) == -1) {
-	/* If the specified file itself is not there, no need to show error */
-	if (errno == ENOENT) {
-	    st=0;
-	    goto cleanup;
-	} else {
-	    com_err(me, errno, "while deleting entry from file %s", file_name);
-	    goto cleanup;
-	}
+        /* If the specified file itself is not there, no need to show error */
+        if (errno == ENOENT) {
+            st=0;
+            goto cleanup;
+        } else {
+            com_err(me, errno, "while deleting entry from file %s", file_name);
+            goto cleanup;
+        }
     }
 
     /* Create a temporary file which contains all the entries except the
        entry for the given service dn */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
-	com_err(me, errno, "while deleting entry from file %s", file_name);
-	goto cleanup;
+        com_err(me, errno, "while deleting entry from file %s", file_name);
+        goto cleanup;
     }
     set_cloexec_file(pfile);
 
     /* Create a new file with the extension .tmp */
     tmp_file = (char *)malloc(strlen(file_name) + 4 + 1);
     if (tmp_file == NULL) {
-	com_err(me, ENOMEM, "while deleting entry from file");
-	fclose(pfile);
-	goto cleanup;
+        com_err(me, ENOMEM, "while deleting entry from file");
+        fclose(pfile);
+        goto cleanup;
     }
     snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
 
@@ -1116,33 +1111,33 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
     tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
     umask(omask);
     if (tmpfd == -1) {
-	com_err(me, errno, "while deleting entry from file\n");
-	fclose(pfile);
-	goto cleanup;
+        com_err(me, errno, "while deleting entry from file\n");
+        fclose(pfile);
+        goto cleanup;
     }
 
     /* Copy only those lines which donot have the specified service dn */
     while (fgets(line, MAX_LEN, pfile) != NULL) {
-	if ((strstr(line, service_object) != NULL) &&
-	    (line[strlen(service_object)] == '#')) {
-	    continue;
-	} else {
-	    len = strlen(line);
-	    if (write(tmpfd, line, len) != len) {
-		com_err(me, errno, "while deleting entry from file\n");
-		close(tmpfd);
-		unlink(tmp_file);
-		fclose(pfile);
-		goto cleanup;
-	    }
-	}
+        if ((strstr(line, service_object) != NULL) &&
+            (line[strlen(service_object)] == '#')) {
+            continue;
+        } else {
+            len = strlen(line);
+            if (write(tmpfd, line, len) != len) {
+                com_err(me, errno, "while deleting entry from file\n");
+                close(tmpfd);
+                unlink(tmp_file);
+                fclose(pfile);
+                goto cleanup;
+            }
+        }
     }
 
     fclose(pfile);
     if (unlink(file_name) == 0) {
-	link(tmp_file, file_name);
+        link(tmp_file, file_name);
     } else {
-	com_err(me, errno, "while deleting entry from file\n");
+        com_err(me, errno, "while deleting entry from file\n");
     }
     unlink(tmp_file);
 
@@ -1151,7 +1146,7 @@ rem_service_entry_from_file(argc, argv, file_name, service_object)
 cleanup:
 
     if (tmp_file)
-	free(tmp_file);
+        free(tmp_file);
 
     return st;
 }
@@ -1162,9 +1157,7 @@ cleanup:
  * and unlink the references to the Realm objects (if any)
  */
 void
-kdb5_ldap_destroy_service(argc, argv)
-    int argc;
-    char *argv[];
+kdb5_ldap_destroy_service(int argc, char *argv[])
 {
     int i = 0;
     char buf[5] = {0};
@@ -1177,89 +1170,89 @@ kdb5_ldap_destroy_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if ((argc < 2) || (argc > 5)) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     for (i=1; i < argc; i++) {
 
-	if (strcmp(argv[i],"-force")==0) {
-	    force++;
-	} else if (strcmp(argv[i],"-f")==0) {
-	    if (argv[i+1]) {
-		stashfilename=strdup(argv[i+1]);
-		if (stashfilename == NULL) {
-		    com_err(progname, ENOMEM, "while destroying service");
-		    exit_status++;
-		    goto cleanup;
-		}
-		i++;
-	    } else {
-		exit_status++;
-		goto err_usage;
-	    }
-	} else {
-	    if ((argv[i]) && (servicedn == NULL)) {
-		servicedn=strdup(argv[i]);
-		if (servicedn == NULL) {
-		    com_err(progname, ENOMEM, "while destroying service");
-		    exit_status++;
-		    goto cleanup;
-		}
-	    } else {
-		exit_status++;
-		goto err_usage;
-	    }
-	}
+        if (strcmp(argv[i],"-force")==0) {
+            force++;
+        } else if (strcmp(argv[i],"-f")==0) {
+            if (argv[i+1]) {
+                stashfilename=strdup(argv[i+1]);
+                if (stashfilename == NULL) {
+                    com_err(progname, ENOMEM, "while destroying service");
+                    exit_status++;
+                    goto cleanup;
+                }
+                i++;
+            } else {
+                exit_status++;
+                goto err_usage;
+            }
+        } else {
+            if ((argv[i]) && (servicedn == NULL)) {
+                servicedn=strdup(argv[i]);
+                if (servicedn == NULL) {
+                    com_err(progname, ENOMEM, "while destroying service");
+                    exit_status++;
+                    goto cleanup;
+                }
+            } else {
+                exit_status++;
+                goto err_usage;
+            }
+        }
     }
 
     if (!servicedn) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     if (!force) {
-	printf("This will delete the service object '%s', are you sure?\n", servicedn);
-	printf("(type 'yes' to confirm)? ");
-	if (fgets(buf, sizeof(buf), stdin) == NULL) {
-	    exit_status++;
-	    goto cleanup;;
-	}
-	if (strcmp(buf, yes)) {
-	    exit_status++;
-	    goto cleanup;
-	}
+        printf("This will delete the service object '%s', are you sure?\n", servicedn);
+        printf("(type 'yes' to confirm)? ");
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            exit_status++;
+            goto cleanup;;
+        }
+        if (strcmp(buf, yes)) {
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     if ((retval = krb5_ldap_read_service(util_context, servicedn,
-					 &lserparams, &mask))) {
-	com_err(progname, retval, "while destroying service '%s'",servicedn);
-	exit_status++;
-	goto cleanup;
+                                         &lserparams, &mask))) {
+        com_err(progname, retval, "while destroying service '%s'",servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
 
     if (retval) {
-	com_err(progname, retval, "while destroying service '%s'", servicedn);
-	exit_status++;
-	goto cleanup;
+        com_err(progname, retval, "while destroying service '%s'", servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     if (stashfilename == NULL) {
-	stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
-	if (stashfilename == NULL) {
-	    com_err(progname, ENOMEM, "while destroying service");
-	    exit_status++;
-	    goto cleanup;
-	}
+        stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
+        if (stashfilename == NULL) {
+            com_err(progname, ENOMEM, "while destroying service");
+            exit_status++;
+            goto cleanup;
+        }
     }
     printf("** service object '%s' deleted.\n", servicedn);
     retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn);
 
     if (retval)
-	printf("** error removing service object entry '%s' from password file.\n",
-	       servicedn);
+        printf("** error removing service object entry '%s' from password file.\n",
+               servicedn);
 
     goto cleanup;
 
@@ -1270,19 +1263,19 @@ err_usage:
 cleanup:
 
     if (lserparams) {
-	krb5_ldap_free_service(util_context, lserparams);
+        krb5_ldap_free_service(util_context, lserparams);
     }
 
     if (servicedn) {
-	free(servicedn);
+        free(servicedn);
     }
 
     if (stashfilename) {
-	free(stashfilename);
+        free(stashfilename);
     }
 
     if (print_usage) {
-	db_usage(DESTROY_SERVICE);
+        db_usage(DESTROY_SERVICE);
     }
 
     return;
@@ -1292,9 +1285,8 @@ cleanup:
 /*
  * This function will display information about the given service object
  */
-void kdb5_ldap_view_service(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_view_service(int argc, char *argv[])
 {
     krb5_ldap_service_params *lserparams = NULL;
     krb5_error_code retval = 0;
@@ -1303,21 +1295,21 @@ void kdb5_ldap_view_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if (!(argc == 2)) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     servicedn=strdup(argv[1]);
     if (servicedn == NULL) {
-	com_err(progname, ENOMEM, "while viewing service");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, ENOMEM, "while viewing service");
+        exit_status++;
+        goto cleanup;
     }
 
     if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
-	com_err(progname, retval, "while viewing service '%s'",servicedn);
-	exit_status++;
-	goto cleanup;
+        com_err(progname, retval, "while viewing service '%s'",servicedn);
+        exit_status++;
+        goto cleanup;
     }
 
     print_service_params(lserparams, mask);
@@ -1330,14 +1322,14 @@ err_usage:
 cleanup:
 
     if (lserparams) {
-	krb5_ldap_free_service(util_context, lserparams);
+        krb5_ldap_free_service(util_context, lserparams);
     }
 
     if (servicedn)
-	free(servicedn);
+        free(servicedn);
 
     if (print_usage) {
-	db_usage(VIEW_SERVICE);
+        db_usage(VIEW_SERVICE);
     }
 
     return;
@@ -1348,9 +1340,8 @@ cleanup:
  * This function will list the DNs of kerberos services present on
  * the LDAP Server under a specific sub-tree (entire tree by default)
  */
-void kdb5_ldap_list_services(argc, argv)
-    int argc;
-    char *argv[];
+void
+kdb5_ldap_list_services(int argc, char *argv[])
 {
     char *me = progname;
     krb5_error_code retval = 0;
@@ -1361,33 +1352,33 @@ void kdb5_ldap_list_services(argc, argv)
 
     /* Check for number of arguments */
     if ((argc != 1) && (argc != 3)) {
-	exit_status++;
-	goto err_usage;
+        exit_status++;
+        goto err_usage;
     }
 
     /* Parse base DN argument if present */
     if (argc == 3) {
-	if (strcmp(argv[1], "-basedn")) {
-	    retval = EINVAL;
-	    goto err_usage;
-	}
+        if (strcmp(argv[1], "-basedn")) {
+            retval = EINVAL;
+            goto err_usage;
+        }
 
-	basedn = strdup(argv[2]);
-	if (basedn == NULL) {
-	    com_err(me, ENOMEM, "while listing services");
-	    exit_status++;
-	    goto cleanup;
-	}
+        basedn = strdup(argv[2]);
+        if (basedn == NULL) {
+            com_err(me, ENOMEM, "while listing services");
+            exit_status++;
+            goto cleanup;
+        }
     }
 
     retval = krb5_ldap_list_services(util_context, basedn, &list);
     if ((retval != 0) || (list == NULL)) {
-	exit_status++;
-	goto cleanup;
+        exit_status++;
+        goto cleanup;
     }
 
     for (plist = list; *plist != NULL; plist++) {
-	printf("%s\n", *plist);
+        printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -1397,20 +1388,20 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-	krb5_free_list_entries (list);
-	free (list);
+        krb5_free_list_entries (list);
+        free (list);
     }
 
     if (basedn)
-	free (basedn);
+        free (basedn);
 
     if (print_usage) {
-	db_usage(LIST_SERVICE);
+        db_usage(LIST_SERVICE);
     }
 
     if (retval) {
-	com_err(me, retval, "while listing policy objects");
-	exit_status++;
+        com_err(me, retval, "while listing policy objects");
+        exit_status++;
     }
 
     return;
@@ -1422,9 +1413,7 @@ cleanup:
  * to the standard output
  */
 static void
-print_service_params(lserparams, mask)
-    krb5_ldap_service_params *lserparams;
-    int mask;
+print_service_params(krb5_ldap_service_params *lserparams, int mask)
 {
     int            i=0;
 
@@ -1433,27 +1422,27 @@ print_service_params(lserparams, mask)
 
     /* Print the service type of the object to be read */
     if (lserparams->servicetype == LDAP_KDC_SERVICE) {
-	printf("%20s%-20s\n","Service type: ","kdc");
+        printf("%20s%-20s\n","Service type: ","kdc");
     } else if (lserparams->servicetype == LDAP_ADMIN_SERVICE) {
-	printf("%20s%-20s\n","Service type: ","admin");
+        printf("%20s%-20s\n","Service type: ","admin");
     } else if (lserparams->servicetype == LDAP_PASSWD_SERVICE) {
-	printf("%20s%-20s\n","Service type: ","pwd");
+        printf("%20s%-20s\n","Service type: ","pwd");
     }
 
     /* Print the host server values */
     printf("%20s\n","Service host list: ");
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-	for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
-	    printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
-	}
+        for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
+            printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
+        }
     }
 
     /* Print the realm reference dn values */
     printf("%20s\n","Realm DN list: ");
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-	for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
-	    printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
-	}
+        for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
+            printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
+        }
     }
 
     return;
@@ -1470,7 +1459,9 @@ print_service_params(lserparams, mask)
  * OUTPUT:
  *     RANDOM_PASSWD_LEN length random password
  */
-static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned int *passlen)
+static int
+generate_random_password(krb5_context ctxt, char **randpwd,
+                         unsigned int *passlen)
 {
     char *random_pwd = NULL;
     int ret = 0;
@@ -1484,26 +1475,26 @@ static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned
     data.length = RANDOM_PASSWD_LEN;
     random_pwd = (char *)malloc(data.length + 1);
     if (random_pwd == NULL) {
-	com_err("setsrvpw", ENOMEM, "while generating random password");
-	return ENOMEM;
+        com_err("setsrvpw", ENOMEM, "while generating random password");
+        return ENOMEM;
     }
     memset(random_pwd, 0, data.length + 1);
     data.data = random_pwd;
 
     ret = krb5_c_random_make_octets(ctxt, &data);
     if (ret) {
-	com_err("setsrvpw", ret, "Error generating random password");
-	free(random_pwd);
-	return ret;
+        com_err("setsrvpw", ret, "Error generating random password");
+        free(random_pwd);
+        return ret;
     }
 
     for (i=0; i<data.length; i++) {
-	/* restricting to ascii chars. Need to change this when 8.8 supports */
-	if ((unsigned char)random_pwd[i] > 127) {
-	    random_pwd[i] = (unsigned char)random_pwd[i] % 128;
-	} else if (random_pwd[i] == 0) {
-	    random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
-	}
+        /* restricting to ascii chars. Need to change this when 8.8 supports */
+        if ((unsigned char)random_pwd[i] > 127) {
+            random_pwd[i] = (unsigned char)random_pwd[i] % 128;
+        } else if (random_pwd[i] == 0) {
+            random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
+        }
     }
 
     *randpwd = random_pwd;
@@ -1526,9 +1517,7 @@ static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned
  *      void
  */
 int
-kdb5_ldap_set_service_password(argc, argv)
-    int argc;
-    char **argv;
+kdb5_ldap_set_service_password(int argc, char **argv)
 {
     krb5_ldap_context *lparams = NULL;
     char *file_name = NULL;
@@ -1555,211 +1544,211 @@ kdb5_ldap_set_service_password(argc, argv)
     /* The arguments for setsrv password should contain the service object DN
      * and options to specify whether the password should be updated in file only
      * or both file and directory. So the possible combination of arguments are:
-     * setsrvpw servicedn				wherein argc is 2
-     * setsrvpw	-fileonly servicedn 			wherein argc is 3
-     * setsrvpw -randpw servicedn			wherein argc is 3
-     * setsrvpw -f filename servicedn			wherein argc is 4
-     * setsrvpw -fileonly -f filename servicedn 	wherein argc is 5
-     * setsrvpw -randpw -f filename servicedn 		wherein argc is 5
+     * setsrvpw servicedn                               wherein argc is 2
+     * setsrvpw -fileonly servicedn                     wherein argc is 3
+     * setsrvpw -randpw servicedn                       wherein argc is 3
+     * setsrvpw -f filename servicedn                   wherein argc is 4
+     * setsrvpw -fileonly -f filename servicedn         wherein argc is 5
+     * setsrvpw -randpw -f filename servicedn           wherein argc is 5
      */
     if ((argc < 2) || (argc > 5)) {
-	print_usage = TRUE;
-	goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     dal_handle = util_context->dal_handle;
     lparams = (krb5_ldap_context *) dal_handle->db_context;
 
     if (lparams == NULL) {
-	printf("%s: Invalid LDAP handle\n", me);
-	goto cleanup;
+        printf("%s: Invalid LDAP handle\n", me);
+        goto cleanup;
     }
 
     /* Parse the arguments */
     for (i = 1; i < argc -1 ; i++) {
-	if (strcmp(argv[i], "-randpw") == 0) {
-	    random_passwd = 1;
-	} else if (strcmp(argv[i], "-fileonly") == 0) {
-	    set_dir_pwd = 0;
-	} else if (strcmp(argv[i], "-f") == 0) {
-	    if (argv[++i] == NULL) {
-		print_usage = TRUE;
-		goto cleanup;
-	    }
-
-	    file_name = strdup(argv[i]);
-	    if (file_name == NULL) {
-		com_err(me, ENOMEM, "while setting service object password");
-		goto cleanup;
-	    }
-	    /* Verify if the file location has the proper file name
-	     * for eg, if the file location is a directory like /home/temp/,
-	     * we reject it.
-	     */
-	    filelen = strlen(file_name);
-	    if ((filelen == 0) || (file_name[filelen-1] == '/')) {
-		printf("%s: Filename not specified for setting service object password\n", me);
-		print_usage = TRUE;
-		goto cleanup;
-	    }
-	} else {
-	    printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-	    print_usage = TRUE;
-	    goto cleanup;
-	}
+        if (strcmp(argv[i], "-randpw") == 0) {
+            random_passwd = 1;
+        } else if (strcmp(argv[i], "-fileonly") == 0) {
+            set_dir_pwd = 0;
+        } else if (strcmp(argv[i], "-f") == 0) {
+            if (argv[++i] == NULL) {
+                print_usage = TRUE;
+                goto cleanup;
+            }
+
+            file_name = strdup(argv[i]);
+            if (file_name == NULL) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+            /* Verify if the file location has the proper file name
+             * for eg, if the file location is a directory like /home/temp/,
+             * we reject it.
+             */
+            filelen = strlen(file_name);
+            if ((filelen == 0) || (file_name[filelen-1] == '/')) {
+                printf("%s: Filename not specified for setting service object password\n", me);
+                print_usage = TRUE;
+                goto cleanup;
+            }
+        } else {
+            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+            print_usage = TRUE;
+            goto cleanup;
+        }
     }
 
     if (i != argc-1) {
-	print_usage = TRUE;
-	goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     service_object = strdup(argv[i]);
     if (service_object == NULL) {
-	com_err(me, ENOMEM, "while setting service object password");
-	goto cleanup;
+        com_err(me, ENOMEM, "while setting service object password");
+        goto cleanup;
     }
 
     if (strlen(service_object) == 0) {
-	printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
-	print_usage = TRUE;
-	goto cleanup;
+        printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (service_object[0] == '-') {
-	print_usage = TRUE;
-	goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (file_name == NULL) {
-	file_name = strdup(DEF_SERVICE_PASSWD_FILE);
-	if (file_name == NULL) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
+        file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+        if (file_name == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
     }
 
     if (set_dir_pwd) {
-	if (db_inited == FALSE) {
-	    if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
-		com_err(me, errcode, "while initializing database");
-		goto cleanup;
-	    }
-	    db_init_local = TRUE;
-	}
+        if (db_inited == FALSE) {
+            if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
+                com_err(me, errcode, "while initializing database");
+                goto cleanup;
+            }
+            db_init_local = TRUE;
+        }
     }
 
     if (random_passwd) {
-	if (!set_dir_pwd) {
-	    printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-	    print_usage = TRUE;
-	    goto cleanup;
-	} else {
-	    /* Generate random password */
-
-	    if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
-		printf("%s: Failed to set service object password\n", me);
-		goto cleanup;
-	    }
-	    passwd_len = strlen(passwd);
-	}
+        if (!set_dir_pwd) {
+            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+            print_usage = TRUE;
+            goto cleanup;
+        } else {
+            /* Generate random password */
+
+            if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
+                printf("%s: Failed to set service object password\n", me);
+                goto cleanup;
+            }
+            passwd_len = strlen(passwd);
+        }
     } else {
-	/* Get the service object password from the terminal */
-	passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
-	if (passwd == NULL) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
-	memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
-	passwd_len = MAX_SERVICE_PASSWD_LEN;
-
-	if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
-
-	if (asprintf(&prompt2, "Re-enter password for \"%s\"",
-		     service_object) < 0) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    free(prompt1);
-	    goto cleanup;
-	}
-
-	retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
-	free(prompt1);
-	free(prompt2);
-	if (retval) {
-	    com_err(me, retval, "while setting service object password");
-	    memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-	    goto cleanup;
-	}
-	if (passwd_len == 0) {
-	    printf("%s: Invalid password\n", me);
-	    memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-	    goto cleanup;
-	}
-	passwd_len = strlen(passwd);
+        /* Get the service object password from the terminal */
+        passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
+        if (passwd == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+        memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
+        passwd_len = MAX_SERVICE_PASSWD_LEN;
+
+        if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        if (asprintf(&prompt2, "Re-enter password for \"%s\"",
+                     service_object) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            free(prompt1);
+            goto cleanup;
+        }
+
+        retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+        free(prompt1);
+        free(prompt2);
+        if (retval) {
+            com_err(me, retval, "while setting service object password");
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
+        if (passwd_len == 0) {
+            printf("%s: Invalid password\n", me);
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
+        passwd_len = strlen(passwd);
     }
 
     /* Hex the password */
     {
-	krb5_data pwd, hex;
-	pwd.length = passwd_len;
-	pwd.data = passwd;
-
-	errcode = tohex(pwd, &hex);
-	if (errcode != 0) {
-	    if (hex.length != 0) {
-		memset(hex.data, 0, hex.length);
-		free(hex.data);
-	    }
-	    com_err(me, errcode, "Failed to convert the password to hex");
-	    memset(passwd, 0, passwd_len);
-	    goto cleanup;
-	}
-	/* Password = {HEX}<encrypted password>:<encrypted key> */
-	if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    memset(passwd, 0, passwd_len);
-	    memset(hex.data, 0, hex.length);
-	    free(hex.data);
-	    goto cleanup;
-	}
-	encrypted_passwd.value = (unsigned char *)str;
-	encrypted_passwd.len = strlen(str);
-	memset(hex.data, 0, hex.length);
-	free(hex.data);
+        krb5_data pwd, hex;
+        pwd.length = passwd_len;
+        pwd.data = passwd;
+
+        errcode = tohex(pwd, &hex);
+        if (errcode != 0) {
+            if (hex.length != 0) {
+                memset(hex.data, 0, hex.length);
+                free(hex.data);
+            }
+            com_err(me, errcode, "Failed to convert the password to hex");
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
+        /* Password = {HEX}<encrypted password>:<encrypted key> */
+        if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            memset(passwd, 0, passwd_len);
+            memset(hex.data, 0, hex.length);
+            free(hex.data);
+            goto cleanup;
+        }
+        encrypted_passwd.value = (unsigned char *)str;
+        encrypted_passwd.len = strlen(str);
+        memset(hex.data, 0, hex.length);
+        free(hex.data);
     }
 
     /* We should check if the file exists and we have permission to write into that file */
     if (access(file_name, W_OK) == -1) {
-	if (errno == ENOENT) {
-	    mode_t omask;
-	    int fd = -1;
-
-	    printf("File does not exist. Creating the file %s...\n", file_name);
-	    omask = umask(077);
-	    fd = creat(file_name, S_IRUSR|S_IWUSR);
-	    umask(omask);
-	    if (fd == -1) {
-		com_err(me, errno, "Error creating file %s", file_name);
-		memset(passwd, 0, passwd_len);
-		goto cleanup;
-	    }
-	    close(fd);
-	} else {
-	    com_err(me, errno, "Unable to access the file %s", file_name);
-	    memset(passwd, 0, passwd_len);
-	    goto cleanup;
-	}
+        if (errno == ENOENT) {
+            mode_t omask;
+            int fd = -1;
+
+            printf("File does not exist. Creating the file %s...\n", file_name);
+            omask = umask(077);
+            fd = creat(file_name, S_IRUSR|S_IWUSR);
+            umask(omask);
+            if (fd == -1) {
+                com_err(me, errno, "Error creating file %s", file_name);
+                memset(passwd, 0, passwd_len);
+                goto cleanup;
+            }
+            close(fd);
+        } else {
+            com_err(me, errno, "Unable to access the file %s", file_name);
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
 
     if (set_dir_pwd) {
-	if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
-	    com_err(me, errcode, "Failed to set password for service object %s", service_object);
-	    memset(passwd, 0, passwd_len);
-	    goto cleanup;
-	}
+        if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
+            com_err(me, errcode, "Failed to set password for service object %s", service_object);
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
 
     memset(passwd, 0, passwd_len);
@@ -1769,123 +1758,123 @@ kdb5_ldap_set_service_password(argc, argv)
     /* set password in the file */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
-	com_err(me, errno, "Failed to open file %s", file_name);
-	goto cleanup;
+        com_err(me, errno, "Failed to open file %s", file_name);
+        goto cleanup;
     }
     set_cloexec_file(pfile);
 
     while (fgets(line, MAX_LEN, pfile) != NULL) {
-	if ((str = strstr(line, service_object)) != NULL) {
-	    if (line[strlen(service_object)] == '#') {
-		break;
-	    }
-	    str = NULL;
-	}
+        if ((str = strstr(line, service_object)) != NULL) {
+            if (line[strlen(service_object)] == '#') {
+                break;
+            }
+            str = NULL;
+        }
     }
     if (str == NULL) {
-	if (feof(pfile)) {
-	    /* If the service object dn is not present in the service password file */
-	    if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
-		com_err(me, errno, "Failed to write service object password to file");
-		goto cleanup;
-	    }
-	} else {
-	    com_err(me, errno, "Error reading service object password file");
-	    goto cleanup;
-	}
-	fclose(pfile);
-	pfile = NULL;
+        if (feof(pfile)) {
+            /* If the service object dn is not present in the service password file */
+            if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
+                com_err(me, errno, "Failed to write service object password to file");
+                goto cleanup;
+            }
+        } else {
+            com_err(me, errno, "Error reading service object password file");
+            goto cleanup;
+        }
+        fclose(pfile);
+        pfile = NULL;
     } else {
-	/* Password entry for the service object is already present in the file */
-	/* Delete the existing entry and add the new entry */
-	FILE *newfile = NULL;
-	mode_t omask;
-
-	/* Create a new file with the extension .tmp */
-	if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
-
-	omask = umask(077);
-	newfile = fopen(tmp_file, "w+");
-	umask(omask);
-	if (newfile == NULL) {
-	    com_err(me, errno, "Error creating file %s", tmp_file);
-	    goto cleanup;
-	}
-	set_cloexec_file(newfile);
-
-	fseek(pfile, 0, SEEK_SET);
-	while (fgets(line, MAX_LEN, pfile) != NULL) {
-	    if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
-		if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
-		    com_err(me, errno, "Failed to write service object password to file");
-		    fclose(newfile);
-		    unlink(tmp_file);
-		    goto cleanup;
-		}
-	    } else {
-		if (fprintf(newfile, "%s", line) < 0) {
-		    com_err(me, errno, "Failed to write service object password to file");
-		    fclose(newfile);
-		    unlink(tmp_file);
-		    goto cleanup;
-		}
-	    }
-	}
-
-	if (!feof(pfile)) {
-	    com_err(me, errno, "Error reading service object password file");
-	    fclose(newfile);
-	    unlink(tmp_file);
-	    goto cleanup;
-	}
-
-	/* TODO: file lock for the service password file */
-	fclose(pfile);
-	pfile = NULL;
-
-	fclose(newfile);
-	newfile = NULL;
-
-	if (unlink(file_name) == 0) {
-	    link(tmp_file, file_name);
-	} else {
-	    com_err(me, errno, "Failed to write service object password to file");
-	    unlink(tmp_file);
-	    goto cleanup;
-	}
-	unlink(tmp_file);
+        /* Password entry for the service object is already present in the file */
+        /* Delete the existing entry and add the new entry */
+        FILE *newfile = NULL;
+        mode_t omask;
+
+        /* Create a new file with the extension .tmp */
+        if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        omask = umask(077);
+        newfile = fopen(tmp_file, "w+");
+        umask(omask);
+        if (newfile == NULL) {
+            com_err(me, errno, "Error creating file %s", tmp_file);
+            goto cleanup;
+        }
+        set_cloexec_file(newfile);
+
+        fseek(pfile, 0, SEEK_SET);
+        while (fgets(line, MAX_LEN, pfile) != NULL) {
+            if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
+                if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    goto cleanup;
+                }
+            } else {
+                if (fprintf(newfile, "%s", line) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    goto cleanup;
+                }
+            }
+        }
+
+        if (!feof(pfile)) {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(newfile);
+            unlink(tmp_file);
+            goto cleanup;
+        }
+
+        /* TODO: file lock for the service password file */
+        fclose(pfile);
+        pfile = NULL;
+
+        fclose(newfile);
+        newfile = NULL;
+
+        if (unlink(file_name) == 0) {
+            link(tmp_file, file_name);
+        } else {
+            com_err(me, errno, "Failed to write service object password to file");
+            unlink(tmp_file);
+            goto cleanup;
+        }
+        unlink(tmp_file);
     }
     errcode = 0;
 
 cleanup:
     if (db_init_local)
-	krb5_ldap_close(util_context);
+        krb5_ldap_close(util_context);
 
     if (service_object)
-	free(service_object);
+        free(service_object);
 
     if (file_name)
-	free(file_name);
+        free(file_name);
 
     if (passwd)
-	free(passwd);
+        free(passwd);
 
     if (encrypted_passwd.value) {
-	memset(encrypted_passwd.value, 0, encrypted_passwd.len);
-	free(encrypted_passwd.value);
+        memset(encrypted_passwd.value, 0, encrypted_passwd.len);
+        free(encrypted_passwd.value);
     }
 
     if (pfile)
-	fclose(pfile);
+        fclose(pfile);
 
     if (tmp_file)
-	free(tmp_file);
+        free(tmp_file);
 
     if (print_usage)
-	db_usage(SET_SRV_PW);
+        db_usage(SET_SRV_PW);
 
     return errcode;
 }
@@ -1897,9 +1886,7 @@ cleanup:
  * little more secure than storing plain password in the file ...
  */
 void
-kdb5_ldap_stash_service_password(argc, argv)
-    int argc;
-    char **argv;
+kdb5_ldap_stash_service_password(int argc, char **argv)
 {
     int ret = 0;
     unsigned int passwd_len = 0;
@@ -1922,109 +1909,109 @@ kdb5_ldap_stash_service_password(argc, argv)
      *   'filename' is the path of the stash file
      */
     if (argc != 2 && argc != 4) {
-	print_usage = TRUE;
-	goto cleanup;
+        print_usage = TRUE;
+        goto cleanup;
     }
 
     if (argc == 4) {
-	/* Find the stash file name */
-	if (strcmp (argv[1], "-f") == 0) {
-	    if (((file_name = strdup (argv[2])) == NULL) ||
-	        ((service_object = strdup (argv[3])) == NULL)) {
-	        com_err(me, ENOMEM, "while setting service object password");
-	        goto cleanup;
-	    }
-	} else if (strcmp (argv[2], "-f") == 0) {
-	    if (((file_name = strdup (argv[3])) == NULL) ||
-	        ((service_object = strdup (argv[1])) == NULL)) {
-	        com_err(me, ENOMEM, "while setting service object password");
-	        goto cleanup;
-	    }
-	} else {
-	    print_usage = TRUE;
-	    goto cleanup;
-	}
-	if (file_name == NULL) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
+        /* Find the stash file name */
+        if (strcmp (argv[1], "-f") == 0) {
+            if (((file_name = strdup (argv[2])) == NULL) ||
+                ((service_object = strdup (argv[3])) == NULL)) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+        } else if (strcmp (argv[2], "-f") == 0) {
+            if (((file_name = strdup (argv[3])) == NULL) ||
+                ((service_object = strdup (argv[1])) == NULL)) {
+                com_err(me, ENOMEM, "while setting service object password");
+                goto cleanup;
+            }
+        } else {
+            print_usage = TRUE;
+            goto cleanup;
+        }
+        if (file_name == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
     } else { /* argc == 2 */
-	char *section;
-
-	service_object = strdup (argv[1]);
-	if (service_object == NULL) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    goto cleanup;
-	}
-
-	/* Pick up the stash-file name from krb5.conf */
-	profile_get_string(util_context->profile, KDB_REALM_SECTION,
-			   util_context->default_realm, KDB_MODULE_POINTER, NULL, &section);
-
-	if (section == NULL) {
-	    profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
-			       KDB_MODULE_POINTER, NULL, NULL, &section);
-	    if (section == NULL) {
-		/* Stash file path neither in krb5.conf nor on command line */
-		file_name = strdup(DEF_SERVICE_PASSWD_FILE);
-	        if (file_name == NULL) {
-	            com_err(me, ENOMEM, "while setting service object password");
-	            goto cleanup;
-	        }
-		goto done;
-	    }
-	}
-
-	profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
-			    "ldap_service_password_file", NULL, &file_name);
+        char *section;
+
+        service_object = strdup (argv[1]);
+        if (service_object == NULL) {
+            com_err(me, ENOMEM, "while setting service object password");
+            goto cleanup;
+        }
+
+        /* Pick up the stash-file name from krb5.conf */
+        profile_get_string(util_context->profile, KDB_REALM_SECTION,
+                           util_context->default_realm, KDB_MODULE_POINTER, NULL, &section);
+
+        if (section == NULL) {
+            profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                               KDB_MODULE_POINTER, NULL, NULL, &section);
+            if (section == NULL) {
+                /* Stash file path neither in krb5.conf nor on command line */
+                file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+                if (file_name == NULL) {
+                    com_err(me, ENOMEM, "while setting service object password");
+                    goto cleanup;
+                }
+                goto done;
+            }
+        }
+
+        profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
+                            "ldap_service_password_file", NULL, &file_name);
     }
 done:
 
     /* Get password from user */
     {
-	char prompt1[256], prompt2[256];
-
-	/* Get the service object password from the terminal */
-	memset(passwd, 0, sizeof (passwd));
-	passwd_len = sizeof (passwd);
-
-	/* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
-	assert (sizeof (prompt1) > (strlen (service_object)
-				    + sizeof ("Password for \" \"")));
-	snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object);
-
-	/* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
-	assert (sizeof (prompt2) > (strlen (service_object)
-				    + sizeof ("Re-enter Password for \" \"")));
-	snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object);
-
-	ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
-	if (ret != 0) {
-	    com_err(me, ret, "while setting service object password");
-	    memset(passwd, 0, sizeof (passwd));
-	    goto cleanup;
-	}
+        char prompt1[256], prompt2[256];
+
+        /* Get the service object password from the terminal */
+        memset(passwd, 0, sizeof (passwd));
+        passwd_len = sizeof (passwd);
+
+        /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
+        assert (sizeof (prompt1) > (strlen (service_object)
+                                    + sizeof ("Password for \" \"")));
+        snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object);
+
+        /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
+        assert (sizeof (prompt2) > (strlen (service_object)
+                                    + sizeof ("Re-enter Password for \" \"")));
+        snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object);
+
+        ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+        if (ret != 0) {
+            com_err(me, ret, "while setting service object password");
+            memset(passwd, 0, sizeof (passwd));
+            goto cleanup;
+        }
 
-	if (passwd_len == 0) {
-	    printf("%s: Invalid password\n", me);
-	    memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-	    goto cleanup;
-	}
+        if (passwd_len == 0) {
+            printf("%s: Invalid password\n", me);
+            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+            goto cleanup;
+        }
     }
 
     /* Convert the password to hexadecimal */
     {
-	krb5_data pwd;
+        krb5_data pwd;
 
-	pwd.length = passwd_len;
-	pwd.data = passwd;
+        pwd.length = passwd_len;
+        pwd.data = passwd;
 
-	ret = tohex(pwd, &hexpasswd);
-	if (ret != 0) {
-	    com_err(me, ret, "Failed to convert the password to hexadecimal");
-	    memset(passwd, 0, passwd_len);
-	    goto cleanup;
-	}
+        ret = tohex(pwd, &hexpasswd);
+        if (ret != 0) {
+            com_err(me, ret, "Failed to convert the password to hexadecimal");
+            memset(passwd, 0, passwd_len);
+            goto cleanup;
+        }
     }
     memset(passwd, 0, passwd_len);
 
@@ -2034,129 +2021,129 @@ done:
     old_mode = umask(0177);
     pfile = fopen(file_name, "a+");
     if (pfile == NULL) {
-	com_err(me, errno, "Failed to open file %s: %s", file_name,
-		strerror (errno));
-	goto cleanup;
+        com_err(me, errno, "Failed to open file %s: %s", file_name,
+                strerror (errno));
+        goto cleanup;
     }
     set_cloexec_file(pfile);
     rewind (pfile);
     umask(old_mode);
 
     while (fgets (line, MAX_LEN, pfile) != NULL) {
-	if ((str = strstr (line, service_object)) != NULL) {
-	    /* White spaces not allowed */
-	    if (line [strlen (service_object)] == '#')
-		break;
-	    str = NULL;
-	}
+        if ((str = strstr (line, service_object)) != NULL) {
+            /* White spaces not allowed */
+            if (line [strlen (service_object)] == '#')
+                break;
+            str = NULL;
+        }
     }
 
     if (str == NULL) {
-	if (feof(pfile)) {
-	    /* If the service object dn is not present in the service password file */
-	    if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
-		com_err(me, errno, "Failed to write service object password to file");
-		fclose(pfile);
-		goto cleanup;
-	    }
-	} else {
-	    com_err(me, errno, "Error reading service object password file");
-	    fclose(pfile);
-	    goto cleanup;
-	}
-	fclose(pfile);
+        if (feof(pfile)) {
+            /* If the service object dn is not present in the service password file */
+            if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
+                com_err(me, errno, "Failed to write service object password to file");
+                fclose(pfile);
+                goto cleanup;
+            }
+        } else {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(pfile);
+            goto cleanup;
+        }
+        fclose(pfile);
     } else {
-	/*
-	 * Password entry for the service object is already present in the file
-	 * Delete the existing entry and add the new entry
-	 */
-	FILE *newfile;
-
-	mode_t omask;
-
-	/* Create a new file with the extension .tmp */
-	if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
-	    com_err(me, ENOMEM, "while setting service object password");
-	    fclose(pfile);
-	    goto cleanup;
-	}
-
-	omask = umask(077);
-	newfile = fopen(tmp_file, "w");
-	umask (omask);
-	if (newfile == NULL) {
-	    com_err(me, errno, "Error creating file %s", tmp_file);
-	    fclose(pfile);
-	    goto cleanup;
-	}
-	set_cloexec_file(newfile);
-
-	fseek(pfile, 0, SEEK_SET);
-	while (fgets(line, MAX_LEN, pfile) != NULL) {
-	    if (((str = strstr(line, service_object)) != NULL) &&
-		(line[strlen(service_object)] == '#')) {
-		if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
-		    com_err(me, errno, "Failed to write service object password to file");
-		    fclose(newfile);
-		    unlink(tmp_file);
-		    fclose(pfile);
-		    goto cleanup;
-		}
-	    } else {
-		if (fprintf (newfile, "%s", line) < 0) {
-		    com_err(me, errno, "Failed to write service object password to file");
-		    fclose(newfile);
-		    unlink(tmp_file);
-		    fclose(pfile);
-		    goto cleanup;
-		}
-	    }
-	}
-
-	if (!feof(pfile)) {
-	    com_err(me, errno, "Error reading service object password file");
-	    fclose(newfile);
-	    unlink(tmp_file);
-	    fclose(pfile);
-	    goto cleanup;
-	}
-
-	/* TODO: file lock for the service passowrd file */
-
-	fclose(pfile);
-	fclose(newfile);
-
-	ret = rename(tmp_file, file_name);
-	if (ret != 0) {
-	    com_err(me, errno, "Failed to write service object password to "
-		    "file");
-	    goto cleanup;
-	}
+        /*
+         * Password entry for the service object is already present in the file
+         * Delete the existing entry and add the new entry
+         */
+        FILE *newfile;
+
+        mode_t omask;
+
+        /* Create a new file with the extension .tmp */
+        if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) {
+            com_err(me, ENOMEM, "while setting service object password");
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        omask = umask(077);
+        newfile = fopen(tmp_file, "w");
+        umask (omask);
+        if (newfile == NULL) {
+            com_err(me, errno, "Error creating file %s", tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+        set_cloexec_file(newfile);
+
+        fseek(pfile, 0, SEEK_SET);
+        while (fgets(line, MAX_LEN, pfile) != NULL) {
+            if (((str = strstr(line, service_object)) != NULL) &&
+                (line[strlen(service_object)] == '#')) {
+                if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            } else {
+                if (fprintf (newfile, "%s", line) < 0) {
+                    com_err(me, errno, "Failed to write service object password to file");
+                    fclose(newfile);
+                    unlink(tmp_file);
+                    fclose(pfile);
+                    goto cleanup;
+                }
+            }
+        }
+
+        if (!feof(pfile)) {
+            com_err(me, errno, "Error reading service object password file");
+            fclose(newfile);
+            unlink(tmp_file);
+            fclose(pfile);
+            goto cleanup;
+        }
+
+        /* TODO: file lock for the service passowrd file */
+
+        fclose(pfile);
+        fclose(newfile);
+
+        ret = rename(tmp_file, file_name);
+        if (ret != 0) {
+            com_err(me, errno, "Failed to write service object password to "
+                    "file");
+            goto cleanup;
+        }
     }
     ret = 0;
 
 cleanup:
 
     if (hexpasswd.length != 0) {
-	memset(hexpasswd.data, 0, hexpasswd.length);
-	free(hexpasswd.data);
+        memset(hexpasswd.data, 0, hexpasswd.length);
+        free(hexpasswd.data);
     }
 
     if (service_object)
-	free(service_object);
+        free(service_object);
 
     if (file_name)
-	free(file_name);
+        free(file_name);
 
     if (tmp_file)
-	free(tmp_file);
+        free(tmp_file);
 
     if (print_usage)
-	usage();
-/*	db_usage(STASH_SRV_PW); */
+        usage();
+/*      db_usage(STASH_SRV_PW); */
 
     if (ret)
-	exit_status++;
+        exit_status++;
 }
 
 #endif /* #ifdef HAVE_EDIRECTORY */
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
index 0322558..a2816d8 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_services.h
  */
@@ -31,22 +32,22 @@
 
 #include "ldap_misc.h"
 
-#define MAX_DN_CHARS 		256
-#define HOST_INFO_DELIMITER 	'#'
-#define PROTOCOL_STR_LEN 	3
-#define PROTOCOL_NUM_UDP 	0
-#define PROTOCOL_NUM_TCP 	1
-#define PROTOCOL_DEFAULT_KDC 	PROTOCOL_NUM_UDP
-#define PROTOCOL_DEFAULT_ADM 	PROTOCOL_NUM_TCP
-#define PROTOCOL_DEFAULT_PWD 	PROTOCOL_NUM_UDP
-#define PORT_STR_LEN 		5
-#define PORT_DEFAULT_KDC 	88
-#define PORT_DEFAULT_ADM 	749
-#define PORT_DEFAULT_PWD 	464
+#define MAX_DN_CHARS            256
+#define HOST_INFO_DELIMITER     '#'
+#define PROTOCOL_STR_LEN        3
+#define PROTOCOL_NUM_UDP        0
+#define PROTOCOL_NUM_TCP        1
+#define PROTOCOL_DEFAULT_KDC    PROTOCOL_NUM_UDP
+#define PROTOCOL_DEFAULT_ADM    PROTOCOL_NUM_TCP
+#define PROTOCOL_DEFAULT_PWD    PROTOCOL_NUM_UDP
+#define PORT_STR_LEN            5
+#define PORT_DEFAULT_KDC        88
+#define PORT_DEFAULT_ADM        749
+#define PORT_DEFAULT_PWD        464
 
-#define MAX_LEN 		1024
-#define MAX_SERVICE_PASSWD_LEN 	256
-#define RANDOM_PASSWD_LEN 	128
+#define MAX_LEN                 1024
+#define MAX_SERVICE_PASSWD_LEN  256
+#define RANDOM_PASSWD_LEN       128
 
 #define DEF_SERVICE_PASSWD_FILE "/usr/local/var/service_passwd"
 
@@ -58,8 +59,8 @@ struct data{
 extern int enc_password(struct data pwd, struct data *enc_key, struct data *enc_pass);
 extern int tohex(krb5_data, krb5_data *);
 
-extern void kdb5_ldap_create_service (int argc, char **argv);
-extern void kdb5_ldap_modify_service (int argc, char **argv);
+extern void kdb5_ldap_create_service(int argc, char **argv);
+extern void kdb5_ldap_modify_service(int argc, char **argv);
 extern void kdb5_ldap_destroy_service(int argc, char **argv);
 extern void kdb5_ldap_list_services(int argc, char **argv);
 extern void kdb5_ldap_view_service(int argc, char **argv);
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
index 0c99295..9357cc4 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_util.c
  *
@@ -104,95 +105,98 @@ krb5_boolean manual_mkey = FALSE;
  * This function prints the usage of kdb5_ldap_util, which is
  * the LDAP configuration utility.
  */
-void usage(void)
+void
+usage(void)
 {
     fprintf(stderr, "Usage: "
-"kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
-"\tcmd [cmd_options]\n"
+            "kdb5_ldap_util [-D user_dn [-w passwd]] [-H ldapuri]\n"
+            "\tcmd [cmd_options]\n"
 
 /* Create realm */
-"create          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
+            "create          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
 #ifdef HAVE_EDIRECTORY
-"\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
-"\t\t[-pwddn passwd_service_list]\n"
+            "\t\t[-kdcdn kdc_service_list] [-admindn admin_service_list]\n"
+            "\t\t[-pwddn passwd_service_list]\n"
 #endif
-"\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
+            "\t\t[-m|-P password|-sf stashfilename] [-k mkeytype] [-kv mkeyVNO] [-s]\n"
+            "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+            "\t\t[ticket_flags] [-r realm]\n"
 
 /* modify realm */
-"modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
+            "modify          [-subtrees subtree_dn_list] [-sscope search_scope] [-containerref container_reference_dn]\n"
 #ifdef HAVE_EDIRECTORY
-"\t\t[-kdcdn kdc_service_list |\n"
-"\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
-"\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
-"\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
-"\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
+            "\t\t[-kdcdn kdc_service_list |\n"
+            "\t\t[-clearkdcdn kdc_service_list] [-addkdcdn kdc_service_list]]\n"
+            "\t\t[-admindn admin_service_list | [-clearadmindn admin_service_list]\n"
+            "\t\t[-addadmindn admin_service_list]] [-pwddn passwd_service_list |\n"
+            "\t\t[-clearpwddn passwd_service_list] [-addpwddn passwd_service_list]]\n"
 #endif
-"\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
-"\t\t[ticket_flags] [-r realm]\n"
+            "\t\t[-maxtktlife max_ticket_life] [-maxrenewlife max_renewable_ticket_life]\n"
+            "\t\t[ticket_flags] [-r realm]\n"
 /* View realm */
-"view            [-r realm]\n"
+            "view            [-r realm]\n"
 
 /* Destroy realm */
-"destroy	        [-f] [-r realm]\n"
+            "destroy                [-f] [-r realm]\n"
 
 /* List realms */
-"list\n"
+            "list\n"
 
 #ifdef HAVE_EDIRECTORY
 /* Create Service */
-"create_service  {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
-"\t\t[-realm realm_list] \n"
-"\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
+            "create_service  {-kdc|-admin|-pwd} [-servicehost service_host_list]\n"
+            "\t\t[-realm realm_list] \n"
+            "\t\t[-randpw|-fileonly] [-f filename] service_dn\n"
 
 /* Modify service */
-"modify_service  [-servicehost service_host_list |\n"
-"\t\t[-clearservicehost service_host_list]\n"
-"\t\t[-addservicehost service_host_list]]\n"
-"\t\t[-realm realm_list | [-clearrealm realm_list]\n"
-"\t\t[-addrealm realm_list]] service_dn\n"
+            "modify_service  [-servicehost service_host_list |\n"
+            "\t\t[-clearservicehost service_host_list]\n"
+            "\t\t[-addservicehost service_host_list]]\n"
+            "\t\t[-realm realm_list | [-clearrealm realm_list]\n"
+            "\t\t[-addrealm realm_list]] service_dn\n"
 
 /* View Service */
-"view_service    service_dn\n"
+            "view_service    service_dn\n"
 
 /* Destroy Service */
-"destroy_service [-force] [-f stashfilename] service_dn\n"
+            "destroy_service [-force] [-f stashfilename] service_dn\n"
 
 /* List services */
-"list_service    [-basedn base_dn]\n"
+            "list_service    [-basedn base_dn]\n"
 
 /* Set Service password */
-"setsrvpw        [-randpw|-fileonly] [-f filename] service_dn\n"
+            "setsrvpw        [-randpw|-fileonly] [-f filename] service_dn\n"
 
 #else
 
 /* Stash the service password */
-"stashsrvpw      [-f filename] service_dn\n"
+            "stashsrvpw      [-f filename] service_dn\n"
 
 #endif
 
 /* Create policy */
-"create_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+            "create_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+            "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
 
 /* Modify policy */
-"modify_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
-"\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
+            "modify_policy   [-r realm] [-maxtktlife max_ticket_life]\n"
+            "\t\t[-maxrenewlife max_renewable_ticket_life] [ticket_flags] policy\n"
 
 /* View policy */
-"view_policy     [-r realm] policy\n"
+            "view_policy     [-r realm] policy\n"
 
 /* Destroy policy */
-"destroy_policy  [-r realm] [-force] policy\n"
+            "destroy_policy  [-r realm] [-force] policy\n"
 
 /* List policies */
-"list_policy     [-r realm]\n"
+            "list_policy     [-r realm]\n"
 
-	);
+    );
 }
 
-void db_usage (int type) {
+void
+db_usage(int type)
+{
     /*
      * This should print usage of 'type' command. For now, we will print usage
      * of all commands.
@@ -242,8 +246,8 @@ static struct _cmd_table *cmd_lookup(name)
     int i;
 
     for (i = 0; cmd_table[i].name != NULL; i++)
-	if (strcmp(cmd_table[i].name, name) == 0)
-	    return &cmd_table[i];
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return &cmd_table[i];
 
     return NULL;
 }
@@ -254,23 +258,24 @@ static struct _cmd_table *cmd_lookup(name)
  * in the command table, which can be used to get the corresponding
  * help from the help message table.
  */
-int cmd_index(name)
-    char *name;
+int
+cmd_index(char *name)
 {
     int i;
 
     if (name == NULL)
-	return -1;
+        return -1;
 
     for (i = 0; cmd_table[i].name != NULL; i++)
-	if (strcmp(cmd_table[i].name, name) == 0)
-	    return i;
+        if (strcmp(cmd_table[i].name, name) == 0)
+            return i;
 
     return -1;
 }
 
-static void extended_com_err_fn (const char *myprog, errcode_t code,
-				 const char *fmt, va_list args)
+static void
+extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt,
+                    va_list args)
 {
     const char *emsg;
     emsg = krb5_get_error_message (util_context, code);
@@ -280,9 +285,8 @@ static void extended_com_err_fn (const char *myprog, errcode_t code,
     fprintf (stderr, "\n");
 }
 
-int main(argc, argv)
-    int argc;
-    char *argv[];
+int
+main(int argc, char *argv[])
 {
     struct _cmd_table *cmd = NULL;
     char *koptarg = NULL, **cmd_argv = NULL;
@@ -310,16 +314,16 @@ int main(argc, argv)
     retval = krb5_init_context(&util_context);
     set_com_err_hook(extended_com_err_fn);
     if (retval) {
-	com_err (progname, retval, "while initializing Kerberos code");
-	exit_status++;
-	goto cleanup;
+        com_err (progname, retval, "while initializing Kerberos code");
+        exit_status++;
+        goto cleanup;
     }
 
     cmd_argv = (char **) malloc(sizeof(char *)*argc);
     if (cmd_argv == NULL) {
-	com_err(progname, ENOMEM, "while creating sub-command arguments");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, ENOMEM, "while creating sub-command arguments");
+        exit_status++;
+        goto cleanup;
     }
     memset(cmd_argv, 0, sizeof(char *)*argc);
     cmd_argc = 1;
@@ -328,101 +332,101 @@ int main(argc, argv)
 
     argv++; argc--;
     while (*argv) {
-	if (strcmp(*argv, "--help") == 0) {
-	    print_help_message = TRUE;
-	}
-	if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
-	    mkey_password = koptarg;
-	    manual_mkey = TRUE;
-	} else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
-	    global_params.realm = koptarg;
-	    global_params.mask |= KADM5_CONFIG_REALM;
-	    /* not sure this is really necessary */
-	    if ((retval = krb5_set_default_realm(util_context,
-						 global_params.realm))) {
-		com_err(progname, retval, "while setting default realm name");
-		exit_status++;
-		goto cleanup;
-	    }
-	} else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
-	    if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
-		com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
-		exit_status++;
-		goto cleanup;
+        if (strcmp(*argv, "--help") == 0) {
+            print_help_message = TRUE;
+        }
+        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+            mkey_password = koptarg;
+            manual_mkey = TRUE;
+        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+            global_params.realm = koptarg;
+            global_params.mask |= KADM5_CONFIG_REALM;
+            /* not sure this is really necessary */
+            if ((retval = krb5_set_default_realm(util_context,
+                                                 global_params.realm))) {
+                com_err(progname, retval, "while setting default realm name");
+                exit_status++;
+                goto cleanup;
+            }
+        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+            if (krb5_string_to_enctype(koptarg, &global_params.enctype)) {
+                com_err(progname, EINVAL, ": %s is an invalid enctype", koptarg);
+                exit_status++;
+                goto cleanup;
             } else
-		global_params.mask |= KADM5_CONFIG_ENCTYPE;
-	} else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
-	    global_params.kvno = (krb5_kvno) atoi(koptarg);
+                global_params.mask |= KADM5_CONFIG_ENCTYPE;
+        } else if (strcmp(*argv, "-kv") == 0 && ARG_VAL) {
+            global_params.kvno = (krb5_kvno) atoi(koptarg);
             if (global_params.kvno == IGNORE_VNO) {
                 com_err(progname, EINVAL, ": %s is an invalid mkeyVNO", koptarg);
-		exit_status++;
-		goto cleanup;
+                exit_status++;
+                goto cleanup;
             } else
                 global_params.mask |= KADM5_CONFIG_KVNO;
-	} else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
-	    global_params.mkey_name = koptarg;
-	    global_params.mask |= KADM5_CONFIG_MKEY_NAME;
-	} else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
-	    global_params.stash_file = koptarg;
-	    global_params.mask |= KADM5_CONFIG_STASH_FILE;
-	} else if (strcmp(*argv, "-m") == 0) {
-	    manual_mkey = TRUE;
-	    global_params.mkey_from_kbd = 1;
-	    global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-	} else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
-	    bind_dn = koptarg;
-	    if (bind_dn == NULL) {
-		com_err(progname, ENOMEM, "while reading ldap parameters");
-		exit_status++;
-		goto cleanup;
-	    }
-	    ldapmask |= CMD_LDAP_D;
-	} else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
-	    passwd = strdup(koptarg);
-	    if (passwd == NULL) {
-		com_err(progname, ENOMEM, "while reading ldap parameters");
-		exit_status++;
-		goto cleanup;
-	    }
-	    ldapmask |= CMD_LDAP_W;
-	} else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
-	    ldap_server = koptarg;
-	    if (ldap_server == NULL) {
-		com_err(progname, ENOMEM, "while reading ldap parameters");
-		exit_status++;
-		goto cleanup;
-	    }
-	    ldapmask |= CMD_LDAP_H;
-	} else if (cmd_lookup(*argv) != NULL) {
-	    if (cmd_argv[0] == NULL)
-		cmd_argv[0] = *argv;
-	    else {
-		free(cmd_argv);
-		cmd_argv = NULL;
-		usage();
-		goto cleanup;
-	    }
-	} else {
-	    cmd_argv[cmd_argc++] = *argv;
-	}
-	argv++; argc--;
+        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+            global_params.mkey_name = koptarg;
+            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
+        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+            global_params.stash_file = koptarg;
+            global_params.mask |= KADM5_CONFIG_STASH_FILE;
+        } else if (strcmp(*argv, "-m") == 0) {
+            manual_mkey = TRUE;
+            global_params.mkey_from_kbd = 1;
+            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
+        } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
+            bind_dn = koptarg;
+            if (bind_dn == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_D;
+        } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
+            passwd = strdup(koptarg);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_W;
+        } else if (strcmp(*argv, "-H") == 0 && ARG_VAL) {
+            ldap_server = koptarg;
+            if (ldap_server == NULL) {
+                com_err(progname, ENOMEM, "while reading ldap parameters");
+                exit_status++;
+                goto cleanup;
+            }
+            ldapmask |= CMD_LDAP_H;
+        } else if (cmd_lookup(*argv) != NULL) {
+            if (cmd_argv[0] == NULL)
+                cmd_argv[0] = *argv;
+            else {
+                free(cmd_argv);
+                cmd_argv = NULL;
+                usage();
+                goto cleanup;
+            }
+        } else {
+            cmd_argv[cmd_argc++] = *argv;
+        }
+        argv++; argc--;
     }
 
     if (cmd_argv[0] == NULL) {
-	free(cmd_argv);
-	cmd_argv = NULL;
-	usage();
-	goto cleanup;
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
     }
 
     /* if we need to print the help message (because of --help option)
      * we will print the help corresponding to the sub-command.
      */
     if (print_help_message) {
-	free(cmd_argv);
-	cmd_argv = NULL;
-	usage();
-	goto cleanup;
+        free(cmd_argv);
+        cmd_argv = NULL;
+        usage();
+        goto cleanup;
     }
 
     /* We need to check for the presence of default realm name only in
@@ -434,153 +438,153 @@ int main(argc, argv)
     }
 
     if (!util_context->default_realm) {
-	char *temp = NULL;
-	retval = krb5_get_default_realm(util_context, &temp);
-	if (retval) {
-	    if (realm_name_required) {
-		com_err (progname, retval, "while getting default realm");
-		exit_status++;
-		goto cleanup;
-	    }
-	} else
-	    util_context->default_realm = temp;
+        char *temp = NULL;
+        retval = krb5_get_default_realm(util_context, &temp);
+        if (retval) {
+            if (realm_name_required) {
+                com_err (progname, retval, "while getting default realm");
+                exit_status++;
+                goto cleanup;
+            }
+        } else
+            util_context->default_realm = temp;
     }
     /* If we have the realm name, we can safely say that
      * realm_name is required so that we don't neglect any information.
      */
     else
-	realm_name_required = TRUE;
+        realm_name_required = TRUE;
 
     retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
-				util_context->default_realm, KDB_MODULE_POINTER,
-				NULL,
-				&value);
+                                util_context->default_realm, KDB_MODULE_POINTER,
+                                NULL,
+                                &value);
 
     if (!(value)) {
-	retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
-				    KDB_MODULE_POINTER, NULL,
-				    NULL,
-				    &value);
-	if (!(value)) {
-	    if (util_context->default_realm)
-		conf_section = strdup(util_context->default_realm);
-	} else {
-	    conf_section = strdup(value);
-	    free(value);
-	}
+        retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                                    KDB_MODULE_POINTER, NULL,
+                                    NULL,
+                                    &value);
+        if (!(value)) {
+            if (util_context->default_realm)
+                conf_section = strdup(util_context->default_realm);
+        } else {
+            conf_section = strdup(value);
+            free(value);
+        }
     } else {
-	conf_section = strdup(value);
-	free(value);
+        conf_section = strdup(value);
+        free(value);
     }
 
     if (realm_name_required) {
-	retval = kadm5_get_config_params(util_context, 1,
-					 &global_params, &global_params);
-	if (retval) {
-	    com_err(progname, retval, "while retreiving configuration parameters");
-	    exit_status++;
-	    goto cleanup;
-	}
-	gp_is_static = 0;
+        retval = kadm5_get_config_params(util_context, 1,
+                                         &global_params, &global_params);
+        if (retval) {
+            com_err(progname, retval, "while retreiving configuration parameters");
+            exit_status++;
+            goto cleanup;
+        }
+        gp_is_static = 0;
     }
 
     if ((retval = krb5_ldap_lib_init()) != 0) {
-	com_err(progname, retval, "while initializing error handling");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, retval, "while initializing error handling");
+        exit_status++;
+        goto cleanup;
     }
 
     /* Initialize the ldap context */
     ldap_context = calloc(sizeof(krb5_ldap_context), 1);
     if (ldap_context == NULL) {
-	com_err(progname, ENOMEM, "while initializing ldap handle");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, ENOMEM, "while initializing ldap handle");
+        exit_status++;
+        goto cleanup;
     }
 
     ldap_context->kcontext = util_context;
 
     /* If LDAP parameters are specified, replace them with the values from config */
     if (ldapmask & CMD_LDAP_D) {
-	/* If password is not specified, prompt for it */
-	if (passwd == NULL) {
-	    passwd = (char *)malloc(MAX_PASSWD_LEN);
-	    if (passwd == NULL) {
-		com_err(progname, ENOMEM, "while retrieving ldap configuration");
-		exit_status++;
-		goto cleanup;
-	    }
-	    prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
-	    if (prompt == NULL) {
-		free(passwd);
-		passwd = NULL;
-		com_err(progname, ENOMEM, "while retrieving ldap configuration");
-		exit_status++;
-		goto cleanup;
-	    }
-	    memset(passwd, 0, MAX_PASSWD_LEN);
-	    passwd_len = MAX_PASSWD_LEN - 1;
-	    snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
-
-	    db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
-
-	    if ((db_retval) || (passwd_len == 0)) {
-		com_err(progname, ENOMEM, "while retrieving ldap configuration");
-		free(passwd);
-		passwd = NULL;
-		exit_status++;
-		goto cleanup;
-	    }
-	}
-
-	ldap_context->bind_pwd = passwd;
-	passwd = NULL;
+        /* If password is not specified, prompt for it */
+        if (passwd == NULL) {
+            passwd = (char *)malloc(MAX_PASSWD_LEN);
+            if (passwd == NULL) {
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                exit_status++;
+                goto cleanup;
+            }
+            prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
+            if (prompt == NULL) {
+                free(passwd);
+                passwd = NULL;
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                exit_status++;
+                goto cleanup;
+            }
+            memset(passwd, 0, MAX_PASSWD_LEN);
+            passwd_len = MAX_PASSWD_LEN - 1;
+            snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
+
+            db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
+
+            if ((db_retval) || (passwd_len == 0)) {
+                com_err(progname, ENOMEM, "while retrieving ldap configuration");
+                free(passwd);
+                passwd = NULL;
+                exit_status++;
+                goto cleanup;
+            }
+        }
+
+        ldap_context->bind_pwd = passwd;
+        passwd = NULL;
     }
 
     /* If ldaphost is specified, release entry filled by configuration & use this */
     if (ldapmask & CMD_LDAP_H) {
 
-	ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
-	if (ldap_context->server_info_list == NULL) {
-	    com_err(progname, ENOMEM, "while initializing server list");
-	    exit_status++;
-	    goto cleanup;
-	}
-
-	ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
-	if (ldap_context->server_info_list[0] == NULL) {
-	    com_err(progname, ENOMEM, "while initializing server list");
-	    exit_status++;
-	    goto cleanup;
-	}
-
-	ldap_context->server_info_list[0]->server_status = NOTSET;
-
-	ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
-	if (ldap_context->server_info_list[0]->server_name == NULL) {
-	    com_err(progname, ENOMEM, "while initializing server list");
-	    exit_status++;
-	    goto cleanup;
-	}
+        ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
+        if (ldap_context->server_info_list == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+        if (ldap_context->server_info_list[0] == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
+
+        ldap_context->server_info_list[0]->server_status = NOTSET;
+
+        ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
+        if (ldap_context->server_info_list[0]->server_name == NULL) {
+            com_err(progname, ENOMEM, "while initializing server list");
+            exit_status++;
+            goto cleanup;
+        }
     }
     if (bind_dn) {
-	ldap_context->bind_dn = strdup(bind_dn);
-	if (ldap_context->bind_dn == NULL) {
-	    com_err(progname, ENOMEM, "while retrieving ldap configuration");
-	    exit_status++;
-	    goto cleanup;
-	}
+        ldap_context->bind_dn = strdup(bind_dn);
+        if (ldap_context->bind_dn == NULL) {
+            com_err(progname, ENOMEM, "while retrieving ldap configuration");
+            exit_status++;
+            goto cleanup;
+        }
     } else
-	ldap_context->bind_dn = NULL;
+        ldap_context->bind_dn = NULL;
 
     ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
 
     if (realm_name_required) {
-	if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
-	    (!krb5_c_valid_enctype(global_params.enctype))) {
-	    com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
-		    "while setting up enctype %d", global_params.enctype);
-	}
+        if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
+            (!krb5_c_valid_enctype(global_params.enctype))) {
+            com_err(progname, KRB5_PROG_KEYTYPE_NOSUPP,
+                    "while setting up enctype %d", global_params.enctype);
+        }
     }
 
     cmd = cmd_lookup(cmd_argv[0]);
@@ -588,28 +592,28 @@ int main(argc, argv)
     /* Setup DAL handle to access the database */
     db_retval = krb5_db_setup_lib_handle(util_context);
     if (db_retval) {
-	com_err(progname, db_retval, "while setting up lib handle");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, db_retval, "while setting up lib handle");
+        exit_status++;
+        goto cleanup;
     }
     util_context->dal_handle->db_context = ldap_context;
     ldap_context = NULL;
 
     db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
     if (db_retval) {
-	com_err(progname, db_retval, "while reading ldap configuration");
-	exit_status++;
-	goto cleanup;
+        com_err(progname, db_retval, "while reading ldap configuration");
+        exit_status++;
+        goto cleanup;
     }
 
     if (cmd->opendb) {
-	db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context *)util_context->dal_handle->db_context);
-	if (db_retval) {
-	    com_err(progname, db_retval, "while initializing database");
-	    exit_status++;
-	    goto cleanup;
-	}
-	db_inited = TRUE;
+        db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context *)util_context->dal_handle->db_context);
+        if (db_retval) {
+            com_err(progname, db_retval, "while initializing database");
+            exit_status++;
+            goto cleanup;
+        }
+        db_inited = TRUE;
     }
     (*cmd->func)(cmd_argc, cmd_argv);
 
@@ -617,31 +621,31 @@ int main(argc, argv)
 
 cleanup:
     if (passwd) {
-	memset(passwd, 0, strlen(passwd));
-	free(passwd);
+        memset(passwd, 0, strlen(passwd));
+        free(passwd);
     }
 
     if (ldap_context) {
-	krb5_ldap_free_server_context_params(ldap_context);
-	free(ldap_context);
+        krb5_ldap_free_server_context_params(ldap_context);
+        free(ldap_context);
     }
 
     if (util_context) {
-	if (gp_is_static == 0)
-	    kadm5_free_config_params(util_context, &global_params);
-	krb5_ldap_close(util_context);
-	krb5_free_context(util_context);
+        if (gp_is_static == 0)
+            kadm5_free_config_params(util_context, &global_params);
+        krb5_ldap_close(util_context);
+        krb5_free_context(util_context);
     }
 
     if (cmd_argv)
-	free(cmd_argv);
+        free(cmd_argv);
     if (prompt)
-	free(prompt);
+        free(prompt);
     if (conf_section)
-	free(conf_section);
+        free(conf_section);
 
     if (usage_print) {
-	usage();
+        usage();
     }
 
     return exit_status;
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
index 8eb65af..572236b 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * kadmin/ldap_util/kdb5_ldap_util.h
  */
@@ -71,10 +72,10 @@ extern void db_usage(int);
 /* Following are the bitmaps that indicate which of the options among -D, -w, -h, -p & -t
  * were specified on the command line.
  */
-#define CMD_LDAP_D	0x1     /* set if -D option is specified */
-#define CMD_LDAP_W	0x2     /* set if -w option is specified */
-#define CMD_LDAP_H	0x4     /* set if -h option is specified */
-#define CMD_LDAP_P	0x8     /* set if -p option is specified */
+#define CMD_LDAP_D      0x1     /* set if -D option is specified */
+#define CMD_LDAP_W      0x2     /* set if -w option is specified */
+#define CMD_LDAP_H      0x4     /* set if -h option is specified */
+#define CMD_LDAP_P      0x8     /* set if -p option is specified */
 
 #define MAX_PASSWD_LEN          1024
 #define MAX_PASSWD_PROMPT_LEN   276     /* max_dn_size(=256) + strlen("Password for \" \"")=20 */
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
index 4306da1..bc6c27a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
+++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../../..
-myfulldir=plugins/kdb/ldap/libkdb_ldap
 mydir=plugins/kdb/ldap/libkdb_ldap
 BUILDTOP=$(REL)..$(S)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 # Lots of ugliness here because of duplicated symbol names.
@@ -18,7 +16,7 @@ DEFINES = \
 	-Dkrb5_dbe_update_tl_data=kdb_ldap_dbe_update_tl_data
 DEFS=
 
-LOCALINCLUDES = -I$(SRCTOP)/lib/kdb -I$(SRCTOP)/lib/krb5/asn.1
+LOCALINCLUDES = -I$(top_srcdir)/lib/kdb -I$(top_srcdir)/lib/krb5/asn.1
 
 LIBBASE=kdb_ldap
 LIBMAJOR=1
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/deps b/src/plugins/kdb/ldap/libkdb_ldap/deps
index eadbf0a..1754dd7 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/deps
+++ b/src/plugins/kdb/ldap/libkdb_ldap/deps
@@ -6,97 +6,97 @@ kdb_ldap.so kdb_ldap.po $(OUTPRE)kdb_ldap.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
   kdb_ldap.c kdb_ldap.h ldap_err.h ldap_krbcontainer.h \
   ldap_misc.h ldap_realm.h ldap_services.h
 kdb_ldap_conn.so kdb_ldap_conn.po $(OUTPRE)kdb_ldap_conn.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h kdb_ldap_conn.c \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h kdb_ldap_conn.c \
   ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
   ldap_realm.h ldap_service_stash.h ldap_services.h
 ldap_realm.so ldap_realm.po $(OUTPRE)ldap_realm.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_principal.h \
   ldap_pwd_policy.h ldap_realm.c ldap_realm.h ldap_services.h \
   ldap_tkt_policy.h
 ldap_create.so ldap_create.po $(OUTPRE)ldap_create.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_create.c ldap_err.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_create.c ldap_err.h \
   ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
   ldap_principal.h ldap_realm.h ldap_services.h ldap_tkt_policy.h
 ldap_krbcontainer.so ldap_krbcontainer.po $(OUTPRE)ldap_krbcontainer.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.c ldap_krbcontainer.h ldap_main.h \
   ldap_misc.h ldap_realm.h ldap_services.h
 ldap_principal.so ldap_principal.po $(OUTPRE)ldap_principal.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_principal.c \
   ldap_principal.h ldap_realm.h ldap_services.h ldap_tkt_policy.h \
   princ_xdr.h
@@ -105,20 +105,20 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
   kdb_ldap.h ldap_err.h ldap_handle.h ldap_krbcontainer.h \
   ldap_main.h ldap_misc.h ldap_principal.h ldap_principal2.c \
   ldap_pwd_policy.h ldap_realm.h ldap_services.h ldap_tkt_policy.h \
@@ -126,92 +126,92 @@ ldap_principal2.so ldap_principal2.po $(OUTPRE)ldap_principal2.$(OBJEXT): \
 ldap_pwd_policy.so ldap_pwd_policy.po $(OUTPRE)ldap_pwd_policy.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_pwd_policy.c \
   ldap_pwd_policy.h ldap_realm.h ldap_services.h
 ldap_misc.so ldap_misc.po $(OUTPRE)ldap_misc.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h $(top_srcdir)/include/gssrpc/auth_gss.h \
+  $(top_srcdir)/include/gssrpc/auth_unix.h $(top_srcdir)/include/gssrpc/clnt.h \
+  $(top_srcdir)/include/gssrpc/rename.h $(top_srcdir)/include/gssrpc/rpc.h \
+  $(top_srcdir)/include/gssrpc/rpc_msg.h $(top_srcdir)/include/gssrpc/svc.h \
+  $(top_srcdir)/include/gssrpc/svc_auth.h $(top_srcdir)/include/gssrpc/xdr.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_misc.c ldap_misc.h ldap_principal.h \
   ldap_pwd_policy.h ldap_realm.h ldap_services.h ldap_tkt_policy.h \
   princ_xdr.h
 ldap_handle.so ldap_handle.po $(OUTPRE)ldap_handle.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_handle.c ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_handle.c ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \
   ldap_services.h
 ldap_tkt_policy.so ldap_tkt_policy.po $(OUTPRE)ldap_tkt_policy.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \
   ldap_services.h ldap_tkt_policy.c ldap_tkt_policy.h
 ldap_services.so ldap_services.po $(OUTPRE)ldap_services.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \
   ldap_services.c ldap_services.h
 ldap_service_rights.so ldap_service_rights.po $(OUTPRE)ldap_service_rights.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_err.h ldap_handle.h \
   ldap_krbcontainer.h ldap_main.h ldap_misc.h ldap_realm.h \
   ldap_service_rights.c ldap_services.h
 princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \
@@ -219,61 +219,61 @@ princ_xdr.so princ_xdr.po $(OUTPRE)princ_xdr.$(OBJEXT): \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/kdb_ext.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/kdb/kdb5.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_ext.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h $(top_srcdir)/lib/kdb/kdb5.h \
   kdb_ldap.h ldap_krbcontainer.h ldap_principal.h ldap_realm.h \
   ldap_tkt_policy.h princ_xdr.c princ_xdr.h
 ldap_fetch_mkey.so ldap_fetch_mkey.po $(OUTPRE)ldap_fetch_mkey.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_fetch_mkey.c \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_fetch_mkey.c \
   ldap_handle.h ldap_krbcontainer.h ldap_main.h ldap_misc.h \
   ldap_realm.h ldap_services.h
 ldap_service_stash.so ldap_service_stash.po $(OUTPRE)ldap_service_stash.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_ext.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/kdb/kdb5.h kdb_ldap.h ldap_handle.h ldap_krbcontainer.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/kdb_ext.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  $(top_srcdir)/lib/kdb/kdb5.h kdb_ldap.h ldap_handle.h ldap_krbcontainer.h \
   ldap_main.h ldap_misc.h ldap_realm.h ldap_service_stash.c \
   ldap_service_stash.h ldap_services.h
 kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   kdb_xdr.c kdb_xdr.h
 ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   ldap_err.c ldap_err.h
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
index 27f094f..d443f8d 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ext.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/ldap/kdb_ext.c
  *
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
index 8f7e3bd..1966aa9 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap.c
  *
@@ -50,32 +51,32 @@ krb5_ldap_get_db_opt(char *input, char **opt, char **val)
 
     *val = NULL;
     if (pos == NULL) {
-	*opt = strdup(input);
-	if (*opt == NULL) {
-	    return ENOMEM;
-	}
+        *opt = strdup(input);
+        if (*opt == NULL) {
+            return ENOMEM;
+        }
     } else {
-	int len = pos - input;
-	*opt = malloc((unsigned) len + 1);
-	if (!*opt) {
-	    return ENOMEM;
-	}
-	memcpy(*opt, input, (unsigned) len);
-	/* ignore trailing blanks */
-	while (isblank((*opt)[len-1]))
-	    --len;
-	(*opt)[len] = '\0';
-
-	pos += 1; /* move past '=' */
-	while (isblank(*pos))  /* ignore leading blanks */
-	    pos += 1;
-	if (*pos != '\0') {
-	    *val = strdup (pos);
-	    if (!*val) {
-		free (*opt);
-		return ENOMEM;
-	    }
-	}
+        int len = pos - input;
+        *opt = malloc((unsigned) len + 1);
+        if (!*opt) {
+            return ENOMEM;
+        }
+        memcpy(*opt, input, (unsigned) len);
+        /* ignore trailing blanks */
+        while (isblank((*opt)[len-1]))
+            --len;
+        (*opt)[len] = '\0';
+
+        pos += 1; /* move past '=' */
+        while (isblank(*pos))  /* ignore leading blanks */
+            pos += 1;
+        if (*pos != '\0') {
+            *val = strdup (pos);
+            if (!*val) {
+                free (*opt);
+                return ENOMEM;
+            }
+        }
     }
     return (0);
 
@@ -108,17 +109,17 @@ krb5_ldap_read_startup_information(krb5_context context)
 
     SETUP_CONTEXT();
     if ((retval=krb5_ldap_read_krbcontainer_params(context, &(ldap_context->krbcontainer)))) {
-	prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
-	goto cleanup;
+        prepend_err_str (context, "Unable to read Kerberos container", retval, retval);
+        goto cleanup;
     }
 
     if ((retval=krb5_ldap_read_realm_params(context, context->default_realm, &(ldap_context->lrparams), &mask))) {
-	prepend_err_str (context, "Unable to read Realm", retval, retval);
-	goto cleanup;
+        prepend_err_str (context, "Unable to read Realm", retval, retval);
+        goto cleanup;
     }
 
     if (((mask & LDAP_REALM_MAXTICKETLIFE) == 0) || ((mask & LDAP_REALM_MAXRENEWLIFE) == 0)
-                                                 || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
+        || ((mask & LDAP_REALM_KRBTICKETFLAGS) == 0)) {
         kadm5_config_params  params_in, params_out;
 
         memset(&params_in, 0, sizeof(params_in));
@@ -167,11 +168,8 @@ cleanup:
  * value assertion.
  */
 static int
-has_rootdse_ava(context, ldap_server, attribute, value)
-    krb5_context     context;
-    char             *ldap_server;
-    char             *attribute;
-    char             *value;
+has_rootdse_ava(krb5_context context, char *ldap_server, char *attribute,
+                char *value)
 {
     int               i=0, flag=0, ret=0, retval=0;
     char              *attrs[2], **values=NULL;
@@ -184,8 +182,8 @@ has_rootdse_ava(context, ldap_server, attribute, value)
 
     retval = ldap_initialize(&ld, ldap_server);
     if (retval != LDAP_SUCCESS) {
-	ret = 2; /* Don't know */
-	goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     cred.bv_val = "";
@@ -194,50 +192,50 @@ has_rootdse_ava(context, ldap_server, attribute, value)
     /* Anonymous bind */
     retval = ldap_sasl_bind_s(ld, "", NULL, &cred, NULL, NULL, NULL);
     if (retval != LDAP_SUCCESS) {
-	ret = 2; /* Don't know */
-	goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     retval = ldap_search_ext_s(ld, "", LDAP_SCOPE_BASE, NULL, attrs, 0, NULL, NULL, NULL, 0, &res);
     if (retval != LDAP_SUCCESS) {
-	ret = 2; /* Don't know */
-	goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     msg = ldap_first_message(ld, res);
     if (msg == NULL) {
-	ret = 2; /* Don't know */
-	goto cleanup;
+        ret = 2; /* Don't know */
+        goto cleanup;
     }
 
     values = ldap_get_values(ld, msg, attribute);
     if (values == NULL) {
-	ret = 1; /* Not supported */
-	goto cleanup;
+        ret = 1; /* Not supported */
+        goto cleanup;
     }
 
     for (i = 0; values[i] != NULL; i++) {
-	if (strcmp(values[i], value) == 0) {
-	    flag = 1;
-	    break;
-	}
+        if (strcmp(values[i], value) == 0) {
+            flag = 1;
+            break;
+        }
     }
 
     if (flag != 1) {
-	ret = 1; /* Not supported */
-	goto cleanup;
+        ret = 1; /* Not supported */
+        goto cleanup;
     }
 
 cleanup:
 
     if (values != NULL)
-	ldap_value_free(values);
+        ldap_value_free(values);
 
     if (res != NULL)
-	ldap_msgfree(res);
+        ldap_msgfree(res);
 
     if (ld != NULL)
-	ldap_unbind_ext_s(ld, NULL, NULL);
+        ldap_unbind_ext_s(ld, NULL, NULL);
 
     return ret;
 }
@@ -252,23 +250,21 @@ cleanup:
  *   2 => don't know
  */
 int
-has_sasl_external_mech(context, ldap_server)
-    krb5_context     context;
-    char             *ldap_server;
+has_sasl_external_mech(krb5_context context, char *ldap_server)
 {
     int ret;
 
     ret = has_rootdse_ava(context, ldap_server,
-			  "supportedSASLMechanisms", "EXTERNAL");
+                          "supportedSASLMechanisms", "EXTERNAL");
     switch (ret) {
     case 1: /* not supported */
-	krb5_set_error_message(context, 1, "%s", ERR_MSG2);
-	break;
+        krb5_set_error_message(context, 1, "%s", ERR_MSG2);
+        break;
     case 2: /* don't know */
-	krb5_set_error_message(context, 1, "%s", ERR_MSG1);
-	break;
+        krb5_set_error_message(context, 1, "%s", ERR_MSG1);
+        break;
     default:
-	break;
+        break;
     }
 
     return ret;
@@ -280,24 +276,24 @@ has_modify_increment(context, ldap_server)
     char             *ldap_server;
 {
     return has_rootdse_ava(context, ldap_server,
-			   "supportedFeatures", "1.3.6.1.1.14");
+                           "supportedFeatures", "1.3.6.1.1.14");
 }
 
-void * krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
+void *
+krb5_ldap_alloc(krb5_context context, void *ptr, size_t size)
 {
     return realloc(ptr, size);
 }
 
-void krb5_ldap_free(krb5_context context, void *ptr)
-
+void
+krb5_ldap_free(krb5_context context, void *ptr)
 {
     free(ptr);
 }
 
-krb5_error_code krb5_ldap_open(krb5_context context,
-			       char *conf_section,
-			       char **db_args,
-			       int mode)
+krb5_error_code
+krb5_ldap_open(krb5_context context, char *conf_section, char **db_args,
+               int mode)
 {
     krb5_error_code status  = 0;
     char **t_ptr = db_args;
@@ -310,196 +306,196 @@ krb5_error_code krb5_ldap_open(krb5_context context,
 
     ldap_context = calloc(1, sizeof(krb5_ldap_context));
     if (ldap_context == NULL) {
-	status = ENOMEM;
-	goto clean_n_exit;
+        status = ENOMEM;
+        goto clean_n_exit;
     }
 
     ldap_context->kcontext = context;
 
     while (t_ptr && *t_ptr) {
-	char *opt = NULL, *val = NULL;
-
-	if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
-	    goto clean_n_exit;
-	}
-	if (opt && !strcmp(opt, "binddn")) {
-	    if (ldap_context->bind_dn) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'binddn' missing");
-		goto clean_n_exit;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'binddn' value missing");
-		free(opt);
-		goto clean_n_exit;
-	    }
-	    ldap_context->bind_dn = strdup(val);
-	    if (ldap_context->bind_dn == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-	} else if (opt && !strcmp(opt, "nconns")) {
-	    if (ldap_context->max_server_conns) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'nconns' missing");
-		goto clean_n_exit;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'nconns' value missing");
-		free(opt);
-		goto clean_n_exit;
-	    }
-	    ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
-	} else if (opt && !strcmp(opt, "bindpwd")) {
-	    if (ldap_context->bind_pwd) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'bindpwd' missing");
-		goto clean_n_exit;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'bindpwd' value missing");
-		free(opt);
-		goto clean_n_exit;
-	    }
-	    ldap_context->bind_pwd = strdup(val);
-	    if (ldap_context->bind_pwd == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-	} else if (opt && !strcmp(opt, "host")) {
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'host' value missing");
-		free(opt);
-		goto clean_n_exit;
-	    }
-	    if (ldap_context->server_info_list == NULL)
-		ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
-
-	    if (ldap_context->server_info_list == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-
-	    ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
-	    if (ldap_context->server_info_list[srv_cnt] == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-
-	    ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
-
-	    ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
-	    if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto clean_n_exit;
-	    }
-
-	    srv_cnt++;
+        char *opt = NULL, *val = NULL;
+
+        if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
+            goto clean_n_exit;
+        }
+        if (opt && !strcmp(opt, "binddn")) {
+            if (ldap_context->bind_dn) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->bind_dn = strdup(val);
+            if (ldap_context->bind_dn == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+        } else if (opt && !strcmp(opt, "nconns")) {
+            if (ldap_context->max_server_conns) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
+        } else if (opt && !strcmp(opt, "bindpwd")) {
+            if (ldap_context->bind_pwd) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' missing");
+                goto clean_n_exit;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            ldap_context->bind_pwd = strdup(val);
+            if (ldap_context->bind_pwd == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+        } else if (opt && !strcmp(opt, "host")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'host' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+            if (ldap_context->server_info_list == NULL)
+                ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (SERV_COUNT+1, sizeof (krb5_ldap_server_info *)) ;
+
+            if (ldap_context->server_info_list == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            ldap_context->server_info_list[srv_cnt] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+            if (ldap_context->server_info_list[srv_cnt] == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
+
+            ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
+            if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto clean_n_exit;
+            }
+
+            srv_cnt++;
 #ifdef HAVE_EDIRECTORY
-	} else if (opt && !strcmp(opt, "cert")) {
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'cert' value missing");
-		free(opt);
-		goto clean_n_exit;
-	    }
-
-	    if (ldap_context->root_certificate_file == NULL) {
-		ldap_context->root_certificate_file = strdup(val);
-		if (ldap_context->root_certificate_file == NULL) {
-		    free (opt);
-		    free (val);
-		    status = ENOMEM;
-		    goto clean_n_exit;
-		}
-	    } else {
-		char *newstr;
-
-		if (asprintf(&newstr, "%s %s",
-			     ldap_context->root_certificate_file, val) < 0) {
-		    free (opt);
-		    free (val);
-		    status = ENOMEM;
-		    goto clean_n_exit;
-		}
-		free(ldap_context->root_certificate_file);
-		ldap_context->root_certificate_file = newstr;
-	    }
+        } else if (opt && !strcmp(opt, "cert")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'cert' value missing");
+                free(opt);
+                goto clean_n_exit;
+            }
+
+            if (ldap_context->root_certificate_file == NULL) {
+                ldap_context->root_certificate_file = strdup(val);
+                if (ldap_context->root_certificate_file == NULL) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto clean_n_exit;
+                }
+            } else {
+                char *newstr;
+
+                if (asprintf(&newstr, "%s %s",
+                             ldap_context->root_certificate_file, val) < 0) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto clean_n_exit;
+                }
+                free(ldap_context->root_certificate_file);
+                ldap_context->root_certificate_file = newstr;
+            }
 #endif
-	} else {
-	    /* ignore hash argument. Might have been passed from create */
-	    status = EINVAL;
-	    if (opt && !strcmp(opt, "temporary")) {
-		/*
-		 * temporary is passed in when kdb5_util load without -update is done.
-		 * This is unsupported by the LDAP plugin.
-		 */
-		krb5_set_error_message (context, status,
-					"open of LDAP directory aborted, plugin requires -update argument");
-	    } else {
-		krb5_set_error_message (context, status, "unknown option \'%s\'",
-					opt?opt:val);
-	    }
-	    free(opt);
-	    free(val);
-	    goto clean_n_exit;
-	}
-
-	free(opt);
-	free(val);
-	t_ptr++;
+        } else {
+            /* ignore hash argument. Might have been passed from create */
+            status = EINVAL;
+            if (opt && !strcmp(opt, "temporary")) {
+                /*
+                 * temporary is passed in when kdb5_util load without -update is done.
+                 * This is unsupported by the LDAP plugin.
+                 */
+                krb5_set_error_message (context, status,
+                                        "open of LDAP directory aborted, plugin requires -update argument");
+            } else {
+                krb5_set_error_message (context, status, "unknown option \'%s\'",
+                                        opt?opt:val);
+            }
+            free(opt);
+            free(val);
+            goto clean_n_exit;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     dal_handle = context->dal_handle;
     dal_handle->db_context = ldap_context;
     status = krb5_ldap_read_server_params(context, conf_section, mode & 0x0300);
     if (status) {
-	if (ldap_context)
-	    krb5_ldap_free_ldap_context(ldap_context);
-	ldap_context = NULL;
-	dal_handle->db_context = NULL;
-	prepend_err_str (context, "Error reading LDAP server params: ", status, status);
-	goto clean_n_exit;
+        if (ldap_context)
+            krb5_ldap_free_ldap_context(ldap_context);
+        ldap_context = NULL;
+        dal_handle->db_context = NULL;
+        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+        goto clean_n_exit;
     }
     if ((status=krb5_ldap_db_init(context, ldap_context)) != 0) {
-	goto clean_n_exit;
+        goto clean_n_exit;
     }
 
     if ((status=krb5_ldap_read_startup_information(context)) != 0) {
-	goto clean_n_exit;
+        goto clean_n_exit;
     }
 
 clean_n_exit:
     /* may be clearing up is not required  db_fini might do it for us, check out */
     if (status) {
-	krb5_ldap_close(context);
+        krb5_ldap_close(context);
     }
     return status;
 }
 
 #include "ldap_err.h"
 int
-set_ldap_error (krb5_context ctx, int st, int op)
+set_ldap_error(krb5_context ctx, int st, int op)
 {
     int translated_st = translate_ldap_error(st, op);
     krb5_set_error_message(ctx, translated_st, "%s", ldap_err2string(st));
@@ -507,8 +503,8 @@ set_ldap_error (krb5_context ctx, int st, int op)
 }
 
 void
-prepend_err_str (krb5_context ctx, const char *str, krb5_error_code err,
-		 krb5_error_code oerr)
+prepend_err_str(krb5_context ctx, const char *str, krb5_error_code err,
+                krb5_error_code oerr)
 {
     const char *omsg;
     if (oerr == 0) oerr = err;
@@ -519,13 +515,15 @@ prepend_err_str (krb5_context ctx, const char *str, krb5_error_code err,
 extern krb5int_access accessor;
 MAKE_INIT_FUNCTION(kldap_init_fn);
 
-int kldap_init_fn(void)
+int
+kldap_init_fn(void)
 {
     /* Global (per-module) initialization.  */
     return krb5int_accessor (&accessor, KRB5INT_ACCESS_VERSION);
 }
 
-int kldap_ensure_initialized(void)
+int
+kldap_ensure_initialized(void)
 {
     return CALL_INIT_FUNCTION (kldap_init_fn);
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
index ea6d370..1ca09b4 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap.h
  *
@@ -78,21 +79,21 @@ extern struct timeval timelimit;
 #define CHECK_STATUS               1
 
 #define SETUP_CONTEXT() if (context == NULL || context->dal_handle == NULL \
-            || context->dal_handle->db_context == NULL) { \
-        return EINVAL; \
-    } \
-    dal_handle = context->dal_handle; \
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context; \
+                            || context->dal_handle->db_context == NULL) { \
+        return EINVAL;                                                  \
+    }                                                                   \
+    dal_handle = context->dal_handle;                                   \
+    ldap_context = (krb5_ldap_context *) dal_handle->db_context;        \
     if (ldap_context == NULL || ldap_context->server_info_list == NULL) \
         return KRB5_KDB_DBNOTINITED;
 
-#define GET_HANDLE()  ld = NULL; \
+#define GET_HANDLE()  ld = NULL;                                        \
     st = krb5_ldap_request_handle_from_pool(ldap_context, &ldap_server_handle); \
-    if (st != 0) { \
+    if (st != 0) {                                                      \
         prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
-        st = KRB5_KDB_ACCESS_ERROR; \
-        goto cleanup; \
-    } \
+        st = KRB5_KDB_ACCESS_ERROR;                                     \
+        goto cleanup;                                                   \
+    }                                                                   \
     ld = ldap_server_handle->ldap_handle;
 
 extern int set_ldap_error (krb5_context ctx, int st, int op);
@@ -100,44 +101,44 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 
 #define LDAP_SEARCH(base, scope, filter, attrs)   LDAP_SEARCH_1(base, scope, filter, attrs, CHECK_STATUS)
 
-#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)        \
-      do { \
-	  st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
-	  if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
-              tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
-	      if (ldap_server_handle) \
-		  ld = ldap_server_handle->ldap_handle; \
-	  } \
-      }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
-      \
-      if (status_check != IGNORE_STATUS) { \
-        if (tempst != 0) { \
+#define LDAP_SEARCH_1(base, scope, filter, attrs, status_check)         \
+    do {                                                                \
+        st = ldap_search_ext_s(ld, base, scope, filter, attrs, 0, NULL, NULL, &timelimit, LDAP_NO_LIMIT, &result); \
+        if (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR) { \
+            tempst = krb5_ldap_rebind(ldap_context, &ldap_server_handle); \
+            if (ldap_server_handle)                                     \
+                ld = ldap_server_handle->ldap_handle;                   \
+        }                                                               \
+    }while (translate_ldap_error(st, OP_SEARCH) == KRB5_KDB_ACCESS_ERROR && tempst == 0); \
+                                                                        \
+    if (status_check != IGNORE_STATUS) {                                \
+        if (tempst != 0) {                                              \
             prepend_err_str(context, "LDAP handle unavailable: ", KRB5_KDB_ACCESS_ERROR, st); \
-            st = KRB5_KDB_ACCESS_ERROR; \
-            goto cleanup; \
-        } \
-        if (st != LDAP_SUCCESS) { \
-	     st = set_ldap_error(context, st, OP_SEARCH); \
-	     goto cleanup; \
-        } \
-      }
-
-
-#define CHECK_CLASS_VALIDITY(st, mask, str) \
-	if (st != 0 || mask == 0) { \
-	    if (st == 0 && mask == 0) { \
-	       st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
-	    } \
-	    prepend_err_str(context, str, st, st); \
-	    goto cleanup; \
-	 }
-
-#define CHECK_NULL(ptr) if (ptr == NULL) { \
-                            st = ENOMEM; \
-                            goto cleanup; \
-                        }
-
-#define  STORE16_INT(ptr, val)	store_16_be(val, ptr)
+            st = KRB5_KDB_ACCESS_ERROR;                                 \
+            goto cleanup;                                               \
+        }                                                               \
+        if (st != LDAP_SUCCESS) {                                       \
+            st = set_ldap_error(context, st, OP_SEARCH);                \
+            goto cleanup;                                               \
+        }                                                               \
+    }
+
+
+#define CHECK_CLASS_VALIDITY(st, mask, str)                             \
+    if (st != 0 || mask == 0) {                                         \
+        if (st == 0 && mask == 0) {                                     \
+            st = set_ldap_error(context, LDAP_OBJECT_CLASS_VIOLATION, OP_SEARCH); \
+        }                                                               \
+        prepend_err_str(context, str, st, st);                          \
+        goto cleanup;                                                   \
+    }
+
+#define CHECK_NULL(ptr) if (ptr == NULL) {      \
+        st = ENOMEM;                            \
+        goto cleanup;                           \
+    }
+
+#define  STORE16_INT(ptr, val)  store_16_be(val, ptr)
 #define  STORE32_INT(ptr, val)  store_32_be(val, ptr)
 #define UNSTORE16_INT(ptr, val) (val = load_16_be(ptr))
 #define UNSTORE32_INT(ptr, val) (val = load_32_be(ptr))
@@ -157,10 +158,10 @@ extern void prepend_err_str (krb5_context ctx, const char *s, krb5_error_code er
 #define KDB_TL_LINKDN             0x07
 
 
-#define CHECK_LDAP_HANDLE(lcontext)     if (!(ldap_context \
-					      && ldap_context->server_info_list)) { \
-					  return KRB5_KDB_DBNOTINITED; \
-					}
+#define CHECK_LDAP_HANDLE(lcontext)     if (!(ldap_context              \
+                                              && ldap_context->server_info_list)) { \
+        return KRB5_KDB_DBNOTINITED;                                    \
+    }
 
 #define HNDL_LOCK(lcontext) k5_mutex_lock(&lcontext->hndl_lock)
 #define HNDL_UNLOCK(lcontext) k5_mutex_unlock(&lcontext->hndl_lock)
@@ -188,16 +189,16 @@ typedef struct  _krb5_ldap_server_handle {
 } krb5_ldap_server_handle;
 
 struct _krb5_ldap_server_info {
-    krb5_ldap_server_type	 server_type;
+    krb5_ldap_server_type        server_type;
     krb5_ldap_server_status      server_status;
     krb5_ui_4                    num_conns;
     krb5_ldap_server_handle      *ldap_server_handles;
     time_t                       downtime;
-    char			*server_name;
+    char                        *server_name;
 #ifdef HAVE_EDIRECTORY
-    char			*root_certificate_file;
+    char                        *root_certificate_file;
 #endif
-    int				 modify_increment;
+    int                          modify_increment;
     struct _krb5_ldap_server_info *next;
 };
 
@@ -207,33 +208,33 @@ struct _krb5_ldap_server_info {
 typedef enum {SERVICE_DN_TYPE_SERVER, SERVICE_DN_TYPE_CLIENT} krb5_ldap_servicetype;
 
 typedef struct _krb5_ldap_context {
-  krb5_ldap_servicetype         service_type;
-  krb5_ldap_server_info         **server_info_list;
-  krb5_ui_4                     max_server_conns;
-  char                          *conf_section;
-  char 		                *bind_dn;
-  char                          *bind_pwd;
-  char 		                *service_password_file;
-  char 		                *root_certificate_file;
-  char                          *service_cert_path;
-  char                          *service_cert_pass;
-  krb5_ldap_certificates        **certificates;
-  krb5_ui_4                     cert_count; /* certificate count */
-  k5_mutex_t                    hndl_lock;
-  krb5_ldap_krbcontainer_params *krbcontainer;
-  krb5_ldap_realm_params        *lrparams;
-  krb5_context                  kcontext;   /* to set the error code and message */
+    krb5_ldap_servicetype         service_type;
+    krb5_ldap_server_info         **server_info_list;
+    krb5_ui_4                     max_server_conns;
+    char                          *conf_section;
+    char                          *bind_dn;
+    char                          *bind_pwd;
+    char                          *service_password_file;
+    char                          *root_certificate_file;
+    char                          *service_cert_path;
+    char                          *service_cert_pass;
+    krb5_ldap_certificates        **certificates;
+    krb5_ui_4                     cert_count; /* certificate count */
+    k5_mutex_t                    hndl_lock;
+    krb5_ldap_krbcontainer_params *krbcontainer;
+    krb5_ldap_realm_params        *lrparams;
+    krb5_context                  kcontext;   /* to set the error code and message */
 } krb5_ldap_context;
 
 
 typedef struct {
-  int           nkey;
-  struct berval **keys;
+    int           nkey;
+    struct berval **keys;
 }KEY;
 
-#define k5ldap_inited(c) (c && c->db_context \
-                         && ((kdb5_dal_handle*)c->db_context)->db_context \
-                         && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
+#define k5ldap_inited(c) (c && c->db_context                            \
+                          && ((kdb5_dal_handle*)c->db_context)->db_context \
+                          && ((krb5_ldap_context *) ((kdb5_dal_handle*)c->db_context)->db_context))
 
 
 /* misc functions */
@@ -278,8 +279,8 @@ krb5_ldap_create(krb5_context , char *, char **);
 
 krb5_error_code
 krb5_ldap_open( krb5_context , char *,
-		char **db_args,
-		int mode );
+                char **db_args,
+                int mode );
 krb5_error_code
 krb5_ldap_close( krb5_context );
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index d757a6e..82b0333 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_ldap_conn.c
  *
@@ -38,55 +39,56 @@
 #include <kdb5.h>
 
 static krb5_error_code
-krb5_validate_ldap_context(krb5_context context, krb5_ldap_context *ldap_context)
+krb5_validate_ldap_context(krb5_context context,
+                           krb5_ldap_context *ldap_context)
 {
     krb5_error_code             st=0;
     unsigned char               *password=NULL;
 
     if (ldap_context->bind_dn == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "LDAP bind dn value missing ");
-	goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "LDAP bind dn value missing ");
+        goto err_out;
     }
 
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "LDAP bind password value missing ");
-	goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "LDAP bind password value missing ");
+        goto err_out;
     }
 
     if (ldap_context->bind_pwd == NULL && ldap_context->service_password_file !=
-	NULL && ldap_context->service_cert_path == NULL) {
-	if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
-	    prepend_err_str(context, "Error reading password from stash: ", st, st);
-	    goto err_out;
-	}
-
-	/* Check if the returned 'password' is actually the path of a certificate */
-	if (!strncmp("{FILE}", (char *)password, 6)) {
-	    /* 'password' format: <path>\0<password> */
-	    ldap_context->service_cert_path = strdup((char *)password + strlen("{FILE}"));
-	    if (password[strlen((char *)password) + 1] == '\0')
-		ldap_context->service_cert_pass = NULL;
-	    else
-		ldap_context->service_cert_pass = strdup((char *)password +
-							 strlen((char *)password) + 1);
-	    free(password);
-	} else {
-	    ldap_context->bind_pwd = (char *)password;
-	    if (ldap_context->bind_pwd == NULL) {
-		st = EINVAL;
-		krb5_set_error_message(context, st, "Error reading password from stash");
-		goto err_out;
-	    }
-	}
+        NULL && ldap_context->service_cert_path == NULL) {
+        if ((st=krb5_ldap_readpassword(context, ldap_context, &password)) != 0) {
+            prepend_err_str(context, "Error reading password from stash: ", st, st);
+            goto err_out;
+        }
+
+        /* Check if the returned 'password' is actually the path of a certificate */
+        if (!strncmp("{FILE}", (char *)password, 6)) {
+            /* 'password' format: <path>\0<password> */
+            ldap_context->service_cert_path = strdup((char *)password + strlen("{FILE}"));
+            if (password[strlen((char *)password) + 1] == '\0')
+                ldap_context->service_cert_pass = NULL;
+            else
+                ldap_context->service_cert_pass = strdup((char *)password +
+                                                         strlen((char *)password) + 1);
+            free(password);
+        } else {
+            ldap_context->bind_pwd = (char *)password;
+            if (ldap_context->bind_pwd == NULL) {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "Error reading password from stash");
+                goto err_out;
+            }
+        }
     }
 
     /* NULL password not allowed */
     if (ldap_context->bind_pwd != NULL && strlen(ldap_context->bind_pwd) == 0) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "Service password length is zero");
-	goto err_out;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Service password length is zero");
+        goto err_out;
     }
 
 err_out:
@@ -98,49 +100,47 @@ err_out:
  */
 
 static krb5_error_code
-krb5_ldap_bind(ldap_context, ldap_server_handle)
-    krb5_ldap_context           *ldap_context;
-    krb5_ldap_server_handle     *ldap_server_handle;
+krb5_ldap_bind(krb5_ldap_context *ldap_context,
+               krb5_ldap_server_handle *ldap_server_handle)
 {
     krb5_error_code             st=0;
     struct berval               bv={0, NULL}, *servercreds=NULL;
 
     if (ldap_context->service_cert_path != NULL) {
-	/* Certificate based bind (SASL EXTERNAL mechanism) */
-
-	st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-			      NULL,	   /* Authenticating dn */
-			      "EXTERNAL",  /* Method used for authentication */
-			      &bv,
-			      NULL,
-			      NULL,
-			      &servercreds);
-
-	if (st == LDAP_SASL_BIND_IN_PROGRESS) {
-	    st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-				  NULL,
-				  "EXTERNAL",
-				  servercreds,
-				  NULL,
-				  NULL,
-				  &servercreds);
-	}
+        /* Certificate based bind (SASL EXTERNAL mechanism) */
+
+        st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
+                              NULL,        /* Authenticating dn */
+                              "EXTERNAL",  /* Method used for authentication */
+                              &bv,
+                              NULL,
+                              NULL,
+                              &servercreds);
+
+        if (st == LDAP_SASL_BIND_IN_PROGRESS) {
+            st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
+                                  NULL,
+                                  "EXTERNAL",
+                                  servercreds,
+                                  NULL,
+                                  NULL,
+                                  &servercreds);
+        }
     } else {
-	/* password based simple bind */
+        /* password based simple bind */
         bv.bv_val = ldap_context->bind_pwd;
         bv.bv_len = strlen(ldap_context->bind_pwd);
         st = ldap_sasl_bind_s(ldap_server_handle->ldap_handle,
-                                ldap_context->bind_dn,
-                                NULL, &bv, NULL,
-                                NULL, NULL);
+                              ldap_context->bind_dn,
+                              NULL, &bv, NULL,
+                              NULL, NULL);
     }
     return st;
 }
 
 static krb5_error_code
-krb5_ldap_initialize(ldap_context, server_info)
-    krb5_ldap_context *ldap_context;
-    krb5_ldap_server_info *server_info;
+krb5_ldap_initialize(krb5_ldap_context *ldap_context,
+                     krb5_ldap_server_info *server_info)
 {
     krb5_error_code             st=0;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -148,33 +148,33 @@ krb5_ldap_initialize(ldap_context, server_info)
 
     ldap_server_handle = calloc(1, sizeof(krb5_ldap_server_handle));
     if (ldap_server_handle == NULL) {
-	st = ENOMEM;
-	goto err_out;
+        st = ENOMEM;
+        goto err_out;
     }
 
     /* ldap init */
     if ((st = ldap_initialize(&ldap_server_handle->ldap_handle, server_info->server_name)) != 0) {
-	if (ldap_context->kcontext)
-	    krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
-				    ldap_err2string(st));
-	st = KRB5_KDB_ACCESS_ERROR;
-	goto err_out;
+        if (ldap_context->kcontext)
+            krb5_set_error_message (ldap_context->kcontext, KRB5_KDB_ACCESS_ERROR, "%s",
+                                    ldap_err2string(st));
+        st = KRB5_KDB_ACCESS_ERROR;
+        goto err_out;
     }
 
     if ((st=krb5_ldap_bind(ldap_context, ldap_server_handle)) == 0) {
-	ldap_server_handle->server_info_update_pending = FALSE;
-	server_info->server_status = ON;
-	krb5_update_ldap_handle(ldap_server_handle, server_info);
+        ldap_server_handle->server_info_update_pending = FALSE;
+        server_info->server_status = ON;
+        krb5_update_ldap_handle(ldap_server_handle, server_info);
     } else {
-	if (ldap_context->kcontext)
-	    krb5_set_error_message (ldap_context->kcontext,
-				    KRB5_KDB_ACCESS_ERROR, "%s",
-				    ldap_err2string(st));
-	st = KRB5_KDB_ACCESS_ERROR;
-	server_info->server_status = OFF;
-	time(&server_info->downtime);
-	/* ldap_unbind_s(ldap_server_handle->ldap_handle); */
-	free(ldap_server_handle);
+        if (ldap_context->kcontext)
+            krb5_set_error_message (ldap_context->kcontext,
+                                    KRB5_KDB_ACCESS_ERROR, "%s",
+                                    ldap_err2string(st));
+        st = KRB5_KDB_ACCESS_ERROR;
+        server_info->server_status = OFF;
+        time(&server_info->downtime);
+        /* ldap_unbind_s(ldap_server_handle->ldap_handle); */
+        free(ldap_server_handle);
     }
 
 err_out:
@@ -194,7 +194,7 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
     struct timeval              local_timelimit = {10,0};
 
     if ((st=krb5_validate_ldap_context(context, ldap_context)) != 0)
-	goto err_out;
+        goto err_out;
 
     ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
 #ifdef LDAP_OPT_NETWORK_TIMEOUT
@@ -205,55 +205,55 @@ krb5_ldap_db_init(krb5_context context, krb5_ldap_context *ldap_context)
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-	return st;
+        return st;
     while (ldap_context->server_info_list[cnt] != NULL) {
-	krb5_ldap_server_info *server_info=NULL;
+        krb5_ldap_server_info *server_info=NULL;
 
-	server_info = ldap_context->server_info_list[cnt];
+        server_info = ldap_context->server_info_list[cnt];
 
-	if (server_info->server_status == NOTSET) {
-	    unsigned int conns=0;
+        if (server_info->server_status == NOTSET) {
+            unsigned int conns=0;
 
-	    /*
-	     * Check if the server has to perform certificate-based authentication
-	     */
-	    if (ldap_context->service_cert_path != NULL) {
-		/* Find out if the server supports SASL EXTERNAL mechanism */
-		if (has_sasl_external_mech(context, server_info->server_name) == 1) {
-		    cnt++;
-		    sasl_mech_supported = FALSE;
-		    continue; /* Check the next LDAP server */
-		}
-		sasl_mech_supported = TRUE;
-	    }
+            /*
+             * Check if the server has to perform certificate-based authentication
+             */
+            if (ldap_context->service_cert_path != NULL) {
+                /* Find out if the server supports SASL EXTERNAL mechanism */
+                if (has_sasl_external_mech(context, server_info->server_name) == 1) {
+                    cnt++;
+                    sasl_mech_supported = FALSE;
+                    continue; /* Check the next LDAP server */
+                }
+                sasl_mech_supported = TRUE;
+            }
 
-	    krb5_clear_error_message(context);
+            krb5_clear_error_message(context);
 
 #ifdef LDAP_MOD_INCREMENT
-	    server_info->modify_increment =
-		(has_modify_increment(context, server_info->server_name) == 0);
+            server_info->modify_increment =
+                (has_modify_increment(context, server_info->server_name) == 0);
 #else
-	    server_info->modify_increment = 0;
+            server_info->modify_increment = 0;
 #endif /* LDAP_MOD_INCREMENT */
 
-	    for (conns=0; conns < ldap_context->max_server_conns; ++conns) {
-		if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
-		    break;
-	    } /* for (conn= ... */
+            for (conns=0; conns < ldap_context->max_server_conns; ++conns) {
+                if ((st=krb5_ldap_initialize(ldap_context, server_info)) != 0)
+                    break;
+            } /* for (conn= ... */
 
-	    if (server_info->server_status == ON)
-		break;  /* server init successful, so break */
-	}
-	++cnt;
+            if (server_info->server_status == ON)
+                break;  /* server init successful, so break */
+        }
+        ++cnt;
     }
     HNDL_UNLOCK(ldap_context);
 
 err_out:
     if (sasl_mech_supported == FALSE) {
-	st = KRB5_KDB_ACCESS_ERROR;
-	krb5_set_error_message (context, st,
-				"Certificate based authentication requested but "
-				"not supported by LDAP servers");
+        st = KRB5_KDB_ACCESS_ERROR;
+        krb5_set_error_message (context, st,
+                                "Certificate based authentication requested but "
+                                "not supported by LDAP servers");
     }
     return (st);
 }
@@ -271,53 +271,54 @@ krb5_ldap_db_single_init(krb5_ldap_context *ldap_context)
     krb5_ldap_server_info       *server_info=NULL;
 
     while (ldap_context->server_info_list[cnt] != NULL) {
-	server_info = ldap_context->server_info_list[cnt];
-	if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
-	    if (server_info->num_conns < ldap_context->max_server_conns-1) {
-		st = krb5_ldap_initialize(ldap_context, server_info);
-		if (st == LDAP_SUCCESS)
-		    goto cleanup;
-	    }
-	}
-	++cnt;
+        server_info = ldap_context->server_info_list[cnt];
+        if ((server_info->server_status == NOTSET || server_info->server_status == ON)) {
+            if (server_info->num_conns < ldap_context->max_server_conns-1) {
+                st = krb5_ldap_initialize(ldap_context, server_info);
+                if (st == LDAP_SUCCESS)
+                    goto cleanup;
+            }
+        }
+        ++cnt;
     }
 
     /* If we are here, try to connect to all the servers */
 
     cnt = 0;
     while (ldap_context->server_info_list[cnt] != NULL) {
-	server_info = ldap_context->server_info_list[cnt];
-	st = krb5_ldap_initialize(ldap_context, server_info);
-	if (st == LDAP_SUCCESS)
-	    goto cleanup;
-	++cnt;
+        server_info = ldap_context->server_info_list[cnt];
+        st = krb5_ldap_initialize(ldap_context, server_info);
+        if (st == LDAP_SUCCESS)
+            goto cleanup;
+        ++cnt;
     }
 cleanup:
     return (st);
 }
 
 krb5_error_code
-krb5_ldap_rebind(ldap_context, ldap_server_handle)
-    krb5_ldap_context           *ldap_context;
-    krb5_ldap_server_handle     **ldap_server_handle;
+krb5_ldap_rebind(krb5_ldap_context *ldap_context,
+                 krb5_ldap_server_handle **ldap_server_handle)
 {
     krb5_ldap_server_handle     *handle = *ldap_server_handle;
 
     if ((ldap_initialize(&handle->ldap_handle, handle->server_info->server_name) != LDAP_SUCCESS)
-	|| (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
-	return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
+        || (krb5_ldap_bind(ldap_context, handle) != LDAP_SUCCESS))
+        return krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle);
     return LDAP_SUCCESS;
 }
 
 /*
  *     DAL API functions
  */
-krb5_error_code krb5_ldap_lib_init()
+krb5_error_code
+krb5_ldap_lib_init()
 {
     return 0;
 }
 
-krb5_error_code krb5_ldap_lib_cleanup()
+krb5_error_code
+krb5_ldap_lib_cleanup()
 {
     /* right now, no cleanup required */
     return 0;
@@ -327,7 +328,7 @@ krb5_error_code
 krb5_ldap_free_ldap_context(krb5_ldap_context *ldap_context)
 {
     if (ldap_context == NULL)
-	return 0;
+        return 0;
 
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
@@ -347,9 +348,9 @@ krb5_ldap_close(krb5_context context)
     krb5_ldap_context *ldap_context=NULL;
 
     if (context == NULL ||
-	context->dal_handle == NULL ||
-	context->dal_handle->db_context == NULL)
-	return 0;
+        context->dal_handle == NULL ||
+        context->dal_handle->db_context == NULL)
+        return 0;
 
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
index d4c6ac8..6085efb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/kdb_xdr.c
  *
@@ -34,10 +35,8 @@
 #define safe_realloc(p,n) ((p)?(realloc(p,n)):(malloc(n)))
 
 krb5_error_code
-krb5_dbe_update_tl_data(context, entry, new_tl_data)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_tl_data	* new_tl_data;
+krb5_dbe_update_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *new_tl_data)
 {
     krb5_tl_data        * tl_data;
     krb5_octet          * tmp;
@@ -46,32 +45,32 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
        fails */
 
     if ((tmp = (krb5_octet *) malloc(new_tl_data->tl_data_length)) == NULL)
-	return(ENOMEM);
+        return(ENOMEM);
 
     /* Find an existing entry of the specified type and point at
        it, or NULL if not found */
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next)
-	if (tl_data->tl_data_type == new_tl_data->tl_data_type)
-	    break;
+        if (tl_data->tl_data_type == new_tl_data->tl_data_type)
+            break;
 
     /* if necessary, chain a new record in the beginning and point at it */
 
     if (!tl_data) {
-	if ((tl_data = (krb5_tl_data *) calloc(1, sizeof(krb5_tl_data)))
-	    == NULL) {
-	    free(tmp);
-	    return(ENOMEM);
-	}
-	tl_data->tl_data_next = entry->tl_data;
-	entry->tl_data = tl_data;
-	entry->n_tl_data++;
+        if ((tl_data = (krb5_tl_data *) calloc(1, sizeof(krb5_tl_data)))
+            == NULL) {
+            free(tmp);
+            return(ENOMEM);
+        }
+        tl_data->tl_data_next = entry->tl_data;
+        entry->tl_data = tl_data;
+        entry->n_tl_data++;
     }
 
     /* fill in the record */
 
     if (tl_data->tl_data_contents)
-	free(tl_data->tl_data_contents);
+        free(tl_data->tl_data_contents);
 
     tl_data->tl_data_type = new_tl_data->tl_data_type;
     tl_data->tl_data_length = new_tl_data->tl_data_length;
@@ -82,18 +81,16 @@ krb5_dbe_update_tl_data(context, entry, new_tl_data)
 }
 
 krb5_error_code
-krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_tl_data        * ret_tl_data;
+krb5_dbe_lookup_tl_data(krb5_context context, krb5_db_entry *entry,
+                        krb5_tl_data *ret_tl_data)
 {
     krb5_tl_data *tl_data;
 
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data->tl_data_next) {
-	if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
-	    *ret_tl_data = *tl_data;
-	    return(0);
-	}
+        if (tl_data->tl_data_type == ret_tl_data->tl_data_type) {
+            *ret_tl_data = *tl_data;
+            return(0);
+        }
     }
 
     /* if the requested record isn't found, return zero bytes.
@@ -106,10 +103,8 @@ krb5_dbe_lookup_tl_data(context, entry, ret_tl_data)
 }
 
 krb5_error_code
-krb5_dbe_update_last_pwd_change(context, entry, stamp)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_timestamp	  stamp;
+krb5_dbe_update_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp stamp)
 {
     krb5_tl_data        tl_data;
     krb5_octet          buf[4]; /* this is the encoded size of an int32 */
@@ -123,23 +118,21 @@ krb5_dbe_update_last_pwd_change(context, entry, stamp)
 }
 
 krb5_error_code
-krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
-    krb5_context          context;
-    krb5_db_entry       * entry;
-    krb5_timestamp	* stamp;
+krb5_dbe_lookup_last_pwd_change(krb5_context context, krb5_db_entry *entry,
+                                krb5_timestamp *stamp)
 {
     krb5_tl_data        tl_data;
-    krb5_error_code	code;
-    krb5_int32		tmp;
+    krb5_error_code     code;
+    krb5_int32          tmp;
 
     tl_data.tl_data_type = KRB5_TL_LAST_PWD_CHANGE;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-	return(code);
+        return(code);
 
     if (tl_data.tl_data_length != 4) {
-	*stamp = 0;
-	return(0);
+        *stamp = 0;
+        return(0);
     }
 
     krb5_kdb_decode_int32(tl_data.tl_data_contents, tmp);
@@ -153,29 +146,27 @@ krb5_dbe_lookup_last_pwd_change(context, entry, stamp)
    I need one, I'll add one */
 
 krb5_error_code
-krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
-    krb5_context	  context;
-    krb5_db_entry	* entry;
-    krb5_timestamp	  mod_date;
-    krb5_const_principal  mod_princ;
+krb5_dbe_update_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp mod_date,
+                               krb5_const_principal mod_princ)
 {
     krb5_tl_data          tl_data;
 
-    krb5_error_code 	  retval = 0;
-    krb5_octet		* nextloc = 0;
-    char		* unparse_mod_princ = 0;
-    unsigned int	unparse_mod_princ_size;
+    krb5_error_code       retval = 0;
+    krb5_octet          * nextloc = 0;
+    char                * unparse_mod_princ = 0;
+    unsigned int        unparse_mod_princ_size;
 
     if ((retval = krb5_unparse_name(context, mod_princ,
-				    &unparse_mod_princ)))
-	return(retval);
+                                    &unparse_mod_princ)))
+        return(retval);
 
     unparse_mod_princ_size = strlen(unparse_mod_princ) + 1;
 
     if ((nextloc = (krb5_octet *) malloc(unparse_mod_princ_size + 4))
-	== NULL) {
-	free(unparse_mod_princ);
-	return(ENOMEM);
+        == NULL) {
+        free(unparse_mod_princ);
+        return(ENOMEM);
     }
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
@@ -197,32 +188,30 @@ krb5_dbe_update_mod_princ_data(context, entry, mod_date, mod_princ)
 }
 
 krb5_error_code
-krb5_dbe_lookup_mod_princ_data(context, entry, mod_time, mod_princ)
-    krb5_context	  context;
-    krb5_db_entry	* entry;
-    krb5_timestamp	* mod_time;
-    krb5_principal	* mod_princ;
+krb5_dbe_lookup_mod_princ_data(krb5_context context, krb5_db_entry *entry,
+                               krb5_timestamp *mod_time,
+                               krb5_principal *mod_princ)
 {
     krb5_tl_data        tl_data;
-    krb5_error_code	code;
+    krb5_error_code     code;
 
     tl_data.tl_data_type = KRB5_TL_MOD_PRINC;
 
     if ((code = krb5_dbe_lookup_tl_data(context, entry, &tl_data)))
-	return(code);
+        return(code);
 
     if ((tl_data.tl_data_length < 5) ||
-	(tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
-	return(KRB5_KDB_TRUNCATED_RECORD);
+        (tl_data.tl_data_contents[tl_data.tl_data_length-1] != '\0'))
+        return(KRB5_KDB_TRUNCATED_RECORD);
 
     /* Mod Date */
     krb5_kdb_decode_int32(tl_data.tl_data_contents, *mod_time);
 
     /* Mod Princ */
     if ((code = krb5_parse_name(context,
-				(const char *) (tl_data.tl_data_contents+4),
-				mod_princ)))
-	return(code);
+                                (const char *) (tl_data.tl_data_contents+4),
+                                mod_princ)))
+        return(code);
 
     return(0);
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h
index bd01ead..7e45710 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_xdr.h
@@ -1,34 +1,35 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef _KDB2_XDR_H
 #define _KDB2_XDR_H
 
 #include "kdb.h"
 
 krb5_error_code
-krb5_encode_princ_dbkey( krb5_context context,
-			 krb5_data  *key,
-			 krb5_const_principal principal);
+krb5_encode_princ_dbkey(krb5_context context,
+                        krb5_data *key,
+                        krb5_const_principal principal);
 
 krb5_error_code
-krb5_decode_princ_contents( krb5_context 	  context,
-			    krb5_data  		* content,
-			    krb5_db_entry 	* entry);
+krb5_decode_princ_contents(krb5_context context,
+                           krb5_data *content,
+                           krb5_db_entry *entry);
 
 void
-krb5_dbe_free_contents( krb5_context 	  context,
-			krb5_db_entry 	* entry);
+krb5_dbe_free_contents(krb5_context context,
+                       krb5_db_entry *entry);
 
 krb5_error_code
-krb5_encode_princ_contents( krb5_context 	  context,
-			    krb5_data  		* content,
-			    krb5_db_entry 	* entry);
+krb5_encode_princ_contents(krb5_context context,
+                           krb5_data *content,
+                           krb5_db_entry *entry);
 
 
 void
-krb5_free_princ_dbkey( krb5_context context,
-		       krb5_data  *key);
+krb5_free_princ_dbkey(krb5_context context,
+                      krb5_data *key);
 
 void
-krb5_free_princ_contents( krb5_context context,
-			  krb5_data *contents);
+krb5_free_princ_contents(krb5_context context,
+                         krb5_data *contents);
 
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
index 9974b17..3027316 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_create.c
  *
@@ -50,7 +51,7 @@
  * the specified attributes.
  */
 krb5_error_code
-krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
+krb5_ldap_create(krb5_context context, char *conf_section, char **db_args)
 {
     krb5_error_code status = 0;
     char  **t_ptr = db_args;
@@ -71,8 +72,8 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     ldap_context = malloc(sizeof(krb5_ldap_context));
     if (ldap_context == NULL) {
-	status = ENOMEM;
-	goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
     memset(ldap_context, 0, sizeof(*ldap_context));
 
@@ -80,158 +81,158 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     /* populate ldap_context with ldap specific options */
     while (t_ptr && *t_ptr) {
-	char *opt = NULL, *val = NULL;
-
-	if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
-	    goto cleanup;
-	}
-	if (opt && !strcmp(opt, "binddn")) {
-	    if (ldap_context->bind_dn) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'binddn' missing");
-		goto cleanup;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'binddn' value missing");
-		free(opt);
-		goto cleanup;
-	    }
-	    ldap_context->bind_dn = strdup(val);
-	    if (ldap_context->bind_dn == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto cleanup;
-	    }
-	} else if (opt && !strcmp(opt, "nconns")) {
-	    if (ldap_context->max_server_conns) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'nconns' missing");
-		goto cleanup;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'nconns' value missing");
-		free(opt);
-		goto cleanup;
-	    }
-	    ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
-	} else if (opt && !strcmp(opt, "bindpwd")) {
-	    if (ldap_context->bind_pwd) {
-		free (opt);
-		free (val);
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'bindpwd' missing");
-		goto cleanup;
-	    }
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'bindpwd' value missing");
-		free(opt);
-		goto cleanup;
-	    }
-	    ldap_context->bind_pwd = strdup(val);
-	    if (ldap_context->bind_pwd == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto cleanup;
-	    }
-	} else if (opt && !strcmp(opt, "host")) {
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'host' value missing");
-		free(opt);
-		goto cleanup;
-	    }
-	    if (ldap_context->server_info_list == NULL)
-		ldap_context->server_info_list =
-		    (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *));
-
-	    if (ldap_context->server_info_list == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto cleanup;
-	    }
-
-	    ldap_context->server_info_list[srv_cnt] =
-		(krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info));
-	    if (ldap_context->server_info_list[srv_cnt] == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto cleanup;
-	    }
-
-	    ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
-
-	    ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
-	    if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
-		free (opt);
-		free (val);
-		status = ENOMEM;
-		goto cleanup;
-	    }
-
-	    srv_cnt++;
+        char *opt = NULL, *val = NULL;
+
+        if ((status = krb5_ldap_get_db_opt(*t_ptr, &opt, &val)) != 0) {
+            goto cleanup;
+        }
+        if (opt && !strcmp(opt, "binddn")) {
+            if (ldap_context->bind_dn) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'binddn' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->bind_dn = strdup(val);
+            if (ldap_context->bind_dn == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+        } else if (opt && !strcmp(opt, "nconns")) {
+            if (ldap_context->max_server_conns) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'nconns' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->max_server_conns = atoi(val) ? atoi(val) : DEFAULT_CONNS_PER_SERVER;
+        } else if (opt && !strcmp(opt, "bindpwd")) {
+            if (ldap_context->bind_pwd) {
+                free (opt);
+                free (val);
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' missing");
+                goto cleanup;
+            }
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'bindpwd' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            ldap_context->bind_pwd = strdup(val);
+            if (ldap_context->bind_pwd == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+        } else if (opt && !strcmp(opt, "host")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'host' value missing");
+                free(opt);
+                goto cleanup;
+            }
+            if (ldap_context->server_info_list == NULL)
+                ldap_context->server_info_list =
+                    (krb5_ldap_server_info **) calloc(SERV_COUNT+1, sizeof(krb5_ldap_server_info *));
+
+            if (ldap_context->server_info_list == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            ldap_context->server_info_list[srv_cnt] =
+                (krb5_ldap_server_info *) calloc(1, sizeof(krb5_ldap_server_info));
+            if (ldap_context->server_info_list[srv_cnt] == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            ldap_context->server_info_list[srv_cnt]->server_status = NOTSET;
+
+            ldap_context->server_info_list[srv_cnt]->server_name = strdup(val);
+            if (ldap_context->server_info_list[srv_cnt]->server_name == NULL) {
+                free (opt);
+                free (val);
+                status = ENOMEM;
+                goto cleanup;
+            }
+
+            srv_cnt++;
 #ifdef HAVE_EDIRECTORY
-	} else if (opt && !strcmp(opt, "cert")) {
-	    if (val == NULL) {
-		status = EINVAL;
-		krb5_set_error_message (context, status, "'cert' value missing");
-		free(opt);
-		goto cleanup;
-	    }
-
-	    if (ldap_context->root_certificate_file == NULL) {
-		ldap_context->root_certificate_file = strdup(val);
-		if (ldap_context->root_certificate_file == NULL) {
-		    free (opt);
-		    free (val);
-		    status = ENOMEM;
-		    goto cleanup;
-		}
-	    } else {
-		char *newstr;
-
-		if (asprintf(&newstr, "%s %s",
-			     ldap_context->root_certificate_file, val) < 0) {
-		    free (opt);
-		    free (val);
-		    status = ENOMEM;
-		    goto cleanup;
-		}
-		ldap_context->root_certificate_file = newstr;
-	    }
+        } else if (opt && !strcmp(opt, "cert")) {
+            if (val == NULL) {
+                status = EINVAL;
+                krb5_set_error_message (context, status, "'cert' value missing");
+                free(opt);
+                goto cleanup;
+            }
+
+            if (ldap_context->root_certificate_file == NULL) {
+                ldap_context->root_certificate_file = strdup(val);
+                if (ldap_context->root_certificate_file == NULL) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto cleanup;
+                }
+            } else {
+                char *newstr;
+
+                if (asprintf(&newstr, "%s %s",
+                             ldap_context->root_certificate_file, val) < 0) {
+                    free (opt);
+                    free (val);
+                    status = ENOMEM;
+                    goto cleanup;
+                }
+                ldap_context->root_certificate_file = newstr;
+            }
 #endif
-	} else {
-	/* ignore hash argument. Might have been passed from create */
-	    status = EINVAL;
-	    if (opt && !strcmp(opt, "temporary")) {
-		/*
-		 * temporary is passed in when kdb5_util load without -update is done.
-		 * This is unsupported by the LDAP plugin.
-		 */
-		krb5_set_error_message (context, status,
-		    "creation of LDAP entries aborted, plugin requires -update argument");
-	    } else {
-		krb5_set_error_message (context, status, "unknown option \'%s\'",
-					opt?opt:val);
-	    }
-	    free(opt);
-	    free(val);
-	    goto cleanup;
-	}
-
-	free(opt);
-	free(val);
-	t_ptr++;
+        } else {
+            /* ignore hash argument. Might have been passed from create */
+            status = EINVAL;
+            if (opt && !strcmp(opt, "temporary")) {
+                /*
+                 * temporary is passed in when kdb5_util load without -update is done.
+                 * This is unsupported by the LDAP plugin.
+                 */
+                krb5_set_error_message (context, status,
+                                        "creation of LDAP entries aborted, plugin requires -update argument");
+            } else {
+                krb5_set_error_message (context, status, "unknown option \'%s\'",
+                                        opt?opt:val);
+            }
+            free(opt);
+            free(val);
+            goto cleanup;
+        }
+
+        free(opt);
+        free(val);
+        t_ptr++;
     }
 
     dal_handle = context->dal_handle;
@@ -239,121 +240,121 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args)
 
     status = krb5_ldap_read_server_params(context, conf_section, KRB5_KDB_SRV_TYPE_ADMIN);
     if (status) {
-	dal_handle->db_context = NULL;
-	prepend_err_str (context, "Error reading LDAP server params: ", status, status);
-	goto cleanup;
+        dal_handle->db_context = NULL;
+        prepend_err_str (context, "Error reading LDAP server params: ", status, status);
+        goto cleanup;
     }
     status = krb5_ldap_db_init(context, ldap_context);
     if (status) {
-	goto cleanup;
+        goto cleanup;
     }
 
     /* read the kerberos container */
     if ((status = krb5_ldap_read_krbcontainer_params(context,
-			    &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-
-	/* Read the kerberos container location from configuration file */
-	if (ldap_context->conf_section) {
-	    if ((status = profile_get_string(context->profile,
-					   KDB_MODULE_SECTION, ldap_context->conf_section,
-					   "ldap_kerberos_container_dn", NULL,
-					   &kparams.DN)) != 0) {
-		goto cleanup;
-	    }
-	}
-	if (kparams.DN == NULL) {
-	    if ((status = profile_get_string(context->profile,
-					   KDB_MODULE_DEF_SECTION,
-					   "ldap_kerberos_container_dn", NULL,
-					   NULL, &kparams.DN)) != 0) {
-		goto cleanup;
-	    }
-	}
-
-	/* create the kerberos container */
-	status = krb5_ldap_create_krbcontainer(context,
-					       ((kparams.DN != NULL) ? &kparams : NULL));
-	if (status)
-	    goto cleanup;
-
-	krbcontainer_obj_created = TRUE;
-
-	status = krb5_ldap_read_krbcontainer_params(context,
-						    &(ldap_context->krbcontainer));
-	if (status)
-	    goto cleanup;
+                                                     &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+
+        /* Read the kerberos container location from configuration file */
+        if (ldap_context->conf_section) {
+            if ((status = profile_get_string(context->profile,
+                                             KDB_MODULE_SECTION, ldap_context->conf_section,
+                                             "ldap_kerberos_container_dn", NULL,
+                                             &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+        if (kparams.DN == NULL) {
+            if ((status = profile_get_string(context->profile,
+                                             KDB_MODULE_DEF_SECTION,
+                                             "ldap_kerberos_container_dn", NULL,
+                                             NULL, &kparams.DN)) != 0) {
+                goto cleanup;
+            }
+        }
+
+        /* create the kerberos container */
+        status = krb5_ldap_create_krbcontainer(context,
+                                               ((kparams.DN != NULL) ? &kparams : NULL));
+        if (status)
+            goto cleanup;
+
+        krbcontainer_obj_created = TRUE;
+
+        status = krb5_ldap_read_krbcontainer_params(context,
+                                                    &(ldap_context->krbcontainer));
+        if (status)
+            goto cleanup;
 
     } else if (status) {
-	goto cleanup;
+        goto cleanup;
     }
 
     rparams = (krb5_ldap_realm_params *) malloc(sizeof(krb5_ldap_realm_params));
     if (rparams == NULL) {
-	status = ENOMEM;
-	goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
     memset(rparams, 0, sizeof(*rparams));
     rparams->realm_name = strdup(context->default_realm);
     if (rparams->realm_name == NULL) {
-	status = ENOMEM;
-	goto cleanup;
+        status = ENOMEM;
+        goto cleanup;
     }
 
     if ((status = krb5_ldap_create_realm(context, rparams, mask)))
-	goto cleanup;
+        goto cleanup;
 
     /* We just created the Realm container. Here starts our transaction tracking */
     realm_obj_created = TRUE;
 
     /* verify realm object */
     if ((status = krb5_ldap_read_realm_params(context,
-					      rparams->realm_name,
-					      &(ldap_context->lrparams),
-					      &mask)))
-	goto cleanup;
+                                              rparams->realm_name,
+                                              &(ldap_context->lrparams),
+                                              &mask)))
+        goto cleanup;
 
 #ifdef HAVE_EDIRECTORY
     if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-	(mask & LDAP_REALM_PASSWDSERVERS)) {
-
-	rightsmask =0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
-	    for (i=0; (rparams->kdcservers[i] != NULL); i++) {
-		if ((status=krb5_ldap_add_service_rights(context,
-				     LDAP_KDC_SERVICE, rparams->kdcservers[i],
-				     rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    goto cleanup;
-		}
-	    }
-	}
-
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->adminservers != NULL)) {
-	    for (i=0; (rparams->adminservers[i] != NULL); i++) {
-		if ((status=krb5_ldap_add_service_rights(context,
-				     LDAP_ADMIN_SERVICE, rparams->adminservers[i],
-				     rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    goto cleanup;
-		}
-	    }
-	}
-
-	rightsmask = 0;
-	rightsmask |= LDAP_REALM_RIGHTS;
-	rightsmask |= LDAP_SUBTREE_RIGHTS;
-	if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
-	    for (i=0; (rparams->passwdservers[i] != NULL); i++) {
-		if ((status=krb5_ldap_add_service_rights(context,
-				     LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
-				     rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
-		    goto cleanup;
-		}
-	    }
-	}
+        (mask & LDAP_REALM_PASSWDSERVERS)) {
+
+        rightsmask =0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+            for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+            for (i=0; (rparams->adminservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
+
+        rightsmask = 0;
+        rightsmask |= LDAP_REALM_RIGHTS;
+        rightsmask |= LDAP_SUBTREE_RIGHTS;
+        if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+            for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+                if ((status=krb5_ldap_add_service_rights(context,
+                                                         LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                         rparams->realm_name, rparams->subtree, rparams->containerref, rightsmask)) != 0) {
+                    goto cleanup;
+                }
+            }
+        }
     }
 #endif
 
@@ -361,19 +362,19 @@ cleanup:
 
     /* If the krbcontainer/realm creation is not complete, do the roll-back here */
     if ((krbcontainer_obj_created) && (!realm_obj_created)) {
-	int rc;
-	rc = krb5_ldap_delete_krbcontainer(context,
-		    ((kparams.DN != NULL) ? &kparams : NULL));
-	krb5_set_error_message(context, rc,
-	    "could not complete roll-back, error deleting Kerberos Container");
+        int rc;
+        rc = krb5_ldap_delete_krbcontainer(context,
+                                           ((kparams.DN != NULL) ? &kparams : NULL));
+        krb5_set_error_message(context, rc,
+                               "could not complete roll-back, error deleting Kerberos Container");
     }
 
     /* should call krb5_ldap_free_krbcontainer_params() but can't */
     if (kparams.DN != NULL)
-	krb5_xfree(kparams.DN);
+        krb5_xfree(kparams.DN);
 
     if (rparams)
-	krb5_ldap_free_realm_params(rparams);
+        krb5_ldap_free_realm_params(rparams);
 
     return(status);
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
index 5bfaa78..16f9dcc 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <ldap.h>
 #include <errno.h>
 #include <krb5.h>
@@ -59,135 +60,136 @@
  *  OP_ABANDON => ldap_abandon
  */
 
-int translate_ldap_error(int err, int op) {
+int
+translate_ldap_error(int err, int op) {
 
     switch (err) {
     case LDAP_SUCCESS:
-	return 0;
+        return 0;
 
     case LDAP_OPERATIONS_ERROR:
-	/* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
-	 * unable to respond with a more specific error and is also unable
-	 * to properly respond to a request */
+        /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is
+         * unable to respond with a more specific error and is also unable
+         * to properly respond to a request */
     case LDAP_UNAVAILABLE_CRITICAL_EXTENSION:
-	/* LDAP server was unable to satisfy a request because one or more
-	 * critical extensions were not available */
-	/* This might mean that the schema was not extended ... */
+        /* LDAP server was unable to satisfy a request because one or more
+         * critical extensions were not available */
+        /* This might mean that the schema was not extended ... */
     case LDAP_UNDEFINED_TYPE:
-	/* The attribute specified in the modify or add operation does not
-	 * exist in the LDAP server's schema. */
-	return KRB5_KDB_INTERNAL_ERROR;
+        /* The attribute specified in the modify or add operation does not
+         * exist in the LDAP server's schema. */
+        return KRB5_KDB_INTERNAL_ERROR;
 
 
     case LDAP_INAPPROPRIATE_MATCHING:
-	/* The matching rule specified in the search filter does not match a
-	 * rule defined for the attribute's syntax */
-	return KRB5_KDB_UK_RERROR;
+        /* The matching rule specified in the search filter does not match a
+         * rule defined for the attribute's syntax */
+        return KRB5_KDB_UK_RERROR;
 
     case LDAP_CONSTRAINT_VIOLATION:
-	/* The attribute value specified in a modify, add, or modify DN
-	 * operation violates constraints placed on the attribute */
+        /* The attribute value specified in a modify, add, or modify DN
+         * operation violates constraints placed on the attribute */
     case LDAP_TYPE_OR_VALUE_EXISTS:
-	/* The attribute value specified in a modify or add operation
-	 * already exists as a value for that attribute */
-	return KRB5_KDB_UK_SERROR;
+        /* The attribute value specified in a modify or add operation
+         * already exists as a value for that attribute */
+        return KRB5_KDB_UK_SERROR;
 
     case LDAP_INVALID_SYNTAX:
-	/* The attribute value specified in an add, compare, or modify
-	 * operation is an unrecognized or invalid syntax for the attribute */
-	if (op == OP_ADD || op == OP_MOD)
-	    return KRB5_KDB_UK_SERROR;
-	else /* OP_CMP */
-	    return KRB5_KDB_UK_RERROR;
-
-	/* Ensure that the following don't occur in the DAL-LDAP code.
-	 * Don't rely on the LDAP server to catch it */
+        /* The attribute value specified in an add, compare, or modify
+         * operation is an unrecognized or invalid syntax for the attribute */
+        if (op == OP_ADD || op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_UK_RERROR;
+
+        /* Ensure that the following don't occur in the DAL-LDAP code.
+         * Don't rely on the LDAP server to catch it */
     case LDAP_SASL_BIND_IN_PROGRESS:
-	/* This is not an error. So, this function should not be called */
+        /* This is not an error. So, this function should not be called */
     case LDAP_COMPARE_FALSE:
     case LDAP_COMPARE_TRUE:
-	/* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
-	 * function should not be invoked for them */
+        /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This
+         * function should not be invoked for them */
     case LDAP_RESULTS_TOO_LARGE: /* CLDAP */
     case LDAP_TIMELIMIT_EXCEEDED:
     case LDAP_SIZELIMIT_EXCEEDED:
-	return KRB5_KDB_SERVER_INTERNAL_ERR;
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
 
     case LDAP_INVALID_DN_SYNTAX:
-	/* The syntax of the DN is incorrect */
-	return EINVAL;
+        /* The syntax of the DN is incorrect */
+        return EINVAL;
 
     case LDAP_PROTOCOL_ERROR:
-	/* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
-	 * invalid or malformed request from the client */
+        /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an
+         * invalid or malformed request from the client */
     case LDAP_CONFIDENTIALITY_REQUIRED:
 
-	/* Bind problems ... */
+        /* Bind problems ... */
     case LDAP_AUTH_METHOD_NOT_SUPPORTED:
-/*	case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
+/*      case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */
     case LDAP_INAPPROPRIATE_AUTH:
     case LDAP_INVALID_CREDENTIALS:
     case LDAP_UNAVAILABLE:
-	return KRB5_KDB_ACCESS_ERROR;
+        return KRB5_KDB_ACCESS_ERROR;
 
     case LDAP_STRONG_AUTH_REQUIRED:
-	if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
-	    return KRB5_KDB_ACCESS_ERROR;
-	else /* Client requested an operation such that requires strong authentication */
-	    return KRB5_KDB_CONSTRAINT_VIOLATION;
+        if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */
+            return KRB5_KDB_ACCESS_ERROR;
+        else /* Client requested an operation such that requires strong authentication */
+            return KRB5_KDB_CONSTRAINT_VIOLATION;
 
     case LDAP_REFERRAL:
-	return KRB5_KDB_NOENTRY;
+        return KRB5_KDB_NOENTRY;
 
     case LDAP_ADMINLIMIT_EXCEEDED:
-	/* An LDAP server limit set by an administrative authority has been
-	 * exceeded */
-	return KRB5_KDB_CONSTRAINT_VIOLATION;
+        /* An LDAP server limit set by an administrative authority has been
+         * exceeded */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
     case LDAP_UNWILLING_TO_PERFORM:
-	/* The LDAP server cannot process the request because of
-	 * server-defined restrictions */
-	return KRB5_KDB_CONSTRAINT_VIOLATION;
+        /* The LDAP server cannot process the request because of
+         * server-defined restrictions */
+        return KRB5_KDB_CONSTRAINT_VIOLATION;
 
 
     case LDAP_NO_SUCH_ATTRIBUTE:
-	/* Indicates that the attribute specified in the modify or compare
-	 * operation does not exist in the entry */
-	if (op == OP_MOD)
-	    return KRB5_KDB_UK_SERROR;
-	else /* OP_CMP */
-	    return KRB5_KDB_TRUNCATED_RECORD;
+        /* Indicates that the attribute specified in the modify or compare
+         * operation does not exist in the entry */
+        if (op == OP_MOD)
+            return KRB5_KDB_UK_SERROR;
+        else /* OP_CMP */
+            return KRB5_KDB_TRUNCATED_RECORD;
 
 
     case LDAP_ALIAS_DEREF_PROBLEM:
-	/* Either the client does not have access rights to read the aliased
-	 * object's name or dereferencing is not allowed */
+        /* Either the client does not have access rights to read the aliased
+         * object's name or dereferencing is not allowed */
 #ifdef LDAP_PROXY_AUTHZ_FAILURE
     case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ?
 #endif
     case LDAP_INSUFFICIENT_ACCESS:
-	/* Caller does not have sufficient rights to perform the requested
-	 * operation */
-	return KRB5_KDB_UNAUTH;
+        /* Caller does not have sufficient rights to perform the requested
+         * operation */
+        return KRB5_KDB_UNAUTH;
 
     case LDAP_LOOP_DETECT:
-	/* Client discovered an alias or referral loop */
-	return KRB5_KDB_DB_CORRUPT;
+        /* Client discovered an alias or referral loop */
+        return KRB5_KDB_DB_CORRUPT;
 
     default:
 
-	if (LDAP_NAME_ERROR (err))
-	    return KRB5_KDB_NOENTRY;
+        if (LDAP_NAME_ERROR (err))
+            return KRB5_KDB_NOENTRY;
 
-	if (LDAP_SECURITY_ERROR (err))
-	    return KRB5_KDB_UNAUTH;
+        if (LDAP_SECURITY_ERROR (err))
+            return KRB5_KDB_UNAUTH;
 
-	if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
-	    return KRB5_KDB_ACCESS_ERROR;
+        if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err))
+            return KRB5_KDB_ACCESS_ERROR;
 
-	if (LDAP_UPDATE_ERROR(err))
-	    return KRB5_KDB_UK_SERROR;
+        if (LDAP_UPDATE_ERROR(err))
+            return KRB5_KDB_UK_SERROR;
 
-	/* LDAP_OTHER */
-	return KRB5_KDB_SERVER_INTERNAL_ERR;
+        /* LDAP_OTHER */
+        return KRB5_KDB_SERVER_INTERNAL_ERR;
     }
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
index f83e583..1f86692 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #define OP_INIT 1
 #define OP_BIND 2
 #define OP_UNBIND 3
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
index ad90109..ca4fc7d 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_fetch_mkey.c
  *
@@ -36,10 +37,7 @@
  */
 
 krb5_error_code
-krb5_ldap_get_mkey (context, key)
-    krb5_context               context;
-    krb5_keyblock              **key;
-
+krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -51,7 +49,7 @@ krb5_ldap_get_mkey (context, key)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     *key = &ldap_context->lrparams->mkey;
     return 0;
@@ -63,10 +61,7 @@ krb5_ldap_get_mkey (context, key)
  */
 
 krb5_error_code
-krb5_ldap_set_mkey (context, pwd, key)
-    krb5_context                context;
-    char                        *pwd;
-    krb5_keyblock               *key;
+krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -79,13 +74,13 @@ krb5_ldap_set_mkey (context, pwd, key)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     r_params = ldap_context->lrparams;
 
     if (r_params->mkey.contents) {
-	free (r_params->mkey.contents);
-	r_params->mkey.contents=NULL;
+        free (r_params->mkey.contents);
+        r_params->mkey.contents=NULL;
     }
 
     r_params->mkey.magic = key->magic;
@@ -93,15 +88,14 @@ krb5_ldap_set_mkey (context, pwd, key)
     r_params->mkey.length = key->length;
     r_params->mkey.contents = malloc(key->length);
     if (r_params->mkey.contents == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     memcpy(r_params->mkey.contents, key->contents, key->length);
     return 0;
 }
 
 krb5_error_code
-krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list)
-
+krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
 {
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -113,7 +107,7 @@ krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     *key_list = ldap_context->lrparams->mkey_list;
     return 0;
@@ -133,7 +127,7 @@ krb5_ldap_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
 
     if (ldap_context == NULL || ldap_context->lrparams == NULL)
-	return KRB5_KDB_DBNOTINITED;
+        return KRB5_KDB_DBNOTINITED;
 
     r_params = ldap_context->lrparams;
     r_params->mkey_list = key_list;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
index 8187cdc..9035949 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_handle.c
  *
@@ -43,45 +44,44 @@
  */
 
 static krb5_error_code
-krb5_update_server_info(ldap_server_handle, server_info)
-    krb5_ldap_server_handle    *ldap_server_handle;
-    krb5_ldap_server_info      *server_info;
+krb5_update_server_info(krb5_ldap_server_handle *ldap_server_handle,
+                        krb5_ldap_server_info *server_info)
 {
     krb5_error_code            st=0;
     struct timeval             ztime={0, 0};
     LDAPMessage                *result=NULL;
 
     if (ldap_server_handle == NULL || server_info == NULL)
-	return -1;
+        return -1;
 
     while (st == 0) {
-	st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
-			 LDAP_MSG_ALL, &ztime, &result);
-	switch (st) {
-	case -1:
-	    server_info->server_status = OFF;
-	    time(&server_info->downtime);
-	    break;
-
-	case 0:
-	    continue;
-	    break;
-
-	case LDAP_RES_BIND:
-	    if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
-		server_info->server_status = ON;
-	    } else {
-		/* ?? */	krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
-		server_info->server_status = OFF;
-		time(&server_info->downtime);
-	    }
-	    ldap_msgfree(result);
-	    break;
-	default:
-	    ldap_msgfree(result);
-	    continue;
-	    break;
-	}
+        st = ldap_result(ldap_server_handle->ldap_handle, ldap_server_handle->msgid,
+                         LDAP_MSG_ALL, &ztime, &result);
+        switch (st) {
+        case -1:
+            server_info->server_status = OFF;
+            time(&server_info->downtime);
+            break;
+
+        case 0:
+            continue;
+            break;
+
+        case LDAP_RES_BIND:
+            if ((st=ldap_result2error(ldap_server_handle->ldap_handle, result, 1)) == LDAP_SUCCESS) {
+                server_info->server_status = ON;
+            } else {
+                /* ?? */        krb5_set_error_message(0, 0, "%s", ldap_err2string(st));
+                server_info->server_status = OFF;
+                time(&server_info->downtime);
+            }
+            ldap_msgfree(result);
+            break;
+        default:
+            ldap_msgfree(result);
+            continue;
+            break;
+        }
     }
     ldap_server_handle->server_info_update_pending = FALSE;
     return 0;
@@ -94,35 +94,34 @@ krb5_update_server_info(ldap_server_handle, server_info)
  */
 
 static krb5_ldap_server_handle *
-krb5_get_ldap_handle(ldap_context)
-    krb5_ldap_context          *ldap_context;
+krb5_get_ldap_handle(krb5_ldap_context *ldap_context)
 {
     krb5_ldap_server_handle    *ldap_server_handle=NULL;
     krb5_ldap_server_info      *ldap_server_info=NULL;
     int                        cnt=0;
 
     while (ldap_context->server_info_list[cnt] != NULL) {
-	ldap_server_info = ldap_context->server_info_list[cnt];
-	if (ldap_server_info->server_status != OFF) {
-	    if (ldap_server_info->ldap_server_handles != NULL) {
-		ldap_server_handle = ldap_server_info->ldap_server_handles;
-		ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-		break;
+        ldap_server_info = ldap_context->server_info_list[cnt];
+        if (ldap_server_info->server_status != OFF) {
+            if (ldap_server_info->ldap_server_handles != NULL) {
+                ldap_server_handle = ldap_server_info->ldap_server_handles;
+                ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+                break;
 #ifdef ASYNC_BIND
-		if (ldap_server_handle->server_info_update_pending == TRUE) {
-		    krb5_update_server_info(context, ldap_server_handle,
-					    ldap_server_info);
-		}
-
-		if (ldap_server_info->server_status == ON) {
-		    ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-		    break;
-		} else
-		    ldap_server_handle = NULL;
+                if (ldap_server_handle->server_info_update_pending == TRUE) {
+                    krb5_update_server_info(context, ldap_server_handle,
+                                            ldap_server_info);
+                }
+
+                if (ldap_server_info->server_status == ON) {
+                    ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+                    break;
+                } else
+                    ldap_server_handle = NULL;
 #endif
-	    }
-	}
-	++cnt;
+            }
+        }
+        ++cnt;
     }
     return ldap_server_handle;
 }
@@ -135,14 +134,13 @@ krb5_get_ldap_handle(ldap_context)
  */
 
 static krb5_ldap_server_handle *
-krb5_retry_get_ldap_handle(ldap_context, st)
-    krb5_ldap_context          *ldap_context;
-    krb5_error_code            *st;
+krb5_retry_get_ldap_handle(krb5_ldap_context *ldap_context,
+                           krb5_error_code *st)
 {
     krb5_ldap_server_handle    *ldap_server_handle=NULL;
 
     if ((*st=krb5_ldap_db_single_init(ldap_context)) != 0)
-	return NULL;
+        return NULL;
 
     ldap_server_handle = krb5_get_ldap_handle(ldap_context);
     return ldap_server_handle;
@@ -155,12 +153,11 @@ krb5_retry_get_ldap_handle(ldap_context, st)
  */
 
 static krb5_error_code
-krb5_put_ldap_handle(ldap_server_handle)
-    krb5_ldap_server_handle    *ldap_server_handle;
+krb5_put_ldap_handle(krb5_ldap_server_handle *ldap_server_handle)
 {
 
     if (ldap_server_handle == NULL)
-	return 0;
+        return 0;
 
     ldap_server_handle->next = ldap_server_handle->server_info->ldap_server_handles;
     ldap_server_handle->server_info->ldap_server_handles = ldap_server_handle;
@@ -174,13 +171,12 @@ krb5_put_ldap_handle(ldap_server_handle)
  */
 
 krb5_error_code
-krb5_update_ldap_handle(ldap_server_handle, server_info)
-    krb5_ldap_server_handle    *ldap_server_handle;
-    krb5_ldap_server_info      *server_info;
+krb5_update_ldap_handle(krb5_ldap_server_handle *ldap_server_handle,
+                        krb5_ldap_server_info *server_info)
 {
 
     if (ldap_server_handle == NULL || server_info == NULL)
-	return 0;
+        return 0;
 
     ldap_server_handle->next = server_info->ldap_server_handles;
     server_info->ldap_server_handles = ldap_server_handle;
@@ -195,17 +191,16 @@ krb5_update_ldap_handle(ldap_server_handle, server_info)
  */
 
 static krb5_error_code
-krb5_ldap_cleanup_handles(ldap_server_info)
-    krb5_ldap_server_info      *ldap_server_info;
+krb5_ldap_cleanup_handles(krb5_ldap_server_info *ldap_server_info)
 {
     krb5_ldap_server_handle    *ldap_server_handle = NULL;
 
     while (ldap_server_info->ldap_server_handles != NULL) {
-	ldap_server_handle = ldap_server_info->ldap_server_handles;
-	ldap_server_info->ldap_server_handles = ldap_server_handle->next;
-	/* ldap_unbind_s(ldap_server_handle); */
-	free (ldap_server_handle);
-	ldap_server_handle = NULL;
+        ldap_server_handle = ldap_server_info->ldap_server_handles;
+        ldap_server_info->ldap_server_handles = ldap_server_handle->next;
+        /* ldap_unbind_s(ldap_server_handle); */
+        free (ldap_server_handle);
+        ldap_server_handle = NULL;
     }
     return 0;
 }
@@ -215,9 +210,9 @@ krb5_ldap_cleanup_handles(ldap_server_info)
  */
 
 krb5_error_code
-krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    **ldap_server_handle;
+krb5_ldap_request_handle_from_pool(krb5_ldap_context *ldap_context,
+                                   krb5_ldap_server_handle **
+                                   ldap_server_handle)
 {
     krb5_error_code            st=0;
 
@@ -225,9 +220,9 @@ krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-	return st;
+        return st;
     if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
-	(*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
     HNDL_UNLOCK(ldap_context);
     return st;
 }
@@ -238,22 +233,22 @@ krb5_ldap_request_handle_from_pool(ldap_context, ldap_server_handle)
  */
 
 krb5_error_code
-krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    **ldap_server_handle;
+krb5_ldap_request_next_handle_from_pool(krb5_ldap_context *ldap_context,
+                                        krb5_ldap_server_handle **
+                                        ldap_server_handle)
 {
     krb5_error_code            st=0;
 
     st = HNDL_LOCK(ldap_context);
     if (st)
-	return st;
+        return st;
     (*ldap_server_handle)->server_info->server_status = OFF;
     time(&(*ldap_server_handle)->server_info->downtime);
     krb5_put_ldap_handle(*ldap_server_handle);
     krb5_ldap_cleanup_handles((*ldap_server_handle)->server_info);
 
     if (((*ldap_server_handle)=krb5_get_ldap_handle(ldap_context)) == NULL)
-	(*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
+        (*ldap_server_handle)=krb5_retry_get_ldap_handle(ldap_context, &st);
     HNDL_UNLOCK(ldap_context);
     return st;
 }
@@ -263,15 +258,14 @@ krb5_ldap_request_next_handle_from_pool(ldap_context, ldap_server_handle)
  */
 
 void
-krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle)
-    krb5_ldap_context          *ldap_context;
-    krb5_ldap_server_handle    *ldap_server_handle;
+krb5_ldap_put_handle_to_pool(krb5_ldap_context *ldap_context,
+                             krb5_ldap_server_handle *ldap_server_handle)
 {
     if (ldap_server_handle != NULL) {
-	if (HNDL_LOCK(ldap_context) == 0) {
-	    krb5_put_ldap_handle(ldap_server_handle);
-	    HNDL_UNLOCK(ldap_context);
-	}
+        if (HNDL_LOCK(ldap_context) == 0) {
+            krb5_put_ldap_handle(ldap_server_handle);
+            HNDL_UNLOCK(ldap_context);
+        }
     }
     return;
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
index c351c1f..4f289c8 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_handle.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_handle.h
  *
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
index 5b9fa5c..0b5f099 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_krbcontainer.c
  *
@@ -43,16 +44,16 @@ void
 krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
 {
     if (cparams == NULL)
-	return;
+        return;
 
     if (cparams->policyreference)
-	krb5_xfree(cparams->policyreference);
+        krb5_xfree(cparams->policyreference);
 
     if (cparams->parent)
-	krb5_xfree(cparams->parent);
+        krb5_xfree(cparams->parent);
 
     if (cparams->DN)
-	krb5_xfree(cparams->DN);
+        krb5_xfree(cparams->DN);
 
     krb5_xfree(cparams);
 
@@ -69,8 +70,8 @@ krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *cparams)
  */
 
 krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context	context,
-				   krb5_ldap_krbcontainer_params **cparamp)
+krb5_ldap_read_krbcontainer_params(krb5_context context,
+                                   krb5_ldap_krbcontainer_params **cparamp)
 
 {
     krb5_error_code                 st=0, tempst=0;
@@ -90,24 +91,24 @@ krb5_ldap_read_krbcontainer_params(krb5_context	context,
 
     /* read kerberos containter location from [dbmodules] section of krb5.conf file */
     if (ldap_context->conf_section) {
-	if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
-				   "ldap_kerberos_container_dn", NULL,
-				   &cparams->DN)) != 0) {
-	    krb5_set_error_message(context, st, "Error reading kerberos container location "
-				   "from krb5.conf");
-	    goto cleanup;
-	}
+        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, ldap_context->conf_section,
+                                   "ldap_kerberos_container_dn", NULL,
+                                   &cparams->DN)) != 0) {
+            krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                   "from krb5.conf");
+            goto cleanup;
+        }
     }
 
     /* read kerberos containter location from [dbdefaults] section of krb5.conf file */
     if (cparams->DN == NULL) {
-	if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
-				   "ldap_kerberos_container_dn", NULL,
-				   NULL, &cparams->DN)) != 0) {
-	    krb5_set_error_message(context, st, "Error reading kerberos container location "
-				   "from krb5.conf");
-	    goto cleanup;
-	}
+        if ((st=profile_get_string(context->profile, KDB_MODULE_DEF_SECTION,
+                                   "ldap_kerberos_container_dn", NULL,
+                                   NULL, &cparams->DN)) != 0) {
+            krb5_set_error_message(context, st, "Error reading kerberos container location "
+                                   "from krb5.conf");
+            goto cleanup;
+        }
     }
 
 #ifndef HAVE_EDIRECTORY
@@ -116,26 +117,26 @@ krb5_ldap_read_krbcontainer_params(krb5_context	context,
  * is missing in the conf file. In openldap we will have to return an error.
  */
     if (cparams->DN == NULL) {
-	st = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message(context, st, "Kerberos container location not specified");
-	goto cleanup;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message(context, st, "Kerberos container location not specified");
+        goto cleanup;
     }
 #endif
 
     if (cparams->DN != NULL) {
-	/* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
-	 * not read
-	 */
-	LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
-	if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-	    st = set_ldap_error(context, st, OP_SEARCH);
-	    goto cleanup;
-	}
-
-	if (st == LDAP_NO_SUCH_OBJECT) {
-	    st = KRB5_KDB_NOENTRY;
-	    goto cleanup;
-	}
+        /* NOTE: krbmaxtktlife, krbmaxrenewableage ... present on Kerberos Container is
+         * not read
+         */
+        LDAP_SEARCH_1(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
+            st = set_ldap_error(context, st, OP_SEARCH);
+            goto cleanup;
+        }
+
+        if (st == LDAP_NO_SUCH_OBJECT) {
+            st = KRB5_KDB_NOENTRY;
+            goto cleanup;
+        }
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -145,58 +146,58 @@ krb5_ldap_read_krbcontainer_params(krb5_context	context,
      * then fall back to the default value
      */
     if ((cparams->DN == NULL) || (st == LDAP_NO_SUCH_OBJECT)) {
-	/*
-	 * kerberos container can be anywhere. locate it by reading the security
-	 * container to find the location.
-	 */
-	LDAP_SEARCH(SECURITY_CONTAINER, LDAP_SCOPE_BASE, NULL, krbcontainerrefattr);
-	if ((ent = ldap_first_entry(ld, result)) != NULL) {
-	    if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference",
-					 &(cparams->DN), NULL)) != 0)
-		goto cleanup;
-	    if (cparams->DN == NULL) {
-		cparams->DN = strdup(KERBEROS_CONTAINER);
-		CHECK_NULL(cparams->DN);
-	    }
-	}
-	ldap_msgfree(result);
-
-	/* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
-	 * Kerberos Container is not read
-	 */
-	LDAP_SEARCH(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute);
+        /*
+         * kerberos container can be anywhere. locate it by reading the security
+         * container to find the location.
+         */
+        LDAP_SEARCH(SECURITY_CONTAINER, LDAP_SCOPE_BASE, NULL, krbcontainerrefattr);
+        if ((ent = ldap_first_entry(ld, result)) != NULL) {
+            if ((st=krb5_ldap_get_string(ld, ent, "krbcontainerreference",
+                                         &(cparams->DN), NULL)) != 0)
+                goto cleanup;
+            if (cparams->DN == NULL) {
+                cparams->DN = strdup(KERBEROS_CONTAINER);
+                CHECK_NULL(cparams->DN);
+            }
+        }
+        ldap_msgfree(result);
+
+        /* NOTE: krbmaxtktlife, krbmaxrenewableage ... attributes present on
+         * Kerberos Container is not read
+         */
+        LDAP_SEARCH(cparams->DN, LDAP_SCOPE_BASE, "(objectclass=krbContainer)", policyrefattribute);
     }
 #endif
 
     if ((ent = ldap_first_entry(ld, result))) {
-	if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference",
-				     &(cparams->policyreference), NULL)) != 0)
-	    goto cleanup;
+        if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference",
+                                     &(cparams->policyreference), NULL)) != 0)
+            goto cleanup;
     }
     ldap_msgfree(result);
 
     if (cparams->policyreference != NULL) {
-	LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-	if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) {
-	    st = set_ldap_error(context, st, OP_SEARCH);
-	    goto cleanup;
-	}
-	st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
-
-	ent=ldap_first_entry(ld, result);
-	if (ent != NULL) {
-	    krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
-	    krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
-	    krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
-	}
-	ldap_msgfree(result);
+        LDAP_SEARCH_1(cparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st!= LDAP_NO_SUCH_OBJECT) {
+            st = set_ldap_error(context, st, OP_SEARCH);
+            goto cleanup;
+        }
+        st = LDAP_SUCCESS; /* reset the return status in case it is LDAP_NO_SUCH_OBJECT */
+
+        ent=ldap_first_entry(ld, result);
+        if (ent != NULL) {
+            krb5_ldap_get_value(ld, ent, "krbmaxtktlife", &(cparams->max_life));
+            krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", &(cparams->max_renewable_life));
+            krb5_ldap_get_value(ld, ent, "krbticketflags", &(cparams->tktflags));
+        }
+        ldap_msgfree(result);
     }
     *cparamp=cparams;
 
 cleanup:
     if (st != 0) {
-	krb5_ldap_free_krbcontainer_params(cparams);
-	*cparamp=NULL;
+        krb5_ldap_free_krbcontainer_params(cparams);
+        *cparamp=NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
index f4510d6..3b89aea 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_krbcontainer.h
  *
@@ -31,30 +32,32 @@
 #ifndef _LDAP_KRBCONTAINER_H_
 #define _LDAP_KRBCONTAINER_H_ 1
 
-#define MAX_KRB_CONTAINER_LEN	256
+#define MAX_KRB_CONTAINER_LEN   256
 
 /* kerberos container structure */
 
 typedef struct _krb5_ldap_krbcontainer_params {
-  char            *parent;
-  char            *DN;
-  char            *policyreference;
-  krb5_int32      max_life;
-  krb5_int32      max_renewable_life;
-  krb5_int32      tktflags;
+    char            *parent;
+    char            *DN;
+    char            *policyreference;
+    krb5_int32      max_life;
+    krb5_int32      max_renewable_life;
+    krb5_int32      tktflags;
 } krb5_ldap_krbcontainer_params;
 
 void
 krb5_ldap_free_krbcontainer_params(krb5_ldap_krbcontainer_params *);
 
 krb5_error_code
-krb5_ldap_read_krbcontainer_params(krb5_context , krb5_ldap_krbcontainer_params **);
+krb5_ldap_read_krbcontainer_params(krb5_context,
+                                   krb5_ldap_krbcontainer_params **);
 
 krb5_error_code
-krb5_ldap_create_krbcontainer(krb5_context, const krb5_ldap_krbcontainer_params *);
+krb5_ldap_create_krbcontainer(krb5_context,
+                              const krb5_ldap_krbcontainer_params *);
 
 krb5_error_code
 krb5_ldap_delete_krbcontainer(krb5_context,
-    const krb5_ldap_krbcontainer_params *);
+                              const krb5_ldap_krbcontainer_params *);
 
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
index 95a8379..878c6f3 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_main.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_main.h
  *
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index a5ab659..f549e23 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_misc.c
  *
@@ -47,26 +48,27 @@ extern char *strptime (const char *, const char *, struct tm *);
 
 static krb5_error_code
 remove_overlapping_subtrees(char **listin, char **listop, int *subtcount,
-			    int sscope);
+                            int sscope);
 
 /* Linux (GNU Libc) provides a length-limited variant of strdup.
    But all the world's not Linux.  */
 #undef strndup
 #define strndup my_strndup
 #ifdef HAVE_LDAP_STR2DN
-static char *my_strndup (const char *input, size_t limit)
+static char *
+my_strndup(const char *input, size_t limit)
 {
     size_t len = strlen(input);
     char *result;
     if (len > limit) {
-	result = malloc(1 + limit);
-	if (result != NULL) {
-	    memcpy(result, input, limit);
-	    result[limit] = 0;
-	}
-	return result;
+        result = malloc(1 + limit);
+        if (result != NULL) {
+            memcpy(result, input, limit);
+            result[limit] = 0;
+        }
+        return result;
     } else
-	return strdup(input);
+        return strdup(input);
 }
 #endif
 
@@ -74,30 +76,30 @@ static char *my_strndup (const char *input, size_t limit)
    to the default section, then to hard-coded values.  */
 static errcode_t
 prof_get_integer_def(krb5_context ctx, const char *conf_section,
-		     const char *name, int dfl, krb5_ui_4 *out)
+                     const char *name, int dfl, krb5_ui_4 *out)
 {
     errcode_t err;
     int out_temp = 0;
 
     err = profile_get_integer (ctx->profile,
-			       KDB_MODULE_SECTION, conf_section, name,
-			       0, &out_temp);
+                               KDB_MODULE_SECTION, conf_section, name,
+                               0, &out_temp);
     if (err) {
-	krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-				name, error_message(err));
-	return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     if (out_temp != 0) {
-	*out = out_temp;
-	return 0;
+        *out = out_temp;
+        return 0;
     }
     err = profile_get_integer (ctx->profile,
-			       KDB_MODULE_DEF_SECTION, name, 0,
-			       dfl, &out_temp);
+                               KDB_MODULE_DEF_SECTION, name, 0,
+                               dfl, &out_temp);
     if (err) {
-	krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-				name, error_message(err));
-	return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     *out = out_temp;
     return 0;
@@ -107,27 +109,27 @@ prof_get_integer_def(krb5_context ctx, const char *conf_section,
    bother with the extra argument.  */
 static errcode_t
 prof_get_string_def(krb5_context ctx, const char *conf_section,
-		    const char *name, char **out)
+                    const char *name, char **out)
 {
     errcode_t err;
 
     err = profile_get_string (ctx->profile,
-			      KDB_MODULE_SECTION, conf_section, name,
-			      0, out);
+                              KDB_MODULE_SECTION, conf_section, name,
+                              0, out);
     if (err) {
-	krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-				name, error_message(err));
-	return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     if (*out != 0)
-	return 0;
+        return 0;
     err = profile_get_string (ctx->profile,
-			      KDB_MODULE_DEF_SECTION, name, 0,
-			      0, out);
+                              KDB_MODULE_DEF_SECTION, name, 0,
+                              0, out);
     if (err) {
-	krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
-				name, error_message(err));
-	return err;
+        krb5_set_error_message (ctx, err, "Error reading '%s' attribute: %s",
+                                name, error_message(err));
+        return err;
     }
     return 0;
 }
@@ -140,10 +142,8 @@ prof_get_string_def(krb5_context ctx, const char *conf_section,
  * these are ldap_server ....
  */
 krb5_error_code
-krb5_ldap_read_server_params(context, conf_section, srv_type)
-    krb5_context               context;
-    char                       *conf_section;
-    int                        srv_type;
+krb5_ldap_read_server_params(krb5_context context, char *conf_section,
+                             int srv_type)
 {
     char                        *tempval=NULL, *save_ptr=NULL;
     const char                  *delims="\t\n\f\v\r ,";
@@ -157,11 +157,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* copy the conf_section into ldap_context for later use */
     if (conf_section) {
-	ldap_context->conf_section = strdup (conf_section);
-	if (ldap_context->conf_section == NULL) {
-	    st = ENOMEM;
-	    goto cleanup;
-	}
+        ldap_context->conf_section = strdup (conf_section);
+        if (ldap_context->conf_section == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     /* initialize the mutexs and condition variable */
@@ -169,13 +169,13 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
 
     /* this mutex is used in ldap reconnection pool */
     if (k5_mutex_init(&(ldap_context->hndl_lock)) != 0) {
-	st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
 #if 0
-	st = -1;
-	krb5_ldap_dal_err_funcp(context, krb5_err_have_str, st,
-				"k5_mutex_init failed");
+        st = -1;
+        krb5_ldap_dal_err_funcp(context, krb5_err_have_str, st,
+                                "k5_mutex_init failed");
 #endif
-	goto cleanup;
+        goto cleanup;
     }
 
     /*
@@ -184,19 +184,19 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * connections per ldap server.
      */
     if (ldap_context->max_server_conns == 0) {
-	st = prof_get_integer_def (context, conf_section,
-				   KRB5_CONF_LDAP_CONNS_PER_SERVER,
-				   DEFAULT_CONNS_PER_SERVER,
-				   &ldap_context->max_server_conns);
-	if (st)
-	    goto cleanup;
+        st = prof_get_integer_def (context, conf_section,
+                                   KRB5_CONF_LDAP_CONNS_PER_SERVER,
+                                   DEFAULT_CONNS_PER_SERVER,
+                                   &ldap_context->max_server_conns);
+        if (st)
+            goto cleanup;
     }
 
     if (ldap_context->max_server_conns < 2) {
-	st = EINVAL;
-	krb5_set_error_message (context, st,
-				"Minimum connections required per server is 2");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st,
+                                "Minimum connections required per server is 2");
+        goto cleanup;
     }
 
     /*
@@ -206,20 +206,20 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * server.  The srv_type decides which dn to read.
      */
     if (ldap_context->bind_dn == NULL) {
-	char *name = 0;
-	if (srv_type == KRB5_KDB_SRV_TYPE_KDC)
-	    name = KRB5_CONF_LDAP_KDC_DN;
-	else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN)
-	    name = KRB5_CONF_LDAP_KADMIN_DN;
-	else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD)
-	    name = "ldap_kpasswdd_dn";
-
-	if (name) {
-	    st = prof_get_string_def (context, conf_section, name,
-				      &ldap_context->bind_dn);
-	    if (st)
-		goto cleanup;
-	}
+        char *name = 0;
+        if (srv_type == KRB5_KDB_SRV_TYPE_KDC)
+            name = KRB5_CONF_LDAP_KDC_DN;
+        else if (srv_type == KRB5_KDB_SRV_TYPE_ADMIN)
+            name = KRB5_CONF_LDAP_KADMIN_DN;
+        else if (srv_type == KRB5_KDB_SRV_TYPE_PASSWD)
+            name = "ldap_kpasswdd_dn";
+
+        if (name) {
+            st = prof_get_string_def (context, conf_section, name,
+                                      &ldap_context->bind_dn);
+            if (st)
+                goto cleanup;
+        }
     }
 
     /*
@@ -228,11 +228,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * the KDC, ADMIN and PASSWD dns.
      */
     if (ldap_context->service_password_file == NULL) {
-	st = prof_get_string_def (context, conf_section,
-				  KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
-				  &ldap_context->service_password_file);
-	if (st)
-	    goto cleanup;
+        st = prof_get_string_def (context, conf_section,
+                                  KRB5_CONF_LDAP_SERVICE_PASSWORD_FILE,
+                                  &ldap_context->service_password_file);
+        if (st)
+            goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -242,11 +242,11 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      * certificate of the Directory.
      */
     if (ldap_context->root_certificate_file == NULL) {
-	st = prof_get_string_def (context, conf_section,
-				  KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE,
-				  &ldap_context->root_certificate_file);
-	if (st)
-	    goto cleanup;
+        st = prof_get_string_def (context, conf_section,
+                                  KRB5_CONF_LDAP_ROOT_CERTIFICATE_FILE,
+                                  &ldap_context->root_certificate_file);
+        if (st)
+            goto cleanup;
     }
 #endif
 
@@ -256,57 +256,57 @@ krb5_ldap_read_server_params(context, conf_section, srv_type)
      */
 
     if (ldap_context->server_info_list == NULL) {
-	unsigned int ele=0;
-
-	server_info = &(ldap_context->server_info_list);
-	*server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1,
-							  sizeof (krb5_ldap_server_info *));
-
-	if (*server_info == NULL) {
-	    st = ENOMEM;
-	    goto cleanup;
-	}
-
-	if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
-				   KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
-	    krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
-	    goto cleanup;
-	}
-
-	if (tempval == NULL) {
-
-	    (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
-								  sizeof(krb5_ldap_server_info));
-
-	    (*server_info)[ele]->server_name = strdup("ldapi://");
-	    if ((*server_info)[ele]->server_name == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
-	    (*server_info)[ele]->server_status = NOTSET;
-	} else {
-	    char *item=NULL;
-
-	    item = strtok_r(tempval,delims,&save_ptr);
-	    while (item != NULL && ele<SERV_COUNT) {
-		(*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
-								      sizeof(krb5_ldap_server_info));
-		if ((*server_info)[ele] == NULL) {
-		    st = ENOMEM;
-		    goto cleanup;
-		}
-		(*server_info)[ele]->server_name = strdup(item);
-		if ((*server_info)[ele]->server_name == NULL) {
-		    st = ENOMEM;
-		    goto cleanup;
-		}
-
-		(*server_info)[ele]->server_status = NOTSET;
-		item = strtok_r(NULL,delims,&save_ptr);
-		++ele;
-	    }
-	    profile_release_string(tempval);
-	}
+        unsigned int ele=0;
+
+        server_info = &(ldap_context->server_info_list);
+        *server_info = (krb5_ldap_server_info **) calloc (SERV_COUNT+1,
+                                                          sizeof (krb5_ldap_server_info *));
+
+        if (*server_info == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
+
+        if ((st=profile_get_string(context->profile, KDB_MODULE_SECTION, conf_section,
+                                   KRB5_CONF_LDAP_SERVERS, NULL, &tempval)) != 0) {
+            krb5_set_error_message (context, st, "Error reading 'ldap_servers' attribute");
+            goto cleanup;
+        }
+
+        if (tempval == NULL) {
+
+            (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
+                                                                  sizeof(krb5_ldap_server_info));
+
+            (*server_info)[ele]->server_name = strdup("ldapi://");
+            if ((*server_info)[ele]->server_name == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            (*server_info)[ele]->server_status = NOTSET;
+        } else {
+            char *item=NULL;
+
+            item = strtok_r(tempval,delims,&save_ptr);
+            while (item != NULL && ele<SERV_COUNT) {
+                (*server_info)[ele] = (krb5_ldap_server_info *)calloc(1,
+                                                                      sizeof(krb5_ldap_server_info));
+                if ((*server_info)[ele] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                (*server_info)[ele]->server_name = strdup(item);
+                if ((*server_info)[ele]->server_name == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+
+                (*server_info)[ele]->server_status = NOTSET;
+                item = strtok_r(NULL,delims,&save_ptr);
+                ++ele;
+            }
+            profile_release_string(tempval);
+        }
     }
 
 cleanup:
@@ -318,97 +318,95 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_server_context_params(ldap_context)
-    krb5_ldap_context           *ldap_context;
+krb5_ldap_free_server_context_params(krb5_ldap_context *ldap_context)
 {
     int                         i=0;
     krb5_ldap_server_handle     *ldap_server_handle=NULL, *next_ldap_server_handle=NULL;
 
     if (ldap_context == NULL)
-	return 0;
+        return 0;
 
     /* Free all ldap servers list and the ldap handles associated with
        the ldap server.  */
     if (ldap_context->server_info_list) {
-	while (ldap_context->server_info_list[i]) {
-	    if (ldap_context->server_info_list[i]->server_name) {
-		free (ldap_context->server_info_list[i]->server_name);
-	    }
+        while (ldap_context->server_info_list[i]) {
+            if (ldap_context->server_info_list[i]->server_name) {
+                free (ldap_context->server_info_list[i]->server_name);
+            }
 #ifdef HAVE_EDIRECTORY
-	    if (ldap_context->server_info_list[i]->root_certificate_file) {
-		free (ldap_context->server_info_list[i]->root_certificate_file);
-	    }
+            if (ldap_context->server_info_list[i]->root_certificate_file) {
+                free (ldap_context->server_info_list[i]->root_certificate_file);
+            }
 #endif
-	    if (ldap_context->server_info_list[i]->ldap_server_handles) {
-		ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
-		while (ldap_server_handle) {
-		    ldap_unbind_ext_s(ldap_server_handle->ldap_handle, NULL, NULL);
-		    ldap_server_handle->ldap_handle = NULL;
-		    next_ldap_server_handle = ldap_server_handle->next;
-		    krb5_xfree(ldap_server_handle);
-		    ldap_server_handle = next_ldap_server_handle;
-		}
-	    }
-	    krb5_xfree(ldap_context->server_info_list[i]);
-	    i++;
-	}
-	krb5_xfree(ldap_context->server_info_list);
+            if (ldap_context->server_info_list[i]->ldap_server_handles) {
+                ldap_server_handle = ldap_context->server_info_list[i]->ldap_server_handles;
+                while (ldap_server_handle) {
+                    ldap_unbind_ext_s(ldap_server_handle->ldap_handle, NULL, NULL);
+                    ldap_server_handle->ldap_handle = NULL;
+                    next_ldap_server_handle = ldap_server_handle->next;
+                    krb5_xfree(ldap_server_handle);
+                    ldap_server_handle = next_ldap_server_handle;
+                }
+            }
+            krb5_xfree(ldap_context->server_info_list[i]);
+            i++;
+        }
+        krb5_xfree(ldap_context->server_info_list);
     }
 
     if (ldap_context->conf_section != NULL) {
-	krb5_xfree(ldap_context->conf_section);
-	ldap_context->conf_section = NULL;
+        krb5_xfree(ldap_context->conf_section);
+        ldap_context->conf_section = NULL;
     }
 
     if (ldap_context->bind_dn != NULL) {
-	krb5_xfree(ldap_context->bind_dn);
-	ldap_context->bind_dn = NULL;
+        krb5_xfree(ldap_context->bind_dn);
+        ldap_context->bind_dn = NULL;
     }
 
     if (ldap_context->bind_pwd != NULL) {
-	memset(ldap_context->bind_pwd, 0, strlen(ldap_context->bind_pwd));
-	krb5_xfree(ldap_context->bind_pwd);
-	ldap_context->bind_pwd = NULL;
+        memset(ldap_context->bind_pwd, 0, strlen(ldap_context->bind_pwd));
+        krb5_xfree(ldap_context->bind_pwd);
+        ldap_context->bind_pwd = NULL;
     }
 
     if (ldap_context->service_password_file != NULL) {
-	krb5_xfree(ldap_context->service_password_file);
-	ldap_context->service_password_file = NULL;
+        krb5_xfree(ldap_context->service_password_file);
+        ldap_context->service_password_file = NULL;
     }
 
 #ifdef HAVE_EDIRECTORY
     if (ldap_context->root_certificate_file != NULL) {
-	krb5_xfree(ldap_context->root_certificate_file);
-	ldap_context->root_certificate_file = NULL;
+        krb5_xfree(ldap_context->root_certificate_file);
+        ldap_context->root_certificate_file = NULL;
     }
 #endif
 
     if (ldap_context->service_cert_path != NULL) {
-	krb5_xfree(ldap_context->service_cert_path);
-	ldap_context->service_cert_path = NULL;
+        krb5_xfree(ldap_context->service_cert_path);
+        ldap_context->service_cert_path = NULL;
     }
 
     if (ldap_context->service_cert_pass != NULL) {
-	krb5_xfree(ldap_context->service_cert_pass);
-	ldap_context->service_cert_pass = NULL;
+        krb5_xfree(ldap_context->service_cert_pass);
+        ldap_context->service_cert_pass = NULL;
     }
 
     if (ldap_context->certificates) {
-	i=0;
-	while (ldap_context->certificates[i] != NULL) {
-	    krb5_xfree(ldap_context->certificates[i]->certificate);
-	    krb5_xfree(ldap_context->certificates[i]);
-	    ++i;
-	}
-	krb5_xfree(ldap_context->certificates);
+        i=0;
+        while (ldap_context->certificates[i] != NULL) {
+            krb5_xfree(ldap_context->certificates[i]->certificate);
+            krb5_xfree(ldap_context->certificates[i]);
+            ++i;
+        }
+        krb5_xfree(ldap_context->certificates);
     }
 
     return(0);
 }
 
 krb5_error_code
-krb5_ldap_free_server_params(ldap_context)
-    krb5_ldap_context           *ldap_context;
+krb5_ldap_free_server_params(krb5_ldap_context *ldap_context)
 {
     if (ldap_context == NULL)
         return 0;
@@ -429,9 +427,8 @@ krb5_ldap_free_server_params(ldap_context)
  */
 
 krb5_error_code
-is_principal_in_realm(ldap_context, searchfor)
-    krb5_ldap_context          *ldap_context;
-    krb5_const_principal       searchfor;
+is_principal_in_realm(krb5_ldap_context *ldap_context,
+                      krb5_const_principal searchfor)
 {
     size_t                      defrealmlen=0;
     char                        *defrealm=NULL;
@@ -450,20 +447,20 @@ is_principal_in_realm(ldap_context, searchfor)
      * "krbtgt".  All this check is done in the immediate block.
      */
     if (searchfor->length == 2)
-	if ((strncasecmp(searchfor->data[0].data, "krbtgt",
-			 FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
-	    (strncasecmp(searchfor->data[1].data, defrealm,
-			 FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
-	    return 0;
+        if ((strncasecmp(searchfor->data[0].data, "krbtgt",
+                         FIND_MAX(searchfor->data[0].length, strlen("krbtgt"))) == 0) &&
+            (strncasecmp(searchfor->data[1].data, defrealm,
+                         FIND_MAX(searchfor->data[1].length, defrealmlen)) == 0))
+            return 0;
 
     /* first check the length, if they are not equal, then they are not same */
     if (strlen(defrealm) != searchfor->realm.length)
-	return 1;
+        return 1;
 
     /* if the length is equal, check for the contents */
     if (strncmp(defrealm, searchfor->realm.data,
-		searchfor->realm.length) != 0)
-	return 1;
+                searchfor->realm.length) != 0)
+        return 1;
     /* if we are here, then the realm portions match, return 0 */
     return 0;
 }
@@ -490,17 +487,15 @@ is_principal_in_realm(ldap_context, searchfor)
  *    it is the subtree information associated with the realm.
  */
 krb5_error_code
-krb5_get_subtree_info(ldap_context, subtreearr, ntree)
-    krb5_ldap_context           *ldap_context;
-    char                        ***subtreearr;
-    unsigned int                *ntree;
+krb5_get_subtree_info(krb5_ldap_context *ldap_context, char ***subtreearr,
+                      unsigned int *ntree)
 {
     int                         st=0, i=0, subtreecount=0;
-    int				ncount=0, search_scope=0;
+    int                         ncount=0, search_scope=0;
     char                        **subtree=NULL, *realm_cont_dn=NULL;
     char                        **subtarr=NULL;
     char                        *containerref=NULL;
-    char 			**newsubtree=NULL;
+    char                        **newsubtree=NULL;
 
     containerref = ldap_context->lrparams->containerref;
     subtree = ldap_context->lrparams->subtree;
@@ -510,32 +505,32 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
 
     subtarr = (char **) malloc(sizeof(char *) * (subtreecount + 1 /*realm dn*/ + 1 /*containerref*/ + 1));
     if (subtarr == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(subtarr, 0, (sizeof(char *) * (subtreecount+1+1+1)));
 
     /* get the complete subtree list */
     for (i=0; i<subtreecount && subtree[i]!=NULL; i++) {
-	subtarr[i] = strdup(subtree[i]);
-	if (subtarr[i] == NULL) {
-	    st = ENOMEM;
-	    goto cleanup;
-	}
+        subtarr[i] = strdup(subtree[i]);
+        if (subtarr[i] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     subtarr[i] = strdup(realm_cont_dn);
     if (subtarr[i++] == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if (containerref != NULL) {
-	subtarr[i] = strdup(containerref);
-	if (subtarr[i++] == NULL) {
-	    st = ENOMEM;
-	    goto cleanup;
-	}
+        subtarr[i] = strdup(containerref);
+        if (subtarr[i++] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
     ncount = i;
@@ -546,7 +541,7 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
     }
     memset(newsubtree, 0, (sizeof(char *) * (ncount+1)));
     if ((st = remove_overlapping_subtrees(subtarr, newsubtree, &ncount,
-		search_scope)) != 0) {
+                                          search_scope)) != 0) {
         goto cleanup;
     }
 
@@ -555,16 +550,16 @@ krb5_get_subtree_info(ldap_context, subtreearr, ntree)
 
 cleanup:
     if (subtarr != NULL) {
-	for (i=0; subtarr[i] != NULL; i++)
-	    free(subtarr[i]);
-	free(subtarr);
+        for (i=0; subtarr[i] != NULL; i++)
+            free(subtarr[i]);
+        free(subtarr);
     }
 
     if (st != 0) {
         if (newsubtree != NULL) {
-	    for (i=0; newsubtree[i] != NULL; i++)
-	        free(newsubtree[i]);
-	    free(newsubtree);
+            for (i=0; newsubtree[i] != NULL; i++)
+                free(newsubtree[i]);
+            free(newsubtree);
         }
     }
     return st;
@@ -578,10 +573,7 @@ cleanup:
  */
 
 krb5_error_code
-store_tl_data(tl_data, tl_type, value)
-    krb5_tl_data                *tl_data;
-    int                         tl_type;
-    void                        *value;
+store_tl_data(krb5_tl_data *tl_data, int tl_type, void *value)
 {
     unsigned int                currlen=0, tldatalen=0;
     unsigned char               *curr=NULL;
@@ -593,68 +585,68 @@ store_tl_data(tl_data, tl_type, value)
     case KDB_TL_PRINCTYPE:
     case KDB_TL_MASK:
     {
-	int *iptr = (int *)value;
-	int ivalue = *iptr;
-
-	currlen = tl_data->tl_data_length;
-	tl_data->tl_data_length += 1 + 2 + 2;
-	/* allocate required memory */
-	reallocptr = tl_data->tl_data_contents;
-	tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
-					    tl_data->tl_data_length);
-	if (tl_data->tl_data_contents == NULL) {
-	    if (reallocptr)
-		free (reallocptr);
-	    return ENOMEM;
-	}
-	curr = (tl_data->tl_data_contents + currlen);
-
-	/* store the tl_type value */
-	memset(curr, tl_type, 1);
-	curr += 1;
-	/* store the content length */
-	tldatalen = 2;
-	STORE16_INT(curr, tldatalen);
-	curr += 2;
-	/* store the content */
-	STORE16_INT(curr, ivalue);
-	curr += 2;
-	break;
+        int *iptr = (int *)value;
+        int ivalue = *iptr;
+
+        currlen = tl_data->tl_data_length;
+        tl_data->tl_data_length += 1 + 2 + 2;
+        /* allocate required memory */
+        reallocptr = tl_data->tl_data_contents;
+        tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                            tl_data->tl_data_length);
+        if (tl_data->tl_data_contents == NULL) {
+            if (reallocptr)
+                free (reallocptr);
+            return ENOMEM;
+        }
+        curr = (tl_data->tl_data_contents + currlen);
+
+        /* store the tl_type value */
+        memset(curr, tl_type, 1);
+        curr += 1;
+        /* store the content length */
+        tldatalen = 2;
+        STORE16_INT(curr, tldatalen);
+        curr += 2;
+        /* store the content */
+        STORE16_INT(curr, ivalue);
+        curr += 2;
+        break;
     }
 
     case KDB_TL_USERDN:
     case KDB_TL_LINKDN:
     {
-	char *cptr = (char *)value;
-
-	currlen = tl_data->tl_data_length;
-	tl_data->tl_data_length += 1 + 2 + strlen(cptr);
-	/* allocate required memory */
-	reallocptr = tl_data->tl_data_contents;
-	tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
-					    tl_data->tl_data_length);
-	if (tl_data->tl_data_contents == NULL) {
-	    if (reallocptr)
-		free (reallocptr);
-	    return ENOMEM;
-	}
-	curr = (tl_data->tl_data_contents + currlen);
-
-	/* store the tl_type value */
-	memset(curr, tl_type, 1);
-	curr += 1;
-	/* store the content length */
-	tldatalen = strlen(cptr);
-	STORE16_INT(curr, tldatalen);
-	curr += 2;
-	/* store the content */
-	memcpy(curr, cptr, tldatalen);
-	curr += tldatalen;
-	break;
+        char *cptr = (char *)value;
+
+        currlen = tl_data->tl_data_length;
+        tl_data->tl_data_length += 1 + 2 + strlen(cptr);
+        /* allocate required memory */
+        reallocptr = tl_data->tl_data_contents;
+        tl_data->tl_data_contents = realloc(tl_data->tl_data_contents,
+                                            tl_data->tl_data_length);
+        if (tl_data->tl_data_contents == NULL) {
+            if (reallocptr)
+                free (reallocptr);
+            return ENOMEM;
+        }
+        curr = (tl_data->tl_data_contents + currlen);
+
+        /* store the tl_type value */
+        memset(curr, tl_type, 1);
+        curr += 1;
+        /* store the content length */
+        tldatalen = strlen(cptr);
+        STORE16_INT(curr, tldatalen);
+        curr += 2;
+        /* store the content */
+        memcpy(curr, cptr, tldatalen);
+        curr += tldatalen;
+        break;
     }
 
     default:
-	return 1;
+        return 1;
 
     }
     return 0;
@@ -671,10 +663,7 @@ store_tl_data(tl_data, tl_type, value)
  */
 
 krb5_error_code
-decode_tl_data(tl_data, tl_type, data)
-    krb5_tl_data                *tl_data;
-    int                         tl_type;
-    void                        **data;
+decode_tl_data(krb5_tl_data *tl_data, int tl_type, void **data)
 {
     int                         subtype=0, i=0, limit=10;
     unsigned int                sublen=0;
@@ -689,93 +678,93 @@ decode_tl_data(tl_data, tl_type, data)
     curr = tl_data->tl_data_contents;
     while (curr < (tl_data->tl_data_contents + tl_data->tl_data_length)) {
 
-	/* get the type of the content */
-	subtype = (int) curr[0];
-	/* forward by 1 byte*/
-	curr += 1;
-
-	if (subtype == tl_type) {
-	    switch (subtype) {
-
-	    case KDB_TL_PRINCCOUNT:
-	    case KDB_TL_PRINCTYPE:
-	    case KDB_TL_MASK:
-		/* get the length of the content */
-		UNSTORE16_INT(curr, sublen);
-		/* forward by 2 bytes */
-		curr += 2;
-		/* get the actual content */
-		if (sublen == 2) {
-		    /* intptr = malloc(sublen);	  */
-		    intptr = malloc(sizeof(krb5_int32));
-		    if (intptr == NULL)
-			return ENOMEM;
-		    memset(intptr, 0, sublen);
-		    UNSTORE16_INT(curr, (*intptr));
-		    *data = intptr;
-		} else {
-		    longptr = malloc(sublen);
-		    if (longptr == NULL)
-			return ENOMEM;
-		    memset(longptr, 0, sublen);
-		    UNSTORE32_INT(curr, (*longptr));
-		    *data = longptr;
-		}
-		curr += sublen;
-		st = 0;
-		return st;
-		break;
-
-	    case KDB_TL_CONTAINERDN:
-	    case KDB_TL_USERDN:
-		/* get the length of the content */
-		UNSTORE16_INT(curr, sublen);
-		/* forward by 2 bytes */
-		curr += 2;
-		DN = malloc (sublen + 1);
-		if (DN == NULL)
-		    return ENOMEM;
-		memcpy(DN, curr, sublen);
-		DN[sublen] = 0;
-		*data = DN;
-		curr += sublen;
-		st = 0;
-		return st;
-		break;
-
-	    case KDB_TL_LINKDN:
-		if (DNarr == NULL) {
-		    DNarr = calloc(limit, sizeof(char *));
-		    if (DNarr == NULL)
-			return ENOMEM;
-		}
-		if (i == limit-1) {
-		    limit *= 2;
-		    DNarr = realloc(DNarr, sizeof(char *) * (limit));
-		    if (DNarr == NULL)
-			return ENOMEM;
-		}
-
-		/* get the length of the content */
-		UNSTORE16_INT(curr, sublen);
-		/* forward by 2 bytes */
-		curr += 2;
-		DNarr[i] = malloc (sublen + 1);
-		if (DNarr[i] == NULL)
-		    return ENOMEM;
-		memcpy(DNarr[i], curr, sublen);
-		DNarr[i][sublen] = 0;
-		++i;
-		curr += sublen;
-		*data = DNarr;
-		st=0;
-		break;
-	    }
-	} else {
-	    /* move to the current content block */
-	    UNSTORE16_INT(curr, sublen);
-	    curr += 2 + sublen;
-	}
+        /* get the type of the content */
+        subtype = (int) curr[0];
+        /* forward by 1 byte*/
+        curr += 1;
+
+        if (subtype == tl_type) {
+            switch (subtype) {
+
+            case KDB_TL_PRINCCOUNT:
+            case KDB_TL_PRINCTYPE:
+            case KDB_TL_MASK:
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                /* get the actual content */
+                if (sublen == 2) {
+                    /* intptr = malloc(sublen);   */
+                    intptr = malloc(sizeof(krb5_int32));
+                    if (intptr == NULL)
+                        return ENOMEM;
+                    memset(intptr, 0, sublen);
+                    UNSTORE16_INT(curr, (*intptr));
+                    *data = intptr;
+                } else {
+                    longptr = malloc(sublen);
+                    if (longptr == NULL)
+                        return ENOMEM;
+                    memset(longptr, 0, sublen);
+                    UNSTORE32_INT(curr, (*longptr));
+                    *data = longptr;
+                }
+                curr += sublen;
+                st = 0;
+                return st;
+                break;
+
+            case KDB_TL_CONTAINERDN:
+            case KDB_TL_USERDN:
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                DN = malloc (sublen + 1);
+                if (DN == NULL)
+                    return ENOMEM;
+                memcpy(DN, curr, sublen);
+                DN[sublen] = 0;
+                *data = DN;
+                curr += sublen;
+                st = 0;
+                return st;
+                break;
+
+            case KDB_TL_LINKDN:
+                if (DNarr == NULL) {
+                    DNarr = calloc(limit, sizeof(char *));
+                    if (DNarr == NULL)
+                        return ENOMEM;
+                }
+                if (i == limit-1) {
+                    limit *= 2;
+                    DNarr = realloc(DNarr, sizeof(char *) * (limit));
+                    if (DNarr == NULL)
+                        return ENOMEM;
+                }
+
+                /* get the length of the content */
+                UNSTORE16_INT(curr, sublen);
+                /* forward by 2 bytes */
+                curr += 2;
+                DNarr[i] = malloc (sublen + 1);
+                if (DNarr[i] == NULL)
+                    return ENOMEM;
+                memcpy(DNarr[i], curr, sublen);
+                DNarr[i][sublen] = 0;
+                ++i;
+                curr += sublen;
+                *data = DNarr;
+                st=0;
+                break;
+            }
+        } else {
+            /* move to the current content block */
+            UNSTORE16_INT(curr, sublen);
+            curr += 2 + sublen;
+        }
     }
     return st;
 }
@@ -784,11 +773,8 @@ decode_tl_data(tl_data, tl_type, data)
  * wrapper routines for decode_tl_data
  */
 static krb5_error_code
-krb5_get_int_from_tl_data(context, entries, type, intval)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         type;
-    int                         *intval;
+krb5_get_int_from_tl_data(krb5_context context, krb5_db_entry *entries,
+                          int type, int *intval)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
@@ -797,12 +783,12 @@ krb5_get_int_from_tl_data(context, entries, type, intval)
 
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-	goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
-	intptr = (int *) voidptr;
-	*intval = *intptr;
-	free(intptr);
+        intptr = (int *) voidptr;
+        *intval = *intptr;
+        free(intptr);
     }
 
 cleanup:
@@ -814,37 +800,26 @@ cleanup:
  * object (user, policy ...).
  */
 krb5_error_code
-krb5_get_attributes_mask(context, entries, mask)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *mask;
+krb5_get_attributes_mask(krb5_context context, krb5_db_entry *entries,
+                         int *mask)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_MASK, mask);
 }
 
 krb5_error_code
-krb5_get_princ_type(context, entries, ptype)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *ptype;
+krb5_get_princ_type(krb5_context context, krb5_db_entry *entries, int *ptype)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_PRINCTYPE, ptype);
 }
 
 krb5_error_code
-krb5_get_princ_count(context, entries, pcount)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         *pcount;
+krb5_get_princ_count(krb5_context context, krb5_db_entry *entries, int *pcount)
 {
     return krb5_get_int_from_tl_data(context, entries, KDB_TL_PRINCCOUNT, pcount);
 }
 
 krb5_error_code
-krb5_get_linkdn(context, entries, link_dn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        ***link_dn;
+krb5_get_linkdn(krb5_context context, krb5_db_entry *entries, char ***link_dn)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
@@ -853,10 +828,10 @@ krb5_get_linkdn(context, entries, link_dn)
     *link_dn = NULL;
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-	goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, KDB_TL_LINKDN, &voidptr) == 0) {
-	*link_dn = (char **) voidptr;
+        *link_dn = (char **) voidptr;
     }
 
 cleanup:
@@ -864,27 +839,24 @@ cleanup:
 }
 
 static krb5_error_code
-krb5_get_str_from_tl_data(context, entries, type, strval)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    int                         type;
-    char                        **strval;
+krb5_get_str_from_tl_data(krb5_context context, krb5_db_entry *entries,
+                          int type, char **strval)
 {
     krb5_error_code             st=0;
     krb5_tl_data                tl_data;
     void                        *voidptr=NULL;
 
     if (type != KDB_TL_USERDN && type != KDB_TL_CONTAINERDN) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     tl_data.tl_data_type = KDB_TL_USER_INFO;
     if (((st=krb5_dbe_lookup_tl_data(context, entries, &tl_data)) != 0) || tl_data.tl_data_length == 0)
-	goto cleanup;
+        goto cleanup;
 
     if (decode_tl_data(&tl_data, type, &voidptr) == 0) {
-	*strval = (char *) voidptr;
+        *strval = (char *) voidptr;
     }
 
 cleanup:
@@ -892,20 +864,15 @@ cleanup:
 }
 
 krb5_error_code
-krb5_get_userdn(context, entries, userdn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        **userdn;
+krb5_get_userdn(krb5_context context, krb5_db_entry *entries, char **userdn)
 {
     *userdn = NULL;
     return krb5_get_str_from_tl_data(context, entries, KDB_TL_USERDN, userdn);
 }
 
 krb5_error_code
-krb5_get_containerdn(context, entries, containerdn)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    char                        **containerdn;
+krb5_get_containerdn(krb5_context context, krb5_db_entry *entries,
+                     char **containerdn)
 {
     *containerdn = NULL;
     return krb5_get_str_from_tl_data(context, entries, KDB_TL_CONTAINERDN, containerdn);
@@ -927,38 +894,34 @@ krb5_get_containerdn(context, entries, containerdn)
  */
 
 krb5_error_code
-checkattributevalue (ld, dn, attribute, attrvalues, mask)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        **attrvalues;
-    int                         *mask;
+checkattributevalue(LDAP *ld, char *dn, char *attribute, char **attrvalues,
+                    int *mask)
 {
     int                         st=0, one=1;
     char                        **values=NULL, *attributes[2] = {NULL};
     LDAPMessage                 *result=NULL, *entry=NULL;
 
     if (strlen(dn) == 0) {
-	st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
-	return st;
+        st = set_ldap_error(0, LDAP_NO_SUCH_OBJECT, OP_SEARCH);
+        return st;
     }
 
     attributes[0] = attribute;
 
     /* read the attribute values from the dn */
     if ((st = ldap_search_ext_s(ld,
-				dn,
-				LDAP_SCOPE_BASE,
-				0,
-				attributes,
-				0,
-				NULL,
-				NULL,
-				&timelimit,
-				LDAP_NO_LIMIT,
-				&result)) != LDAP_SUCCESS) {
-	st = set_ldap_error(0, st, OP_SEARCH);
-	return st;
+                                dn,
+                                LDAP_SCOPE_BASE,
+                                0,
+                                attributes,
+                                0,
+                                NULL,
+                                NULL,
+                                &timelimit,
+                                LDAP_NO_LIMIT,
+                                &result)) != LDAP_SUCCESS) {
+        st = set_ldap_error(0, st, OP_SEARCH);
+        return st;
     }
 
     /*
@@ -966,30 +929,30 @@ checkattributevalue (ld, dn, attribute, attrvalues, mask)
      * existence of the object alone.
      */
     if (attribute == NULL || attrvalues == NULL)
-	goto cleanup;
+        goto cleanup;
 
     /* reset the bit mask */
     *mask = 0;
 
     if ((entry=ldap_first_entry(ld, result)) != NULL) {
-	/* read the attribute values */
-	if ((values=ldap_get_values(ld, entry, attribute)) != NULL) {
-	    int i,j;
-
-	    /*
-	     * Compare the read attribute values with the attrvalues
-	     * array and set the appropriate bit mask.
-	     */
-	    for (j=0; attrvalues[j]; ++j) {
-		for (i=0; values[i]; ++i) {
-		    if (strcasecmp(values[i], attrvalues[j]) == 0) {
-			*mask |= (one<<j);
-			break;
-		    }
-		}
-	    }
-	    ldap_value_free(values);
-	}
+        /* read the attribute values */
+        if ((values=ldap_get_values(ld, entry, attribute)) != NULL) {
+            int i,j;
+
+            /*
+             * Compare the read attribute values with the attrvalues
+             * array and set the appropriate bit mask.
+             */
+            for (j=0; attrvalues[j]; ++j) {
+                for (i=0; values[i]; ++i) {
+                    if (strcasecmp(values[i], attrvalues[j]) == 0) {
+                        *mask |= (one<<j);
+                        break;
+                    }
+                }
+            }
+            ldap_value_free(values);
+        }
     }
 
 cleanup:
@@ -1007,11 +970,7 @@ cleanup:
  */
 
 krb5_error_code
-updateAttribute (ld, dn, attribute, value)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        *value;
+updateAttribute(LDAP *ld, char *dn, char *attribute, char *value)
 {
     int                         st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
@@ -1034,10 +993,10 @@ updateAttribute (ld, dn, attribute, value)
      * LDAP_TYPE_OR_VALUE_EXISTS is for multi-valued attribute
      */
     if (st == LDAP_ALREADY_EXISTS || st == LDAP_TYPE_OR_VALUE_EXISTS)
-	st = 0;
+        st = 0;
 
     if (st != 0) {
-	st = set_ldap_error (0, st, OP_MOD);
+        st = set_ldap_error (0, st, OP_MOD);
     }
 
     return st;
@@ -1052,11 +1011,7 @@ updateAttribute (ld, dn, attribute, value)
  */
 
 krb5_error_code
-deleteAttribute (ld, dn, attribute, value)
-    LDAP                        *ld;
-    char                        *dn;
-    char                        *attribute;
-    char                        *value;
+deleteAttribute(LDAP *ld, char *dn, char *attribute, char *value)
 {
     krb5_error_code             st=0;
     LDAPMod                     modAttr, *mods[2]={NULL};
@@ -1076,10 +1031,10 @@ deleteAttribute (ld, dn, attribute, value)
 
     /* if either the attribute or the attribute value is missing return a success */
     if (st == LDAP_NO_SUCH_ATTRIBUTE || st == LDAP_UNDEFINED_TYPE)
-	st = 0;
+        st = 0;
 
     if (st != 0) {
-	st = set_ldap_error (0, st, OP_MOD);
+        st = set_ldap_error (0, st, OP_MOD);
     }
 
     return st;
@@ -1097,34 +1052,32 @@ deleteAttribute (ld, dn, attribute, value)
  */
 
 krb5_error_code
-disjoint_members(src, dest)
-    char                        **src;
-    char                        **dest;
+disjoint_members(char **src, char **dest)
 {
     int                         i=0, j=0, slen=0, dlen=0;
 
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
-	return 0;
+        return 0;
 
     /* compute the first array length */
     for (i=0;src[i]; ++i)
-	;
+        ;
 
     /* return if the length is 0 */
     if (i==0)
-	return 0;
+        return 0;
 
     /* index of the last element and also the length of the array */
     slen = i-1;
 
     /* compute the second array length */
     for (i=0;dest[i]; ++i)
-	;
+        ;
 
     /* return if the length is 0 */
     if (i==0)
-	return 0;
+        return 0;
 
     /* index of the last element and also the length of the array */
     dlen = i-1;
@@ -1132,50 +1085,50 @@ disjoint_members(src, dest)
     /* check for the similar elements and delete them from both the arrays */
     for (i=0; src[i]; ++i) {
 
-	for (j=0; dest[j]; ++j) {
-
-	    /* if the element are same */
-	    if (strcasecmp(src[i], dest[j]) == 0) {
-		/*
-		 * If the matched element is in the middle, then copy
-		 * the last element to the matched index.
-		 */
-		if (i != slen) {
-		    free (src[i]);
-		    src[i] = src[slen];
-		    src[slen] = NULL;
-		} else {
-		    /*
-		     * If the matched element is the last, free it and
-		     * set it to NULL.
-		     */
-		    free (src[i]);
-		    src[i] = NULL;
-		}
-		/* reduce the array length by 1 */
-		slen -= 1;
-
-		/* repeat the same processing for the second array too */
-		if (j != dlen) {
-		    free(dest[j]);
-		    dest[j] = dest[dlen];
-		    dest[dlen] = NULL;
-		} else {
-		    free(dest[j]);
-		    dest[j] = NULL;
-		}
-		dlen -=1;
-
-		/*
-		 * The source array is reduced by 1, so reduce the
-		 * index variable used for source array by 1.  No need
-		 * to adjust the second array index variable as it is
-		 * reset while entering the inner loop.
-		 */
-		i -= 1;
-		break;
-	    }
-	}
+        for (j=0; dest[j]; ++j) {
+
+            /* if the element are same */
+            if (strcasecmp(src[i], dest[j]) == 0) {
+                /*
+                 * If the matched element is in the middle, then copy
+                 * the last element to the matched index.
+                 */
+                if (i != slen) {
+                    free (src[i]);
+                    src[i] = src[slen];
+                    src[slen] = NULL;
+                } else {
+                    /*
+                     * If the matched element is the last, free it and
+                     * set it to NULL.
+                     */
+                    free (src[i]);
+                    src[i] = NULL;
+                }
+                /* reduce the array length by 1 */
+                slen -= 1;
+
+                /* repeat the same processing for the second array too */
+                if (j != dlen) {
+                    free(dest[j]);
+                    dest[j] = dest[dlen];
+                    dest[dlen] = NULL;
+                } else {
+                    free(dest[j]);
+                    dest[j] = NULL;
+                }
+                dlen -=1;
+
+                /*
+                 * The source array is reduced by 1, so reduce the
+                 * index variable used for source array by 1.  No need
+                 * to adjust the second array index variable as it is
+                 * reset while entering the inner loop.
+                 */
+                i -= 1;
+                break;
+            }
+        }
     }
     return 0;
 }
@@ -1187,60 +1140,55 @@ disjoint_members(src, dest)
  */
 
 krb5_error_code
-copy_arrays(src, dest, count)
-    char                        **src;
-    char                        ***dest;
-    int                         count;
+copy_arrays(char **src, char ***dest, int count)
 {
     krb5_error_code             st=0;
     int                         i=0;
 
     /* validate the input parameters */
     if (src == NULL || dest == NULL)
-	return 0;
+        return 0;
 
     /* allocate memory for the dest array */
     *dest = (char **) calloc((unsigned) count+1, sizeof(char *));
     if (*dest == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* copy the members from src to dest array. */
     for (i=0; i < count && src[i] != NULL; ++i) {
-	(*dest)[i] = strdup(src[i]);
-	if ((*dest)[i] == NULL) {
-	    st = ENOMEM;
-	    goto cleanup;
-	}
+        (*dest)[i] = strdup(src[i]);
+        if ((*dest)[i] == NULL) {
+            st = ENOMEM;
+            goto cleanup;
+        }
     }
 
 cleanup:
     /* in case of error free up everything and return */
     if (st != 0) {
-	if (*dest != NULL) {
-	    for (i=0; (*dest)[i]; ++i) {
-		free ((*dest)[i]);
-		(*dest)[i] = NULL;
-	    }
-	    free (*dest);
-	    *dest = NULL;
-	}
+        if (*dest != NULL) {
+            for (i=0; (*dest)[i]; ++i) {
+                free ((*dest)[i]);
+                (*dest)[i] = NULL;
+            }
+            free (*dest);
+            *dest = NULL;
+        }
     }
     return st;
 }
 
 static krb5_error_code
-getepochtime(strtime, epochtime)
-    char              *strtime;
-    krb5_timestamp    *epochtime;
+getepochtime(char *strtime, krb5_timestamp *epochtime)
 {
     struct tm           tme;
 
     memset(&tme, 0, sizeof(tme));
     if (strptime(strtime,"%Y%m%d%H%M%SZ", &tme) == NULL) {
-	*epochtime = 0;
-	return EINVAL;
+        *epochtime = 0;
+        return EINVAL;
     }
     *epochtime = krb5int_gmt_mktime(&tme);
     return 0;
@@ -1253,21 +1201,17 @@ getepochtime(strtime, epochtime)
  */
 
 krb5_error_code
-krb5_ldap_get_value(ld, ent, attribute, retval)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    int                         *retval;
+krb5_ldap_get_value(LDAP *ld, LDAPMessage *ent, char *attribute, int *retval)
 {
     char                           **values=NULL;
 
     *retval = 0;
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-	if (values[0] != NULL)
-	    *retval = atoi(values[0]);
-	ldap_value_free(values);
-	return 0;
+        if (values[0] != NULL)
+            *retval = atoi(values[0]);
+        ldap_value_free(values);
+        return 0;
     }
     return 1;
 }
@@ -1279,30 +1223,26 @@ krb5_ldap_get_value(ld, ent, attribute, retval)
  *
  */
 krb5_error_code
-krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    char                        **retstr;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_string(LDAP *ld, LDAPMessage *ent, char *attribute,
+                     char **retstr, krb5_boolean *attr_present)
 {
     char                           **values=NULL;
     krb5_error_code                st=0;
 
     *retstr = NULL;
     if (attr_present != NULL)
-	*attr_present = FALSE;
+        *attr_present = FALSE;
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-	if (values[0] != NULL) {
-	    if (attr_present!= NULL)
-		*attr_present = TRUE;
-	    *retstr = strdup(values[0]);
-	    if (*retstr == NULL)
-		st = ENOMEM;
-	}
-	ldap_value_free(values);
+        if (values[0] != NULL) {
+            if (attr_present!= NULL)
+                *attr_present = TRUE;
+            *retstr = strdup(values[0]);
+            if (*retstr == NULL)
+                st = ENOMEM;
+        }
+        ldap_value_free(values);
     }
     return st;
 }
@@ -1312,12 +1252,8 @@ krb5_ldap_get_string(ld, ent, attribute, retstr, attr_present)
  * of the attribute.
  */
 krb5_error_code
-krb5_ldap_get_strings(ld, ent, attribute, retarr, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    char                        ***retarr;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_strings(LDAP *ld, LDAPMessage *ent, char *attribute,
+                      char ***retarr, krb5_boolean *attr_present)
 {
     char                        **values=NULL;
     krb5_error_code             st=0;
@@ -1325,48 +1261,44 @@ krb5_ldap_get_strings(ld, ent, attribute, retarr, attr_present)
 
     *retarr = NULL;
     if (attr_present != NULL)
-	*attr_present = FALSE;
+        *attr_present = FALSE;
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-	if (attr_present != NULL)
-	    *attr_present = TRUE;
-
-	count = ldap_count_values(values);
-	*retarr  = (char **) calloc(count+1, sizeof(char *));
-	if (*retarr == NULL) {
-	    st = ENOMEM;
-	    return st;
-	}
-	for (i=0; i< count; ++i) {
-	    (*retarr)[i] = strdup(values[i]);
-	    if ((*retarr)[i] == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
-	}
-	ldap_value_free(values);
+        if (attr_present != NULL)
+            *attr_present = TRUE;
+
+        count = ldap_count_values(values);
+        *retarr  = (char **) calloc(count+1, sizeof(char *));
+        if (*retarr == NULL) {
+            st = ENOMEM;
+            return st;
+        }
+        for (i=0; i< count; ++i) {
+            (*retarr)[i] = strdup(values[i]);
+            if ((*retarr)[i] == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+        }
+        ldap_value_free(values);
     }
 
 cleanup:
     if (st != 0) {
-	if (*retarr != NULL) {
-	    for (i=0; i< count; ++i)
-		if ((*retarr)[i] != NULL)
-		    free ((*retarr)[i]);
-	    free (*retarr);
-	}
+        if (*retarr != NULL) {
+            for (i=0; i< count; ++i)
+                if ((*retarr)[i] != NULL)
+                    free ((*retarr)[i]);
+            free (*retarr);
+        }
     }
     return st;
 }
 
 krb5_error_code
-krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
-    LDAP                        *ld;
-    LDAPMessage                 *ent;
-    char                        *attribute;
-    krb5_timestamp              *rettime;
-    krb5_boolean                *attr_present;
+krb5_ldap_get_time(LDAP *ld, LDAPMessage *ent, char *attribute,
+                   krb5_timestamp *rettime, krb5_boolean *attr_present)
 {
     char                         **values=NULL;
     krb5_error_code              st=0;
@@ -1376,11 +1308,11 @@ krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
 
     values=ldap_get_values(ld, ent, attribute);
     if (values != NULL) {
-	if (values[0] != NULL) {
-	    *attr_present = TRUE;
-	    st = getepochtime(values[0], rettime);
-	}
-	ldap_value_free(values);
+        if (values[0] != NULL) {
+            *attr_present = TRUE;
+            st = getepochtime(values[0], rettime);
+        }
+        ldap_value_free(values);
     }
     return st;
 }
@@ -1391,105 +1323,95 @@ krb5_ldap_get_time(ld, ent, attribute, rettime, attr_present)
  */
 
 krb5_error_code
-krb5_add_member(mods, count)
-    LDAPMod          ***mods;
-    int              *count;
+krb5_add_member(LDAPMod ***mods, int *count)
 {
     int i=0;
     LDAPMod **lmods=NULL;
 
     if ((*mods) != NULL) {
-	for (;(*mods)[i] != NULL; ++i)
-	    ;
+        for (;(*mods)[i] != NULL; ++i)
+            ;
     }
     lmods = (LDAPMod **) realloc((*mods), (2+i) * sizeof(LDAPMod *));
     if (lmods == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     *mods = lmods;
     (*mods)[i+1] = NULL;
     (*mods)[i] = (LDAPMod *) calloc(1, sizeof (LDAPMod));
     if ((*mods)[i] == NULL)
-	return ENOMEM;
+        return ENOMEM;
     *count = i;
     return 0;
 }
 
 krb5_error_code
-krb5_add_str_mem_ldap_mod(mods, attribute, op, values)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    char     **values;
-
+krb5_add_str_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                          char **values)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-	return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-	return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     (*mods)[i]->mod_values = NULL;
 
     if (values != NULL) {
-	for (j=0; values[j] != NULL; ++j)
-	    ;
-	(*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));
-	if ((*mods)[i]->mod_values == NULL)
-	    return ENOMEM;
-
-	for (j=0; values[j] != NULL; ++j) {
-	    (*mods)[i]->mod_values[j] = strdup(values[j]);
-	    if ((*mods)[i]->mod_values[j] == NULL)
-		return ENOMEM;
-	}
-	(*mods)[i]->mod_values[j] = NULL;
+        for (j=0; values[j] != NULL; ++j)
+            ;
+        (*mods)[i]->mod_values = malloc (sizeof(char *) * (j+1));
+        if ((*mods)[i]->mod_values == NULL)
+            return ENOMEM;
+
+        for (j=0; values[j] != NULL; ++j) {
+            (*mods)[i]->mod_values[j] = strdup(values[j]);
+            if ((*mods)[i]->mod_values[j] == NULL)
+                return ENOMEM;
+        }
+        (*mods)[i]->mod_values[j] = NULL;
     }
     return 0;
 }
 
 krb5_error_code
-krb5_add_ber_mem_ldap_mod(mods, attribute, op, ber_values)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    struct berval **ber_values;
-
+krb5_add_ber_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                          struct berval **ber_values)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-	return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-	return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; ber_values[j] != NULL; ++j)
-	;
+        ;
     (*mods)[i]->mod_bvalues = malloc (sizeof(struct berval *) * (j+1));
     if ((*mods)[i]->mod_bvalues == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     for (j=0; ber_values[j] != NULL; ++j) {
-	(*mods)[i]->mod_bvalues[j] = calloc(1, sizeof(struct berval));
-	if ((*mods)[i]->mod_bvalues[j] == NULL)
-	    return ENOMEM;
+        (*mods)[i]->mod_bvalues[j] = calloc(1, sizeof(struct berval));
+        if ((*mods)[i]->mod_bvalues[j] == NULL)
+            return ENOMEM;
 
-	(*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
-	(*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
-	if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
-	    return ENOMEM;
+        (*mods)[i]->mod_bvalues[j]->bv_len = ber_values[j]->bv_len;
+        (*mods)[i]->mod_bvalues[j]->bv_val = malloc((*mods)[i]->mod_bvalues[j]->bv_len);
+        if ((*mods)[i]->mod_bvalues[j]->bv_val == NULL)
+            return ENOMEM;
 
-	memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
-	       ber_values[j]->bv_len);
+        memcpy((*mods)[i]->mod_bvalues[j]->bv_val, ber_values[j]->bv_val,
+               ber_values[j]->bv_len);
     }
     (*mods)[i]->mod_bvalues[j] = NULL;
     return 0;
@@ -1504,59 +1426,50 @@ format_d (int val)
 }
 
 krb5_error_code
-krb5_add_int_arr_mem_ldap_mod(mods, attribute, op, value)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    int      *value;
-
+krb5_add_int_arr_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op,
+                              int *value)
 {
     int i=0, j=0;
     krb5_error_code   st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-	return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-	return ENOMEM;
+        return ENOMEM;
     (*mods)[i]->mod_op = op;
 
     for (j=0; value[j] != -1; ++j)
-	;
+        ;
 
     (*mods)[i]->mod_values = malloc(sizeof(char *) * (j+1));
 
     for (j=0; value[j] != -1; ++j) {
-	if (((*mods)[i]->mod_values[j] = format_d(value[j])) == NULL)
-	    return ENOMEM;
+        if (((*mods)[i]->mod_values[j] = format_d(value[j])) == NULL)
+            return ENOMEM;
     }
     (*mods)[i]->mod_values[j] = NULL;
     return 0;
 }
 
 krb5_error_code
-krb5_add_int_mem_ldap_mod(mods, attribute, op, value)
-    LDAPMod  ***mods;
-    char     *attribute;
-    int      op;
-    int      value;
-
+krb5_add_int_mem_ldap_mod(LDAPMod ***mods, char *attribute, int op, int value)
 {
     int i=0;
     krb5_error_code      st=0;
 
     if ((st=krb5_add_member(mods, &i)) != 0)
-	return st;
+        return st;
 
     (*mods)[i]->mod_type = strdup(attribute);
     if ((*mods)[i]->mod_type == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     (*mods)[i]->mod_op = op;
     (*mods)[i]->mod_values = calloc (2, sizeof(char *));
     if (((*mods)[i]->mod_values[0] = format_d(value)) == NULL)
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
@@ -1621,11 +1534,11 @@ krb5_ldap_release_errcode_string(krb5_context kcontext, const char *msg)
  * are a limited number of LDAP handles.
  */
 krb5_error_code
-krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
-			       int *count, LDAP *ld)
+krb5_ldap_get_reference_count(krb5_context context, char *dn, char *refattr,
+                              int *count, LDAP *ld)
 {
     int                         st = 0, tempst = 0, gothandle = 0;
-    unsigned int		i, ntrees;
+    unsigned int                i, ntrees;
     char                        *refcntattr[2];
     char                        *filter = NULL;
     char                        **subtree = NULL, *ptr = NULL;
@@ -1636,14 +1549,14 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
 
 
     if (dn == NULL || refattr == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     if (ld == NULL) {
-	GET_HANDLE();
-	gothandle = 1;
+        GET_HANDLE();
+        gothandle = 1;
     }
 
     refcntattr [0] = refattr;
@@ -1651,60 +1564,60 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr,
 
     ptr = ldap_filter_correct (dn);
     if (ptr == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if (asprintf (&filter, "%s=%s", refattr, ptr) < 0) {
-	filter = NULL;
-	st = ENOMEM;
-	goto cleanup;
+        filter = NULL;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     for (i = 0, *count = 0; i < ntrees; i++) {
-	int n;
-
-	LDAP_SEARCH(subtree[i],
-		    LDAP_SCOPE_SUBTREE,
-		    filter,
-		    refcntattr);
-	n = ldap_count_entries (ld, result);
-	if (n == -1) {
-	    int ret, errcode = 0;
-	    ret = ldap_parse_result (ld, result, &errcode, NULL, NULL, NULL, NULL, 0);
-	    if (ret != LDAP_SUCCESS)
-		errcode = ret;
-	    st = translate_ldap_error (errcode, OP_SEARCH);
-	    goto cleanup;
-	}
+        int n;
+
+        LDAP_SEARCH(subtree[i],
+                    LDAP_SCOPE_SUBTREE,
+                    filter,
+                    refcntattr);
+        n = ldap_count_entries (ld, result);
+        if (n == -1) {
+            int ret, errcode = 0;
+            ret = ldap_parse_result (ld, result, &errcode, NULL, NULL, NULL, NULL, 0);
+            if (ret != LDAP_SUCCESS)
+                errcode = ret;
+            st = translate_ldap_error (errcode, OP_SEARCH);
+            goto cleanup;
+        }
 
-	ldap_msgfree(result);
-	result = NULL;
+        ldap_msgfree(result);
+        result = NULL;
 
-	*count += n;
+        *count += n;
     }
 
 cleanup:
     if (filter != NULL)
-	free (filter);
+        free (filter);
 
     if (result != NULL)
-	ldap_msgfree (result);
+        ldap_msgfree (result);
 
     if (subtree != NULL) {
-	for (i = 0; i < ntrees; i++)
-	    free (subtree[i]);
-	free (subtree);
+        for (i = 0; i < ntrees; i++)
+            free (subtree[i]);
+        free (subtree);
     }
 
     if (ptr != NULL)
-	free (ptr);
+        free (ptr);
 
     if (gothandle == 1)
-	krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
 
     return st;
 }
@@ -1713,10 +1626,8 @@ cleanup:
  * For now, policy objects are expected to be directly under the realm
  * container.
  */
-krb5_error_code krb5_ldap_policydn_to_name (context, policy_dn, name)
-    krb5_context                context;
-    char                        *policy_dn;
-    char                        **name;
+krb5_error_code
+krb5_ldap_policydn_to_name(krb5_context context, char *policy_dn, char **name)
 {
     int len1, len2;
     krb5_error_code             st = 0;
@@ -1726,59 +1637,59 @@ krb5_error_code krb5_ldap_policydn_to_name (context, policy_dn, name)
     SETUP_CONTEXT();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     len1 = strlen (ldap_context->lrparams->realmdn);
     len2 = strlen (policy_dn);
     if (len1 == 0 || len2 == 0 || len1 > len2) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     if (strcmp (ldap_context->lrparams->realmdn, policy_dn + (len2 - len1)) != 0) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
 #if defined HAVE_LDAP_STR2DN
     {
-	char *rdn;
-	LDAPDN dn;
-	rdn = strndup(policy_dn, len2 - len1 - 1); /* 1 character for ',' */
-
-	if (ldap_str2dn (rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC) != 0) {
-	    st = EINVAL;
-	    goto cleanup;
-	}
-	if (dn[0] == NULL || dn[1] != NULL)
-	    st = EINVAL;
-	else if (strcasecmp (dn[0][0]->la_attr.bv_val, "cn") != 0)
-	    st = EINVAL;
-	else {
-	    *name = strndup(dn[0][0]->la_value.bv_val, dn[0][0]->la_value.bv_len);
-	    if (*name == NULL)
-		st = EINVAL;
-	}
-
-	ldap_memfree (dn);
+        char *rdn;
+        LDAPDN dn;
+        rdn = strndup(policy_dn, len2 - len1 - 1); /* 1 character for ',' */
+
+        if (ldap_str2dn (rdn, &dn, LDAP_DN_FORMAT_LDAPV3 | LDAP_DN_PEDANTIC) != 0) {
+            st = EINVAL;
+            goto cleanup;
+        }
+        if (dn[0] == NULL || dn[1] != NULL)
+            st = EINVAL;
+        else if (strcasecmp (dn[0][0]->la_attr.bv_val, "cn") != 0)
+            st = EINVAL;
+        else {
+            *name = strndup(dn[0][0]->la_value.bv_val, dn[0][0]->la_value.bv_len);
+            if (*name == NULL)
+                st = EINVAL;
+        }
+
+        ldap_memfree (dn);
     }
 #elif defined HAVE_LDAP_EXPLODE_DN
     {
-	char **parsed_dn;
-
-	/* 1 = return DN components without type prefix */
-	parsed_dn = ldap_explode_dn(policy_dn, 1);
-	if (parsed_dn == NULL) {
-	    st = EINVAL;
-	} else {
-	    *name = strdup(parsed_dn[0]);
-	    if (*name == NULL)
-		st = EINVAL;
-
-	    ldap_value_free(parsed_dn);
-	}
+        char **parsed_dn;
+
+        /* 1 = return DN components without type prefix */
+        parsed_dn = ldap_explode_dn(policy_dn, 1);
+        if (parsed_dn == NULL) {
+            st = EINVAL;
+        } else {
+            *name = strdup(parsed_dn[0]);
+            if (*name == NULL)
+                st = EINVAL;
+
+            ldap_value_free(parsed_dn);
+        }
     }
 #else
     st = EINVAL;
@@ -1788,10 +1699,8 @@ cleanup:
     return st;
 }
 
-krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
-    krb5_context                context;
-    char                        *name;
-    char                        **policy_dn;
+krb5_error_code
+krb5_ldap_name_to_policydn(krb5_context context, char *name, char **policy_dn)
 {
     int                         len;
     char                        *ptr = NULL;
@@ -1803,29 +1712,29 @@ krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
 
     /* validate the input parameters */
     if (name == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* Used for removing policy reference from an object */
     if (name[0] == '\0') {
-	if ((*policy_dn = strdup ("")) == NULL)
-	    st = ENOMEM;
-	goto cleanup;
+        if ((*policy_dn = strdup ("")) == NULL)
+            st = ENOMEM;
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
     len = strlen (ldap_context->lrparams->realmdn);
 
     ptr = ldap_filter_correct (name);
     if (ptr == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     len += strlen (ptr);
 
@@ -1833,21 +1742,22 @@ krb5_error_code krb5_ldap_name_to_policydn (context, name, policy_dn)
 
     *policy_dn = (char *) malloc (len);
     if (*policy_dn == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     sprintf (*policy_dn, "cn=%s,%s", ptr, ldap_context->lrparams->realmdn);
 
 cleanup:
     if (ptr != NULL)
-	free (ptr);
+        free (ptr);
     return st;
 }
 
 /* remove overlapping and repeated subtree entries from the list of subtrees */
 static krb5_error_code
-remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int sscope)
+remove_overlapping_subtrees(char **listin, char **listop, int *subtcount,
+                            int sscope)
 {
     int     slen=0, k=0, j=0, lendiff=0;
     int     count = *subtcount;
@@ -1855,54 +1765,54 @@ remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int ss
 
     slen = count-1;
     for (k=0; k<=slen && listin[k]!=NULL ; k++) {
-	for (j=k+1; j<=slen && listin[j]!=NULL ;j++) {
-	    lendiff = strlen(listin[k]) - strlen(listin[j]);
-	    if (sscope == 2) {
-		if ((lendiff > 0) && (strcasecmp((listin[k])+lendiff, listin[j])==0)) {
-		    if (k != slen) {
-			free(listin[k]);
-			listin[k] = listin[slen];
-			listin[slen] = NULL;
-		    } else {
-			free(listin[k]);
-			listin[k] = NULL;
-		    }
-		    slen-=1;
-		    k-=1;
-		    break;
-		} else if ((lendiff < 0) && (strcasecmp((listin[j])+abs(lendiff), listin[k])==0)) {
-		    if (j != slen) {
-			free(listin[j]);
-			listin[j] = listin[slen];
-			listin[slen]=NULL;
-		    } else {
-			free(listin[j]);
-			listin[j] = NULL;
-		    }
-		    slen-=1;
-		    j-=1;
-		}
-	    }
-	    if ((lendiff == 0) && (strcasecmp(listin[j], listin[k])==0)) {
-		if (j != slen) {
-		    free(listin[j]);
-		    listin[j] = listin[slen];
-		    listin[slen]=NULL;
-		} else {
-		    free(listin[j]);
-		    listin[j] = NULL;
-		}
-		slen -=1;
-		j-=1;
-	    }
-	}
+        for (j=k+1; j<=slen && listin[j]!=NULL ;j++) {
+            lendiff = strlen(listin[k]) - strlen(listin[j]);
+            if (sscope == 2) {
+                if ((lendiff > 0) && (strcasecmp((listin[k])+lendiff, listin[j])==0)) {
+                    if (k != slen) {
+                        free(listin[k]);
+                        listin[k] = listin[slen];
+                        listin[slen] = NULL;
+                    } else {
+                        free(listin[k]);
+                        listin[k] = NULL;
+                    }
+                    slen-=1;
+                    k-=1;
+                    break;
+                } else if ((lendiff < 0) && (strcasecmp((listin[j])+abs(lendiff), listin[k])==0)) {
+                    if (j != slen) {
+                        free(listin[j]);
+                        listin[j] = listin[slen];
+                        listin[slen]=NULL;
+                    } else {
+                        free(listin[j]);
+                        listin[j] = NULL;
+                    }
+                    slen-=1;
+                    j-=1;
+                }
+            }
+            if ((lendiff == 0) && (strcasecmp(listin[j], listin[k])==0)) {
+                if (j != slen) {
+                    free(listin[j]);
+                    listin[j] = listin[slen];
+                    listin[slen]=NULL;
+                } else {
+                    free(listin[j]);
+                    listin[j] = NULL;
+                }
+                slen -=1;
+                j-=1;
+            }
+        }
     }
     *subtcount=slen+1;
     for (k=0; k<*subtcount && listin[k]!=NULL; k++) {
-	subtree[k] = strdup(listin[k]);
-	if (subtree[k] == NULL) {
-	    return ENOMEM;
-	}
+        subtree[k] = strdup(listin[k]);
+        if (subtree[k] == NULL) {
+            return ENOMEM;
+        }
     }
     return 0;
 }
@@ -1912,12 +1822,9 @@ remove_overlapping_subtrees(char **listin, char **listop, int *subtcount, int ss
  * the results of a principal search of the directory.
  */
 krb5_error_code
-populate_krb5_db_entry (krb5_context context,
-			krb5_ldap_context *ldap_context,
-			LDAP *ld,
-			LDAPMessage *ent,
-			krb5_const_principal princ,
-			krb5_db_entry *entry)
+populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
+                       LDAP *ld, LDAPMessage *ent, krb5_const_principal princ,
+                       krb5_db_entry *entry)
 {
     krb5_error_code st = 0;
     unsigned int    mask = 0;
@@ -1930,140 +1837,140 @@ populate_krb5_db_entry (krb5_context context,
     char *DN = NULL;
 
     if (princ == NULL) {
-	/* XXX WAF probably should just extract princ from ldap result */
-	st = EINVAL;
-	goto cleanup;
+        /* XXX WAF probably should just extract princ from ldap result */
+        st = EINVAL;
+        goto cleanup;
     } else {
-	if ((st=krb5_copy_principal(context, princ, &(entry->princ))) != 0)
-	    goto cleanup;
+        if ((st=krb5_copy_principal(context, princ, &(entry->princ))) != 0)
+            goto cleanup;
     }
     /* get the associated directory user information */
     if ((values = ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-	int i, pcount=0, kerberos_principal_object_type=0;
-	char *user;
-
-	if ((st=krb5_unparse_name(context, princ, &user)) != 0)
-	    goto cleanup;
-
-	for (i=0; values[i] != NULL; ++i) {
-	    if (strcasecmp(values[i], user) == 0) {
-		pcount = ldap_count_values(values);
-		break;
-	    }
-	}
-	ldap_value_free(values);
-	free(user);
-
-	if ((DN = ldap_get_dn(ld, ent)) == NULL) {
-	    ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &st);
-	    st = set_ldap_error(context, st, 0);
-	    goto cleanup;
-	}
-
-	if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
-	    for (i=0; values[i] != NULL; ++i)
-		if (strcasecmp(values[i], "krbprincipal") == 0) {
-		    kerberos_principal_object_type = KDB_STANDALONE_PRINCIPAL_OBJECT;
-		    if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE,
-				&kerberos_principal_object_type)) != 0)
-			goto cleanup;
-		    break;
-		}
-	    ldap_value_free(values);
-	}
-
-	/* add principalcount, DN and principaltype user information to tl_data */
-	if (((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount)) != 0) ||
-	    ((st=store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, DN)) != 0))
-	    goto cleanup;
+        int i, pcount=0, kerberos_principal_object_type=0;
+        char *user;
+
+        if ((st=krb5_unparse_name(context, princ, &user)) != 0)
+            goto cleanup;
+
+        for (i=0; values[i] != NULL; ++i) {
+            if (strcasecmp(values[i], user) == 0) {
+                pcount = ldap_count_values(values);
+                break;
+            }
+        }
+        ldap_value_free(values);
+        free(user);
+
+        if ((DN = ldap_get_dn(ld, ent)) == NULL) {
+            ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &st);
+            st = set_ldap_error(context, st, 0);
+            goto cleanup;
+        }
+
+        if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
+            for (i=0; values[i] != NULL; ++i)
+                if (strcasecmp(values[i], "krbprincipal") == 0) {
+                    kerberos_principal_object_type = KDB_STANDALONE_PRINCIPAL_OBJECT;
+                    if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCTYPE,
+                                          &kerberos_principal_object_type)) != 0)
+                        goto cleanup;
+                    break;
+                }
+            ldap_value_free(values);
+        }
+
+        /* add principalcount, DN and principaltype user information to tl_data */
+        if (((st=store_tl_data(&userinfo_tl_data, KDB_TL_PRINCCOUNT, &pcount)) != 0) ||
+            ((st=store_tl_data(&userinfo_tl_data, KDB_TL_USERDN, DN)) != 0))
+            goto cleanup;
     }
 
     /* read all the kerberos attributes */
 
     /* KRBLASTSUCCESSFULAUTH */
     if ((st=krb5_ldap_get_time(ld, ent, "krbLastSuccessfulAuth",
-		&(entry->last_success), &attr_present)) != 0)
-	goto cleanup;
+                               &(entry->last_success), &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-	mask |= KDB_LAST_SUCCESS_ATTR;
+        mask |= KDB_LAST_SUCCESS_ATTR;
 
     /* KRBLASTFAILEDAUTH */
     if ((st=krb5_ldap_get_time(ld, ent, "krbLastFailedAuth",
-		&(entry->last_failed), &attr_present)) != 0)
-	goto cleanup;
+                               &(entry->last_failed), &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-	mask |= KDB_LAST_FAILED_ATTR;
+        mask |= KDB_LAST_FAILED_ATTR;
 
     /* KRBLOGINFAILEDCOUNT */
     if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount",
-	    &(entry->fail_auth_count)) == 0)
-	mask |= KDB_FAIL_AUTH_COUNT_ATTR;
+                            &(entry->fail_auth_count)) == 0)
+        mask |= KDB_FAIL_AUTH_COUNT_ATTR;
 
     /* KRBMAXTICKETLIFE */
     if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
-	mask |= KDB_MAX_LIFE_ATTR;
+        mask |= KDB_MAX_LIFE_ATTR;
 
     /* KRBMAXRENEWABLEAGE */
     if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage",
-	    &(entry->max_renewable_life)) == 0)
-	mask |= KDB_MAX_RLIFE_ATTR;
+                            &(entry->max_renewable_life)) == 0)
+        mask |= KDB_MAX_RLIFE_ATTR;
 
     /* KRBTICKETFLAGS */
     if (krb5_ldap_get_value(ld, ent, "krbticketflags", &(entry->attributes)) == 0)
-	mask |= KDB_TKT_FLAGS_ATTR;
+        mask |= KDB_TKT_FLAGS_ATTR;
 
     /* PRINCIPAL EXPIRATION TIME */
     if ((st=krb5_ldap_get_time(ld, ent, "krbprincipalexpiration", &(entry->expiration),
-		&attr_present)) != 0)
-	goto cleanup;
+                               &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-	mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
+        mask |= KDB_PRINC_EXPIRE_TIME_ATTR;
 
     /* PASSWORD EXPIRATION TIME */
     if ((st=krb5_ldap_get_time(ld, ent, "krbpasswordexpiration", &(entry->pw_expiration),
-		&attr_present)) != 0)
-	goto cleanup;
+                               &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE)
-	mask |= KDB_PWD_EXPIRE_TIME_ATTR;
+        mask |= KDB_PWD_EXPIRE_TIME_ATTR;
 
     /* KRBPOLICYREFERENCE */
 
     if ((st=krb5_ldap_get_string(ld, ent, "krbticketpolicyreference", &policydn,
-		&attr_present)) != 0)
-	goto cleanup;
+                                 &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE) {
-	mask |= KDB_POL_REF_ATTR;
-	/* Ensure that the policy is inside the realm container */
-	if ((st = krb5_ldap_policydn_to_name (context, policydn, &tktpolname)) != 0)
-	    goto cleanup;
+        mask |= KDB_POL_REF_ATTR;
+        /* Ensure that the policy is inside the realm container */
+        if ((st = krb5_ldap_policydn_to_name (context, policydn, &tktpolname)) != 0)
+            goto cleanup;
     }
 
     /* KRBPWDPOLICYREFERENCE */
     if ((st=krb5_ldap_get_string(ld, ent, "krbpwdpolicyreference", &pwdpolicydn,
-		&attr_present)) != 0)
-	goto cleanup;
+                                 &attr_present)) != 0)
+        goto cleanup;
     if (attr_present == TRUE) {
-	krb5_tl_data  kadm_tl_data;
+        krb5_tl_data  kadm_tl_data;
 
-	mask |= KDB_PWD_POL_REF_ATTR;
+        mask |= KDB_PWD_POL_REF_ATTR;
 
-	/* Ensure that the policy is inside the realm container */
-	if ((st = krb5_ldap_policydn_to_name (context, pwdpolicydn, &polname)) != 0)
-	    goto cleanup;
+        /* Ensure that the policy is inside the realm container */
+        if ((st = krb5_ldap_policydn_to_name (context, pwdpolicydn, &polname)) != 0)
+            goto cleanup;
 
-	if ((st = krb5_update_tl_kadm_data(polname, &kadm_tl_data)) != 0) {
-	    goto cleanup;
-	}
-	krb5_dbe_update_tl_data(context, entry, &kadm_tl_data);
+        if ((st = krb5_update_tl_kadm_data(polname, &kadm_tl_data)) != 0) {
+            goto cleanup;
+        }
+        krb5_dbe_update_tl_data(context, entry, &kadm_tl_data);
     }
 
     /* KRBSECRETKEY */
     if ((bvalues=ldap_get_values_len(ld, ent, "krbprincipalkey")) != NULL) {
         krb5_kvno mkvno = 0;
 
-	mask |= KDB_SECRET_KEY_ATTR;
-	if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
-	    goto cleanup;
+        mask |= KDB_SECRET_KEY_ATTR;
+        if ((st=krb5_decode_krbsecretkey(context, entry, bvalues, &userinfo_tl_data, &mkvno)) != 0)
+            goto cleanup;
         if (mkvno != 0) {
             /* don't add the tl data if mkvno == 0 */
             if ((st=krb5_dbe_update_mkvno(context, entry, mkvno)) != 0)
@@ -2073,155 +1980,155 @@ populate_krb5_db_entry (krb5_context context,
 
     /* LAST PASSWORD CHANGE */
     {
-	krb5_timestamp lstpwdchng=0;
-	if ((st=krb5_ldap_get_time(ld, ent, "krbLastPwdChange",
-		    &lstpwdchng, &attr_present)) != 0)
-	    goto cleanup;
-	if (attr_present == TRUE) {
-	    if ((st=krb5_dbe_update_last_pwd_change(context, entry,
-			lstpwdchng)))
-		goto cleanup;
-	    mask |= KDB_LAST_PWD_CHANGE_ATTR;
-	}
+        krb5_timestamp lstpwdchng=0;
+        if ((st=krb5_ldap_get_time(ld, ent, "krbLastPwdChange",
+                                   &lstpwdchng, &attr_present)) != 0)
+            goto cleanup;
+        if (attr_present == TRUE) {
+            if ((st=krb5_dbe_update_last_pwd_change(context, entry,
+                                                    lstpwdchng)))
+                goto cleanup;
+            mask |= KDB_LAST_PWD_CHANGE_ATTR;
+        }
     }
 
     /* ALLOWED TO DELEGATE TO */
     {
-	char **a2d2 = NULL;
-	int i;
-	krb5_tl_data **tlp;
-
-	st = krb5_ldap_get_strings(ld, ent, "krbAllowedToDelegateTo",
-				   &a2d2, &attr_present);
-	if (st != 0)
-	    goto cleanup;
-
-	if (attr_present == TRUE) {
-	    for (tlp = &entry->tl_data; *tlp; tlp = &(*tlp)->tl_data_next)
-		;
-	    for (i = 0; a2d2[i] != NULL; i++) {
-		krb5_tl_data *tl = k5alloc(sizeof(*tl), &st);
-		if (st != 0) {
-		    ldap_value_free(a2d2);
-		    goto cleanup;
-		}
-		tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL;
-		tl->tl_data_length = strlen(a2d2[i]);
-		tl->tl_data_contents = (krb5_octet *)strdup(a2d2[i]);
-		if (tl->tl_data_contents == NULL) {
-		    st = ENOMEM;
-		    ldap_value_free(a2d2);
-		    free(tl);
-		    goto cleanup;
-		}
-		tl->tl_data_next = NULL;
-		*tlp = tl;
-		tlp = &tl->tl_data_next;
-	    }
-	    ldap_value_free(a2d2);
-	}
+        char **a2d2 = NULL;
+        int i;
+        krb5_tl_data **tlp;
+
+        st = krb5_ldap_get_strings(ld, ent, "krbAllowedToDelegateTo",
+                                   &a2d2, &attr_present);
+        if (st != 0)
+            goto cleanup;
+
+        if (attr_present == TRUE) {
+            for (tlp = &entry->tl_data; *tlp; tlp = &(*tlp)->tl_data_next)
+                ;
+            for (i = 0; a2d2[i] != NULL; i++) {
+                krb5_tl_data *tl = k5alloc(sizeof(*tl), &st);
+                if (st != 0) {
+                    ldap_value_free(a2d2);
+                    goto cleanup;
+                }
+                tl->tl_data_type = KRB5_TL_CONSTRAINED_DELEGATION_ACL;
+                tl->tl_data_length = strlen(a2d2[i]);
+                tl->tl_data_contents = (krb5_octet *)strdup(a2d2[i]);
+                if (tl->tl_data_contents == NULL) {
+                    st = ENOMEM;
+                    ldap_value_free(a2d2);
+                    free(tl);
+                    goto cleanup;
+                }
+                tl->tl_data_next = NULL;
+                *tlp = tl;
+                tlp = &tl->tl_data_next;
+            }
+            ldap_value_free(a2d2);
+        }
     }
 
     /* KRBOBJECTREFERENCES */
     {
-	int i=0;
-
-	if ((st = krb5_ldap_get_strings(ld, ent, "krbobjectreferences",
-		    &link_references, &attr_present)) != 0)
-	    goto cleanup;
-	if (link_references != NULL) {
-	    for (i=0; link_references[i] != NULL; ++i) {
-		if ((st = store_tl_data(&userinfo_tl_data, KDB_TL_LINKDN,
-			    link_references[i])) != 0)
-		    goto cleanup;
-	    }
-	}
+        int i=0;
+
+        if ((st = krb5_ldap_get_strings(ld, ent, "krbobjectreferences",
+                                        &link_references, &attr_present)) != 0)
+            goto cleanup;
+        if (link_references != NULL) {
+            for (i=0; link_references[i] != NULL; ++i) {
+                if ((st = store_tl_data(&userinfo_tl_data, KDB_TL_LINKDN,
+                                        link_references[i])) != 0)
+                    goto cleanup;
+            }
+        }
     }
 
     /* Set tl_data */
     {
-	int i;
-	struct berval **ber_tl_data = NULL;
-	krb5_tl_data *ptr = NULL;
-
-	if ((ber_tl_data = ldap_get_values_len (ld, ent, "krbExtraData")) != NULL) {
-	    for (i = 0; ber_tl_data[i] != NULL; i++) {
-		if ((st = berval2tl_data (ber_tl_data[i] , &ptr)) != 0)
-		    break;
-		if ((st = krb5_dbe_update_tl_data(context, entry, ptr)) != 0)
-		    break;
-	    }
-	    ldap_value_free_len (ber_tl_data);
-	    if (st != 0)
-		goto cleanup;
-	    mask |= KDB_EXTRA_DATA_ATTR;
-	}
+        int i;
+        struct berval **ber_tl_data = NULL;
+        krb5_tl_data *ptr = NULL;
+
+        if ((ber_tl_data = ldap_get_values_len (ld, ent, "krbExtraData")) != NULL) {
+            for (i = 0; ber_tl_data[i] != NULL; i++) {
+                if ((st = berval2tl_data (ber_tl_data[i] , &ptr)) != 0)
+                    break;
+                if ((st = krb5_dbe_update_tl_data(context, entry, ptr)) != 0)
+                    break;
+            }
+            ldap_value_free_len (ber_tl_data);
+            if (st != 0)
+                goto cleanup;
+            mask |= KDB_EXTRA_DATA_ATTR;
+        }
     }
 
     /* update the mask of attributes present on the directory object to the tl_data */
     if ((st=store_tl_data(&userinfo_tl_data, KDB_TL_MASK, &mask)) != 0)
-	goto cleanup;
+        goto cleanup;
     if ((st=krb5_dbe_update_tl_data(context, entry, &userinfo_tl_data)) != 0)
-	goto cleanup;
+        goto cleanup;
 
 #ifdef HAVE_EDIRECTORY
     {
-	krb5_timestamp              expiretime=0;
-	char                        *is_login_disabled=NULL;
-
-	/* LOGIN EXPIRATION TIME */
-	if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime,
-		    &attr_present)) != 0)
-	    goto cleanup;
-
-	if (attr_present == TRUE) {
-	    if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
-		if (expiretime < entry->expiration)
-		    entry->expiration = expiretime;
-	    } else {
-		entry->expiration = expiretime;
-	    }
-	}
-
-	/* LOGIN DISABLED */
-	if ((st=krb5_ldap_get_string(ld, ent, "logindisabled", &is_login_disabled,
-		    &attr_present)) != 0)
-	    goto cleanup;
-	if (attr_present == TRUE) {
-	    if (strcasecmp(is_login_disabled, "TRUE")== 0)
-		entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
-	    free (is_login_disabled);
-	}
+        krb5_timestamp              expiretime=0;
+        char                        *is_login_disabled=NULL;
+
+        /* LOGIN EXPIRATION TIME */
+        if ((st=krb5_ldap_get_time(ld, ent, "loginexpirationtime", &expiretime,
+                                   &attr_present)) != 0)
+            goto cleanup;
+
+        if (attr_present == TRUE) {
+            if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {
+                if (expiretime < entry->expiration)
+                    entry->expiration = expiretime;
+            } else {
+                entry->expiration = expiretime;
+            }
+        }
+
+        /* LOGIN DISABLED */
+        if ((st=krb5_ldap_get_string(ld, ent, "logindisabled", &is_login_disabled,
+                                     &attr_present)) != 0)
+            goto cleanup;
+        if (attr_present == TRUE) {
+            if (strcasecmp(is_login_disabled, "TRUE")== 0)
+                entry->attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
+            free (is_login_disabled);
+        }
     }
 #endif
 
     if ((st=krb5_read_tkt_policy (context, ldap_context, entry, tktpolname)) !=0)
-	goto cleanup;
+        goto cleanup;
 
     /* We already know that the policy is inside the realm container. */
     if (polname) {
-	osa_policy_ent_t   pwdpol;
-	int                cnt=0;
-	krb5_timestamp     last_pw_changed;
-	krb5_ui_4          pw_max_life;
+        osa_policy_ent_t   pwdpol;
+        int                cnt=0;
+        krb5_timestamp     last_pw_changed;
+        krb5_ui_4          pw_max_life;
 
-	memset(&pwdpol, 0, sizeof(pwdpol));
+        memset(&pwdpol, 0, sizeof(pwdpol));
 
-	if ((st=krb5_ldap_get_password_policy(context, polname, &pwdpol, &cnt)) != 0)
-	    goto cleanup;
-	pw_max_life = pwdpol->pw_max_life;
-	free (pwdpol);
+        if ((st=krb5_ldap_get_password_policy(context, polname, &pwdpol, &cnt)) != 0)
+            goto cleanup;
+        pw_max_life = pwdpol->pw_max_life;
+        free (pwdpol);
 
-	if (pw_max_life > 0) {
-	    if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
-		goto cleanup;
+        if (pw_max_life > 0) {
+            if ((st=krb5_dbe_lookup_last_pwd_change(context, entry, &last_pw_changed)) != 0)
+                goto cleanup;
 
-	    if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
-		if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
-		    entry->pw_expiration = last_pw_changed + pw_max_life;
-	    } else
-		entry->pw_expiration = last_pw_changed + pw_max_life;
-	}
+            if ((mask & KDB_PWD_EXPIRE_TIME_ATTR) == 1) {
+                if ((last_pw_changed + pw_max_life) < entry->pw_expiration)
+                    entry->pw_expiration = last_pw_changed + pw_max_life;
+            } else
+                entry->pw_expiration = last_pw_changed + pw_max_life;
+        }
     }
     /* XXX so krb5_encode_princ_contents() will be happy */
     entry->len = KRB5_KDB_V1_BASE_LENGTH;
@@ -2229,22 +2136,22 @@ populate_krb5_db_entry (krb5_context context,
 cleanup:
 
     if (DN != NULL)
-	ldap_memfree(DN);
+        ldap_memfree(DN);
 
     if (userinfo_tl_data.tl_data_contents != NULL)
-	free(userinfo_tl_data.tl_data_contents);
+        free(userinfo_tl_data.tl_data_contents);
 
     if (pwdpolicydn != NULL)
-	free(pwdpolicydn);
+        free(pwdpolicydn);
 
     if (polname != NULL)
-	free(polname);
+        free(polname);
 
     if (tktpolname != NULL)
-	free (tktpolname);
+        free (tktpolname);
 
     if (policydn != NULL)
-	free(policydn);
+        free(policydn);
 
     if (link_references) {
         int i;
@@ -2282,18 +2189,18 @@ ldap_initialize(LDAP **ldp, char *url)
 #endif
     if (rc == 0) {
 
-	ld = ldap_init(ludp->lud_host, ludp->lud_port);
-	if (ld != NULL) {
-	    *ldp = ld;
+        ld = ldap_init(ludp->lud_host, ludp->lud_port);
+        if (ld != NULL) {
+            *ldp = ld;
 #if 0
-	    printf("lud_host %s lud_port %d\n", ludp->lud_host,
-		   ludp->lud_port);
+            printf("lud_host %s lud_port %d\n", ludp->lud_host,
+                   ludp->lud_port);
 #endif
-	}
-	else
-	    rc = KRB5_KDB_ACCESS_ERROR;
+        }
+        else
+            rc = KRB5_KDB_ACCESS_ERROR;
 
-	ldap_free_urldesc(ludp);
+        ldap_free_urldesc(ludp);
     }
     return rc;
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
index 27531a8..a1d7edc 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_misc.h
  *
@@ -144,11 +145,11 @@ krb5_ldap_get_db_opt(char *, char **, char **);
 
 krb5_error_code
 populate_krb5_db_entry(krb5_context context,
-    krb5_ldap_context *ldap_context,
-    LDAP *ld,
-    LDAPMessage *ent,
-    krb5_const_principal princ,
-    krb5_db_entry *entry);
+                       krb5_ldap_context *ldap_context,
+                       LDAP *ld,
+                       LDAPMessage *ent,
+                       krb5_const_principal princ,
+                       krb5_db_entry *entry);
 
 int kldap_ensure_initialized (void);
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index c599444..5fcc92b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal.c
  *
@@ -40,83 +41,81 @@
 
 struct timeval timelimit = {300, 0};  /* 5 minutes */
 char     *principal_attributes[] = { "krbprincipalname",
-				     "krbcanonicalname",
-				     "objectclass",
-				     "krbprincipalkey",
-				     "krbmaxrenewableage",
-				     "krbmaxticketlife",
-				     "krbticketflags",
-				     "krbprincipalexpiration",
-				     "krbticketpolicyreference",
-				     "krbUpEnabled",
-				     "krbpwdpolicyreference",
-				     "krbpasswordexpiration",
+                                     "krbcanonicalname",
+                                     "objectclass",
+                                     "krbprincipalkey",
+                                     "krbmaxrenewableage",
+                                     "krbmaxticketlife",
+                                     "krbticketflags",
+                                     "krbprincipalexpiration",
+                                     "krbticketpolicyreference",
+                                     "krbUpEnabled",
+                                     "krbpwdpolicyreference",
+                                     "krbpasswordexpiration",
                                      "krbLastFailedAuth",
                                      "krbLoginFailedCount",
                                      "krbLastSuccessfulAuth",
 #ifdef HAVE_EDIRECTORY
-				     "loginexpirationtime",
-				     "logindisabled",
+                                     "loginexpirationtime",
+                                     "logindisabled",
 #endif
-				     "krbLastPwdChange",
-				     "krbExtraData",
-				     "krbObjectReferences",
-				     "krbAllowedToDelegateTo",
-				     NULL };
+                                     "krbLastPwdChange",
+                                     "krbExtraData",
+                                     "krbObjectReferences",
+                                     "krbAllowedToDelegateTo",
+                                     NULL };
 
 /* Must match KDB_*_ATTR macros in ldap_principal.h.  */
 static char *attributes_set[] = { "krbmaxticketlife",
-				  "krbmaxrenewableage",
-				  "krbticketflags",
-				  "krbprincipalexpiration",
-				  "krbticketpolicyreference",
-				  "krbUpEnabled",
-				  "krbpwdpolicyreference",
-				  "krbpasswordexpiration",
-				  "krbprincipalkey",
+                                  "krbmaxrenewableage",
+                                  "krbticketflags",
+                                  "krbprincipalexpiration",
+                                  "krbticketpolicyreference",
+                                  "krbUpEnabled",
+                                  "krbpwdpolicyreference",
+                                  "krbpasswordexpiration",
+                                  "krbprincipalkey",
                                   "krblastpwdchange",
                                   "krbextradata",
                                   "krbLastSuccessfulAuth",
                                   "krbLastFailedAuth",
                                   "krbLoginFailedCount",
-				  NULL };
+                                  NULL };
 
 void
-krb5_dbe_free_contents(context, entry)
-    krb5_context 	 context;
-    krb5_db_entry 	*entry;
+krb5_dbe_free_contents(krb5_context context, krb5_db_entry *entry)
 {
-    krb5_tl_data 	*tl_data_next=NULL;
-    krb5_tl_data 	*tl_data=NULL;
+    krb5_tl_data        *tl_data_next=NULL;
+    krb5_tl_data        *tl_data=NULL;
     int i, j;
 
     if (entry->e_data)
-	free(entry->e_data);
+        free(entry->e_data);
     if (entry->princ)
-	krb5_free_principal(context, entry->princ);
+        krb5_free_principal(context, entry->princ);
     for (tl_data = entry->tl_data; tl_data; tl_data = tl_data_next) {
-	tl_data_next = tl_data->tl_data_next;
-	if (tl_data->tl_data_contents)
-	    free(tl_data->tl_data_contents);
-	free(tl_data);
+        tl_data_next = tl_data->tl_data_next;
+        if (tl_data->tl_data_contents)
+            free(tl_data->tl_data_contents);
+        free(tl_data);
     }
     if (entry->key_data) {
-	for (i = 0; i < entry->n_key_data; i++) {
-	    for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
-		if (entry->key_data[i].key_data_length[j]) {
-		    if (entry->key_data[i].key_data_contents[j]) {
-			memset(entry->key_data[i].key_data_contents[j],
-			       0,
-			       (unsigned) entry->key_data[i].key_data_length[j]);
-			free (entry->key_data[i].key_data_contents[j]);
-		    }
-		}
-		entry->key_data[i].key_data_contents[j] = NULL;
-		entry->key_data[i].key_data_length[j] = 0;
-		entry->key_data[i].key_data_type[j] = 0;
-	    }
-	}
-	free(entry->key_data);
+        for (i = 0; i < entry->n_key_data; i++) {
+            for (j = 0; j < entry->key_data[i].key_data_ver; j++) {
+                if (entry->key_data[i].key_data_length[j]) {
+                    if (entry->key_data[i].key_data_contents[j]) {
+                        memset(entry->key_data[i].key_data_contents[j],
+                               0,
+                               (unsigned) entry->key_data[i].key_data_length[j]);
+                        free (entry->key_data[i].key_data_contents[j]);
+                    }
+                }
+                entry->key_data[i].key_data_contents[j] = NULL;
+                entry->key_data[i].key_data_length[j] = 0;
+                entry->key_data[i].key_data_type[j] = 0;
+            }
+        }
+        free(entry->key_data);
     }
     memset(entry, 0, sizeof(*entry));
     return;
@@ -124,23 +123,19 @@ krb5_dbe_free_contents(context, entry)
 
 
 krb5_error_code
-krb5_ldap_free_principal(kcontext , entries, nentries)
-    krb5_context  kcontext;
-    krb5_db_entry *entries;
-    int           nentries;
+krb5_ldap_free_principal(krb5_context kcontext, krb5_db_entry *entries,
+                         int nentries)
 {
     register int i;
     for (i = 0; i < nentries; i++)
-	krb5_dbe_free_contents(kcontext, &entries[i]);
+        krb5_dbe_free_contents(kcontext, &entries[i]);
     return 0;
 }
 
 krb5_error_code
-krb5_ldap_iterate(context, match_expr, func, func_arg)
-    krb5_context           context;
-    char                   *match_expr;
-    krb5_error_code        (*func) (krb5_pointer, krb5_db_entry *);
-    krb5_pointer           func_arg;
+krb5_ldap_iterate(krb5_context context, char *match_expr,
+                  krb5_error_code (*func)(krb5_pointer, krb5_db_entry *),
+                  krb5_pointer func_arg)
 {
     krb5_db_entry            entry;
     krb5_principal           principal;
@@ -162,68 +157,68 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 
     realm = ldap_context->lrparams->realm_name;
     if (realm == NULL) {
-	realm = context->default_realm;
-	if (realm == NULL) {
-	    st = EINVAL;
-	    krb5_set_error_message(context, st, "Default realm not set");
-	    goto cleanup;
-	}
+        realm = context->default_realm;
+        if (realm == NULL) {
+            st = EINVAL;
+            krb5_set_error_message(context, st, "Default realm not set");
+            goto cleanup;
+        }
     }
 
     /*
      * If no match_expr then iterate through all krb princs like the db2 plugin
      */
     if (match_expr == NULL)
-	match_expr = default_match_expr;
+        match_expr = default_match_expr;
 
     if (asprintf(&filter, FILTER"%s))", match_expr) < 0)
-	filter = NULL;
+        filter = NULL;
     CHECK_NULL(filter);
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     GET_HANDLE();
 
     for (tree=0; tree < ntree; ++tree) {
 
-	LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
-	for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-	    values=ldap_get_values(ld, ent, "krbcanonicalname");
-	    if (values == NULL)
-		values=ldap_get_values(ld, ent, "krbprincipalname");
-	    if (values != NULL) {
-		for (i=0; values[i] != NULL; ++i) {
-		    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
-			continue;
-		    if (krb5_parse_name(context, princ_name, &principal) != 0)
-			continue;
-		    if (is_principal_in_realm(ldap_context, principal) == 0) {
-			if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
-				    &entry)) != 0)
-			    goto cleanup;
-			(*func)(func_arg, &entry);
-			krb5_dbe_free_contents(context, &entry);
-			(void) krb5_free_principal(context, principal);
-			free(princ_name);
-			break;
-		    }
-		    (void) krb5_free_principal(context, principal);
-		    free(princ_name);
-		}
-		ldap_value_free(values);
-	    }
-	} /* end of for (ent= ... */
-	ldap_msgfree(result);
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
+            values=ldap_get_values(ld, ent, "krbcanonicalname");
+            if (values == NULL)
+                values=ldap_get_values(ld, ent, "krbprincipalname");
+            if (values != NULL) {
+                for (i=0; values[i] != NULL; ++i) {
+                    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
+                        continue;
+                    if (krb5_parse_name(context, princ_name, &principal) != 0)
+                        continue;
+                    if (is_principal_in_realm(ldap_context, principal) == 0) {
+                        if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent, principal,
+                                                         &entry)) != 0)
+                            goto cleanup;
+                        (*func)(func_arg, &entry);
+                        krb5_dbe_free_contents(context, &entry);
+                        (void) krb5_free_principal(context, principal);
+                        free(princ_name);
+                        break;
+                    }
+                    (void) krb5_free_principal(context, principal);
+                    free(princ_name);
+                }
+                ldap_value_free(values);
+            }
+        } /* end of for (ent= ... */
+        ldap_msgfree(result);
     } /* end of for (tree= ... */
 
 cleanup:
     if (filter)
-	free (filter);
+        free (filter);
 
     for (;ntree; --ntree)
-	if (subtree[ntree-1])
-	    free (subtree[ntree-1]);
+        if (subtree[ntree-1])
+            free (subtree[ntree-1]);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -234,15 +229,13 @@ cleanup:
  * delete a principal from the directory.
  */
 krb5_error_code
-krb5_ldap_delete_principal(context, searchfor, nentries)
-    krb5_context context;
-    krb5_const_principal searchfor;
-    int *nentries;		/* how many found & deleted */
+krb5_ldap_delete_principal(krb5_context context,
+                           krb5_const_principal searchfor, int *nentries)
 {
     char                      *user=NULL, *DN=NULL, *strval[10] = {NULL};
     LDAPMod                   **mods=NULL;
     LDAP                      *ld=NULL;
-    int 	              j=0, ptype=0, pcount=0, attrsetmask=0;
+    int                       j=0, ptype=0, pcount=0, attrsetmask=0;
     krb5_error_code           st=0;
     krb5_boolean              singleentry=FALSE;
     KEY                       *secretkey=NULL;
@@ -258,18 +251,18 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
     SETUP_CONTEXT();
     /* get the principal info */
     if ((st=krb5_ldap_get_principal(context, searchfor, 0, &entries, nentries, &more)) != 0 || *nentries == 0)
-	goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_get_princ_type(context, &entries, &(ptype))) != 0) ||
-	((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
-	((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
-	((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
-	goto cleanup;
+        ((st=krb5_get_attributes_mask(context, &entries, &(attrsetmask))) != 0) ||
+        ((st=krb5_get_princ_count(context, &entries, &(pcount))) != 0) ||
+        ((st=krb5_get_userdn(context, &entries, &(DN))) != 0))
+        goto cleanup;
 
     if (DN == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "DN information missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "DN information missing");
+        goto cleanup;
     }
 
     GET_HANDLE();
@@ -281,90 +274,90 @@ krb5_ldap_delete_principal(context, searchfor, nentries)
             goto cleanup;
         }
     } else {
-	if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
-	    || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
-	    goto cleanup;
-
-	memset(strval, 0, sizeof(strval));
-	strval[0] = user;
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
-					  strval)) != 0)
-	    goto cleanup;
-
-	singleentry = (pcount == 1) ? TRUE: FALSE;
-	if (singleentry == FALSE) {
-	    if (secretkey != NULL) {
-		if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
-						  secretkey->keys)) != 0)
-		    goto cleanup;
-	    }
-	} else {
-	    /*
-	     * If the Kerberos user principal to be deleted happens to be the last one associated
-	     * with the directory user object, then it is time to delete the other kerberos
-	     * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
-	     * From the attrsetmask value, identify the attributes set on the directory user
-	     * object and delete them.
-	     * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
-	     * other principals' keys are exisiting/left-over. So delete all the values.
-	     */
-	    while (attrsetmask) {
-		if (attrsetmask & 1) {
-		    if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
-						      NULL)) != 0)
-			goto cleanup;
-		}
-		attrsetmask >>= 1;
-		++j;
-	    }
-
-	    /* the same should be done with the objectclass attributes */
-	    {
-		char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
-/*		char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
-		int p, q, r=0, amask=0;
-
-		if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
-		    goto cleanup;
-		memset(strval, 0, sizeof(strval));
-		for (p=1, q=0; p<=4; p<<=1, ++q)
-		    if (p & amask)
-			strval[r++] = attrvalues[q];
-		strval[r] = NULL;
-		if (r > 0) {
-		    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
-						      strval)) != 0)
-			goto cleanup;
-		}
-	    }
-	}
-	st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
-	if (st != LDAP_SUCCESS) {
-	    st = set_ldap_error(context, st, OP_MOD);
-	    goto cleanup;
-	}
+        if (((st=krb5_unparse_name(context, searchfor, &user)) != 0)
+            || ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+            goto cleanup;
+
+        memset(strval, 0, sizeof(strval));
+        strval[0] = user;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_DELETE,
+                                          strval)) != 0)
+            goto cleanup;
+
+        singleentry = (pcount == 1) ? TRUE: FALSE;
+        if (singleentry == FALSE) {
+            if (secretkey != NULL) {
+                if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", LDAP_MOD_DELETE | LDAP_MOD_BVALUES,
+                                                  secretkey->keys)) != 0)
+                    goto cleanup;
+            }
+        } else {
+            /*
+             * If the Kerberos user principal to be deleted happens to be the last one associated
+             * with the directory user object, then it is time to delete the other kerberos
+             * specific attributes like krbmaxticketlife, i.e, unkerberize the directory user.
+             * From the attrsetmask value, identify the attributes set on the directory user
+             * object and delete them.
+             * NOTE: krbsecretkey attribute has per principal entries. There can be chances that the
+             * other principals' keys are exisiting/left-over. So delete all the values.
+             */
+            while (attrsetmask) {
+                if (attrsetmask & 1) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, attributes_set[j], LDAP_MOD_DELETE,
+                                                      NULL)) != 0)
+                        goto cleanup;
+                }
+                attrsetmask >>= 1;
+                ++j;
+            }
+
+            /* the same should be done with the objectclass attributes */
+            {
+                char *attrvalues[] = {"krbticketpolicyaux", "krbprincipalaux", NULL};
+/*              char *attrvalues[] = {"krbpwdpolicyrefaux", "krbticketpolicyaux", "krbprincipalaux", NULL};  */
+                int p, q, r=0, amask=0;
+
+                if ((st=checkattributevalue(ld, DN, "objectclass", attrvalues, &amask)) != 0)
+                    goto cleanup;
+                memset(strval, 0, sizeof(strval));
+                for (p=1, q=0; p<=4; p<<=1, ++q)
+                    if (p & amask)
+                        strval[r++] = attrvalues[q];
+                strval[r] = NULL;
+                if (r > 0) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_DELETE,
+                                                      strval)) != 0)
+                        goto cleanup;
+                }
+            }
+        }
+        st=ldap_modify_ext_s(ld, DN, mods, NULL, NULL);
+        if (st != LDAP_SUCCESS) {
+            st = set_ldap_error(context, st, OP_MOD);
+            goto cleanup;
+        }
     }
 
 cleanup:
     if (user)
-	free (user);
+        free (user);
 
     if (DN)
-	free (DN);
+        free (DN);
 
     if (secretkey != NULL) {
-	int i=0;
-	while (i < secretkey->nkey) {
-	    free (secretkey->keys[i]->bv_val);
-	    free (secretkey->keys[i]);
-	    ++i;
-	}
-	free (secretkey->keys);
-	free (secretkey);
+        int i=0;
+        while (i < secretkey->nkey) {
+            free (secretkey->keys[i]->bv_val);
+            free (secretkey->keys[i]);
+            ++i;
+        }
+        free (secretkey->keys);
+        free (secretkey);
     }
 
     if (st == 0)
-	krb5_ldap_free_principal(context, &entries, *nentries);
+        krb5_ldap_free_principal(context, &entries, *nentries);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -390,9 +383,9 @@ krb5_ldap_unparse_principal_name(char *user_name)
 
     out = user_name;
     for (in = user_name; *in; in++) {
-	if (*in == '\\' && *(in + 1) == '@')
-	    continue;
-	*out++ = *in;
+        if (*in == '\\' && *(in + 1) == '@')
+            continue;
+        *out++ = *in;
     }
     *out = '\0';
 
@@ -414,29 +407,27 @@ krb5_ldap_unparse_principal_name(char *user_name)
  */
 
 krb5_error_code
-krb5_ldap_parse_principal_name(i_princ_name, o_princ_name)
-    char              *i_princ_name;
-    char              **o_princ_name;
+krb5_ldap_parse_principal_name(char *i_princ_name, char **o_princ_name)
 {
     const char *at_rlm_name, *p;
     struct k5buf buf;
 
     at_rlm_name = strrchr(i_princ_name, '@');
     if (!at_rlm_name) {
-	*o_princ_name = strdup(i_princ_name);
-	if (!o_princ_name)
-	    return ENOMEM;
+        *o_princ_name = strdup(i_princ_name);
+        if (!o_princ_name)
+            return ENOMEM;
     } else {
-	krb5int_buf_init_dynamic(&buf);
-	for (p = i_princ_name; p < at_rlm_name; p++) {
-	    if (*p == '@')
-		krb5int_buf_add(&buf, "\\");
-	    krb5int_buf_add_len(&buf, p, 1);
-	}
-	krb5int_buf_add(&buf, at_rlm_name);
-	*o_princ_name = krb5int_buf_data(&buf);
-	if (!*o_princ_name)
-	    return ENOMEM;
+        krb5int_buf_init_dynamic(&buf);
+        for (p = i_princ_name; p < at_rlm_name; p++) {
+            if (*p == '@')
+                krb5int_buf_add(&buf, "\\");
+            krb5int_buf_add_len(&buf, p, 1);
+        }
+        krb5int_buf_add(&buf, at_rlm_name);
+        *o_princ_name = krb5int_buf_data(&buf);
+        if (!*o_princ_name)
+            return ENOMEM;
     }
     return 0;
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
index abc27f1..9969d53 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal.h
  *
@@ -35,20 +36,20 @@
 
 #define  KEYHEADER  12
 
-#define  NOOFKEYS(ptr) 		((ptr[10]<<8) | ptr[11])
+#define  NOOFKEYS(ptr)          ((ptr[10]<<8) | ptr[11])
 
-#define  PRINCIPALLEN(ptr) 	((ptr[0]<<8) | ptr[1])
-#define  PRINCIPALNAME(ptr) 	(ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
+#define  PRINCIPALLEN(ptr)      ((ptr[0]<<8) | ptr[1])
+#define  PRINCIPALNAME(ptr)     (ptr + KEYHEADER + (NOOFKEYS(ptr) *8))
 
-#define  KEYBODY(ptr)		PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
+#define  KEYBODY(ptr)           PRINCIPALNAME(ptr) + PRINCIPALLEN(ptr)
 
-#define  PKEYVER(ptr) 		((ptr[2]<<8) | ptr[3])
-#define  MKEYVER(ptr) 		((ptr[4]<<8) | ptr[5])
+#define  PKEYVER(ptr)           ((ptr[2]<<8) | ptr[3])
+#define  MKEYVER(ptr)           ((ptr[4]<<8) | ptr[5])
 
-#define  KEYTYPE(ptr,j) 	((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
-#define  KEYLENGTH(ptr,j) 	((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
-#define  SALTTYPE(ptr,j) 	((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
-#define  SALTLENGTH(ptr,j) 	((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
+#define  KEYTYPE(ptr,j)         ((ptr[KEYHEADER+(j*8)]<<8) | ptr[KEYHEADER+1+(j*8)])
+#define  KEYLENGTH(ptr,j)       ((ptr[KEYHEADER+2+(j*8)]<<8) | ptr[KEYHEADER+3+(j*8)])
+#define  SALTTYPE(ptr,j)        ((ptr[KEYHEADER+4+(j*8)]<<8) | ptr[KEYHEADER+5+(j*8)])
+#define  SALTLENGTH(ptr,j)      ((ptr[KEYHEADER+6+(j*8)]<<8) | ptr[KEYHEADER+7+(j*8)])
 
 #define MAX_KEY_LENGTH         1024
 #define CONTAINERDN_ARG        "containerdn"
@@ -57,7 +58,7 @@
 #define LINKDN_ARG             "linkdn"
 
 /* #define FILTER   "(&(objectclass=krbprincipalaux)(krbprincipalname=" */
- #define FILTER   "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
+#define FILTER   "(&(|(objectclass=krbprincipalaux)(objectclass=krbprincipal))(krbprincipalname="
 
 #define  KDB_USER_PRINCIPAL    0x01
 #define  KDB_SERVICE_PRINCIPAL 0x02
@@ -88,7 +89,7 @@
  * and krb5_ldap_put_principal(). If present, it means that the
  * krbPwdMaxFailure attribute should be incremented by one.
  */
-#define KADM5_FAIL_AUTH_COUNT_INCREMENT	     0x080000 /* KADM5_CPW_FUNCTION */
+#define KADM5_FAIL_AUTH_COUNT_INCREMENT      0x080000 /* KADM5_CPW_FUNCTION */
 
 extern struct timeval timeout;
 extern char *policyclass[];
@@ -98,7 +99,7 @@ krb5_ldap_put_principal(krb5_context, krb5_db_entry *, int *, char **);
 
 krb5_error_code
 krb5_ldap_get_principal(krb5_context , krb5_const_principal ,
-                        unsigned int, krb5_db_entry *,int *, krb5_boolean *);
+                        unsigned int, krb5_db_entry *, int *, krb5_boolean *);
 
 krb5_error_code
 krb5_ldap_delete_principal(krb5_context, krb5_const_principal, int *);
@@ -107,7 +108,8 @@ krb5_error_code
 krb5_ldap_free_principal(krb5_context, krb5_db_entry *, int );
 
 krb5_error_code
-krb5_ldap_iterate(krb5_context, char *, krb5_error_code (*) (krb5_pointer, krb5_db_entry *),
+krb5_ldap_iterate(krb5_context, char *,
+                  krb5_error_code (*)(krb5_pointer, krb5_db_entry *),
                   krb5_pointer/*, int */);
 
 void
@@ -121,11 +123,12 @@ krb5_ldap_parse_principal_name(char *, char **);
 
 krb5_error_code
 krb5_decode_krbsecretkey(krb5_context, krb5_db_entry *, struct berval **,
-                        krb5_tl_data *, krb5_kvno *);
+                         krb5_tl_data *, krb5_kvno *);
 
 krb5_error_code
 berval2tl_data(struct berval *in, krb5_tl_data **out);
 
 krb5_error_code
-krb5_read_tkt_policy (krb5_context, krb5_ldap_context *, krb5_db_entry *, char *);
+krb5_read_tkt_policy(krb5_context, krb5_ldap_context *, krb5_db_entry *,
+                     char *);
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 3474b7c..220602a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_principal2.c
  *
@@ -53,14 +54,14 @@ berval2tl_data(struct berval *in, krb5_tl_data **out)
 {
     *out = (krb5_tl_data *) malloc (sizeof (krb5_tl_data));
     if (*out == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     (*out)->tl_data_length = in->bv_len - 2;
     (*out)->tl_data_contents =  (krb5_octet *) malloc
-	((*out)->tl_data_length * sizeof (krb5_octet));
+        ((*out)->tl_data_length * sizeof (krb5_octet));
     if ((*out)->tl_data_contents == NULL) {
-	free (*out);
-	return ENOMEM;
+        free (*out);
+        return ENOMEM;
     }
 
     UNSTORE16_INT (in->bv_val, (*out)->tl_data_type);
@@ -87,9 +88,9 @@ aliases_ok(unsigned int flags)
      * okay.
      */
     if (!(flags & KRB5_KDB_FLAG_CLIENT_REFERRALS_ONLY))
-	return TRUE;
+        return TRUE;
     if (flags & KRB5_KDB_FLAG_CANONICALIZE)
-	return TRUE;
+        return TRUE;
     return FALSE;
 }
 
@@ -98,24 +99,20 @@ aliases_ok(unsigned int flags)
  */
 
 krb5_error_code
-krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
-    krb5_context context;
-    krb5_const_principal searchfor;
-    unsigned int flags;
-    krb5_db_entry *entries;	/* filled in */
-    int *nentries;		/* how much room/how many found */
-    krb5_boolean *more;		/* are there more? */
+krb5_ldap_get_principal(krb5_context context, krb5_const_principal searchfor,
+                        unsigned int flags, krb5_db_entry *entries,
+                        int *nentries, krb5_boolean *more)
 {
     char                        *user=NULL, *filter=NULL, **subtree=NULL;
     unsigned int                tree=0, ntrees=1, princlen=0;
-    krb5_error_code	        tempst=0, st=0;
+    krb5_error_code             tempst=0, st=0;
     char                        **values=NULL, *cname=NULL;
-    LDAP	                *ld=NULL;
-    LDAPMessage	                *result=NULL, *ent=NULL;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
-    krb5_principal		cprinc=NULL;
+    krb5_principal              cprinc=NULL;
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
@@ -126,7 +123,7 @@ krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
     memset(entries, 0, sizeof(*entries));
 
     if (searchfor == NULL)
-	return EINVAL;
+        return EINVAL;
 
     dal_handle = context->dal_handle;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
@@ -134,78 +131,78 @@ krb5_ldap_get_principal(context, searchfor, flags, entries, nentries, more)
     CHECK_LDAP_HANDLE(ldap_context);
 
     if (is_principal_in_realm(ldap_context, searchfor) != 0) {
-	*more = 0;
-	krb5_set_error_message (context, st, "Principal does not belong to realm");
-	goto cleanup;
+        *more = 0;
+        krb5_set_error_message (context, st, "Principal does not belong to realm");
+        goto cleanup;
     }
 
     if ((st=krb5_unparse_name(context, searchfor, &user)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if ((st=krb5_ldap_unparse_principal_name(user)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
     if ((filter = malloc(princlen)) == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     snprintf(filter, princlen, FILTER"%s))", user);
 
     if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     GET_HANDLE();
     for (tree=0; tree < ntrees && *nentries == 0; ++tree) {
 
-	LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
-	for (ent=ldap_first_entry(ld, result); ent != NULL && *nentries == 0; ent=ldap_next_entry(ld, ent)) {
-
-	    /* get the associated directory user information */
-	    if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-		int i;
-
-		/* a wild-card in a principal name can return a list of kerberos principals.
-		 * Make sure that the correct principal is returned.
-		 * NOTE: a principalname k* in ldap server will return all the principals starting with a k
-		 */
-		for (i=0; values[i] != NULL; ++i) {
-		    if (strcmp(values[i], user) == 0) {
-			*nentries = 1;
-			break;
-		    }
-		}
-		ldap_value_free(values);
-
-		if (*nentries == 0) /* no matching principal found */
-		    continue;
-	    }
-
-	    if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
-		if (values[0] && strcmp(values[0], user) != 0) {
-		    /* We matched an alias, not the canonical name. */
-		    if (aliases_ok(flags)) {
-			st = krb5_ldap_parse_principal_name(values[0], &cname);
-			if (st != 0)
-			    goto cleanup;
-			st = krb5_parse_name(context, cname, &cprinc);
-			if (st != 0)
-			    goto cleanup;
-		    } else /* No canonicalization, so don't return aliases. */
-			*nentries = 0;
-		}
-		ldap_value_free(values);
-		if (*nentries == 0)
-		    continue;
-	    }
-
-	    if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
-					     cprinc ? cprinc : searchfor,
-					     entries)) != 0)
-		goto cleanup;
-	}
-	ldap_msgfree(result);
-	result = NULL;
+        LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
+        for (ent=ldap_first_entry(ld, result); ent != NULL && *nentries == 0; ent=ldap_next_entry(ld, ent)) {
+
+            /* get the associated directory user information */
+            if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+                int i;
+
+                /* a wild-card in a principal name can return a list of kerberos principals.
+                 * Make sure that the correct principal is returned.
+                 * NOTE: a principalname k* in ldap server will return all the principals starting with a k
+                 */
+                for (i=0; values[i] != NULL; ++i) {
+                    if (strcmp(values[i], user) == 0) {
+                        *nentries = 1;
+                        break;
+                    }
+                }
+                ldap_value_free(values);
+
+                if (*nentries == 0) /* no matching principal found */
+                    continue;
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbcanonicalname")) != NULL) {
+                if (values[0] && strcmp(values[0], user) != 0) {
+                    /* We matched an alias, not the canonical name. */
+                    if (aliases_ok(flags)) {
+                        st = krb5_ldap_parse_principal_name(values[0], &cname);
+                        if (st != 0)
+                            goto cleanup;
+                        st = krb5_parse_name(context, cname, &cprinc);
+                        if (st != 0)
+                            goto cleanup;
+                    } else /* No canonicalization, so don't return aliases. */
+                        *nentries = 0;
+                }
+                ldap_value_free(values);
+                if (*nentries == 0)
+                    continue;
+            }
+
+            if ((st = populate_krb5_db_entry(context, ldap_context, ld, ent,
+                                             cprinc ? cprinc : searchfor,
+                                             entries)) != 0)
+                goto cleanup;
+        }
+        ldap_msgfree(result);
+        result = NULL;
     } /* for (tree=0 ... */
 
     /* once done, put back the ldap handle */
@@ -216,29 +213,29 @@ cleanup:
     ldap_msgfree(result);
 
     if (*nentries == 0 || st != 0)
-	krb5_dbe_free_contents(context, entries);
+        krb5_dbe_free_contents(context, entries);
 
     if (filter)
-	free (filter);
+        free (filter);
 
     if (subtree) {
-	for (; ntrees; --ntrees)
-	    if (subtree[ntrees-1])
-		free (subtree[ntrees-1]);
-	free (subtree);
+        for (; ntrees; --ntrees)
+            if (subtree[ntrees-1])
+                free (subtree[ntrees-1]);
+        free (subtree);
     }
 
     if (ldap_server_handle)
-	krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
+        krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
 
     if (user)
-	free(user);
+        free(user);
 
     if (cname)
-	free(cname);
+        free(cname);
 
     if (cprinc)
-	krb5_free_principal(context, cprinc);
+        krb5_free_principal(context, cprinc);
 
     return st;
 }
@@ -260,25 +257,21 @@ typedef struct _xargs_t {
 }xargs_t;
 
 static void
-free_xargs(xargs)
-    xargs_t xargs;
+free_xargs(xargs_t xargs)
 {
     if (xargs.dn)
-	free (xargs.dn);
+        free (xargs.dn);
     if (xargs.linkdn)
-	free(xargs.linkdn);
+        free(xargs.linkdn);
     if (xargs.containerdn)
-	free (xargs.containerdn);
+        free (xargs.containerdn);
     if (xargs.tktpolicydn)
-	free (xargs.tktpolicydn);
+        free (xargs.tktpolicydn);
 }
 
 static krb5_error_code
-process_db_args(context, db_args, xargs, optype)
-    krb5_context   context;
-    char           **db_args;
-    xargs_t        *xargs;
-    OPERATION      optype;
+process_db_args(krb5_context context, char **db_args, xargs_t *xargs,
+                OPERATION optype)
 {
     int                   i=0;
     krb5_error_code       st=0;
@@ -288,81 +281,81 @@ process_db_args(context, db_args, xargs, optype)
     unsigned int          arg_val_len=0;
 
     if (db_args) {
-	for (i=0; db_args[i]; ++i) {
-	    arg = strtok_r(db_args[i], "=", &arg_val);
-	    if (strcmp(arg, TKTPOLICY_ARG) == 0) {
-		dptr = &xargs->tktpolicydn;
-	    } else {
-		if (strcmp(arg, USERDN_ARG) == 0) {
-		    if (optype == MODIFY_PRINCIPAL ||
-			xargs->dn != NULL || xargs->containerdn != NULL ||
-			xargs->linkdn != NULL) {
-			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf),
-				 "%s option not supported", arg);
-			krb5_set_error_message(context, st, "%s", errbuf);
-			goto cleanup;
-		    }
-		    dptr = &xargs->dn;
-		} else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
-		    if (optype == MODIFY_PRINCIPAL ||
-			xargs->dn != NULL || xargs->containerdn != NULL) {
-			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf),
-				 "%s option not supported", arg);
-			krb5_set_error_message(context, st, "%s", errbuf);
-			goto cleanup;
-		    }
-		    dptr = &xargs->containerdn;
-		} else if (strcmp(arg, LINKDN_ARG) == 0) {
-		    if (xargs->dn != NULL || xargs->linkdn != NULL) {
-			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf),
-				 "%s option not supported", arg);
-			krb5_set_error_message(context, st, "%s", errbuf);
-			goto cleanup;
-		    }
-		    dptr = &xargs->linkdn;
-		} else {
-		    st = EINVAL;
-		    snprintf(errbuf, sizeof(errbuf), "unknown option: %s", arg);
-		    krb5_set_error_message(context, st, "%s", errbuf);
-		    goto cleanup;
-		}
-
-		xargs->dn_from_kbd = TRUE;
-		if (arg_val == NULL || strlen(arg_val) == 0) {
-		    st = EINVAL;
-		    snprintf(errbuf, sizeof(errbuf),
-			     "%s option value missing", arg);
-		    krb5_set_error_message(context, st, "%s", errbuf);
-		    goto cleanup;
-		}
-	    }
-
-	    if (arg_val == NULL) {
-		st = EINVAL;
-		snprintf(errbuf, sizeof(errbuf),
-			 "%s option value missing", arg);
-		krb5_set_error_message(context, st, "%s", errbuf);
-		goto cleanup;
-	    }
-	    arg_val_len = strlen(arg_val) + 1;
-
-	    if (strcmp(arg, TKTPOLICY_ARG) == 0) {
-		if ((st = krb5_ldap_name_to_policydn (context,
-						      arg_val,
-						      dptr)) != 0)
-		    goto cleanup;
-	    } else {
-		*dptr = calloc (1, arg_val_len);
-		if (*dptr == NULL) {
-		    st = ENOMEM;
-		    goto cleanup;
-		}
-		memcpy(*dptr, arg_val, arg_val_len);
-	    }
-	}
+        for (i=0; db_args[i]; ++i) {
+            arg = strtok_r(db_args[i], "=", &arg_val);
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                dptr = &xargs->tktpolicydn;
+            } else {
+                if (strcmp(arg, USERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL ||
+                        xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->dn;
+                } else if (strcmp(arg, CONTAINERDN_ARG) == 0) {
+                    if (optype == MODIFY_PRINCIPAL ||
+                        xargs->dn != NULL || xargs->containerdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->containerdn;
+                } else if (strcmp(arg, LINKDN_ARG) == 0) {
+                    if (xargs->dn != NULL || xargs->linkdn != NULL) {
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf),
+                                 "%s option not supported", arg);
+                        krb5_set_error_message(context, st, "%s", errbuf);
+                        goto cleanup;
+                    }
+                    dptr = &xargs->linkdn;
+                } else {
+                    st = EINVAL;
+                    snprintf(errbuf, sizeof(errbuf), "unknown option: %s", arg);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                }
+
+                xargs->dn_from_kbd = TRUE;
+                if (arg_val == NULL || strlen(arg_val) == 0) {
+                    st = EINVAL;
+                    snprintf(errbuf, sizeof(errbuf),
+                             "%s option value missing", arg);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                }
+            }
+
+            if (arg_val == NULL) {
+                st = EINVAL;
+                snprintf(errbuf, sizeof(errbuf),
+                         "%s option value missing", arg);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+            arg_val_len = strlen(arg_val) + 1;
+
+            if (strcmp(arg, TKTPOLICY_ARG) == 0) {
+                if ((st = krb5_ldap_name_to_policydn (context,
+                                                      arg_val,
+                                                      dptr)) != 0)
+                    goto cleanup;
+            } else {
+                *dptr = calloc (1, arg_val_len);
+                if (*dptr == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                memcpy(*dptr, arg_val, arg_val_len);
+            }
+        }
     }
 
 cleanup:
@@ -372,8 +365,8 @@ cleanup:
 krb5int_access accessor;
 
 static krb5_error_code
-asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
-			      krb5_int32 mkvno, krb5_data **code)
+asn1_encode_sequence_of_keys(krb5_key_data *key_data, krb5_int16 n_key_data,
+                             krb5_int32 mkvno, krb5_data **code)
 {
     krb5_error_code err;
     ldap_seqof_key_data val;
@@ -384,7 +377,7 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
      */
     err = kldap_ensure_initialized ();
     if (err)
-	return err;
+        return err;
 
     val.key_data = key_data;
     val.n_key_data = n_key_data;
@@ -394,8 +387,8 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, krb5_int16 n_key_data,
 }
 
 static krb5_error_code
-asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
-			      krb5_int16 *n_key_data, krb5_kvno *mkvno)
+asn1_decode_sequence_of_keys(krb5_data *in, krb5_key_data **out,
+                             krb5_int16 *n_key_data, krb5_kvno *mkvno)
 {
     krb5_error_code err;
     ldap_seqof_key_data *p;
@@ -406,11 +399,11 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
      */
     err = kldap_ensure_initialized ();
     if (err)
-	return err;
+        return err;
 
     err = accessor.asn1_ldap_decode_sequence_of_keys(in, &p);
     if (err)
-	return err;
+        return err;
     *out = p->key_data;
     *n_key_data = p->n_key_data;
     *mkvno = p->mkvno;
@@ -421,7 +414,8 @@ asn1_decode_sequence_of_keys (krb5_data *in, krb5_key_data **out,
 
 /* Decoding ASN.1 encoded key */
 static struct berval **
-krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvno) {
+krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data,
+                         krb5_kvno mkvno) {
     struct berval **ret = NULL;
     int currkvno;
     int num_versions = 1;
@@ -429,66 +423,68 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data, int n_key_data, krb5_kvno mkvn
     krb5_error_code err = 0;
 
     if (n_key_data <= 0)
-	return NULL;
+        return NULL;
 
     /* Find the number of key versions */
     for (i = 0; i < n_key_data - 1; i++)
-	if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
-	    num_versions++;
+        if (key_data[i].key_data_kvno != key_data[i + 1].key_data_kvno)
+            num_versions++;
 
     ret = (struct berval **) calloc (num_versions + 1, sizeof (struct berval *));
     if (ret == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     for (i = 0, last = 0, j = 0, currkvno = key_data[0].key_data_kvno; i < n_key_data; i++) {
-	krb5_data *code;
-	if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
-	    asn1_encode_sequence_of_keys (key_data+last,
-					  (krb5_int16) i - last + 1,
-					  mkvno,
-					  &code);
-	    ret[j] = malloc (sizeof (struct berval));
-	    if (ret[j] == NULL) {
-		err = ENOMEM;
-		goto cleanup;
-	    }
-	    /*CHECK_NULL(ret[j]); */
-	    ret[j]->bv_len = code->length;
-	    ret[j]->bv_val = code->data;
-	    j++;
-	    last = i + 1;
-
-	    currkvno = key_data[i].key_data_kvno;
-	}
+        krb5_data *code;
+        if (i == n_key_data - 1 || key_data[i + 1].key_data_kvno != currkvno) {
+            asn1_encode_sequence_of_keys (key_data+last,
+                                          (krb5_int16) i - last + 1,
+                                          mkvno,
+                                          &code);
+            ret[j] = malloc (sizeof (struct berval));
+            if (ret[j] == NULL) {
+                err = ENOMEM;
+                goto cleanup;
+            }
+            /*CHECK_NULL(ret[j]); */
+            ret[j]->bv_len = code->length;
+            ret[j]->bv_val = code->data;
+            j++;
+            last = i + 1;
+
+            currkvno = key_data[i].key_data_kvno;
+        }
     }
     ret[num_versions] = NULL;
 
 cleanup:
 
     if (err != 0) {
-	if (ret != NULL) {
-	    for (i = 0; i <= num_versions; i++)
-		if (ret[i] != NULL)
-		    free (ret[i]);
-	    free (ret);
-	    ret = NULL;
-	}
+        if (ret != NULL) {
+            for (i = 0; i <= num_versions; i++)
+                if (ret[i] != NULL)
+                    free (ret[i]);
+            free (ret);
+            ret = NULL;
+        }
     }
 
     return ret;
 }
 
-static krb5_error_code tl_data2berval (krb5_tl_data *in, struct berval **out) {
+static krb5_error_code
+tl_data2berval (krb5_tl_data *in, struct berval **out)
+{
     *out = (struct berval *) malloc (sizeof (struct berval));
     if (*out == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     (*out)->bv_len = in->tl_data_length + 2;
     (*out)->bv_val =  (char *) malloc ((*out)->bv_len);
     if ((*out)->bv_val == NULL) {
-	free (*out);
-	return ENOMEM;
+        free (*out);
+        return ENOMEM;
     }
 
     STORE16_INT((*out)->bv_val, in->tl_data_type);
@@ -498,20 +494,17 @@ static krb5_error_code tl_data2berval (krb5_tl_data *in, struct berval **out) {
 }
 
 krb5_error_code
-krb5_ldap_put_principal(context, entries, nentries, db_args)
-    krb5_context               context;
-    krb5_db_entry              *entries;
-    register int               *nentries;         /* number of entry structs to update */
-    char                       **db_args;
+krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entries,
+                        int *nentries, char **db_args)
 {
-    int 		        i=0, l=0, kerberos_principal_object_type=0;
-    krb5_error_code 	        st=0, tempst=0;
-    LDAP  		        *ld=NULL;
+    int                         i=0, l=0, kerberos_principal_object_type=0;
+    krb5_error_code             st=0, tempst=0;
+    LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL, *ent=NULL;
     char                        *user=NULL, *subtree=NULL, *principal_dn=NULL;
     char                        **values=NULL, *strval[10]={NULL}, errbuf[1024];
-    struct berval	        **bersecretkey=NULL;
-    LDAPMod 		        **mods=NULL;
+    struct berval               **bersecretkey=NULL;
+    LDAPMod                     **mods=NULL;
     krb5_boolean                create_standalone_prinicipal=FALSE;
     krb5_boolean                krb_identity_exists=FALSE, establish_links=FALSE;
     char                        *standalone_principal_dn=NULL;
@@ -520,319 +513,319 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
-    osa_princ_ent_rec 	        princ_ent;
+    osa_princ_ent_rec           princ_ent;
     xargs_t                     xargs = {0};
     char                        *polname = NULL;
     OPERATION optype;
-    krb5_boolean     		found_entry = FALSE;
+    krb5_boolean                found_entry = FALSE;
 
     /* Clear the global error string */
     krb5_clear_error_message(context);
 
     SETUP_CONTEXT();
     if (ldap_context->lrparams == NULL || ldap_context->krbcontainer == NULL)
-	return EINVAL;
+        return EINVAL;
 
     /* get ldap handle */
     GET_HANDLE();
 
     for (i=0; i < *nentries; ++i, ++entries) {
-	if (is_principal_in_realm(ldap_context, entries->princ) != 0) {
-	    st = EINVAL;
-	    krb5_set_error_message(context, st, "Principal does not belong to the default realm");
-	    goto cleanup;
-	}
-
-	/* get the principal information to act on */
-	if (entries->princ) {
-	    if (((st=krb5_unparse_name(context, entries->princ, &user)) != 0) ||
-		((st=krb5_ldap_unparse_principal_name(user)) != 0))
-		goto cleanup;
-	}
-
-	/* Identity the type of operation, it can be
-	 * add principal or modify principal.
-	 * hack if the entries->mask has KRB_PRINCIPAL flag set
-	 * then it is a add operation
-	 */
-	if (entries->mask & KADM5_PRINCIPAL)
-	    optype = ADD_PRINCIPAL;
-	else
-	    optype = MODIFY_PRINCIPAL;
-
-	if (((st=krb5_get_princ_type(context, entries, &kerberos_principal_object_type)) != 0) ||
-	    ((st=krb5_get_userdn(context, entries, &principal_dn)) != 0))
-	    goto cleanup;
-
-	if ((st=process_db_args(context, db_args, &xargs, optype)) != 0)
-	    goto cleanup;
-
-	if (entries->mask & KADM5_LOAD) {
-	    int              tree = 0, ntrees = 0, princlen = 0, numlentries = 0;
-	    char             **subtreelist = NULL, *filter = NULL;
-
-	    /*  A load operation is special, will do a mix-in (add krbprinc
-	     *  attrs to a non-krb object entry) if an object exists with a
-	     *  matching krbprincipalname attribute so try to find existing
-	     *  object and set principal_dn.  This assumes that the
-	     *  krbprincipalname attribute is unique (only one object entry has
-	     *  a particular krbprincipalname attribute).
-	     */
-	    if (user == NULL) {
-		/* must have principal name for search */
-		st = EINVAL;
-		krb5_set_error_message(context, st, "operation can not continue, principal name not found");
-		goto cleanup;
-	    }
-	    princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
-	    if ((filter = malloc(princlen)) == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
-	    snprintf(filter, princlen, FILTER"%s))", user);
-
-	    /* get the current subtree list */
-	    if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
-		goto cleanup;
-
-	    found_entry = FALSE;
-	    /* search for entry with matching krbprincipalname attribute */
-	    for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) {
-		result = NULL;
-		if (principal_dn == NULL) {
-		    LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS);
-		} else {
-		    /* just look for entry with principal_dn */
-		    LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS);
-		}
-		if (st == LDAP_SUCCESS) {
-		    numlentries = ldap_count_entries(ld, result);
-		    if (numlentries > 1) {
-			ldap_msgfree(result);
-			free(filter);
-			st = EINVAL;
-			krb5_set_error_message(context, st,
-			    "operation can not continue, more than one entry with principal name \"%s\" found",
-			    user);
-			goto cleanup;
-		    } else if (numlentries == 1) {
-			found_entry = TRUE;
-			if (principal_dn == NULL) {
-			    ent = ldap_first_entry(ld, result);
-			    if (ent != NULL) {
-				/* setting principal_dn will cause that entry to be modified further down */
-				if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) {
-				    ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
-				    st = set_ldap_error (context, st, 0);
-				    ldap_msgfree(result);
-				    free(filter);
-				    goto cleanup;
-				}
-			    }
-			}
-		    }
-		    if (result)
-			ldap_msgfree(result);
-		} else if (st != LDAP_NO_SUCH_OBJECT) {
-		    /* could not perform search, return with failure */
-		    st = set_ldap_error (context, st, 0);
-		    free(filter);
-		    goto cleanup;
-		}
-		/*
-		 * If it isn't found then assume a standalone princ entry is to
-		 * be created.
-		 */
-	    } /* end for (tree = 0; principal_dn == ... */
-
-	    free(filter);
-
-	    if (found_entry == FALSE && principal_dn != NULL) {
-		/*
-		 * if principal_dn is null then there is code further down to
-		 * deal with setting standalone_principal_dn.  Also note that
-		 * this will set create_standalone_prinicipal true for
-		 * non-mix-in entries which is okay if loading from a dump.
-		 */
-		create_standalone_prinicipal = TRUE;
-		standalone_principal_dn = strdup(principal_dn);
-		CHECK_NULL(standalone_principal_dn);
-	    }
-	} /* end if (entries->mask & KADM5_LOAD */
-
-	/* time to generate the DN information with the help of
-	 * containerdn, principalcontainerreference or
-	 * realmcontainerdn information
-	 */
-	if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */
-	    /* get the subtree information */
-	    if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") &&
-		strncmp(entries->princ->data[0].data, "krbtgt", entries->princ->data[0].length) == 0) {
-		/* if the principal is a inter-realm principal, always created in the realm container */
-		subtree = strdup(ldap_context->lrparams->realmdn);
-	    } else if (xargs.containerdn) {
-		if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
-		    if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
-			int ost = st;
-			st = EINVAL;
-			snprintf(errbuf, sizeof(errbuf), "'%s' not found: ",
-				 xargs.containerdn);
-			prepend_err_str(context, errbuf, st, ost);
-		    }
-		    goto cleanup;
-		}
-		subtree = strdup(xargs.containerdn);
-	    } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
-		/*
-		 * Here the subtree should be changed with
-		 * principalcontainerreference attribute value
-		 */
-		subtree = strdup(ldap_context->lrparams->containerref);
-	    } else {
-		subtree = strdup(ldap_context->lrparams->realmdn);
-	    }
-	    CHECK_NULL(subtree);
-
-	    if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
-			 user, subtree) < 0)
-		standalone_principal_dn = NULL;
-	    CHECK_NULL(standalone_principal_dn);
-	    /*
-	     * free subtree when you are done using the subtree
-	     * set the boolean create_standalone_prinicipal to TRUE
-	     */
-	    create_standalone_prinicipal = TRUE;
-	    free(subtree);
-	    subtree = NULL;
-	}
-
-	/*
-	 * If the DN information is presented by the user, time to
-	 * validate the input to ensure that the DN falls under
-	 * any of the subtrees
-	 */
-	if (xargs.dn_from_kbd == TRUE) {
-	    /* make sure the DN falls in the subtree */
-	    int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
-	    char             **subtreelist=NULL;
-	    char             *dn=NULL;
-	    krb5_boolean     outofsubtree=TRUE;
-
-	    if (xargs.dn != NULL) {
-		dn = xargs.dn;
-	    } else if (xargs.linkdn != NULL) {
-		dn = xargs.linkdn;
-	    } else if (standalone_principal_dn != NULL) {
-		/*
-		 * Even though the standalone_principal_dn is constructed
-		 * within this function, there is the containerdn input
-		 * from the user that can become part of the it.
-		 */
-		dn = standalone_principal_dn;
-	    }
-
-	    /* get the current subtree list */
-	    if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
-		goto cleanup;
-
-	    for (tre=0; tre<ntrees; ++tre) {
-		if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
-		    outofsubtree = FALSE;
-		    break;
-		} else {
-		    dnlen = strlen (dn);
-		    subtreelen = strlen(subtreelist[tre]);
-		    if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
-			outofsubtree = FALSE;
-			break;
-		    }
-		}
-	    }
-
-	    for (tre=0; tre < ntrees; ++tre) {
-		free(subtreelist[tre]);
-	    }
-
-	    if (outofsubtree == TRUE) {
-		st = EINVAL;
-		krb5_set_error_message(context, st, "DN is out of the realm subtree");
-		goto cleanup;
-	    }
-
-	    /*
-	     * dn value will be set either by dn, linkdn or the standalone_principal_dn
-	     * In the first 2 cases, the dn should be existing and in the last case we
-	     * are supposed to create the ldap object. so the below should not be
-	     * executed for the last case.
-	     */
-
-	    if (standalone_principal_dn == NULL) {
-		/*
-		 * If the ldap object is missing, this results in an error.
-		 */
-
-		/*
-		 * Search for krbprincipalname attribute here.
-		 * This is to find if a kerberos identity is already present
-		 * on the ldap object, in which case adding a kerberos identity
-		 * on the ldap object should result in an error.
-		 */
-		char  *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
-
-		LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
-		if (st == LDAP_SUCCESS) {
-		    ent = ldap_first_entry(ld, result);
-		    if (ent != NULL) {
-			if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
-			    ldap_value_free(values);
-			}
-
-			if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
-			    krb_identity_exists = TRUE;
-			    ldap_value_free(values);
-			}
-		    }
-		    ldap_msgfree(result);
-		} else {
-		    st = set_ldap_error(context, st, OP_SEARCH);
-		    goto cleanup;
-		}
-	    }
-	}
-
-	/*
-	 * If xargs.dn is set then the request is to add a
-	 * kerberos principal on a ldap object, but if
-	 * there is one already on the ldap object this
-	 * should result in an error.
-	 */
-
-	if (xargs.dn != NULL && krb_identity_exists == TRUE) {
-	    st = EINVAL;
-	    snprintf(errbuf, sizeof(errbuf), "ldap object is already kerberized");
-	    krb5_set_error_message(context, st, "%s", errbuf);
-	    goto cleanup;
-	}
-
-	if (xargs.linkdn != NULL) {
-	    /*
-	     * link information can be changed using modprinc.
-	     * However, link information can be changed only on the
-	     * standalone kerberos principal objects. A standalone
-	     * kerberos principal object is of type krbprincipal
-	     * structural objectclass.
-	     *
-	     * NOTE: kerberos principals on an ldap object can't be
-	     * linked to other ldap objects.
-	     */
-	    if (optype == MODIFY_PRINCIPAL &&
-		kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) {
-		st = EINVAL;
-		snprintf(errbuf, sizeof(errbuf),
-		    "link information can not be set/updated as the kerberos principal belongs to an ldap object");
-		krb5_set_error_message(context, st, "%s", errbuf);
-		goto cleanup;
-	    }
+        if (is_principal_in_realm(ldap_context, entries->princ) != 0) {
+            st = EINVAL;
+            krb5_set_error_message(context, st, "Principal does not belong to the default realm");
+            goto cleanup;
+        }
+
+        /* get the principal information to act on */
+        if (entries->princ) {
+            if (((st=krb5_unparse_name(context, entries->princ, &user)) != 0) ||
+                ((st=krb5_ldap_unparse_principal_name(user)) != 0))
+                goto cleanup;
+        }
+
+        /* Identity the type of operation, it can be
+         * add principal or modify principal.
+         * hack if the entries->mask has KRB_PRINCIPAL flag set
+         * then it is a add operation
+         */
+        if (entries->mask & KADM5_PRINCIPAL)
+            optype = ADD_PRINCIPAL;
+        else
+            optype = MODIFY_PRINCIPAL;
+
+        if (((st=krb5_get_princ_type(context, entries, &kerberos_principal_object_type)) != 0) ||
+            ((st=krb5_get_userdn(context, entries, &principal_dn)) != 0))
+            goto cleanup;
+
+        if ((st=process_db_args(context, db_args, &xargs, optype)) != 0)
+            goto cleanup;
+
+        if (entries->mask & KADM5_LOAD) {
+            int              tree = 0, ntrees = 0, princlen = 0, numlentries = 0;
+            char             **subtreelist = NULL, *filter = NULL;
+
+            /*  A load operation is special, will do a mix-in (add krbprinc
+             *  attrs to a non-krb object entry) if an object exists with a
+             *  matching krbprincipalname attribute so try to find existing
+             *  object and set principal_dn.  This assumes that the
+             *  krbprincipalname attribute is unique (only one object entry has
+             *  a particular krbprincipalname attribute).
+             */
+            if (user == NULL) {
+                /* must have principal name for search */
+                st = EINVAL;
+                krb5_set_error_message(context, st, "operation can not continue, principal name not found");
+                goto cleanup;
+            }
+            princlen = strlen(FILTER) + strlen(user) + 2 + 1;      /* 2 for closing brackets */
+            if ((filter = malloc(princlen)) == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
+            snprintf(filter, princlen, FILTER"%s))", user);
+
+            /* get the current subtree list */
+            if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
+                goto cleanup;
+
+            found_entry = FALSE;
+            /* search for entry with matching krbprincipalname attribute */
+            for (tree = 0; found_entry == FALSE && tree < ntrees; ++tree) {
+                result = NULL;
+                if (principal_dn == NULL) {
+                    LDAP_SEARCH_1(subtreelist[tree], ldap_context->lrparams->search_scope, filter, principal_attributes, IGNORE_STATUS);
+                } else {
+                    /* just look for entry with principal_dn */
+                    LDAP_SEARCH_1(principal_dn, LDAP_SCOPE_BASE, filter, principal_attributes, IGNORE_STATUS);
+                }
+                if (st == LDAP_SUCCESS) {
+                    numlentries = ldap_count_entries(ld, result);
+                    if (numlentries > 1) {
+                        ldap_msgfree(result);
+                        free(filter);
+                        st = EINVAL;
+                        krb5_set_error_message(context, st,
+                                               "operation can not continue, more than one entry with principal name \"%s\" found",
+                                               user);
+                        goto cleanup;
+                    } else if (numlentries == 1) {
+                        found_entry = TRUE;
+                        if (principal_dn == NULL) {
+                            ent = ldap_first_entry(ld, result);
+                            if (ent != NULL) {
+                                /* setting principal_dn will cause that entry to be modified further down */
+                                if ((principal_dn = ldap_get_dn(ld, ent)) == NULL) {
+                                    ldap_get_option (ld, LDAP_OPT_RESULT_CODE, &st);
+                                    st = set_ldap_error (context, st, 0);
+                                    ldap_msgfree(result);
+                                    free(filter);
+                                    goto cleanup;
+                                }
+                            }
+                        }
+                    }
+                    if (result)
+                        ldap_msgfree(result);
+                } else if (st != LDAP_NO_SUCH_OBJECT) {
+                    /* could not perform search, return with failure */
+                    st = set_ldap_error (context, st, 0);
+                    free(filter);
+                    goto cleanup;
+                }
+                /*
+                 * If it isn't found then assume a standalone princ entry is to
+                 * be created.
+                 */
+            } /* end for (tree = 0; principal_dn == ... */
+
+            free(filter);
+
+            if (found_entry == FALSE && principal_dn != NULL) {
+                /*
+                 * if principal_dn is null then there is code further down to
+                 * deal with setting standalone_principal_dn.  Also note that
+                 * this will set create_standalone_prinicipal true for
+                 * non-mix-in entries which is okay if loading from a dump.
+                 */
+                create_standalone_prinicipal = TRUE;
+                standalone_principal_dn = strdup(principal_dn);
+                CHECK_NULL(standalone_principal_dn);
+            }
+        } /* end if (entries->mask & KADM5_LOAD */
+
+        /* time to generate the DN information with the help of
+         * containerdn, principalcontainerreference or
+         * realmcontainerdn information
+         */
+        if (principal_dn == NULL && xargs.dn == NULL) { /* creation of standalone principal */
+            /* get the subtree information */
+            if (entries->princ->length == 2 && entries->princ->data[0].length == strlen("krbtgt") &&
+                strncmp(entries->princ->data[0].data, "krbtgt", entries->princ->data[0].length) == 0) {
+                /* if the principal is a inter-realm principal, always created in the realm container */
+                subtree = strdup(ldap_context->lrparams->realmdn);
+            } else if (xargs.containerdn) {
+                if ((st=checkattributevalue(ld, xargs.containerdn, NULL, NULL, NULL)) != 0) {
+                    if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) {
+                        int ost = st;
+                        st = EINVAL;
+                        snprintf(errbuf, sizeof(errbuf), "'%s' not found: ",
+                                 xargs.containerdn);
+                        prepend_err_str(context, errbuf, st, ost);
+                    }
+                    goto cleanup;
+                }
+                subtree = strdup(xargs.containerdn);
+            } else if (ldap_context->lrparams->containerref && strlen(ldap_context->lrparams->containerref) != 0) {
+                /*
+                 * Here the subtree should be changed with
+                 * principalcontainerreference attribute value
+                 */
+                subtree = strdup(ldap_context->lrparams->containerref);
+            } else {
+                subtree = strdup(ldap_context->lrparams->realmdn);
+            }
+            CHECK_NULL(subtree);
+
+            if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s",
+                         user, subtree) < 0)
+                standalone_principal_dn = NULL;
+            CHECK_NULL(standalone_principal_dn);
+            /*
+             * free subtree when you are done using the subtree
+             * set the boolean create_standalone_prinicipal to TRUE
+             */
+            create_standalone_prinicipal = TRUE;
+            free(subtree);
+            subtree = NULL;
+        }
+
+        /*
+         * If the DN information is presented by the user, time to
+         * validate the input to ensure that the DN falls under
+         * any of the subtrees
+         */
+        if (xargs.dn_from_kbd == TRUE) {
+            /* make sure the DN falls in the subtree */
+            int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
+            char             **subtreelist=NULL;
+            char             *dn=NULL;
+            krb5_boolean     outofsubtree=TRUE;
+
+            if (xargs.dn != NULL) {
+                dn = xargs.dn;
+            } else if (xargs.linkdn != NULL) {
+                dn = xargs.linkdn;
+            } else if (standalone_principal_dn != NULL) {
+                /*
+                 * Even though the standalone_principal_dn is constructed
+                 * within this function, there is the containerdn input
+                 * from the user that can become part of the it.
+                 */
+                dn = standalone_principal_dn;
+            }
+
+            /* get the current subtree list */
+            if ((st = krb5_get_subtree_info(ldap_context, &subtreelist, &ntrees)) != 0)
+                goto cleanup;
+
+            for (tre=0; tre<ntrees; ++tre) {
+                if (subtreelist[tre] == NULL || strlen(subtreelist[tre]) == 0) {
+                    outofsubtree = FALSE;
+                    break;
+                } else {
+                    dnlen = strlen (dn);
+                    subtreelen = strlen(subtreelist[tre]);
+                    if ((dnlen >= subtreelen) && (strcasecmp((dn + dnlen - subtreelen), subtreelist[tre]) == 0)) {
+                        outofsubtree = FALSE;
+                        break;
+                    }
+                }
+            }
+
+            for (tre=0; tre < ntrees; ++tre) {
+                free(subtreelist[tre]);
+            }
+
+            if (outofsubtree == TRUE) {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "DN is out of the realm subtree");
+                goto cleanup;
+            }
+
+            /*
+             * dn value will be set either by dn, linkdn or the standalone_principal_dn
+             * In the first 2 cases, the dn should be existing and in the last case we
+             * are supposed to create the ldap object. so the below should not be
+             * executed for the last case.
+             */
+
+            if (standalone_principal_dn == NULL) {
+                /*
+                 * If the ldap object is missing, this results in an error.
+                 */
+
+                /*
+                 * Search for krbprincipalname attribute here.
+                 * This is to find if a kerberos identity is already present
+                 * on the ldap object, in which case adding a kerberos identity
+                 * on the ldap object should result in an error.
+                 */
+                char  *attributes[]={"krbticketpolicyreference", "krbprincipalname", NULL};
+
+                LDAP_SEARCH_1(dn, LDAP_SCOPE_BASE, 0, attributes, IGNORE_STATUS);
+                if (st == LDAP_SUCCESS) {
+                    ent = ldap_first_entry(ld, result);
+                    if (ent != NULL) {
+                        if ((values=ldap_get_values(ld, ent, "krbticketpolicyreference")) != NULL) {
+                            ldap_value_free(values);
+                        }
+
+                        if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+                            krb_identity_exists = TRUE;
+                            ldap_value_free(values);
+                        }
+                    }
+                    ldap_msgfree(result);
+                } else {
+                    st = set_ldap_error(context, st, OP_SEARCH);
+                    goto cleanup;
+                }
+            }
+        }
+
+        /*
+         * If xargs.dn is set then the request is to add a
+         * kerberos principal on a ldap object, but if
+         * there is one already on the ldap object this
+         * should result in an error.
+         */
+
+        if (xargs.dn != NULL && krb_identity_exists == TRUE) {
+            st = EINVAL;
+            snprintf(errbuf, sizeof(errbuf), "ldap object is already kerberized");
+            krb5_set_error_message(context, st, "%s", errbuf);
+            goto cleanup;
+        }
+
+        if (xargs.linkdn != NULL) {
+            /*
+             * link information can be changed using modprinc.
+             * However, link information can be changed only on the
+             * standalone kerberos principal objects. A standalone
+             * kerberos principal object is of type krbprincipal
+             * structural objectclass.
+             *
+             * NOTE: kerberos principals on an ldap object can't be
+             * linked to other ldap objects.
+             */
+            if (optype == MODIFY_PRINCIPAL &&
+                kerberos_principal_object_type != KDB_STANDALONE_PRINCIPAL_OBJECT) {
+                st = EINVAL;
+                snprintf(errbuf, sizeof(errbuf),
+                         "link information can not be set/updated as the kerberos principal belongs to an ldap object");
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
             /*
              * Check the link information. If there is already a link
              * existing then this operation is not allowed.
@@ -860,412 +853,412 @@ krb5_ldap_put_principal(context, entries, nentries, db_args)
                 }
             }
 
-	    establish_links = TRUE;
-	}
-
-	if (entries->mask & KADM5_LAST_SUCCESS) {
-	    memset(strval, 0, sizeof(strval));
-	    if ((strval[0]=getstringtime(entries->last_success)) == NULL)
-		goto cleanup;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) {
-		free (strval[0]);
-		goto cleanup;
-	    }
-	    free (strval[0]);
-	}
-
-	if (entries->mask & KADM5_LAST_FAILED) {
-	    memset(strval, 0, sizeof(strval));
-	    if ((strval[0]=getstringtime(entries->last_failed)) == NULL)
-		goto cleanup;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) {
-		free (strval[0]);
-		goto cleanup;
-	    }
-	    free(strval[0]);
-	}
-
-	if (entries->mask & KADM5_FAIL_AUTH_COUNT) {
-	    krb5_kvno fail_auth_count;
-
-	    fail_auth_count = entries->fail_auth_count;
-	    if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
-		fail_auth_count++;
-
-	    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-					   LDAP_MOD_REPLACE,
-					   fail_auth_count);
-	    if (st != 0)
-		goto cleanup;
-	} else if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) {
-	    /*
-	     * If the client library and server supports RFC 4525,
-	     * then use it to increment by one the value of the
-	     * krbLoginFailedCount attribute. Otherwise, assert the
-	     * (provided) old value by deleting it before adding.
-	     */
+            establish_links = TRUE;
+        }
+
+        if (entries->mask & KADM5_LAST_SUCCESS) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->last_success)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastSuccessfulAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_LAST_FAILED) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->last_failed)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastFailedAuth", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free(strval[0]);
+        }
+
+        if (entries->mask & KADM5_FAIL_AUTH_COUNT) {
+            krb5_kvno fail_auth_count;
+
+            fail_auth_count = entries->fail_auth_count;
+            if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+                fail_auth_count++;
+
+            st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                           LDAP_MOD_REPLACE,
+                                           fail_auth_count);
+            if (st != 0)
+                goto cleanup;
+        } else if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT) {
+            /*
+             * If the client library and server supports RFC 4525,
+             * then use it to increment by one the value of the
+             * krbLoginFailedCount attribute. Otherwise, assert the
+             * (provided) old value by deleting it before adding.
+             */
 #ifdef LDAP_MOD_INCREMENT
-	    if (ldap_server_handle->server_info->modify_increment) {
-		st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-					       LDAP_MOD_INCREMENT, 1);
-		if (st != 0)
-		    goto cleanup;
-	    } else
+            if (ldap_server_handle->server_info->modify_increment) {
+                st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                               LDAP_MOD_INCREMENT, 1);
+                if (st != 0)
+                    goto cleanup;
+            } else
 #endif /* LDAP_MOD_INCREMENT */
-	    if (entries->fail_auth_count == 0) {
-		/*
-		 * Unfortunately we have no way of distinguishing between
-		 * an absent and a zero-valued attribute by the time we are
-		 * called here. So, although this creates a race condition,
-		 * it appears impossible to assert the old value as that
-		 * would fail were the attribute absent.
-		 */
-		st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-					       LDAP_MOD_REPLACE, 1);
-		if (st != 0)
-		    goto cleanup;
-	    } else {
-		st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-					       LDAP_MOD_DELETE,
-					       entries->fail_auth_count);
-		if (st != 0)
-		    goto cleanup;
-
-		st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
-					       LDAP_MOD_ADD,
-					       entries->fail_auth_count + 1);
-		if (st != 0)
-		    goto cleanup;
-	    }
-	}
-
-	if (entries->mask & KADM5_MAX_LIFE) {
-	    if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_MAX_RLIFE) {
-	    if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
-					      entries->max_renewable_life)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_ATTRIBUTES) {
-	    if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
-					      entries->attributes)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_PRINCIPAL) {
-	    memset(strval, 0, sizeof(strval));
-	    strval[0] = user;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_PRINC_EXPIRE_TIME) {
-	    memset(strval, 0, sizeof(strval));
-	    if ((strval[0]=getstringtime(entries->expiration)) == NULL)
-		goto cleanup;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) {
-		free (strval[0]);
-		goto cleanup;
-	    }
-	    free (strval[0]);
-	}
-
-	if (entries->mask & KADM5_PW_EXPIRATION) {
-	    memset(strval, 0, sizeof(strval));
-	    if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
-		goto cleanup;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
-					      LDAP_MOD_REPLACE,
-					      strval)) != 0) {
-		free (strval[0]);
-		goto cleanup;
-	    }
-	    free (strval[0]);
-	}
-
-	if (entries->mask & KADM5_POLICY) {
-	    memset(&princ_ent, 0, sizeof(princ_ent));
-	    for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
-		if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
-		    /* FIX ME: I guess the princ_ent should be freed after this call */
-		    if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
-			goto cleanup;
-		    }
-		}
-	    }
-
-	    if (princ_ent.aux_attributes & KADM5_POLICY) {
-		memset(strval, 0, sizeof(strval));
-		if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
-		    goto cleanup;
-		strval[0] = polname;
-		if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
-		    goto cleanup;
-	    } else {
-		st = EINVAL;
-		krb5_set_error_message(context, st, "Password policy value null");
-		goto cleanup;
-	    }
-	} else if (entries->mask & KADM5_LOAD && found_entry == TRUE) {
-	    /*
-	     * a load is special in that existing entries must have attrs that
-	     * removed.
-	     */
-
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_POLICY_CLR) {
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
-		goto cleanup;
-	}
-
-	if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
+                if (entries->fail_auth_count == 0) {
+                    /*
+                     * Unfortunately we have no way of distinguishing between
+                     * an absent and a zero-valued attribute by the time we are
+                     * called here. So, although this creates a race condition,
+                     * it appears impossible to assert the old value as that
+                     * would fail were the attribute absent.
+                     */
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_REPLACE, 1);
+                    if (st != 0)
+                        goto cleanup;
+                } else {
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_DELETE,
+                                                   entries->fail_auth_count);
+                    if (st != 0)
+                        goto cleanup;
+
+                    st = krb5_add_int_mem_ldap_mod(&mods, "krbLoginFailedCount",
+                                                   LDAP_MOD_ADD,
+                                                   entries->fail_auth_count + 1);
+                    if (st != 0)
+                        goto cleanup;
+                }
+        }
+
+        if (entries->mask & KADM5_MAX_LIFE) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE, entries->max_life)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_MAX_RLIFE) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                              entries->max_renewable_life)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_ATTRIBUTES) {
+            if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                              entries->attributes)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_PRINCIPAL) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = user;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalname", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_PRINC_EXPIRE_TIME) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->expiration)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbprincipalexpiration", LDAP_MOD_REPLACE, strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_PW_EXPIRATION) {
+            memset(strval, 0, sizeof(strval));
+            if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
+                goto cleanup;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpasswordexpiration",
+                                              LDAP_MOD_REPLACE,
+                                              strval)) != 0) {
+                free (strval[0]);
+                goto cleanup;
+            }
+            free (strval[0]);
+        }
+
+        if (entries->mask & KADM5_POLICY) {
+            memset(&princ_ent, 0, sizeof(princ_ent));
+            for (tl_data=entries->tl_data; tl_data; tl_data=tl_data->tl_data_next) {
+                if (tl_data->tl_data_type == KRB5_TL_KADM_DATA) {
+                    /* FIX ME: I guess the princ_ent should be freed after this call */
+                    if ((st = krb5_lookup_tl_kadm_data(tl_data, &princ_ent)) != 0) {
+                        goto cleanup;
+                    }
+                }
+            }
+
+            if (princ_ent.aux_attributes & KADM5_POLICY) {
+                memset(strval, 0, sizeof(strval));
+                if ((st = krb5_ldap_name_to_policydn (context, princ_ent.policy, &polname)) != 0)
+                    goto cleanup;
+                strval[0] = polname;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                    goto cleanup;
+            } else {
+                st = EINVAL;
+                krb5_set_error_message(context, st, "Password policy value null");
+                goto cleanup;
+            }
+        } else if (entries->mask & KADM5_LOAD && found_entry == TRUE) {
+            /*
+             * a load is special in that existing entries must have attrs that
+             * removed.
+             */
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_REPLACE, NULL)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_POLICY_CLR) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+                goto cleanup;
+        }
+
+        if (entries->mask & KADM5_KEY_DATA || entries->mask & KADM5_KVNO) {
             krb5_kvno mkvno;
 
             if ((st=krb5_dbe_lookup_mkvno(context, entries, &mkvno)) != 0)
                 goto cleanup;
-	    bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
-						     entries->n_key_data, mkvno);
-
-	    if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
-					      LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
-		goto cleanup;
-
-	    if (!(entries->mask & KADM5_PRINCIPAL)) {
-		memset(strval, 0, sizeof(strval));
-		if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
-		    goto cleanup;
-		if ((st=krb5_add_str_mem_ldap_mod(&mods,
-						  "krbpasswordexpiration",
-						  LDAP_MOD_REPLACE, strval)) != 0) {
-		    free (strval[0]);
-		    goto cleanup;
-		}
-		free (strval[0]);
-	    }
-
-	    /* Update last password change whenever a new key is set */
-	    {
-		krb5_timestamp last_pw_changed;
-		if ((st=krb5_dbe_lookup_last_pwd_change(context, entries,
-							&last_pw_changed)) != 0)
-		    goto cleanup;
-
-		memset(strval, 0, sizeof(strval));
-		if ((strval[0] = getstringtime(last_pw_changed)) == NULL)
-		    goto cleanup;
-
-		if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange",
-						  LDAP_MOD_REPLACE, strval)) != 0) {
-		    free (strval[0]);
-		    goto cleanup;
-		}
-		free (strval[0]);
-	    }
-
-	} /* Modify Key data ends here */
-
-	/* Set tl_data */
-	if (entries->tl_data != NULL) {
-	    int count = 0;
-	    struct berval **ber_tl_data = NULL;
-	    krb5_tl_data *ptr;
-	    for (ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
-		if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+            bersecretkey = krb5_encode_krbsecretkey (entries->key_data,
+                                                     entries->n_key_data, mkvno);
+
+            if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey",
+                                              LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0)
+                goto cleanup;
+
+            if (!(entries->mask & KADM5_PRINCIPAL)) {
+                memset(strval, 0, sizeof(strval));
+                if ((strval[0]=getstringtime(entries->pw_expiration)) == NULL)
+                    goto cleanup;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods,
+                                                  "krbpasswordexpiration",
+                                                  LDAP_MOD_REPLACE, strval)) != 0) {
+                    free (strval[0]);
+                    goto cleanup;
+                }
+                free (strval[0]);
+            }
+
+            /* Update last password change whenever a new key is set */
+            {
+                krb5_timestamp last_pw_changed;
+                if ((st=krb5_dbe_lookup_last_pwd_change(context, entries,
+                                                        &last_pw_changed)) != 0)
+                    goto cleanup;
+
+                memset(strval, 0, sizeof(strval));
+                if ((strval[0] = getstringtime(last_pw_changed)) == NULL)
+                    goto cleanup;
+
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbLastPwdChange",
+                                                  LDAP_MOD_REPLACE, strval)) != 0) {
+                    free (strval[0]);
+                    goto cleanup;
+                }
+                free (strval[0]);
+            }
+
+        } /* Modify Key data ends here */
+
+        /* Set tl_data */
+        if (entries->tl_data != NULL) {
+            int count = 0;
+            struct berval **ber_tl_data = NULL;
+            krb5_tl_data *ptr;
+            for (ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+                if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
 #ifdef SECURID
-		    || ptr->tl_data_type == KRB5_TL_DB_ARGS
+                    || ptr->tl_data_type == KRB5_TL_DB_ARGS
 #endif
-		    || ptr->tl_data_type == KRB5_TL_KADM_DATA
-		    || ptr->tl_data_type == KDB_TL_USER_INFO
-		    || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
-		    continue;
-		count++;
-	    }
-	    if (count != 0) {
-		int j;
-		ber_tl_data = (struct berval **) calloc (count + 1,
-							 sizeof (struct berval*));
-		if (ber_tl_data == NULL) {
-		    st = ENOMEM;
-		    goto cleanup;
-		}
-		for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
-		    /* Ignore tl_data that are stored in separate directory
-		     * attributes */
-		    if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
+                    || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                    || ptr->tl_data_type == KDB_TL_USER_INFO
+                    || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+                    continue;
+                count++;
+            }
+            if (count != 0) {
+                int j;
+                ber_tl_data = (struct berval **) calloc (count + 1,
+                                                         sizeof (struct berval*));
+                if (ber_tl_data == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+                for (j = 0, ptr = entries->tl_data; ptr != NULL; ptr = ptr->tl_data_next) {
+                    /* Ignore tl_data that are stored in separate directory
+                     * attributes */
+                    if (ptr->tl_data_type == KRB5_TL_LAST_PWD_CHANGE
 #ifdef SECURID
-			|| ptr->tl_data_type == KRB5_TL_DB_ARGS
+                        || ptr->tl_data_type == KRB5_TL_DB_ARGS
 #endif
-			|| ptr->tl_data_type == KRB5_TL_KADM_DATA
-			|| ptr->tl_data_type == KDB_TL_USER_INFO
-			|| ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
-			continue;
-		    if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
-			break;
-		    j++;
-		}
-		if (st != 0) {
-		    for (j = 0; ber_tl_data[j] != NULL; j++) {
-			free (ber_tl_data[j]->bv_val);
-			free (ber_tl_data[j]);
-		    }
-		    free (ber_tl_data);
-		    goto cleanup;
-		}
-		ber_tl_data[count] = NULL;
-		if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
-						  LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
-						  ber_tl_data)) != 0)
-		    goto cleanup;
-	    }
-	}
-
-	/* Directory specific attribute */
-	if (xargs.tktpolicydn != NULL) {
-	    int tmask=0;
-
-	    if (strlen(xargs.tktpolicydn) != 0) {
-		st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
-		CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
-
-		strval[0] = xargs.tktpolicydn;
-		strval[1] = NULL;
-		if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
-		    goto cleanup;
-
-	    } else {
-		/* if xargs.tktpolicydn is a empty string, then delete
-		 * already existing krbticketpolicyreference attr */
-		if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
-		    goto cleanup;
-	    }
-
-	}
-
-	if (establish_links == TRUE) {
-	    memset(strval, 0, sizeof(strval));
-	    strval[0] = xargs.linkdn;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0)
-		goto cleanup;
-	}
-
-	/*
-	 * in case mods is NULL then return
-	 * not sure but can happen in a modprinc
-	 * so no need to return an error
-	 * addprinc will at least have the principal name
-	 * and the keys passed in
-	 */
-	if (mods == NULL)
-	    goto cleanup;
-
-	if (create_standalone_prinicipal == TRUE) {
-	    memset(strval, 0, sizeof(strval));
-	    strval[0] = "krbprincipal";
-	    strval[1] = "krbprincipalaux";
-	    strval[2] = "krbTicketPolicyAux";
-
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-		goto cleanup;
-
-	    st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
-	    if (st == LDAP_ALREADY_EXISTS && entries->mask & KADM5_LOAD) {
-		/* a load operation must replace an existing entry */
-		st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL);
-		if (st != LDAP_SUCCESS) {
-		    snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s",
-			ldap_err2string(st));
-		    st = translate_ldap_error (st, OP_ADD);
-		    krb5_set_error_message(context, st, "%s", errbuf);
-		    goto cleanup;
-		} else {
-		    st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
-		}
-	    }
-	    if (st != LDAP_SUCCESS) {
-		snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st));
-		st = translate_ldap_error (st, OP_ADD);
-		krb5_set_error_message(context, st, "%s", errbuf);
-		goto cleanup;
-	    }
-	} else {
-	    /*
-	     * Here existing ldap object is modified and can be related
-	     * to any attribute, so always ensure that the ldap
-	     * object is extended with all the kerberos related
-	     * objectclasses so that there are no constraint
-	     * violations.
-	     */
-	    {
-		char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL};
-		int p, q, r=0, amask=0;
-
-		if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
-					    "objectclass", attrvalues, &amask)) != 0)
-		    goto cleanup;
-
-		memset(strval, 0, sizeof(strval));
-		for (p=1, q=0; p<=2; p<<=1, ++q) {
-		    if ((p & amask) == 0)
-			strval[r++] = attrvalues[q];
-		}
-		if (r != 0) {
-		    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-			goto cleanup;
-		}
-	    }
-	    if (xargs.dn != NULL)
-		st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL);
-	    else
-		st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL);
-
-	    if (st != LDAP_SUCCESS) {
-		snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st));
-		st = translate_ldap_error (st, OP_MOD);
-		krb5_set_error_message(context, st, "%s", errbuf);
-		goto cleanup;
-	    }
-
-	    if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
-		entries->fail_auth_count++;
-	}
+                        || ptr->tl_data_type == KRB5_TL_KADM_DATA
+                        || ptr->tl_data_type == KDB_TL_USER_INFO
+                        || ptr->tl_data_type == KRB5_TL_CONSTRAINED_DELEGATION_ACL)
+                        continue;
+                    if ((st = tl_data2berval (ptr, &ber_tl_data[j])) != 0)
+                        break;
+                    j++;
+                }
+                if (st != 0) {
+                    for (j = 0; ber_tl_data[j] != NULL; j++) {
+                        free (ber_tl_data[j]->bv_val);
+                        free (ber_tl_data[j]);
+                    }
+                    free (ber_tl_data);
+                    goto cleanup;
+                }
+                ber_tl_data[count] = NULL;
+                if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbExtraData",
+                                                  LDAP_MOD_REPLACE | LDAP_MOD_BVALUES,
+                                                  ber_tl_data)) != 0)
+                    goto cleanup;
+            }
+        }
+
+        /* Directory specific attribute */
+        if (xargs.tktpolicydn != NULL) {
+            int tmask=0;
+
+            if (strlen(xargs.tktpolicydn) != 0) {
+                st = checkattributevalue(ld, xargs.tktpolicydn, "objectclass", policyclass, &tmask);
+                CHECK_CLASS_VALIDITY(st, tmask, "ticket policy object value: ");
+
+                strval[0] = xargs.tktpolicydn;
+                strval[1] = NULL;
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_REPLACE, strval)) != 0)
+                    goto cleanup;
+
+            } else {
+                /* if xargs.tktpolicydn is a empty string, then delete
+                 * already existing krbticketpolicyreference attr */
+                if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_DELETE, NULL)) != 0)
+                    goto cleanup;
+            }
+
+        }
+
+        if (establish_links == TRUE) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = xargs.linkdn;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbObjectReferences", LDAP_MOD_REPLACE, strval)) != 0)
+                goto cleanup;
+        }
+
+        /*
+         * in case mods is NULL then return
+         * not sure but can happen in a modprinc
+         * so no need to return an error
+         * addprinc will at least have the principal name
+         * and the keys passed in
+         */
+        if (mods == NULL)
+            goto cleanup;
+
+        if (create_standalone_prinicipal == TRUE) {
+            memset(strval, 0, sizeof(strval));
+            strval[0] = "krbprincipal";
+            strval[1] = "krbprincipalaux";
+            strval[2] = "krbTicketPolicyAux";
+
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+                goto cleanup;
+
+            st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+            if (st == LDAP_ALREADY_EXISTS && entries->mask & KADM5_LOAD) {
+                /* a load operation must replace an existing entry */
+                st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL);
+                if (st != LDAP_SUCCESS) {
+                    snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s",
+                             ldap_err2string(st));
+                    st = translate_ldap_error (st, OP_ADD);
+                    krb5_set_error_message(context, st, "%s", errbuf);
+                    goto cleanup;
+                } else {
+                    st = ldap_add_ext_s(ld, standalone_principal_dn, mods, NULL, NULL);
+                }
+            }
+            if (st != LDAP_SUCCESS) {
+                snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st));
+                st = translate_ldap_error (st, OP_ADD);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+        } else {
+            /*
+             * Here existing ldap object is modified and can be related
+             * to any attribute, so always ensure that the ldap
+             * object is extended with all the kerberos related
+             * objectclasses so that there are no constraint
+             * violations.
+             */
+            {
+                char *attrvalues[] = {"krbprincipalaux", "krbTicketPolicyAux", NULL};
+                int p, q, r=0, amask=0;
+
+                if ((st=checkattributevalue(ld, (xargs.dn) ? xargs.dn : principal_dn,
+                                            "objectclass", attrvalues, &amask)) != 0)
+                    goto cleanup;
+
+                memset(strval, 0, sizeof(strval));
+                for (p=1, q=0; p<=2; p<<=1, ++q) {
+                    if ((p & amask) == 0)
+                        strval[r++] = attrvalues[q];
+                }
+                if (r != 0) {
+                    if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+                        goto cleanup;
+                }
+            }
+            if (xargs.dn != NULL)
+                st=ldap_modify_ext_s(ld, xargs.dn, mods, NULL, NULL);
+            else
+                st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL);
+
+            if (st != LDAP_SUCCESS) {
+                snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st));
+                st = translate_ldap_error (st, OP_MOD);
+                krb5_set_error_message(context, st, "%s", errbuf);
+                goto cleanup;
+            }
+
+            if (entries->mask & KADM5_FAIL_AUTH_COUNT_INCREMENT)
+                entries->fail_auth_count++;
+        }
     }
 
 cleanup:
     if (user)
-	free(user);
+        free(user);
 
     free_xargs(xargs);
 
     if (standalone_principal_dn)
-	free(standalone_principal_dn);
+        free(standalone_principal_dn);
 
     if (principal_dn)
-	free (principal_dn);
+        free (principal_dn);
 
     if (polname != NULL)
-	free(polname);
+        free(polname);
 
     if (subtree)
-	free (subtree);
+        free (subtree);
 
     if (bersecretkey) {
-	for (l=0; bersecretkey[l]; ++l) {
-	    if (bersecretkey[l]->bv_val)
-		free (bersecretkey[l]->bv_val);
-	    free (bersecretkey[l]);
-	}
-	free (bersecretkey);
+        for (l=0; bersecretkey[l]; ++l) {
+            if (bersecretkey[l]->bv_val)
+                free (bersecretkey[l]->bv_val);
+            free (bersecretkey[l]);
+        }
+        free (bersecretkey);
     }
 
     if (keys)
-	free (keys);
+        free (keys);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -1274,11 +1267,8 @@ cleanup:
 }
 
 krb5_error_code
-krb5_read_tkt_policy (context, ldap_context, entries, policy)
-    krb5_context                context;
-    krb5_ldap_context           *ldap_context;
-    krb5_db_entry               *entries;
-    char                        *policy;
+krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context,
+                     krb5_db_entry *entries, char *policy)
 {
     krb5_error_code             st=0;
     unsigned int                mask=0, omask=0;
@@ -1286,40 +1276,40 @@ krb5_read_tkt_policy (context, ldap_context, entries, policy)
     krb5_ldap_policy_params     *tktpoldnparam=NULL;
 
     if ((st=krb5_get_attributes_mask(context, entries, &mask)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if ((mask & tkt_mask) == tkt_mask)
-	goto cleanup;
+        goto cleanup;
 
     if (policy != NULL) {
-	st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
-	if (st && st != KRB5_KDB_NOENTRY) {
-	    prepend_err_str(context, "Error reading ticket policy. ", st, st);
-	    goto cleanup;
-	}
+        st = krb5_ldap_read_policy(context, policy, &tktpoldnparam, &omask);
+        if (st && st != KRB5_KDB_NOENTRY) {
+            prepend_err_str(context, "Error reading ticket policy. ", st, st);
+            goto cleanup;
+        }
 
-	st = 0; /* reset the return status */
+        st = 0; /* reset the return status */
     }
 
     if ((mask & KDB_MAX_LIFE_ATTR) == 0) {
-	if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
-	    entries->max_life = tktpoldnparam->maxtktlife;
-	else if (ldap_context->lrparams->max_life)
-	    entries->max_life = ldap_context->lrparams->max_life;
+        if ((omask & KDB_MAX_LIFE_ATTR) ==  KDB_MAX_LIFE_ATTR)
+            entries->max_life = tktpoldnparam->maxtktlife;
+        else if (ldap_context->lrparams->max_life)
+            entries->max_life = ldap_context->lrparams->max_life;
     }
 
     if ((mask & KDB_MAX_RLIFE_ATTR) == 0) {
-	if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
-	    entries->max_renewable_life = tktpoldnparam->maxrenewlife;
-	else if (ldap_context->lrparams->max_renewable_life)
-	    entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
+        if ((omask & KDB_MAX_RLIFE_ATTR) == KDB_MAX_RLIFE_ATTR)
+            entries->max_renewable_life = tktpoldnparam->maxrenewlife;
+        else if (ldap_context->lrparams->max_renewable_life)
+            entries->max_renewable_life = ldap_context->lrparams->max_renewable_life;
     }
 
     if ((mask & KDB_TKT_FLAGS_ATTR) == 0) {
-	if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
-	    entries->attributes = tktpoldnparam->tktflags;
-	else if (ldap_context->lrparams->tktflags)
-	    entries->attributes |= ldap_context->lrparams->tktflags;
+        if ((omask & KDB_TKT_FLAGS_ATTR) == KDB_TKT_FLAGS_ATTR)
+            entries->attributes = tktpoldnparam->tktflags;
+        else if (ldap_context->lrparams->tktflags)
+            entries->attributes |= ldap_context->lrparams->tktflags;
     }
     krb5_ldap_free_policy(context, tktpoldnparam);
 
@@ -1328,12 +1318,9 @@ cleanup:
 }
 
 krb5_error_code
-krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
-    krb5_context                context;
-    krb5_db_entry               *entries;
-    struct berval               **bvalues;
-    krb5_tl_data                *userinfo_tl_data;
-    krb5_kvno                   *mkvno;
+krb5_decode_krbsecretkey(krb5_context context, krb5_db_entry *entries,
+                         struct berval **bvalues,
+                         krb5_tl_data *userinfo_tl_data, krb5_kvno *mkvno)
 {
     char                        *user=NULL;
     int                         i=0, j=0, noofkeys=0;
@@ -1341,41 +1328,41 @@ krb5_decode_krbsecretkey(context, entries, bvalues, userinfo_tl_data, mkvno)
     krb5_error_code             st=0;
 
     if ((st=krb5_unparse_name(context, entries->princ, &user)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     for (i=0; bvalues[i] != NULL; ++i) {
-	krb5_int16 n_kd;
-	krb5_key_data *kd;
-	krb5_data in;
-
-	if (bvalues[i]->bv_len == 0)
-	    continue;
-	in.length = bvalues[i]->bv_len;
-	in.data = bvalues[i]->bv_val;
-
-	st = asn1_decode_sequence_of_keys (&in,
-					   &kd,
-					   &n_kd,
-					   mkvno);
-
-	if (st != 0) {
-	    const char *msg = error_message(st);
-	    st = -1; /* Something more appropriate ? */
-	    krb5_set_error_message (context, st,
-				    "unable to decode stored principal key data (%s)", msg);
-	    goto cleanup;
-	}
-	noofkeys += n_kd;
-	tmp = key_data;
-	key_data = realloc (key_data, noofkeys * sizeof (krb5_key_data));
-	if (key_data == NULL) {
-	    key_data = tmp;
-	    st = ENOMEM;
-	    goto cleanup;
-	}
-	for (j = 0; j < n_kd; j++)
-	    key_data[noofkeys - n_kd + j] = kd[j];
-	free (kd);
+        krb5_int16 n_kd;
+        krb5_key_data *kd;
+        krb5_data in;
+
+        if (bvalues[i]->bv_len == 0)
+            continue;
+        in.length = bvalues[i]->bv_len;
+        in.data = bvalues[i]->bv_val;
+
+        st = asn1_decode_sequence_of_keys (&in,
+                                           &kd,
+                                           &n_kd,
+                                           mkvno);
+
+        if (st != 0) {
+            const char *msg = error_message(st);
+            st = -1; /* Something more appropriate ? */
+            krb5_set_error_message (context, st,
+                                    "unable to decode stored principal key data (%s)", msg);
+            goto cleanup;
+        }
+        noofkeys += n_kd;
+        tmp = key_data;
+        key_data = realloc (key_data, noofkeys * sizeof (krb5_key_data));
+        if (key_data == NULL) {
+            key_data = tmp;
+            st = ENOMEM;
+            goto cleanup;
+        }
+        for (j = 0; j < n_kd; j++)
+            key_data[noofkeys - n_kd + j] = kd[j];
+        free (kd);
     }
 
     entries->n_key_data = noofkeys;
@@ -1388,19 +1375,18 @@ cleanup:
 }
 
 static char *
-getstringtime(epochtime)
-    krb5_timestamp    epochtime;
+getstringtime(krb5_timestamp epochtime)
 {
     struct tm           tme;
     char                *strtime=NULL;
-    time_t		posixtime = epochtime;
+    time_t              posixtime = epochtime;
 
     strtime = calloc (50, 1);
     if (strtime == NULL)
-	return NULL;
+        return NULL;
 
     if (gmtime_r(&posixtime, &tme) == NULL)
-	return NULL;
+        return NULL;
 
     strftime(strtime, 50, "%Y%m%d%H%M%SZ", &tme);
     return strtime;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
index ed63e08..6d25ca1 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_pwd_policy.c
  *
@@ -38,23 +39,21 @@
 #include "ldap_err.h"
 
 static char *password_policy_attributes[] = { "cn", "krbmaxpwdlife", "krbminpwdlife",
-					      "krbpwdmindiffchars", "krbpwdminlength",
-					      "krbpwdhistorylength", "krbpwdmaxfailure",
-					      "krbpwdfailurecountinterval",
-					      "krbpwdlockoutduration", NULL };
+                                              "krbpwdmindiffchars", "krbpwdminlength",
+                                              "krbpwdhistorylength", "krbpwdmaxfailure",
+                                              "krbpwdfailurecountinterval",
+                                              "krbpwdlockoutduration", NULL };
 
 /*
  * Function to create password policy object.
  */
 
 krb5_error_code
-krb5_ldap_create_password_policy (context, policy)
-    krb5_context                context;
-    osa_policy_ent_t            policy;
+krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy)
 {
-    krb5_error_code 	        st=0;
-    LDAP  		        *ld=NULL;
-    LDAPMod 		        **mods={NULL};
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods={NULL};
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -65,61 +64,61 @@ krb5_ldap_create_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL || policy->name == NULL)
-	return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
     if (st != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* get the first component of the dn to set the cn attribute */
     rdns = ldap_explode_dn(policy_dn, 1);
     if (rdns == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "Invalid password policy DN syntax");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Invalid password policy DN syntax");
+        goto cleanup;
     }
 
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     strval[0] = "krbPwdPolicy";
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_ADD,
-				       (signed) policy->pw_max_life)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
-					  (signed) policy->pw_min_life)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
-					  (signed) policy->pw_min_classes)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_ADD,
-					  (signed) policy->pw_min_length)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_ADD,
-					  (signed) policy->pw_history_num)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_ADD,
-					  (signed) policy->pw_max_fail)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_ADD,
-					  (signed) policy->pw_failcnt_interval)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_ADD,
-					  (signed) policy->pw_lockout_duration)) != 0))
-	goto cleanup;
+                                       (signed) policy->pw_max_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_classes)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_ADD,
+                                          (signed) policy->pw_min_length)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_ADD,
+                                          (signed) policy->pw_history_num)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_ADD,
+                                          (signed) policy->pw_max_fail)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_ADD,
+                                          (signed) policy->pw_failcnt_interval)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_ADD,
+                                          (signed) policy->pw_lockout_duration)) != 0))
+        goto cleanup;
 
     /* password policy object creation */
     if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_ADD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 cleanup:
     if (rdns)
-	ldap_value_free(rdns);
+        ldap_value_free(rdns);
 
     if (policy_dn != NULL)
-	free (policy_dn);
+        free (policy_dn);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return(st);
@@ -130,14 +129,12 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_put_password_policy (context, policy)
-    krb5_context                context;
-    osa_policy_ent_t            policy;
+krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy)
 {
     char                        *policy_dn;
-    krb5_error_code 	        st=0;
-    LDAP  		        *ld=NULL;
-    LDAPMod 		        **mods=NULL;
+    krb5_error_code             st=0;
+    LDAP                        *ld=NULL;
+    LDAPMod                     **mods=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -147,32 +144,32 @@ krb5_ldap_put_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL || policy->name == NULL)
-	return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy->name, &policy_dn);
     if (st != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxpwdlife", LDAP_MOD_REPLACE,
-				       (signed) policy->pw_max_life)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_min_life)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_min_classes)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_min_length)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_history_num)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_max_fail)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_failcnt_interval)) != 0)
-	|| ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_REPLACE,
-					  (signed) policy->pw_lockout_duration)) != 0))
-	goto cleanup;
+                                       (signed) policy->pw_max_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbminpwdlife", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_life)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmindiffchars", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_classes)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdminlength", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_min_length)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdhistorylength", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_history_num)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdmaxfailure", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_max_fail)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdfailurecountinterval", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_failcnt_interval)) != 0)
+        || ((st=krb5_add_int_mem_ldap_mod(&mods, "krbpwdlockoutduration", LDAP_MOD_REPLACE,
+                                          (signed) policy->pw_lockout_duration)) != 0))
+        goto cleanup;
 
     /* modify the password policy object. */
     /*
@@ -181,13 +178,13 @@ krb5_ldap_put_password_policy (context, policy)
      * management of only such policy objects.
      */
     if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_MOD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
 cleanup:
     if (policy_dn != NULL)
-	free (policy_dn);
+        free (policy_dn);
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return(st);
@@ -195,10 +192,10 @@ cleanup:
 
 static krb5_error_code
 populate_policy(krb5_context context,
-    LDAP *ld,
-    LDAPMessage *ent,
-    char *pol_name,
-    osa_policy_ent_t pol_entry)
+                LDAP *ld,
+                LDAPMessage *ent,
+                char *pol_name,
+                osa_policy_ent_t pol_entry)
 {
     int st = 0;
     char *pol_dn;
@@ -220,7 +217,7 @@ populate_policy(krb5_context context,
     /* Get the reference count */
     pol_dn = ldap_get_dn(ld, ent);
     st = krb5_ldap_get_reference_count (context, pol_dn, "krbPwdPolicyReference",
-	    &(pol_entry->policy_refcnt), ld);
+                                        &(pol_entry->policy_refcnt), ld);
     ldap_memfree(pol_dn);
 
 cleanup:
@@ -228,14 +225,12 @@ cleanup:
 }
 
 static krb5_error_code
-krb5_ldap_get_password_policy_from_dn (krb5_context context,
-    char *pol_name,
-    char *pol_dn,
-    osa_policy_ent_t *policy,
-    int *cnt)
+krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name,
+                                      char *pol_dn, osa_policy_ent_t *policy,
+                                      int *cnt)
 {
     krb5_error_code             st=0, tempst=0;
-    LDAP  		        *ld=NULL;
+    LDAP                        *ld=NULL;
     LDAPMessage                 *result=NULL,*ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -246,7 +241,7 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
 
     /* validate the input parameters */
     if (pol_dn == NULL)
-	return EINVAL;
+        return EINVAL;
 
     *policy = NULL;
     SETUP_CONTEXT();
@@ -255,8 +250,8 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
     *cnt = 0;
     *(policy) = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
     if (*policy == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(*policy, 0, sizeof(osa_policy_ent_rec));
 
@@ -270,31 +265,31 @@ krb5_ldap_get_password_policy_from_dn (krb5_context context,
 
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
-	if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
-	    goto cleanup;
+        if ((st = populate_policy(context, ld, ent, pol_name, *policy)) != 0)
+            goto cleanup;
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
-	krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
-	krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
-	krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &((*policy)->pw_min_classes));
-	krb5_ldap_get_value(ld, ent, "krbpwdminlength", &((*policy)->pw_min_length));
-	krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &((*policy)->pw_history_num));
-
-	/* Get the reference count */
-	st = krb5_ldap_get_reference_count (context,
-					    name,
-					    "krbPwdPolicyReference",
-					    &(*policy)->policy_refcnt,
-					    ld);
+        krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &((*policy)->pw_max_life));
+        krb5_ldap_get_value(ld, ent, "krbminpwdlife", &((*policy)->pw_min_life));
+        krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &((*policy)->pw_min_classes));
+        krb5_ldap_get_value(ld, ent, "krbpwdminlength", &((*policy)->pw_min_length));
+        krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &((*policy)->pw_history_num));
+
+        /* Get the reference count */
+        st = krb5_ldap_get_reference_count (context,
+                                            name,
+                                            "krbPwdPolicyReference",
+                                            &(*policy)->policy_refcnt,
+                                            ld);
 #endif /**************** END IFDEF'ed OUT *******************************/
     }
 
 cleanup:
     ldap_msgfree(result);
     if (st != 0) {
-	if (*policy != NULL) {
-	    krb5_ldap_free_password_policy(context, *policy);
-	    *policy = NULL;
-	}
+        if (*policy != NULL) {
+            krb5_ldap_free_password_policy(context, *policy);
+            *policy = NULL;
+        }
     }
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -306,11 +301,8 @@ cleanup:
  * 'krb5_ldap_get_password_policy_from_dn'
  */
 krb5_error_code
-krb5_ldap_get_password_policy (context, name, policy, cnt)
-    krb5_context                context;
-    char                        *name;
-    osa_policy_ent_t            *policy;
-    int                         *cnt;
+krb5_ldap_get_password_policy(krb5_context context, char *name,
+                              osa_policy_ent_t *policy, int *cnt)
 {
     krb5_error_code             st = 0;
     char                        *policy_dn = NULL;
@@ -320,26 +312,24 @@ krb5_ldap_get_password_policy (context, name, policy, cnt)
 
     /* validate the input parameters */
     if (name == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     st = krb5_ldap_name_to_policydn(context, name, &policy_dn);
     if (st != 0)
-	goto cleanup;
+        goto cleanup;
 
     st = krb5_ldap_get_password_policy_from_dn(context, name, policy_dn, policy, cnt);
 
 cleanup:
     if (policy_dn != NULL)
-	free (policy_dn);
+        free (policy_dn);
     return st;
 }
 
 krb5_error_code
-krb5_ldap_delete_password_policy (context, policy)
-    krb5_context                context;
-    char                        *policy;
+krb5_ldap_delete_password_policy(krb5_context context, char *policy)
 {
     int                         mask = 0;
     char                        *policy_dn = NULL, *class[] = {"krbpwdpolicy", NULL};
@@ -354,49 +344,47 @@ krb5_ldap_delete_password_policy (context, policy)
 
     /* validate the input parameters */
     if (policy == NULL)
-	return EINVAL;
+        return EINVAL;
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     st = krb5_ldap_name_to_policydn (context, policy, &policy_dn);
     if (st != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* Ensure that the object is a password policy */
     if ((st=checkattributevalue(ld, policy_dn, "objectclass", class, &mask)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (mask == 0) {
-	st = KRB5_KDB_NOENTRY;
-	goto cleanup;
+        st = KRB5_KDB_NOENTRY;
+        goto cleanup;
     }
 
     if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_DEL);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_DEL);
+        goto cleanup;
     }
 
 cleanup:
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     if (policy_dn != NULL)
-	free (policy_dn);
+        free (policy_dn);
 
     return st;
 }
 
 krb5_error_code
-krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
-    krb5_context                context;
-    char                        *match_expr;
-    void                        (*func) (krb5_pointer, osa_policy_ent_t);
-    krb5_pointer                func_arg;
+krb5_ldap_iterate_password_policy(krb5_context context, char *match_expr,
+                                  void (*func)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer func_arg)
 {
     osa_policy_ent_rec          *entry=NULL;
-    char		        *policy=NULL;
+    char                        *policy=NULL;
     krb5_error_code             st=0, tempst=0;
-    LDAP		        *ld=NULL;
-    LDAPMessage	                *result=NULL, *ent=NULL;
+    LDAP                        *ld=NULL;
+    LDAPMessage                 *result=NULL, *ent=NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
@@ -408,53 +396,53 @@ krb5_ldap_iterate_password_policy(context, match_expr, func, func_arg)
     GET_HANDLE();
 
     if (ldap_context->lrparams->realmdn == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        st = EINVAL;
+        goto cleanup;
     }
 
     LDAP_SEARCH(ldap_context->lrparams->realmdn, LDAP_SCOPE_ONELEVEL, "(objectclass=krbpwdpolicy)", password_policy_attributes);
     for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-	krb5_boolean attr_present;
-
-	st = krb5_ldap_get_string(ld, ent, "cn", &policy, &attr_present);
-	if (st != 0)
-	    goto cleanup;
-	if (attr_present == FALSE)
-	    continue;
-
-	entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
-	CHECK_NULL(entry);
-	memset(entry, 0, sizeof(osa_policy_ent_rec));
-	if ((st = populate_policy(context, ld, ent, policy, entry)) != 0)
-	    goto cleanup;
+        krb5_boolean attr_present;
+
+        st = krb5_ldap_get_string(ld, ent, "cn", &policy, &attr_present);
+        if (st != 0)
+            goto cleanup;
+        if (attr_present == FALSE)
+            continue;
+
+        entry = (osa_policy_ent_t) malloc(sizeof(osa_policy_ent_rec));
+        CHECK_NULL(entry);
+        memset(entry, 0, sizeof(osa_policy_ent_rec));
+        if ((st = populate_policy(context, ld, ent, policy, entry)) != 0)
+            goto cleanup;
 #if 0 /************** Begin IFDEF'ed OUT *******************************/
-	entry->name = policy;
-	entry->version = 1;
-
-	krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(entry->pw_max_life));
-	krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(entry->pw_min_life));
-	krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(entry->pw_min_classes));
-	krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(entry->pw_min_length));
-	krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(entry->pw_history_num));
-
-	/* Get the reference count */
-	st = krb5_ldap_get_reference_count (context,
-					    policy,
-					    "krbPwdPolicyReference",
-					    &(entry->policy_refcnt),
-					    ld);
+        entry->name = policy;
+        entry->version = 1;
+
+        krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(entry->pw_max_life));
+        krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(entry->pw_min_life));
+        krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(entry->pw_min_classes));
+        krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(entry->pw_min_length));
+        krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(entry->pw_history_num));
+
+        /* Get the reference count */
+        st = krb5_ldap_get_reference_count (context,
+                                            policy,
+                                            "krbPwdPolicyReference",
+                                            &(entry->policy_refcnt),
+                                            ld);
 #endif /**************** END IFDEF'ed OUT *******************************/
 
-	(*func)(func_arg, entry);
-	/* XXX this will free policy so don't free it */
-	krb5_ldap_free_password_policy(context, entry);
-	entry = NULL;
+        (*func)(func_arg, entry);
+        /* XXX this will free policy so don't free it */
+        krb5_ldap_free_password_policy(context, entry);
+        entry = NULL;
     }
     ldap_msgfree(result);
 
 cleanup:
     if (entry)
-	free (entry);
+        free (entry);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -466,9 +454,9 @@ krb5_ldap_free_password_policy (context, entry)
     osa_policy_ent_t            entry;
 {
     if (entry) {
-	if (entry->name)
-	    free(entry->name);
-	free(entry);
+        if (entry->name)
+            free(entry->name);
+        free(entry);
     }
     return;
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
index 846014e..12396ac 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_pwd_policy.h
  *
@@ -32,23 +33,23 @@
 #define _LDAP_KRBPWDPOLICY_H_
 
 krb5_error_code
-krb5_ldap_get_password_policy (krb5_context , char *, osa_policy_ent_t *, int *);
+krb5_ldap_get_password_policy(krb5_context, char *, osa_policy_ent_t *, int *);
 
 krb5_error_code
-krb5_ldap_create_password_policy (krb5_context , osa_policy_ent_t );
+krb5_ldap_create_password_policy(krb5_context, osa_policy_ent_t);
 
 krb5_error_code
-krb5_ldap_put_password_policy ( krb5_context kcontext, osa_policy_ent_t policy );
+krb5_ldap_put_password_policy(krb5_context kcontext, osa_policy_ent_t policy);
 
 krb5_error_code
-krb5_ldap_delete_password_policy ( krb5_context kcontext, char *policy );
+krb5_ldap_delete_password_policy (krb5_context kcontext, char *policy);
 
 krb5_error_code
 krb5_ldap_iterate_password_policy(krb5_context, char *,
-				  void (*) (krb5_pointer, osa_policy_ent_t ),
-				  krb5_pointer);
+                                  void (*)(krb5_pointer, osa_policy_ent_t),
+                                  krb5_pointer);
 
 void
-krb5_ldap_free_password_policy( krb5_context kcontext, osa_policy_ent_t entry );
+krb5_ldap_free_password_policy(krb5_context kcontext, osa_policy_ent_t entry);
 
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index fc84019..7096c0b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_realm.c
  *
@@ -41,18 +42,18 @@
 
 #define END_OF_LIST -1
 char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
-			     "krbMaxTicketLife", "krbMaxRenewableAge",
-			     "krbTicketFlags", "krbUpEnabled",
-			     "krbTicketPolicyReference",
-			     "krbLdapServers",
-			     "krbKdcServers",  "krbAdmServers",
-			     "krbPwdServers", NULL};
+                             "krbMaxTicketLife", "krbMaxRenewableAge",
+                             "krbTicketFlags", "krbUpEnabled",
+                             "krbTicketPolicyReference",
+                             "krbLdapServers",
+                             "krbKdcServers",  "krbAdmServers",
+                             "krbPwdServers", NULL};
 
 
 char  *policy_attributes[] = { "krbMaxTicketLife",
-			       "krbMaxRenewableAge",
-			       "krbTicketFlags",
-			       NULL };
+                               "krbMaxRenewableAge",
+                               "krbTicketFlags",
+                               NULL };
 
 
 
@@ -74,83 +75,85 @@ char  *krbContainerRefclass[] = { "krbContainerRefAux", NULL};
  * Function to remove all special characters from a string (rfc2254).
  * Use whenever exact matching is to be done ...
  */
-char *ldap_filter_correct (char *in)
+char *
+ldap_filter_correct (char *in)
 {
     size_t i, count;
     char *out, *ptr;
     size_t len = strlen(in);
 
     for (i = 0, count = 0; i < len; i++)
-	switch (in[i]) {
-	case '*':
-	case '(':
-	case ')':
-	case '\\':
-	case '\0':
-	    count ++;
-	}
+        switch (in[i]) {
+        case '*':
+        case '(':
+        case ')':
+        case '\\':
+        case '\0':
+            count ++;
+        }
 
     out = (char *)malloc((len + (count * 2) + 1) * sizeof (char));
     assert (out != NULL);
     memset(out, 0, len + (count * 2) + 1);
 
     for (i = 0, ptr = out; i < len; i++)
-	switch (in[i]) {
-	case '*':
-	    ptr[0] = '\\';
-	    ptr[1] = '2';
-	    ptr[2] = 'a';
-	    ptr += 3;
-	    break;
-	case '(':
-	    ptr[0] = '\\';
-	    ptr[1] = '2';
-	    ptr[2] = '8';
-	    ptr += 3;
-	    break;
-	case ')':
-	    ptr[0] = '\\';
-	    ptr[1] = '2';
-	    ptr[2] = '9';
-	    ptr += 3;
-	    break;
-	case '\\':
-	    ptr[0] = '\\';
-	    ptr[1] = '5';
-	    ptr[2] = 'c';
-	    ptr += 3;
-	    break;
-	case '\0':
-	    ptr[0] = '\\';
-	    ptr[1] = '0';
-	    ptr[2] = '0';
-	    ptr += 3;
-	    break;
-	default:
-	    ptr[0] = in[i];
-	    ptr += 1;
-	    break;
-	}
+        switch (in[i]) {
+        case '*':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = 'a';
+            ptr += 3;
+            break;
+        case '(':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = '8';
+            ptr += 3;
+            break;
+        case ')':
+            ptr[0] = '\\';
+            ptr[1] = '2';
+            ptr[2] = '9';
+            ptr += 3;
+            break;
+        case '\\':
+            ptr[0] = '\\';
+            ptr[1] = '5';
+            ptr[2] = 'c';
+            ptr += 3;
+            break;
+        case '\0':
+            ptr[0] = '\\';
+            ptr[1] = '0';
+            ptr[2] = '0';
+            ptr += 3;
+            break;
+        default:
+            ptr[0] = in[i];
+            ptr += 1;
+            break;
+        }
 
     /* ptr[count - 1] = '\0'; */
 
     return out;
 }
 
-static int principal_in_realm_2(krb5_principal principal, char *realm) {
+static int
+principal_in_realm_2(krb5_principal principal, char *realm) {
     /* Cross realm trust ... */
     if (principal->length == 2 &&
-	principal->data[0].length == sizeof ("krbtgt") &&
-	strncasecmp (principal->data[0].data, "krbtgt", sizeof ("krbtgt")) &&
-	principal->data[1].length == strlen (realm) &&
-	strncasecmp (principal->data[1].data, realm, strlen (realm)))
-	return 0;
+        principal->data[0].length == sizeof ("krbtgt") &&
+        strncasecmp (principal->data[0].data, "krbtgt", sizeof ("krbtgt")) &&
+        principal->data[1].length == strlen (realm) &&
+        strncasecmp (principal->data[1].data, realm, strlen (realm)))
+        return 0;
 
     if (strlen(realm) != principal->realm.length)
-	return 1;
+        return 1;
 
     if (strncasecmp(realm, principal->realm.data, principal->realm.length) != 0)
-	return 1;
+        return 1;
 
     return 0;
 }
@@ -160,13 +163,11 @@ static int principal_in_realm_2(krb5_principal principal, char *realm) {
  */
 
 krb5_error_code
-krb5_ldap_list_realm(context, realms)
-    krb5_context	        context;
-    char                        ***realms;
+krb5_ldap_list_realm(krb5_context context, char ***realms)
 {
     char                        **values = NULL;
     unsigned int                i = 0;
-    int                		count = 0;
+    int                         count = 0;
     krb5_error_code             st = 0, tempst = 0;
     LDAP                        *ld = NULL;
     LDAPMessage                 *result = NULL, *ent = NULL;
@@ -178,45 +179,45 @@ krb5_ldap_list_realm(context, realms)
 
     /* get the kerberos container DN information */
     if (ldap_context->krbcontainer == NULL) {
-	if ((st = krb5_ldap_read_krbcontainer_params(context,
-						     &(ldap_context->krbcontainer))) != 0)
-	    goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
 
     /* get ldap handle */
     GET_HANDLE ();
 
     {
-	char *cn[] = {"cn", NULL};
-	LDAP_SEARCH(ldap_context->krbcontainer->DN,
-		    LDAP_SCOPE_ONELEVEL,
-		    "(objectclass=krbRealmContainer)",
-		    cn);
+        char *cn[] = {"cn", NULL};
+        LDAP_SEARCH(ldap_context->krbcontainer->DN,
+                    LDAP_SCOPE_ONELEVEL,
+                    "(objectclass=krbRealmContainer)",
+                    cn);
     }
 
     *realms = NULL;
 
     count = ldap_count_entries (ld, result);
     if (count == -1) {
-	ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
-	st = set_ldap_error (context, st, OP_SEARCH);
-	goto cleanup;
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error (context, st, OP_SEARCH);
+        goto cleanup;
     }
 
     *realms = calloc((unsigned int) count+1, sizeof (char *));
     CHECK_NULL(*realms);
 
     for (ent = ldap_first_entry(ld, result), count = 0; ent != NULL;
-	 ent = ldap_next_entry(ld, ent)) {
+         ent = ldap_next_entry(ld, ent)) {
 
-	if ((values = ldap_get_values (ld, ent, "cn")) != NULL) {
+        if ((values = ldap_get_values (ld, ent, "cn")) != NULL) {
 
-	    (*realms)[count] = strdup(values[0]);
-	    CHECK_NULL((*realms)[count]);
-	    count += 1;
+            (*realms)[count] = strdup(values[0]);
+            CHECK_NULL((*realms)[count]);
+            count += 1;
 
-	    ldap_value_free(values);
-	}
+            ldap_value_free(values);
+        }
     } /* for (ent= ... */
     ldap_msgfree(result);
 
@@ -224,13 +225,13 @@ cleanup:
 
     /* some error, free up all the memory */
     if (st != 0) {
-	if (*realms) {
-	    for (i=0; (*realms)[i] != NULL; ++i) {
-		free ((*realms)[i]);
-	    }
-	    free (*realms);
-	    *realms = NULL;
-	}
+        if (*realms) {
+            for (i=0; (*realms)[i] != NULL; ++i) {
+                free ((*realms)[i]);
+            }
+            free (*realms);
+            *realms = NULL;
+        }
     }
 
     /* If there are no elements, still return a NULL terminated array */
@@ -250,9 +251,7 @@ delete_password_policy (krb5_pointer ptr, osa_policy_ent_t pol)
 }
 
 krb5_error_code
-krb5_ldap_delete_realm (context, lrealm)
-    krb5_context                context;
-    char                        *lrealm;
+krb5_ldap_delete_realm (krb5_context context, char *lrealm)
 {
     LDAP                        *ld = NULL;
     krb5_error_code             st = 0, tempst=0;
@@ -268,46 +267,46 @@ krb5_ldap_delete_realm (context, lrealm)
     SETUP_CONTEXT ();
 
     if (lrealm == NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Realm information not available");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Realm information not available");
+        goto cleanup;
     }
 
     if ((st=krb5_ldap_read_realm_params(context, lrealm, &rparam, &mask)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* get ldap handle */
     GET_HANDLE ();
 
     /* delete all the principals belonging to the realm in the tree */
     {
-	char *attr[] = {"krbprincipalname", NULL}, *realm=NULL, filter[256];
-	krb5_ldap_context lcontext;
+        char *attr[] = {"krbprincipalname", NULL}, *realm=NULL, filter[256];
+        krb5_ldap_context lcontext;
 
-	realm = ldap_filter_correct (lrealm);
-	assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") +
-		strlen (realm) + 2 /* "*@" */ + 1);
+        realm = ldap_filter_correct (lrealm);
+        assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") +
+                strlen (realm) + 2 /* "*@" */ + 1);
 
-	snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm);
-	free (realm);
+        snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm);
+        free (realm);
 
-	/* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */
-	memset(&lcontext, 0, sizeof(krb5_ldap_context));
-	lcontext.lrparams = rparam;
-	if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0)
-	    goto cleanup;
+        /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */
+        memset(&lcontext, 0, sizeof(krb5_ldap_context));
+        lcontext.lrparams = rparam;
+        if ((st=krb5_get_subtree_info(&lcontext, &subtrees, &ntree)) != 0)
+            goto cleanup;
 
         result_arr = (LDAPMessage **)  calloc((unsigned int)ntree+1,
-					      sizeof(LDAPMessage *));
+                                              sizeof(LDAPMessage *));
         if (result_arr == NULL) {
             st = ENOMEM;
             goto cleanup;
         }
 
-	for (l=0; l < ntree; ++l) {
-	    LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
-	    result_arr[l] = result;
-	}
+        for (l=0; l < ntree; ++l) {
+            LDAP_SEARCH(subtrees[l], rparam->search_scope, filter, attr);
+            result_arr[l] = result;
+        }
     }
 
     /* NOTE: Here all the principals should be cached and the ldap handle should be freed,
@@ -317,23 +316,23 @@ krb5_ldap_delete_realm (context, lrealm)
      * thread-safe this should suffice.
      */
     for (j=0; (result=result_arr[j]) != NULL; ++j) {
-	for (ent = ldap_first_entry (ld, result); ent != NULL;
-	     ent = ldap_next_entry (ld, ent)) {
-	    if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
-		for (i = 0; values[i] != NULL; ++i) {
-		    krb5_parse_name(context, values[i], &principal);
-		    if (principal_in_realm_2(principal, lrealm) == 0) {
-			int nent = 0;
-			if ((st=krb5_ldap_delete_principal(context, principal,
-							   &nent)) != LDAP_SUCCESS)
-			    goto cleanup;
-		    }
-		    krb5_free_principal(context, principal);
-		}
-		ldap_value_free(values);
-	    }
-	}
-	ldap_msgfree(result);
+        for (ent = ldap_first_entry (ld, result); ent != NULL;
+             ent = ldap_next_entry (ld, ent)) {
+            if ((values = ldap_get_values(ld, ent, "krbPrincipalName")) != NULL) {
+                for (i = 0; values[i] != NULL; ++i) {
+                    krb5_parse_name(context, values[i], &principal);
+                    if (principal_in_realm_2(principal, lrealm) == 0) {
+                        int nent = 0;
+                        if ((st=krb5_ldap_delete_principal(context, principal,
+                                                           &nent)) != LDAP_SUCCESS)
+                            goto cleanup;
+                    }
+                    krb5_free_principal(context, principal);
+                }
+                ldap_value_free(values);
+            }
+        }
+        ldap_msgfree(result);
     }
 
     /* Delete all password policies */
@@ -341,36 +340,36 @@ krb5_ldap_delete_realm (context, lrealm)
 
     /* Delete all ticket policies */
     {
-	if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
-	    prepend_err_str (context, "Error reading ticket policy: ", st, st);
-	    goto cleanup;
-	}
+        if ((st = krb5_ldap_list_policy (context, ldap_context->lrparams->realmdn, &policy)) != 0) {
+            prepend_err_str (context, "Error reading ticket policy: ", st, st);
+            goto cleanup;
+        }
 
-	for (i = 0; policy [i] != NULL; i++)
-	    krb5_ldap_delete_policy(context, policy[i]);
+        for (i = 0; policy [i] != NULL; i++)
+            krb5_ldap_delete_policy(context, policy[i]);
     }
 
     /* Delete the realm object */
     if ((st=ldap_delete_ext_s(ld, ldap_context->lrparams->realmdn, NULL, NULL)) != LDAP_SUCCESS) {
-	int ost = st;
-	st = translate_ldap_error (st, OP_DEL);
-	krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
-				ldap_err2string(ost));
+        int ost = st;
+        st = translate_ldap_error (st, OP_DEL);
+        krb5_set_error_message (context, st, "Realm Delete FAILED: %s",
+                                ldap_err2string(ost));
     }
 
 cleanup:
     if (subtrees) {
-	for (l=0; l < ntree; ++l) {
-	if (subtrees[l])
-	    free (subtrees[l]);
+        for (l=0; l < ntree; ++l) {
+            if (subtrees[l])
+                free (subtrees[l]);
         }
-	free (subtrees);
+        free (subtrees);
     }
 
     if (policy != NULL) {
-	for (i = 0; policy[i] != NULL; i++)
-	    free (policy[i]);
-	free (policy);
+        for (i = 0; policy[i] != NULL; i++)
+            free (policy[i]);
+        free (policy);
     }
 
     krb5_ldap_free_realm_params(rparam);
@@ -384,10 +383,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_realm(context, rparams, mask)
-    krb5_context             context;
-    krb5_ldap_realm_params   *rparams;
-    int                      mask;
+krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
 {
     LDAP                  *ld=NULL;
     krb5_error_code       st=0;
@@ -409,29 +406,29 @@ krb5_ldap_modify_realm(context, rparams, mask)
     krb5_ldap_server_handle *ldap_server_handle=NULL;
 
     if (mask == 0)
-	return 0;
+        return 0;
 
     if (rparams == NULL) {
-	st = EINVAL;
-	return st;
+        st = EINVAL;
+        return st;
     }
 
     SETUP_CONTEXT ();
 
     /* Check validity of arguments */
     if (ldap_context->krbcontainer == NULL ||
-	rparams->tl_data == NULL ||
-	rparams->tl_data->tl_data_contents == NULL ||
-	((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
-	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        rparams->tl_data == NULL ||
+        rparams->tl_data->tl_data_contents == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
 #ifdef HAVE_EDIRECTORY
-	((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
-	((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
-	((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
+        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
+        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
+        ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
 #endif
-	0) {
-	st = EINVAL;
-	goto cleanup;
+        0) {
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* get ldap handle */
@@ -439,16 +436,16 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     /* get the oldmask obtained from the krb5_ldap_read_realm_params */
     {
-	void *voidptr=NULL;
-
-	if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
-	    oldmask = *((int *) voidptr);
-	    free (voidptr);
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "tl_data not available");
-	    return st;
-	}
+        void *voidptr=NULL;
+
+        if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
+            oldmask = *((int *) voidptr);
+            free (voidptr);
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "tl_data not available");
+            return st;
+        }
     }
 
 
@@ -457,17 +454,17 @@ krb5_ldap_modify_realm(context, rparams, mask)
         if ( rparams->subtree!=NULL)  {
             /*replace the subtrees with the present if the subtrees are present*/
             for(k=0;k<rparams->subtreecount && rparams->subtree[k]!=NULL;k++) {
-                    if (strlen(rparams->subtree[k]) != 0) {
-                        st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
-                                &objectmask);
-                        CHECK_CLASS_VALIDITY(st, objectmask, "subtree value: ");
-                    }
+                if (strlen(rparams->subtree[k]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[k], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask, "subtree value: ");
+                }
+            }
+            strval = rparams->subtree;
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
+                                              strval)) != 0) {
+                goto cleanup;
             }
-	    strval = rparams->subtree;
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_REPLACE,
-					    strval)) != 0) {
-	       goto cleanup;
-	    }
         }
     }
 
@@ -475,48 +472,48 @@ krb5_ldap_modify_realm(context, rparams, mask)
     if (mask & LDAP_REALM_CONTREF) {
         if (strlen(rparams->containerref) != 0 ) {
             st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
-                     &objectmask);
+                                     &objectmask);
             CHECK_CLASS_VALIDITY(st, objectmask, "container reference value: ");
             strvalprc[0] = rparams->containerref;
             strvalprc[1] = NULL;
             if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbPrincContainerRef", LDAP_MOD_REPLACE,
-                            strvalprc)) != 0)
+                                              strvalprc)) != 0)
                 goto cleanup;
         }
     }
 
     /* SEARCHSCOPE ATTRIBUTE */
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
-					  (rparams->search_scope == LDAP_SCOPE_ONELEVEL
-					   || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
-					  rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_REPLACE,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
-					  rparams->max_renewable_life)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_REPLACE,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
-					  rparams->max_life)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_REPLACE,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
-					  rparams->tktflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_REPLACE,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
     }
 
 
@@ -524,44 +521,44 @@ krb5_ldap_modify_realm(context, rparams, mask)
 
     /* KDCSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_KDCSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->kdcservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
-	}
-
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
-					  rparams->kdcservers)) != 0)
-	    goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_REPLACE,
+                                          rparams->kdcservers)) != 0)
+            goto cleanup;
     }
 
     /* ADMINSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_ADMINSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->adminservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
-	}
-
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
-					  rparams->adminservers)) != 0)
-	    goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->adminservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_REPLACE,
+                                          rparams->adminservers)) != 0)
+            goto cleanup;
     }
 
     /* PASSWDSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->passwdservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
-	}
-
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
-					  rparams->passwdservers)) != 0)
-	    goto cleanup;
+        /* validate the server list */
+        for (i=0; rparams->passwdservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
+        }
+
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_REPLACE,
+                                          rparams->passwdservers)) != 0)
+            goto cleanup;
     }
 
     /*
@@ -570,56 +567,56 @@ krb5_ldap_modify_realm(context, rparams, mask)
      * deletions/additions to the list.
      */
     if (mask & LDAP_REALM_KDCSERVERS || mask & LDAP_REALM_ADMINSERVERS ||
-	mask & LDAP_REALM_PASSWDSERVERS) {
-	char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
-
-	if ((st= ldap_search_ext_s(ld,
-				   rparams->realmdn,
-				   LDAP_SCOPE_BASE,
-				   0,
-				   servers,
-				   0,
-				   NULL,
-				   NULL,
-				   NULL,
-				   0,
-				   &result)) != LDAP_SUCCESS) {
-	    st = set_ldap_error (context, st, OP_SEARCH);
-	    goto cleanup;
-	}
-
-	ent = ldap_first_entry(ld, result);
-	if (ent) {
-	    if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
-		count = ldap_count_values(values);
-		if ((st=copy_arrays(values, &oldkdcservers, count)) != 0)
-		    goto cleanup;
-		ldap_value_free(values);
-	    }
-
-	    if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
-		count = ldap_count_values(values);
-		if ((st=copy_arrays(values, &oldadminservers, count)) != 0)
-		    goto cleanup;
-		ldap_value_free(values);
-	    }
-
-	    if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
-		count = ldap_count_values(values);
-		if ((st=copy_arrays(values, &oldpasswdservers, count)) != 0)
-		    goto cleanup;
-		ldap_value_free(values);
-	    }
-	}
-	ldap_msgfree(result);
+        mask & LDAP_REALM_PASSWDSERVERS) {
+        char *servers[] = {"krbKdcServers", "krbAdmServers", "krbPwdServers", NULL};
+
+        if ((st= ldap_search_ext_s(ld,
+                                   rparams->realmdn,
+                                   LDAP_SCOPE_BASE,
+                                   0,
+                                   servers,
+                                   0,
+                                   NULL,
+                                   NULL,
+                                   NULL,
+                                   0,
+                                   &result)) != LDAP_SUCCESS) {
+            st = set_ldap_error (context, st, OP_SEARCH);
+            goto cleanup;
+        }
+
+        ent = ldap_first_entry(ld, result);
+        if (ent) {
+            if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldkdcservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldadminservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+
+            if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
+                count = ldap_count_values(values);
+                if ((st=copy_arrays(values, &oldpasswdservers, count)) != 0)
+                    goto cleanup;
+                ldap_value_free(values);
+            }
+        }
+        ldap_msgfree(result);
     }
 #endif
 
     /* Realm modify opearation */
     if (mods != NULL) {
         if ((st=ldap_modify_ext_s(ld, rparams->realmdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	    st = set_ldap_error (context, st, OP_MOD);
-	    goto cleanup;
+            st = set_ldap_error (context, st, OP_MOD);
+            goto cleanup;
         }
     }
 
@@ -628,112 +625,112 @@ krb5_ldap_modify_realm(context, rparams, mask)
      * to the 4 servers' list.
      */
     if (mask & LDAP_REALM_KDCSERVERS) {
-	char **newkdcservers=NULL;
-
-	count = ldap_count_values(rparams->kdcservers);
-	if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
-	    goto cleanup;
-
-	/* find the deletions and additions to the server list */
-	if (oldkdcservers && newkdcservers)
-	    disjoint_members(oldkdcservers, newkdcservers);
-
-	/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-	if (oldkdcservers)
-	    for (i=0; oldkdcservers[i]; ++i)
-		if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ",
-			      oldkdcservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-
-	/* add the krbRealmReferences attribute from the servers that are associated. */
-	if (newkdcservers)
-	    for (i=0; newkdcservers[i]; ++i)
-		if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			      newkdcservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-
-	if (newkdcservers)
-	    ldap_value_free(newkdcservers);
+        char **newkdcservers=NULL;
+
+        count = ldap_count_values(rparams->kdcservers);
+        if ((st=copy_arrays(rparams->kdcservers, &newkdcservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldkdcservers && newkdcservers)
+            disjoint_members(oldkdcservers, newkdcservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldkdcservers)
+            for (i=0; oldkdcservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ",
+                              oldkdcservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newkdcservers)
+            for (i=0; newkdcservers[i]; ++i)
+                if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                              newkdcservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        if (newkdcservers)
+            ldap_value_free(newkdcservers);
     }
 
     if (mask & LDAP_REALM_ADMINSERVERS) {
-	char **newadminservers=NULL;
-
-	count = ldap_count_values(rparams->adminservers);
-	if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
-	    goto cleanup;
-
-	/* find the deletions and additions to the server list */
-	if (oldadminservers && newadminservers)
-	    disjoint_members(oldadminservers, newadminservers);
-
-	/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-	if (oldadminservers)
-	    for (i=0; oldadminservers[i]; ++i)
-		if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
-			     "%s: ", oldadminservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-
-	/* add the krbRealmReferences attribute from the servers that are associated. */
-	if (newadminservers)
-	    for (i=0; newadminservers[i]; ++i)
-		if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			     newadminservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-	if (newadminservers)
-	    ldap_value_free(newadminservers);
+        char **newadminservers=NULL;
+
+        count = ldap_count_values(rparams->adminservers);
+        if ((st=copy_arrays(rparams->adminservers, &newadminservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldadminservers && newadminservers)
+            disjoint_members(oldadminservers, newadminservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldadminservers)
+            for (i=0; oldadminservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
+                             "%s: ", oldadminservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newadminservers)
+            for (i=0; newadminservers[i]; ++i)
+                if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                             newadminservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+        if (newadminservers)
+            ldap_value_free(newadminservers);
     }
 
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-	char **newpasswdservers=NULL;
-
-	count = ldap_count_values(rparams->passwdservers);
-	if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
-	    goto cleanup;
-
-	/* find the deletions and additions to the server list */
-	if (oldpasswdservers && newpasswdservers)
-	    disjoint_members(oldpasswdservers, newpasswdservers);
-
-	/* delete the krbRealmReferences attribute from the servers that are dis-associated. */
-	if (oldpasswdservers)
-	    for (i=0; oldpasswdservers[i]; ++i)
-		if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
-			     "%s: ", oldpasswdservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-
-	/* add the krbRealmReferences attribute from the servers that are associated. */
-	if (newpasswdservers)
-	    for (i=0; newpasswdservers[i]; ++i)
-		if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
-					rparams->realmdn)) != 0) {
-		    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			     newpasswdservers[i]);
-		    prepend_err_str (context, errbuf, st, st);
-		    goto cleanup;
-		}
-	if (newpasswdservers)
-	    ldap_value_free(newpasswdservers);
+        char **newpasswdservers=NULL;
+
+        count = ldap_count_values(rparams->passwdservers);
+        if ((st=copy_arrays(rparams->passwdservers, &newpasswdservers, count)) != 0)
+            goto cleanup;
+
+        /* find the deletions and additions to the server list */
+        if (oldpasswdservers && newpasswdservers)
+            disjoint_members(oldpasswdservers, newpasswdservers);
+
+        /* delete the krbRealmReferences attribute from the servers that are dis-associated. */
+        if (oldpasswdservers)
+            for (i=0; oldpasswdservers[i]; ++i)
+                if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from "
+                             "%s: ", oldpasswdservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+
+        /* add the krbRealmReferences attribute from the servers that are associated. */
+        if (newpasswdservers)
+            for (i=0; newpasswdservers[i]; ++i)
+                if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences",
+                                        rparams->realmdn)) != 0) {
+                    snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                             newpasswdservers[i]);
+                    prepend_err_str (context, errbuf, st, st);
+                    goto cleanup;
+                }
+        if (newpasswdservers)
+            ldap_value_free(newpasswdservers);
     }
 #endif
 
@@ -741,21 +738,21 @@ cleanup:
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcservers) {
-	for (i=0; oldkdcservers[i]; ++i)
-	    free(oldkdcservers[i]);
-	free(oldkdcservers);
+        for (i=0; oldkdcservers[i]; ++i)
+            free(oldkdcservers[i]);
+        free(oldkdcservers);
     }
 
     if (oldadminservers) {
-	for (i=0; oldadminservers[i]; ++i)
-	    free(oldadminservers[i]);
-	free(oldadminservers);
+        for (i=0; oldadminservers[i]; ++i)
+            free(oldadminservers[i]);
+        free(oldadminservers);
     }
 
     if (oldpasswdservers) {
-	for (i=0; oldpasswdservers[i]; ++i)
-	    free(oldpasswdservers[i]);
-	free(oldpasswdservers);
+        for (i=0; oldpasswdservers[i]; ++i)
+            free(oldpasswdservers[i]);
+        free(oldpasswdservers);
     }
 #endif
 
@@ -771,9 +768,9 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_create_krbcontainer(context, krbcontparams)
-    krb5_context                          context;
-    const krb5_ldap_krbcontainer_params   *krbcontparams;
+krb5_ldap_create_krbcontainer(krb5_context context,
+                              const
+                              krb5_ldap_krbcontainer_params *krbcontparams)
 {
     LDAP                        *ld=NULL;
     char                        *strval[2]={NULL}, *kerberoscontdn=NULL, **rdns=NULL;
@@ -793,54 +790,54 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
     GET_HANDLE ();
 
     if (krbcontparams != NULL && krbcontparams->DN != NULL) {
-	kerberoscontdn = krbcontparams->DN;
+        kerberoscontdn = krbcontparams->DN;
     } else {
-	/* If the user has not given, use the default cn=Kerberos,cn=Security */
+        /* If the user has not given, use the default cn=Kerberos,cn=Security */
 #ifdef HAVE_EDIRECTORY
-	kerberoscontdn = KERBEROS_CONTAINER;
+        kerberoscontdn = KERBEROS_CONTAINER;
 #else
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Kerberos Container information is missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Kerberos Container information is missing");
+        goto cleanup;
 #endif
     }
 
     strval[0] = "krbContainer";
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     rdns = ldap_explode_dn(kerberoscontdn, 1);
     if (rdns == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "Invalid Kerberos container DN");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Invalid Kerberos container DN");
+        goto cleanup;
     }
 
     strval[0] = rdns[0];
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* check if the policy reference value exists and is of krbticketpolicyreference object class */
     if (krbcontparams && krbcontparams->policyreference) {
-	st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
-				 &pmask);
-	CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
-
-	strval[0] = krbcontparams->policyreference;
-	strval[1] = NULL;
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD,
-					  strval)) != 0)
-	    goto cleanup;
+        st = checkattributevalue(ld, krbcontparams->policyreference, "objectclass", policyclass,
+                                 &pmask);
+        CHECK_CLASS_VALIDITY(st, pmask, "ticket policy object value: ");
+
+        strval[0] = krbcontparams->policyreference;
+        strval[1] = NULL;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbticketpolicyreference", LDAP_MOD_ADD,
+                                          strval)) != 0)
+            goto cleanup;
     }
 
     /* create the kerberos container */
     if ((st = ldap_add_ext_s(ld, kerberoscontdn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	int ost = st;
-	st = translate_ldap_error (st, OP_ADD);
-	krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
-	goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        krb5_set_error_message (context, st, "Kerberos Container create FAILED: %s", ldap_err2string(ost));
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
@@ -851,40 +848,40 @@ krb5_ldap_create_krbcontainer(context, krbcontparams)
 
     /* check whether the security container is bound to krbcontainerrefaux object class */
     if ((st=checkattributevalue(ld, SECURITY_CONTAINER, "objectClass",
-				krbContainerRefclass, &crmask)) != 0) {
-	prepend_err_str (context, "Security Container read FAILED: ", st, st);
-	/* delete Kerberos Container, status ignored intentionally */
-	ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
-	goto cleanup;
+                                krbContainerRefclass, &crmask)) != 0) {
+        prepend_err_str (context, "Security Container read FAILED: ", st, st);
+        /* delete Kerberos Container, status ignored intentionally */
+        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
+        goto cleanup;
     }
 
     if (crmask == 0) {
-	/* Security Container is extended with krbcontainerrefaux object class */
-	strval[0] = "krbContainerRefAux";
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	    goto cleanup;
+        /* Security Container is extended with krbcontainerrefaux object class */
+        strval[0] = "krbContainerRefAux";
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
     }
 
     strval[0] = kerberoscontdn;
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbcontainerreference", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* update the security container with krbContainerReference attribute */
     if ((st=ldap_modify_ext_s(ld, SECURITY_CONTAINER, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	int ost = st;
-	st = translate_ldap_error (st, OP_MOD);
-	krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
-	/* delete Kerberos Container, status ignored intentionally */
-	ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
-	goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_MOD);
+        krb5_set_error_message (context, st, "Security Container update FAILED: %s", ldap_err2string(ost));
+        /* delete Kerberos Container, status ignored intentionally */
+        ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL);
+        goto cleanup;
     }
 #endif
 
 cleanup:
 
     if (rdns)
-	ldap_value_free (rdns);
+        ldap_value_free (rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -897,7 +894,8 @@ cleanup:
 
 krb5_error_code
 krb5_ldap_delete_krbcontainer(krb5_context context,
-    const krb5_ldap_krbcontainer_params *krbcontparams)
+                              const
+                              krb5_ldap_krbcontainer_params *krbcontparams)
 {
     LDAP                        *ld=NULL;
     char                        *kerberoscontdn=NULL;
@@ -912,24 +910,24 @@ krb5_ldap_delete_krbcontainer(krb5_context context,
     GET_HANDLE ();
 
     if (krbcontparams != NULL && krbcontparams->DN != NULL) {
-	kerberoscontdn = krbcontparams->DN;
+        kerberoscontdn = krbcontparams->DN;
     } else {
-	/* If the user has not given, use the default cn=Kerberos,cn=Security */
+        /* If the user has not given, use the default cn=Kerberos,cn=Security */
 #ifdef HAVE_EDIRECTORY
-	kerberoscontdn = KERBEROS_CONTAINER;
+        kerberoscontdn = KERBEROS_CONTAINER;
 #else
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Kerberos Container information is missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Kerberos Container information is missing");
+        goto cleanup;
 #endif
     }
 
     /* delete the kerberos container */
     if ((st = ldap_delete_ext_s(ld, kerberoscontdn, NULL, NULL)) != LDAP_SUCCESS) {
-	int ost = st;
-	st = translate_ldap_error (st, OP_ADD);
-	krb5_set_error_message (context, st, "Kerberos Container delete FAILED: %s", ldap_err2string(ost));
-	goto cleanup;
+        int ost = st;
+        st = translate_ldap_error (st, OP_ADD);
+        krb5_set_error_message (context, st, "Kerberos Container delete FAILED: %s", ldap_err2string(ost));
+        goto cleanup;
     }
 
 cleanup:
@@ -944,16 +942,14 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_create_realm(context, rparams, mask)
-    krb5_context                context;
-    krb5_ldap_realm_params      *rparams;
-    int                         mask;
+krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
+                       int mask)
 {
     LDAP                        *ld=NULL;
     krb5_error_code             st=0;
     char                        *dn=NULL;
     char                        *strval[4]={NULL};
-    char		        *contref[2]={NULL};
+    char                        *contref[2]={NULL};
     LDAPMod                     **mods = NULL;
     int                         i=0, objectmask=0, subtreecount=0;
     kdb5_dal_handle             *dal_handle=NULL;
@@ -968,26 +964,26 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* Check input validity ... */
     if (ldap_context->krbcontainer == NULL ||
-	ldap_context->krbcontainer->DN == NULL ||
-	rparams == NULL ||
-	rparams->realm_name == NULL ||
-	((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
-	((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-	((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
+        ldap_context->krbcontainer->DN == NULL ||
+        rparams == NULL ||
+        rparams->realm_name == NULL ||
+        ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
+        ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
+        ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
 #ifdef HAVE_EDIRECTORY
-	((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
-	((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
-	((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
+        ((mask & LDAP_REALM_KDCSERVERS) && rparams->kdcservers == NULL) ||
+        ((mask & LDAP_REALM_ADMINSERVERS) && rparams->adminservers == NULL) ||
+        ((mask & LDAP_REALM_PASSWDSERVERS) && rparams->passwdservers == NULL) ||
 #endif
-	0) {
-	st = EINVAL;
-	return st;
+        0) {
+        st = EINVAL;
+        return st;
     }
 
     if (ldap_context->krbcontainer == NULL) {
-	if ((st = krb5_ldap_read_krbcontainer_params(context,
-						     &(ldap_context->krbcontainer))) != 0)
-	    goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
 
     /* get ldap handle */
@@ -996,14 +992,14 @@ krb5_ldap_create_realm(context, rparams, mask)
     realm_name = rparams->realm_name;
 
     if (asprintf(&dn, "cn=%s,%s", realm_name,
-		 ldap_context->krbcontainer->DN) < 0)
-	dn = NULL;
+                 ldap_context->krbcontainer->DN) < 0)
+        dn = NULL;
     CHECK_NULL(dn);
 
     strval[0] = realm_name;
     strval[1] = NULL;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     strval[0] = "top";
     strval[1] = "krbrealmcontainer";
@@ -1011,31 +1007,31 @@ krb5_ldap_create_realm(context, rparams, mask)
     strval[3] = NULL;
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
         if ( rparams->subtree!=NULL)  {
-              subtreecount = rparams->subtreecount;
-	      for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) {
-	          if (strlen(rparams->subtree[i]) != 0) {
-                      st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
-                             &objectmask);
-                      CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
-		  }
-	      }
-	      if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
-                              rparams->subtree)) != 0) {
-	         goto cleanup;
-	      }
-	}
+            subtreecount = rparams->subtreecount;
+            for (i=0; rparams->subtree[i]!=NULL && i<subtreecount; i++) {
+                if (strlen(rparams->subtree[i]) != 0) {
+                    st = checkattributevalue(ld, rparams->subtree[i], "Objectclass", subtreeclass,
+                                             &objectmask);
+                    CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
+                }
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbsubtrees", LDAP_MOD_ADD,
+                                              rparams->subtree)) != 0) {
+                goto cleanup;
+            }
+        }
     }
 
     /* CONTAINER REFERENCE ATTRIBUTE */
     if (mask & LDAP_REALM_CONTREF) {
         if (strlen(rparams->containerref) != 0 ) {
             st = checkattributevalue(ld, rparams->containerref, "Objectclass", subtreeclass,
-                             &objectmask);
+                                     &objectmask);
             CHECK_CLASS_VALIDITY(st, objectmask, "realm object value: ");
             contref[0] = rparams->containerref;
             contref[1] = NULL;
@@ -1047,35 +1043,35 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* SEARCHSCOPE ATTRIBUTE */
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
-					  (rparams->search_scope == LDAP_SCOPE_ONELEVEL
-					   || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
-					  rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbsearchscope", LDAP_MOD_ADD,
+                                          (rparams->search_scope == LDAP_SCOPE_ONELEVEL
+                                           || rparams->search_scope == LDAP_SCOPE_SUBTREE) ?
+                                          rparams->search_scope : LDAP_SCOPE_SUBTREE)) != 0)
+            goto cleanup;
     }
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
-					  rparams->max_renewable_life)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxRenewableAge", LDAP_MOD_ADD,
+                                          rparams->max_renewable_life)) != 0)
+            goto cleanup;
     }
 
     /* krbMaxTicketLife ATTRIBUTE */
 
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
-					  rparams->max_life)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbMaxTicketLife", LDAP_MOD_ADD,
+                                          rparams->max_life)) != 0)
+            goto cleanup;
     }
 
     /* krbTicketFlags ATTRIBUTE */
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
 
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
-					  rparams->tktflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbTicketFlags", LDAP_MOD_ADD,
+                                          rparams->tktflags)) != 0)
+            goto cleanup;
     }
 
 
@@ -1083,95 +1079,95 @@ krb5_ldap_create_realm(context, rparams, mask)
 
     /* KDCSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_KDCSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->kdcservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->kdcservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->kdcservers[i], "objectClass", kdcclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "kdc service object value: ");
 
-	}
+        }
 
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_ADD,
-					  rparams->kdcservers)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbkdcservers", LDAP_MOD_ADD,
+                                          rparams->kdcservers)) != 0)
+            goto cleanup;
     }
 
     /* ADMINSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_ADMINSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->adminservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->adminservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->adminservers[i], "objectClass", adminclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "admin service object value: ");
 
-	}
+        }
 
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_ADD,
-					  rparams->adminservers)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbadmservers", LDAP_MOD_ADD,
+                                          rparams->adminservers)) != 0)
+            goto cleanup;
     }
 
     /* PASSWDSERVERS ATTRIBUTE */
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-	/* validate the server list */
-	for (i=0; rparams->passwdservers[i] != NULL; ++i) {
-	    st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
-				     &objectmask);
-	    CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
+        /* validate the server list */
+        for (i=0; rparams->passwdservers[i] != NULL; ++i) {
+            st = checkattributevalue(ld, rparams->passwdservers[i], "objectClass", pwdclass,
+                                     &objectmask);
+            CHECK_CLASS_VALIDITY(st, objectmask, "password service object value: ");
 
-	}
+        }
 
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_ADD,
-					  rparams->passwdservers)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbpwdservers", LDAP_MOD_ADD,
+                                          rparams->passwdservers)) != 0)
+            goto cleanup;
     }
 #endif
 
     /* realm creation operation */
     if ((st=ldap_add_ext_s(ld, dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_ADD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
     if (mask & LDAP_REALM_KDCSERVERS)
-	for (i=0; rparams->kdcservers[i]; ++i)
-	    if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
-		snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			 rparams->kdcservers[i]);
-		prepend_err_str (context, errbuf, st, st);
-		/* delete Realm, status ignored intentionally */
-		ldap_delete_ext_s(ld, dn, NULL, NULL);
-		goto cleanup;
-	    }
+        for (i=0; rparams->kdcservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->kdcservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 
     if (mask & LDAP_REALM_ADMINSERVERS)
-	for (i=0; rparams->adminservers[i]; ++i)
-	    if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
-		snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			 rparams->adminservers[i]);
-		prepend_err_str (context, errbuf, st, st);
-		/* delete Realm, status ignored intentionally */
-		ldap_delete_ext_s(ld, dn, NULL, NULL);
-		goto cleanup;
-	    }
+        for (i=0; rparams->adminservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->adminservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 
     if (mask & LDAP_REALM_PASSWDSERVERS)
-	for (i=0; rparams->passwdservers[i]; ++i)
-	    if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
-		snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
-			 rparams->passwdservers[i]);
-		prepend_err_str (context, errbuf, st, st);
-		/* delete Realm, status ignored intentionally */
-		ldap_delete_ext_s(ld, dn, NULL, NULL);
-		goto cleanup;
-	    }
+        for (i=0; rparams->passwdservers[i]; ++i)
+            if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) {
+                snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ",
+                         rparams->passwdservers[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete Realm, status ignored intentionally */
+                ldap_delete_ext_s(ld, dn, NULL, NULL);
+                goto cleanup;
+            }
 #endif
 
 cleanup:
 
     if (dn)
-	free(dn);
+        free(dn);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -1183,11 +1179,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
-    krb5_context	context;
-    char            *lrealm;
-    krb5_ldap_realm_params **rlparamp;
-    int             *mask;
+krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
+                            krb5_ldap_realm_params **rlparamp, int *mask)
 {
     char                   **values=NULL, *krbcontDN=NULL /*, *curr=NULL */;
 #ifdef HAVE_EDIRECTORY
@@ -1206,17 +1199,17 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     /* validate the input parameter */
     if (lrealm == NULL ||
-	ldap_context->krbcontainer == NULL ||
-	ldap_context->krbcontainer->DN == NULL) {
-	st = EINVAL;
-	goto cleanup;
+        ldap_context->krbcontainer == NULL ||
+        ldap_context->krbcontainer->DN == NULL) {
+        st = EINVAL;
+        goto cleanup;
     }
 
     /* read kerberos container, if not read already */
     if (ldap_context->krbcontainer == NULL) {
-	if ((st = krb5_ldap_read_krbcontainer_params(context,
-						     &(ldap_context->krbcontainer))) != 0)
-	    goto cleanup;
+        if ((st = krb5_ldap_read_krbcontainer_params(context,
+                                                     &(ldap_context->krbcontainer))) != 0)
+            goto cleanup;
     }
     /* get ldap handle */
     GET_HANDLE ();
@@ -1229,8 +1222,8 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     /* allocate tl_data structure to store MASK information */
     rlparams->tl_data = malloc (sizeof(krb5_tl_data));
     if (rlparams->tl_data == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     memset(rlparams->tl_data, 0, sizeof(krb5_tl_data));
     rlparams->tl_data->tl_data_type = KDB_TL_USER_INFO;
@@ -1244,9 +1237,9 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
     krbcontDN = ldap_context->krbcontainer->DN;
 
     if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) {
-	rlparams->realmdn = NULL;
-	st = ENOMEM;
-	goto cleanup;
+        rlparams->realmdn = NULL;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* populate the realm name in the structure */
@@ -1265,33 +1258,33 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
 
     ent = ldap_first_entry (ld, result);
     if (ent == NULL) {
-	ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, (void *) &st);
+        ldap_get_option (ld, LDAP_OPT_ERROR_NUMBER, (void *) &st);
 #if 0
-	st = translate_ldap_error(st, OP_SEARCH);
+        st = translate_ldap_error(st, OP_SEARCH);
 #endif
-	goto cleanup;
+        goto cleanup;
     }
 
     /* Read the attributes */
     {
-	if ((values=ldap_get_values(ld, ent, "krbSubTrees")) != NULL) {
+        if ((values=ldap_get_values(ld, ent, "krbSubTrees")) != NULL) {
             rlparams->subtreecount = ldap_count_values(values);
             rlparams->subtree = (char **) malloc(sizeof(char *) * (rlparams->subtreecount + 1));
-	    if (rlparams->subtree == NULL) {
-		st = ENOMEM;
-		goto cleanup;
-	    }
+            if (rlparams->subtree == NULL) {
+                st = ENOMEM;
+                goto cleanup;
+            }
             for (x=0; x<rlparams->subtreecount; x++) {
                 rlparams->subtree[x] = strdup(values[x]);
-	        if (rlparams->subtree[x] == NULL) {
-		    st = ENOMEM;
-		    goto cleanup;
-	        }
+                if (rlparams->subtree[x] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
             }
             rlparams->subtree[rlparams->subtreecount] = NULL;
-	    *mask |= LDAP_REALM_SUBTREE;
-	    ldap_value_free(values);
-	}
+            *mask |= LDAP_REALM_SUBTREE;
+            ldap_value_free(values);
+        }
 
         if((values=ldap_get_values(ld, ent, "krbPrincContainerRef")) != NULL) {
             rlparams->containerref = strdup(values[0]);
@@ -1303,58 +1296,58 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
             ldap_value_free(values);
         }
 
-	if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
-	    rlparams->search_scope=atoi(values[0]);
-	    /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
-	    if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
-		rlparams->search_scope = LDAP_SCOPE_SUBTREE;
-	    *mask |= LDAP_REALM_SEARCHSCOPE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
-	    rlparams->max_life = atoi(values[0]);
-	    *mask |= LDAP_REALM_MAXTICKETLIFE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
-	    rlparams->max_renewable_life = atoi(values[0]);
-	    *mask |= LDAP_REALM_MAXRENEWLIFE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
-	    rlparams->tktflags = atoi(values[0]);
-	    *mask |= LDAP_REALM_KRBTICKETFLAGS;
-	    ldap_value_free(values);
-	}
+        if ((values=ldap_get_values(ld, ent, "krbSearchScope")) != NULL) {
+            rlparams->search_scope=atoi(values[0]);
+            /* searchscope can be ONE-LEVEL or SUBTREE, else default to SUBTREE */
+            if (!(rlparams->search_scope==1 || rlparams->search_scope==2))
+                rlparams->search_scope = LDAP_SCOPE_SUBTREE;
+            *mask |= LDAP_REALM_SEARCHSCOPE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxTicketLife")) != NULL) {
+            rlparams->max_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXTICKETLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbMaxRenewableAge")) != NULL) {
+            rlparams->max_renewable_life = atoi(values[0]);
+            *mask |= LDAP_REALM_MAXRENEWLIFE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbTicketFlags")) != NULL) {
+            rlparams->tktflags = atoi(values[0]);
+            *mask |= LDAP_REALM_KRBTICKETFLAGS;
+            ldap_value_free(values);
+        }
 
 #ifdef HAVE_EDIRECTORY
 
-	if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
-	    count = ldap_count_values(values);
-	    if ((st=copy_arrays(values, &(rlparams->kdcservers), (int) count)) != 0)
-		goto cleanup;
-	    *mask |= LDAP_REALM_KDCSERVERS;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
-	    count = ldap_count_values(values);
-	    if ((st=copy_arrays(values, &(rlparams->adminservers), (int) count)) != 0)
-		goto cleanup;
-	    *mask |= LDAP_REALM_ADMINSERVERS;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
-	    count = ldap_count_values(values);
-	    if ((st=copy_arrays(values, &(rlparams->passwdservers), (int) count)) != 0)
-		goto cleanup;
-	    *mask |= LDAP_REALM_PASSWDSERVERS;
-	    ldap_value_free(values);
-	}
+        if ((values=ldap_get_values(ld, ent, "krbKdcServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->kdcservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_KDCSERVERS;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbAdmServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->adminservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_ADMINSERVERS;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbPwdServers")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(rlparams->passwdservers), (int) count)) != 0)
+                goto cleanup;
+            *mask |= LDAP_REALM_PASSWDSERVERS;
+            ldap_value_free(values);
+        }
 #endif
     }
     ldap_msgfree(result);
@@ -1366,42 +1359,42 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask)
      */
 
     if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE &&
-	   *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
-
-	LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-	if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-	    int ost = st;
-	    st = translate_ldap_error (st, OP_SEARCH);
-	    krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
-	    goto cleanup;
-	}
-	ent = ldap_first_entry (ld, result);
-	if (ent != NULL) {
-	    if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
-		if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
-		    rlparams->max_life = atoi(values[0]);
-		    *mask |= LDAP_REALM_MAXTICKETLIFE;
-		    ldap_value_free(values);
-		}
-	    }
-
-	    if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
-		if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
-		    rlparams->max_renewable_life = atoi(values[0]);
-		    *mask |= LDAP_REALM_MAXRENEWLIFE;
-		    ldap_value_free(values);
-		}
-	    }
-
-	    if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
-		if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
-		    rlparams->tktflags = atoi(values[0]);
-		    *mask |= LDAP_REALM_KRBTICKETFLAGS;
-		    ldap_value_free(values);
-		}
-	    }
-	}
-	ldap_msgfree(result);
+           *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
+
+        LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
+        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
+            int ost = st;
+            st = translate_ldap_error (st, OP_SEARCH);
+            krb5_set_error_message (context, st, "Policy object read failed: %s", ldap_err2string(ost));
+            goto cleanup;
+        }
+        ent = ldap_first_entry (ld, result);
+        if (ent != NULL) {
+            if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
+                    rlparams->max_life = atoi(values[0]);
+                    *mask |= LDAP_REALM_MAXTICKETLIFE;
+                    ldap_value_free(values);
+                }
+            }
+
+            if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
+                    rlparams->max_renewable_life = atoi(values[0]);
+                    *mask |= LDAP_REALM_MAXRENEWLIFE;
+                    ldap_value_free(values);
+                }
+            }
+
+            if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
+                if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
+                    rlparams->tktflags = atoi(values[0]);
+                    *mask |= LDAP_REALM_KRBTICKETFLAGS;
+                    ldap_value_free(values);
+                }
+            }
+        }
+        ldap_msgfree(result);
     }
 
     rlparams->mask = *mask;
@@ -1412,8 +1405,8 @@ cleanup:
 
     /* if there is an error, free allocated structures */
     if (st != 0) {
-	krb5_ldap_free_realm_params(rlparams);
-	*rlparamp=NULL;
+        krb5_ldap_free_realm_params(rlparams);
+        *rlparamp=NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -1424,54 +1417,53 @@ cleanup:
   Free the krb5_ldap_realm_params.
 */
 void
-krb5_ldap_free_realm_params(rparams)
-    krb5_ldap_realm_params *rparams;
+krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams)
 {
     int i=0;
 
     if (rparams) {
-	if (rparams->realmdn)
-	    free(rparams->realmdn);
+        if (rparams->realmdn)
+            free(rparams->realmdn);
 
-	if (rparams->realm_name)
-	    krb5_xfree(rparams->realm_name);
+        if (rparams->realm_name)
+            krb5_xfree(rparams->realm_name);
+
+        if (rparams->subtree) {
+            for (i=0; i<rparams->subtreecount && rparams->subtree[i] ; i++)
+                krb5_xfree(rparams->subtree[i]);
+            krb5_xfree(rparams->subtree);
+        }
+
+        if (rparams->kdcservers) {
+            for (i=0; rparams->kdcservers[i]; ++i)
+                krb5_xfree(rparams->kdcservers[i]);
+            krb5_xfree(rparams->kdcservers);
+        }
+
+        if (rparams->adminservers) {
+            for (i=0; rparams->adminservers[i]; ++i)
+                krb5_xfree(rparams->adminservers[i]);
+            krb5_xfree(rparams->adminservers);
+        }
+
+        if (rparams->passwdservers) {
+            for (i=0; rparams->passwdservers[i]; ++i)
+                krb5_xfree(rparams->passwdservers[i]);
+            krb5_xfree(rparams->passwdservers);
+        }
+
+        if (rparams->tl_data) {
+            if (rparams->tl_data->tl_data_contents)
+                krb5_xfree(rparams->tl_data->tl_data_contents);
+            krb5_xfree(rparams->tl_data);
+        }
 
-	if (rparams->subtree) {
-	    for (i=0; i<rparams->subtreecount && rparams->subtree[i] ; i++)
-	        krb5_xfree(rparams->subtree[i]);
-	    krb5_xfree(rparams->subtree);
+        if (rparams->mkey.contents) {
+            memset(rparams->mkey.contents, 0, rparams->mkey.length);
+            krb5_xfree(rparams->mkey.contents);
         }
 
-	if (rparams->kdcservers) {
-	    for (i=0; rparams->kdcservers[i]; ++i)
-		krb5_xfree(rparams->kdcservers[i]);
-	    krb5_xfree(rparams->kdcservers);
-	}
-
-	if (rparams->adminservers) {
-	    for (i=0; rparams->adminservers[i]; ++i)
-		krb5_xfree(rparams->adminservers[i]);
-	    krb5_xfree(rparams->adminservers);
-	}
-
-	if (rparams->passwdservers) {
-	    for (i=0; rparams->passwdservers[i]; ++i)
-		krb5_xfree(rparams->passwdservers[i]);
-	    krb5_xfree(rparams->passwdservers);
-	}
-
-	if (rparams->tl_data) {
-	    if (rparams->tl_data->tl_data_contents)
-		krb5_xfree(rparams->tl_data->tl_data_contents);
-	    krb5_xfree(rparams->tl_data);
-	}
-
-	if (rparams->mkey.contents) {
-	    memset(rparams->mkey.contents, 0, rparams->mkey.length);
-	    krb5_xfree(rparams->mkey.contents);
-	}
-
-	krb5_xfree(rparams);
+        krb5_xfree(rparams);
     }
     return;
 }
@@ -1483,7 +1475,8 @@ krb5_ldap_free_realm_params(rparams)
  */
 
 krb5_error_code
-krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section, char **db_args)
+krb5_ldap_delete_realm_1(krb5_context kcontext, char *conf_section,
+                         char **db_args)
 {
     krb5_error_code status = KRB5_PLUGIN_OP_NOTSUPP;
     krb5_set_error_message(kcontext, status, "LDAP %s", error_message(status));
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
index cfdf39c..dcb3fcb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_realm.h
  *
@@ -43,7 +44,7 @@
 #define LDAP_REALM_MAXTICKETLIFE      0x0100
 #define LDAP_REALM_MAXRENEWLIFE       0x0200
 #define LDAP_REALM_KRBTICKETFLAGS     0x0400
-#define LDAP_REALM_CONTREF  	      0x0800
+#define LDAP_REALM_CONTREF            0x0800
 
 extern char *policy_attributes[];
 
@@ -52,24 +53,24 @@ extern char *realm_attributes[];
 /* realm container structure */
 
 typedef struct _krb5_ldap_realm_params {
-  char          *realmdn;
-  char          *realm_name;
-  char          **subtree;
-  char		*containerref;
-  char          *policyreference;
-  int           search_scope;
-  int           upenabled;
-  int 		subtreecount;
-  krb5_int32    max_life;
-  krb5_int32    max_renewable_life;
-  krb5_int32    tktflags;
-  char          **kdcservers;
-  char          **adminservers;
-  char          **passwdservers;
-  krb5_tl_data  *tl_data;
-  krb5_keyblock mkey;
-  krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
-  long          mask;
+    char          *realmdn;
+    char          *realm_name;
+    char          **subtree;
+    char          *containerref;
+    char          *policyreference;
+    int           search_scope;
+    int           upenabled;
+    int           subtreecount;
+    krb5_int32    max_life;
+    krb5_int32    max_renewable_life;
+    krb5_int32    tktflags;
+    char          **kdcservers;
+    char          **adminservers;
+    char          **passwdservers;
+    krb5_tl_data  *tl_data;
+    krb5_keyblock mkey;
+    krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
+    long          mask;
 } krb5_ldap_realm_params;
 
 
@@ -86,7 +87,8 @@ krb5_error_code
 krb5_ldap_create_realm(krb5_context, krb5_ldap_realm_params *, int);
 
 krb5_error_code
-krb5_ldap_read_realm_params(krb5_context , char *, krb5_ldap_realm_params **, int *);
+krb5_ldap_read_realm_params(krb5_context, char *, krb5_ldap_realm_params **,
+                            int *);
 
 void
 krb5_ldap_free_realm_params(krb5_ldap_realm_params *);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
index 8d87d46..be01f39 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_rights.c
  *
@@ -266,14 +267,9 @@ static char *kerberos_container[][2] = {
  */
 
 krb5_error_code
-krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, contref, mask)
-    krb5_context	context;
-    int                 servicetype;
-    char                *serviceobjdn;
-    char                *realmname;
-    char                **subtreeparam;
-    char                *contref;
-    int                 mask;
+krb5_ldap_add_service_rights(krb5_context context, int servicetype,
+                             char *serviceobjdn, char *realmname,
+                             char **subtreeparam, char *contref, int mask)
 {
 
     int                    st=0,i=0,j=0;
@@ -291,9 +287,9 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
     GET_HANDLE();
 
     if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
-	|| (ldap_context->krbcontainer->DN == NULL)) {
-	st=-1;
-	goto cleanup;
+        || (ldap_context->krbcontainer->DN == NULL)) {
+        st=-1;
+        goto cleanup;
     }
 
     if (subtreeparam != NULL) {
@@ -313,13 +309,13 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
         memset(subtree, 0, sizeof(char *) * (subtreecount + 1));
         if (subtreeparam != NULL) {
             for(i=0; subtreeparam[i]!=NULL; i++) {
-            subtree[i] = strdup(subtreeparam[i]);
-            if(subtree[i] == NULL) {
-                st = ENOMEM;
-                goto cleanup;
+                subtree[i] = strdup(subtreeparam[i]);
+                if(subtree[i] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
             }
         }
-    }
         if (contref != NULL) {
             subtree[i] = strdup(contref);
         }
@@ -328,213 +324,213 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt
     /* Set the rights for the realm */
     if (mask & LDAP_REALM_RIGHTS) {
 
-    /* Set the rights for the service object on the security container */
-    seccontclass.mod_op = LDAP_MOD_ADD;
-    seccontclass.mod_type = "ACL";
-
-    for (i=0; strcmp(security_container[i][0], "") != 0; i++) {
-
-	asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn,
-		 security_container[i][1]);
-	seccontclass.mod_values = seccontacls;
-
-	seccontarr[0] = &seccontclass;
-
-	st = ldap_modify_ext_s(ld,
-			       SECURITY_CONTAINER,
-			       seccontarr,
-			       NULL,
-			       NULL);
-	if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-	    free(seccontacls[0]);
-	    st = set_ldap_error (context, st, OP_MOD);
-	    goto cleanup;
-	}
-	free(seccontacls[0]);
-    }
+        /* Set the rights for the service object on the security container */
+        seccontclass.mod_op = LDAP_MOD_ADD;
+        seccontclass.mod_type = "ACL";
 
+        for (i=0; strcmp(security_container[i][0], "") != 0; i++) {
 
-    /* Set the rights for the service object on the kerberos container */
-    krbcontclass.mod_op = LDAP_MOD_ADD;
-    krbcontclass.mod_type = "ACL";
-
-    for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) {
-	asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn,
-		 kerberos_container[i][1]);
-	krbcontclass.mod_values = krbcontacls;
-
-	krbcontarr[0] = &krbcontclass;
-
-	st = ldap_modify_ext_s(ld,
-			       ldap_context->krbcontainer->DN,
-			       krbcontarr,
-			       NULL,
-			       NULL);
-	if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-	    free(krbcontacls[0]);
-	    st = set_ldap_error (context, st, OP_MOD);
-	    goto cleanup;
-	}
-	free(krbcontacls[0]);
-    }
+            asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn,
+                     security_container[i][1]);
+            seccontclass.mod_values = seccontacls;
+
+            seccontarr[0] = &seccontclass;
+
+            st = ldap_modify_ext_s(ld,
+                                   SECURITY_CONTAINER,
+                                   seccontarr,
+                                   NULL,
+                                   NULL);
+            if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                free(seccontacls[0]);
+                st = set_ldap_error (context, st, OP_MOD);
+                goto cleanup;
+            }
+            free(seccontacls[0]);
+        }
+
+
+        /* Set the rights for the service object on the kerberos container */
+        krbcontclass.mod_op = LDAP_MOD_ADD;
+        krbcontclass.mod_type = "ACL";
+
+        for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) {
+            asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn,
+                     kerberos_container[i][1]);
+            krbcontclass.mod_values = krbcontacls;
+
+            krbcontarr[0] = &krbcontclass;
 
-	/* Construct the realm dn from realm name */
-	asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
-
-	realmclass.mod_op = LDAP_MOD_ADD;
-	realmclass.mod_type = "ACL";
-
-	if (servicetype == LDAP_KDC_SERVICE) {
-	    for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
-			 kdcrights_realmcontainer[i][1]);
-		realmclass.mod_values = realmacls;
-
-		realmarr[0] = &realmclass;
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	} else if (servicetype == LDAP_ADMIN_SERVICE) {
-	    for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
-			 adminrights_realmcontainer[i][1]);
-		realmclass.mod_values = realmacls;
-
-		realmarr[0] = &realmclass;
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	} else if (servicetype == LDAP_PASSWD_SERVICE) {
-	    for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
-			 pwdrights_realmcontainer[i][1]);
-		realmclass.mod_values = realmacls;
-
-		realmarr[0] = &realmclass;
-
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	}
+            st = ldap_modify_ext_s(ld,
+                                   ldap_context->krbcontainer->DN,
+                                   krbcontarr,
+                                   NULL,
+                                   NULL);
+            if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                free(krbcontacls[0]);
+                st = set_ldap_error (context, st, OP_MOD);
+                goto cleanup;
+            }
+            free(krbcontacls[0]);
+        }
+
+        /* Construct the realm dn from realm name */
+        asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
+
+        realmclass.mod_op = LDAP_MOD_ADD;
+        realmclass.mod_type = "ACL";
+
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
+                         kdcrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
+                         adminrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                         pwdrights_realmcontainer[i][1]);
+                realmclass.mod_values = realmacls;
+
+                realmarr[0] = &realmclass;
+
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        }
     } /* Realm rights settings ends here */
 
 
     /* Subtree rights to be set */
     if ((mask & LDAP_SUBTREE_RIGHTS) && (subtree != NULL)) {
-	/* Populate the acl data to be added to the subtree */
-	subtreeclass.mod_op = LDAP_MOD_ADD;
-	subtreeclass.mod_type = "ACL";
+        /* Populate the acl data to be added to the subtree */
+        subtreeclass.mod_op = LDAP_MOD_ADD;
+        subtreeclass.mod_type = "ACL";
 
-	if (servicetype == LDAP_KDC_SERVICE) {
-	    for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
-			 kdcrights_subtree[i][1]);
-		subtreeclass.mod_values = subtreeacls;
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                         kdcrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-		subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	} else if (servicetype == LDAP_ADMIN_SERVICE) {
-	    for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
-			 adminrights_subtree[i][1]);
-		subtreeclass.mod_values = subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
+                         adminrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-		subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st !=LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st !=LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	} else if (servicetype == LDAP_PASSWD_SERVICE) {
-	    for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
-			 pwdrights_subtree[i][1]);
-		subtreeclass.mod_values = subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
+                         pwdrights_subtree[i][1]);
+                subtreeclass.mod_values = subtreeacls;
 
-		subtreearr[0] = &subtreeclass;
+                subtreearr[0] = &subtreeclass;
 
                 /* set rights to a list of subtrees */
                 for(j=0; subtree[j]!=NULL && j<subtreecount;j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_TYPE_OR_VALUE_EXISTS && st != LDAP_OTHER) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	}
+                free(subtreeacls[0]);
+            }
+        }
     } /* Subtree rights settings ends here */
     st = 0;
 
 cleanup:
 
     if (realmdn)
-	free(realmdn);
+        free(realmdn);
 
     if (subtree)
-	free(subtree);
+        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -554,14 +550,9 @@ cleanup:
 */
 
 krb5_error_code
-krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, subtreeparam, contref, mask)
-    krb5_context	context;
-    int             servicetype;
-    char            *serviceobjdn;
-    char            *realmname;
-    char            **subtreeparam;
-    char            *contref;
-    int             mask;
+krb5_ldap_delete_service_rights(krb5_context context, int servicetype,
+                                char *serviceobjdn, char *realmname,
+                                char **subtreeparam, char *contref, int mask)
 {
 
     int                    st=0,i=0,j=0;
@@ -580,14 +571,14 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     GET_HANDLE();
 
     if ((serviceobjdn == NULL) || (realmname == NULL) || (servicetype < 0) || (servicetype > 4)
-	|| (ldap_context->krbcontainer->DN == NULL)) {
-	st = -1;
-	goto cleanup;
+        || (ldap_context->krbcontainer->DN == NULL)) {
+        st = -1;
+        goto cleanup;
     }
 
     if (subtreeparam != NULL) {
-    while(subtreeparam[subtreecount])
-        subtreecount++;
+        while(subtreeparam[subtreecount])
+            subtreecount++;
     }
     if (contref != NULL) {
         subtreecount++;
@@ -602,12 +593,12 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
         memset(subtree, 0, sizeof(char *) * (subtreecount + 1));
         if (subtreeparam != NULL) {
             for(i=0; subtreeparam[i]!=NULL; i++) {
-        subtree[i] = strdup(subtreeparam[i]);
-        if(subtree[i] == NULL) {
-            st = ENOMEM;
-            goto cleanup;
-        }
-    }
+                subtree[i] = strdup(subtreeparam[i]);
+                if(subtree[i] == NULL) {
+                    st = ENOMEM;
+                    goto cleanup;
+                }
+            }
         }
         if (contref != NULL) {
             subtree[i] = strdup(contref);
@@ -618,72 +609,72 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     /* Set the rights for the realm */
     if (mask & LDAP_REALM_RIGHTS) {
 
-	asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
-
-	realmclass.mod_op=LDAP_MOD_DELETE;
-	realmclass.mod_type="ACL";
-
-	if (servicetype == LDAP_KDC_SERVICE) {
-	    for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
-			 kdcrights_realmcontainer[i][1]);
-		realmclass.mod_values= realmacls;
-
-		realmarr[0]=&realmclass;
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	} else if (servicetype == LDAP_ADMIN_SERVICE) {
-	    for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
-			 adminrights_realmcontainer[i][1]);
-		realmclass.mod_values= realmacls;
-
-		realmarr[0]=&realmclass;
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	} else if (servicetype == LDAP_PASSWD_SERVICE) {
-	    for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) {
-		asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
-			 pwdrights_realmcontainer[i][1]);
-		realmclass.mod_values= realmacls;
-
-		realmarr[0]=&realmclass;
-
-		st = ldap_modify_ext_s(ld,
-				       realmdn,
-				       realmarr,
-				       NULL,
-				       NULL);
-		if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		    free(realmacls[0]);
-		    st = set_ldap_error (context, st, OP_MOD);
-		    goto cleanup;
-		}
-		free(realmacls[0]);
-	    }
-	}
+        asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN);
+
+        realmclass.mod_op=LDAP_MOD_DELETE;
+        realmclass.mod_type="ACL";
+
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn,
+                         kdcrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn,
+                         adminrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) {
+                asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn,
+                         pwdrights_realmcontainer[i][1]);
+                realmclass.mod_values= realmacls;
+
+                realmarr[0]=&realmclass;
+
+                st = ldap_modify_ext_s(ld,
+                                       realmdn,
+                                       realmarr,
+                                       NULL,
+                                       NULL);
+                if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                    free(realmacls[0]);
+                    st = set_ldap_error (context, st, OP_MOD);
+                    goto cleanup;
+                }
+                free(realmacls[0]);
+            }
+        }
 
     } /* Realm rights setting ends here */
 
@@ -691,77 +682,77 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
     /* Set the rights for the subtree */
     if ((mask & LDAP_SUBTREE_RIGHTS) && (subtree != NULL)) {
 
-	/* Populate the acl data to be added to the subtree */
-	subtreeclass.mod_op=LDAP_MOD_DELETE;
-	subtreeclass.mod_type="ACL";
+        /* Populate the acl data to be added to the subtree */
+        subtreeclass.mod_op=LDAP_MOD_DELETE;
+        subtreeclass.mod_type="ACL";
 
-	if (servicetype == LDAP_KDC_SERVICE) {
-	    for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
-			 kdcrights_subtree[i][1]);
-		subtreeclass.mod_values= subtreeacls;
+        if (servicetype == LDAP_KDC_SERVICE) {
+            for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn,
+                         kdcrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-		subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	} else if (servicetype == LDAP_ADMIN_SERVICE) {
-	    for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
-			 adminrights_subtree[i][1]);
-		subtreeclass.mod_values= subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_ADMIN_SERVICE) {
+            for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn,
+                         adminrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-		subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	} else if (servicetype == LDAP_PASSWD_SERVICE) {
-	    for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
-		asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
-			 pwdrights_subtree[i][1]);
-		subtreeclass.mod_values= subtreeacls;
+                free(subtreeacls[0]);
+            }
+        } else if (servicetype == LDAP_PASSWD_SERVICE) {
+            for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) {
+                asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn,
+                         pwdrights_subtree[i][1]);
+                subtreeclass.mod_values= subtreeacls;
 
-		subtreearr[0]=&subtreeclass;
+                subtreearr[0]=&subtreeclass;
 
                 for(j=0; subtree[j]!=NULL && j<subtreecount; j++) {
-		    st = ldap_modify_ext_s(ld,
-                                            subtree[j],
-                                            subtreearr,
-                                            NULL,
-                                            NULL);
-		    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
-		        free(subtreeacls[0]);
-		        st = set_ldap_error (context, st, OP_MOD);
-		        goto cleanup;
-		    }
+                    st = ldap_modify_ext_s(ld,
+                                           subtree[j],
+                                           subtreearr,
+                                           NULL,
+                                           NULL);
+                    if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_ATTRIBUTE) {
+                        free(subtreeacls[0]);
+                        st = set_ldap_error (context, st, OP_MOD);
+                        goto cleanup;
+                    }
                 }
-		free(subtreeacls[0]);
-	    }
-	}
+                free(subtreeacls[0]);
+            }
+        }
     } /* Subtree rights setting ends here */
 
     st = 0;
@@ -769,10 +760,10 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s
 cleanup:
 
     if (realmdn)
-	free(realmdn);
+        free(realmdn);
 
     if (subtree)
-	free(subtree);
+        free(subtree);
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
index b799756..f14858b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_stash.c
  *
@@ -34,10 +35,8 @@
 #include "ldap_service_stash.h"
 
 krb5_error_code
-krb5_ldap_readpassword(context, ldap_context, password)
-    krb5_context                context;
-    krb5_ldap_context           *ldap_context;
-    unsigned char               **password;
+krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context,
+                       unsigned char **password)
 {
     int                         entryfound=0;
     krb5_error_code             st=0;
@@ -48,7 +47,7 @@ krb5_ldap_readpassword(context, ldap_context, password)
     *password = NULL;
 
     if (ldap_context->service_password_file)
-	file = ldap_context->service_password_file;
+        file = ldap_context->service_password_file;
 
 #ifndef HAVE_STRERROR_R
 # undef strerror_r
@@ -57,122 +56,122 @@ krb5_ldap_readpassword(context, ldap_context, password)
 
     /* check whether file exists */
     if (access(file, F_OK) < 0) {
-	st = errno;
-	strerror_r(errno, errbuf, sizeof(errbuf));
-	krb5_set_error_message (context, st, "%s", errbuf);
-	goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
 
     /* check read access */
     if (access(file, R_OK) < 0) {
-	st = errno;
-	strerror_r(errno, errbuf, sizeof(errbuf));
-	krb5_set_error_message (context, st, "%s", errbuf);
-	goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
 
     if ((fptr=fopen(file, "r")) == NULL) {
-	st = errno;
-	strerror_r(errno, errbuf, sizeof(errbuf));
-	krb5_set_error_message (context, st, "%s", errbuf);
-	goto rp_exit;
+        st = errno;
+        strerror_r(errno, errbuf, sizeof(errbuf));
+        krb5_set_error_message (context, st, "%s", errbuf);
+        goto rp_exit;
     }
     set_cloexec_file(fptr);
 
     /* get the record from the file */
     while (fgets(line, RECORDLEN, fptr)!= NULL) {
-	char tmp[RECORDLEN];
-
-	tmp[0] = '\0';
-	/* Handle leading white-spaces */
-	for (start = line; isspace(*start); ++start);
-
-	/* Handle comment lines */
-	if (*start == '!' || *start == '#')
-	    continue;
-	sscanf(line, "%*[ \t]%[^#]", tmp);
-	if (tmp[0] == '\0')
-	    sscanf(line, "%[^#]", tmp);
-	if (strcasecmp(tmp, ldap_context->bind_dn) == 0) {
-	    entryfound = 1; /* service_dn record found !!! */
-	    break;
-	}
+        char tmp[RECORDLEN];
+
+        tmp[0] = '\0';
+        /* Handle leading white-spaces */
+        for (start = line; isspace(*start); ++start);
+
+        /* Handle comment lines */
+        if (*start == '!' || *start == '#')
+            continue;
+        sscanf(line, "%*[ \t]%[^#]", tmp);
+        if (tmp[0] == '\0')
+            sscanf(line, "%[^#]", tmp);
+        if (strcasecmp(tmp, ldap_context->bind_dn) == 0) {
+            entryfound = 1; /* service_dn record found !!! */
+            break;
+        }
     }
     fclose (fptr);
 
     if (entryfound == 0)  {
-	st = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (context, st, "Bind DN entry missing in stash file");
-	goto rp_exit;
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (context, st, "Bind DN entry missing in stash file");
+        goto rp_exit;
     }
     /* replace the \n with \0 */
     start = strchr(line, '\n');
     if (start)
-	*start = '\0';
+        *start = '\0';
 
     start = strchr(line, '#');
     if (start == NULL) {
-	/* password field missing */
-	st = KRB5_KDB_SERVER_INTERNAL_ERR;
-	krb5_set_error_message (context, st, "Stash file entry corrupt");
-	goto rp_exit;
+        /* password field missing */
+        st = KRB5_KDB_SERVER_INTERNAL_ERR;
+        krb5_set_error_message (context, st, "Stash file entry corrupt");
+        goto rp_exit;
     }
     ++ start;
     /* Extract the plain password / certificate file information */
     {
-	struct data PT, CT;
-
-	/* Check if the entry has the path of a certificate */
-	if (!strncmp(start, "{FILE}", strlen("{FILE}"))) {
-	    /* Set *password = {FILE}<path to cert>\0<cert password> */
-	    size_t len = strlen(start);
-
-	    *password = (unsigned char *)malloc(len + 2);
-	    if (*password == NULL) {
-		st = ENOMEM;
-		goto rp_exit;
-	    }
-	    memcpy(*password, start, len);
-	    (*password)[len] = '\0';
-	    (*password)[len + 1] = '\0';
-	    goto got_password;
-	} else {
-	    CT.value = (unsigned char *)start;
-	    CT.len = strlen((char *)CT.value);
-	    st = dec_password(CT, &PT);
-	    if (st != 0) {
-		switch (st) {
-		case ERR_NO_MEM:
-		    st = ENOMEM;
-		    break;
-		case ERR_PWD_ZERO:
-		    st = EINVAL;
-		    krb5_set_error_message(context, st, "Password has zero length");
-		    break;
-		case ERR_PWD_BAD:
-		    st = EINVAL;
-		    krb5_set_error_message(context, st, "Password corrupted");
-		    break;
-		case ERR_PWD_NOT_HEX:
-		    st = EINVAL;
-		    krb5_set_error_message(context, st, "Not a hexadecimal password");
-		    break;
-		default:
-		    st = KRB5_KDB_SERVER_INTERNAL_ERR;
-		    break;
-		}
-		goto rp_exit;
-	    }
-	    *password = PT.value;
-	}
+        struct data PT, CT;
+
+        /* Check if the entry has the path of a certificate */
+        if (!strncmp(start, "{FILE}", strlen("{FILE}"))) {
+            /* Set *password = {FILE}<path to cert>\0<cert password> */
+            size_t len = strlen(start);
+
+            *password = (unsigned char *)malloc(len + 2);
+            if (*password == NULL) {
+                st = ENOMEM;
+                goto rp_exit;
+            }
+            memcpy(*password, start, len);
+            (*password)[len] = '\0';
+            (*password)[len + 1] = '\0';
+            goto got_password;
+        } else {
+            CT.value = (unsigned char *)start;
+            CT.len = strlen((char *)CT.value);
+            st = dec_password(CT, &PT);
+            if (st != 0) {
+                switch (st) {
+                case ERR_NO_MEM:
+                    st = ENOMEM;
+                    break;
+                case ERR_PWD_ZERO:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Password has zero length");
+                    break;
+                case ERR_PWD_BAD:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Password corrupted");
+                    break;
+                case ERR_PWD_NOT_HEX:
+                    st = EINVAL;
+                    krb5_set_error_message(context, st, "Not a hexadecimal password");
+                    break;
+                default:
+                    st = KRB5_KDB_SERVER_INTERNAL_ERR;
+                    break;
+                }
+                goto rp_exit;
+            }
+            *password = PT.value;
+        }
     }
 got_password:
 
 rp_exit:
     if (st) {
-	if (*password)
-	    free (*password);
-	*password = NULL;
+        if (*password)
+            free (*password);
+        *password = NULL;
     }
     return st;
 }
@@ -180,9 +179,7 @@ rp_exit:
 /* Encodes a sequence of bytes in hexadecimal */
 
 int
-tohex(in, ret)
-    krb5_data         in;
-    krb5_data         *ret;
+tohex(krb5_data in, krb5_data *ret)
 {
     int                i=0, err = 0;
 
@@ -191,20 +188,20 @@ tohex(in, ret)
 
     ret->data = malloc((unsigned int)in.length * 2 + 1 /*Null termination */);
     if (ret->data == NULL) {
-	err = ENOMEM;
-	goto cleanup;
+        err = ENOMEM;
+        goto cleanup;
     }
     ret->length = in.length * 2;
     ret->data[ret->length] = 0;
 
     for (i = 0; i < in.length; i++)
-	snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff);
+        snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff);
 
 cleanup:
 
     if (ret->length == 0) {
-	free(ret->data);
-	ret->data = NULL;
+        free(ret->data);
+        ret->data = NULL;
     }
 
     return err;
@@ -222,7 +219,9 @@ cleanup:
  * ERR_PWD_NOT_HEX - Not a hexadecimal password
  */
 
-int dec_password(struct data pwd, struct data *ret) {
+int
+dec_password(struct data pwd, struct data *ret)
+{
     int err=0;
     int i=0, j=0;
 
@@ -230,52 +229,52 @@ int dec_password(struct data pwd, struct data *ret) {
     ret->value = NULL;
 
     if (pwd.len == 0) {
-	err = ERR_PWD_ZERO;
-	ret->len = 0;
-	goto cleanup;
+        err = ERR_PWD_ZERO;
+        ret->len = 0;
+        goto cleanup;
     }
 
     /* Check if it is a hexadecimal encoded password */
     if (pwd.len >= strlen("{HEX}") &&
-	strncmp((char *)pwd.value, "{HEX}", strlen("{HEX}")) == 0) {
-
-	if ((pwd.len - strlen("{HEX}")) % 2 != 0) {
-	    /* A hexadecimal encoded password should have even length */
-	    err = ERR_PWD_BAD;
-	    ret->len = 0;
-	    goto cleanup;
-	}
-	ret->value = (unsigned char *)malloc((pwd.len - strlen("{HEX}")) / 2 + 1);
-	if (ret->value == NULL) {
-	    err = ERR_NO_MEM;
-	    ret->len = 0;
-	    goto cleanup;
-	}
-	ret->len = (pwd.len - strlen("{HEX}")) / 2;
-	ret->value[ret->len] = '\0';
-	for (i = strlen("{HEX}"), j = 0; i < pwd.len; i += 2, j++) {
-	    unsigned int k;
-	    /* Check if it is a hexadecimal number */
-	    if (isxdigit(pwd.value[i]) == 0 || isxdigit(pwd.value[i + 1]) == 0) {
-		err = ERR_PWD_NOT_HEX;
-		ret->len = 0;
-		goto cleanup;
-	    }
-	    sscanf((char *)pwd.value + i, "%2x", &k);
-	    ret->value[j] = k;
-	}
-	goto cleanup;
+        strncmp((char *)pwd.value, "{HEX}", strlen("{HEX}")) == 0) {
+
+        if ((pwd.len - strlen("{HEX}")) % 2 != 0) {
+            /* A hexadecimal encoded password should have even length */
+            err = ERR_PWD_BAD;
+            ret->len = 0;
+            goto cleanup;
+        }
+        ret->value = (unsigned char *)malloc((pwd.len - strlen("{HEX}")) / 2 + 1);
+        if (ret->value == NULL) {
+            err = ERR_NO_MEM;
+            ret->len = 0;
+            goto cleanup;
+        }
+        ret->len = (pwd.len - strlen("{HEX}")) / 2;
+        ret->value[ret->len] = '\0';
+        for (i = strlen("{HEX}"), j = 0; i < pwd.len; i += 2, j++) {
+            unsigned int k;
+            /* Check if it is a hexadecimal number */
+            if (isxdigit(pwd.value[i]) == 0 || isxdigit(pwd.value[i + 1]) == 0) {
+                err = ERR_PWD_NOT_HEX;
+                ret->len = 0;
+                goto cleanup;
+            }
+            sscanf((char *)pwd.value + i, "%2x", &k);
+            ret->value[j] = k;
+        }
+        goto cleanup;
     } else {
-	err = ERR_PWD_NOT_HEX;
-	ret->len = 0;
-	goto cleanup;
+        err = ERR_PWD_NOT_HEX;
+        ret->len = 0;
+        goto cleanup;
     }
 
 cleanup:
 
     if (ret->len == 0) {
-	free(ret->value);
-	ret->value = NULL;
+        free(ret->value);
+        ret->value = NULL;
     }
     return(err);
 }
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
index 05dd40a..aecaa49 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_service_stash.h
  *
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c
index 11f78ef..9be9772 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_services.c
  *
@@ -42,10 +43,8 @@ static char *realmcontclass[] = {"krbRealmContainer", NULL};
  */
 
 krb5_error_code
-krb5_ldap_create_service(context, service, mask)
-    krb5_context	        context;
-    krb5_ldap_service_params    *service;
-    int                         mask;
+krb5_ldap_create_service(krb5_context context,
+                         krb5_ldap_service_params *service, int mask)
 {
     int                         i=0, j=0;
     krb5_error_code             st=0;
@@ -59,9 +58,9 @@ krb5_ldap_create_service(context, service, mask)
 
     /* validate the input parameter */
     if (service == NULL || service->servicedn == NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Service DN NULL");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -71,73 +70,73 @@ krb5_ldap_create_service(context, service, mask)
     memset(strval, 0, sizeof(strval));
     strval[0] = "krbService";
     if (service->servicetype == LDAP_KDC_SERVICE) {
-	strval[1] = "krbKdcService";
-	realmattr = "krbKdcServers";
+        strval[1] = "krbKdcService";
+        realmattr = "krbKdcServers";
     } else if (service->servicetype == LDAP_ADMIN_SERVICE) {
-	strval[1] = "krbAdmService";
-	realmattr = "krbAdmServers";
+        strval[1] = "krbAdmService";
+        realmattr = "krbAdmServers";
     } else if (service->servicetype == LDAP_PASSWD_SERVICE) {
-	strval[1] = "krbPwdService";
-	realmattr = "krbPwdServers";
+        strval[1] = "krbPwdService";
+        realmattr = "krbPwdServers";
     } else {
-	strval[1] = "krbKdcService";
-	realmattr = "krbKdcServers";
+        strval[1] = "krbKdcService";
+        realmattr = "krbKdcServers";
     }
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     rdns = ldap_explode_dn(service->servicedn, 1);
     if (rdns == NULL) {
-	st = LDAP_INVALID_DN_SYNTAX;
-	goto cleanup;
+        st = LDAP_INVALID_DN_SYNTAX;
+        goto cleanup;
     }
     memset(strval, 0, sizeof(strval));
     strval[0] = rdns[0];
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
-					  service->krbserviceflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_ADD,
+                                          service->krbserviceflags)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-	if (service->krbhostservers != NULL) {
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
-					      service->krbhostservers)) != 0)
-		goto cleanup;
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "'krbhostserver' argument invalid");
-	    goto cleanup;
-	}
+        if (service->krbhostservers != NULL) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_ADD,
+                                              service->krbhostservers)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbhostserver' argument invalid");
+            goto cleanup;
+        }
     }
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-	if (service->krbrealmreferences != NULL) {
-	    unsigned int realmmask=0;
-
-	    /* check for the validity of the values */
-	    for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
-		st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
-					 realmcontclass, &realmmask);
-		CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
-	    }
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
-					      service->krbrealmreferences)) != 0)
-		goto cleanup;
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "Server has no 'krbrealmreferences'");
-	    goto cleanup;
-	}
+        if (service->krbrealmreferences != NULL) {
+            unsigned int realmmask=0;
+
+            /* check for the validity of the values */
+            for (j=0; service->krbrealmreferences[j] != NULL; ++j) {
+                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
+                                         realmcontclass, &realmmask);
+                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_ADD,
+                                              service->krbrealmreferences)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "Server has no 'krbrealmreferences'");
+            goto cleanup;
+        }
     }
 
     /* ldap add operation */
     if ((st=ldap_add_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_ADD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
     /*
@@ -145,24 +144,24 @@ krb5_ldap_create_service(context, service, mask)
      * to have a reference to the service object just created.
      */
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-	for (i=0; service->krbrealmreferences[i]; ++i) {
-	    if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
-				    service->servicedn)) != 0) {
-		snprintf (errbuf, sizeof(errbuf),
-			  "Error adding 'krbRealmReferences' to %s: ",
-			  service->krbrealmreferences[i]);
-		prepend_err_str (context, errbuf, st, st);
-		/* delete service object, status ignored intentionally */
-		ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
-		goto cleanup;
-	    }
-	}
+        for (i=0; service->krbrealmreferences[i]; ++i) {
+            if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr,
+                                    service->servicedn)) != 0) {
+                snprintf (errbuf, sizeof(errbuf),
+                          "Error adding 'krbRealmReferences' to %s: ",
+                          service->krbrealmreferences[i]);
+                prepend_err_str (context, errbuf, st, st);
+                /* delete service object, status ignored intentionally */
+                ldap_delete_ext_s(ld, service->servicedn, NULL, NULL);
+                goto cleanup;
+            }
+        }
     }
 
 cleanup:
 
     if (rdns)
-	ldap_value_free (rdns);
+        ldap_value_free (rdns);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -175,10 +174,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_service(context, service, mask)
-    krb5_context	        context;
-    krb5_ldap_service_params    *service;
-    int                         mask;
+krb5_ldap_modify_service(krb5_context context,
+                         krb5_ldap_service_params *service, int mask)
 {
     int                         i=0, j=0, count=0;
     krb5_error_code             st=0;
@@ -194,94 +191,94 @@ krb5_ldap_modify_service(context, service, mask)
 
     /* validate the input parameter */
     if (service == NULL || service->servicedn == NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Service DN is NULL");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN is NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if (mask & LDAP_SERVICE_SERVICEFLAG) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
-					  service->krbserviceflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbserviceflags", LDAP_MOD_REPLACE,
+                                          service->krbserviceflags)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_SERVICE_HOSTSERVER) {
-	if (service->krbhostservers != NULL) {
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
-					      service->krbhostservers)) != 0)
-		goto cleanup;
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "'krbhostserver' value invalid");
-	    goto cleanup;
-	}
+        if (service->krbhostservers != NULL) {
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbhostserver", LDAP_MOD_REPLACE,
+                                              service->krbhostservers)) != 0)
+                goto cleanup;
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbhostserver' value invalid");
+            goto cleanup;
+        }
     }
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-	if (service->krbrealmreferences != NULL) {
-	    unsigned int realmmask=0;
-
-	    /* check for the validity of the values */
-	    for (j=0; service->krbrealmreferences[j]; ++j) {
-		st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
-					 realmcontclass, &realmmask);
-		CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
-	    }
-	    if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
-					      service->krbrealmreferences)) != 0)
-		goto cleanup;
-
-
-	    /* get the attribute of the realm to be set */
-	    if (service->servicetype == LDAP_KDC_SERVICE)
-		realmattr = "krbKdcServers";
-	    else if (service->servicetype == LDAP_ADMIN_SERVICE)
-		realmattr = "krbAdmservers";
-	    else if (service->servicetype == LDAP_PASSWD_SERVICE)
-		realmattr = "krbPwdServers";
-	    else
-		realmattr = "krbKdcServers";
-
-	    /* read the existing list of krbRealmreferences. this will needed  */
-	    if ((st = ldap_search_ext_s (ld,
-					 service->servicedn,
-					 LDAP_SCOPE_BASE,
-					 0,
-					 attr,
-					 0,
-					 NULL,
-					 NULL,
-					 NULL,
-					 0,
-					 &result)) != LDAP_SUCCESS) {
-		st = set_ldap_error (context, st, OP_SEARCH);
-		goto cleanup;
-	    }
-
-	    ent = ldap_first_entry(ld, result);
-	    if (ent) {
-		if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
-		    count = ldap_count_values(values);
-		    if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
-			goto cleanup;
-		    ldap_value_free(values);
-		}
-	    }
-	    ldap_msgfree(result);
-	} else {
-	    st = EINVAL;
-	    krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
-	    goto cleanup;
-	}
+        if (service->krbrealmreferences != NULL) {
+            unsigned int realmmask=0;
+
+            /* check for the validity of the values */
+            for (j=0; service->krbrealmreferences[j]; ++j) {
+                st = checkattributevalue(ld, service->krbrealmreferences[j], "ObjectClass",
+                                         realmcontclass, &realmmask);
+                CHECK_CLASS_VALIDITY(st, realmmask, "realm object value: ");
+            }
+            if ((st=krb5_add_str_mem_ldap_mod(&mods, "krbrealmreferences", LDAP_MOD_REPLACE,
+                                              service->krbrealmreferences)) != 0)
+                goto cleanup;
+
+
+            /* get the attribute of the realm to be set */
+            if (service->servicetype == LDAP_KDC_SERVICE)
+                realmattr = "krbKdcServers";
+            else if (service->servicetype == LDAP_ADMIN_SERVICE)
+                realmattr = "krbAdmservers";
+            else if (service->servicetype == LDAP_PASSWD_SERVICE)
+                realmattr = "krbPwdServers";
+            else
+                realmattr = "krbKdcServers";
+
+            /* read the existing list of krbRealmreferences. this will needed  */
+            if ((st = ldap_search_ext_s (ld,
+                                         service->servicedn,
+                                         LDAP_SCOPE_BASE,
+                                         0,
+                                         attr,
+                                         0,
+                                         NULL,
+                                         NULL,
+                                         NULL,
+                                         0,
+                                         &result)) != LDAP_SUCCESS) {
+                st = set_ldap_error (context, st, OP_SEARCH);
+                goto cleanup;
+            }
+
+            ent = ldap_first_entry(ld, result);
+            if (ent) {
+                if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
+                    count = ldap_count_values(values);
+                    if ((st=copy_arrays(values, &oldrealmrefs, count)) != 0)
+                        goto cleanup;
+                    ldap_value_free(values);
+                }
+            }
+            ldap_msgfree(result);
+        } else {
+            st = EINVAL;
+            krb5_set_error_message (context, st, "'krbRealmReferences' value invalid");
+            goto cleanup;
+        }
     }
 
     /* ldap modify operation */
     if ((st=ldap_modify_ext_s(ld, service->servicedn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_MOD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
     /*
@@ -290,49 +287,49 @@ krb5_ldap_modify_service(context, service, mask)
      */
 
     if (mask & LDAP_SERVICE_REALMREFERENCE) {
-	/* get the count of the new list of krbrealmreferences */
-	for (i=0; service->krbrealmreferences[i]; ++i)
-	    ;
-
-	/* make a new copy of the krbrealmreferences */
-	if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
-	    goto cleanup;
-
-	/* find the deletions/additions to the list of krbrealmreferences */
-	if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
-	    goto cleanup;
-
-	/* see if some of the attributes have to be deleted */
-	if (oldrealmrefs) {
-
-	    /* update the dn represented by the attribute that is to be deleted */
-	    for (i=0; oldrealmrefs[i]; ++i)
-		if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
-		    prepend_err_str (context, "Error deleting realm attribute:", st, st);
-		    goto cleanup;
-		}
-	}
-
-	/* see if some of the attributes have to be added */
-	for (i=0; newrealmrefs[i]; ++i)
-	    if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
-		prepend_err_str (context, "Error updating realm attribute: ", st, st);
-		goto cleanup;
-	    }
+        /* get the count of the new list of krbrealmreferences */
+        for (i=0; service->krbrealmreferences[i]; ++i)
+            ;
+
+        /* make a new copy of the krbrealmreferences */
+        if ((st=copy_arrays(service->krbrealmreferences, &newrealmrefs, i)) != 0)
+            goto cleanup;
+
+        /* find the deletions/additions to the list of krbrealmreferences */
+        if (disjoint_members(oldrealmrefs, newrealmrefs) != 0)
+            goto cleanup;
+
+        /* see if some of the attributes have to be deleted */
+        if (oldrealmrefs) {
+
+            /* update the dn represented by the attribute that is to be deleted */
+            for (i=0; oldrealmrefs[i]; ++i)
+                if ((st=deleteAttribute(ld, oldrealmrefs[i], realmattr, service->servicedn)) != 0) {
+                    prepend_err_str (context, "Error deleting realm attribute:", st, st);
+                    goto cleanup;
+                }
+        }
+
+        /* see if some of the attributes have to be added */
+        for (i=0; newrealmrefs[i]; ++i)
+            if ((st=updateAttribute(ld, newrealmrefs[i], realmattr, service->servicedn)) != 0) {
+                prepend_err_str (context, "Error updating realm attribute: ", st, st);
+                goto cleanup;
+            }
     }
 
 cleanup:
 
     if (oldrealmrefs) {
-	for (i=0; oldrealmrefs[i]; ++i)
-	    free (oldrealmrefs[i]);
-	free (oldrealmrefs);
+        for (i=0; oldrealmrefs[i]; ++i)
+            free (oldrealmrefs[i]);
+        free (oldrealmrefs);
     }
 
     if (newrealmrefs) {
-	for (i=0; newrealmrefs[i]; ++i)
-	    free (newrealmrefs[i]);
-	free (newrealmrefs);
+        for (i=0; newrealmrefs[i]; ++i)
+            free (newrealmrefs[i]);
+        free (newrealmrefs);
     }
 
     ldap_mods_free(mods, 1);
@@ -342,10 +339,8 @@ cleanup:
 
 
 krb5_error_code
-krb5_ldap_delete_service(context, service, servicedn)
-    krb5_context                context;
-    krb5_ldap_service_params    *service;
-    char                        *servicedn;
+krb5_ldap_delete_service(krb5_context context,
+                         krb5_ldap_service_params *service, char *servicedn)
 {
     krb5_error_code             st = 0;
     LDAP                        *ld=NULL;
@@ -358,30 +353,30 @@ krb5_ldap_delete_service(context, service, servicedn)
 
     st = ldap_delete_ext_s(ld, servicedn, NULL, NULL);
     if (st != 0) {
-	st = set_ldap_error (context, st, OP_DEL);
+        st = set_ldap_error (context, st, OP_DEL);
     }
 
     /* NOTE: This should be removed now as the backlinks are going off in OpenLDAP */
     /* time to delete krbrealmreferences. This is only for OpenLDAP */
 #ifndef HAVE_EDIRECTORY
     {
-	int                         i=0;
-	char                        *attr=NULL;
-
-	if (service) {
-	    if (service->krbrealmreferences) {
-		if (service->servicetype == LDAP_KDC_SERVICE)
-		    attr = "krbkdcservers";
-		else if (service->servicetype == LDAP_ADMIN_SERVICE)
-		    attr = "krbadmservers";
-		else if (service->servicetype == LDAP_PASSWD_SERVICE)
-		    attr = "krbpwdservers";
-
-		for (i=0; service->krbrealmreferences[i]; ++i) {
-		    deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
-		}
-	    }
-	}
+        int                         i=0;
+        char                        *attr=NULL;
+
+        if (service) {
+            if (service->krbrealmreferences) {
+                if (service->servicetype == LDAP_KDC_SERVICE)
+                    attr = "krbkdcservers";
+                else if (service->servicetype == LDAP_ADMIN_SERVICE)
+                    attr = "krbadmservers";
+                else if (service->servicetype == LDAP_PASSWD_SERVICE)
+                    attr = "krbpwdservers";
+
+                for (i=0; service->krbrealmreferences[i]; ++i) {
+                    deleteAttribute(ld, service->krbrealmreferences[i], attr, servicedn);
+                }
+            }
+        }
     }
 #endif
 
@@ -397,10 +392,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_list_services(context, containerdn, services)
-    krb5_context	        context;
-    char                        *containerdn;
-    char                        ***services;
+krb5_ldap_list_services(krb5_context context, char *containerdn,
+                        char ***services)
 {
     return (krb5_ldap_list(context, services, "krbService", containerdn));
 }
@@ -409,18 +402,15 @@ krb5_ldap_list_services(context, containerdn, services)
  * This function reads the service object from Directory
  */
 krb5_error_code
-krb5_ldap_read_service(context, servicedn, service, omask)
-    krb5_context	        context;
-    char                        *servicedn;
-    krb5_ldap_service_params    **service;
-    int                         *omask;
+krb5_ldap_read_service(krb5_context context, char *servicedn,
+                       krb5_ldap_service_params **service, int *omask)
 {
     char                        **values=NULL;
     int                         i=0, count=0, objectmask=0;
     krb5_error_code             st=0, tempst=0;
     LDAPMessage                 *result=NULL,*ent=NULL;
     char                        *attributes[] = {"krbHostServer", "krbServiceflags",
-						 "krbRealmReferences", "objectclass", NULL};
+                                                 "krbRealmReferences", "objectclass", NULL};
     char                        *attrvalues[] = {"krbService", NULL};
     krb5_ldap_service_params    *lservice=NULL;
     krb5_ldap_context           *ldap_context=NULL;
@@ -430,9 +420,9 @@ krb5_ldap_read_service(context, servicedn, service, omask)
 
     /* validate the input parameter */
     if (servicedn == NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Service DN NULL");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Service DN NULL");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
@@ -447,15 +437,15 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     /* Initialize service structure */
     lservice =(krb5_ldap_service_params *) calloc(1, sizeof(krb5_ldap_service_params));
     if (lservice == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     /* allocate tl_data structure to store MASK information */
     lservice->tl_data = calloc (1, sizeof(*lservice->tl_data));
     if (lservice->tl_data == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     lservice->tl_data->tl_data_type = KDB_TL_USER_INFO;
 
@@ -467,57 +457,57 @@ krb5_ldap_read_service(context, servicedn, service, omask)
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
 
-	if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
-	    lservice->krbserviceflags = atoi(values[0]);
-	    *omask |= LDAP_SERVICE_SERVICEFLAG;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
-	    count = ldap_count_values(values);
-	    if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
-		goto cleanup;
-	    *omask |= LDAP_SERVICE_HOSTSERVER;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
-	    count = ldap_count_values(values);
-	    if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
-		goto cleanup;
-	    *omask |= LDAP_SERVICE_REALMREFERENCE;
-	    ldap_value_free(values);
-	}
-
-	if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
-	    for (i=0; values[i]; ++i) {
-		if (strcasecmp(values[i], "krbKdcService") == 0) {
-		    lservice->servicetype = LDAP_KDC_SERVICE;
-		    break;
-		}
-
-		if (strcasecmp(values[i], "krbAdmService") == 0) {
-		    lservice->servicetype = LDAP_ADMIN_SERVICE;
-		    break;
-		}
-
-		if (strcasecmp(values[i], "krbPwdService") == 0) {
-		    lservice->servicetype = LDAP_PASSWD_SERVICE;
-		    break;
-		}
-	    }
-	    ldap_value_free(values);
-	}
+        if ((values=ldap_get_values(ld, ent, "krbServiceFlags")) != NULL) {
+            lservice->krbserviceflags = atoi(values[0]);
+            *omask |= LDAP_SERVICE_SERVICEFLAG;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbHostServer")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(lservice->krbhostservers), count)) != 0)
+                goto cleanup;
+            *omask |= LDAP_SERVICE_HOSTSERVER;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "krbRealmReferences")) != NULL) {
+            count = ldap_count_values(values);
+            if ((st=copy_arrays(values, &(lservice->krbrealmreferences), count)) != 0)
+                goto cleanup;
+            *omask |= LDAP_SERVICE_REALMREFERENCE;
+            ldap_value_free(values);
+        }
+
+        if ((values=ldap_get_values(ld, ent, "objectClass")) != NULL) {
+            for (i=0; values[i]; ++i) {
+                if (strcasecmp(values[i], "krbKdcService") == 0) {
+                    lservice->servicetype = LDAP_KDC_SERVICE;
+                    break;
+                }
+
+                if (strcasecmp(values[i], "krbAdmService") == 0) {
+                    lservice->servicetype = LDAP_ADMIN_SERVICE;
+                    break;
+                }
+
+                if (strcasecmp(values[i], "krbPwdService") == 0) {
+                    lservice->servicetype = LDAP_PASSWD_SERVICE;
+                    break;
+                }
+            }
+            ldap_value_free(values);
+        }
     }
     ldap_msgfree(result);
 
 cleanup:
     if (st != 0) {
-	krb5_ldap_free_service(context, lservice);
-	*service = NULL;
+        krb5_ldap_free_service(context, lservice);
+        *service = NULL;
     } else {
-	store_tl_data(lservice->tl_data, KDB_TL_MASK, omask);
-	*service = lservice;
+        store_tl_data(lservice->tl_data, KDB_TL_MASK, omask);
+        *service = lservice;
     }
 
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -529,34 +519,32 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_service(context, service)
-    krb5_context                context;
-    krb5_ldap_service_params    *service;
+krb5_ldap_free_service(krb5_context context, krb5_ldap_service_params *service)
 {
     int                         i=0;
 
     if (service == NULL)
-	return 0;
+        return 0;
 
     if (service->servicedn)
-	free (service->servicedn);
+        free (service->servicedn);
 
     if (service->krbrealmreferences) {
-	for (i=0; service->krbrealmreferences[i]; ++i)
-	    free (service->krbrealmreferences[i]);
-	free (service->krbrealmreferences);
+        for (i=0; service->krbrealmreferences[i]; ++i)
+            free (service->krbrealmreferences[i]);
+        free (service->krbrealmreferences);
     }
 
     if (service->krbhostservers) {
-	for (i=0; service->krbhostservers[i]; ++i)
-	    free (service->krbhostservers[i]);
-	free (service->krbhostservers);
+        for (i=0; service->krbhostservers[i]; ++i)
+            free (service->krbhostservers[i]);
+        free (service->krbhostservers);
     }
 
     if (service->tl_data) {
-	if (service->tl_data->tl_data_contents)
-	    free (service->tl_data->tl_data_contents);
-	free (service->tl_data);
+        if (service->tl_data->tl_data_contents)
+            free (service->tl_data->tl_data_contents);
+        free (service->tl_data);
     }
 
     free (service);
@@ -564,10 +552,7 @@ krb5_ldap_free_service(context, service)
 }
 
 krb5_error_code
-krb5_ldap_set_service_passwd(context, service, passwd)
-    krb5_context                context;
-    char                        *service;
-    char                        *passwd;
+krb5_ldap_set_service_passwd(krb5_context context, char *service, char *passwd)
 {
     krb5_error_code             st=0;
     LDAPMod                     **mods=NULL;
@@ -583,11 +568,11 @@ krb5_ldap_set_service_passwd(context, service, passwd)
     GET_HANDLE();
 
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "userPassword", LDAP_MOD_REPLACE, password)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     st = ldap_modify_ext_s(ld, service, mods, NULL, NULL);
     if (st) {
-	st = set_ldap_error (context, st, OP_MOD);
+        st = set_ldap_error (context, st, OP_MOD);
     }
 
 cleanup:
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
index 5f0b1d7..5c9f524 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_services.h
  *
@@ -55,43 +56,46 @@
 #define SERVICE_PROTOCOL_TYPE_TCP     "1"
 
 typedef struct _krb5_ldap_service_params {
-        char            *servicedn;
-        int             servicetype;
-        int             krbserviceflags;
-        char            **krbhostservers;
-        char            **krbrealmreferences;
-        krb5_tl_data    *tl_data;
+    char            *servicedn;
+    int             servicetype;
+    int             krbserviceflags;
+    char            **krbhostservers;
+    char            **krbrealmreferences;
+    krb5_tl_data    *tl_data;
 } krb5_ldap_service_params;
 
 #ifdef HAVE_EDIRECTORY
 
 krb5_error_code
-krb5_ldap_read_service( krb5_context, char *, krb5_ldap_service_params **, int *);
+krb5_ldap_read_service(krb5_context, char *, krb5_ldap_service_params **,
+                       int *);
 
 krb5_error_code
-krb5_ldap_create_service( krb5_context, krb5_ldap_service_params *,int);
+krb5_ldap_create_service(krb5_context, krb5_ldap_service_params *, int);
 
 krb5_error_code
-krb5_ldap_modify_service( krb5_context, krb5_ldap_service_params *, int);
+krb5_ldap_modify_service(krb5_context, krb5_ldap_service_params *, int);
 
 krb5_error_code
-krb5_ldap_delete_service( krb5_context, krb5_ldap_service_params *, char *);
+krb5_ldap_delete_service(krb5_context, krb5_ldap_service_params *, char *);
 
 krb5_error_code
-krb5_ldap_list_services( krb5_context, char *, char ***);
+krb5_ldap_list_services(krb5_context, char *, char ***);
 
 krb5_error_code
-krb5_ldap_free_service( krb5_context, krb5_ldap_service_params *);
+krb5_ldap_free_service(krb5_context, krb5_ldap_service_params *);
 
 
 krb5_error_code
-krb5_ldap_set_service_passwd( krb5_context, char *, char *);
+krb5_ldap_set_service_passwd(krb5_context, char *, char *);
 
 krb5_error_code
-krb5_ldap_add_service_rights( krb5_context, int, char *, char *, char **, char *, int);
+krb5_ldap_add_service_rights(krb5_context, int, char *, char *, char **,
+                             char *, int);
 
 krb5_error_code
-krb5_ldap_delete_service_rights( krb5_context, int, char *, char *, char **, char *, int);
+krb5_ldap_delete_service_rights(krb5_context, int, char *, char *, char **,
+                                char *, int);
 #endif
 
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index face038..e8f1c57 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_tkt_policy.c
  *
@@ -39,10 +40,8 @@
  * create the Ticket policy object in Directory.
  */
 krb5_error_code
-krb5_ldap_create_policy(context, policy, mask)
-    krb5_context	        context;
-    krb5_ldap_policy_params     *policy;
-    int                         mask;
+krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
 {
     krb5_error_code             st=0;
     LDAP                        *ld=NULL;
@@ -54,55 +53,55 @@ krb5_ldap_create_policy(context, policy, mask)
 
     /* validate the input parameters */
     if (policy == NULL || policy->policy == NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Ticket Policy Name missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Ticket Policy Name missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     memset(strval, 0, sizeof(strval));
     strval[0] = policy->policy;
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "cn", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     memset(strval, 0, sizeof(strval));
     strval[0] = "krbTicketPolicy";
     strval[1] = "krbTicketPolicyaux";
     if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
-					  policy->maxtktlife)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_ADD,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
-					  policy->maxrenewlife)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_ADD,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_TKTFLAGS) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
-					  policy->tktflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_ADD,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
     }
 
     /* ldap add operation */
     if ((st=ldap_add_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_ADD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_ADD);
+        goto cleanup;
     }
 
 cleanup:
     if (policy_dn != NULL)
-	free(policy_dn);
+        free(policy_dn);
 
     ldap_mods_free(mods, 1);
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
@@ -115,10 +114,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_modify_policy(context, policy, mask)
-    krb5_context	        context;
-    krb5_ldap_policy_params     *policy;
-    int                         mask;
+krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy,
+                        int mask)
 {
     int                         objectmask=0;
     krb5_error_code             st=0;
@@ -132,49 +129,49 @@ krb5_ldap_modify_policy(context, policy, mask)
 
     /* validate the input parameters */
     if (policy == NULL || policy->policy==NULL) {
-	st = EINVAL;
-	krb5_set_error_message (context, st, "Ticket Policy Name missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message (context, st, "Ticket Policy Name missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policy->policy, &policy_dn)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* the policydn object should be of the krbTicketPolicy object class */
     st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
     CHECK_CLASS_VALIDITY(st, objectmask, "ticket policy object: ");
 
     if ((objectmask & 0x02) == 0) { /* add krbticketpolicyaux to the object class list */
-	memset(strval, 0, sizeof(strval));
-	strval[0] = "krbTicketPolicyAux";
-	if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
-	    goto cleanup;
+        memset(strval, 0, sizeof(strval));
+        strval[0] = "krbTicketPolicyAux";
+        if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXTKTLIFE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
-					  policy->maxtktlife)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxticketlife", LDAP_MOD_REPLACE,
+                                          policy->maxtktlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_MAXRENEWLIFE) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
-					  policy->maxrenewlife)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbmaxrenewableage", LDAP_MOD_REPLACE,
+                                          policy->maxrenewlife)) != 0)
+            goto cleanup;
     }
 
     if (mask & LDAP_POLICY_TKTFLAGS) {
-	if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
-					  policy->tktflags)) != 0)
-	    goto cleanup;
+        if ((st=krb5_add_int_mem_ldap_mod(&mods, "krbticketflags", LDAP_MOD_REPLACE,
+                                          policy->tktflags)) != 0)
+            goto cleanup;
     }
 
     if ((st=ldap_modify_ext_s(ld, policy_dn, mods, NULL, NULL)) != LDAP_SUCCESS) {
-	st = set_ldap_error (context, st, OP_MOD);
-	goto cleanup;
+        st = set_ldap_error (context, st, OP_MOD);
+        goto cleanup;
     }
 
 cleanup:
@@ -193,11 +190,8 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_read_policy(context, policyname, policy, omask)
-    krb5_context	        context;
-    char                        *policyname;
-    krb5_ldap_policy_params     **policy;
-    int                         *omask;
+krb5_ldap_read_policy(krb5_context context, char *policyname,
+                      krb5_ldap_policy_params **policy, int *omask)
 {
     krb5_error_code             st=0, tempst=0;
     int                         objectmask=0;
@@ -212,16 +206,16 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
     /* validate the input parameters */
     if (policyname == NULL  || policy == NULL) {
-	st = EINVAL;
-	krb5_set_error_message(context, st, "Ticket Policy Object information missing");
-	goto cleanup;
+        st = EINVAL;
+        krb5_set_error_message(context, st, "Ticket Policy Object information missing");
+        goto cleanup;
     }
 
     SETUP_CONTEXT();
     GET_HANDLE();
 
     if ((st = krb5_ldap_name_to_policydn (context, policyname, &policy_dn)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     /* the policydn object should be of the krbTicketPolicy object class */
     st = checkattributevalue(ld, policy_dn, "objectClass", attrvalues, &objectmask);
@@ -233,8 +227,8 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
     memset(lpolicy, 0, sizeof(krb5_ldap_policy_params));
 
     if ((lpolicy->policy = strdup (policyname)) == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     lpolicy->tl_data = calloc (1, sizeof(*lpolicy->tl_data));
@@ -247,14 +241,14 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
     ent=ldap_first_entry(ld, result);
     if (ent != NULL) {
-	if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
-	    *omask |= LDAP_POLICY_MAXTKTLIFE;
+        if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", (int *) &(lpolicy->maxtktlife)) == 0)
+            *omask |= LDAP_POLICY_MAXTKTLIFE;
 
-	if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
-	    *omask |= LDAP_POLICY_MAXRENEWLIFE;
+        if (krb5_ldap_get_value(ld, ent, "krbmaxrenewableage", (int *) &(lpolicy->maxrenewlife)) == 0)
+            *omask |= LDAP_POLICY_MAXRENEWLIFE;
 
-	if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
-	    *omask |= LDAP_POLICY_TKTFLAGS;
+        if (krb5_ldap_get_value(ld, ent, "krbticketflags", (int *) &(lpolicy->tktflags)) == 0)
+            *omask |= LDAP_POLICY_TKTFLAGS;
     }
     ldap_msgfree(result);
 
@@ -264,8 +258,8 @@ krb5_ldap_read_policy(context, policyname, policy, omask)
 
 cleanup:
     if (st != 0) {
-	krb5_ldap_free_policy(context, lpolicy);
-	*policy = NULL;
+        krb5_ldap_free_policy(context, lpolicy);
+        *policy = NULL;
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
@@ -288,22 +282,20 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_delete_policy(context, policyname)
-    krb5_context                context;
-    char                        *policyname;
+krb5_ldap_delete_policy(krb5_context context, char *policyname)
 {
-	int                         refcount = 0;
-	char                        *policy_dn = NULL;
+    int                         refcount = 0;
+    char                        *policy_dn = NULL;
     krb5_error_code             st = 0;
     LDAP                        *ld = NULL;
     kdb5_dal_handle             *dal_handle=NULL;
     krb5_ldap_context           *ldap_context=NULL;
     krb5_ldap_server_handle     *ldap_server_handle=NULL;
 
-	if (policyname == NULL) {
-	st = EINVAL;
-	prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
-	goto cleanup;
+    if (policyname == NULL) {
+        st = EINVAL;
+        prepend_err_str (context,"Ticket Policy Object DN missing",st,st);
+        goto cleanup;
     }
 
 
@@ -317,19 +309,19 @@ krb5_ldap_delete_policy(context, policyname)
      * it is greater than 0.  */
 
     if ((st = krb5_ldap_get_reference_count (context, policy_dn,
-                    "krbTicketPolicyReference", &refcount, ld)) != 0)
+                                             "krbTicketPolicyReference", &refcount, ld)) != 0)
         goto cleanup;
 
     if (refcount == 0) {
-	if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
-	    prepend_err_str (context,ldap_err2string(st),st,st);
+        if ((st=ldap_delete_ext_s(ld, policy_dn, NULL, NULL)) != 0) {
+            prepend_err_str (context,ldap_err2string(st),st,st);
 
-	    goto cleanup;
-	}
+            goto cleanup;
+        }
     } else {
-	st = EINVAL;
-	prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
-	goto cleanup;
+        st = EINVAL;
+        prepend_err_str (context,"Delete Failed: One or more Principals associated with the Ticket Policy",st,st);
+        goto cleanup;
     }
 
 cleanup:
@@ -345,10 +337,7 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_list_policy(context, containerdn, policy)
-    krb5_context	        context;
-    char                        *containerdn;
-    char                        ***policy;
+krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 {
     int                         i, j, count;
     char                        **list = NULL;
@@ -363,7 +352,7 @@ krb5_ldap_list_policy(context, containerdn, policy)
     }
 
     if ((st = krb5_ldap_list(context, &list, "krbTicketPolicy", policycontainerdn)) != 0)
-	goto cleanup;
+        goto cleanup;
 
     for (i = 0; list[i] != NULL; i++);
 
@@ -371,15 +360,15 @@ krb5_ldap_list_policy(context, containerdn, policy)
 
     *policy = (char **) calloc ((unsigned) count + 1, sizeof(char *));
     if (*policy == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
-	int ret;
-	ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
-	if (ret != 0)
-	    j--;
+        int ret;
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        if (ret != 0)
+            j--;
     }
 
 cleanup:
@@ -393,23 +382,21 @@ cleanup:
  */
 
 krb5_error_code
-krb5_ldap_free_policy(context, policy)
-    krb5_context                context;
-    krb5_ldap_policy_params    *policy;
+krb5_ldap_free_policy(krb5_context context, krb5_ldap_policy_params *policy)
 {
 
     krb5_error_code st=0;
 
     if (policy == NULL)
-	return st;
+        return st;
 
     if (policy->policy)
-	free (policy->policy);
+        free (policy->policy);
 
     if (policy->tl_data) {
-	if (policy->tl_data->tl_data_contents)
-	    free (policy->tl_data->tl_data_contents);
-	free (policy->tl_data);
+        if (policy->tl_data->tl_data_contents)
+            free (policy->tl_data->tl_data_contents);
+        free (policy->tl_data);
     }
     free (policy);
 
@@ -422,11 +409,8 @@ krb5_ldap_free_policy(context, policy)
  */
 
 krb5_error_code
-krb5_ldap_list(context, list, objectclass, containerdn)
-    krb5_context	        context;
-    char                        ***list;
-    char                        *objectclass;
-    char                        *containerdn;
+krb5_ldap_list(krb5_context context, char ***list, char *objectclass,
+               char *containerdn)
 {
     char                        *filter=NULL, *dn=NULL;
     krb5_error_code             st=0, tempst=0;
@@ -442,18 +426,18 @@ krb5_ldap_list(context, list, objectclass, containerdn)
 
     /* check if the containerdn exists */
     if (containerdn) {
-	if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
-	    prepend_err_str (context, "Error reading container object: ", st, st);
-	    goto cleanup;
-	}
+        if ((st=checkattributevalue(ld, containerdn, NULL, NULL, NULL)) != 0) {
+            prepend_err_str (context, "Error reading container object: ", st, st);
+            goto cleanup;
+        }
     }
 
     /* set the filter for the search operation */
     filterlen = strlen("(objectclass=") + strlen(objectclass) + 1 + 1;
     filter = malloc ((unsigned) filterlen);
     if (filter == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
     snprintf(filter, (unsigned) filterlen,"(objectclass=%s)",objectclass);
 
@@ -461,40 +445,40 @@ krb5_ldap_list(context, list, objectclass, containerdn)
 
     count = ldap_count_entries(ld, result);
     if (count == -1) {
-	ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
-	st = set_ldap_error(context, st, OP_SEARCH);
-	goto cleanup;
+        ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &st);
+        st = set_ldap_error(context, st, OP_SEARCH);
+        goto cleanup;
     }
     *list = (char **) calloc ((unsigned) count+1, sizeof(char *));
     if (*list == NULL) {
-	st = ENOMEM;
-	goto cleanup;
+        st = ENOMEM;
+        goto cleanup;
     }
 
     for (ent=ldap_first_entry(ld, result), count=0; ent != NULL; ent=ldap_next_entry(ld, ent), ++count) {
-	if ((dn=ldap_get_dn(ld, ent)) == NULL)
-	    continue;
-	if (((*list)[count] = strdup(dn)) == NULL) {
-	    ldap_memfree (dn);
-	    st = ENOMEM;
-	    goto cleanup;
-	}
-	ldap_memfree(dn);
+        if ((dn=ldap_get_dn(ld, ent)) == NULL)
+            continue;
+        if (((*list)[count] = strdup(dn)) == NULL) {
+            ldap_memfree (dn);
+            st = ENOMEM;
+            goto cleanup;
+        }
+        ldap_memfree(dn);
     }
     ldap_msgfree(result);
 
 cleanup:
     if (filter)
-	free (filter);
+        free (filter);
 
     /* some error, free up all the memory */
     if (st != 0) {
-	if (*list) {
-	    for (i=0; (*list)[i]; ++i)
-		free ((*list)[i]);
-	    free (*list);
-	    *list = NULL;
-	}
+        if (*list) {
+            for (i=0; (*list)[i]; ++i)
+                free ((*list)[i]);
+            free (*list);
+            *list = NULL;
+        }
     }
     krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
     return st;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
index 9a1f2ea..fceb832 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * lib/kdb/kdb_ldap/ldap_tkt_policy.h
  *
@@ -40,12 +41,12 @@
 /* policy object structure */
 
 typedef struct _krb5_ldap_policy_params {
-  char                  *policy;
-  long                  mask;
-  long                  maxtktlife;
-  long                  maxrenewlife;
-  long                  tktflags;
-  krb5_tl_data          *tl_data;
+    char                  *policy;
+    long                  mask;
+    long                  maxtktlife;
+    long                  maxrenewlife;
+    long                  tktflags;
+    krb5_tl_data          *tl_data;
 }krb5_ldap_policy_params;
 
 krb5_error_code
@@ -70,6 +71,6 @@ krb5_error_code
 krb5_ldap_free_policy(krb5_context, krb5_ldap_policy_params *);
 
 krb5_error_code
-krb5_ldap_change_count(krb5_context ,char * , int);
+krb5_ldap_change_count(krb5_context, char *, int);
 
 #endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
index 6b2d49e..020c77a 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/kdb/ldap/lockout.c
  *
diff --git a/src/plugins/locate/python/Makefile.in b/src/plugins/locate/python/Makefile.in
index 1f5f9e2..790de84 100644
--- a/src/plugins/locate/python/Makefile.in
+++ b/src/plugins/locate/python/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../../..
-myfulldir=plugins/locate/python
 mydir=plugins/locate/python
 BUILDTOP=$(REL)..$(S)..$(S)..
 
diff --git a/src/plugins/locate/python/deps b/src/plugins/locate/python/deps
index 11624e9..0e4d3c4 100644
--- a/src/plugins/locate/python/deps
+++ b/src/plugins/locate/python/deps
@@ -3,7 +3,7 @@
 #
 py-locate.so py-locate.po $(OUTPRE)py-locate.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   py-locate.c
diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c
index 6f4943a..ca6dcba 100644
--- a/src/plugins/locate/python/py-locate.c
+++ b/src/plugins/locate/python/py-locate.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/locate/python/py-locate.c
  *
@@ -72,26 +73,26 @@
 #error "Where's the Python header file?"
 #endif
 #include <errno.h>
-#include "k5-platform.h"	/* for init/fini macros */
+#include "k5-platform.h"        /* for init/fini macros */
 #include "fake-addrinfo.h"
 
 #include <krb5/locate_plugin.h>
 
-#define LIBDIR			"/tmp" /* should be imported from configure */
-#define SCRIPT_PATH		LIBDIR "/krb5/locate-service.py"
-#define LOOKUP_FUNC_NAME	"locate"
+#define LIBDIR                  "/tmp" /* should be imported from configure */
+#define SCRIPT_PATH             LIBDIR "/krb5/locate-service.py"
+#define LOOKUP_FUNC_NAME        "locate"
 
 static PyObject *locatefn;
 
 MAKE_INIT_FUNCTION(my_init);
 MAKE_FINI_FUNCTION(my_fini);
 
-#define F	(strchr(__FILE__, '/') ? 1 + strrchr(__FILE__, '/') : __FILE__)
+#define F       (strchr(__FILE__, '/') ? 1 + strrchr(__FILE__, '/') : __FILE__)
 
-static krb5_context sctx;	/* XXX ugly hack! */
+static krb5_context sctx;       /* XXX ugly hack! */
 
 int
-my_init (void)
+my_init(void)
 {
     PyObject *mainmodule;
     FILE *f;
@@ -100,11 +101,11 @@ my_init (void)
 //    fprintf(stderr, "trying to load %s\n", SCRIPT_PATH);
     f = fopen(SCRIPT_PATH, "r");
     if (f == NULL) {
-	if (sctx)
-	    krb5_set_error_message(sctx, -1,
-				   "couldn't open Python script %s (%s)",
-				   SCRIPT_PATH, strerror(errno));
-	return -1;
+        if (sctx)
+            krb5_set_error_message(sctx, -1,
+                                   "couldn't open Python script %s (%s)",
+                                   SCRIPT_PATH, strerror(errno));
+        return -1;
     }
     set_cloexec_file(f);
     PyRun_SimpleFile (f, SCRIPT_PATH);
@@ -115,29 +116,29 @@ my_init (void)
     if (PyErr_Occurred()) { fprintf(stderr,"%s:%d: python error\n", F, __LINE__); PyErr_Print(); return -1; }
     /* Don't DECREF mainmodule, it's sometimes causing crashes.  */
     if (locatefn == 0)
-	return -1;
+        return -1;
     if (!PyCallable_Check (locatefn)) {
-	Py_DECREF (locatefn);
-	locatefn = 0;
-	return -1;
+        Py_DECREF (locatefn);
+        locatefn = 0;
+        return -1;
     }
     if (PyErr_Occurred()) { fprintf(stderr,"%s:%d: python error\n", F, __LINE__); PyErr_Print(); return -1; }
     return 0;
 }
 
 void
-my_fini (void)
+my_fini(void)
 {
 //    fprintf(stderr, "%s:%d: Python module finalization\n", F, __LINE__);
     if (! INITIALIZER_RAN (my_init))
-	return;
+        return;
     Py_DECREF (locatefn);
     locatefn = 0;
     Py_Finalize ();
 }
 
 static krb5_error_code
-ctxinit (krb5_context ctx, void **blobptr)
+ctxinit(krb5_context ctx, void **blobptr)
 {
     /* If we wanted to create a separate Python interpreter instance,
        look up the pathname of the script in the config file used for
@@ -150,7 +151,7 @@ ctxinit (krb5_context ctx, void **blobptr)
 }
 
 static void
-ctxfini (void *blob)
+ctxfini(void *blob)
 {
 }
 
@@ -170,9 +171,9 @@ ctxfini (void *blob)
    isn't going to be very useful to the caller.)  */
 
 static krb5_error_code
-lookup (void *blob, enum locate_service_type svc, const char *realm,
-	int socktype, int family,
-	int (*cbfunc)(void *, int, struct sockaddr *), void *cbdata)
+lookup(void *blob, enum locate_service_type svc, const char *realm,
+       int socktype, int family,
+       int (*cbfunc)(void *, int, struct sockaddr *), void *cbdata)
 {
     PyObject *py_result, *svcarg, *realmarg, *arglist;
     int listsize, i, x;
@@ -180,17 +181,17 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     int thissocktype;
 
 //    fprintf(stderr, "%s:%d: lookup(%d,%s,%d,%d)\n", F, __LINE__,
-//	    svc, realm, socktype, family);
-    sctx = blob;		/* XXX: Not thread safe!  */
+//          svc, realm, socktype, family);
+    sctx = blob;                /* XXX: Not thread safe!  */
     i = CALL_INIT_FUNCTION (my_init);
     if (i) {
 #if 0
-	fprintf(stderr, "%s:%d: module initialization failed\n", F, __LINE__);
+        fprintf(stderr, "%s:%d: module initialization failed\n", F, __LINE__);
 #endif
-	return i;
+        return i;
     }
     if (locatefn == 0)
-	return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
     svcarg = PyInt_FromLong (svc);
     /* error? */
     realmarg = PyString_FromString ((char *) realm);
@@ -207,24 +208,24 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     py_result = PyObject_CallObject (locatefn, arglist);
     Py_DECREF (arglist);
     if (PyErr_Occurred()) {
-	fprintf(stderr,"%s:%d: python error\n", F, __LINE__);
-	PyErr_Print();
-	krb5_set_error_message(blob, -1,
-			       "Python evaluation error, see stderr");
-	return -1;
+        fprintf(stderr,"%s:%d: python error\n", F, __LINE__);
+        PyErr_Print();
+        krb5_set_error_message(blob, -1,
+                               "Python evaluation error, see stderr");
+        return -1;
     }
     if (py_result == 0) {
-	fprintf(stderr, "%s:%d: returned null object\n", F, __LINE__);
-	return -1;
+        fprintf(stderr, "%s:%d: returned null object\n", F, __LINE__);
+        return -1;
     }
     if (py_result == Py_False)
-	return KRB5_PLUGIN_NO_HANDLE;
+        return KRB5_PLUGIN_NO_HANDLE;
     if (! PyList_Check (py_result)) {
-	Py_DECREF (py_result);
-	fprintf(stderr, "%s:%d: returned non-list, non-False\n", F, __LINE__);
-	krb5_set_error_message(blob, -1,
-			       "Python script error -- returned non-list, non-False result");
-	return -1;
+        Py_DECREF (py_result);
+        fprintf(stderr, "%s:%d: returned non-list, non-False\n", F, __LINE__);
+        krb5_set_error_message(blob, -1,
+                               "Python script error -- returned non-list, non-False result");
+        return -1;
     }
     listsize = PyList_Size (py_result);
     /* allocate */
@@ -232,83 +233,83 @@ lookup (void *blob, enum locate_service_type svc, const char *realm,
     aihints.ai_flags = AI_NUMERICHOST;
     aihints.ai_family = family;
     for (i = 0; i < listsize; i++) {
-	PyObject *answer, *field;
-	char *hoststr, *portstr, portbuf[3*sizeof(long) + 4];
-	int cbret;
+        PyObject *answer, *field;
+        char *hoststr, *portstr, portbuf[3*sizeof(long) + 4];
+        int cbret;
 
-	answer = PyList_GetItem (py_result, i);
-	if (! PyTuple_Check (answer)) {
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- returned item %d not a tuple", i);
-	    /* leak?  */
-	    return -1;
-	}
-	if (PyTuple_Size (answer) != 3) {
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- returned tuple %d size %d should be 3",
-				   i, PyTuple_Size (answer));
-	    /* leak?  */
-	    return -1;
-	}
-	field = PyTuple_GetItem (answer, 0);
-	if (! PyString_Check (field)) {
-	    /* leak?  */
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- first component of tuple %d is not a string",
-				   i);
-	    return -1;
-	}
-	hoststr = PyString_AsString (field);
-	field = PyTuple_GetItem (answer, 1);
-	if (PyString_Check (field)) {
-	    portstr = PyString_AsString (field);
-	} else if (PyInt_Check (field)) {
-	    snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field));
-	    portstr = portbuf;
-	} else {
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- second component of tuple %d neither a string nor an integer",
-				   i);
-	    /* leak?  */
-	    return -1;
-	}
-	field = PyTuple_GetItem (answer, 2);
-	if (! PyInt_Check (field)) {
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- third component of tuple %d not an integer",
-				   i);
-	    /* leak?  */
-	    return -1;
-	}
-	thissocktype = PyInt_AsLong (field);
-	switch (thissocktype) {
-	case SOCK_STREAM:
-	case SOCK_DGRAM:
-	    /* okay */
-	    if (socktype != 0 && socktype != thissocktype) {
-		krb5_set_error_message(blob, -1,
-				       "Python script error -- tuple %d has socket type %d, should only have %d",
-				       i, thissocktype, socktype);
-		/* leak?  */
-		return -1;
-	    }
-	    break;
-	default:
-	    /* 0 is not acceptable */
-	    krb5_set_error_message(blob, -1,
-				   "Python script error -- tuple %d has invalid socket type %d",
-				   i, thissocktype);
-	    /* leak?  */
-	    return -1;
-	}
-	aihints.ai_socktype = thissocktype;
-	x = getaddrinfo (hoststr, portstr, &aihints, &airesult);
-	if (x != 0)
-	    continue;
-	cbret = cbfunc(cbdata, airesult->ai_socktype, airesult->ai_addr);
-	freeaddrinfo(airesult);
-	if (cbret != 0)
-	    break;
+        answer = PyList_GetItem (py_result, i);
+        if (! PyTuple_Check (answer)) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- returned item %d not a tuple", i);
+            /* leak?  */
+            return -1;
+        }
+        if (PyTuple_Size (answer) != 3) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- returned tuple %d size %d should be 3",
+                                   i, PyTuple_Size (answer));
+            /* leak?  */
+            return -1;
+        }
+        field = PyTuple_GetItem (answer, 0);
+        if (! PyString_Check (field)) {
+            /* leak?  */
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- first component of tuple %d is not a string",
+                                   i);
+            return -1;
+        }
+        hoststr = PyString_AsString (field);
+        field = PyTuple_GetItem (answer, 1);
+        if (PyString_Check (field)) {
+            portstr = PyString_AsString (field);
+        } else if (PyInt_Check (field)) {
+            snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field));
+            portstr = portbuf;
+        } else {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- second component of tuple %d neither a string nor an integer",
+                                   i);
+            /* leak?  */
+            return -1;
+        }
+        field = PyTuple_GetItem (answer, 2);
+        if (! PyInt_Check (field)) {
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- third component of tuple %d not an integer",
+                                   i);
+            /* leak?  */
+            return -1;
+        }
+        thissocktype = PyInt_AsLong (field);
+        switch (thissocktype) {
+        case SOCK_STREAM:
+        case SOCK_DGRAM:
+            /* okay */
+            if (socktype != 0 && socktype != thissocktype) {
+                krb5_set_error_message(blob, -1,
+                                       "Python script error -- tuple %d has socket type %d, should only have %d",
+                                       i, thissocktype, socktype);
+                /* leak?  */
+                return -1;
+            }
+            break;
+        default:
+            /* 0 is not acceptable */
+            krb5_set_error_message(blob, -1,
+                                   "Python script error -- tuple %d has invalid socket type %d",
+                                   i, thissocktype);
+            /* leak?  */
+            return -1;
+        }
+        aihints.ai_socktype = thissocktype;
+        x = getaddrinfo (hoststr, portstr, &aihints, &airesult);
+        if (x != 0)
+            continue;
+        cbret = cbfunc(cbdata, airesult->ai_socktype, airesult->ai_addr);
+        freeaddrinfo(airesult);
+        if (cbret != 0)
+            break;
     }
     Py_DECREF (py_result);
     return 0;
diff --git a/src/plugins/preauth/cksum_body/Makefile.in b/src/plugins/preauth/cksum_body/Makefile.in
index ba91e9a..adad2cf 100644
--- a/src/plugins/preauth/cksum_body/Makefile.in
+++ b/src/plugins/preauth/cksum_body/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/preauth/cksum_body
 mydir=plugins/preauth/cksum_body
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c
index 77de0a8..b03a29a 100644
--- a/src/plugins/preauth/cksum_body/cksum_body_main.c
+++ b/src/plugins/preauth/cksum_body/cksum_body_main.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2006 Red Hat, Inc.
  * All rights reserved.
@@ -79,22 +80,22 @@ client_get_flags(krb5_context kcontext, krb5_preauthtype pa_type)
 
 static krb5_error_code
 client_process(krb5_context kcontext,
-	       void *client_plugin_context,
-	       void *client_request_context,
-	       krb5_get_init_creds_opt *opt,
-	       preauth_get_client_data_proc client_get_data_proc,
-	       struct _krb5_preauth_client_rock *rock,
-	       krb5_kdc_req *request,
-	       krb5_data *encoded_request_body,
-	       krb5_data *encoded_previous_request,
-	       krb5_pa_data *pa_data,
-	       krb5_prompter_fct prompter,
-	       void *prompter_data,
-	       preauth_get_as_key_proc gak_fct,
-	       void *gak_data,
-	       krb5_data *salt, krb5_data *s2kparams,
-	       krb5_keyblock *as_key,
-	       krb5_pa_data ***out_pa_data)
+               void *client_plugin_context,
+               void *client_request_context,
+               krb5_get_init_creds_opt *opt,
+               preauth_get_client_data_proc client_get_data_proc,
+               struct _krb5_preauth_client_rock *rock,
+               krb5_kdc_req *request,
+               krb5_data *encoded_request_body,
+               krb5_data *encoded_previous_request,
+               krb5_pa_data *pa_data,
+               krb5_prompter_fct prompter,
+               void *prompter_data,
+               preauth_get_as_key_proc gak_fct,
+               void *gak_data,
+               krb5_data *salt, krb5_data *s2kparams,
+               krb5_keyblock *as_key,
+               krb5_pa_data ***out_pa_data)
 {
     krb5_pa_data **send_pa;
     krb5_checksum checksum;
@@ -107,20 +108,20 @@ client_process(krb5_context kcontext,
     krb5_gic_opt_pa_data *gic_info;
 
     status = krb5_get_init_creds_opt_get_pa(kcontext, opt,
-					    &num_gic_info, &gic_info);
+                                            &num_gic_info, &gic_info);
     if (status && status != ENOENT) {
 #ifdef DEBUG
-	fprintf(stderr, "Error from krb5_get_init_creds_opt_get_pa: %s\n",
-		error_message(status));
+        fprintf(stderr, "Error from krb5_get_init_creds_opt_get_pa: %s\n",
+                error_message(status));
 #endif
-	return status;
+        return status;
     }
 #ifdef DEBUG
     fprintf(stderr, "(cksum_body) Got the following gic options:\n");
 #endif
     for (i = 0; i < num_gic_info; i++) {
 #ifdef DEBUG
-	fprintf(stderr, "  '%s' = '%s'\n", gic_info[i].attr, gic_info[i].value);
+        fprintf(stderr, "  '%s' = '%s'\n", gic_info[i].attr, gic_info[i].value);
 #endif
     }
     krb5_get_init_creds_opt_free_pa(kcontext, num_gic_info, gic_info);
@@ -130,33 +131,33 @@ client_process(krb5_context kcontext,
     /* Get the user's long-term key if we haven't asked for it yet.  Try
      * all of the encryption types which the server supports. */
     if (as_key->length == 0) {
-	if ((pa_data != NULL) && (pa_data->length >= 4)) {
+        if ((pa_data != NULL) && (pa_data->length >= 4)) {
 #ifdef DEBUG
-	    fprintf(stderr, "%d bytes of preauth data.\n", pa_data->length);
+            fprintf(stderr, "%d bytes of preauth data.\n", pa_data->length);
 #endif
-	    n_enctypes = pa_data->length / 4;
-	    enctypes = (krb5_int32*) pa_data->contents;
-	} else {
-	    n_enctypes = request->nktypes;
-	}
-	for (i = 0; i < n_enctypes; i++) {
-	    if ((pa_data != NULL) && (pa_data->length >= 4)) {
-		memcpy(&enctype, pa_data->contents + 4 * i, 4);
-		enctype = ntohl(enctype);
-	    } else {
-		enctype = request->ktype[i];
-	    }
+            n_enctypes = pa_data->length / 4;
+            enctypes = (krb5_int32*) pa_data->contents;
+        } else {
+            n_enctypes = request->nktypes;
+        }
+        for (i = 0; i < n_enctypes; i++) {
+            if ((pa_data != NULL) && (pa_data->length >= 4)) {
+                memcpy(&enctype, pa_data->contents + 4 * i, 4);
+                enctype = ntohl(enctype);
+            } else {
+                enctype = request->ktype[i];
+            }
 #ifdef DEBUG
-	    fprintf(stderr, "Asking for AS key (type = %d).\n", enctype);
+            fprintf(stderr, "Asking for AS key (type = %d).\n", enctype);
 #endif
-	    status = (*gak_fct)(kcontext, request->client, enctype,
-				prompter, prompter_data,
-				salt, s2kparams, as_key, gak_data);
-	    if (status == 0)
-		break;
-	}
-	if (status != 0)
-	    return status;
+            status = (*gak_fct)(kcontext, request->client, enctype,
+                                prompter, prompter_data,
+                                salt, s2kparams, as_key, gak_data);
+            if (status == 0)
+                break;
+        }
+        if (status != 0)
+            return status;
     }
 #ifdef DEBUG
     fprintf(stderr, "Got AS key (type = %d).\n", as_key->enctype);
@@ -166,53 +167,53 @@ client_process(krb5_context kcontext,
     cksumtype_count = 0;
     cksumtypes = NULL;
     status = krb5_c_keyed_checksum_types(kcontext, as_key->enctype,
-					 &cksumtype_count, &cksumtypes);
+                                         &cksumtype_count, &cksumtypes);
     if (status != 0)
-	return status;
+        return status;
 
     /* Generate the checksum. */
     for (i = 0; i < cksumtype_count; i++) {
-	status = krb5_c_make_checksum(kcontext, cksumtypes[i], as_key,
-				      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-				      encoded_request_body,
-				      &checksum);
-	if (status == 0) {
+        status = krb5_c_make_checksum(kcontext, cksumtypes[i], as_key,
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                      encoded_request_body,
+                                      &checksum);
+        if (status == 0) {
 #ifdef DEBUG
-	    fprintf(stderr, "Made checksum (type = %d, %d bytes).\n",
-		    checksum.checksum_type, encoded_request_body->length);
+            fprintf(stderr, "Made checksum (type = %d, %d bytes).\n",
+                    checksum.checksum_type, encoded_request_body->length);
 #endif
-	    break;
-	}
+            break;
+        }
     }
     cksumtype = htonl(cksumtypes[i]);
     krb5_free_cksumtypes(kcontext, cksumtypes);
     if (status != 0) {
-	if (checksum.length > 0)
-	    krb5_free_checksum_contents(kcontext, &checksum);
-	return status;
+        if (checksum.length > 0)
+            krb5_free_checksum_contents(kcontext, &checksum);
+        return status;
     }
 
     /* Allocate the preauth data structure. */
     send_pa = malloc(2 * sizeof(krb5_pa_data *));
     if (send_pa == NULL) {
-	krb5_free_checksum_contents(kcontext, &checksum);
-	return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        return ENOMEM;
     }
-    send_pa[1] = NULL;	/* Terminate list */
+    send_pa[1] = NULL;  /* Terminate list */
     send_pa[0] = malloc(sizeof(krb5_pa_data));
     if (send_pa[0] == NULL) {
-	krb5_free_checksum_contents(kcontext, &checksum);
-	free(send_pa);
-	return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        free(send_pa);
+        return ENOMEM;
     }
     send_pa[0]->pa_type = KRB5_PADATA_CKSUM_BODY_REQ;
     send_pa[0]->length = 4 + checksum.length;
     send_pa[0]->contents = malloc(4 + checksum.length);
     if (send_pa[0]->contents == NULL) {
-	krb5_free_checksum_contents(kcontext, &checksum);
-	free(send_pa[0]);
-	free(send_pa);
-	return ENOMEM;
+        krb5_free_checksum_contents(kcontext, &checksum);
+        free(send_pa[0]);
+        free(send_pa);
+        return ENOMEM;
     }
 
     /* Store the checksum. */
@@ -228,14 +229,14 @@ client_process(krb5_context kcontext,
 
 static krb5_error_code
 client_gic_opt(krb5_context kcontext,
-	       void *plugin_context,
-	       krb5_get_init_creds_opt *opt,
-	       const char *attr,
-	       const char *value)
+               void *plugin_context,
+               krb5_get_init_creds_opt *opt,
+               const char *attr,
+               const char *value)
 {
 #ifdef DEBUG
     fprintf(stderr, "(cksum_body) client_gic_opt: received '%s' = '%s'\n",
-	    attr, value);
+            attr, value);
 #endif
     return 0;
 }
@@ -247,7 +248,7 @@ server_init(krb5_context kcontext, void **module_context, const char **realmname
     struct server_stats *stats;
     stats = malloc(sizeof(struct server_stats));
     if (stats == NULL)
-	return ENOMEM;
+        return ENOMEM;
     stats->successes = 0;
     stats->failures = 0;
     *module_context = stats;
@@ -260,10 +261,10 @@ server_fini(krb5_context kcontext, void *module_context)
     stats = module_context;
     if (stats != NULL) {
 #ifdef DEBUG
-	fprintf(stderr, "Total: %d clients failed, %d succeeded.\n",
-		stats->failures, stats->successes);
+        fprintf(stderr, "Total: %d clients failed, %d succeeded.\n",
+                stats->failures, stats->successes);
 #endif
-	free(stats);
+        free(stats);
     }
 }
 
@@ -271,12 +272,12 @@ server_fini(krb5_context kcontext, void *module_context)
  * client) which matches type data->pa_type. */
 static krb5_error_code
 server_get_edata(krb5_context kcontext,
-		 krb5_kdc_req *request,
-		 struct _krb5_db_entry_new *client,
-		 struct _krb5_db_entry_new *server,
-		 preauth_get_entry_data_proc server_get_entry_data,
-		 void *pa_module_context,
-		 krb5_pa_data *data)
+                 krb5_kdc_req *request,
+                 struct _krb5_db_entry_new *client,
+                 struct _krb5_db_entry_new *server,
+                 preauth_get_entry_data_proc server_get_entry_data,
+                 void *pa_module_context,
+                 krb5_pa_data *data)
 {
     krb5_data *key_data;
     krb5_keyblock *keys, *key;
@@ -286,11 +287,11 @@ server_get_edata(krb5_context kcontext,
     /* Retrieve the client's keys. */
     key_data = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-				 krb5plugin_preauth_keys, &key_data) != 0) {
+                                 krb5plugin_preauth_keys, &key_data) != 0) {
 #ifdef DEBUG
-	fprintf(stderr, "Error retrieving client keys.\n");
+        fprintf(stderr, "Error retrieving client keys.\n");
 #endif
-	return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
+        return KRB5KDC_ERR_PADATA_TYPE_NOSUPP;
     }
 
     /* Count which types of keys we've got, freeing the contents, which we
@@ -298,23 +299,23 @@ server_get_edata(krb5_context kcontext,
     keys = (krb5_keyblock *) key_data->data;
     key = NULL;
     for (i = 0; keys[i].enctype != 0; i++)
-	krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_keyblock_contents(kcontext, &keys[i]);
 
     /* Return the list of encryption types. */
     enctypes = malloc((unsigned)i * 4);
     if (enctypes == NULL) {
-	krb5_free_data(kcontext, key_data);
-	return ENOMEM;
+        krb5_free_data(kcontext, key_data);
+        return ENOMEM;
     }
 #ifdef DEBUG
     fprintf(stderr, "Supported enctypes = {");
 #endif
     for (i = 0; keys[i].enctype != 0; i++) {
 #ifdef DEBUG
-	fprintf(stderr, "%s%d", (i > 0) ? ", " : "", keys[i].enctype);
+        fprintf(stderr, "%s%d", (i > 0) ? ", " : "", keys[i].enctype);
 #endif
-	enctype = htonl(keys[i].enctype);
-	memcpy(&enctypes[i], &enctype, 4);
+        enctype = htonl(keys[i].enctype);
+        memcpy(&enctypes[i], &enctype, 4);
     }
 #ifdef DEBUG
     fprintf(stderr, "}.\n");
@@ -329,16 +330,16 @@ server_get_edata(krb5_context kcontext,
 /* Verify a request from a client. */
 static krb5_error_code
 server_verify(krb5_context kcontext,
-	      struct _krb5_db_entry_new *client,
-	      krb5_data *req_pkt,
-	      krb5_kdc_req *request,
-	      krb5_enc_tkt_part *enc_tkt_reply,
-	      krb5_pa_data *data,
-	      preauth_get_entry_data_proc server_get_entry_data,
-	      void *pa_module_context,
-	      void **pa_request_context,
-	      krb5_data **e_data,
-	      krb5_authdata ***authz_data)
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_enc_tkt_part *enc_tkt_reply,
+              krb5_pa_data *data,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context,
+              krb5_data **e_data,
+              krb5_authdata ***authz_data)
 {
     krb5_int32 cksumtype;
     krb5_checksum checksum;
@@ -362,8 +363,8 @@ server_verify(krb5_context kcontext,
 #endif
     /* Verify the preauth data.  Start with the checksum type. */
     if (data->length < 4) {
-	stats->failures++;
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     memcpy(&cksumtype, data->contents, 4);
     memset(&checksum, 0, sizeof(checksum));
@@ -371,75 +372,75 @@ server_verify(krb5_context kcontext,
 
     /* Verify that the amount of data we have left is what we expect. */
     if (krb5_c_checksum_length(kcontext, checksum.checksum_type,
-			       &length) != 0) {
+                               &length) != 0) {
 #ifdef DEBUG
-	fprintf(stderr, "Error determining checksum size (type = %d). "
-		"Is it supported?\n", checksum.checksum_type);
+        fprintf(stderr, "Error determining checksum size (type = %d). "
+                "Is it supported?\n", checksum.checksum_type);
 #endif
-	stats->failures++;
-	return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
     if (data->length - 4 != length) {
 #ifdef DEBUG
-	fprintf(stderr, "Checksum size doesn't match client packet size.\n");
+        fprintf(stderr, "Checksum size doesn't match client packet size.\n");
 #endif
-	stats->failures++;
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     checksum.length = length;
 
     /* Pull up the client's keys. */
     key_data = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-				 krb5plugin_preauth_keys, &key_data) != 0) {
+                                 krb5plugin_preauth_keys, &key_data) != 0) {
 #ifdef DEBUG
-	fprintf(stderr, "Error retrieving client keys.\n");
+        fprintf(stderr, "Error retrieving client keys.\n");
 #endif
-	stats->failures++;
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /* Find the key which would have been used to generate the checksum. */
     keys = (krb5_keyblock *) key_data->data;
     key = NULL;
     for (i = 0; keys[i].enctype != 0; i++) {
-	key = &keys[i];
-	cksumtypes_count = 0;
-	cksumtypes = NULL;
-	if (krb5_c_keyed_checksum_types(kcontext, key->enctype,
-					&cksumtypes_count, &cksumtypes) != 0)
-	    continue;
-	for (j = 0; j < cksumtypes_count; j++) {
-	    if (cksumtypes[j] == checksum.checksum_type)
-		break;
-	}
-	if (cksumtypes != NULL)
-	    krb5_free_cksumtypes(kcontext, cksumtypes);
-	if (j < cksumtypes_count) {
+        key = &keys[i];
+        cksumtypes_count = 0;
+        cksumtypes = NULL;
+        if (krb5_c_keyed_checksum_types(kcontext, key->enctype,
+                                        &cksumtypes_count, &cksumtypes) != 0)
+            continue;
+        for (j = 0; j < cksumtypes_count; j++) {
+            if (cksumtypes[j] == checksum.checksum_type)
+                break;
+        }
+        if (cksumtypes != NULL)
+            krb5_free_cksumtypes(kcontext, cksumtypes);
+        if (j < cksumtypes_count) {
 #ifdef DEBUG
-	    fprintf(stderr, "Found checksum key.\n");
+            fprintf(stderr, "Found checksum key.\n");
 #endif
-	    break;
-	}
+            break;
+        }
     }
     if ((key == NULL) || (key->enctype == 0)) {
-	for (i = 0; keys[i].enctype != 0; i++)
-	    krb5_free_keyblock_contents(kcontext, &keys[i]);
-	krb5_free_data(kcontext, key_data);
-	stats->failures++;
-	return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        for (i = 0; keys[i].enctype != 0; i++)
+            krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_data(kcontext, key_data);
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
 
     /* Save a copy of the key. */
     if (krb5_copy_keyblock(kcontext, &keys[i], &key) != 0) {
-	for (i = 0; keys[i].enctype != 0; i++)
-	    krb5_free_keyblock_contents(kcontext, &keys[i]);
-	krb5_free_data(kcontext, key_data);
-	stats->failures++;
-	return KRB5KDC_ERR_SUMTYPE_NOSUPP;
+        for (i = 0; keys[i].enctype != 0; i++)
+            krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_data(kcontext, key_data);
+        stats->failures++;
+        return KRB5KDC_ERR_SUMTYPE_NOSUPP;
     }
     for (i = 0; keys[i].enctype != 0; i++)
-	krb5_free_keyblock_contents(kcontext, &keys[i]);
+        krb5_free_keyblock_contents(kcontext, &keys[i]);
     krb5_free_data(kcontext, key_data);
 
     /* Rebuild a copy of the client's request-body.  If we were serious
@@ -448,24 +449,24 @@ server_verify(krb5_context kcontext,
      * will probably work if it's us on both ends, though. */
     req_body = NULL;
     if ((*server_get_entry_data)(kcontext, request, client,
-				 krb5plugin_preauth_request_body,
-				 &req_body) != 0) {
-	krb5_free_keyblock(kcontext, key);
-	stats->failures++;
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                                 krb5plugin_preauth_request_body,
+                                 &req_body) != 0) {
+        krb5_free_keyblock(kcontext, key);
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
 #ifdef DEBUG
     fprintf(stderr, "AS key type %d, checksum type %d, %d bytes.\n",
-	    key->enctype, checksum.checksum_type, req_body->length);
+            key->enctype, checksum.checksum_type, req_body->length);
 #endif
 
     /* Verify the checksum itself. */
     checksum.contents = data->contents + 4;
     valid = FALSE;
     status = krb5_c_verify_checksum(kcontext, key,
-				    KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-				    req_body, &checksum, &valid);
+                                    KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                    req_body, &checksum, &valid);
 
     /* Clean up. */
     krb5_free_data(kcontext, req_body);
@@ -474,26 +475,26 @@ server_verify(krb5_context kcontext,
     /* Evaluate our results. */
     if ((status != 0) || (!valid)) {
 #ifdef DEBUG
-	if (status != 0) {
-	    fprintf(stderr, "Error in checksum verification.\n");
-	} else {
-	    fprintf(stderr, "Checksum mismatch.\n");
-	}
+        if (status != 0) {
+            fprintf(stderr, "Error in checksum verification.\n");
+        } else {
+            fprintf(stderr, "Checksum mismatch.\n");
+        }
 #endif
-	/* Return edata to exercise code that handles edata... */
-	test_edata = malloc(sizeof(*test_edata));
-	if (test_edata != NULL) {
-	    test_edata->data = malloc(20);
-	    if (test_edata->data == NULL) {
-		free(test_edata);
-	    } else {
-		test_edata->length = 20;
-		memset(test_edata->data, 'F', 20); /* fill it with junk */
-		*e_data = test_edata;
-	    }
-	}
-	stats->failures++;
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        /* Return edata to exercise code that handles edata... */
+        test_edata = malloc(sizeof(*test_edata));
+        if (test_edata != NULL) {
+            test_edata->data = malloc(20);
+            if (test_edata->data == NULL) {
+                free(test_edata);
+            } else {
+                test_edata->length = 20;
+                memset(test_edata->data, 'F', 20); /* fill it with junk */
+                *e_data = test_edata;
+            }
+        }
+        stats->failures++;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /*
@@ -518,54 +519,54 @@ server_verify(krb5_context kcontext,
 #endif
     my_authz_data = malloc(2 * sizeof(*my_authz_data));
     if (my_authz_data != NULL) {
-	my_authz_data[1] = NULL;
-	my_authz_data[0] = malloc(sizeof(krb5_authdata));
-	if (my_authz_data[0] == NULL) {
-	    free(my_authz_data);
-	    return ENOMEM;
-	}
-	my_authz_data[0]->contents = malloc(AD_ALLOC_SIZE);
-	if (my_authz_data[0]->contents == NULL) {
-	    free(my_authz_data[0]);
-	    free(my_authz_data);
-	    return ENOMEM;
-	}
-	memset(my_authz_data[0]->contents, '\0', AD_ALLOC_SIZE);
-	my_authz_data[0]->magic = KV5M_AUTHDATA;
-	my_authz_data[0]->ad_type = 1;
-	my_authz_data[0]->length = AD_ALLOC_SIZE;
-	memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
-	snprintf(my_authz_data[0]->contents + sizeof(ad_header),
-		 AD_ALLOC_SIZE - sizeof(ad_header),
-		 "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
-	*authz_data = my_authz_data;
+        my_authz_data[1] = NULL;
+        my_authz_data[0] = malloc(sizeof(krb5_authdata));
+        if (my_authz_data[0] == NULL) {
+            free(my_authz_data);
+            return ENOMEM;
+        }
+        my_authz_data[0]->contents = malloc(AD_ALLOC_SIZE);
+        if (my_authz_data[0]->contents == NULL) {
+            free(my_authz_data[0]);
+            free(my_authz_data);
+            return ENOMEM;
+        }
+        memset(my_authz_data[0]->contents, '\0', AD_ALLOC_SIZE);
+        my_authz_data[0]->magic = KV5M_AUTHDATA;
+        my_authz_data[0]->ad_type = 1;
+        my_authz_data[0]->length = AD_ALLOC_SIZE;
+        memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
+        snprintf(my_authz_data[0]->contents + sizeof(ad_header),
+                 AD_ALLOC_SIZE - sizeof(ad_header),
+                 "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
+        *authz_data = my_authz_data;
 #ifdef DEBUG
-	fprintf(stderr, "Returning %d bytes of authorization data\n",
-		AD_ALLOC_SIZE);
+        fprintf(stderr, "Returning %d bytes of authorization data\n",
+                AD_ALLOC_SIZE);
 #endif
     }
 
     /* Return edata to exercise code that handles edata... */
     test_edata = malloc(sizeof(*test_edata));
     if (test_edata != NULL) {
-	test_edata->data = malloc(20);
-	if (test_edata->data == NULL) {
-	    free(test_edata);
-	} else {
-	    test_edata->length = 20;
-	    memset(test_edata->data, 'S', 20); /* fill it with junk */
-	    *e_data = test_edata;
-	}
+        test_edata->data = malloc(20);
+        if (test_edata->data == NULL) {
+            free(test_edata);
+        } else {
+            test_edata->length = 20;
+            memset(test_edata->data, 'S', 20); /* fill it with junk */
+            *e_data = test_edata;
+        }
     }
 
     /* Return a request context to exercise code that handles it */
     svr_req_ctx = malloc(sizeof(*svr_req_ctx));
     if (svr_req_ctx != NULL) {
-	svr_req_ctx->value1 = 111111;
-	svr_req_ctx->value2 = 222222;
+        svr_req_ctx->value1 = 111111;
+        svr_req_ctx->value2 = 222222;
 #ifdef DEBUG
-	fprintf(stderr, "server_verify: returning context at %p\n",
-		svr_req_ctx);
+        fprintf(stderr, "server_verify: returning context at %p\n",
+                svr_req_ctx);
 #endif
     }
     *pa_request_context = svr_req_ctx;
@@ -579,17 +580,17 @@ server_verify(krb5_context kcontext,
 /* Create the response for a client. */
 static krb5_error_code
 server_return(krb5_context kcontext,
-	      krb5_pa_data *padata,
-	      struct _krb5_db_entry_new *client,
-	      krb5_data *req_pkt,
-	      krb5_kdc_req *request,
-	      krb5_kdc_rep *reply,
-	      struct _krb5_key_data *client_key,
-	      krb5_keyblock *encrypting_key,
-	      krb5_pa_data **send_pa,
-	      preauth_get_entry_data_proc server_get_entry_data,
-	      void *pa_module_context,
-	      void **pa_request_context)
+              krb5_pa_data *padata,
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_kdc_rep *reply,
+              struct _krb5_key_data *client_key,
+              krb5_keyblock *encrypting_key,
+              krb5_pa_data **send_pa,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context)
 {
     /* We don't need to send data back on the return trip. */
     *send_pa = NULL;
@@ -599,25 +600,25 @@ server_return(krb5_context kcontext,
 /* Test server request context freeing */
 static krb5_error_code
 server_free_reqctx(krb5_context kcontext,
-		   void *pa_module_context,
-		   void **pa_request_context)
+                   void *pa_module_context,
+                   void **pa_request_context)
 {
     test_svr_req_ctx *svr_req_ctx;
 #ifdef DEBUG
     fprintf(stderr, "server_free_reqctx: entered!\n");
 #endif
     if (pa_request_context == NULL)
-	return 0;
+        return 0;
 
     svr_req_ctx = *pa_request_context;
     if (svr_req_ctx == NULL)
-	return 0;
+        return 0;
 
     if (svr_req_ctx->value1 != 111111 || svr_req_ctx->value2 != 222222) {
-	fprintf(stderr, "server_free_reqctx: got invalid req context "
-		"at %p with values %d and %d\n",
-		svr_req_ctx, svr_req_ctx->value1, svr_req_ctx->value2);
-	return EINVAL;
+        fprintf(stderr, "server_free_reqctx: got invalid req context "
+                "at %p with values %d and %d\n",
+                svr_req_ctx, svr_req_ctx->value1, svr_req_ctx->value2);
+        return EINVAL;
     }
 #ifdef DEBUG
     fprintf(stderr, "server_free_reqctx: freeing context at %p\n", svr_req_ctx);
@@ -641,17 +642,17 @@ static krb5_preauthtype supported_server_pa_types[] = {
 };
 
 struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
-    "cksum_body",			    /* name */
-    &supported_client_pa_types[0],	    /* pa_type_list */
-    NULL,				    /* enctype_list */
-    NULL,				    /* plugin init function */
-    NULL,				    /* plugin fini function */
-    client_get_flags,			    /* get flags function */
-    NULL,				    /* request init function */
-    NULL,				    /* request fini function */
-    client_process,			    /* process function */
-    NULL,				    /* try_again function */
-    client_gic_opt			    /* get init creds opt function */
+    "cksum_body",                           /* name */
+    &supported_client_pa_types[0],          /* pa_type_list */
+    NULL,                                   /* enctype_list */
+    NULL,                                   /* plugin init function */
+    NULL,                                   /* plugin fini function */
+    client_get_flags,                       /* get flags function */
+    NULL,                                   /* request init function */
+    NULL,                                   /* request fini function */
+    client_process,                         /* process function */
+    NULL,                                   /* try_again function */
+    client_gic_opt                          /* get init creds opt function */
 };
 
 struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
diff --git a/src/plugins/preauth/cksum_body/deps b/src/plugins/preauth/cksum_body/deps
index 3300d76..681f974 100644
--- a/src/plugins/preauth/cksum_body/deps
+++ b/src/plugins/preauth/cksum_body/deps
@@ -3,5 +3,5 @@
 #
 cksum_body_main.so cksum_body_main.po $(OUTPRE)cksum_body_main.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/preauth_plugin.h \
   cksum_body_main.c
diff --git a/src/plugins/preauth/encrypted_challenge/Makefile.in b/src/plugins/preauth/encrypted_challenge/Makefile.in
index 57c0392..2e2f416 100644
--- a/src/plugins/preauth/encrypted_challenge/Makefile.in
+++ b/src/plugins/preauth/encrypted_challenge/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/preauth/encrypted_challenge
 mydir=plugins/preauth/encrypted_challenge
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
diff --git a/src/plugins/preauth/encrypted_challenge/deps b/src/plugins/preauth/encrypted_challenge/deps
index f5bb242..9eaab4f 100644
--- a/src/plugins/preauth/encrypted_challenge/deps
+++ b/src/plugins/preauth/encrypted_challenge/deps
@@ -4,12 +4,12 @@
 encrypted_challenge_main.so encrypted_challenge_main.po \
   $(OUTPRE)encrypted_challenge_main.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(srcdir)/../fast_factor.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   encrypted_challenge_main.c
diff --git a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
index 45b309d..614ee47 100644
--- a/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
+++ b/src/plugins/preauth/encrypted_challenge/encrypted_challenge_main.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * plugins/preauth/encrypted_challenge/encrypted_challenge.c
  *
@@ -24,8 +25,8 @@
  * or implied warranty.
  *
  *
- *
- * Implement EncryptedChallenge fast factor from draft-ietf-krb-wg-preauth-framework
+ * Implement Encrypted Challenge fast factor from
+ * draft-ietf-krb-wg-preauth-framework
  */
 
 #include <k5-int.h>
@@ -33,31 +34,23 @@
 
 #include <krb5/preauth_plugin.h>
 
-static int preauth_flags
-(krb5_context context, krb5_preauthtype pa_type)
+static int
+preauth_flags(krb5_context context, krb5_preauthtype pa_type)
 {
     return PA_REAL;
 }
 
-static krb5_error_code process_preauth
-(krb5_context context,
-                   void *plugin_context,
-                   void *request_context,
-                   krb5_get_init_creds_opt *opt,
-                   preauth_get_client_data_proc get_data_proc,
-                   struct _krb5_preauth_client_rock *rock,
-                   krb5_kdc_req *request,
-                   krb5_data *encoded_request_body,
-                   krb5_data *encoded_previous_request,
-                   krb5_pa_data *padata,
-                   krb5_prompter_fct prompter,
-                   void *prompter_data,
-                   preauth_get_as_key_proc gak_fct,
-                   void *gak_data,
-                   krb5_data *salt,
-                   krb5_data *s2kparams,
-                   krb5_keyblock *as_key,
-                   krb5_pa_data ***out_padata)
+static krb5_error_code
+process_preauth(krb5_context context, void *plugin_context,
+                void *request_context, krb5_get_init_creds_opt *opt,
+                preauth_get_client_data_proc get_data_proc,
+                struct _krb5_preauth_client_rock *rock, krb5_kdc_req *request,
+                krb5_data *encoded_request_body,
+                krb5_data *encoded_previous_request, krb5_pa_data *padata,
+                krb5_prompter_fct prompter, void *prompter_data,
+                preauth_get_as_key_proc gak_fct, void *gak_data,
+                krb5_data *salt, krb5_data *s2kparams, krb5_keyblock *as_key,
+                krb5_pa_data ***out_padata)
 {
     krb5_error_code retval = 0;
     krb5_enctype enctype = 0;
@@ -87,29 +80,30 @@ static krb5_error_code process_preauth
         if (retval == 0)
             retval = krb5_c_fx_cf2_simple(context,armor_key, "kdcchallengearmor",
                                           as_key, "challengelongterm", &challenge_key);
-    if (retval == 0)
-        retval =kaccess.decode_enc_data(&scratch, &enc);
-    scratch.data = NULL;
-    if (retval == 0) {
-        scratch.data = malloc(enc->ciphertext.length);
-        scratch.length = enc->ciphertext.length;
-        if (scratch.data == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0)
-        retval = krb5_c_decrypt(context, challenge_key,
-                                KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
-                                enc, &scratch);
-/*Per draft 11 of the preauth framework, the client MAY but
- * is not required  to actually check the timestamp from the KDC other than
- * to confirm it decrypts. This code does not perform that check.
- */
-    if (scratch.data)
-        krb5_free_data_contents(context, &scratch);
-    if (retval == 0)
-        fast_set_kdc_verified(context, get_data_proc, rock);
-    if (enc)
-        kaccess.free_enc_data(context, enc);
+        if (retval == 0)
+            retval =kaccess.decode_enc_data(&scratch, &enc);
+        scratch.data = NULL;
+        if (retval == 0) {
+            scratch.data = malloc(enc->ciphertext.length);
+            scratch.length = enc->ciphertext.length;
+            if (scratch.data == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0)
+            retval = krb5_c_decrypt(context, challenge_key,
+                                    KRB5_KEYUSAGE_ENC_CHALLENGE_KDC, NULL,
+                                    enc, &scratch);
+        /*
+         * Per draft 11 of the preauth framework, the client MAY but is not
+         * required to actually check the timestamp from the KDC other than to
+         * confirm it decrypts. This code does not perform that check.
+         */
+        if (scratch.data)
+            krb5_free_data_contents(context, &scratch);
+        if (retval == 0)
+            fast_set_kdc_verified(context, get_data_proc, rock);
+        if (enc)
+            kaccess.free_enc_data(context, enc);
     } else { /*No padata; we send*/
         krb5_enc_data enc;
         krb5_pa_data *pa = NULL;
@@ -136,34 +130,34 @@ static krb5_error_code process_preauth
         if (retval == 0) {
             retval = kaccess.encode_enc_data(&enc, &encoded_ts);
             krb5_free_data_contents(context, &enc.ciphertext);
-    }
-    if (retval == 0) {
-        pa = calloc(1, sizeof(krb5_pa_data));
-        if (pa == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0) {
-        pa_array = calloc(2, sizeof(krb5_pa_data *));
-        if (pa_array == NULL)
-            retval = ENOMEM;
-    }
-    if (retval == 0) {
-        pa->length = encoded_ts->length;
-        pa->contents = (unsigned char *) encoded_ts->data;
-        pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
-        free(encoded_ts);
-        encoded_ts = NULL;
-        pa_array[0] = pa;
-        pa = NULL;
-        *out_padata = pa_array;
-        pa_array = NULL;
-    }
-    if (pa)
-        free(pa);
-    if (encoded_ts)
-        krb5_free_data(context, encoded_ts);
-    if (pa_array)
-        free(pa_array);
+        }
+        if (retval == 0) {
+            pa = calloc(1, sizeof(krb5_pa_data));
+            if (pa == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa_array = calloc(2, sizeof(krb5_pa_data *));
+            if (pa_array == NULL)
+                retval = ENOMEM;
+        }
+        if (retval == 0) {
+            pa->length = encoded_ts->length;
+            pa->contents = (unsigned char *) encoded_ts->data;
+            pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
+            free(encoded_ts);
+            encoded_ts = NULL;
+            pa_array[0] = pa;
+            pa = NULL;
+            *out_padata = pa_array;
+            pa_array = NULL;
+        }
+        if (pa)
+            free(pa);
+        if (encoded_ts)
+            krb5_free_data(context, encoded_ts);
+        if (pa_array)
+            free(pa_array);
     }
     if (challenge_key)
         krb5_free_keyblock(context, challenge_key);
@@ -176,16 +170,12 @@ static krb5_error_code process_preauth
 }
 
 
-
-
-static krb5_error_code kdc_include_padata
-(krb5_context context,
-                 krb5_kdc_req *request,
-                 struct _krb5_db_entry_new *client,
-                 struct _krb5_db_entry_new *server,
-                 preauth_get_entry_data_proc get_entry_proc,
-                 void *pa_module_context,
-                 krb5_pa_data *data)
+static krb5_error_code
+kdc_include_padata(krb5_context context, krb5_kdc_req *request,
+                   struct _krb5_db_entry_new *client,
+                   struct _krb5_db_entry_new *server,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, krb5_pa_data *data)
 {
     krb5_error_code retval = 0;
     krb5_keyblock *armor_key = NULL;
@@ -198,18 +188,13 @@ static krb5_error_code kdc_include_padata
     return 0;
 }
 
-static krb5_error_code kdc_verify_preauth
-(krb5_context context,
-                  struct _krb5_db_entry_new *client,
-                  krb5_data *req_pkt,
-                  krb5_kdc_req *request,
-                  krb5_enc_tkt_part *enc_tkt_reply,
-                  krb5_pa_data *data,
-                  preauth_get_entry_data_proc get_entry_proc,
-                  void *pa_module_context,
-                  void **pa_request_context,
-                  krb5_data **e_data,
-                  krb5_authdata ***authz_data)
+static krb5_error_code
+kdc_verify_preauth(krb5_context context, struct _krb5_db_entry_new *client,
+                   krb5_data *req_pkt, krb5_kdc_req *request,
+                   krb5_enc_tkt_part *enc_tkt_reply, krb5_pa_data *data,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, void **pa_request_context,
+                   krb5_data **e_data, krb5_authdata ***authz_data)
 {
     krb5_error_code retval = 0;
     krb5_timestamp now;
@@ -230,7 +215,7 @@ static krb5_error_code kdc_verify_preauth
     retval = fast_kdc_get_armor_key(context, get_entry_proc, request, client, &armor_key);
     if (retval == 0 &&armor_key == NULL) {
         retval = ENOENT;
-    krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel");
+        krb5_set_error_message(context, ENOENT, "Encrypted Challenge used outside of FAST tunnel");
     }
     scratch.data = (char *) data->contents;
     scratch.length = data->length;
@@ -252,28 +237,28 @@ static krb5_error_code kdc_verify_preauth
                                           armor_key, "clientchallengearmor",
                                           &client_keys[i], "challengelongterm",
                                           &challenge_key);
-        if (retval == 0)
-            retval  = krb5_c_decrypt(context, challenge_key,
-                                     KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
-                                     NULL, enc, &plain);
-        if (challenge_key)
-            krb5_free_keyblock(context, challenge_key);
-        challenge_key = NULL;
-        if (retval == 0)
-            break;
-        /*We failed to decrypt. Try next key*/
-        retval = 0;
-        krb5_free_keyblock_contents(context, &client_keys[i]);
-    }
-    if (client_keys[i].enctype == 0) {
-        retval = KRB5KDC_ERR_PREAUTH_FAILED;
-        krb5_set_error_message(context, retval, "Incorrect password  in encrypted challenge");
-    } else { /*not run out of keys*/
-        int j;
-        assert (retval == 0);
-        for (j = i+1; client_keys[j].enctype; j++)
-            krb5_free_keyblock_contents(context, &client_keys[j]);
-    }
+            if (retval == 0)
+                retval  = krb5_c_decrypt(context, challenge_key,
+                                         KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT,
+                                         NULL, enc, &plain);
+            if (challenge_key)
+                krb5_free_keyblock(context, challenge_key);
+            challenge_key = NULL;
+            if (retval == 0)
+                break;
+            /*We failed to decrypt. Try next key*/
+            retval = 0;
+            krb5_free_keyblock_contents(context, &client_keys[i]);
+        }
+        if (client_keys[i].enctype == 0) {
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval, "Incorrect password  in encrypted challenge");
+        } else { /*not run out of keys*/
+            int j;
+            assert (retval == 0);
+            for (j = i+1; client_keys[j].enctype; j++)
+                krb5_free_keyblock_contents(context, &client_keys[j]);
+        }
 
     }
     if (retval == 0)
@@ -283,13 +268,15 @@ static krb5_error_code kdc_verify_preauth
     if (retval == 0) {
         if (labs(now-ts->patimestamp) < context->clockskew) {
             enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
-            /*If this fails, we won't generate a reply to the client.  That may
-             * cause the client to fail, but at this point the KDC has considered
-             * this a success, so the return value is ignored. */
+            /*
+             * If this fails, we won't generate a reply to the client.  That
+             * may cause the client to fail, but at this point the KDC has
+             * considered this a success, so the return value is ignored.
+             */
             fast_kdc_replace_reply_key(context, get_entry_proc, request);
             krb5_c_fx_cf2_simple(context, armor_key, "kdcchallengearmor",
-                            &client_keys[i], "challengelongterm",
-                            (krb5_keyblock **) pa_request_context);
+                                 &client_keys[i], "challengelongterm",
+                                 (krb5_keyblock **) pa_request_context);
         } else { /*skew*/
             retval = KRB5KRB_AP_ERR_SKEW;
         }
@@ -310,19 +297,14 @@ static krb5_error_code kdc_verify_preauth
     return retval;
 }
 
-static krb5_error_code kdc_return_preauth
-(krb5_context context,
-                  krb5_pa_data * padata,
-                  struct _krb5_db_entry_new *client,
-                  krb5_data *req_pkt,
-                  krb5_kdc_req *request,
-                  krb5_kdc_rep *reply,
-                  struct _krb5_key_data *client_keys,
-                  krb5_keyblock *encrypting_key,
-                  krb5_pa_data **send_pa,
-                  preauth_get_entry_data_proc get_entry_proc,
-                  void *pa_module_context,
-                  void **pa_request_context)
+static krb5_error_code
+kdc_return_preauth(krb5_context context, krb5_pa_data *padata,
+                   struct _krb5_db_entry_new *client, krb5_data *req_pkt,
+                   krb5_kdc_req *request, krb5_kdc_rep *reply,
+                   struct _krb5_key_data *client_keys,
+                   krb5_keyblock *encrypting_key, krb5_pa_data **send_pa,
+                   preauth_get_entry_data_proc get_entry_proc,
+                   void *pa_module_context, void **pa_request_context)
 {
     krb5_error_code retval = 0;
     krb5_keyblock *challenge_key = *pa_request_context;
@@ -338,7 +320,7 @@ static krb5_error_code kdc_return_preauth
     if (challenge_key == NULL)
         return 0;
     * pa_request_context = NULL; /*this function will free the
-                  * challenge key*/
+                                  * challenge key*/
     enc.ciphertext.data = NULL; /* In case of error pass through */
 
     retval = krb5_us_timeofday(context, &ts.patimestamp, &ts.pausec);
@@ -352,8 +334,8 @@ static krb5_error_code kdc_return_preauth
         retval = kaccess.encode_enc_data(&enc, &encoded);
     if (retval == 0) {
         pa = calloc(1, sizeof(krb5_pa_data));
-    if (pa == NULL)
-        retval = ENOMEM;
+        if (pa == NULL)
+            retval = ENOMEM;
     }
     if (retval == 0) {
         pa->pa_type = KRB5_PADATA_ENCRYPTED_CHALLENGE;
@@ -374,8 +356,8 @@ static krb5_error_code kdc_return_preauth
     return retval;
 }
 
-static int kdc_preauth_flags
-(krb5_context context, krb5_preauthtype  patype)
+static int
+kdc_preauth_flags(krb5_context context, krb5_preauthtype patype)
 {
     return 0;
 }
diff --git a/src/plugins/preauth/fast_factor.h b/src/plugins/preauth/fast_factor.h
index 1e7696f..0789c1a 100644
--- a/src/plugins/preauth/fast_factor.h
+++ b/src/plugins/preauth/fast_factor.h
@@ -1,53 +1,60 @@
-/*Returns success with a null armor_key if  FAST is available but not in use.
-Returns failure if the client library does not support FAST
-*/
-static  krb5_error_code fast_get_armor_key
-(krb5_context context, preauth_get_client_data_proc get_data,
- struct _krb5_preauth_client_rock *rock,
- krb5_keyblock **armor_key)
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+/*
+ * Returns success with a null armor_key if FAST is available but not in use.
+ * Returns failure if the client library does not support FAST.
+ */
+static krb5_error_code
+fast_get_armor_key(krb5_context context, preauth_get_client_data_proc get_data,
+                   struct _krb5_preauth_client_rock *rock,
+                   krb5_keyblock **armor_key)
 {
     krb5_error_code retval = 0;
     krb5_data *data;
     retval = get_data(context, rock, krb5plugin_preauth_client_fast_armor, &data);
     if (retval == 0) {
-	*armor_key = (krb5_keyblock *) data->data;
-	data->data = NULL;
-	get_data(context, rock, krb5plugin_preauth_client_free_fast_armor,
-		 &data);
+        *armor_key = (krb5_keyblock *) data->data;
+        data->data = NULL;
+        get_data(context, rock, krb5plugin_preauth_client_free_fast_armor,
+                 &data);
     }
     return retval;
 }
 
-static krb5_error_code fast_kdc_get_armor_key
-(krb5_context context, preauth_get_entry_data_proc get_entry,
- krb5_kdc_req *request,struct _krb5_db_entry_new *client,
- krb5_keyblock **armor_key)
+static krb5_error_code
+fast_kdc_get_armor_key(krb5_context context,
+                       preauth_get_entry_data_proc get_entry,
+                       krb5_kdc_req *request,
+                       struct _krb5_db_entry_new *client,
+                       krb5_keyblock **armor_key)
 {
     krb5_error_code retval;
     krb5_data *data;
-     retval = get_entry(context, request, client,  krb5plugin_preauth_fast_armor,
-			&data);
-     if (retval == 0) {
-	 *armor_key = (krb5_keyblock *) data->data;
-	 data->data = NULL;
-	 get_entry(context, request, client,
-		   krb5plugin_preauth_free_fast_armor, &data);
-     }
-     return retval;
- }
+    retval = get_entry(context, request, client,  krb5plugin_preauth_fast_armor,
+                       &data);
+    if (retval == 0) {
+        *armor_key = (krb5_keyblock *) data->data;
+        data->data = NULL;
+        get_entry(context, request, client,
+                  krb5plugin_preauth_free_fast_armor, &data);
+    }
+    return retval;
+}
 
 
 
- static krb5_error_code fast_kdc_replace_reply_key
- (krb5_context context, preauth_get_entry_data_proc get_data,
-  krb5_kdc_req *request)
- {
-     return 0;
- }
+static krb5_error_code
+fast_kdc_replace_reply_key(krb5_context context,
+                           preauth_get_entry_data_proc get_data,
+                           krb5_kdc_req *request)
+{
+    return 0;
+}
 
-static krb5_error_code fast_set_kdc_verified
-(krb5_context context, preauth_get_client_data_proc     get_data,
- struct _krb5_preauth_client_rock *rock)
+static krb5_error_code
+fast_set_kdc_verified(krb5_context context,
+                      preauth_get_client_data_proc get_data,
+                      struct _krb5_preauth_client_rock *rock)
 {
     return 0;
 }
diff --git a/src/plugins/preauth/pkinit/Makefile.in b/src/plugins/preauth/pkinit/Makefile.in
index b6c4ea5..6f10cea 100644
--- a/src/plugins/preauth/pkinit/Makefile.in
+++ b/src/plugins/preauth/pkinit/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/preauth/pkinit
 mydir=plugins/preauth/pkinit
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
diff --git a/src/plugins/preauth/pkinit/deps b/src/plugins/preauth/pkinit/deps
index 8600c2b..c59de0b 100644
--- a/src/plugins/preauth/pkinit/deps
+++ b/src/plugins/preauth/pkinit/deps
@@ -4,58 +4,59 @@
 pkinit_accessor.so pkinit_accessor.po $(OUTPRE)pkinit_accessor.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h pkinit_accessor.c \
-  pkinit_accessor.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkinit_accessor.c pkinit_accessor.h
 pkinit_srv.so pkinit_srv.po $(OUTPRE)pkinit_srv.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(srcdir)/../fast_factor.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
   pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
   pkinit_srv.c
 pkinit_lib.so pkinit_lib.po $(OUTPRE)pkinit_lib.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \
-  pkinit_accessor.h pkinit_crypto.h pkinit_lib.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_lib.c
 pkinit_clnt.so pkinit_clnt.po $(OUTPRE)pkinit_clnt.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(srcdir)/../fast_factor.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../fast_factor.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
   pkcs11.h pkinit.h pkinit_accessor.h pkinit_clnt.c pkinit_crypto.h
 pkinit_profile.so pkinit_profile.po $(OUTPRE)pkinit_profile.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h pkcs11.h pkinit.h \
-  pkinit_accessor.h pkinit_crypto.h pkinit_profile.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
+  pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
+  pkinit_profile.c
 pkinit_identity.so pkinit_identity.po $(OUTPRE)pkinit_identity.$(OBJEXT): \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
-  pkinit_identity.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_identity.c
 pkinit_matching.so pkinit_matching.po $(OUTPRE)pkinit_matching.$(OBJEXT): \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  pkcs11.h pkinit.h pkinit_accessor.h pkinit_crypto.h \
-  pkinit_matching.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_matching.c
 pkinit_crypto_openssl.so pkinit_crypto_openssl.po $(OUTPRE)pkinit_crypto_openssl.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h pkcs11.h pkinit.h \
-  pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h pkcs11.h \
+  pkinit.h pkinit_accessor.h pkinit_crypto.h pkinit_crypto_openssl.c \
   pkinit_crypto_openssl.h
diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.c b/src/plugins/preauth/pkinit/pkinit_accessor.c
index e310b00..acfbde6 100644
--- a/src/plugins/preauth/pkinit/pkinit_accessor.c
+++ b/src/plugins/preauth/pkinit/pkinit_accessor.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -31,13 +32,13 @@
 #include <k5-int.h>
 #include "pkinit_accessor.h"
 
-#define DEF_FUNC_PTRS(type) \
-krb5_error_code (*k5int_encode_##type)(const type *, krb5_data **); \
-krb5_error_code (*k5int_decode_##type)(const krb5_data *, type **)
+#define DEF_FUNC_PTRS(type)                                             \
+    krb5_error_code (*k5int_encode_##type)(const type *, krb5_data **); \
+    krb5_error_code (*k5int_decode_##type)(const krb5_data *, type **)
 
-#define DEF_FUNC_PTRS_ARRAY(type) \
-krb5_error_code (*k5int_encode_##type)(const type **, krb5_data **); \
-krb5_error_code (*k5int_decode_##type)(const krb5_data *, type ***)
+#define DEF_FUNC_PTRS_ARRAY(type)                                       \
+    krb5_error_code (*k5int_encode_##type)(const type **, krb5_data **); \
+    krb5_error_code (*k5int_decode_##type)(const krb5_data *, type ***)
 
 DEF_FUNC_PTRS(krb5_auth_pack);
 DEF_FUNC_PTRS(krb5_auth_pack_draft9);
@@ -51,29 +52,39 @@ DEF_FUNC_PTRS(krb5_reply_key_pack_draft9);
 DEF_FUNC_PTRS_ARRAY(krb5_typed_data);
 
 /* special cases... */
-krb5_error_code (*k5int_decode_krb5_principal_name)
-	(const krb5_data *, krb5_principal_data **);
+krb5_error_code
+(*k5int_decode_krb5_principal_name)(const krb5_data *, krb5_principal_data **);
 
-krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
-	(const krb5_algorithm_identifier **, krb5_data **code);
-krb5_error_code (*k5int_decode_krb5_td_dh_parameters)
-	(const krb5_data *, krb5_algorithm_identifier ***);
+krb5_error_code
+(*k5int_encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+                                      krb5_data **code);
+krb5_error_code
+(*k5int_decode_krb5_td_dh_parameters)(const krb5_data *,
+                                      krb5_algorithm_identifier ***);
 
-krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers)
-	(const krb5_external_principal_identifier **, krb5_data **code);
-krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers)
-	(const krb5_data *, krb5_external_principal_identifier ***);
+krb5_error_code
+(*k5int_encode_krb5_td_trusted_certifiers)
+(const krb5_external_principal_identifier **, krb5_data **code);
 
-krb5_error_code (*k5int_decode_krb5_as_req)
-	(const krb5_data *output, krb5_kdc_req **rep);
-krb5_error_code (*k5int_encode_krb5_kdc_req_body)
-	(const krb5_kdc_req *rep, krb5_data **code);
-void KRB5_CALLCONV (*k5int_krb5_free_kdc_req)
-	(krb5_context, krb5_kdc_req * );
-void (*k5int_set_prompt_types)
-	(krb5_context, krb5_prompt_type *);
-krb5_error_code (*k5int_encode_krb5_authdata_elt)
-	(const krb5_authdata *rep, krb5_data **code);
+krb5_error_code
+(*k5int_decode_krb5_td_trusted_certifiers)
+(const krb5_data *,
+ krb5_external_principal_identifier ***);
+
+krb5_error_code
+(*k5int_decode_krb5_as_req)(const krb5_data *output, krb5_kdc_req **rep);
+
+krb5_error_code
+(*k5int_encode_krb5_kdc_req_body)(const krb5_kdc_req *rep, krb5_data **code);
+
+void KRB5_CALLCONV
+(*k5int_krb5_free_kdc_req)(krb5_context, krb5_kdc_req * );
+
+void
+(*k5int_set_prompt_types)(krb5_context, krb5_prompt_type *);
+
+krb5_error_code
+(*k5int_encode_krb5_authdata_elt)(const krb5_authdata *rep, krb5_data **code);
 
 
 
@@ -89,10 +100,10 @@ pkinit_accessor_init(void)
 
     retval = krb5int_accessor(&k5int, KRB5INT_ACCESS_VERSION);
     if (retval)
-	return retval;
-#define SET_PTRS(type) \
-k5int_encode_##type = k5int.encode_##type; \
-k5int_decode_##type = k5int.decode_##type;
+        return retval;
+#define SET_PTRS(type)                          \
+    k5int_encode_##type = k5int.encode_##type;  \
+    k5int_decode_##type = k5int.decode_##type;
 
     SET_PTRS(krb5_auth_pack);
     SET_PTRS(krb5_auth_pack_draft9);
diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c
index 7fa42f3..ba1e434 100644
--- a/src/plugins/preauth/pkinit/pkinit_clnt.c
+++ b/src/plugins/preauth/pkinit/pkinit_clnt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -43,7 +44,6 @@
 /* Remove when FAST PKINIT is settled. */
 #include "../fast_factor.h"
 
-#ifdef LONGHORN_BETA_COMPAT
 /*
  * It is anticipated that all the special checks currently
  * required when talking to a Longhorn server will go away
@@ -55,34 +55,33 @@
  * version of Longhorn.  Most, if not all, problems should
  * be fixed in SP1 of Longhorn.
  */
-int longhorn = 0;	/* Talking to a Longhorn server? */
-#endif
+int longhorn = 0;       /* Talking to a Longhorn server? */
 
-static krb5_error_code pkinit_as_req_create
-	(krb5_context context, pkinit_context plgctx,
-		pkinit_req_context reqctx, krb5_timestamp ctsec,
-		krb5_int32 cusec, krb5_ui_4 nonce,
-		const krb5_checksum * cksum, krb5_principal server,
-		krb5_data ** as_req);
+static krb5_error_code
+pkinit_as_req_create(krb5_context context, pkinit_context plgctx,
+                     pkinit_req_context reqctx, krb5_timestamp ctsec,
+                     krb5_int32 cusec, krb5_ui_4 nonce,
+                     const krb5_checksum *cksum, krb5_principal server,
+                     krb5_data **as_req);
 
-static krb5_error_code pkinit_as_rep_parse
-	(krb5_context context, pkinit_context plgctx,
-		pkinit_req_context reqctx, krb5_preauthtype pa_type,
-		krb5_kdc_req * request, const krb5_data * as_rep,
-		krb5_keyblock * key_block, krb5_enctype etype, krb5_data *);
+static krb5_error_code
+pkinit_as_rep_parse(krb5_context context, pkinit_context plgctx,
+                    pkinit_req_context reqctx, krb5_preauthtype pa_type,
+                    krb5_kdc_req *request, const krb5_data *as_rep,
+                    krb5_keyblock *key_block, krb5_enctype etype, krb5_data *);
 
 static void pkinit_client_plugin_fini(krb5_context context, void *blob);
 
 static krb5_error_code
 pa_pkinit_gen_req(krb5_context context,
-		  pkinit_context plgctx,
-		  pkinit_req_context reqctx,
-		  krb5_kdc_req * request,
-		  krb5_pa_data * in_padata,
-		  krb5_pa_data *** out_padata,
-		  krb5_prompter_fct prompter,
-		  void *prompter_data,
-		  krb5_get_init_creds_opt *gic_opt)
+                  pkinit_context plgctx,
+                  pkinit_req_context reqctx,
+                  krb5_kdc_req * request,
+                  krb5_pa_data * in_padata,
+                  krb5_pa_data *** out_padata,
+                  krb5_prompter_fct prompter,
+                  void *prompter_data,
+                  krb5_get_init_creds_opt *gic_opt)
 {
 
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
@@ -98,31 +97,31 @@ pa_pkinit_gen_req(krb5_context context,
     reqctx->pa_type = in_padata->pa_type;
 
     pkiDebug("kdc_options = 0x%x  till = %d\n",
-	     request->kdc_options, request->till);
+             request->kdc_options, request->till);
     /* If we don't have a client, we're done */
     if (request->client == NULL) {
-	pkiDebug("No request->client; aborting PKINIT\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("No request->client; aborting PKINIT\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     retval = pkinit_get_kdc_cert(context, plgctx->cryptoctx, reqctx->cryptoctx,
-				 reqctx->idctx, request->server);
+                                 reqctx->idctx, request->server);
     if (retval) {
-	pkiDebug("pkinit_get_kdc_cert returned %d\n", retval);
-	goto cleanup;
+        pkiDebug("pkinit_get_kdc_cert returned %d\n", retval);
+        goto cleanup;
     }
 
     /* checksum of the encoded KDC-REQ-BODY */
     retval = k5int_encode_krb5_kdc_req_body(request, &der_req);
     if (retval) {
-	pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
-	goto cleanup;
+        pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
+        goto cleanup;
     }
 
     retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL, 0,
-				  der_req, &cksum);
+                                  der_req, &cksum);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 #ifdef DEBUG_CKSUM
     pkiDebug("calculating checksum on buf size (%d)\n", der_req->length);
     print_buffer(der_req->data, der_req->length);
@@ -130,7 +129,7 @@ pa_pkinit_gen_req(krb5_context context,
 
     retval = krb5_us_timeofday(context, &ctsec, &cusec);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* XXX PKINIT RFC says that nonce in PKAuthenticator doesn't have be the
      * same as in the AS_REQ. However, if we pick a different nonce, then we
@@ -140,11 +139,11 @@ pa_pkinit_gen_req(krb5_context context,
     nonce = request->nonce;
 
     retval = pkinit_as_req_create(context, plgctx, reqctx, ctsec, cusec,
-				  nonce, &cksum, request->server, &out_data);
+                                  nonce, &cksum, request->server, &out_data);
     if (retval || !out_data->length) {
-	pkiDebug("error %d on pkinit_as_req_create; aborting PKINIT\n",
-		 (int) retval);
-	goto cleanup;
+        pkiDebug("error %d on pkinit_as_req_create; aborting PKINIT\n",
+                 (int) retval);
+        goto cleanup;
     }
     retval = ENOMEM;
     /*
@@ -153,79 +152,74 @@ pa_pkinit_gen_req(krb5_context context,
      */
     return_pa_data = malloc(3 * sizeof(krb5_pa_data *));
     if (return_pa_data == NULL)
-	goto cleanup;
+        goto cleanup;
 
-    return_pa_data[1] = NULL;	/* in case of an early trip to cleanup */
-    return_pa_data[2] = NULL;	/* Terminate the list */
+    return_pa_data[1] = NULL;   /* in case of an early trip to cleanup */
+    return_pa_data[2] = NULL;   /* Terminate the list */
 
     return_pa_data[0] = malloc(sizeof(krb5_pa_data));
     if (return_pa_data[0] == NULL)
-	goto cleanup;
+        goto cleanup;
 
     return_pa_data[1] = malloc(sizeof(krb5_pa_data));
     if (return_pa_data[1] == NULL)
-	goto cleanup;
+        goto cleanup;
 
     return_pa_data[0]->magic = KV5M_PA_DATA;
 
     if (in_padata->pa_type == KRB5_PADATA_PK_AS_REQ_OLD)
-	return_pa_data[0]->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
+        return_pa_data[0]->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
     else
-	return_pa_data[0]->pa_type = in_padata->pa_type;
+        return_pa_data[0]->pa_type = in_padata->pa_type;
     return_pa_data[0]->length = out_data->length;
     return_pa_data[0]->contents = (krb5_octet *) out_data->data;
 
-#ifdef LONGHORN_BETA_COMPAT
     /*
      * LH Beta 3 requires the extra pa-data, even for RFC requests,
      * in order to get the Checksum rather than a Nonce in the reply.
      * This can be removed when LH SP1 is released.
      */
     if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
-	&& reqctx->opts->win2k_require_cksum) || (longhorn == 1)) {
-#else
-    if ((return_pa_data[0]->pa_type == KRB5_PADATA_PK_AS_REP_OLD
-	&& reqctx->opts->win2k_require_cksum)) {
-#endif
-	return_pa_data[1]->pa_type = 132;
-	return_pa_data[1]->length = 0;
-	return_pa_data[1]->contents = NULL;
+         && reqctx->opts->win2k_require_cksum) || (longhorn == 1)) {
+        return_pa_data[1]->pa_type = 132;
+        return_pa_data[1]->length = 0;
+        return_pa_data[1]->contents = NULL;
     } else {
-	free(return_pa_data[1]);
-	return_pa_data[1] = NULL;   /* Move the list terminator */
+        free(return_pa_data[1]);
+        return_pa_data[1] = NULL;   /* Move the list terminator */
     }
     *out_padata = return_pa_data;
     retval = 0;
 
-  cleanup:
+cleanup:
     if (der_req != NULL)
-	krb5_free_data(context, der_req);
+        krb5_free_data(context, der_req);
     free(out_data);
 
     if (retval) {
-	if (return_pa_data) {
-	    free(return_pa_data[0]);
-	    free(return_pa_data[1]);
-	    free(return_pa_data);
-	}
-	if (out_data) {
-	    free(out_data->data);
-	    free(out_data);
-	}
+        if (return_pa_data) {
+            free(return_pa_data[0]);
+            free(return_pa_data[1]);
+            free(return_pa_data);
+        }
+        if (out_data) {
+            free(out_data->data);
+            free(out_data);
+        }
     }
     return retval;
 }
 
 static krb5_error_code
 pkinit_as_req_create(krb5_context context,
-		     pkinit_context plgctx,
-		     pkinit_req_context reqctx,
-		     krb5_timestamp ctsec,
-		     krb5_int32 cusec,
-		     krb5_ui_4 nonce,
-		     const krb5_checksum * cksum,
-		     krb5_principal server,
-		     krb5_data ** as_req)
+                     pkinit_context plgctx,
+                     pkinit_req_context reqctx,
+                     krb5_timestamp ctsec,
+                     krb5_int32 cusec,
+                     krb5_ui_4 nonce,
+                     const krb5_checksum * cksum,
+                     krb5_principal server,
+                     krb5_data ** as_req)
 {
     krb5_error_code retval = ENOMEM;
     krb5_subject_pk_info *info = NULL;
@@ -240,199 +234,199 @@ pkinit_as_req_create(krb5_context context,
 
     /* Create the authpack */
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    protocol = RSA_PROTOCOL;
-	    init_krb5_auth_pack_draft9(&auth_pack9);
-	    if (auth_pack9 == NULL)
-		goto cleanup;
-	    auth_pack9->pkAuthenticator.ctime = ctsec;
-	    auth_pack9->pkAuthenticator.cusec = cusec;
-	    auth_pack9->pkAuthenticator.nonce = nonce;
-	    auth_pack9->pkAuthenticator.kdcName = server;
-	    auth_pack9->pkAuthenticator.kdcRealm.magic = 0;
-	    auth_pack9->pkAuthenticator.kdcRealm.data =
-					(unsigned char *)server->realm.data;
-	    auth_pack9->pkAuthenticator.kdcRealm.length = server->realm.length;
-	    free(cksum->contents);
-	    break;
-	case KRB5_PADATA_PK_AS_REQ:
-	    init_krb5_subject_pk_info(&info);
-	    if (info == NULL)
-		goto cleanup;
-	    init_krb5_auth_pack(&auth_pack);
-	    if (auth_pack == NULL)
-		goto cleanup;
-	    auth_pack->pkAuthenticator.ctime = ctsec;
-	    auth_pack->pkAuthenticator.cusec = cusec;
-	    auth_pack->pkAuthenticator.nonce = nonce;
-	    auth_pack->pkAuthenticator.paChecksum = *cksum;
-	    auth_pack->clientDHNonce.length = 0;
-	    auth_pack->clientPublicValue = info;
-
-	    /* add List of CMS algorithms */
-	    retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
-			reqctx->cryptoctx, reqctx->idctx,
-			&auth_pack->supportedCMSTypes);
-	    if (retval)
-		goto cleanup;
-	    break;
-	default:
-	    pkiDebug("as_req: unrecognized pa_type = %d\n",
-		    (int)reqctx->pa_type);
-	    retval = -1;
-	    goto cleanup;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        protocol = RSA_PROTOCOL;
+        init_krb5_auth_pack_draft9(&auth_pack9);
+        if (auth_pack9 == NULL)
+            goto cleanup;
+        auth_pack9->pkAuthenticator.ctime = ctsec;
+        auth_pack9->pkAuthenticator.cusec = cusec;
+        auth_pack9->pkAuthenticator.nonce = nonce;
+        auth_pack9->pkAuthenticator.kdcName = server;
+        auth_pack9->pkAuthenticator.kdcRealm.magic = 0;
+        auth_pack9->pkAuthenticator.kdcRealm.data =
+            (unsigned char *)server->realm.data;
+        auth_pack9->pkAuthenticator.kdcRealm.length = server->realm.length;
+        free(cksum->contents);
+        break;
+    case KRB5_PADATA_PK_AS_REQ:
+        init_krb5_subject_pk_info(&info);
+        if (info == NULL)
+            goto cleanup;
+        init_krb5_auth_pack(&auth_pack);
+        if (auth_pack == NULL)
+            goto cleanup;
+        auth_pack->pkAuthenticator.ctime = ctsec;
+        auth_pack->pkAuthenticator.cusec = cusec;
+        auth_pack->pkAuthenticator.nonce = nonce;
+        auth_pack->pkAuthenticator.paChecksum = *cksum;
+        auth_pack->clientDHNonce.length = 0;
+        auth_pack->clientPublicValue = info;
+
+        /* add List of CMS algorithms */
+        retval = create_krb5_supportedCMSTypes(context, plgctx->cryptoctx,
+                                               reqctx->cryptoctx, reqctx->idctx,
+                                               &auth_pack->supportedCMSTypes);
+        if (retval)
+            goto cleanup;
+        break;
+    default:
+        pkiDebug("as_req: unrecognized pa_type = %d\n",
+                 (int)reqctx->pa_type);
+        retval = -1;
+        goto cleanup;
     }
 
     switch(protocol) {
-	case DH_PROTOCOL:
-	    pkiDebug("as_req: DH key transport algorithm\n");
-	    retval = pkinit_copy_krb5_octet_data(&info->algorithm.algorithm, &dh_oid);
-	    if (retval) {
-		pkiDebug("failed to copy dh_oid\n");
-		goto cleanup;
-	    }
-
-	    /* create client-side DH keys */
-	    if ((retval = client_create_dh(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, reqctx->idctx, reqctx->opts->dh_size,
-		    &info->algorithm.parameters.data,
-		    &info->algorithm.parameters.length,
-		    &info->subjectPublicKey.data,
-		    &info->subjectPublicKey.length)) != 0) {
-		pkiDebug("failed to create dh parameters\n");
-		goto cleanup;
-	    }
-	    break;
-	case RSA_PROTOCOL:
-	    pkiDebug("as_req: RSA key transport algorithm\n");
-	    switch((int)reqctx->pa_type) {
-		case KRB5_PADATA_PK_AS_REQ_OLD:
-		    auth_pack9->clientPublicValue = NULL;
-		    break;
-		case KRB5_PADATA_PK_AS_REQ:
-		    free_krb5_subject_pk_info(&info);
-		    auth_pack->clientPublicValue = NULL;
-		    break;
-	    }
-	    break;
-	default:
-	    pkiDebug("as_req: unknown key transport protocol %d\n",
-		    protocol);
-	    retval = -1;
-	    goto cleanup;
+    case DH_PROTOCOL:
+        pkiDebug("as_req: DH key transport algorithm\n");
+        retval = pkinit_copy_krb5_octet_data(&info->algorithm.algorithm, &dh_oid);
+        if (retval) {
+            pkiDebug("failed to copy dh_oid\n");
+            goto cleanup;
+        }
+
+        /* create client-side DH keys */
+        if ((retval = client_create_dh(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, reqctx->idctx, reqctx->opts->dh_size,
+                                       &info->algorithm.parameters.data,
+                                       &info->algorithm.parameters.length,
+                                       &info->subjectPublicKey.data,
+                                       &info->subjectPublicKey.length)) != 0) {
+            pkiDebug("failed to create dh parameters\n");
+            goto cleanup;
+        }
+        break;
+    case RSA_PROTOCOL:
+        pkiDebug("as_req: RSA key transport algorithm\n");
+        switch((int)reqctx->pa_type) {
+        case KRB5_PADATA_PK_AS_REQ_OLD:
+            auth_pack9->clientPublicValue = NULL;
+            break;
+        case KRB5_PADATA_PK_AS_REQ:
+            free_krb5_subject_pk_info(&info);
+            auth_pack->clientPublicValue = NULL;
+            break;
+        }
+        break;
+    default:
+        pkiDebug("as_req: unknown key transport protocol %d\n",
+                 protocol);
+        retval = -1;
+        goto cleanup;
     }
 
     /* Encode the authpack */
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    retval = k5int_encode_krb5_auth_pack(auth_pack, &coded_auth_pack);
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    retval = k5int_encode_krb5_auth_pack_draft9(auth_pack9,
-							&coded_auth_pack);
-	    break;
+    case KRB5_PADATA_PK_AS_REQ:
+        retval = k5int_encode_krb5_auth_pack(auth_pack, &coded_auth_pack);
+        break;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        retval = k5int_encode_krb5_auth_pack_draft9(auth_pack9,
+                                                    &coded_auth_pack);
+        break;
     }
     if (retval) {
-	pkiDebug("failed to encode the AuthPack %d\n", retval);
-	goto cleanup;
+        pkiDebug("failed to encode the AuthPack %d\n", retval);
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)coded_auth_pack->data,
-		     coded_auth_pack->length,
-		     "/tmp/client_auth_pack");
+                     coded_auth_pack->length,
+                     "/tmp/client_auth_pack");
 #endif
 
     /* create PKCS7 object from authpack */
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    init_krb5_pa_pk_as_req(&req);
-	    if (req == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    retval = cms_signeddata_create(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1,
-		(unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
-		&req->signedAuthPack.data, &req->signedAuthPack.length);
+    case KRB5_PADATA_PK_AS_REQ:
+        init_krb5_pa_pk_as_req(&req);
+        if (req == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_CLIENT, 1,
+                                       (unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
+                                       &req->signedAuthPack.data, &req->signedAuthPack.length);
 #ifdef DEBUG_ASN1
-	    print_buffer_bin((unsigned char *)req->signedAuthPack.data,
-			     req->signedAuthPack.length,
-			     "/tmp/client_signed_data");
+        print_buffer_bin((unsigned char *)req->signedAuthPack.data,
+                         req->signedAuthPack.length,
+                         "/tmp/client_signed_data");
 #endif
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    init_krb5_pa_pk_as_req_draft9(&req9);
-	    if (req9 == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    retval = cms_signeddata_create(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_DRAFT9, 1,
-		(unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
-		&req9->signedAuthPack.data, &req9->signedAuthPack.length);
-	    break;
+        break;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        init_krb5_pa_pk_as_req_draft9(&req9);
+        if (req9 == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_DRAFT9, 1,
+                                       (unsigned char *)coded_auth_pack->data, coded_auth_pack->length,
+                                       &req9->signedAuthPack.data, &req9->signedAuthPack.length);
+        break;
 #ifdef DEBUG_ASN1
-	    print_buffer_bin((unsigned char *)req9->signedAuthPack.data,
-			     req9->signedAuthPack.length,
-			     "/tmp/client_signed_data_draft9");
+        print_buffer_bin((unsigned char *)req9->signedAuthPack.data,
+                         req9->signedAuthPack.length,
+                         "/tmp/client_signed_data_draft9");
 #endif
     }
     krb5_free_data(context, coded_auth_pack);
     if (retval) {
-	pkiDebug("failed to create pkcs7 signed data\n");
-	goto cleanup;
+        pkiDebug("failed to create pkcs7 signed data\n");
+        goto cleanup;
     }
 
     /* create a list of trusted CAs */
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, &req->trustedCertifiers);
-	    if (retval)
-		goto cleanup;
-	    retval = create_issuerAndSerial(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, &req->kdcPkId.data,
-		&req->kdcPkId.length);
-	    if (retval)
-		goto cleanup;
-
-	    /* Encode the as-req */
-	    retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_OLD:
+    case KRB5_PADATA_PK_AS_REQ:
+        retval = create_krb5_trustedCertifiers(context, plgctx->cryptoctx,
+                                               reqctx->cryptoctx, reqctx->idctx, &req->trustedCertifiers);
+        if (retval)
+            goto cleanup;
+        retval = create_issuerAndSerial(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx, &req->kdcPkId.data,
+                                        &req->kdcPkId.length);
+        if (retval)
+            goto cleanup;
+
+        /* Encode the as-req */
+        retval = k5int_encode_krb5_pa_pk_as_req(req, as_req);
+        break;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
 #if 0
-	    /* W2K3 KDC doesn't like this */
-	    retval = create_krb5_trustedCas(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, 1, &req9->trustedCertifiers);
-	    if (retval)
-		goto cleanup;
+        /* W2K3 KDC doesn't like this */
+        retval = create_krb5_trustedCas(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx, 1, &req9->trustedCertifiers);
+        if (retval)
+            goto cleanup;
 
 #endif
-	    retval = create_issuerAndSerial(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, &req9->kdcCert.data,
-		&req9->kdcCert.length);
-	    if (retval)
-		goto cleanup;
-	    /* Encode the as-req */
-	    retval = k5int_encode_krb5_pa_pk_as_req_draft9(req9, as_req);
-	    break;
+        retval = create_issuerAndSerial(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx, &req9->kdcCert.data,
+                                        &req9->kdcCert.length);
+        if (retval)
+            goto cleanup;
+        /* Encode the as-req */
+        retval = k5int_encode_krb5_pa_pk_as_req_draft9(req9, as_req);
+        break;
     }
 #ifdef DEBUG_ASN1
     if (!retval)
-	print_buffer_bin((unsigned char *)(*as_req)->data, (*as_req)->length,
-			 "/tmp/client_as_req");
+        print_buffer_bin((unsigned char *)(*as_req)->data, (*as_req)->length,
+                         "/tmp/client_as_req");
 #endif
 
 cleanup:
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    free_krb5_auth_pack(&auth_pack);
-	    free_krb5_pa_pk_as_req(&req);
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    free_krb5_pa_pk_as_req_draft9(&req9);
-	    free(auth_pack9);
-	    break;
+    case KRB5_PADATA_PK_AS_REQ:
+        free_krb5_auth_pack(&auth_pack);
+        free_krb5_pa_pk_as_req(&req);
+        break;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        free_krb5_pa_pk_as_req_draft9(&req9);
+        free(auth_pack9);
+        break;
     }
 
 
@@ -443,13 +437,13 @@ cleanup:
 
 static krb5_error_code
 pa_pkinit_parse_rep(krb5_context context,
-		    pkinit_context plgctx,
-		    pkinit_req_context reqctx,
-		    krb5_kdc_req * request,
-		    krb5_pa_data * in_padata,
-		    krb5_enctype etype,
-		    krb5_keyblock * as_key,
-		    krb5_data *encoded_request)
+                    pkinit_context plgctx,
+                    pkinit_req_context reqctx,
+                    krb5_kdc_req * request,
+                    krb5_pa_data * in_padata,
+                    krb5_enctype etype,
+                    krb5_keyblock * as_key,
+                    krb5_data *encoded_request)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     krb5_data asRep = { 0, 0, NULL};
@@ -460,20 +454,20 @@ pa_pkinit_parse_rep(krb5_context context,
      * decrypt the key.
      */
     if ((in_padata == NULL) || (in_padata->length == 0)) {
-	pkiDebug("pa_pkinit_parse_rep: no in_padata\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("pa_pkinit_parse_rep: no in_padata\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     asRep.data = (char *) in_padata->contents;
     asRep.length = in_padata->length;
 
     retval =
-	pkinit_as_rep_parse(context, plgctx, reqctx, in_padata->pa_type,
-			    request, &asRep, as_key, etype, encoded_request);
+        pkinit_as_rep_parse(context, plgctx, reqctx, in_padata->pa_type,
+                            request, &asRep, as_key, etype, encoded_request);
     if (retval) {
-	pkiDebug("pkinit_as_rep_parse returned %d (%s)\n",
-		 retval, error_message(retval));
-	goto cleanup;
+        pkiDebug("pkinit_as_rep_parse returned %d (%s)\n",
+                 retval, error_message(retval));
+        goto cleanup;
     }
 
     retval = 0;
@@ -485,11 +479,11 @@ cleanup:
 
 static krb5_error_code
 verify_kdc_san(krb5_context context,
-	       pkinit_context plgctx,
-	       pkinit_req_context reqctx,
-	       krb5_principal kdcprinc,
-	       int *valid_san,
-	       int *need_eku_checking)
+               pkinit_context plgctx,
+               pkinit_req_context reqctx,
+               krb5_principal kdcprinc,
+               int *valid_san,
+               int *need_eku_checking)
 {
     krb5_error_code retval;
     char **certhosts = NULL, **cfghosts = NULL;
@@ -501,76 +495,76 @@ verify_kdc_san(krb5_context context,
     *need_eku_checking = 1;
 
     retval = pkinit_libdefault_strings(context,
-				       krb5_princ_realm(context, kdcprinc),
-				       KRB5_CONF_PKINIT_KDC_HOSTNAME,
-				       &cfghosts);
+                                       krb5_princ_realm(context, kdcprinc),
+                                       KRB5_CONF_PKINIT_KDC_HOSTNAME,
+                                       &cfghosts);
     if (retval || cfghosts == NULL) {
-	pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
-		 __FUNCTION__);
-	get_dns = NULL;
+        pkiDebug("%s: No pkinit_kdc_hostname values found in config file\n",
+                 __FUNCTION__);
+        get_dns = NULL;
     } else {
-	pkiDebug("%s: pkinit_kdc_hostname values found in config file\n",
-		 __FUNCTION__);
-	get_dns = (unsigned char ***)&certhosts;
+        pkiDebug("%s: pkinit_kdc_hostname values found in config file\n",
+                 __FUNCTION__);
+        get_dns = (unsigned char ***)&certhosts;
     }
 
     retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
-				       reqctx->cryptoctx, reqctx->idctx,
-				       &princs, NULL, get_dns);
+                                       reqctx->cryptoctx, reqctx->idctx,
+                                       &princs, NULL, get_dns);
     if (retval) {
-	pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
-	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
-	goto out;
+        pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto out;
     }
 #if 0
     retval = call_san_checking_plugins(context, plgctx, reqctx, idctx,
-				       princs, hosts, &plugin_decision,
-				       need_eku_checking);
+                                       princs, hosts, &plugin_decision,
+                                       need_eku_checking);
     pkiDebug("%s: call_san_checking_plugins() returned retval %d\n",
-	     __FUNCTION__);
+             __FUNCTION__);
     if (retval) {
-	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
-	goto out;
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto out;
     }
     pkiDebug("%s: call_san_checking_plugins() returned decision %d and "
-	     "need_eku_checking %d\n",
-	     __FUNCTION__, plugin_decision, *need_eku_checking);
+             "need_eku_checking %d\n",
+             __FUNCTION__, plugin_decision, *need_eku_checking);
     if (plugin_decision != NO_DECISION) {
-	retval = plugin_decision;
-	goto out;
+        retval = plugin_decision;
+        goto out;
     }
 #endif
 
     pkiDebug("%s: Checking pkinit sans\n", __FUNCTION__);
     for (i = 0; princs != NULL && princs[i] != NULL; i++) {
-	if (krb5_principal_compare(context, princs[i], kdcprinc)) {
-	    pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
-	    *valid_san = 1;
-	    *need_eku_checking = 0;
-	    retval = 0;
-	    goto out;
-	}
+        if (krb5_principal_compare(context, princs[i], kdcprinc)) {
+            pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
+            *valid_san = 1;
+            *need_eku_checking = 0;
+            retval = 0;
+            goto out;
+        }
     }
     pkiDebug("%s: no pkinit san match found\n", __FUNCTION__);
 
     if (certhosts == NULL) {
-	pkiDebug("%s: no certhosts (or we wouldn't accept them anyway)\n",
-		 __FUNCTION__);
-	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
-	goto out;
+        pkiDebug("%s: no certhosts (or we wouldn't accept them anyway)\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto out;
     }
 
     for (i = 0; certhosts[i] != NULL; i++) {
-	for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
-	    pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
-		     __FUNCTION__, certhosts[i], cfghosts[j]);
-	    if (strcmp(certhosts[i], cfghosts[j]) == 0) {
-		pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
-		*valid_san = 1;
-		retval = 0;
-		goto out;
-	    }
-	}
+        for (j = 0; cfghosts != NULL && cfghosts[j] != NULL; j++) {
+            pkiDebug("%s: comparing cert name '%s' with config name '%s'\n",
+                     __FUNCTION__, certhosts[i], cfghosts[j]);
+            if (strcmp(certhosts[i], cfghosts[j]) == 0) {
+                pkiDebug("%s: we have a dnsName match\n", __FUNCTION__);
+                *valid_san = 1;
+                retval = 0;
+                goto out;
+            }
+        }
     }
     pkiDebug("%s: no dnsName san match found\n", __FUNCTION__);
 
@@ -579,53 +573,53 @@ verify_kdc_san(krb5_context context,
 
 out:
     if (princs != NULL) {
-	for (i = 0; princs[i] != NULL; i++)
-	    krb5_free_principal(context, princs[i]);
-	free(princs);
+        for (i = 0; princs[i] != NULL; i++)
+            krb5_free_principal(context, princs[i]);
+        free(princs);
     }
     if (certhosts != NULL) {
-	for (i = 0; certhosts[i] != NULL; i++)
-	    free(certhosts[i]);
-	free(certhosts);
+        for (i = 0; certhosts[i] != NULL; i++)
+            free(certhosts[i]);
+        free(certhosts);
     }
     if (cfghosts != NULL)
-	profile_free_list(cfghosts);
+        profile_free_list(cfghosts);
 
     pkiDebug("%s: returning retval %d, valid_san %d, need_eku_checking %d\n",
-	     __FUNCTION__, retval, *valid_san, *need_eku_checking);
+             __FUNCTION__, retval, *valid_san, *need_eku_checking);
     return retval;
 }
 
 static krb5_error_code
 verify_kdc_eku(krb5_context context,
-	       pkinit_context plgctx,
-	       pkinit_req_context reqctx,
-	       int *eku_accepted)
+               pkinit_context plgctx,
+               pkinit_req_context reqctx,
+               int *eku_accepted)
 {
     krb5_error_code retval;
 
     *eku_accepted = 0;
 
     if (reqctx->opts->require_eku == 0) {
-	pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
-	*eku_accepted = 1;
-	retval = 0;
-	goto out;
+        pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
+        *eku_accepted = 1;
+        retval = 0;
+        goto out;
     }
     retval = crypto_check_cert_eku(context, plgctx->cryptoctx,
-				   reqctx->cryptoctx, reqctx->idctx,
-				   1, /* kdc cert */
-				   reqctx->opts->accept_secondary_eku,
-				   eku_accepted);
+                                   reqctx->cryptoctx, reqctx->idctx,
+                                   1, /* kdc cert */
+                                   reqctx->opts->accept_secondary_eku,
+                                   eku_accepted);
     if (retval) {
-	pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
-		 __FUNCTION__, retval, error_message(retval));
-	goto out;
+        pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto out;
     }
 
 out:
     pkiDebug("%s: returning retval %d, eku_accepted %d\n",
-	     __FUNCTION__, retval, *eku_accepted);
+             __FUNCTION__, retval, *eku_accepted);
     return retval;
 }
 
@@ -636,14 +630,14 @@ out:
  */
 static krb5_error_code
 pkinit_as_rep_parse(krb5_context context,
-		    pkinit_context plgctx,
-  		    pkinit_req_context reqctx,
-		    krb5_preauthtype pa_type,
-		    krb5_kdc_req *request,
-		    const krb5_data *as_rep,
-		    krb5_keyblock *key_block,
-		    krb5_enctype etype,
-		    krb5_data *encoded_request)
+                    pkinit_context plgctx,
+                    pkinit_req_context reqctx,
+                    krb5_preauthtype pa_type,
+                    krb5_kdc_req *request,
+                    const krb5_data *as_rep,
+                    krb5_keyblock *key_block,
+                    krb5_enctype etype,
+                    krb5_data *encoded_request)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     krb5_pa_pk_as_rep *kdc_reply = NULL;
@@ -663,193 +657,193 @@ pkinit_as_rep_parse(krb5_context context,
 
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)as_rep->data, as_rep->length,
-		     "/tmp/client_as_rep");
+                     "/tmp/client_as_rep");
 #endif
 
     if ((retval = k5int_decode_krb5_pa_pk_as_rep(as_rep, &kdc_reply))) {
-	pkiDebug("decode_krb5_as_rep failed %d\n", retval);
-	return retval;
+        pkiDebug("decode_krb5_as_rep failed %d\n", retval);
+        return retval;
     }
 
     switch(kdc_reply->choice) {
-	case choice_pa_pk_as_rep_dhInfo:
-	    pkiDebug("as_rep: DH key transport algorithm\n");
+    case choice_pa_pk_as_rep_dhInfo:
+        pkiDebug("as_rep: DH key transport algorithm\n");
 #ifdef DEBUG_ASN1
-    print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data,
-	kdc_reply->u.dh_Info.dhSignedData.length, "/tmp/client_kdc_signeddata");
+        print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data,
+                         kdc_reply->u.dh_Info.dhSignedData.length, "/tmp/client_kdc_signeddata");
 #endif
-	    if ((retval = cms_signeddata_verify(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_SERVER,
-		    reqctx->opts->require_crl_checking,
-		    kdc_reply->u.dh_Info.dhSignedData.data,
-		    kdc_reply->u.dh_Info.dhSignedData.length,
-		    &dh_data.data, &dh_data.length, NULL, NULL)) != 0) {
-		pkiDebug("failed to verify pkcs7 signed data\n");
-		goto cleanup;
-	    }
-
-	    break;
-	case choice_pa_pk_as_rep_encKeyPack:
-	    pkiDebug("as_rep: RSA key transport algorithm\n");
-	    if ((retval = cms_envelopeddata_verify(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, reqctx->idctx, pa_type,
-		    reqctx->opts->require_crl_checking,
-		    kdc_reply->u.encKeyPack.data,
-		    kdc_reply->u.encKeyPack.length,
-		    &dh_data.data, &dh_data.length)) != 0) {
-		pkiDebug("failed to verify pkcs7 enveloped data\n");
-		goto cleanup;
-	    }
-	    break;
-	default:
-	    pkiDebug("unknown as_rep type %d\n", kdc_reply->choice);
-	    retval = -1;
-	    goto cleanup;
+        if ((retval = cms_signeddata_verify(context, plgctx->cryptoctx,
+                                            reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_SERVER,
+                                            reqctx->opts->require_crl_checking,
+                                            kdc_reply->u.dh_Info.dhSignedData.data,
+                                            kdc_reply->u.dh_Info.dhSignedData.length,
+                                            &dh_data.data, &dh_data.length, NULL, NULL)) != 0) {
+            pkiDebug("failed to verify pkcs7 signed data\n");
+            goto cleanup;
+        }
+
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
+        pkiDebug("as_rep: RSA key transport algorithm\n");
+        if ((retval = cms_envelopeddata_verify(context, plgctx->cryptoctx,
+                                               reqctx->cryptoctx, reqctx->idctx, pa_type,
+                                               reqctx->opts->require_crl_checking,
+                                               kdc_reply->u.encKeyPack.data,
+                                               kdc_reply->u.encKeyPack.length,
+                                               &dh_data.data, &dh_data.length)) != 0) {
+            pkiDebug("failed to verify pkcs7 enveloped data\n");
+            goto cleanup;
+        }
+        break;
+    default:
+        pkiDebug("unknown as_rep type %d\n", kdc_reply->choice);
+        retval = -1;
+        goto cleanup;
     }
 
     retval = verify_kdc_san(context, plgctx, reqctx, request->server,
-			    &valid_san, &need_eku_checking);
+                            &valid_san, &need_eku_checking);
     if (retval)
-	    goto cleanup;
+        goto cleanup;
     if (!valid_san) {
-	pkiDebug("%s: did not find an acceptable SAN in KDC certificate\n",
-		 __FUNCTION__);
-	retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
-	goto cleanup;
+        pkiDebug("%s: did not find an acceptable SAN in KDC certificate\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_KDC_NAME_MISMATCH;
+        goto cleanup;
     }
 
     if (need_eku_checking) {
-	retval = verify_kdc_eku(context, plgctx, reqctx,
-				&valid_eku);
-	if (retval)
-	    goto cleanup;
-	if (!valid_eku) {
-	    pkiDebug("%s: did not find an acceptable EKU in KDC certificate\n",
-		     __FUNCTION__);
-	    retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
-	    goto cleanup;
-	}
+        retval = verify_kdc_eku(context, plgctx, reqctx,
+                                &valid_eku);
+        if (retval)
+            goto cleanup;
+        if (!valid_eku) {
+            pkiDebug("%s: did not find an acceptable EKU in KDC certificate\n",
+                     __FUNCTION__);
+            retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
+            goto cleanup;
+        }
     } else
-	pkiDebug("%s: skipping EKU check\n", __FUNCTION__);
+        pkiDebug("%s: skipping EKU check\n", __FUNCTION__);
 
     OCTETDATA_TO_KRB5DATA(&dh_data, &k5data);
 
     switch(kdc_reply->choice) {
-	case choice_pa_pk_as_rep_dhInfo:
+    case choice_pa_pk_as_rep_dhInfo:
 #ifdef DEBUG_ASN1
-	    print_buffer_bin(dh_data.data, dh_data.length,
-			     "/tmp/client_dh_key");
+        print_buffer_bin(dh_data.data, dh_data.length,
+                         "/tmp/client_dh_key");
 #endif
-	    if ((retval = k5int_decode_krb5_kdc_dh_key_info(&k5data,
-		    &kdc_dh)) != 0) {
-		pkiDebug("failed to decode kdc_dh_key_info\n");
-		goto cleanup;
-	    }
-
-	    /* client after KDC reply */
-	    if ((retval = client_process_dh(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, reqctx->idctx,
-		    kdc_dh->subjectPublicKey.data,
-		    kdc_dh->subjectPublicKey.length,
-		    &client_key, &client_key_len)) != 0) {
-		pkiDebug("failed to process dh params\n");
-		goto cleanup;
-	    }
-
-	    retval = pkinit_octetstring2key(context, etype, client_key,
-					  client_key_len, key_block);
-	    if (retval) {
-		pkiDebug("failed to create key pkinit_octetstring2key %s\n",
-			 error_message(retval));
-		goto cleanup;
-	    }
-
-	    break;
-	case choice_pa_pk_as_rep_encKeyPack:
+        if ((retval = k5int_decode_krb5_kdc_dh_key_info(&k5data,
+                                                        &kdc_dh)) != 0) {
+            pkiDebug("failed to decode kdc_dh_key_info\n");
+            goto cleanup;
+        }
+
+        /* client after KDC reply */
+        if ((retval = client_process_dh(context, plgctx->cryptoctx,
+                                        reqctx->cryptoctx, reqctx->idctx,
+                                        kdc_dh->subjectPublicKey.data,
+                                        kdc_dh->subjectPublicKey.length,
+                                        &client_key, &client_key_len)) != 0) {
+            pkiDebug("failed to process dh params\n");
+            goto cleanup;
+        }
+
+        retval = pkinit_octetstring2key(context, etype, client_key,
+                                        client_key_len, key_block);
+        if (retval) {
+            pkiDebug("failed to create key pkinit_octetstring2key %s\n",
+                     error_message(retval));
+            goto cleanup;
+        }
+
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
 #ifdef DEBUG_ASN1
-	    print_buffer_bin(dh_data.data, dh_data.length,
-			     "/tmp/client_key_pack");
+        print_buffer_bin(dh_data.data, dh_data.length,
+                         "/tmp/client_key_pack");
 #endif
-	    if ((retval = k5int_decode_krb5_reply_key_pack(&k5data,
-		    &key_pack)) != 0) {
-		pkiDebug("failed to decode reply_key_pack\n");
+        if ((retval = k5int_decode_krb5_reply_key_pack(&k5data,
+                                                       &key_pack)) != 0) {
+            pkiDebug("failed to decode reply_key_pack\n");
 #ifdef LONGHORN_BETA_COMPAT
-    /*
-     * LH Beta 3 requires the extra pa-data, even for RFC requests,
-     * in order to get the Checksum rather than a Nonce in the reply.
-     * This can be removed when LH SP1 is released.
-     */
-		if (pa_type == KRB5_PADATA_PK_AS_REP && longhorn == 0)
+            /*
+             * LH Beta 3 requires the extra pa-data, even for RFC requests,
+             * in order to get the Checksum rather than a Nonce in the reply.
+             * This can be removed when LH SP1 is released.
+             */
+            if (pa_type == KRB5_PADATA_PK_AS_REP && longhorn == 0)
 #else
-		if (pa_type == KRB5_PADATA_PK_AS_REP)
+                if (pa_type == KRB5_PADATA_PK_AS_REP)
 #endif
-		    goto cleanup;
-		else {
-		    if ((retval =
-			k5int_decode_krb5_reply_key_pack_draft9(&k5data,
-							  &key_pack9)) != 0) {
-			pkiDebug("failed to decode reply_key_pack_draft9\n");
-			goto cleanup;
-		    }
-		    pkiDebug("decode reply_key_pack_draft9\n");
-		    if (key_pack9->nonce != request->nonce) {
-			pkiDebug("nonce in AS_REP=%d doesn't match AS_REQ=%d\n",				 key_pack9->nonce, request->nonce);
-			retval = -1;
-			goto cleanup;
-		    }
-		    krb5_copy_keyblock_contents(context, &key_pack9->replyKey,
-						key_block);
-		    break;
-		}
-	    }
-	    /*
-	     * This is hack but Windows sends back SHA1 checksum
-	     * with checksum type of 14. There is currently no
-	     * checksum type of 14 defined.
-	     */
-	    if (key_pack->asChecksum.checksum_type == 14)
-		key_pack->asChecksum.checksum_type = CKSUMTYPE_NIST_SHA;
-	    retval = krb5_c_make_checksum(context,
-					  key_pack->asChecksum.checksum_type,
-					  &key_pack->replyKey,
-					  KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-					  encoded_request, &cksum);
-	    if (retval) {
-		pkiDebug("failed to make a checksum\n");
-		goto cleanup;
-	    }
-
-	    if ((cksum.length != key_pack->asChecksum.length) ||
-		memcmp(cksum.contents, key_pack->asChecksum.contents,
-			cksum.length)) {
-		pkiDebug("failed to match the checksums\n");
+                    goto cleanup;
+                else {
+                    if ((retval =
+                         k5int_decode_krb5_reply_key_pack_draft9(&k5data,
+                                                                 &key_pack9)) != 0) {
+                        pkiDebug("failed to decode reply_key_pack_draft9\n");
+                        goto cleanup;
+                    }
+                    pkiDebug("decode reply_key_pack_draft9\n");
+                    if (key_pack9->nonce != request->nonce) {
+                        pkiDebug("nonce in AS_REP=%d doesn't match AS_REQ=%d\n",                                 key_pack9->nonce, request->nonce);
+                        retval = -1;
+                        goto cleanup;
+                    }
+                    krb5_copy_keyblock_contents(context, &key_pack9->replyKey,
+                                                key_block);
+                    break;
+                }
+        }
+        /*
+         * This is hack but Windows sends back SHA1 checksum
+         * with checksum type of 14. There is currently no
+         * checksum type of 14 defined.
+         */
+        if (key_pack->asChecksum.checksum_type == 14)
+            key_pack->asChecksum.checksum_type = CKSUMTYPE_NIST_SHA;
+        retval = krb5_c_make_checksum(context,
+                                      key_pack->asChecksum.checksum_type,
+                                      &key_pack->replyKey,
+                                      KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                      encoded_request, &cksum);
+        if (retval) {
+            pkiDebug("failed to make a checksum\n");
+            goto cleanup;
+        }
+
+        if ((cksum.length != key_pack->asChecksum.length) ||
+            memcmp(cksum.contents, key_pack->asChecksum.contents,
+                   cksum.length)) {
+            pkiDebug("failed to match the checksums\n");
 #ifdef DEBUG_CKSUM
-	    pkiDebug("calculating checksum on buf size (%d)\n",
-		     encoded_request->length);
-	    print_buffer(encoded_request->data, encoded_request->length);
-	    pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length);
-	    print_buffer(key_pack->replyKey.contents,
-			 key_pack->replyKey.length);
-	    pkiDebug("received checksum type=%d size=%d ",
-		     key_pack->asChecksum.checksum_type,
-		     key_pack->asChecksum.length);
-	    print_buffer(key_pack->asChecksum.contents,
-			 key_pack->asChecksum.length);
-	    pkiDebug("expected checksum type=%d size=%d ",
-		     cksum.checksum_type, cksum.length);
-	    print_buffer(cksum.contents, cksum.length);
+            pkiDebug("calculating checksum on buf size (%d)\n",
+                     encoded_request->length);
+            print_buffer(encoded_request->data, encoded_request->length);
+            pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length);
+            print_buffer(key_pack->replyKey.contents,
+                         key_pack->replyKey.length);
+            pkiDebug("received checksum type=%d size=%d ",
+                     key_pack->asChecksum.checksum_type,
+                     key_pack->asChecksum.length);
+            print_buffer(key_pack->asChecksum.contents,
+                         key_pack->asChecksum.length);
+            pkiDebug("expected checksum type=%d size=%d ",
+                     cksum.checksum_type, cksum.length);
+            print_buffer(cksum.contents, cksum.length);
 #endif
-		goto cleanup;
-	    } else
-		pkiDebug("checksums match\n");
+            goto cleanup;
+        } else
+            pkiDebug("checksums match\n");
 
-	    krb5_copy_keyblock_contents(context, &key_pack->replyKey,
-					key_block);
+        krb5_copy_keyblock_contents(context, &key_pack->replyKey,
+                                    key_block);
 
-	    break;
-	default:
-	    pkiDebug("unknow as_rep type %d\n", kdc_reply->choice);
-	    goto cleanup;
+        break;
+    default:
+        pkiDebug("unknow as_rep type %d\n", kdc_reply->choice);
+        goto cleanup;
     }
 
     retval = 0;
@@ -861,115 +855,115 @@ cleanup:
     free_krb5_pa_pk_as_rep(&kdc_reply);
 
     if (key_pack != NULL) {
-	free_krb5_reply_key_pack(&key_pack);
-	free(cksum.contents);
+        free_krb5_reply_key_pack(&key_pack);
+        free(cksum.contents);
     }
     if (key_pack9 != NULL)
-	free_krb5_reply_key_pack_draft9(&key_pack9);
+        free_krb5_reply_key_pack_draft9(&key_pack9);
 
     free(kdc_hostname);
 
     pkiDebug("pkinit_as_rep_parse returning %d (%s)\n",
-	     retval, error_message(retval));
+             retval, error_message(retval));
     return retval;
 }
 
 static void
 pkinit_client_profile(krb5_context context,
-		      pkinit_context plgctx,
-		      pkinit_req_context reqctx,
-		      const krb5_data *realm)
+                      pkinit_context plgctx,
+                      pkinit_req_context reqctx,
+                      const krb5_data *realm)
 {
     char *eku_string = NULL;
 
     pkiDebug("pkinit_client_profile %p %p %p %p\n",
-	     context, plgctx, reqctx, realm);
+             context, plgctx, reqctx, realm);
 
     pkinit_libdefault_boolean(context, realm,
-			      KRB5_CONF_PKINIT_WIN2K,
-			      reqctx->opts->win2k_target,
-			      &reqctx->opts->win2k_target);
+                              KRB5_CONF_PKINIT_WIN2K,
+                              reqctx->opts->win2k_target,
+                              &reqctx->opts->win2k_target);
     pkinit_libdefault_boolean(context, realm,
-			      KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING,
-			      reqctx->opts->win2k_require_cksum,
-			      &reqctx->opts->win2k_require_cksum);
+                              KRB5_CONF_PKINIT_WIN2K_REQUIRE_BINDING,
+                              reqctx->opts->win2k_require_cksum,
+                              &reqctx->opts->win2k_require_cksum);
     pkinit_libdefault_boolean(context, realm,
-			      KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
-			      reqctx->opts->require_crl_checking,
-			      &reqctx->opts->require_crl_checking);
+                              KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
+                              reqctx->opts->require_crl_checking,
+                              &reqctx->opts->require_crl_checking);
     pkinit_libdefault_integer(context, realm,
-			      KRB5_CONF_PKINIT_DH_MIN_BITS,
-			      reqctx->opts->dh_size,
-			      &reqctx->opts->dh_size);
+                              KRB5_CONF_PKINIT_DH_MIN_BITS,
+                              reqctx->opts->dh_size,
+                              &reqctx->opts->dh_size);
     if (reqctx->opts->dh_size != 1024 && reqctx->opts->dh_size != 2048
         && reqctx->opts->dh_size != 4096) {
-	pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
-		 "using default value (%d) instead\n", __FUNCTION__,
-		 reqctx->opts->dh_size, PKINIT_DEFAULT_DH_MIN_BITS);
-	reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
+        pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
+                 "using default value (%d) instead\n", __FUNCTION__,
+                 reqctx->opts->dh_size, PKINIT_DEFAULT_DH_MIN_BITS);
+        reqctx->opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS;
     }
     pkinit_libdefault_string(context, realm,
-			     KRB5_CONF_PKINIT_EKU_CHECKING,
-			     &eku_string);
+                             KRB5_CONF_PKINIT_EKU_CHECKING,
+                             &eku_string);
     if (eku_string != NULL) {
-	if (strcasecmp(eku_string, "kpKDC") == 0) {
-	    reqctx->opts->require_eku = 1;
-	    reqctx->opts->accept_secondary_eku = 0;
-	} else if (strcasecmp(eku_string, "kpServerAuth") == 0) {
-	    reqctx->opts->require_eku = 1;
-	    reqctx->opts->accept_secondary_eku = 1;
-	} else if (strcasecmp(eku_string, "none") == 0) {
-	    reqctx->opts->require_eku = 0;
-	    reqctx->opts->accept_secondary_eku = 0;
-	} else {
-	    pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
-		     __FUNCTION__, eku_string);
-	}
-	free(eku_string);
+        if (strcasecmp(eku_string, "kpKDC") == 0) {
+            reqctx->opts->require_eku = 1;
+            reqctx->opts->accept_secondary_eku = 0;
+        } else if (strcasecmp(eku_string, "kpServerAuth") == 0) {
+            reqctx->opts->require_eku = 1;
+            reqctx->opts->accept_secondary_eku = 1;
+        } else if (strcasecmp(eku_string, "none") == 0) {
+            reqctx->opts->require_eku = 0;
+            reqctx->opts->accept_secondary_eku = 0;
+        } else {
+            pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
+                     __FUNCTION__, eku_string);
+        }
+        free(eku_string);
     }
 #ifdef LONGHORN_BETA_COMPAT
     /* Temporarily just set global flag from config file */
     pkinit_libdefault_boolean(context, realm,
-			      KRB5_CONF_PKINIT_LONGHORN,
-			      0,
-			      &longhorn);
+                              KRB5_CONF_PKINIT_LONGHORN,
+                              0,
+                              &longhorn);
 #endif
 
     /* Only process anchors here if they were not specified on command line */
     if (reqctx->idopts->anchors == NULL)
-	pkinit_libdefault_strings(context, realm,
-				  KRB5_CONF_PKINIT_ANCHORS,
-				  &reqctx->idopts->anchors);
+        pkinit_libdefault_strings(context, realm,
+                                  KRB5_CONF_PKINIT_ANCHORS,
+                                  &reqctx->idopts->anchors);
     pkinit_libdefault_strings(context, realm,
-			      KRB5_CONF_PKINIT_POOL,
-			      &reqctx->idopts->intermediates);
+                              KRB5_CONF_PKINIT_POOL,
+                              &reqctx->idopts->intermediates);
     pkinit_libdefault_strings(context, realm,
-			      KRB5_CONF_PKINIT_REVOKE,
-			      &reqctx->idopts->crls);
+                              KRB5_CONF_PKINIT_REVOKE,
+                              &reqctx->idopts->crls);
     pkinit_libdefault_strings(context, realm,
-			      KRB5_CONF_PKINIT_IDENTITIES,
-			      &reqctx->idopts->identity_alt);
+                              KRB5_CONF_PKINIT_IDENTITIES,
+                              &reqctx->idopts->identity_alt);
 }
 
 static krb5_error_code
 pkinit_client_process(krb5_context context,
-		      void *plugin_context,
-		      void *request_context,
-		      krb5_get_init_creds_opt *gic_opt,
-		      preauth_get_client_data_proc get_data_proc,
-		      struct _krb5_preauth_client_rock *rock,
-		      krb5_kdc_req *request,
-		      krb5_data *encoded_request_body,
-		      krb5_data *encoded_previous_request,
-		      krb5_pa_data *in_padata,
-		      krb5_prompter_fct prompter,
-		      void *prompter_data,
-		      preauth_get_as_key_proc gak_fct,
-		      void *gak_data,
-		      krb5_data *salt,
-		      krb5_data *s2kparams,
-		      krb5_keyblock *as_key,
-		      krb5_pa_data ***out_padata)
+                      void *plugin_context,
+                      void *request_context,
+                      krb5_get_init_creds_opt *gic_opt,
+                      preauth_get_client_data_proc get_data_proc,
+                      struct _krb5_preauth_client_rock *rock,
+                      krb5_kdc_req *request,
+                      krb5_data *encoded_request_body,
+                      krb5_data *encoded_previous_request,
+                      krb5_pa_data *in_padata,
+                      krb5_prompter_fct prompter,
+                      void *prompter_data,
+                      preauth_get_as_key_proc gak_fct,
+                      void *gak_data,
+                      krb5_data *salt,
+                      krb5_data *s2kparams,
+                      krb5_keyblock *as_key,
+                      krb5_pa_data ***out_padata)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     krb5_enctype enctype = -1;
@@ -980,104 +974,104 @@ pkinit_client_process(krb5_context context,
     krb5_keyblock *armor_key = NULL;
 
     pkiDebug("pkinit_client_process %p %p %p %p\n",
-	     context, plgctx, reqctx, request);
+             context, plgctx, reqctx, request);
 
     /* Remove (along with armor_key) when FAST PKINIT is settled. */
     retval = fast_get_armor_key(context, get_data_proc, rock, &armor_key);
     if (retval == 0 && armor_key != NULL) {
-	/* Don't use PKINIT if also using FAST. */
-	krb5_free_keyblock(context, armor_key);
-	return EINVAL;
+        /* Don't use PKINIT if also using FAST. */
+        krb5_free_keyblock(context, armor_key);
+        return EINVAL;
     }
 
     if (plgctx == NULL || reqctx == NULL)
-	return EINVAL;
+        return EINVAL;
 
     switch ((int) in_padata->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
-	    processing_request = 1;
-	    break;
-
-	case KRB5_PADATA_PK_AS_REP:
-	    pkiDebug("processing KRB5_PADATA_PK_AS_REP\n");
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    if (in_padata->length == 0) {
-		pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
-		in_padata->pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
-		processing_request = 1;
-	    } else {
-		pkiDebug("processing KRB5_PADATA_PK_AS_REP_OLD\n");
-		in_padata->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
-	    }
-	    break;
-	default:
-	    pkiDebug("unrecognized patype = %d for PKINIT\n",
-		    in_padata->pa_type);
-	    return EINVAL;
+    case KRB5_PADATA_PK_AS_REQ:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
+        processing_request = 1;
+        break;
+
+    case KRB5_PADATA_PK_AS_REP:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REP\n");
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        if (in_padata->length == 0) {
+            pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
+            in_padata->pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
+            processing_request = 1;
+        } else {
+            pkiDebug("processing KRB5_PADATA_PK_AS_REP_OLD\n");
+            in_padata->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
+        }
+        break;
+    default:
+        pkiDebug("unrecognized patype = %d for PKINIT\n",
+                 in_padata->pa_type);
+        return EINVAL;
     }
 
     if (processing_request) {
-	pkinit_client_profile(context, plgctx, reqctx,
-			      &request->server->realm);
-	pkinit_identity_set_prompter(reqctx->idctx, prompter, prompter_data);
-	retval = pkinit_identity_initialize(context, plgctx->cryptoctx,
-					    reqctx->cryptoctx, reqctx->idopts,
-					    reqctx->idctx, 1, request->client);
-	if (retval) {
-	    pkiDebug("pkinit_identity_initialize returned %d (%s)\n",
-		     retval, error_message(retval));
-	    return retval;
-	}
-	retval = pa_pkinit_gen_req(context, plgctx, reqctx, request,
-				   in_padata, out_padata, prompter,
-				   prompter_data, gic_opt);
+        pkinit_client_profile(context, plgctx, reqctx,
+                              &request->server->realm);
+        pkinit_identity_set_prompter(reqctx->idctx, prompter, prompter_data);
+        retval = pkinit_identity_initialize(context, plgctx->cryptoctx,
+                                            reqctx->cryptoctx, reqctx->idopts,
+                                            reqctx->idctx, 1, request->client);
+        if (retval) {
+            pkiDebug("pkinit_identity_initialize returned %d (%s)\n",
+                     retval, error_message(retval));
+            return retval;
+        }
+        retval = pa_pkinit_gen_req(context, plgctx, reqctx, request,
+                                   in_padata, out_padata, prompter,
+                                   prompter_data, gic_opt);
     } else {
-	/*
-	 * Get the enctype of the reply.
-	 */
-	retval = (*get_data_proc)(context, rock,
-				krb5plugin_preauth_client_get_etype, &cdata);
-	if (retval) {
-	    pkiDebug("get_data_proc returned %d (%s)\n",
-		     retval, error_message(retval));
-	    return retval;
-	}
-	enctype = *((krb5_enctype *)cdata->data);
-	(*get_data_proc)(context, rock,
-			 krb5plugin_preauth_client_free_etype, &cdata);
-	retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
-				     in_padata, enctype, as_key,
-				     encoded_previous_request);
+        /*
+         * Get the enctype of the reply.
+         */
+        retval = (*get_data_proc)(context, rock,
+                                  krb5plugin_preauth_client_get_etype, &cdata);
+        if (retval) {
+            pkiDebug("get_data_proc returned %d (%s)\n",
+                     retval, error_message(retval));
+            return retval;
+        }
+        enctype = *((krb5_enctype *)cdata->data);
+        (*get_data_proc)(context, rock,
+                         krb5plugin_preauth_client_free_etype, &cdata);
+        retval = pa_pkinit_parse_rep(context, plgctx, reqctx, request,
+                                     in_padata, enctype, as_key,
+                                     encoded_previous_request);
     }
 
     pkiDebug("pkinit_client_process: returning %d (%s)\n",
-	     retval, error_message(retval));
+             retval, error_message(retval));
     return retval;
 }
 
 static krb5_error_code
 pkinit_client_tryagain(krb5_context context,
-		       void *plugin_context,
-		       void *request_context,
-		       krb5_get_init_creds_opt *gic_opt,
-		       preauth_get_client_data_proc get_data_proc,
-		       struct _krb5_preauth_client_rock *rock,
-		       krb5_kdc_req *request,
-		       krb5_data *encoded_request_body,
-		       krb5_data *encoded_previous_request,
-		       krb5_pa_data *in_padata,
-		       krb5_error *err_reply,
-		       krb5_prompter_fct prompter,
-		       void *prompter_data,
-		       preauth_get_as_key_proc gak_fct,
-		       void *gak_data,
-		       krb5_data *salt,
-		       krb5_data *s2kparams,
-		       krb5_keyblock *as_key,
-		       krb5_pa_data ***out_padata)
+                       void *plugin_context,
+                       void *request_context,
+                       krb5_get_init_creds_opt *gic_opt,
+                       preauth_get_client_data_proc get_data_proc,
+                       struct _krb5_preauth_client_rock *rock,
+                       krb5_kdc_req *request,
+                       krb5_data *encoded_request_body,
+                       krb5_data *encoded_previous_request,
+                       krb5_pa_data *in_padata,
+                       krb5_error *err_reply,
+                       krb5_prompter_fct prompter,
+                       void *prompter_data,
+                       preauth_get_as_key_proc gak_fct,
+                       void *gak_data,
+                       krb5_data *salt,
+                       krb5_data *s2kparams,
+                       krb5_keyblock *as_key,
+                       krb5_pa_data ***out_padata)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     pkinit_context plgctx = (pkinit_context)plugin_context;
@@ -1089,77 +1083,77 @@ pkinit_client_tryagain(krb5_context context,
     int do_again = 0;
 
     pkiDebug("pkinit_client_tryagain %p %p %p %p\n",
-	     context, plgctx, reqctx, request);
+             context, plgctx, reqctx, request);
 
     if (reqctx->pa_type != in_padata->pa_type)
-	return retval;
+        return retval;
 
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)err_reply->e_data.data,
-		     err_reply->e_data.length, "/tmp/client_edata");
+                     err_reply->e_data.length, "/tmp/client_edata");
 #endif
     retval = k5int_decode_krb5_typed_data(&err_reply->e_data, &typed_data);
     if (retval) {
-	pkiDebug("decode_krb5_typed_data failed\n");
-	goto cleanup;
+        pkiDebug("decode_krb5_typed_data failed\n");
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     print_buffer_bin(typed_data[0]->data, typed_data[0]->length,
-		     "/tmp/client_typed_data");
+                     "/tmp/client_typed_data");
 #endif
     OCTETDATA_TO_KRB5DATA(typed_data[0], &scratch);
 
     switch(typed_data[0]->type) {
-	case TD_TRUSTED_CERTIFIERS:
-	case TD_INVALID_CERTIFICATES:
-	    retval = k5int_decode_krb5_td_trusted_certifiers(&scratch,
-		&krb5_trusted_certifiers);
-	    if (retval) {
-		pkiDebug("failed to decode sequence of trusted certifiers\n");
-		goto cleanup;
-	    }
-	    retval = pkinit_process_td_trusted_certifiers(context,
-		    plgctx->cryptoctx, reqctx->cryptoctx, reqctx->idctx,
-		    krb5_trusted_certifiers, typed_data[0]->type);
-	    if (!retval)
-		do_again = 1;
-	    break;
-	case TD_DH_PARAMETERS:
-	    retval = k5int_decode_krb5_td_dh_parameters(&scratch, &algId);
-	    if (retval) {
-		pkiDebug("failed to decode td_dh_parameters\n");
-		goto cleanup;
-	    }
-	    retval = pkinit_process_td_dh_params(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, reqctx->idctx, algId,
-		&reqctx->opts->dh_size);
-	    if (!retval)
-		do_again = 1;
-	    break;
-	default:
-	    break;
+    case TD_TRUSTED_CERTIFIERS:
+    case TD_INVALID_CERTIFICATES:
+        retval = k5int_decode_krb5_td_trusted_certifiers(&scratch,
+                                                         &krb5_trusted_certifiers);
+        if (retval) {
+            pkiDebug("failed to decode sequence of trusted certifiers\n");
+            goto cleanup;
+        }
+        retval = pkinit_process_td_trusted_certifiers(context,
+                                                      plgctx->cryptoctx, reqctx->cryptoctx, reqctx->idctx,
+                                                      krb5_trusted_certifiers, typed_data[0]->type);
+        if (!retval)
+            do_again = 1;
+        break;
+    case TD_DH_PARAMETERS:
+        retval = k5int_decode_krb5_td_dh_parameters(&scratch, &algId);
+        if (retval) {
+            pkiDebug("failed to decode td_dh_parameters\n");
+            goto cleanup;
+        }
+        retval = pkinit_process_td_dh_params(context, plgctx->cryptoctx,
+                                             reqctx->cryptoctx, reqctx->idctx, algId,
+                                             &reqctx->opts->dh_size);
+        if (!retval)
+            do_again = 1;
+        break;
+    default:
+        break;
     }
 
     if (do_again) {
-	retval = pa_pkinit_gen_req(context, plgctx, reqctx, request, in_padata,
-				   out_padata, prompter, prompter_data, gic_opt);
-	if (retval)
-	    goto cleanup;
+        retval = pa_pkinit_gen_req(context, plgctx, reqctx, request, in_padata,
+                                   out_padata, prompter, prompter_data, gic_opt);
+        if (retval)
+            goto cleanup;
     }
 
     retval = 0;
 cleanup:
     if (krb5_trusted_certifiers != NULL)
-	free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
+        free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
 
     if (typed_data != NULL)
-	free_krb5_typed_data(&typed_data);
+        free_krb5_typed_data(&typed_data);
 
     if (algId != NULL)
-	free_krb5_algorithm_identifiers(&algId);
+        free_krb5_algorithm_identifiers(&algId);
 
     pkiDebug("pkinit_client_tryagain: returning %d (%s)\n",
-	     retval, error_message(retval));
+             retval, error_message(retval));
     return retval;
 }
 
@@ -1179,8 +1173,8 @@ static krb5_preauthtype supported_client_pa_types[] = {
 
 static void
 pkinit_client_req_init(krb5_context context,
-		       void *plugin_context,
-		       void **request_context)
+                       void *plugin_context,
+                       void **request_context)
 {
     krb5_error_code retval = ENOMEM;
     pkinit_req_context reqctx = NULL;
@@ -1190,7 +1184,7 @@ pkinit_client_req_init(krb5_context context,
 
     reqctx = malloc(sizeof(*reqctx));
     if (reqctx == NULL)
-	return;
+        return;
     memset(reqctx, 0, sizeof(*reqctx));
 
     reqctx->magic = PKINIT_REQ_CTX_MAGIC;
@@ -1201,7 +1195,7 @@ pkinit_client_req_init(krb5_context context,
 
     retval = pkinit_init_req_opts(&reqctx->opts);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     reqctx->opts->require_eku = plgctx->opts->require_eku;
     reqctx->opts->accept_secondary_eku = plgctx->opts->accept_secondary_eku;
@@ -1211,30 +1205,30 @@ pkinit_client_req_init(krb5_context context,
 
     retval = pkinit_init_req_crypto(&reqctx->cryptoctx);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = pkinit_init_identity_crypto(&reqctx->idctx);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = pkinit_dup_identity_opts(plgctx->idopts, &reqctx->idopts);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     *request_context = (void *) reqctx;
     pkiDebug("%s: returning reqctx at %p\n", __FUNCTION__, reqctx);
 
 cleanup:
     if (retval) {
-	if (reqctx->idctx != NULL)
-	    pkinit_fini_identity_crypto(reqctx->idctx);
-	if (reqctx->cryptoctx != NULL)
-	    pkinit_fini_req_crypto(reqctx->cryptoctx);
-	if (reqctx->opts != NULL)
-	    pkinit_fini_req_opts(reqctx->opts);
-	if (reqctx->idopts != NULL)
-	    pkinit_fini_identity_opts(reqctx->idopts);
-	free(reqctx);
+        if (reqctx->idctx != NULL)
+            pkinit_fini_identity_crypto(reqctx->idctx);
+        if (reqctx->cryptoctx != NULL)
+            pkinit_fini_req_crypto(reqctx->cryptoctx);
+        if (reqctx->opts != NULL)
+            pkinit_fini_req_opts(reqctx->opts);
+        if (reqctx->idopts != NULL)
+            pkinit_fini_identity_opts(reqctx->idopts);
+        free(reqctx);
     }
 
     return;
@@ -1242,30 +1236,30 @@ cleanup:
 
 static void
 pkinit_client_req_fini(krb5_context context,
-		      void *plugin_context,
-		      void *request_context)
+                       void *plugin_context,
+                       void *request_context)
 {
     pkinit_req_context reqctx = request_context;
 
     pkiDebug("%s: received reqctx at %p\n", __FUNCTION__, reqctx);
     if (reqctx == NULL)
-	return;
+        return;
     if (reqctx->magic != PKINIT_REQ_CTX_MAGIC) {
-	pkiDebug("%s: Bad magic value (%x) in req ctx\n",
-		 __FUNCTION__, reqctx->magic);
-	return;
+        pkiDebug("%s: Bad magic value (%x) in req ctx\n",
+                 __FUNCTION__, reqctx->magic);
+        return;
     }
     if (reqctx->opts != NULL)
-	pkinit_fini_req_opts(reqctx->opts);
+        pkinit_fini_req_opts(reqctx->opts);
 
     if (reqctx->cryptoctx != NULL)
-	pkinit_fini_req_crypto(reqctx->cryptoctx);
+        pkinit_fini_req_crypto(reqctx->cryptoctx);
 
     if (reqctx->idctx != NULL)
-	pkinit_fini_identity_crypto(reqctx->idctx);
+        pkinit_fini_identity_crypto(reqctx->idctx);
 
     if (reqctx->idopts != NULL)
-	pkinit_fini_identity_opts(reqctx->idopts);
+        pkinit_fini_identity_opts(reqctx->idopts);
 
     free(reqctx);
     return;
@@ -1279,7 +1273,7 @@ pkinit_client_plugin_init(krb5_context context, void **blob)
 
     ctx = calloc(1, sizeof(*ctx));
     if (ctx == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memset(ctx, 0, sizeof(*ctx));
     ctx->magic = PKINIT_CTX_MAGIC;
     ctx->opts = NULL;
@@ -1288,19 +1282,19 @@ pkinit_client_plugin_init(krb5_context context, void **blob)
 
     retval = pkinit_accessor_init();
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_plg_opts(&ctx->opts);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_plg_crypto(&ctx->cryptoctx);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_identity_opts(&ctx->idopts);
     if (retval)
-	goto errout;
+        goto errout;
 
     *blob = ctx;
 
@@ -1308,7 +1302,7 @@ pkinit_client_plugin_init(krb5_context context, void **blob)
 
 errout:
     if (retval)
-	pkinit_client_plugin_fini(context, ctx);
+        pkinit_client_plugin_fini(context, ctx);
 
     return retval;
 }
@@ -1319,8 +1313,8 @@ pkinit_client_plugin_fini(krb5_context context, void *blob)
     pkinit_context ctx = blob;
 
     if (ctx == NULL || ctx->magic != PKINIT_CTX_MAGIC) {
-	pkiDebug("pkinit_lib_fini: got bad plgctx (%p)!\n", ctx);
-	return;
+        pkiDebug("pkinit_lib_fini: got bad plgctx (%p)!\n", ctx);
+        return;
     }
     pkiDebug("%s: got plgctx at %p\n", __FUNCTION__, ctx);
 
@@ -1337,32 +1331,32 @@ add_string_to_array(krb5_context context, char ***array, const char *addition)
     char **out = NULL;
 
     if (*array == NULL) {
-	out = malloc(2 * sizeof(char *));
-	if (out == NULL)
-	    return ENOMEM;
-	out[1] = NULL;
-	out[0] = strdup(addition);
-	if (out[0] == NULL) {
-	    free(out);
-	    return ENOMEM;
-	}
+        out = malloc(2 * sizeof(char *));
+        if (out == NULL)
+            return ENOMEM;
+        out[1] = NULL;
+        out[0] = strdup(addition);
+        if (out[0] == NULL) {
+            free(out);
+            return ENOMEM;
+        }
     } else {
-	int i;
-	char **a = *array;
-	for (i = 0; a[i] != NULL; i++);
-	out = malloc( (i + 2) * sizeof(char *));
-	if (out == NULL)
-	    return ENOMEM;
-	for (i = 0; a[i] != NULL; i++) {
-	    out[i] = a[i];
-	}
-	out[i++] = strdup(addition);
-	if (out == NULL) {
-	    free(out);
-	    return ENOMEM;
-	}
-	out[i] = NULL;
-	free(*array);
+        int i;
+        char **a = *array;
+        for (i = 0; a[i] != NULL; i++);
+        out = malloc( (i + 2) * sizeof(char *));
+        if (out == NULL)
+            return ENOMEM;
+        for (i = 0; a[i] != NULL; i++) {
+            out[i] = a[i];
+        }
+        out[i++] = strdup(addition);
+        if (out == NULL) {
+            free(out);
+            return ENOMEM;
+        }
+        out[i] = NULL;
+        free(*array);
     }
     *array = out;
 
@@ -1370,43 +1364,43 @@ add_string_to_array(krb5_context context, char ***array, const char *addition)
 }
 static krb5_error_code
 handle_gic_opt(krb5_context context,
-	       pkinit_context plgctx,
-	       const char *attr,
-	       const char *value)
+               pkinit_context plgctx,
+               const char *attr,
+               const char *value)
 {
     krb5_error_code retval;
 
     if (strcmp(attr, "X509_user_identity") == 0) {
-	if (plgctx->idopts->identity != NULL) {
-	    krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
-		"X509_user_identity can not be given twice\n");
-	    return KRB5_PREAUTH_FAILED;
-	}
-	plgctx->idopts->identity = strdup(value);
-	if (plgctx->idopts->identity == NULL) {
-	    krb5_set_error_message(context, ENOMEM,
-		"Could not duplicate X509_user_identity value\n");
-	    return ENOMEM;
-	}
+        if (plgctx->idopts->identity != NULL) {
+            krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                                   "X509_user_identity can not be given twice\n");
+            return KRB5_PREAUTH_FAILED;
+        }
+        plgctx->idopts->identity = strdup(value);
+        if (plgctx->idopts->identity == NULL) {
+            krb5_set_error_message(context, ENOMEM,
+                                   "Could not duplicate X509_user_identity value\n");
+            return ENOMEM;
+        }
     } else if (strcmp(attr, "X509_anchors") == 0) {
-	retval = add_string_to_array(context, &plgctx->idopts->anchors, value);
-	if (retval)
-	    return retval;
+        retval = add_string_to_array(context, &plgctx->idopts->anchors, value);
+        if (retval)
+            return retval;
     } else if (strcmp(attr, "flag_RSA_PROTOCOL") == 0) {
-	if (strcmp(value, "yes") == 0) {
-	    pkiDebug("Setting flag to use RSA_PROTOCOL\n");
-	    plgctx->opts->dh_or_rsa = RSA_PROTOCOL;
-	}
+        if (strcmp(value, "yes") == 0) {
+            pkiDebug("Setting flag to use RSA_PROTOCOL\n");
+            plgctx->opts->dh_or_rsa = RSA_PROTOCOL;
+        }
     }
     return 0;
 }
 
 static krb5_error_code
 pkinit_client_gic_opt(krb5_context context,
-		      void *plugin_context,
-		      krb5_get_init_creds_opt *gic_opt,
-		      const char *attr,
-		      const char *value)
+                      void *plugin_context,
+                      krb5_get_init_creds_opt *gic_opt,
+                      const char *attr,
+                      const char *value)
 {
     krb5_error_code retval;
     pkinit_context plgctx = plugin_context;
@@ -1414,7 +1408,7 @@ pkinit_client_gic_opt(krb5_context context,
     pkiDebug("(pkinit) received '%s' = '%s'\n", attr, value);
     retval = handle_gic_opt(context, plgctx, attr, value);
     if (retval)
-	return retval;
+        return retval;
 
     return 0;
 }
@@ -1424,15 +1418,15 @@ pkinit_client_gic_opt(krb5_context context,
 
 struct krb5plugin_preauth_client_ftable_v1
 PLUGIN_SYMBOL_NAME(krb5_preauth, preauthentication_client_1) = {
-    "pkinit",			/* name */
-    supported_client_pa_types,	/* pa_type_list */
-    NULL,			/* enctype_list */
-    pkinit_client_plugin_init,	/* (*init) */
-    pkinit_client_plugin_fini,	/* (*fini) */
-    pkinit_client_get_flags,	/* (*flags) */
+    "pkinit",                   /* name */
+    supported_client_pa_types,  /* pa_type_list */
+    NULL,                       /* enctype_list */
+    pkinit_client_plugin_init,  /* (*init) */
+    pkinit_client_plugin_fini,  /* (*fini) */
+    pkinit_client_get_flags,    /* (*flags) */
     pkinit_client_req_init,     /* (*client_req_init) */
     pkinit_client_req_fini,     /* (*client_req_fini) */
-    pkinit_client_process,	/* (*process) */
-    pkinit_client_tryagain,	/* (*tryagain) */
-    pkinit_client_gic_opt	/* (*gic_opt) */
+    pkinit_client_process,      /* (*process) */
+    pkinit_client_tryagain,     /* (*tryagain) */
+    pkinit_client_gic_opt       /* (*gic_opt) */
 };
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 84259e6..443b0f9 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -38,109 +39,98 @@
 
 #include "k5-platform.h"
 
-/*
- * Q: What is this SILLYDECRYPT stuff about?
- * A: When using the ActivCard Linux pkcs11 library (v2.0.1),
- *    the decrypt function fails.  By inserting an extra
- *    function call, which serves nothing but to change the
- *    stack, we were able to work around the issue.  If the
- *    ActivCard library is fixed in the future, this
- *    definition and related code can be removed.
- */
-#define SILLYDECRYPT
-
 #include "pkinit_crypto_openssl.h"
 
 static struct pkcs11_errstrings {
     short code;
     char *text;
 } pkcs11_errstrings[] = {
-    { 0x0,	"ok" },
-    { 0x1,	"cancel" },
-    { 0x2,	"host memory" },
-    { 0x3,	"slot id invalid" },
-    { 0x5,	"general error" },
-    { 0x6,	"function failed" },
-    { 0x7,	"arguments bad" },
-    { 0x8,	"no event" },
-    { 0x9,	"need to create threads" },
-    { 0xa,	"cant lock" },
-    { 0x10,	"attribute read only" },
-    { 0x11,	"attribute sensitive" },
-    { 0x12,	"attribute type invalid" },
-    { 0x13,	"attribute value invalid" },
-    { 0x20,	"data invalid" },
-    { 0x21,	"data len range" },
-    { 0x30,	"device error" },
-    { 0x31,	"device memory" },
-    { 0x32,	"device removed" },
-    { 0x40,	"encrypted data invalid" },
-    { 0x41,	"encrypted data len range" },
-    { 0x50,	"function canceled" },
-    { 0x51,	"function not parallel" },
-    { 0x54,	"function not supported" },
-    { 0x60,	"key handle invalid" },
-    { 0x62,	"key size range" },
-    { 0x63,	"key type inconsistent" },
-    { 0x64,	"key not needed" },
-    { 0x65,	"key changed" },
-    { 0x66,	"key needed" },
-    { 0x67,	"key indigestible" },
-    { 0x68,	"key function not permitted" },
-    { 0x69,	"key not wrappable" },
-    { 0x6a,	"key unextractable" },
-    { 0x70,	"mechanism invalid" },
-    { 0x71,	"mechanism param invalid" },
-    { 0x82,	"object handle invalid" },
-    { 0x90,	"operation active" },
-    { 0x91,	"operation not initialized" },
-    { 0xa0,	"pin incorrect" },
-    { 0xa1,	"pin invalid" },
-    { 0xa2,	"pin len range" },
-    { 0xa3,	"pin expired" },
-    { 0xa4,	"pin locked" },
-    { 0xb0,	"session closed" },
-    { 0xb1,	"session count" },
-    { 0xb3,	"session handle invalid" },
-    { 0xb4,	"session parallel not supported" },
-    { 0xb5,	"session read only" },
-    { 0xb6,	"session exists" },
-    { 0xb7,	"session read only exists" },
-    { 0xb8,	"session read write so exists" },
-    { 0xc0,	"signature invalid" },
-    { 0xc1,	"signature len range" },
-    { 0xd0,	"template incomplete" },
-    { 0xd1,	"template inconsistent" },
-    { 0xe0,	"token not present" },
-    { 0xe1,	"token not recognized" },
-    { 0xe2,	"token write protected" },
-    { 0xf0,	"unwrapping key handle invalid" },
-    { 0xf1,	"unwrapping key size range" },
-    { 0xf2,	"unwrapping key type inconsistent" },
-    { 0x100,	"user already logged in" },
-    { 0x101,	"user not logged in" },
-    { 0x102,	"user pin not initialized" },
-    { 0x103,	"user type invalid" },
-    { 0x104,	"user another already logged in" },
-    { 0x105,	"user too many types" },
-    { 0x110,	"wrapped key invalid" },
-    { 0x112,	"wrapped key len range" },
-    { 0x113,	"wrapping key handle invalid" },
-    { 0x114,	"wrapping key size range" },
-    { 0x115,	"wrapping key type inconsistent" },
-    { 0x120,	"random seed not supported" },
-    { 0x121,	"random no rng" },
-    { 0x130,	"domain params invalid" },
-    { 0x150,	"buffer too small" },
-    { 0x160,	"saved state invalid" },
-    { 0x170,	"information sensitive" },
-    { 0x180,	"state unsaveable" },
-    { 0x190,	"cryptoki not initialized" },
-    { 0x191,	"cryptoki already initialized" },
-    { 0x1a0,	"mutex bad" },
-    { 0x1a1,	"mutex not locked" },
-    { 0x200,	"function rejected" },
-    { -1,	NULL }
+    { 0x0,      "ok" },
+    { 0x1,      "cancel" },
+    { 0x2,      "host memory" },
+    { 0x3,      "slot id invalid" },
+    { 0x5,      "general error" },
+    { 0x6,      "function failed" },
+    { 0x7,      "arguments bad" },
+    { 0x8,      "no event" },
+    { 0x9,      "need to create threads" },
+    { 0xa,      "cant lock" },
+    { 0x10,     "attribute read only" },
+    { 0x11,     "attribute sensitive" },
+    { 0x12,     "attribute type invalid" },
+    { 0x13,     "attribute value invalid" },
+    { 0x20,     "data invalid" },
+    { 0x21,     "data len range" },
+    { 0x30,     "device error" },
+    { 0x31,     "device memory" },
+    { 0x32,     "device removed" },
+    { 0x40,     "encrypted data invalid" },
+    { 0x41,     "encrypted data len range" },
+    { 0x50,     "function canceled" },
+    { 0x51,     "function not parallel" },
+    { 0x54,     "function not supported" },
+    { 0x60,     "key handle invalid" },
+    { 0x62,     "key size range" },
+    { 0x63,     "key type inconsistent" },
+    { 0x64,     "key not needed" },
+    { 0x65,     "key changed" },
+    { 0x66,     "key needed" },
+    { 0x67,     "key indigestible" },
+    { 0x68,     "key function not permitted" },
+    { 0x69,     "key not wrappable" },
+    { 0x6a,     "key unextractable" },
+    { 0x70,     "mechanism invalid" },
+    { 0x71,     "mechanism param invalid" },
+    { 0x82,     "object handle invalid" },
+    { 0x90,     "operation active" },
+    { 0x91,     "operation not initialized" },
+    { 0xa0,     "pin incorrect" },
+    { 0xa1,     "pin invalid" },
+    { 0xa2,     "pin len range" },
+    { 0xa3,     "pin expired" },
+    { 0xa4,     "pin locked" },
+    { 0xb0,     "session closed" },
+    { 0xb1,     "session count" },
+    { 0xb3,     "session handle invalid" },
+    { 0xb4,     "session parallel not supported" },
+    { 0xb5,     "session read only" },
+    { 0xb6,     "session exists" },
+    { 0xb7,     "session read only exists" },
+    { 0xb8,     "session read write so exists" },
+    { 0xc0,     "signature invalid" },
+    { 0xc1,     "signature len range" },
+    { 0xd0,     "template incomplete" },
+    { 0xd1,     "template inconsistent" },
+    { 0xe0,     "token not present" },
+    { 0xe1,     "token not recognized" },
+    { 0xe2,     "token write protected" },
+    { 0xf0,     "unwrapping key handle invalid" },
+    { 0xf1,     "unwrapping key size range" },
+    { 0xf2,     "unwrapping key type inconsistent" },
+    { 0x100,    "user already logged in" },
+    { 0x101,    "user not logged in" },
+    { 0x102,    "user pin not initialized" },
+    { 0x103,    "user type invalid" },
+    { 0x104,    "user another already logged in" },
+    { 0x105,    "user too many types" },
+    { 0x110,    "wrapped key invalid" },
+    { 0x112,    "wrapped key len range" },
+    { 0x113,    "wrapping key handle invalid" },
+    { 0x114,    "wrapping key size range" },
+    { 0x115,    "wrapping key type inconsistent" },
+    { 0x120,    "random seed not supported" },
+    { 0x121,    "random no rng" },
+    { 0x130,    "domain params invalid" },
+    { 0x150,    "buffer too small" },
+    { 0x160,    "saved state invalid" },
+    { 0x170,    "information sensitive" },
+    { 0x180,    "state unsaveable" },
+    { 0x190,    "cryptoki not initialized" },
+    { 0x191,    "cryptoki already initialized" },
+    { 0x1a0,    "mutex bad" },
+    { 0x1a1,    "mutex not locked" },
+    { 0x200,    "function rejected" },
+    { -1,       NULL }
 };
 
 /* DH parameters */
@@ -278,24 +268,24 @@ pkinit_init_plg_crypto(pkinit_plg_crypto_context *cryptoctx)
 
     ctx = malloc(sizeof(*ctx));
     if (ctx == NULL)
-	goto out;
+        goto out;
     memset(ctx, 0, sizeof(*ctx));
 
     pkiDebug("%s: initializing openssl crypto context at %p\n",
-	     __FUNCTION__, ctx);
+             __FUNCTION__, ctx);
     retval = pkinit_init_pkinit_oids(ctx);
     if (retval)
-	goto out;
+        goto out;
 
     retval = pkinit_init_dh_params(ctx);
     if (retval)
-	goto out;
+        goto out;
 
     *cryptoctx = ctx;
 
 out:
     if (retval && ctx != NULL)
-	    pkinit_fini_plg_crypto(ctx);
+        pkinit_fini_plg_crypto(ctx);
 
     return retval;
 }
@@ -306,7 +296,7 @@ pkinit_fini_plg_crypto(pkinit_plg_crypto_context cryptoctx)
     pkiDebug("%s: freeing context at %p\n", __FUNCTION__, cryptoctx);
 
     if (cryptoctx == NULL)
-	return;
+        return;
     pkinit_fini_pkinit_oids(cryptoctx);
     pkinit_fini_dh_params(cryptoctx);
     free(cryptoctx);
@@ -320,24 +310,24 @@ pkinit_init_identity_crypto(pkinit_identity_crypto_context *idctx)
 
     ctx = malloc(sizeof(*ctx));
     if (ctx == NULL)
-	goto out;
+        goto out;
     memset(ctx, 0, sizeof(*ctx));
 
     retval = pkinit_init_certs(ctx);
     if (retval)
-	goto out;
+        goto out;
 
     retval = pkinit_init_pkcs11(ctx);
     if (retval)
-	goto out;
+        goto out;
 
     pkiDebug("%s: returning ctx at %p\n", __FUNCTION__, ctx);
     *idctx = ctx;
 
 out:
     if (retval) {
-	if (ctx)
-	    pkinit_fini_identity_crypto(ctx);
+        if (ctx)
+            pkinit_fini_identity_crypto(ctx);
     }
 
     return retval;
@@ -347,7 +337,7 @@ void
 pkinit_fini_identity_crypto(pkinit_identity_crypto_context idctx)
 {
     if (idctx == NULL)
-	return;
+        return;
 
     pkiDebug("%s: freeing   ctx at %p\n", __FUNCTION__, idctx);
     pkinit_fini_certs(idctx);
@@ -363,7 +353,7 @@ pkinit_init_req_crypto(pkinit_req_crypto_context *cryptoctx)
 
     ctx = malloc(sizeof(*ctx));
     if (ctx == NULL)
-	goto out;
+        goto out;
     memset(ctx, 0, sizeof(*ctx));
 
     ctx->dh = NULL;
@@ -375,7 +365,7 @@ pkinit_init_req_crypto(pkinit_req_crypto_context *cryptoctx)
     retval = 0;
 out:
     if (retval)
-	free(ctx);
+        free(ctx);
 
     return retval;
 }
@@ -384,13 +374,13 @@ void
 pkinit_fini_req_crypto(pkinit_req_crypto_context req_cryptoctx)
 {
     if (req_cryptoctx == NULL)
-	return;
+        return;
 
     pkiDebug("%s: freeing   ctx at %p\n", __FUNCTION__, req_cryptoctx);
     if (req_cryptoctx->dh != NULL)
-      DH_free(req_cryptoctx->dh);
+        DH_free(req_cryptoctx->dh);
     if (req_cryptoctx->received_cert != NULL)
-      X509_free(req_cryptoctx->received_cert);
+        X509_free(req_cryptoctx->received_cert);
 
     free(req_cryptoctx);
 }
@@ -405,51 +395,51 @@ pkinit_init_pkinit_oids(pkinit_plg_crypto_context ctx)
      * If OpenSSL already knows about the OID, use the
      * existing definition. Otherwise, create an OID object.
      */
-    #define CREATE_OBJ_IF_NEEDED(oid, vn, sn, ln) \
-	nid = OBJ_txt2nid(oid); \
-	if (nid == NID_undef) { \
-	    nid = OBJ_create(oid, sn, ln); \
-	    if (nid == NID_undef) { \
-		pkiDebug("Error creating oid object for '%s'\n", oid); \
-		goto out; \
-	    } \
-	} \
-	ctx->vn = OBJ_nid2obj(nid);
+#define CREATE_OBJ_IF_NEEDED(oid, vn, sn, ln)                           \
+    nid = OBJ_txt2nid(oid);                                             \
+    if (nid == NID_undef) {                                             \
+        nid = OBJ_create(oid, sn, ln);                                  \
+        if (nid == NID_undef) {                                         \
+            pkiDebug("Error creating oid object for '%s'\n", oid);      \
+            goto out;                                                   \
+        }                                                               \
+    }                                                                   \
+    ctx->vn = OBJ_nid2obj(nid);
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.2", id_pkinit_san,
-			 "id-pkinit-san", "KRB5PrincipalName");
+                         "id-pkinit-san", "KRB5PrincipalName");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.3.1", id_pkinit_authData,
-			 "id-pkinit-authdata", "PKINIT signedAuthPack");
+                         "id-pkinit-authdata", "PKINIT signedAuthPack");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.3.2", id_pkinit_DHKeyData,
-			 "id-pkinit-DHKeyData", "PKINIT dhSignedData");
+                         "id-pkinit-DHKeyData", "PKINIT dhSignedData");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.3.3", id_pkinit_rkeyData,
-			 "id-pkinit-rkeyData", "PKINIT encKeyPack");
+                         "id-pkinit-rkeyData", "PKINIT encKeyPack");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.3.4", id_pkinit_KPClientAuth,
-			 "id-pkinit-KPClientAuth", "PKINIT Client EKU");
+                         "id-pkinit-KPClientAuth", "PKINIT Client EKU");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.2.3.5", id_pkinit_KPKdc,
-			 "id-pkinit-KPKdc", "KDC EKU");
+                         "id-pkinit-KPKdc", "KDC EKU");
 
 #if 0
     CREATE_OBJ_IF_NEEDED("1.2.840.113549.1.7.1", id_pkinit_authData9,
-			 "id-pkcs7-data", "PKCS7 data");
+                         "id-pkcs7-data", "PKCS7 data");
 #else
     /* See note in pkinit_pkcs7type2oid() */
     ctx->id_pkinit_authData9 = NULL;
 #endif
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.4.1.311.20.2.2", id_ms_kp_sc_logon,
-			 "id-ms-kp-sc-logon EKU", "Microsoft SmartCard Login EKU");
+                         "id-ms-kp-sc-logon EKU", "Microsoft SmartCard Login EKU");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.4.1.311.20.2.3", id_ms_san_upn,
-			 "id-ms-san-upn", "Microsoft Universal Principal Name");
+                         "id-ms-san-upn", "Microsoft Universal Principal Name");
 
     CREATE_OBJ_IF_NEEDED("1.3.6.1.5.5.7.3.1", id_kp_serverAuth,
-			 "id-kp-serverAuth EKU", "Server Authentication EKU");
+                         "id-kp-serverAuth EKU", "Server Authentication EKU");
 
     /* Success */
     retval = 0;
@@ -468,31 +458,31 @@ get_cert(char *filename, X509 **retcert)
     krb5_error_code retval;
 
     if (filename == NULL || retcert == NULL)
-	return EINVAL;
+        return EINVAL;
 
     *retcert = NULL;
 
     tmp = BIO_new(BIO_s_file());
     if (tmp == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     code = BIO_read_filename(tmp, filename);
     if (code == 0) {
-	retval = errno;
-	goto cleanup;
+        retval = errno;
+        goto cleanup;
     }
 
     cert = (X509 *) PEM_read_bio_X509(tmp, NULL, NULL, NULL);
     if (cert == NULL) {
-	retval = EIO;
-	pkiDebug("failed to read certificate from %s\n", filename);
-	goto cleanup;
+        retval = EIO;
+        pkiDebug("failed to read certificate from %s\n", filename);
+        goto cleanup;
     }
     *retcert = cert;
     retval = 0;
 cleanup:
     if (tmp != NULL)
-	BIO_free(tmp);
+        BIO_free(tmp);
     return retval;
 }
 
@@ -505,28 +495,28 @@ get_key(char *filename, EVP_PKEY **retkey)
     krb5_error_code retval;
 
     if (filename == NULL || retkey == NULL)
-	return EINVAL;
+        return EINVAL;
 
     tmp = BIO_new(BIO_s_file());
     if (tmp == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     code = BIO_read_filename(tmp, filename);
     if (code == 0) {
-	retval = errno;
-	goto cleanup;
+        retval = errno;
+        goto cleanup;
     }
     pkey = (EVP_PKEY *) PEM_read_bio_PrivateKey(tmp, NULL, NULL, NULL);
     if (pkey == NULL) {
-	retval = EIO;
-	pkiDebug("failed to read private key from %s\n", filename);
-	goto cleanup;
+        retval = EIO;
+        pkiDebug("failed to read private key from %s\n", filename);
+        goto cleanup;
     }
     *retkey = pkey;
     retval = 0;
 cleanup:
     if (tmp != NULL)
-	BIO_free(tmp);
+        BIO_free(tmp);
     return retval;
 }
 
@@ -534,11 +524,11 @@ static void
 pkinit_fini_pkinit_oids(pkinit_plg_crypto_context ctx)
 {
     if (ctx == NULL)
-	return;
+        return;
 
     /* Only call OBJ_cleanup once! */
     if (--pkinit_oids_refs == 0)
-	OBJ_cleanup();
+        OBJ_cleanup();
 }
 
 static krb5_error_code
@@ -548,34 +538,34 @@ pkinit_init_dh_params(pkinit_plg_crypto_context plgctx)
 
     plgctx->dh_1024 = DH_new();
     if (plgctx->dh_1024 == NULL)
-	goto cleanup;
+        goto cleanup;
     plgctx->dh_1024->p = BN_bin2bn(pkinit_1024_dhprime,
-	sizeof(pkinit_1024_dhprime), NULL);
+                                   sizeof(pkinit_1024_dhprime), NULL);
     if ((plgctx->dh_1024->g = BN_new()) == NULL ||
-	(plgctx->dh_1024->q = BN_new()) == NULL)
-	goto cleanup;
+        (plgctx->dh_1024->q = BN_new()) == NULL)
+        goto cleanup;
     BN_set_word(plgctx->dh_1024->g, DH_GENERATOR_2);
     BN_rshift1(plgctx->dh_1024->q, plgctx->dh_1024->p);
 
     plgctx->dh_2048 = DH_new();
     if (plgctx->dh_2048 == NULL)
-	goto cleanup;
+        goto cleanup;
     plgctx->dh_2048->p = BN_bin2bn(pkinit_2048_dhprime,
-	sizeof(pkinit_2048_dhprime), NULL);
+                                   sizeof(pkinit_2048_dhprime), NULL);
     if ((plgctx->dh_2048->g = BN_new()) == NULL ||
-	(plgctx->dh_2048->q = BN_new()) == NULL)
-	goto cleanup;
+        (plgctx->dh_2048->q = BN_new()) == NULL)
+        goto cleanup;
     BN_set_word(plgctx->dh_2048->g, DH_GENERATOR_2);
     BN_rshift1(plgctx->dh_2048->q, plgctx->dh_2048->p);
 
     plgctx->dh_4096 = DH_new();
     if (plgctx->dh_4096 == NULL)
-	goto cleanup;
+        goto cleanup;
     plgctx->dh_4096->p = BN_bin2bn(pkinit_4096_dhprime,
-	sizeof(pkinit_4096_dhprime), NULL);
+                                   sizeof(pkinit_4096_dhprime), NULL);
     if ((plgctx->dh_4096->g = BN_new()) == NULL ||
-	(plgctx->dh_4096->q = BN_new()) == NULL)
-	goto cleanup;
+        (plgctx->dh_4096->q = BN_new()) == NULL)
+        goto cleanup;
     BN_set_word(plgctx->dh_4096->g, DH_GENERATOR_2);
     BN_rshift1(plgctx->dh_4096->q, plgctx->dh_4096->p);
 
@@ -583,7 +573,7 @@ pkinit_init_dh_params(pkinit_plg_crypto_context plgctx)
 
 cleanup:
     if (retval)
-	pkinit_fini_dh_params(plgctx);
+        pkinit_fini_dh_params(plgctx);
 
     return retval;
 }
@@ -592,11 +582,11 @@ static void
 pkinit_fini_dh_params(pkinit_plg_crypto_context plgctx)
 {
     if (plgctx->dh_1024 != NULL)
-	DH_free(plgctx->dh_1024);
+        DH_free(plgctx->dh_1024);
     if (plgctx->dh_2048 != NULL)
-	DH_free(plgctx->dh_2048);
+        DH_free(plgctx->dh_2048);
     if (plgctx->dh_4096 != NULL)
-	DH_free(plgctx->dh_4096);
+        DH_free(plgctx->dh_4096);
 
     plgctx->dh_1024 = plgctx->dh_2048 = plgctx->dh_4096 = NULL;
 }
@@ -608,7 +598,7 @@ pkinit_init_certs(pkinit_identity_crypto_context ctx)
     int i;
 
     for (i = 0; i < MAX_CREDS_ALLOWED; i++)
-	ctx->creds[i] = NULL;
+        ctx->creds[i] = NULL;
     ctx->my_certs = NULL;
     ctx->cert_index = 0;
     ctx->my_key = NULL;
@@ -624,22 +614,22 @@ static void
 pkinit_fini_certs(pkinit_identity_crypto_context ctx)
 {
     if (ctx == NULL)
-	return;
+        return;
 
     if (ctx->my_certs != NULL)
-	sk_X509_pop_free(ctx->my_certs, X509_free);
+        sk_X509_pop_free(ctx->my_certs, X509_free);
 
     if (ctx->my_key != NULL)
-	EVP_PKEY_free(ctx->my_key);
+        EVP_PKEY_free(ctx->my_key);
 
     if (ctx->trustedCAs != NULL)
-	sk_X509_pop_free(ctx->trustedCAs, X509_free);
+        sk_X509_pop_free(ctx->trustedCAs, X509_free);
 
     if (ctx->intermediateCAs != NULL)
-	sk_X509_pop_free(ctx->intermediateCAs, X509_free);
+        sk_X509_pop_free(ctx->intermediateCAs, X509_free);
 
     if (ctx->revoked != NULL)
-	sk_X509_CRL_pop_free(ctx->revoked, X509_CRL_free);
+        sk_X509_CRL_pop_free(ctx->revoked, X509_CRL_free);
 }
 
 static krb5_error_code
@@ -650,7 +640,7 @@ pkinit_init_pkcs11(pkinit_identity_crypto_context ctx)
 #ifndef WITHOUT_PKCS11
     ctx->p11_module_name = strdup(PKCS11_MODNAME);
     if (ctx->p11_module_name == NULL)
-	return retval;
+        return retval;
     ctx->p11_module = NULL;
     ctx->slotid = PK_NOSLOT;
     ctx->token_label = NULL;
@@ -669,19 +659,19 @@ pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx)
 {
 #ifndef WITHOUT_PKCS11
     if (ctx == NULL)
-	return;
+        return;
 
     if (ctx->p11 != NULL) {
-	if (ctx->session) {
-	    ctx->p11->C_CloseSession(ctx->session);
-	    ctx->session = CK_INVALID_HANDLE;
-	}
-	ctx->p11->C_Finalize(NULL_PTR);
-	ctx->p11 = NULL;
+        if (ctx->session) {
+            ctx->p11->C_CloseSession(ctx->session);
+            ctx->session = CK_INVALID_HANDLE;
+        }
+        ctx->p11->C_Finalize(NULL_PTR);
+        ctx->p11 = NULL;
     }
     if (ctx->p11_module != NULL) {
-	pkinit_C_UnloadModule(ctx->p11_module);
-	ctx->p11_module = NULL;
+        pkinit_C_UnloadModule(ctx->p11_module);
+        ctx->p11_module = NULL;
     }
     free(ctx->p11_module_name);
     free(ctx->token_label);
@@ -692,8 +682,8 @@ pkinit_fini_pkcs11(pkinit_identity_crypto_context ctx)
 
 krb5_error_code
 pkinit_identity_set_prompter(pkinit_identity_crypto_context id_cryptoctx,
-			     krb5_prompter_fct prompter,
-			     void *prompter_data)
+                             krb5_prompter_fct prompter,
+                             void *prompter_data)
 {
     id_cryptoctx->prompter = prompter;
     id_cryptoctx->prompter_data = prompter_data;
@@ -703,15 +693,15 @@ pkinit_identity_set_prompter(pkinit_identity_crypto_context id_cryptoctx,
 
 krb5_error_code
 cms_signeddata_create(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      int cms_msg_type,
-		      int include_certchain,
-		      unsigned char *data,
-		      unsigned int data_len,
-		      unsigned char **signed_data,
-		      unsigned int *signed_data_len)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      int cms_msg_type,
+                      int include_certchain,
+                      unsigned char *data,
+                      unsigned int data_len,
+                      unsigned char **signed_data,
+                      unsigned int *signed_data_len)
 {
     krb5_error_code retval = ENOMEM;
     PKCS7  *p7 = NULL, *inner_p7 = NULL;
@@ -738,74 +728,74 @@ cms_signeddata_create(krb5_context context,
 
     /* start creating PKCS7 data */
     if ((p7 = PKCS7_new()) == NULL)
-	goto cleanup;
+        goto cleanup;
     p7->type = OBJ_nid2obj(NID_pkcs7_signed);
 
     if ((p7s = PKCS7_SIGNED_new()) == NULL)
-	goto cleanup;
+        goto cleanup;
     p7->d.sign = p7s;
     if (!ASN1_INTEGER_set(p7s->version, 3))
-	goto cleanup;
+        goto cleanup;
 
     /* create a cert chain that has at least the signer's certificate */
     if ((cert_stack = sk_X509_new_null()) == NULL)
-	goto cleanup;
+        goto cleanup;
 
     cert = sk_X509_value(id_cryptoctx->my_certs, id_cryptoctx->cert_index);
     if (!include_certchain) {
-	pkiDebug("only including signer's certificate\n");
-	sk_X509_push(cert_stack, X509_dup(cert));
+        pkiDebug("only including signer's certificate\n");
+        sk_X509_push(cert_stack, X509_dup(cert));
     } else {
-	/* create a cert chain */
-	X509_STORE *certstore = NULL;
-	X509_STORE_CTX certctx;
-	STACK_OF(X509) *certstack = NULL;
-	char buf[DN_BUF_LEN];
-	int i = 0, size = 0;
-
-	if ((certstore = X509_STORE_new()) == NULL)
-	    goto cleanup;
-	pkiDebug("building certificate chain\n");
-	X509_STORE_set_verify_cb_func(certstore, openssl_callback);
-	X509_STORE_CTX_init(&certctx, certstore, cert,
-			    id_cryptoctx->intermediateCAs);
-	X509_STORE_CTX_trusted_stack(&certctx, id_cryptoctx->trustedCAs);
-	if (!X509_verify_cert(&certctx)) {
-	    pkiDebug("failed to create a certificate chain: %s\n",
-	    X509_verify_cert_error_string(X509_STORE_CTX_get_error(&certctx)));
-	    if (!sk_X509_num(id_cryptoctx->trustedCAs))
-		pkiDebug("No trusted CAs found. Check your X509_anchors\n");
-	    goto cleanup;
-	}
-	certstack = X509_STORE_CTX_get1_chain(&certctx);
-	size = sk_X509_num(certstack);
-	pkiDebug("size of certificate chain = %d\n", size);
-	for(i = 0; i < size - 1; i++) {
-	    X509 *x = sk_X509_value(certstack, i);
-	    X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
-	    pkiDebug("cert #%d: %s\n", i, buf);
-	    sk_X509_push(cert_stack, X509_dup(x));
-	}
-	X509_STORE_CTX_cleanup(&certctx);
-	X509_STORE_free(certstore);
-	sk_X509_pop_free(certstack, X509_free);
+        /* create a cert chain */
+        X509_STORE *certstore = NULL;
+        X509_STORE_CTX certctx;
+        STACK_OF(X509) *certstack = NULL;
+        char buf[DN_BUF_LEN];
+        int i = 0, size = 0;
+
+        if ((certstore = X509_STORE_new()) == NULL)
+            goto cleanup;
+        pkiDebug("building certificate chain\n");
+        X509_STORE_set_verify_cb_func(certstore, openssl_callback);
+        X509_STORE_CTX_init(&certctx, certstore, cert,
+                            id_cryptoctx->intermediateCAs);
+        X509_STORE_CTX_trusted_stack(&certctx, id_cryptoctx->trustedCAs);
+        if (!X509_verify_cert(&certctx)) {
+            pkiDebug("failed to create a certificate chain: %s\n",
+                     X509_verify_cert_error_string(X509_STORE_CTX_get_error(&certctx)));
+            if (!sk_X509_num(id_cryptoctx->trustedCAs))
+                pkiDebug("No trusted CAs found. Check your X509_anchors\n");
+            goto cleanup;
+        }
+        certstack = X509_STORE_CTX_get1_chain(&certctx);
+        size = sk_X509_num(certstack);
+        pkiDebug("size of certificate chain = %d\n", size);
+        for(i = 0; i < size - 1; i++) {
+            X509 *x = sk_X509_value(certstack, i);
+            X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+            pkiDebug("cert #%d: %s\n", i, buf);
+            sk_X509_push(cert_stack, X509_dup(x));
+        }
+        X509_STORE_CTX_cleanup(&certctx);
+        X509_STORE_free(certstore);
+        sk_X509_pop_free(certstack, X509_free);
     }
     p7s->cert = cert_stack;
 
     /* fill-in PKCS7_SIGNER_INFO */
     if ((p7si = PKCS7_SIGNER_INFO_new()) == NULL)
-	goto cleanup;
+        goto cleanup;
     if (!ASN1_INTEGER_set(p7si->version, 1))
-	goto cleanup;
+        goto cleanup;
     if (!X509_NAME_set(&p7si->issuer_and_serial->issuer,
-		       X509_get_issuer_name(cert)))
-	goto cleanup;
+                       X509_get_issuer_name(cert)))
+        goto cleanup;
     /* because ASN1_INTEGER_set is used to set a 'long' we will do
      * things the ugly way. */
     M_ASN1_INTEGER_free(p7si->issuer_and_serial->serial);
     if (!(p7si->issuer_and_serial->serial =
-	  M_ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
-	goto cleanup;
+          M_ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
+        goto cleanup;
 
     /* will not fill-out EVP_PKEY because it's on the smartcard */
 
@@ -813,54 +803,54 @@ cms_signeddata_create(krb5_context context,
     p7si->digest_alg->algorithm = OBJ_nid2obj(NID_sha1);
 
     if (p7si->digest_alg->parameter != NULL)
-	ASN1_TYPE_free(p7si->digest_alg->parameter);
+        ASN1_TYPE_free(p7si->digest_alg->parameter);
     if ((p7si->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
-	goto cleanup;
+        goto cleanup;
     p7si->digest_alg->parameter->type = V_ASN1_NULL;
 
     /* Set sig algs */
     if (p7si->digest_enc_alg->parameter != NULL)
-	ASN1_TYPE_free(p7si->digest_enc_alg->parameter);
+        ASN1_TYPE_free(p7si->digest_enc_alg->parameter);
     p7si->digest_enc_alg->algorithm = OBJ_nid2obj(NID_sha1WithRSAEncryption);
     if (!(p7si->digest_enc_alg->parameter = ASN1_TYPE_new()))
-	goto cleanup;
+        goto cleanup;
     p7si->digest_enc_alg->parameter->type = V_ASN1_NULL;
 
     /* pick the correct oid for the eContentInfo */
     oid = pkinit_pkcs7type2oid(plg_cryptoctx, cms_msg_type);
     if (oid == NULL)
-	goto cleanup;
+        goto cleanup;
 
     if (cms_msg_type == CMS_SIGN_DRAFT9) {
-	/* don't include signed attributes for pa-type 15 request */
-	abuf = data;
-	alen = data_len;
+        /* don't include signed attributes for pa-type 15 request */
+        abuf = data;
+        alen = data_len;
     } else {
-	/* add signed attributes */
-	/* compute sha1 digest over the EncapsulatedContentInfo */
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctx, data, data_len);
-	md_tmp = EVP_MD_CTX_md(&ctx);
-	EVP_DigestFinal_ex(&ctx, md_data, &md_len);
-
-	/* create a message digest attr */
-	digest_attr = ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(digest_attr, md_data, (int)md_len);
-	PKCS7_add_signed_attribute(p7si, NID_pkcs9_messageDigest,
-				   V_ASN1_OCTET_STRING, (char *) digest_attr);
-
-	/* create a content-type attr */
-	PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
-				   V_ASN1_OBJECT, oid);
-
-	/* create the signature over signed attributes. get DER encoded value */
-	/* This is the place where smartcard signature needs to be calculated */
-	sk = p7si->auth_attr;
-	alen = ASN1_item_i2d((ASN1_VALUE *) sk, &abuf,
-			     ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-	if (abuf == NULL)
-	    goto cleanup2;
+        /* add signed attributes */
+        /* compute sha1 digest over the EncapsulatedContentInfo */
+        EVP_MD_CTX_init(&ctx);
+        EVP_DigestInit_ex(&ctx, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctx, data, data_len);
+        md_tmp = EVP_MD_CTX_md(&ctx);
+        EVP_DigestFinal_ex(&ctx, md_data, &md_len);
+
+        /* create a message digest attr */
+        digest_attr = ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(digest_attr, md_data, (int)md_len);
+        PKCS7_add_signed_attribute(p7si, NID_pkcs9_messageDigest,
+                                   V_ASN1_OCTET_STRING, (char *) digest_attr);
+
+        /* create a content-type attr */
+        PKCS7_add_signed_attribute(p7si, NID_pkcs9_contentType,
+                                   V_ASN1_OBJECT, oid);
+
+        /* create the signature over signed attributes. get DER encoded value */
+        /* This is the place where smartcard signature needs to be calculated */
+        sk = p7si->auth_attr;
+        alen = ASN1_item_i2d((ASN1_VALUE *) sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+        if (abuf == NULL)
+            goto cleanup2;
     }
 
 #ifndef WITHOUT_PKCS11
@@ -868,169 +858,169 @@ cms_signeddata_create(krb5_context context,
     /* to compute sha1WithRSAEncryption, encode the algorithm ID for the hash
      * function and the hash value into an ASN.1 value of type DigestInfo
      * DigestInfo::=SEQUENCE {
-     *	digestAlgorithm  AlgorithmIdentifier,
-     *	digest OCTET STRING }
+     *  digestAlgorithm  AlgorithmIdentifier,
+     *  digest OCTET STRING }
      */
     if (id_cryptoctx->pkcs11_method == 1 &&
-	    id_cryptoctx->mech == CKM_RSA_PKCS) {
-	pkiDebug("mech = CKM_RSA_PKCS\n");
-	EVP_MD_CTX_init(&ctx2);
-	/* if this is not draft9 request, include digest signed attribute */
-	if (cms_msg_type != CMS_SIGN_DRAFT9)
-	    EVP_DigestInit_ex(&ctx2, md_tmp, NULL);
-	else
-	    EVP_DigestInit_ex(&ctx2, EVP_sha1(), NULL);
-	EVP_DigestUpdate(&ctx2, abuf, alen);
-	EVP_DigestFinal_ex(&ctx2, md_data2, &md_len2);
-
-	alg = X509_ALGOR_new();
-	if (alg == NULL)
-	    goto cleanup2;
-	alg->algorithm = OBJ_nid2obj(NID_sha1);
-	alg->parameter = NULL;
-	alg_len = i2d_X509_ALGOR(alg, NULL);
-	alg_buf = malloc(alg_len);
-	if (alg_buf == NULL)
-	    goto cleanup2;
-
-	digest = ASN1_OCTET_STRING_new();
-	if (digest == NULL)
-	    goto cleanup2;
-	ASN1_OCTET_STRING_set(digest, md_data2, (int)md_len2);
-	digest_len = i2d_ASN1_OCTET_STRING(digest, NULL);
-	digest_buf = malloc(digest_len);
-	if (digest_buf == NULL)
-	    goto cleanup2;
-
-	digestInfo_len = ASN1_object_size(1, (int)(alg_len + digest_len),
-					  V_ASN1_SEQUENCE);
-	y = digestInfo_buf = malloc(digestInfo_len);
-	if (digestInfo_buf == NULL)
-	    goto cleanup2;
-	ASN1_put_object(&y, 1, (int)(alg_len + digest_len), V_ASN1_SEQUENCE,
-			V_ASN1_UNIVERSAL);
-	i2d_X509_ALGOR(alg, &y);
-	i2d_ASN1_OCTET_STRING(digest, &y);
+        id_cryptoctx->mech == CKM_RSA_PKCS) {
+        pkiDebug("mech = CKM_RSA_PKCS\n");
+        EVP_MD_CTX_init(&ctx2);
+        /* if this is not draft9 request, include digest signed attribute */
+        if (cms_msg_type != CMS_SIGN_DRAFT9)
+            EVP_DigestInit_ex(&ctx2, md_tmp, NULL);
+        else
+            EVP_DigestInit_ex(&ctx2, EVP_sha1(), NULL);
+        EVP_DigestUpdate(&ctx2, abuf, alen);
+        EVP_DigestFinal_ex(&ctx2, md_data2, &md_len2);
+
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto cleanup2;
+        alg->algorithm = OBJ_nid2obj(NID_sha1);
+        alg->parameter = NULL;
+        alg_len = i2d_X509_ALGOR(alg, NULL);
+        alg_buf = malloc(alg_len);
+        if (alg_buf == NULL)
+            goto cleanup2;
+
+        digest = ASN1_OCTET_STRING_new();
+        if (digest == NULL)
+            goto cleanup2;
+        ASN1_OCTET_STRING_set(digest, md_data2, (int)md_len2);
+        digest_len = i2d_ASN1_OCTET_STRING(digest, NULL);
+        digest_buf = malloc(digest_len);
+        if (digest_buf == NULL)
+            goto cleanup2;
+
+        digestInfo_len = ASN1_object_size(1, (int)(alg_len + digest_len),
+                                          V_ASN1_SEQUENCE);
+        y = digestInfo_buf = malloc(digestInfo_len);
+        if (digestInfo_buf == NULL)
+            goto cleanup2;
+        ASN1_put_object(&y, 1, (int)(alg_len + digest_len), V_ASN1_SEQUENCE,
+                        V_ASN1_UNIVERSAL);
+        i2d_X509_ALGOR(alg, &y);
+        i2d_ASN1_OCTET_STRING(digest, &y);
 #ifdef DEBUG_SIG
-	pkiDebug("signing buffer\n");
-	print_buffer(digestInfo_buf, digestInfo_len);
-	print_buffer_bin(digestInfo_buf, digestInfo_len, "/tmp/pkcs7_tosign");
+        pkiDebug("signing buffer\n");
+        print_buffer(digestInfo_buf, digestInfo_len);
+        print_buffer_bin(digestInfo_buf, digestInfo_len, "/tmp/pkcs7_tosign");
 #endif
-	retval = pkinit_sign_data(context, id_cryptoctx, digestInfo_buf,
-				  digestInfo_len, &sig, &sig_len);
+        retval = pkinit_sign_data(context, id_cryptoctx, digestInfo_buf,
+                                  digestInfo_len, &sig, &sig_len);
     } else
 #endif
     {
-	pkiDebug("mech = %s\n",
-	    id_cryptoctx->pkcs11_method == 1 ? "CKM_SHA1_RSA_PKCS" : "FS");
-	retval = pkinit_sign_data(context, id_cryptoctx, abuf, alen,
-				  &sig, &sig_len);
+        pkiDebug("mech = %s\n",
+                 id_cryptoctx->pkcs11_method == 1 ? "CKM_SHA1_RSA_PKCS" : "FS");
+        retval = pkinit_sign_data(context, id_cryptoctx, abuf, alen,
+                                  &sig, &sig_len);
     }
 #ifdef DEBUG_SIG
     print_buffer(sig, sig_len);
 #endif
     if (cms_msg_type != CMS_SIGN_DRAFT9)
-	free(abuf);
+        free(abuf);
     if (retval)
-	goto cleanup2;
+        goto cleanup2;
 
     /* Add signature */
     if (!ASN1_STRING_set(p7si->enc_digest, (unsigned char *) sig,
-			 (int)sig_len)) {
-	unsigned long err = ERR_peek_error();
-	retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	pkiDebug("failed to add a signed digest attribute\n");
-	goto cleanup2;
+                         (int)sig_len)) {
+        unsigned long err = ERR_peek_error();
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        pkiDebug("failed to add a signed digest attribute\n");
+        goto cleanup2;
     }
     /* adder signer_info to pkcs7 signed */
     if (!PKCS7_add_signer(p7, p7si))
-	goto cleanup2;
+        goto cleanup2;
 
     /* start on adding data to the pkcs7 signed */
     if ((inner_p7 = PKCS7_new()) == NULL)
-	goto cleanup2;
+        goto cleanup2;
     if ((pkinit_data = ASN1_TYPE_new()) == NULL)
-	goto cleanup2;
+        goto cleanup2;
     pkinit_data->type = V_ASN1_OCTET_STRING;
     if ((pkinit_data->value.octet_string = ASN1_OCTET_STRING_new()) == NULL)
-	goto cleanup2;
+        goto cleanup2;
     if (!ASN1_OCTET_STRING_set(pkinit_data->value.octet_string, data,
-			       (int)data_len)) {
-	unsigned long err = ERR_peek_error();
-	retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	pkiDebug("failed to add pkcs7 data\n");
-	goto cleanup2;
+                               (int)data_len)) {
+        unsigned long err = ERR_peek_error();
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        pkiDebug("failed to add pkcs7 data\n");
+        goto cleanup2;
     }
 
     if (!PKCS7_set0_type_other(inner_p7, OBJ_obj2nid(oid), pkinit_data))
-	goto cleanup2;
+        goto cleanup2;
 
     if (p7s->contents != NULL)
-	PKCS7_free(p7s->contents);
+        PKCS7_free(p7s->contents);
     p7s->contents = inner_p7;
 
     *signed_data_len = i2d_PKCS7(p7, NULL);
     if (!(*signed_data_len)) {
-	unsigned long err = ERR_peek_error();
-	retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	pkiDebug("failed to der encode pkcs7\n");
-	goto cleanup2;
+        unsigned long err = ERR_peek_error();
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        pkiDebug("failed to der encode pkcs7\n");
+        goto cleanup2;
     }
     if ((p = *signed_data = malloc(*signed_data_len)) == NULL)
-	goto cleanup2;
+        goto cleanup2;
 
     /* DER encode PKCS7 data */
     retval = i2d_PKCS7(p7, &p);
     if (!retval) {
-	unsigned long err = ERR_peek_error();
-	retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	pkiDebug("failed to der encode pkcs7\n");
-	goto cleanup2;
+        unsigned long err = ERR_peek_error();
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        pkiDebug("failed to der encode pkcs7\n");
+        goto cleanup2;
     }
     retval = 0;
 
 #ifdef DEBUG_ASN1
     if (cms_msg_type == CMS_SIGN_CLIENT) {
-	print_buffer_bin(*signed_data, *signed_data_len,
-			 "/tmp/client_pkcs7_signeddata");
+        print_buffer_bin(*signed_data, *signed_data_len,
+                         "/tmp/client_pkcs7_signeddata");
     } else {
-	if (cms_msg_type == CMS_SIGN_SERVER) {
-	    print_buffer_bin(*signed_data, *signed_data_len,
-			     "/tmp/kdc_pkcs7_signeddata");
-	} else {
-	    print_buffer_bin(*signed_data, *signed_data_len,
-			     "/tmp/draft9_pkcs7_signeddata");
-	}
+        if (cms_msg_type == CMS_SIGN_SERVER) {
+            print_buffer_bin(*signed_data, *signed_data_len,
+                             "/tmp/kdc_pkcs7_signeddata");
+        } else {
+            print_buffer_bin(*signed_data, *signed_data_len,
+                             "/tmp/draft9_pkcs7_signeddata");
+        }
     }
 #endif
 
-  cleanup2:
+cleanup2:
     if (cms_msg_type != CMS_SIGN_DRAFT9)
-	EVP_MD_CTX_cleanup(&ctx);
+        EVP_MD_CTX_cleanup(&ctx);
 #ifndef WITHOUT_PKCS11
     if (id_cryptoctx->pkcs11_method == 1 &&
-	    id_cryptoctx->mech == CKM_RSA_PKCS) {
-	EVP_MD_CTX_cleanup(&ctx2);
-	free(digest_buf);
-	free(digestInfo_buf);
-	free(alg_buf);
-	if (digest != NULL)
-	    ASN1_OCTET_STRING_free(digest);
+        id_cryptoctx->mech == CKM_RSA_PKCS) {
+        EVP_MD_CTX_cleanup(&ctx2);
+        free(digest_buf);
+        free(digestInfo_buf);
+        free(alg_buf);
+        if (digest != NULL)
+            ASN1_OCTET_STRING_free(digest);
     }
 #endif
     if (alg != NULL)
-	X509_ALGOR_free(alg);
-  cleanup:
+        X509_ALGOR_free(alg);
+cleanup:
     if (p7 != NULL)
-	PKCS7_free(p7);
+        PKCS7_free(p7);
     free(sig);
 
     return retval;
@@ -1038,17 +1028,17 @@ cms_signeddata_create(krb5_context context,
 
 krb5_error_code
 cms_signeddata_verify(krb5_context context,
-		      pkinit_plg_crypto_context plgctx,
-		      pkinit_req_crypto_context reqctx,
-		      pkinit_identity_crypto_context idctx,
-		      int cms_msg_type,
-		      int require_crl_checking,
-		      unsigned char *signed_data,
-		      unsigned int signed_data_len,
-		      unsigned char **data,
-		      unsigned int *data_len,
-		      unsigned char **authz_data,
-		      unsigned int *authz_data_len)
+                      pkinit_plg_crypto_context plgctx,
+                      pkinit_req_crypto_context reqctx,
+                      pkinit_identity_crypto_context idctx,
+                      int cms_msg_type,
+                      int require_crl_checking,
+                      unsigned char *signed_data,
+                      unsigned int signed_data_len,
+                      unsigned char **data,
+                      unsigned int *data_len,
+                      unsigned char **authz_data,
+                      unsigned int *authz_data_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     PKCS7 *p7 = NULL;
@@ -1071,237 +1061,237 @@ cms_signeddata_verify(krb5_context context,
 
 #ifdef DEBUG_ASN1
     print_buffer_bin(signed_data, signed_data_len,
-		     "/tmp/client_received_pkcs7_signeddata");
+                     "/tmp/client_received_pkcs7_signeddata");
 #endif
 
     /* Do this early enough to create the shadow OID for pkcs7-data if needed */
     oid = pkinit_pkcs7type2oid(plgctx, cms_msg_type);
     if (oid == NULL)
-	goto cleanup;
+        goto cleanup;
 
     /* decode received PKCS7 message */
     if ((p7 = d2i_PKCS7(NULL, &p, (int)signed_data_len)) == NULL) {
-	unsigned long err = ERR_peek_error();
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	pkiDebug("%s: failed to decode message: %s\n",
-		 __FUNCTION__, ERR_error_string(err, NULL));
-	goto cleanup;
+        unsigned long err = ERR_peek_error();
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        pkiDebug("%s: failed to decode message: %s\n",
+                 __FUNCTION__, ERR_error_string(err, NULL));
+        goto cleanup;
     }
 
     /* verify that the received message is PKCS7 SignedData message */
     if (OBJ_obj2nid(p7->type) != NID_pkcs7_signed) {
-	pkiDebug("Expected id-signedData PKCS7 msg (received type = %d)\n",
-		 OBJ_obj2nid(p7->type));
-	krb5_set_error_message(context, retval, "wrong oid\n");
-	goto cleanup;
+        pkiDebug("Expected id-signedData PKCS7 msg (received type = %d)\n",
+                 OBJ_obj2nid(p7->type));
+        krb5_set_error_message(context, retval, "wrong oid\n");
+        goto cleanup;
     }
 
     /* setup to verify X509 certificate used to sign PKCS7 message */
     if (!(store = X509_STORE_new()))
-	goto cleanup;
+        goto cleanup;
 
     /* check if we are inforcing CRL checking */
     vflags = X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
     if (require_crl_checking)
-	X509_STORE_set_verify_cb_func(store, openssl_callback);
+        X509_STORE_set_verify_cb_func(store, openssl_callback);
     else
-	X509_STORE_set_verify_cb_func(store, openssl_callback_ignore_crls);
+        X509_STORE_set_verify_cb_func(store, openssl_callback_ignore_crls);
     X509_STORE_set_flags(store, vflags);
 
     /* get the signer's information from the PKCS7 message */
     if ((si_sk = PKCS7_get_signer_info(p7)) == NULL)
-	goto cleanup;
+        goto cleanup;
     if ((si = sk_PKCS7_SIGNER_INFO_value(si_sk, 0)) == NULL)
-	goto cleanup;
+        goto cleanup;
     if ((x = PKCS7_cert_from_signer_info(p7, si)) == NULL)
-	goto cleanup;
+        goto cleanup;
 
     /* create available CRL information (get local CRLs and include CRLs
      * received in the PKCS7 message
      */
     if (idctx->revoked == NULL)
-	revoked = p7->d.sign->crl;
+        revoked = p7->d.sign->crl;
     else if (p7->d.sign->crl == NULL)
-	revoked = idctx->revoked;
+        revoked = idctx->revoked;
     else {
-	size = sk_X509_CRL_num(idctx->revoked);
-	revoked = sk_X509_CRL_new_null();
-	for (i = 0; i < size; i++)
-	    sk_X509_CRL_push(revoked, sk_X509_CRL_value(idctx->revoked, i));
-	size = sk_X509_num(p7->d.sign->crl);
-	for (i = 0; i < size; i++)
-	    sk_X509_CRL_push(revoked, sk_X509_CRL_value(p7->d.sign->crl, i));
+        size = sk_X509_CRL_num(idctx->revoked);
+        revoked = sk_X509_CRL_new_null();
+        for (i = 0; i < size; i++)
+            sk_X509_CRL_push(revoked, sk_X509_CRL_value(idctx->revoked, i));
+        size = sk_X509_num(p7->d.sign->crl);
+        for (i = 0; i < size; i++)
+            sk_X509_CRL_push(revoked, sk_X509_CRL_value(p7->d.sign->crl, i));
     }
 
     /* create available intermediate CAs chains (get local intermediateCAs and
      * include the CA chain received in the PKCS7 message
      */
     if (idctx->intermediateCAs == NULL)
-	intermediateCAs = p7->d.sign->cert;
+        intermediateCAs = p7->d.sign->cert;
     else if (p7->d.sign->cert == NULL)
-	intermediateCAs = idctx->intermediateCAs;
+        intermediateCAs = idctx->intermediateCAs;
     else {
-	size = sk_X509_num(idctx->intermediateCAs);
-	intermediateCAs = sk_X509_new_null();
-	for (i = 0; i < size; i++) {
-	    sk_X509_push(intermediateCAs,
-		sk_X509_value(idctx->intermediateCAs, i));
-	}
-	size = sk_X509_num(p7->d.sign->cert);
-	for (i = 0; i < size; i++) {
-	    sk_X509_push(intermediateCAs, sk_X509_value(p7->d.sign->cert, i));
-	}
+        size = sk_X509_num(idctx->intermediateCAs);
+        intermediateCAs = sk_X509_new_null();
+        for (i = 0; i < size; i++) {
+            sk_X509_push(intermediateCAs,
+                         sk_X509_value(idctx->intermediateCAs, i));
+        }
+        size = sk_X509_num(p7->d.sign->cert);
+        for (i = 0; i < size; i++) {
+            sk_X509_push(intermediateCAs, sk_X509_value(p7->d.sign->cert, i));
+        }
     }
 
     /* initialize x509 context with the received certificate and
      * trusted and intermediate CA chains and CRLs
      */
     if (!X509_STORE_CTX_init(&cert_ctx, store, x, intermediateCAs))
-	goto cleanup;
+        goto cleanup;
 
     X509_STORE_CTX_set0_crls(&cert_ctx, revoked);
 
     /* add trusted CAs certificates for cert verification */
     if (idctx->trustedCAs != NULL)
-	X509_STORE_CTX_trusted_stack(&cert_ctx, idctx->trustedCAs);
+        X509_STORE_CTX_trusted_stack(&cert_ctx, idctx->trustedCAs);
     else {
-	pkiDebug("unable to find any trusted CAs\n");
-	goto cleanup;
+        pkiDebug("unable to find any trusted CAs\n");
+        goto cleanup;
     }
 #ifdef DEBUG_CERTCHAIN
     if (intermediateCAs != NULL) {
-	size = sk_X509_num(intermediateCAs);
-	pkiDebug("untrusted cert chain of size %d\n", size);
-	for (i = 0; i < size; i++) {
-	    X509_NAME_oneline(X509_get_subject_name(
-		sk_X509_value(intermediateCAs, i)), buf, sizeof(buf));
-	    pkiDebug("cert #%d: %s\n", i, buf);
-	}
+        size = sk_X509_num(intermediateCAs);
+        pkiDebug("untrusted cert chain of size %d\n", size);
+        for (i = 0; i < size; i++) {
+            X509_NAME_oneline(X509_get_subject_name(
+                                  sk_X509_value(intermediateCAs, i)), buf, sizeof(buf));
+            pkiDebug("cert #%d: %s\n", i, buf);
+        }
     }
     if (idctx->trustedCAs != NULL) {
-	size = sk_X509_num(idctx->trustedCAs);
-	pkiDebug("trusted cert chain of size %d\n", size);
-	for (i = 0; i < size; i++) {
-	    X509_NAME_oneline(X509_get_subject_name(
-		sk_X509_value(idctx->trustedCAs, i)), buf, sizeof(buf));
-	    pkiDebug("cert #%d: %s\n", i, buf);
-	}
+        size = sk_X509_num(idctx->trustedCAs);
+        pkiDebug("trusted cert chain of size %d\n", size);
+        for (i = 0; i < size; i++) {
+            X509_NAME_oneline(X509_get_subject_name(
+                                  sk_X509_value(idctx->trustedCAs, i)), buf, sizeof(buf));
+            pkiDebug("cert #%d: %s\n", i, buf);
+        }
     }
     if (revoked != NULL) {
-	size = sk_X509_CRL_num(revoked);
-	pkiDebug("CRL chain of size %d\n", size);
-	for (i = 0; i < size; i++) {
-	    X509_CRL *crl = sk_X509_CRL_value(revoked, i);
-	    X509_NAME_oneline(X509_CRL_get_issuer(crl), buf, sizeof(buf));
-	    pkiDebug("crls by CA #%d: %s\n", i , buf);
-	}
+        size = sk_X509_CRL_num(revoked);
+        pkiDebug("CRL chain of size %d\n", size);
+        for (i = 0; i < size; i++) {
+            X509_CRL *crl = sk_X509_CRL_value(revoked, i);
+            X509_NAME_oneline(X509_CRL_get_issuer(crl), buf, sizeof(buf));
+            pkiDebug("crls by CA #%d: %s\n", i , buf);
+        }
     }
 #endif
 
     i = X509_verify_cert(&cert_ctx);
     if (i <= 0) {
-	int j = X509_STORE_CTX_get_error(&cert_ctx);
-
-	reqctx->received_cert = X509_dup(cert_ctx.current_cert);
-	switch(j) {
-	    case X509_V_ERR_CERT_REVOKED:
-		retval = KRB5KDC_ERR_REVOKED_CERTIFICATE;
-		break;
-	    case X509_V_ERR_UNABLE_TO_GET_CRL:
-		retval = KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN;
-		break;
-	    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-	    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-		retval = KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE;
-		break;
-	    default:
-		retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
-	}
-	X509_NAME_oneline(X509_get_subject_name(
-	    reqctx->received_cert), buf, sizeof(buf));
-	pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
-		 X509_verify_cert_error_string(j));
-	krb5_set_error_message(context, retval, "%s\n",
-	    X509_verify_cert_error_string(j));
+        int j = X509_STORE_CTX_get_error(&cert_ctx);
+
+        reqctx->received_cert = X509_dup(cert_ctx.current_cert);
+        switch(j) {
+        case X509_V_ERR_CERT_REVOKED:
+            retval = KRB5KDC_ERR_REVOKED_CERTIFICATE;
+            break;
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+            retval = KRB5KDC_ERR_REVOCATION_STATUS_UNKNOWN;
+            break;
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+            retval = KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE;
+            break;
+        default:
+            retval = KRB5KDC_ERR_INVALID_CERTIFICATE;
+        }
+        X509_NAME_oneline(X509_get_subject_name(
+                              reqctx->received_cert), buf, sizeof(buf));
+        pkiDebug("problem with cert DN = %s (error=%d) %s\n", buf, j,
+                 X509_verify_cert_error_string(j));
+        krb5_set_error_message(context, retval, "%s\n",
+                               X509_verify_cert_error_string(j));
 #ifdef DEBUG_CERTCHAIN
-	size = sk_X509_num(p7->d.sign->cert);
-	pkiDebug("received cert chain of size %d\n", size);
-	for (j = 0; j < size; j++) {
-	    X509 *tmp_cert = sk_X509_value(p7->d.sign->cert, j);
-	    X509_NAME_oneline(X509_get_subject_name(tmp_cert), buf, sizeof(buf));
-	    pkiDebug("cert #%d: %s\n", j, buf);
-	}
+        size = sk_X509_num(p7->d.sign->cert);
+        pkiDebug("received cert chain of size %d\n", size);
+        for (j = 0; j < size; j++) {
+            X509 *tmp_cert = sk_X509_value(p7->d.sign->cert, j);
+            X509_NAME_oneline(X509_get_subject_name(tmp_cert), buf, sizeof(buf));
+            pkiDebug("cert #%d: %s\n", j, buf);
+        }
 #endif
     } else {
-	/* retrieve verified certificate chain */
-	if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9)
-	    verified_chain = X509_STORE_CTX_get1_chain(&cert_ctx);
+        /* retrieve verified certificate chain */
+        if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9)
+            verified_chain = X509_STORE_CTX_get1_chain(&cert_ctx);
     }
     X509_STORE_CTX_cleanup(&cert_ctx);
     if (i <= 0)
-	goto cleanup;
+        goto cleanup;
 
     out = BIO_new(BIO_s_mem());
     if (cms_msg_type == CMS_SIGN_DRAFT9)
-	flags |= PKCS7_NOATTR;
+        flags |= PKCS7_NOATTR;
     if (PKCS7_verify(p7, NULL, store, NULL, out, flags)) {
-	int valid_oid = 0;
-
-	if (!OBJ_cmp(p7->d.sign->contents->type, oid))
-	    valid_oid = 1;
-	else if (cms_msg_type == CMS_SIGN_DRAFT9) {
-	    /*
-	     * Various implementations of the pa-type 15 request use
-	     * different OIDS.  We check that the returned object
-	     * has any of the acceptable OIDs
-	     */
-	    ASN1_OBJECT *client_oid = NULL, *server_oid = NULL, *rsa_oid = NULL;
-	    client_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_CLIENT);
-	    server_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_SERVER);
-	    rsa_oid = pkinit_pkcs7type2oid(plgctx, CMS_ENVEL_SERVER);
-	    if (!OBJ_cmp(p7->d.sign->contents->type, client_oid) ||
-		!OBJ_cmp(p7->d.sign->contents->type, server_oid) ||
-		!OBJ_cmp(p7->d.sign->contents->type, rsa_oid))
-		valid_oid = 1;
-	}
-
-	if (valid_oid)
-	    pkiDebug("PKCS7 Verification successful\n");
-	else {
-	    pkiDebug("wrong oid in eContentType\n");
-	    print_buffer(p7->d.sign->contents->type->data,
-		(unsigned int)p7->d.sign->contents->type->length);
-	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	    krb5_set_error_message(context, retval, "wrong oid\n");
-	    goto cleanup;
-	}
+        int valid_oid = 0;
+
+        if (!OBJ_cmp(p7->d.sign->contents->type, oid))
+            valid_oid = 1;
+        else if (cms_msg_type == CMS_SIGN_DRAFT9) {
+            /*
+             * Various implementations of the pa-type 15 request use
+             * different OIDS.  We check that the returned object
+             * has any of the acceptable OIDs
+             */
+            ASN1_OBJECT *client_oid = NULL, *server_oid = NULL, *rsa_oid = NULL;
+            client_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_CLIENT);
+            server_oid = pkinit_pkcs7type2oid(plgctx, CMS_SIGN_SERVER);
+            rsa_oid = pkinit_pkcs7type2oid(plgctx, CMS_ENVEL_SERVER);
+            if (!OBJ_cmp(p7->d.sign->contents->type, client_oid) ||
+                !OBJ_cmp(p7->d.sign->contents->type, server_oid) ||
+                !OBJ_cmp(p7->d.sign->contents->type, rsa_oid))
+                valid_oid = 1;
+        }
+
+        if (valid_oid)
+            pkiDebug("PKCS7 Verification successful\n");
+        else {
+            pkiDebug("wrong oid in eContentType\n");
+            print_buffer(p7->d.sign->contents->type->data,
+                         (unsigned int)p7->d.sign->contents->type->length);
+            retval = KRB5KDC_ERR_PREAUTH_FAILED;
+            krb5_set_error_message(context, retval, "wrong oid\n");
+            goto cleanup;
+        }
     }
     else {
-	unsigned long err = ERR_peek_error();
-	switch(ERR_GET_REASON(err)) {
-	    case PKCS7_R_DIGEST_FAILURE:
-		retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
-		break;
-	    case PKCS7_R_SIGNATURE_FAILURE:
-	    default:
-		retval = KRB5KDC_ERR_INVALID_SIG;
-	}
-	pkiDebug("PKCS7 Verification failure\n");
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	goto cleanup;
+        unsigned long err = ERR_peek_error();
+        switch(ERR_GET_REASON(err)) {
+        case PKCS7_R_DIGEST_FAILURE:
+            retval = KRB5KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED;
+            break;
+        case PKCS7_R_SIGNATURE_FAILURE:
+        default:
+            retval = KRB5KDC_ERR_INVALID_SIG;
+        }
+        pkiDebug("PKCS7 Verification failure\n");
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        goto cleanup;
     }
 
     /* transfer the data from PKCS7 message into return buffer */
     for (size = 0;;) {
-	if ((*data = realloc(*data, size + 1024 * 10)) == NULL)
-	    goto cleanup;
-	i = BIO_read(out, &((*data)[size]), 1024 * 10);
-	if (i <= 0)
-	    break;
-	else
-	    size += i;
+        if ((*data = realloc(*data, size + 1024 * 10)) == NULL)
+            goto cleanup;
+        i = BIO_read(out, &((*data)[size]), 1024 * 10);
+        if (i <= 0)
+            break;
+        else
+            size += i;
     }
     *data_len = size;
 
@@ -1310,70 +1300,70 @@ cms_signeddata_verify(krb5_context context,
     /* generate authorization data */
     if (cms_msg_type == CMS_SIGN_CLIENT || cms_msg_type == CMS_SIGN_DRAFT9) {
 
-	if (authz_data == NULL || authz_data_len == NULL)
-	    goto out;
-
-	*authz_data = NULL;
-	retval = create_identifiers_from_stack(verified_chain,
-					       &krb5_verified_chain);
-	if (retval) {
-	    pkiDebug("create_identifiers_from_stack failed\n");
-	    goto cleanup;
-	}
-
-	retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_verified_chain, &authz);
-	if (retval) {
-	    pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
-	    goto cleanup;
-	}
+        if (authz_data == NULL || authz_data_len == NULL)
+            goto out;
+
+        *authz_data = NULL;
+        retval = create_identifiers_from_stack(verified_chain,
+                                               &krb5_verified_chain);
+        if (retval) {
+            pkiDebug("create_identifiers_from_stack failed\n");
+            goto cleanup;
+        }
+
+        retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_verified_chain, &authz);
+        if (retval) {
+            pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
+            goto cleanup;
+        }
 #ifdef DEBUG_ASN1
-	print_buffer_bin((unsigned char *)authz->data, authz->length,
-			 "/tmp/kdc_ad_initial_verified_cas");
+        print_buffer_bin((unsigned char *)authz->data, authz->length,
+                         "/tmp/kdc_ad_initial_verified_cas");
 #endif
-	*authz_data = malloc(authz->length);
-	if (*authz_data == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	memcpy(*authz_data, authz->data, authz->length);
-	*authz_data_len = authz->length;
-    }
-  out:
+        *authz_data = malloc(authz->length);
+        if (*authz_data == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        memcpy(*authz_data, authz->data, authz->length);
+        *authz_data_len = authz->length;
+    }
+out:
     retval = 0;
 
-  cleanup:
+cleanup:
     if (out != NULL)
-	BIO_free(out);
+        BIO_free(out);
     if (store != NULL)
-	X509_STORE_free(store);
+        X509_STORE_free(store);
     if (p7 != NULL) {
-	if (idctx->intermediateCAs != NULL && p7->d.sign->cert)
-	    sk_X509_free(intermediateCAs);
-	if (idctx->revoked != NULL && p7->d.sign->crl)
-	    sk_X509_CRL_free(revoked);
-	PKCS7_free(p7);
+        if (idctx->intermediateCAs != NULL && p7->d.sign->cert)
+            sk_X509_free(intermediateCAs);
+        if (idctx->revoked != NULL && p7->d.sign->crl)
+            sk_X509_CRL_free(revoked);
+        PKCS7_free(p7);
     }
     if (verified_chain != NULL)
-	sk_X509_pop_free(verified_chain, X509_free);
+        sk_X509_pop_free(verified_chain, X509_free);
     if (krb5_verified_chain != NULL)
-	free_krb5_external_principal_identifier(&krb5_verified_chain);
+        free_krb5_external_principal_identifier(&krb5_verified_chain);
     if (authz != NULL)
-	krb5_free_data(context, authz);
+        krb5_free_data(context, authz);
 
     return retval;
 }
 
 krb5_error_code
 cms_envelopeddata_create(krb5_context context,
-			 pkinit_plg_crypto_context plgctx,
-			 pkinit_req_crypto_context reqctx,
-			 pkinit_identity_crypto_context idctx,
-			 krb5_preauthtype pa_type,
-			 int include_certchain,
-			 unsigned char *key_pack,
-			 unsigned int key_pack_len,
-			 unsigned char **out,
-			 unsigned int *out_len)
+                         pkinit_plg_crypto_context plgctx,
+                         pkinit_req_crypto_context reqctx,
+                         pkinit_identity_crypto_context idctx,
+                         krb5_preauthtype pa_type,
+                         int include_certchain,
+                         unsigned char *key_pack,
+                         unsigned int key_pack_len,
+                         unsigned char **out,
+                         unsigned int *out_len)
 {
 
     krb5_error_code retval = ENOMEM;
@@ -1387,29 +1377,29 @@ cms_envelopeddata_create(krb5_context context,
 
     /* create the PKCS7 SignedData portion of the PKCS7 EnvelopedData */
     switch ((int)pa_type) {
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	    cms_msg_type = CMS_SIGN_DRAFT9;
-	    break;
-	case KRB5_PADATA_PK_AS_REQ:
-	    cms_msg_type = CMS_ENVEL_SERVER;
-	    break;
-	default:
-	    goto cleanup;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+    case KRB5_PADATA_PK_AS_REP_OLD:
+        cms_msg_type = CMS_SIGN_DRAFT9;
+        break;
+    case KRB5_PADATA_PK_AS_REQ:
+        cms_msg_type = CMS_ENVEL_SERVER;
+        break;
+    default:
+        goto cleanup;
     }
 
     retval = cms_signeddata_create(context, plgctx, reqctx, idctx,
-	cms_msg_type, include_certchain, key_pack, key_pack_len,
-	&signed_data, (unsigned int *)&signed_data_len);
+                                   cms_msg_type, include_certchain, key_pack, key_pack_len,
+                                   &signed_data, (unsigned int *)&signed_data_len);
     if (retval) {
-	pkiDebug("failed to create pkcs7 signed data\n");
-	goto cleanup;
+        pkiDebug("failed to create pkcs7 signed data\n");
+        goto cleanup;
     }
 
     /* check we have client's certificate */
     if (reqctx->received_cert == NULL) {
-	retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	goto cleanup;
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
     }
     encerts = sk_X509_new_null();
     sk_X509_push(encerts, reqctx->received_cert);
@@ -1417,58 +1407,58 @@ cms_envelopeddata_create(krb5_context context,
     cipher = EVP_des_ede3_cbc();
     in = BIO_new(BIO_s_mem());
     switch (pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    prepare_enc_data(signed_data, signed_data_len, &enc_data,
-			     &enc_data_len);
-	    retval = BIO_write(in, enc_data, enc_data_len);
-	    if (retval != enc_data_len) {
-		pkiDebug("BIO_write only wrote %d\n", retval);
-		goto cleanup;
-	    }
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    retval = BIO_write(in, signed_data, signed_data_len);
-		if (retval != signed_data_len) {
-		    pkiDebug("BIO_write only wrote %d\n", retval);
-		    goto cleanup;
-	    }
-	    break;
-	default:
-	    retval = -1;
-	    goto cleanup;
+    case KRB5_PADATA_PK_AS_REQ:
+        prepare_enc_data(signed_data, signed_data_len, &enc_data,
+                         &enc_data_len);
+        retval = BIO_write(in, enc_data, enc_data_len);
+        if (retval != enc_data_len) {
+            pkiDebug("BIO_write only wrote %d\n", retval);
+            goto cleanup;
+        }
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        retval = BIO_write(in, signed_data, signed_data_len);
+        if (retval != signed_data_len) {
+            pkiDebug("BIO_write only wrote %d\n", retval);
+            goto cleanup;
+        }
+        break;
+    default:
+        retval = -1;
+        goto cleanup;
     }
 
     p7 = PKCS7_encrypt(encerts, in, cipher, flags);
     if (p7 == NULL) {
-	pkiDebug("failed to encrypt PKCS7 object\n");
-	retval = -1;
-	goto cleanup;
+        pkiDebug("failed to encrypt PKCS7 object\n");
+        retval = -1;
+        goto cleanup;
     }
     switch (pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    p7->d.enveloped->enc_data->content_type =
-		OBJ_nid2obj(NID_pkcs7_signed);
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    p7->d.enveloped->enc_data->content_type =
-		OBJ_nid2obj(NID_pkcs7_data);
-	    break;
-	break;
-    break;
-break;
+    case KRB5_PADATA_PK_AS_REQ:
+        p7->d.enveloped->enc_data->content_type =
+            OBJ_nid2obj(NID_pkcs7_signed);
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        p7->d.enveloped->enc_data->content_type =
+            OBJ_nid2obj(NID_pkcs7_data);
+        break;
+        break;
+        break;
+        break;
     }
 
     *out_len = i2d_PKCS7(p7, NULL);
     if (!*out_len || (p = *out = malloc(*out_len)) == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     retval = i2d_PKCS7(p7, &p);
     if (!retval) {
-	pkiDebug("unable to write pkcs7 object\n");
-	goto cleanup;
+        pkiDebug("unable to write pkcs7 object\n");
+        goto cleanup;
     }
     retval = 0;
 
@@ -1478,28 +1468,28 @@ break;
 
 cleanup:
     if (p7 != NULL)
-	PKCS7_free(p7);
+        PKCS7_free(p7);
     if (in != NULL)
-	BIO_free(in);
+        BIO_free(in);
     free(signed_data);
     free(enc_data);
     if (encerts != NULL)
-	sk_X509_free(encerts);
+        sk_X509_free(encerts);
 
     return retval;
 }
 
 krb5_error_code
 cms_envelopeddata_verify(krb5_context context,
-			 pkinit_plg_crypto_context plg_cryptoctx,
-			 pkinit_req_crypto_context req_cryptoctx,
-			 pkinit_identity_crypto_context id_cryptoctx,
-			 krb5_preauthtype pa_type,
-			 int require_crl_checking,
-			 unsigned char *enveloped_data,
-			 unsigned int enveloped_data_len,
-			 unsigned char **data,
-			 unsigned int *data_len)
+                         pkinit_plg_crypto_context plg_cryptoctx,
+                         pkinit_req_crypto_context req_cryptoctx,
+                         pkinit_identity_crypto_context id_cryptoctx,
+                         krb5_preauthtype pa_type,
+                         int require_crl_checking,
+                         unsigned char *enveloped_data,
+                         unsigned int enveloped_data_len,
+                         unsigned char **data,
+                         unsigned int *data_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     PKCS7 *p7 = NULL;
@@ -1513,47 +1503,47 @@ cms_envelopeddata_verify(krb5_context context,
 
 #ifdef DEBUG_ASN1
     print_buffer_bin(enveloped_data, enveloped_data_len,
-		     "/tmp/client_envelopeddata");
+                     "/tmp/client_envelopeddata");
 #endif
     /* decode received PKCS7 message */
     if ((p7 = d2i_PKCS7(NULL, &p, (int)enveloped_data_len)) == NULL) {
-	unsigned long err = ERR_peek_error();
-	pkiDebug("failed to decode pkcs7\n");
-	krb5_set_error_message(context, retval, "%s\n",
-			       ERR_error_string(err, NULL));
-	goto cleanup;
+        unsigned long err = ERR_peek_error();
+        pkiDebug("failed to decode pkcs7\n");
+        krb5_set_error_message(context, retval, "%s\n",
+                               ERR_error_string(err, NULL));
+        goto cleanup;
     }
 
     /* verify that the received message is PKCS7 EnvelopedData message */
     if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) {
-	pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
-		 OBJ_obj2nid(p7->type));
-	krb5_set_error_message(context, retval, "wrong oid\n");
-	goto cleanup;
+        pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n",
+                 OBJ_obj2nid(p7->type));
+        krb5_set_error_message(context, retval, "wrong oid\n");
+        goto cleanup;
     }
 
     /* decrypt received PKCS7 message */
     out = BIO_new(BIO_s_mem());
     if (pkcs7_decrypt(context, id_cryptoctx, p7, out)) {
-	pkiDebug("PKCS7 decryption successful\n");
+        pkiDebug("PKCS7 decryption successful\n");
     } else {
-	unsigned long err = ERR_peek_error();
-	if (err != 0)
-	    krb5_set_error_message(context, retval, "%s\n",
-				   ERR_error_string(err, NULL));
-	pkiDebug("PKCS7 decryption failed\n");
-	goto cleanup;
+        unsigned long err = ERR_peek_error();
+        if (err != 0)
+            krb5_set_error_message(context, retval, "%s\n",
+                                   ERR_error_string(err, NULL));
+        pkiDebug("PKCS7 decryption failed\n");
+        goto cleanup;
     }
 
     /* transfer the decoded PKCS7 SignedData message into a separate buffer */
     for (;;) {
-	if ((tmp_buf = realloc(tmp_buf, size + 1024 * 10)) == NULL)
-	    goto cleanup;
-	i = BIO_read(out, &(tmp_buf[size]), 1024 * 10);
-	if (i <= 0)
-	    break;
-	else
-	    size += i;
+        if ((tmp_buf = realloc(tmp_buf, size + 1024 * 10)) == NULL)
+            goto cleanup;
+        i = BIO_read(out, &(tmp_buf[size]), 1024 * 10);
+        if (i <= 0)
+            break;
+        else
+            size += i;
     }
     tmp_buf_len = size;
 
@@ -1562,17 +1552,17 @@ cms_envelopeddata_verify(krb5_context context,
 #endif
     /* verify PKCS7 SignedData message */
     switch (pa_type) {
-	case KRB5_PADATA_PK_AS_REP:
-	    msg_type = CMS_ENVEL_SERVER;
-
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	    msg_type = CMS_SIGN_DRAFT9;
-	    break;
-	default:
-	    pkiDebug("%s: unrecognized pa_type = %d\n", __FUNCTION__, pa_type);
-	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	    goto cleanup;
+    case KRB5_PADATA_PK_AS_REP:
+        msg_type = CMS_ENVEL_SERVER;
+
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+        msg_type = CMS_SIGN_DRAFT9;
+        break;
+    default:
+        pkiDebug("%s: unrecognized pa_type = %d\n", __FUNCTION__, pa_type);
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
     }
     /*
      * If this is the RFC style, wrap the signed data to make
@@ -1589,33 +1579,33 @@ cms_envelopeddata_verify(krb5_context context,
      * this can all be removed.
      */
     if (msg_type == CMS_ENVEL_SERVER || longhorn == 1) {
-	retval = wrap_signeddata(tmp_buf, tmp_buf_len,
-				 &tmp_buf2, &tmp_buf2_len, longhorn);
-	if (retval) {
-	    pkiDebug("failed to encode signeddata\n");
-	    goto cleanup;
-	}
-	vfy_buf = tmp_buf2;
-	vfy_buf_len = tmp_buf2_len;
+        retval = wrap_signeddata(tmp_buf, tmp_buf_len,
+                                 &tmp_buf2, &tmp_buf2_len, longhorn);
+        if (retval) {
+            pkiDebug("failed to encode signeddata\n");
+            goto cleanup;
+        }
+        vfy_buf = tmp_buf2;
+        vfy_buf_len = tmp_buf2_len;
 
     } else {
-	vfy_buf = tmp_buf;
-	vfy_buf_len = tmp_buf_len;
+        vfy_buf = tmp_buf;
+        vfy_buf_len = tmp_buf_len;
     }
 #else
     if (msg_type == CMS_ENVEL_SERVER) {
-	retval = wrap_signeddata(tmp_buf, tmp_buf_len,
-				 &tmp_buf2, &tmp_buf2_len);
-	if (retval) {
-	    pkiDebug("failed to encode signeddata\n");
-	    goto cleanup;
-	}
-	vfy_buf = tmp_buf2;
-	vfy_buf_len = tmp_buf2_len;
+        retval = wrap_signeddata(tmp_buf, tmp_buf_len,
+                                 &tmp_buf2, &tmp_buf2_len);
+        if (retval) {
+            pkiDebug("failed to encode signeddata\n");
+            goto cleanup;
+        }
+        vfy_buf = tmp_buf2;
+        vfy_buf_len = tmp_buf2_len;
 
     } else {
-	vfy_buf = tmp_buf;
-	vfy_buf_len = tmp_buf_len;
+        vfy_buf = tmp_buf;
+        vfy_buf_len = tmp_buf_len;
     }
 #endif
 
@@ -1624,26 +1614,26 @@ cms_envelopeddata_verify(krb5_context context,
 #endif
 
     retval = cms_signeddata_verify(context, plg_cryptoctx, req_cryptoctx,
-				   id_cryptoctx, msg_type,
-				   require_crl_checking,
-				   vfy_buf, vfy_buf_len,
-				   data, data_len, NULL, NULL);
+                                   id_cryptoctx, msg_type,
+                                   require_crl_checking,
+                                   vfy_buf, vfy_buf_len,
+                                   data, data_len, NULL, NULL);
 
     if (!retval)
-	pkiDebug("PKCS7 Verification Success\n");
+        pkiDebug("PKCS7 Verification Success\n");
     else {
-	pkiDebug("PKCS7 Verification Failure\n");
-	goto cleanup;
+        pkiDebug("PKCS7 Verification Failure\n");
+        goto cleanup;
     }
 
     retval = 0;
 
-  cleanup:
+cleanup:
 
     if (p7 != NULL)
-	PKCS7_free(p7);
+        PKCS7_free(p7);
     if (out != NULL)
-	BIO_free(out);
+        BIO_free(out);
     free(tmp_buf);
     free(tmp_buf2);
 
@@ -1652,12 +1642,12 @@ cms_envelopeddata_verify(krb5_context context,
 
 static krb5_error_code
 crypto_retrieve_X509_sans(krb5_context context,
-			  pkinit_plg_crypto_context plgctx,
-			  pkinit_req_crypto_context reqctx,
-			  X509 *cert,
-			  krb5_principal **princs_ret,
-			  krb5_principal **upn_ret,
-			  unsigned char ***dns_ret)
+                          pkinit_plg_crypto_context plgctx,
+                          pkinit_req_crypto_context reqctx,
+                          X509 *cert,
+                          krb5_principal **princs_ret,
+                          krb5_principal **upn_ret,
+                          unsigned char ***dns_ret)
 {
     krb5_error_code retval = EINVAL;
     char buf[DN_BUF_LEN];
@@ -1668,188 +1658,188 @@ crypto_retrieve_X509_sans(krb5_context context,
     int i, num_found = 0;
 
     if (princs_ret == NULL && upn_ret == NULL && dns_ret == NULL) {
-	pkiDebug("%s: nowhere to return any values!\n", __FUNCTION__);
-	return retval;
+        pkiDebug("%s: nowhere to return any values!\n", __FUNCTION__);
+        return retval;
     }
 
     if (cert == NULL) {
-	pkiDebug("%s: no certificate!\n", __FUNCTION__);
-	return retval;
+        pkiDebug("%s: no certificate!\n", __FUNCTION__);
+        return retval;
     }
 
     X509_NAME_oneline(X509_get_subject_name(cert),
-		      buf, sizeof(buf));
+                      buf, sizeof(buf));
     pkiDebug("%s: looking for SANs in cert = %s\n", __FUNCTION__, buf);
 
     if ((i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1)) >= 0) {
-	X509_EXTENSION *ext = NULL;
-	GENERAL_NAMES *ialt = NULL;
-	GENERAL_NAME *gen = NULL;
-	int ret = 0;
-	unsigned int num_sans = 0;
-
-	if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) {
-	    pkiDebug("%s: found no subject alt name extensions\n",
-		     __FUNCTION__);
-	    goto cleanup;
-	}
-	num_sans = sk_GENERAL_NAME_num(ialt);
-
-	pkiDebug("%s: found %d subject alt name extension(s)\n",
-		 __FUNCTION__, num_sans);
-
-	/* OK, we're likely returning something. Allocate return values */
-	if (princs_ret != NULL) {
-	    princs = calloc(num_sans + 1, sizeof(krb5_principal));
-	    if (princs == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	}
-	if (upn_ret != NULL) {
-	    upns = calloc(num_sans + 1, sizeof(krb5_principal));
-	    if (upns == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	}
-	if (dns_ret != NULL) {
-	    dnss = calloc(num_sans + 1, sizeof(*dnss));
-	    if (dnss == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	}
-
-	for (i = 0; i < num_sans; i++) {
-	    krb5_data name = { 0, 0, NULL };
-
-	    gen = sk_GENERAL_NAME_value(ialt, i);
-	    switch (gen->type) {
-	    case GEN_OTHERNAME:
-		name.length = gen->d.otherName->value->value.sequence->length;
-		name.data = (char *)gen->d.otherName->value->value.sequence->data;
-		if (princs != NULL
-		    && OBJ_cmp(plgctx->id_pkinit_san,
-			       gen->d.otherName->type_id) == 0) {
+        X509_EXTENSION *ext = NULL;
+        GENERAL_NAMES *ialt = NULL;
+        GENERAL_NAME *gen = NULL;
+        int ret = 0;
+        unsigned int num_sans = 0;
+
+        if (!(ext = X509_get_ext(cert, i)) || !(ialt = X509V3_EXT_d2i(ext))) {
+            pkiDebug("%s: found no subject alt name extensions\n",
+                     __FUNCTION__);
+            goto cleanup;
+        }
+        num_sans = sk_GENERAL_NAME_num(ialt);
+
+        pkiDebug("%s: found %d subject alt name extension(s)\n",
+                 __FUNCTION__, num_sans);
+
+        /* OK, we're likely returning something. Allocate return values */
+        if (princs_ret != NULL) {
+            princs = calloc(num_sans + 1, sizeof(krb5_principal));
+            if (princs == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+        }
+        if (upn_ret != NULL) {
+            upns = calloc(num_sans + 1, sizeof(krb5_principal));
+            if (upns == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+        }
+        if (dns_ret != NULL) {
+            dnss = calloc(num_sans + 1, sizeof(*dnss));
+            if (dnss == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+        }
+
+        for (i = 0; i < num_sans; i++) {
+            krb5_data name = { 0, 0, NULL };
+
+            gen = sk_GENERAL_NAME_value(ialt, i);
+            switch (gen->type) {
+            case GEN_OTHERNAME:
+                name.length = gen->d.otherName->value->value.sequence->length;
+                name.data = (char *)gen->d.otherName->value->value.sequence->data;
+                if (princs != NULL
+                    && OBJ_cmp(plgctx->id_pkinit_san,
+                               gen->d.otherName->type_id) == 0) {
 #ifdef DEBUG_ASN1
-		    print_buffer_bin((unsigned char *)name.data, name.length,
-				     "/tmp/pkinit_san");
+                    print_buffer_bin((unsigned char *)name.data, name.length,
+                                     "/tmp/pkinit_san");
 #endif
-		    ret = k5int_decode_krb5_principal_name(&name, &princs[p]);
-		    if (ret) {
-			pkiDebug("%s: failed decoding pkinit san value\n",
-				 __FUNCTION__);
-		    } else {
-			p++;
-			num_found++;
-		    }
-		} else if (upns != NULL
-			   && OBJ_cmp(plgctx->id_ms_san_upn,
-				      gen->d.otherName->type_id) == 0) {
-		    /* Prevent abuse of embedded null characters. */
-		    if (memchr(name.data, '\0', name.length))
-			break;
-		    ret = krb5_parse_name(context, name.data, &upns[u]);
-		    if (ret) {
-			pkiDebug("%s: failed parsing ms-upn san value\n",
-				 __FUNCTION__);
-		    } else {
-			u++;
-			num_found++;
-		    }
-		} else {
-		    pkiDebug("%s: unrecognized othername oid in SAN\n",
-			     __FUNCTION__);
-		    continue;
-		}
-
-		break;
-	    case GEN_DNS:
-		if (dnss != NULL) {
-		    /* Prevent abuse of embedded null characters. */
-		    if (memchr(gen->d.dNSName->data, '\0',
-			       gen->d.dNSName->length))
-			break;
-		    pkiDebug("%s: found dns name = %s\n",
-			     __FUNCTION__, gen->d.dNSName->data);
-		    dnss[d] = (unsigned char *)
-				    strdup((char *)gen->d.dNSName->data);
-		    if (dnss[d] == NULL) {
-			pkiDebug("%s: failed to duplicate dns name\n",
-				 __FUNCTION__);
-		    } else {
-			d++;
-			num_found++;
-		    }
-		}
-		break;
-	    default:
-		pkiDebug("%s: SAN type = %d expecting %d\n",
-			 __FUNCTION__, gen->type, GEN_OTHERNAME);
-	    }
-	}
-	sk_GENERAL_NAME_pop_free(ialt, GENERAL_NAME_free);
+                    ret = k5int_decode_krb5_principal_name(&name, &princs[p]);
+                    if (ret) {
+                        pkiDebug("%s: failed decoding pkinit san value\n",
+                                 __FUNCTION__);
+                    } else {
+                        p++;
+                        num_found++;
+                    }
+                } else if (upns != NULL
+                           && OBJ_cmp(plgctx->id_ms_san_upn,
+                                      gen->d.otherName->type_id) == 0) {
+                    /* Prevent abuse of embedded null characters. */
+                    if (memchr(name.data, '\0', name.length))
+                        break;
+                    ret = krb5_parse_name(context, name.data, &upns[u]);
+                    if (ret) {
+                        pkiDebug("%s: failed parsing ms-upn san value\n",
+                                 __FUNCTION__);
+                    } else {
+                        u++;
+                        num_found++;
+                    }
+                } else {
+                    pkiDebug("%s: unrecognized othername oid in SAN\n",
+                             __FUNCTION__);
+                    continue;
+                }
+
+                break;
+            case GEN_DNS:
+                if (dnss != NULL) {
+                    /* Prevent abuse of embedded null characters. */
+                    if (memchr(gen->d.dNSName->data, '\0',
+                               gen->d.dNSName->length))
+                        break;
+                    pkiDebug("%s: found dns name = %s\n",
+                             __FUNCTION__, gen->d.dNSName->data);
+                    dnss[d] = (unsigned char *)
+                        strdup((char *)gen->d.dNSName->data);
+                    if (dnss[d] == NULL) {
+                        pkiDebug("%s: failed to duplicate dns name\n",
+                                 __FUNCTION__);
+                    } else {
+                        d++;
+                        num_found++;
+                    }
+                }
+                break;
+            default:
+                pkiDebug("%s: SAN type = %d expecting %d\n",
+                         __FUNCTION__, gen->type, GEN_OTHERNAME);
+            }
+        }
+        sk_GENERAL_NAME_pop_free(ialt, GENERAL_NAME_free);
     }
 
     retval = 0;
     if (princs)
-	*princs_ret = princs;
+        *princs_ret = princs;
     if (upns)
-	*upn_ret = upns;
+        *upn_ret = upns;
     if (dnss)
-	*dns_ret = dnss;
+        *dns_ret = dnss;
 
-  cleanup:
+cleanup:
     if (retval) {
-	if (princs != NULL) {
-	    for (i = 0; princs[i] != NULL; i++)
-		krb5_free_principal(context, princs[i]);
-	    free(princs);
-	}
-	if (upns != NULL) {
-	    for (i = 0; upns[i] != NULL; i++)
-		krb5_free_principal(context, upns[i]);
-	    free(upns);
-	}
-	if (dnss != NULL) {
-	    for (i = 0; dnss[i] != NULL; i++)
-		free(dnss[i]);
-	    free(dnss);
-	}
+        if (princs != NULL) {
+            for (i = 0; princs[i] != NULL; i++)
+                krb5_free_principal(context, princs[i]);
+            free(princs);
+        }
+        if (upns != NULL) {
+            for (i = 0; upns[i] != NULL; i++)
+                krb5_free_principal(context, upns[i]);
+            free(upns);
+        }
+        if (dnss != NULL) {
+            for (i = 0; dnss[i] != NULL; i++)
+                free(dnss[i]);
+            free(dnss);
+        }
     }
     return retval;
 }
 
 krb5_error_code
 crypto_retrieve_cert_sans(krb5_context context,
-			  pkinit_plg_crypto_context plgctx,
-			  pkinit_req_crypto_context reqctx,
-			  pkinit_identity_crypto_context idctx,
-			  krb5_principal **princs_ret,
-			  krb5_principal **upn_ret,
-			  unsigned char ***dns_ret)
+                          pkinit_plg_crypto_context plgctx,
+                          pkinit_req_crypto_context reqctx,
+                          pkinit_identity_crypto_context idctx,
+                          krb5_principal **princs_ret,
+                          krb5_principal **upn_ret,
+                          unsigned char ***dns_ret)
 {
     krb5_error_code retval = EINVAL;
 
     if (reqctx->received_cert == NULL) {
-	pkiDebug("%s: No certificate!\n", __FUNCTION__);
-	return retval;
+        pkiDebug("%s: No certificate!\n", __FUNCTION__);
+        return retval;
     }
 
     return crypto_retrieve_X509_sans(context, plgctx, reqctx,
-				     reqctx->received_cert, princs_ret,
-				     upn_ret, dns_ret);
+                                     reqctx->received_cert, princs_ret,
+                                     upn_ret, dns_ret);
 }
 
 krb5_error_code
 crypto_check_cert_eku(krb5_context context,
-		      pkinit_plg_crypto_context plgctx,
-		      pkinit_req_crypto_context reqctx,
-		      pkinit_identity_crypto_context idctx,
-		      int checking_kdc_cert,
-		      int allow_secondary_usage,
-		      int *valid_eku)
+                      pkinit_plg_crypto_context plgctx,
+                      pkinit_req_crypto_context reqctx,
+                      pkinit_identity_crypto_context idctx,
+                      int checking_kdc_cert,
+                      int allow_secondary_usage,
+                      int *valid_eku)
 {
     char buf[DN_BUF_LEN];
     int found_eku = 0;
@@ -1858,75 +1848,75 @@ crypto_check_cert_eku(krb5_context context,
 
     *valid_eku = 0;
     if (reqctx->received_cert == NULL)
-	goto cleanup;
+        goto cleanup;
 
     X509_NAME_oneline(X509_get_subject_name(reqctx->received_cert),
-		      buf, sizeof(buf));
+                      buf, sizeof(buf));
     pkiDebug("%s: looking for EKUs in cert = %s\n", __FUNCTION__, buf);
 
     if ((i = X509_get_ext_by_NID(reqctx->received_cert,
-				 NID_ext_key_usage, -1)) >= 0) {
-	EXTENDED_KEY_USAGE *extusage;
-
-	extusage = X509_get_ext_d2i(reqctx->received_cert, NID_ext_key_usage,
-				    NULL, NULL);
-	if (extusage) {
-	    pkiDebug("%s: found eku info in the cert\n", __FUNCTION__);
-	    for (i = 0; found_eku == 0 && i < sk_ASN1_OBJECT_num(extusage); i++) {
-		ASN1_OBJECT *tmp_oid;
-
-		tmp_oid = sk_ASN1_OBJECT_value(extusage, i);
-		pkiDebug("%s: checking eku %d of %d, allow_secondary = %d\n",
-			 __FUNCTION__, i+1, sk_ASN1_OBJECT_num(extusage),
-			 allow_secondary_usage);
-		if (checking_kdc_cert) {
-		    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPKdc) == 0)
-			 || (allow_secondary_usage
-			 && OBJ_cmp(tmp_oid, plgctx->id_kp_serverAuth) == 0))
-			found_eku = 1;
-		} else {
-		    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPClientAuth) == 0)
-			 || (allow_secondary_usage
-			 && OBJ_cmp(tmp_oid, plgctx->id_ms_kp_sc_logon) == 0))
-			found_eku = 1;
-		}
-	    }
-	}
-	EXTENDED_KEY_USAGE_free(extusage);
-
-	if (found_eku) {
-	    ASN1_BIT_STRING *usage = NULL;
-	    pkiDebug("%s: found acceptable EKU, checking for digitalSignature\n", __FUNCTION__);
-
-	    /* check that digitalSignature KeyUsage is present */
-	    if ((usage = X509_get_ext_d2i(reqctx->received_cert,
-					  NID_key_usage, NULL, NULL))) {
-
-		if (!ku_reject(reqctx->received_cert,
-			       X509v3_KU_DIGITAL_SIGNATURE)) {
-		    pkiDebug("%s: found digitalSignature KU\n",
-			     __FUNCTION__);
-		    *valid_eku = 1;
-		} else
-		    pkiDebug("%s: didn't find digitalSignature KU\n",
-			     __FUNCTION__);
-	    }
-	    ASN1_BIT_STRING_free(usage);
-	}
+                                 NID_ext_key_usage, -1)) >= 0) {
+        EXTENDED_KEY_USAGE *extusage;
+
+        extusage = X509_get_ext_d2i(reqctx->received_cert, NID_ext_key_usage,
+                                    NULL, NULL);
+        if (extusage) {
+            pkiDebug("%s: found eku info in the cert\n", __FUNCTION__);
+            for (i = 0; found_eku == 0 && i < sk_ASN1_OBJECT_num(extusage); i++) {
+                ASN1_OBJECT *tmp_oid;
+
+                tmp_oid = sk_ASN1_OBJECT_value(extusage, i);
+                pkiDebug("%s: checking eku %d of %d, allow_secondary = %d\n",
+                         __FUNCTION__, i+1, sk_ASN1_OBJECT_num(extusage),
+                         allow_secondary_usage);
+                if (checking_kdc_cert) {
+                    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPKdc) == 0)
+                        || (allow_secondary_usage
+                            && OBJ_cmp(tmp_oid, plgctx->id_kp_serverAuth) == 0))
+                        found_eku = 1;
+                } else {
+                    if ((OBJ_cmp(tmp_oid, plgctx->id_pkinit_KPClientAuth) == 0)
+                        || (allow_secondary_usage
+                            && OBJ_cmp(tmp_oid, plgctx->id_ms_kp_sc_logon) == 0))
+                        found_eku = 1;
+                }
+            }
+        }
+        EXTENDED_KEY_USAGE_free(extusage);
+
+        if (found_eku) {
+            ASN1_BIT_STRING *usage = NULL;
+            pkiDebug("%s: found acceptable EKU, checking for digitalSignature\n", __FUNCTION__);
+
+            /* check that digitalSignature KeyUsage is present */
+            if ((usage = X509_get_ext_d2i(reqctx->received_cert,
+                                          NID_key_usage, NULL, NULL))) {
+
+                if (!ku_reject(reqctx->received_cert,
+                               X509v3_KU_DIGITAL_SIGNATURE)) {
+                    pkiDebug("%s: found digitalSignature KU\n",
+                             __FUNCTION__);
+                    *valid_eku = 1;
+                } else
+                    pkiDebug("%s: didn't find digitalSignature KU\n",
+                             __FUNCTION__);
+            }
+            ASN1_BIT_STRING_free(usage);
+        }
     }
     retval = 0;
 cleanup:
     pkiDebug("%s: returning retval %d, valid_eku %d\n",
-	     __FUNCTION__, retval, *valid_eku);
+             __FUNCTION__, retval, *valid_eku);
     return retval;
 }
 
 krb5_error_code
 pkinit_octetstring2key(krb5_context context,
-		       krb5_enctype etype,
-		       unsigned char *key,
-		       unsigned int dh_key_len,
-		       krb5_keyblock * key_block)
+                       krb5_enctype etype,
+                       unsigned char *key,
+                       unsigned int dh_key_len,
+                       krb5_keyblock * key_block)
 {
     krb5_error_code retval;
     unsigned char *buf = NULL;
@@ -1936,28 +1926,28 @@ pkinit_octetstring2key(krb5_context context,
     krb5_data random_data;
 
     if ((buf = malloc(dh_key_len)) == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memset(buf, 0, dh_key_len);
 
     counter = 0;
     offset = 0;
     do {
-	SHA_CTX c;
+        SHA_CTX c;
 
-	SHA1_Init(&c);
-	SHA1_Update(&c, &counter, 1);
-	SHA1_Update(&c, key, dh_key_len);
-	SHA1_Final(md, &c);
+        SHA1_Init(&c);
+        SHA1_Update(&c, &counter, 1);
+        SHA1_Update(&c, key, dh_key_len);
+        SHA1_Final(md, &c);
 
-	if (dh_key_len - offset < sizeof(md))
-	    memcpy(buf + offset, md, dh_key_len - offset);
-	else
-	    memcpy(buf + offset, md, sizeof(md));
+        if (dh_key_len - offset < sizeof(md))
+            memcpy(buf + offset, md, dh_key_len - offset);
+        else
+            memcpy(buf + offset, md, sizeof(md));
 
-	offset += sizeof(md);
-	counter++;
+        offset += sizeof(md);
+        counter++;
     } while (offset < dh_key_len);
 
     key_block->magic = 0;
@@ -1965,13 +1955,13 @@ pkinit_octetstring2key(krb5_context context,
 
     retval = krb5_c_keylengths(context, etype, &keybytes, &keylength);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     key_block->length = keylength;
     key_block->contents = calloc(keylength, sizeof(unsigned char *));
     if (key_block->contents == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     random_data.length = keybytes;
@@ -1979,11 +1969,11 @@ pkinit_octetstring2key(krb5_context context,
 
     retval = krb5_c_random_to_key(context, etype, &random_data, key_block);
 
-  cleanup:
+cleanup:
     free(buf);
     if (retval && key_block->contents != NULL && key_block->length != 0) {
-	memset(key_block->contents, 0, key_block->length);
-	key_block->length = 0;
+        memset(key_block->contents, 0, key_block->length);
+        key_block->length = 0;
     }
 
     return retval;
@@ -1991,14 +1981,14 @@ pkinit_octetstring2key(krb5_context context,
 
 krb5_error_code
 client_create_dh(krb5_context context,
-		 pkinit_plg_crypto_context plg_cryptoctx,
-		 pkinit_req_crypto_context cryptoctx,
-		 pkinit_identity_crypto_context id_cryptoctx,
-		 int dh_size,
-		 unsigned char **dh_params,
-		 unsigned int *dh_params_len,
-		 unsigned char **dh_pubkey,
-		 unsigned int *dh_pubkey_len)
+                 pkinit_plg_crypto_context plg_cryptoctx,
+                 pkinit_req_crypto_context cryptoctx,
+                 pkinit_identity_crypto_context id_cryptoctx,
+                 int dh_size,
+                 unsigned char **dh_params,
+                 unsigned int *dh_params_len,
+                 unsigned char **dh_pubkey,
+                 unsigned int *dh_pubkey_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     unsigned char *buf = NULL;
@@ -2006,47 +1996,47 @@ client_create_dh(krb5_context context,
     ASN1_INTEGER *pub_key = NULL;
 
     if (cryptoctx->dh == NULL) {
-	if ((cryptoctx->dh = DH_new()) == NULL)
-	    goto cleanup;
-	if ((cryptoctx->dh->g = BN_new()) == NULL ||
-	    (cryptoctx->dh->q = BN_new()) == NULL)
-	    goto cleanup;
-
-	switch(dh_size) {
-	    case 1024:
-		pkiDebug("client uses 1024 DH keys\n");
-		cryptoctx->dh->p = get_rfc2409_prime_1024(NULL);
-		break;
-	    case 2048:
-		pkiDebug("client uses 2048 DH keys\n");
-		cryptoctx->dh->p = BN_bin2bn(pkinit_2048_dhprime,
-		    sizeof(pkinit_2048_dhprime), NULL);
-		break;
-	    case 4096:
-		pkiDebug("client uses 4096 DH keys\n");
-		cryptoctx->dh->p = BN_bin2bn(pkinit_4096_dhprime,
-		    sizeof(pkinit_4096_dhprime), NULL);
-		break;
-	    default:
-		goto cleanup;
-	}
-
-	BN_set_word((cryptoctx->dh->g), DH_GENERATOR_2);
-	BN_rshift1(cryptoctx->dh->q, cryptoctx->dh->p);
+        if ((cryptoctx->dh = DH_new()) == NULL)
+            goto cleanup;
+        if ((cryptoctx->dh->g = BN_new()) == NULL ||
+            (cryptoctx->dh->q = BN_new()) == NULL)
+            goto cleanup;
+
+        switch(dh_size) {
+        case 1024:
+            pkiDebug("client uses 1024 DH keys\n");
+            cryptoctx->dh->p = get_rfc2409_prime_1024(NULL);
+            break;
+        case 2048:
+            pkiDebug("client uses 2048 DH keys\n");
+            cryptoctx->dh->p = BN_bin2bn(pkinit_2048_dhprime,
+                                         sizeof(pkinit_2048_dhprime), NULL);
+            break;
+        case 4096:
+            pkiDebug("client uses 4096 DH keys\n");
+            cryptoctx->dh->p = BN_bin2bn(pkinit_4096_dhprime,
+                                         sizeof(pkinit_4096_dhprime), NULL);
+            break;
+        default:
+            goto cleanup;
+        }
+
+        BN_set_word((cryptoctx->dh->g), DH_GENERATOR_2);
+        BN_rshift1(cryptoctx->dh->q, cryptoctx->dh->p);
     }
 
     DH_generate_key(cryptoctx->dh);
     DH_check(cryptoctx->dh, &dh_err);
     if (dh_err != 0) {
-	pkiDebug("Warning: dh_check failed with %d\n", dh_err);
-	if (dh_err & DH_CHECK_P_NOT_PRIME)
-	    pkiDebug("p value is not prime\n");
-	if (dh_err & DH_CHECK_P_NOT_SAFE_PRIME)
-	    pkiDebug("p value is not a safe prime\n");
-	if (dh_err & DH_UNABLE_TO_CHECK_GENERATOR)
-	    pkiDebug("unable to check the generator value\n");
-	if (dh_err & DH_NOT_SUITABLE_GENERATOR)
-	    pkiDebug("the g value is not a generator\n");
+        pkiDebug("Warning: dh_check failed with %d\n", dh_err);
+        if (dh_err & DH_CHECK_P_NOT_PRIME)
+            pkiDebug("p value is not prime\n");
+        if (dh_err & DH_CHECK_P_NOT_SAFE_PRIME)
+            pkiDebug("p value is not a safe prime\n");
+        if (dh_err & DH_UNABLE_TO_CHECK_GENERATOR)
+            pkiDebug("unable to check the generator value\n");
+        if (dh_err & DH_NOT_SUITABLE_GENERATOR)
+            pkiDebug("the g value is not a generator\n");
     }
 #ifdef DEBUG_DH
     print_dh(cryptoctx->dh, "client's DH params\n");
@@ -2055,8 +2045,8 @@ client_create_dh(krb5_context context,
 
     DH_check_pub_key(cryptoctx->dh, cryptoctx->dh->pub_key, &dh_err);
     if (dh_err != 0) {
-	pkiDebug("dh_check_pub_key failed with %d\n", dh_err);
-	goto cleanup;
+        pkiDebug("dh_check_pub_key failed with %d\n", dh_err);
+        goto cleanup;
     }
 
     /* pack DHparams */
@@ -2064,9 +2054,9 @@ client_create_dh(krb5_context context,
      * however, PKINIT requires RFC3279 encoding and openssl does pkcs#3.
      */
     retval = pkinit_encode_dh_params(cryptoctx->dh->p, cryptoctx->dh->g,
-	cryptoctx->dh->q, dh_params, dh_params_len);
+                                     cryptoctx->dh->q, dh_params, dh_params_len);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     /* pack DH public key */
     /* Diffie-Hellman public key must be ASN1 encoded as an INTEGER; this
@@ -2075,43 +2065,43 @@ client_create_dh(krb5_context context,
      * data element
      */
     if ((pub_key = BN_to_ASN1_INTEGER(cryptoctx->dh->pub_key, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
     *dh_pubkey_len = i2d_ASN1_INTEGER(pub_key, NULL);
     if ((buf = *dh_pubkey = malloc(*dh_pubkey_len)) == NULL) {
-	retval  = ENOMEM;
-	goto cleanup;
+        retval  = ENOMEM;
+        goto cleanup;
     }
     i2d_ASN1_INTEGER(pub_key, &buf);
 
     if (pub_key != NULL)
-	ASN1_INTEGER_free(pub_key);
+        ASN1_INTEGER_free(pub_key);
 
     retval = 0;
     return retval;
 
-  cleanup:
+cleanup:
     if (cryptoctx->dh != NULL)
-	DH_free(cryptoctx->dh);
+        DH_free(cryptoctx->dh);
     cryptoctx->dh = NULL;
     free(*dh_params);
     *dh_params = NULL;
     free(*dh_pubkey);
     *dh_pubkey = NULL;
     if (pub_key != NULL)
-	ASN1_INTEGER_free(pub_key);
+        ASN1_INTEGER_free(pub_key);
 
     return retval;
 }
 
 krb5_error_code
 client_process_dh(krb5_context context,
-		  pkinit_plg_crypto_context plg_cryptoctx,
-		  pkinit_req_crypto_context cryptoctx,
-		  pkinit_identity_crypto_context id_cryptoctx,
-		  unsigned char *subjectPublicKey_data,
-		  unsigned int subjectPublicKey_length,
-		  unsigned char **client_key,
-		  unsigned int *client_key_len)
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  unsigned char *subjectPublicKey_data,
+                  unsigned int subjectPublicKey_length,
+                  unsigned char **client_key,
+                  unsigned int *client_key_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     BIGNUM *server_pub_key = NULL;
@@ -2123,22 +2113,22 @@ client_process_dh(krb5_context context,
     /* decode subjectPublicKey (retrieve INTEGER from OCTET_STRING) */
 
     if (der_decode_data(subjectPublicKey_data, (long)subjectPublicKey_length,
-			&data, &data_len) != 0) {
-	pkiDebug("failed to decode subjectPublicKey\n");
-	retval = -1;
-	goto cleanup;
+                        &data, &data_len) != 0) {
+        pkiDebug("failed to decode subjectPublicKey\n");
+        retval = -1;
+        goto cleanup;
     }
 
     *client_key_len = DH_size(cryptoctx->dh);
     if ((*client_key = malloc(*client_key_len)) == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     p = data;
     if ((pub_key = d2i_ASN1_INTEGER(NULL, &p, data_len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     if ((server_pub_key = ASN1_INTEGER_to_BN(pub_key, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
 
     DH_compute_key(*client_key, server_pub_key, cryptoctx->dh);
 #ifdef DEBUG_DH
@@ -2149,32 +2139,32 @@ client_process_dh(krb5_context context,
 
     retval = 0;
     if (server_pub_key != NULL)
-	BN_free(server_pub_key);
+        BN_free(server_pub_key);
     if (pub_key != NULL)
-	ASN1_INTEGER_free(pub_key);
+        ASN1_INTEGER_free(pub_key);
     if (data != NULL)
-	free (data);
+        free (data);
 
     return retval;
 
-  cleanup:
+cleanup:
     free(*client_key);
     *client_key = NULL;
     if (pub_key != NULL)
-	ASN1_INTEGER_free(pub_key);
+        ASN1_INTEGER_free(pub_key);
     if (data != NULL)
-	free (data);
+        free (data);
 
     return retval;
 }
 
 krb5_error_code
 server_check_dh(krb5_context context,
-		pkinit_plg_crypto_context cryptoctx,
-		pkinit_req_crypto_context req_cryptoctx,
-		pkinit_identity_crypto_context id_cryptoctx,
-		krb5_octet_data *dh_params,
-		int minbits)
+                pkinit_plg_crypto_context cryptoctx,
+                pkinit_req_crypto_context req_cryptoctx,
+                pkinit_identity_crypto_context id_cryptoctx,
+                krb5_octet_data *dh_params,
+                int minbits)
 {
     DH *dh = NULL;
     unsigned char *tmp = NULL;
@@ -2185,44 +2175,44 @@ server_check_dh(krb5_context context,
     dh = DH_new();
     dh = pkinit_decode_dh_params(&dh, &tmp, dh_params->length);
     if (dh == NULL) {
-	pkiDebug("failed to decode dhparams\n");
-	goto cleanup;
+        pkiDebug("failed to decode dhparams\n");
+        goto cleanup;
     }
 
     /* KDC SHOULD check to see if the key parameters satisfy its policy */
     dh_prime_bits = BN_num_bits(dh->p);
     if (minbits && dh_prime_bits < minbits) {
-	pkiDebug("client sent dh params with %d bits, we require %d\n",
-		 dh_prime_bits, minbits);
-	goto cleanup;
+        pkiDebug("client sent dh params with %d bits, we require %d\n",
+                 dh_prime_bits, minbits);
+        goto cleanup;
     }
 
     /* check dhparams is group 2 */
     if (pkinit_check_dh_params(cryptoctx->dh_1024->p,
-			       dh->p, dh->g, dh->q) == 0) {
-	retval = 0;
-	goto cleanup;
+                               dh->p, dh->g, dh->q) == 0) {
+        retval = 0;
+        goto cleanup;
     }
 
     /* check dhparams is group 14 */
     if (pkinit_check_dh_params(cryptoctx->dh_2048->p,
-			       dh->p, dh->g, dh->q) == 0) {
-	retval = 0;
-	goto cleanup;
+                               dh->p, dh->g, dh->q) == 0) {
+        retval = 0;
+        goto cleanup;
     }
 
     /* check dhparams is group 16 */
     if (pkinit_check_dh_params(cryptoctx->dh_4096->p,
-			       dh->p, dh->g, dh->q) == 0) {
-	retval = 0;
-	goto cleanup;
+                               dh->p, dh->g, dh->q) == 0) {
+        retval = 0;
+        goto cleanup;
     }
 
-  cleanup:
+cleanup:
     if (retval == 0)
-	req_cryptoctx->dh = dh;
+        req_cryptoctx->dh = dh;
     else
-	DH_free(dh);
+        DH_free(dh);
 
     return retval;
 }
@@ -2230,15 +2220,15 @@ server_check_dh(krb5_context context,
 /* kdc's dh function */
 krb5_error_code
 server_process_dh(krb5_context context,
-		  pkinit_plg_crypto_context plg_cryptoctx,
-		  pkinit_req_crypto_context cryptoctx,
-		  pkinit_identity_crypto_context id_cryptoctx,
-		  unsigned char *data,
-		  unsigned int data_len,
-		  unsigned char **dh_pubkey,
-		  unsigned int *dh_pubkey_len,
-		  unsigned char **server_key,
-		  unsigned int *server_key_len)
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  unsigned char *data,
+                  unsigned int data_len,
+                  unsigned char **dh_pubkey,
+                  unsigned int *dh_pubkey_len,
+                  unsigned char **server_key,
+                  unsigned int *server_key_len)
 {
     krb5_error_code retval = ENOMEM;
     DH *dh = NULL, *dh_server = NULL;
@@ -2253,7 +2243,7 @@ server_process_dh(krb5_context context,
 
     dh_server = DH_new();
     if (dh_server == NULL)
-	goto cleanup;
+        goto cleanup;
     dh_server->p = BN_dup(dh->p);
     dh_server->g = BN_dup(dh->g);
     dh_server->q = BN_dup(dh->q);
@@ -2262,19 +2252,19 @@ server_process_dh(krb5_context context,
     p = data;
     pub_key = d2i_ASN1_INTEGER(NULL, (const unsigned char **)&p, (int)data_len);
     if (pub_key == NULL)
-	goto cleanup;
+        goto cleanup;
     dh->pub_key = ASN1_INTEGER_to_BN(pub_key, NULL);
     if (dh->pub_key == NULL)
-	goto cleanup;
+        goto cleanup;
     ASN1_INTEGER_free(pub_key);
 
     if (!DH_generate_key(dh_server))
-	goto cleanup;
+        goto cleanup;
 
     /* generate DH session key */
     *server_key_len = DH_size(dh_server);
     if ((*server_key = malloc(*server_key_len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     DH_compute_key(*server_key, dh->pub_key, dh_server);
 
 #ifdef DEBUG_DH
@@ -2293,23 +2283,23 @@ server_process_dh(krb5_context context,
      * data element
      */
     if ((pub_key = BN_to_ASN1_INTEGER(dh_server->pub_key, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
     *dh_pubkey_len = i2d_ASN1_INTEGER(pub_key, NULL);
     if ((p = *dh_pubkey = malloc(*dh_pubkey_len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     i2d_ASN1_INTEGER(pub_key, &p);
     if (pub_key != NULL)
-	ASN1_INTEGER_free(pub_key);
+        ASN1_INTEGER_free(pub_key);
 
     retval = 0;
 
     if (dh_server != NULL)
-	DH_free(dh_server);
+        DH_free(dh_server);
     return retval;
 
-  cleanup:
+cleanup:
     if (dh_server != NULL)
-	DH_free(dh_server);
+        DH_free(dh_server);
     free(*dh_pubkey);
     free(*server_key);
 
@@ -2322,17 +2312,17 @@ openssl_init()
     static int did_init = 0;
 
     if (!did_init) {
-	/* initialize openssl routines */
-	CRYPTO_malloc_init();
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_algorithms();
-	did_init++;
+        /* initialize openssl routines */
+        CRYPTO_malloc_init();
+        ERR_load_crypto_strings();
+        OpenSSL_add_all_algorithms();
+        did_init++;
     }
 }
 
 static krb5_error_code
 pkinit_encode_dh_params(BIGNUM *p, BIGNUM *g, BIGNUM *q,
-			unsigned char **buf, unsigned int *buf_len)
+                        unsigned char **buf, unsigned int *buf_len)
 {
     krb5_error_code retval = ENOMEM;
     int bufsize = 0, r = 0;
@@ -2340,11 +2330,11 @@ pkinit_encode_dh_params(BIGNUM *p, BIGNUM *g, BIGNUM *q,
     ASN1_INTEGER *ap = NULL, *ag = NULL, *aq = NULL;
 
     if ((ap = BN_to_ASN1_INTEGER(p, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
     if ((ag = BN_to_ASN1_INTEGER(g, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
     if ((aq = BN_to_ASN1_INTEGER(q, NULL)) == NULL)
-	goto cleanup;
+        goto cleanup;
     bufsize = i2d_ASN1_INTEGER(ap, NULL);
     bufsize += i2d_ASN1_INTEGER(ag, NULL);
     bufsize += i2d_ASN1_INTEGER(aq, NULL);
@@ -2353,7 +2343,7 @@ pkinit_encode_dh_params(BIGNUM *p, BIGNUM *g, BIGNUM *q,
 
     tmp = *buf = malloc((size_t) r);
     if (tmp == NULL)
-	goto cleanup;
+        goto cleanup;
 
     ASN1_put_object(&tmp, 1, bufsize, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 
@@ -2367,11 +2357,11 @@ pkinit_encode_dh_params(BIGNUM *p, BIGNUM *g, BIGNUM *q,
 
 cleanup:
     if (ap != NULL)
-	ASN1_INTEGER_free(ap);
+        ASN1_INTEGER_free(ap);
     if (ag != NULL)
-	ASN1_INTEGER_free(ag);
+        ASN1_INTEGER_free(ag);
     if (aq != NULL)
-	ASN1_INTEGER_free(aq);
+        ASN1_INTEGER_free(aq);
 
     return retval;
 }
@@ -2391,43 +2381,43 @@ pkinit_decode_dh_params(DH ** a, unsigned char **pp, unsigned int len)
     ai.length = 0;
     M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
     if (aip == NULL)
-	return NULL;
+        return NULL;
     else {
-	(*a)->p = ASN1_INTEGER_to_BN(aip, NULL);
-	if ((*a)->p == NULL)
-	    return NULL;
-	if (ai.data != NULL) {
-	    OPENSSL_free(ai.data);
-	    ai.data = NULL;
-	    ai.length = 0;
-	}
+        (*a)->p = ASN1_INTEGER_to_BN(aip, NULL);
+        if ((*a)->p == NULL)
+            return NULL;
+        if (ai.data != NULL) {
+            OPENSSL_free(ai.data);
+            ai.data = NULL;
+            ai.length = 0;
+        }
     }
     M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
     if (aip == NULL)
-	return NULL;
+        return NULL;
     else {
-	(*a)->g = ASN1_INTEGER_to_BN(aip, NULL);
-	if ((*a)->g == NULL)
-	    return NULL;
-	if (ai.data != NULL) {
-	    OPENSSL_free(ai.data);
-	    ai.data = NULL;
-	    ai.length = 0;
-	}
+        (*a)->g = ASN1_INTEGER_to_BN(aip, NULL);
+        if ((*a)->g == NULL)
+            return NULL;
+        if (ai.data != NULL) {
+            OPENSSL_free(ai.data);
+            ai.data = NULL;
+            ai.length = 0;
+        }
 
     }
     M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
     if (aip == NULL)
-	return NULL;
+        return NULL;
     else {
-	(*a)->q = ASN1_INTEGER_to_BN(aip, NULL);
-	if ((*a)->q == NULL)
-	    return NULL;
-	if (ai.data != NULL) {
-	    OPENSSL_free(ai.data);
-	    ai.data = NULL;
-	    ai.length = 0;
-	}
+        (*a)->q = ASN1_INTEGER_to_BN(aip, NULL);
+        if ((*a)->q == NULL)
+            return NULL;
+        if (ai.data != NULL) {
+            OPENSSL_free(ai.data);
+            ai.data = NULL;
+            ai.length = 0;
+        }
 
     }
     M_ASN1_D2I_end_sequence();
@@ -2450,59 +2440,59 @@ pkinit_create_sequence_of_principal_identifiers(
     krb5_typed_data **typed_data = NULL;
 
     switch(type) {
-	case TD_TRUSTED_CERTIFIERS:
-	    retval = create_krb5_trustedCertifiers(context, plg_cryptoctx,
-		req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
-	    if (retval) {
-		pkiDebug("create_krb5_trustedCertifiers failed\n");
-		goto cleanup;
-    	    }
-	    break;
-	case TD_INVALID_CERTIFICATES:
-	    retval = create_krb5_invalidCertificates(context, plg_cryptoctx,
-		req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
-	    if (retval) {
-		pkiDebug("create_krb5_invalidCertificates failed\n");
-		goto cleanup;
-    	    }
-	    break;
-	default:
-	    retval = -1;
-	    goto cleanup;
+    case TD_TRUSTED_CERTIFIERS:
+        retval = create_krb5_trustedCertifiers(context, plg_cryptoctx,
+                                               req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
+        if (retval) {
+            pkiDebug("create_krb5_trustedCertifiers failed\n");
+            goto cleanup;
+        }
+        break;
+    case TD_INVALID_CERTIFICATES:
+        retval = create_krb5_invalidCertificates(context, plg_cryptoctx,
+                                                 req_cryptoctx, id_cryptoctx, &krb5_trusted_certifiers);
+        if (retval) {
+            pkiDebug("create_krb5_invalidCertificates failed\n");
+            goto cleanup;
+        }
+        break;
+    default:
+        retval = -1;
+        goto cleanup;
     }
 
     retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_trusted_certifiers, &td_certifiers);
     if (retval) {
-	pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
-	goto cleanup;
+        pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)td_certifiers->data,
-		     td_certifiers->length, "/tmp/kdc_td_certifiers");
+                     td_certifiers->length, "/tmp/kdc_td_certifiers");
 #endif
     typed_data = malloc(2 * sizeof(krb5_typed_data *));
     if (typed_data == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     typed_data[1] = NULL;
     init_krb5_typed_data(&typed_data[0]);
     if (typed_data[0] == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     typed_data[0]->type = type;
     typed_data[0]->length = td_certifiers->length;
     typed_data[0]->data = (unsigned char *)td_certifiers->data;
     retval = k5int_encode_krb5_typed_data((const krb5_typed_data **)typed_data,
-					  &data);
+                                          &data);
     if (retval) {
-	pkiDebug("encode_krb5_typed_data failed\n");
-	goto cleanup;
+        pkiDebug("encode_krb5_typed_data failed\n");
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)data->data, data->length,
-		     "/tmp/kdc_edata");
+                     "/tmp/kdc_edata");
 #endif
     *out_data = malloc(sizeof(krb5_data));
     (*out_data)->length = data->length;
@@ -2513,11 +2503,11 @@ pkinit_create_sequence_of_principal_identifiers(
 
 cleanup:
     if (krb5_trusted_certifiers != NULL)
-	free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
+        free_krb5_external_principal_identifier(&krb5_trusted_certifiers);
 
     if (data != NULL) {
-	free(data->data);
-	free(data);
+        free(data->data);
+        free(data);
     }
 
     free(td_certifiers);
@@ -2528,44 +2518,44 @@ cleanup:
 
 krb5_error_code
 pkinit_create_td_trusted_certifiers(krb5_context context,
-				    pkinit_plg_crypto_context plg_cryptoctx,
-				    pkinit_req_crypto_context req_cryptoctx,
-				    pkinit_identity_crypto_context id_cryptoctx,
-				    krb5_data **out_data)
+                                    pkinit_plg_crypto_context plg_cryptoctx,
+                                    pkinit_req_crypto_context req_cryptoctx,
+                                    pkinit_identity_crypto_context id_cryptoctx,
+                                    krb5_data **out_data)
 {
     krb5_error_code retval = KRB5KRB_ERR_GENERIC;
 
     retval = pkinit_create_sequence_of_principal_identifiers(context,
-	plg_cryptoctx, req_cryptoctx, id_cryptoctx,
-	TD_TRUSTED_CERTIFIERS, out_data);
+                                                             plg_cryptoctx, req_cryptoctx, id_cryptoctx,
+                                                             TD_TRUSTED_CERTIFIERS, out_data);
 
     return retval;
 }
 
 krb5_error_code
 pkinit_create_td_invalid_certificate(
-	krb5_context context,
-	pkinit_plg_crypto_context plg_cryptoctx,
-	pkinit_req_crypto_context req_cryptoctx,
-	pkinit_identity_crypto_context id_cryptoctx,
-	krb5_data **out_data)
+    krb5_context context,
+    pkinit_plg_crypto_context plg_cryptoctx,
+    pkinit_req_crypto_context req_cryptoctx,
+    pkinit_identity_crypto_context id_cryptoctx,
+    krb5_data **out_data)
 {
     krb5_error_code retval = KRB5KRB_ERR_GENERIC;
 
     retval = pkinit_create_sequence_of_principal_identifiers(context,
-	plg_cryptoctx, req_cryptoctx, id_cryptoctx,
-	TD_INVALID_CERTIFICATES, out_data);
+                                                             plg_cryptoctx, req_cryptoctx, id_cryptoctx,
+                                                             TD_INVALID_CERTIFICATES, out_data);
 
     return retval;
 }
 
 krb5_error_code
 pkinit_create_td_dh_parameters(krb5_context context,
-			       pkinit_plg_crypto_context plg_cryptoctx,
-			       pkinit_req_crypto_context req_cryptoctx,
-			       pkinit_identity_crypto_context id_cryptoctx,
-			       pkinit_plg_opts *opts,
-			       krb5_data **out_data)
+                               pkinit_plg_crypto_context plg_cryptoctx,
+                               pkinit_req_crypto_context req_cryptoctx,
+                               pkinit_identity_crypto_context id_cryptoctx,
+                               pkinit_plg_opts *opts,
+                               krb5_data **out_data)
 {
     krb5_error_code retval = ENOMEM;
     unsigned int buf1_len = 0, buf2_len = 0, buf3_len = 0, i = 0;
@@ -2575,144 +2565,144 @@ pkinit_create_td_dh_parameters(krb5_context context,
     krb5_algorithm_identifier **algId = NULL;
 
     if (opts->dh_min_bits > 4096)
-	goto cleanup;
+        goto cleanup;
 
     if (opts->dh_min_bits <= 1024) {
-	retval = pkinit_encode_dh_params(plg_cryptoctx->dh_1024->p,
-	    plg_cryptoctx->dh_1024->g, plg_cryptoctx->dh_1024->q,
-	    &buf1, &buf1_len);
-	if (retval)
-	    goto cleanup;
+        retval = pkinit_encode_dh_params(plg_cryptoctx->dh_1024->p,
+                                         plg_cryptoctx->dh_1024->g, plg_cryptoctx->dh_1024->q,
+                                         &buf1, &buf1_len);
+        if (retval)
+            goto cleanup;
     }
     if (opts->dh_min_bits <= 2048) {
-	retval = pkinit_encode_dh_params(plg_cryptoctx->dh_2048->p,
-	    plg_cryptoctx->dh_2048->g, plg_cryptoctx->dh_2048->q,
-	    &buf2, &buf2_len);
-	if (retval)
-	    goto cleanup;
+        retval = pkinit_encode_dh_params(plg_cryptoctx->dh_2048->p,
+                                         plg_cryptoctx->dh_2048->g, plg_cryptoctx->dh_2048->q,
+                                         &buf2, &buf2_len);
+        if (retval)
+            goto cleanup;
     }
     retval = pkinit_encode_dh_params(plg_cryptoctx->dh_4096->p,
-	plg_cryptoctx->dh_4096->g, plg_cryptoctx->dh_4096->q,
-	&buf3, &buf3_len);
+                                     plg_cryptoctx->dh_4096->g, plg_cryptoctx->dh_4096->q,
+                                     &buf3, &buf3_len);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     if (opts->dh_min_bits <= 1024) {
-	algId = malloc(4 * sizeof(krb5_algorithm_identifier *));
-	if (algId == NULL)
-	    goto cleanup;
-	algId[3] = NULL;
-	algId[0] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[0] == NULL)
-	    goto cleanup;
-	algId[0]->parameters.data = malloc(buf2_len);
-	if (algId[0]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[0]->parameters.data, buf2, buf2_len);
-	algId[0]->parameters.length = buf2_len;
-	algId[0]->algorithm = dh_oid;
-
-	algId[1] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[1] == NULL)
-	    goto cleanup;
-	algId[1]->parameters.data = malloc(buf3_len);
-	if (algId[1]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[1]->parameters.data, buf3, buf3_len);
-	algId[1]->parameters.length = buf3_len;
-	algId[1]->algorithm = dh_oid;
-
-	algId[2] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[2] == NULL)
-	    goto cleanup;
-	algId[2]->parameters.data = malloc(buf1_len);
-	if (algId[2]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[2]->parameters.data, buf1, buf1_len);
-	algId[2]->parameters.length = buf1_len;
-	algId[2]->algorithm = dh_oid;
+        algId = malloc(4 * sizeof(krb5_algorithm_identifier *));
+        if (algId == NULL)
+            goto cleanup;
+        algId[3] = NULL;
+        algId[0] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[0] == NULL)
+            goto cleanup;
+        algId[0]->parameters.data = malloc(buf2_len);
+        if (algId[0]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[0]->parameters.data, buf2, buf2_len);
+        algId[0]->parameters.length = buf2_len;
+        algId[0]->algorithm = dh_oid;
+
+        algId[1] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[1] == NULL)
+            goto cleanup;
+        algId[1]->parameters.data = malloc(buf3_len);
+        if (algId[1]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[1]->parameters.data, buf3, buf3_len);
+        algId[1]->parameters.length = buf3_len;
+        algId[1]->algorithm = dh_oid;
+
+        algId[2] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[2] == NULL)
+            goto cleanup;
+        algId[2]->parameters.data = malloc(buf1_len);
+        if (algId[2]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[2]->parameters.data, buf1, buf1_len);
+        algId[2]->parameters.length = buf1_len;
+        algId[2]->algorithm = dh_oid;
 
     } else if (opts->dh_min_bits <= 2048) {
-	algId = malloc(3 * sizeof(krb5_algorithm_identifier *));
-	if (algId == NULL)
-	    goto cleanup;
-	algId[2] = NULL;
-	algId[0] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[0] == NULL)
-	    goto cleanup;
-	algId[0]->parameters.data = malloc(buf2_len);
-	if (algId[0]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[0]->parameters.data, buf2, buf2_len);
-	algId[0]->parameters.length = buf2_len;
-	algId[0]->algorithm = dh_oid;
-
-	algId[1] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[1] == NULL)
-	    goto cleanup;
-	algId[1]->parameters.data = malloc(buf3_len);
-	if (algId[1]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[1]->parameters.data, buf3, buf3_len);
-	algId[1]->parameters.length = buf3_len;
-	algId[1]->algorithm = dh_oid;
+        algId = malloc(3 * sizeof(krb5_algorithm_identifier *));
+        if (algId == NULL)
+            goto cleanup;
+        algId[2] = NULL;
+        algId[0] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[0] == NULL)
+            goto cleanup;
+        algId[0]->parameters.data = malloc(buf2_len);
+        if (algId[0]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[0]->parameters.data, buf2, buf2_len);
+        algId[0]->parameters.length = buf2_len;
+        algId[0]->algorithm = dh_oid;
+
+        algId[1] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[1] == NULL)
+            goto cleanup;
+        algId[1]->parameters.data = malloc(buf3_len);
+        if (algId[1]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[1]->parameters.data, buf3, buf3_len);
+        algId[1]->parameters.length = buf3_len;
+        algId[1]->algorithm = dh_oid;
 
     } else if (opts->dh_min_bits <= 4096) {
-	algId = malloc(2 * sizeof(krb5_algorithm_identifier *));
-	if (algId == NULL)
-	    goto cleanup;
-	algId[1] = NULL;
-	algId[0] = malloc(sizeof(krb5_algorithm_identifier));
-	if (algId[0] == NULL)
-	    goto cleanup;
-	algId[0]->parameters.data = malloc(buf3_len);
-	if (algId[0]->parameters.data == NULL)
-	    goto cleanup;
-	memcpy(algId[0]->parameters.data, buf3, buf3_len);
-	algId[0]->parameters.length = buf3_len;
-	algId[0]->algorithm = dh_oid;
+        algId = malloc(2 * sizeof(krb5_algorithm_identifier *));
+        if (algId == NULL)
+            goto cleanup;
+        algId[1] = NULL;
+        algId[0] = malloc(sizeof(krb5_algorithm_identifier));
+        if (algId[0] == NULL)
+            goto cleanup;
+        algId[0]->parameters.data = malloc(buf3_len);
+        if (algId[0]->parameters.data == NULL)
+            goto cleanup;
+        memcpy(algId[0]->parameters.data, buf3, buf3_len);
+        algId[0]->parameters.length = buf3_len;
+        algId[0]->algorithm = dh_oid;
 
     }
     retval = k5int_encode_krb5_td_dh_parameters((const krb5_algorithm_identifier **)algId, &encoded_algId);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)encoded_algId->data,
-		     encoded_algId->length, "/tmp/kdc_td_dh_params");
+                     encoded_algId->length, "/tmp/kdc_td_dh_params");
 #endif
     typed_data = malloc(2 * sizeof(krb5_typed_data *));
     if (typed_data == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     typed_data[1] = NULL;
     init_krb5_typed_data(&typed_data[0]);
     if (typed_data == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     typed_data[0]->type = TD_DH_PARAMETERS;
     typed_data[0]->length = encoded_algId->length;
     typed_data[0]->data = (unsigned char *)encoded_algId->data;
     retval = k5int_encode_krb5_typed_data((const krb5_typed_data**)typed_data,
-					  &data);
+                                          &data);
     if (retval) {
-	pkiDebug("encode_krb5_typed_data failed\n");
-	goto cleanup;
+        pkiDebug("encode_krb5_typed_data failed\n");
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     print_buffer_bin((unsigned char *)data->data, data->length,
-		     "/tmp/kdc_edata");
+                     "/tmp/kdc_edata");
 #endif
     *out_data = malloc(sizeof(krb5_data));
     if (*out_data == NULL)
-	goto cleanup;
+        goto cleanup;
     (*out_data)->length = data->length;
     (*out_data)->data = malloc(data->length);
     if ((*out_data)->data == NULL) {
-	free(*out_data);
-	*out_data = NULL;
-	goto cleanup;
+        free(*out_data);
+        *out_data = NULL;
+        goto cleanup;
     }
     memcpy((*out_data)->data, data->data, data->length);
 
@@ -2723,19 +2713,19 @@ cleanup:
     free(buf2);
     free(buf3);
     if (data != NULL) {
-	free(data->data);
-	free(data);
+        free(data->data);
+        free(data);
     }
     free_krb5_typed_data(&typed_data);
     free(encoded_algId);
 
     if (algId != NULL) {
-	while(algId[i] != NULL) {
-	    free(algId[i]->parameters.data);
-	    free(algId[i]);
-	    i++;
-	}
-	free(algId);
+        while(algId[i] != NULL) {
+            free(algId[i]->parameters.data);
+            free(algId[i]);
+            i++;
+        }
+        free(algId);
     }
 
     return retval;
@@ -2743,12 +2733,12 @@ cleanup:
 
 krb5_error_code
 pkinit_check_kdc_pkid(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      unsigned char *pdid_buf,
-		      unsigned int pkid_len,
-		      int *valid_kdcPkId)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      unsigned char *pdid_buf,
+                      unsigned int pkid_len,
+                      int *valid_kdcPkId)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     PKCS7_ISSUER_AND_SERIAL *is = NULL;
@@ -2760,13 +2750,13 @@ pkinit_check_kdc_pkid(krb5_context context,
     pkiDebug("found kdcPkId in AS REQ\n");
     is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
     if (is == NULL)
-	goto cleanup;
+        goto cleanup;
 
     status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
     if (!status) {
-	status = ASN1_INTEGER_cmp(X509_get_serialNumber(kdc_cert), is->serial);
-	if (!status)
-	    *valid_kdcPkId = 1;
+        status = ASN1_INTEGER_cmp(X509_get_serialNumber(kdc_cert), is->serial);
+        if (!status)
+            *valid_kdcPkId = 1;
     }
 
     retval = 0;
@@ -2785,33 +2775,33 @@ pkinit_check_dh_params(BIGNUM * p1, BIGNUM * p2, BIGNUM * g1, BIGNUM * q1)
     int retval = -1;
 
     if (!BN_cmp(p1, p2)) {
-	g2 = BN_new();
-	BN_set_word(g2, DH_GENERATOR_2);
-	if (!BN_cmp(g1, g2)) {
-	    q2 = BN_new();
-	    BN_rshift1(q2, p1);
-	    if (!BN_cmp(q1, q2)) {
-		pkiDebug("good %d dhparams\n", BN_num_bits(p1));
-		retval = 0;
-	    } else
-		pkiDebug("bad group 2 q dhparameter\n");
-	    BN_free(q2);
-	} else
-	    pkiDebug("bad g dhparameter\n");
-	BN_free(g2);
+        g2 = BN_new();
+        BN_set_word(g2, DH_GENERATOR_2);
+        if (!BN_cmp(g1, g2)) {
+            q2 = BN_new();
+            BN_rshift1(q2, p1);
+            if (!BN_cmp(q1, q2)) {
+                pkiDebug("good %d dhparams\n", BN_num_bits(p1));
+                retval = 0;
+            } else
+                pkiDebug("bad group 2 q dhparameter\n");
+            BN_free(q2);
+        } else
+            pkiDebug("bad g dhparameter\n");
+        BN_free(g2);
     } else
-	pkiDebug("p is not well-known group 2 dhparameter\n");
+        pkiDebug("p is not well-known group 2 dhparameter\n");
 
     return retval;
 }
 
 krb5_error_code
 pkinit_process_td_dh_params(krb5_context context,
-			    pkinit_plg_crypto_context cryptoctx,
-			    pkinit_req_crypto_context req_cryptoctx,
-			    pkinit_identity_crypto_context id_cryptoctx,
-			    krb5_algorithm_identifier **algId,
-			    int *new_dh_size)
+                            pkinit_plg_crypto_context cryptoctx,
+                            pkinit_req_crypto_context req_cryptoctx,
+                            pkinit_identity_crypto_context id_cryptoctx,
+                            krb5_algorithm_identifier **algId,
+                            int *new_dh_size)
 {
     krb5_error_code retval = KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
     int i = 0, use_sent_dh = 0, ok = 0;
@@ -2819,72 +2809,72 @@ pkinit_process_td_dh_params(krb5_context context,
     pkiDebug("dh parameters\n");
 
     while (algId[i] != NULL) {
-	DH *dh = NULL;
-	unsigned char *tmp = NULL;
-	int dh_prime_bits = 0;
-
-	if (algId[i]->algorithm.length != dh_oid.length ||
-	    memcmp(algId[i]->algorithm.data, dh_oid.data, dh_oid.length))
-	    goto cleanup;
-
-	tmp = algId[i]->parameters.data;
-	dh = DH_new();
-	dh = pkinit_decode_dh_params(&dh, &tmp, algId[i]->parameters.length);
-	dh_prime_bits = BN_num_bits(dh->p);
-	pkiDebug("client sent %d DH bits server prefers %d DH bits\n",
-		 *new_dh_size, dh_prime_bits);
-	switch(dh_prime_bits) {
-	    case 1024:
-		if (pkinit_check_dh_params(cryptoctx->dh_1024->p, dh->p,
-			dh->g, dh->q) == 0) {
-		    *new_dh_size = 1024;
-		    ok = 1;
-		}
-		break;
-	    case 2048:
-		if (pkinit_check_dh_params(cryptoctx->dh_2048->p, dh->p,
-			dh->g, dh->q) == 0) {
-		    *new_dh_size = 2048;
-		    ok = 1;
-		}
-		break;
-	    case 4096:
-		if (pkinit_check_dh_params(cryptoctx->dh_4096->p, dh->p,
-			dh->g, dh->q) == 0) {
-		    *new_dh_size = 4096;
-		    ok = 1;
-		}
-		break;
-	    default:
-		break;
-	}
-	if (!ok) {
-	    DH_check(dh, &retval);
-	    if (retval != 0) {
-		pkiDebug("DH parameters provided by server are unacceptable\n");
-		retval = KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
-	    }
-	    else {
-		use_sent_dh = 1;
-		ok = 1;
-	    }
-	}
-	if (!use_sent_dh)
-	    DH_free(dh);
-	if (ok) {
-	    if (req_cryptoctx->dh != NULL) {
-		DH_free(req_cryptoctx->dh);
-		req_cryptoctx->dh = NULL;
-	    }
-	    if (use_sent_dh)
-		req_cryptoctx->dh = dh;
-	    break;
-	}
-	i++;
+        DH *dh = NULL;
+        unsigned char *tmp = NULL;
+        int dh_prime_bits = 0;
+
+        if (algId[i]->algorithm.length != dh_oid.length ||
+            memcmp(algId[i]->algorithm.data, dh_oid.data, dh_oid.length))
+            goto cleanup;
+
+        tmp = algId[i]->parameters.data;
+        dh = DH_new();
+        dh = pkinit_decode_dh_params(&dh, &tmp, algId[i]->parameters.length);
+        dh_prime_bits = BN_num_bits(dh->p);
+        pkiDebug("client sent %d DH bits server prefers %d DH bits\n",
+                 *new_dh_size, dh_prime_bits);
+        switch(dh_prime_bits) {
+        case 1024:
+            if (pkinit_check_dh_params(cryptoctx->dh_1024->p, dh->p,
+                                       dh->g, dh->q) == 0) {
+                *new_dh_size = 1024;
+                ok = 1;
+            }
+            break;
+        case 2048:
+            if (pkinit_check_dh_params(cryptoctx->dh_2048->p, dh->p,
+                                       dh->g, dh->q) == 0) {
+                *new_dh_size = 2048;
+                ok = 1;
+            }
+            break;
+        case 4096:
+            if (pkinit_check_dh_params(cryptoctx->dh_4096->p, dh->p,
+                                       dh->g, dh->q) == 0) {
+                *new_dh_size = 4096;
+                ok = 1;
+            }
+            break;
+        default:
+            break;
+        }
+        if (!ok) {
+            DH_check(dh, &retval);
+            if (retval != 0) {
+                pkiDebug("DH parameters provided by server are unacceptable\n");
+                retval = KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED;
+            }
+            else {
+                use_sent_dh = 1;
+                ok = 1;
+            }
+        }
+        if (!use_sent_dh)
+            DH_free(dh);
+        if (ok) {
+            if (req_cryptoctx->dh != NULL) {
+                DH_free(req_cryptoctx->dh);
+                req_cryptoctx->dh = NULL;
+            }
+            if (use_sent_dh)
+                req_cryptoctx->dh = dh;
+            break;
+        }
+        i++;
     }
 
     if (ok)
-	retval = 0;
+        retval = 0;
 
 cleanup:
     return retval;
@@ -2895,12 +2885,12 @@ openssl_callback(int ok, X509_STORE_CTX * ctx)
 {
 #ifdef DEBUG
     if (!ok) {
-	char buf[DN_BUF_LEN];
+        char buf[DN_BUF_LEN];
 
-	X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf));
-	pkiDebug("cert = %s\n", buf);
-	pkiDebug("callback function: %d (%s)\n", ctx->error,
-		X509_verify_cert_error_string(ctx->error));
+        X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf));
+        pkiDebug("cert = %s\n", buf);
+        pkiDebug("callback function: %d (%s)\n", ctx->error,
+                 X509_verify_cert_error_string(ctx->error));
     }
 #endif
     return ok;
@@ -2910,12 +2900,12 @@ static int
 openssl_callback_ignore_crls(int ok, X509_STORE_CTX * ctx)
 {
     if (!ok) {
-	switch (ctx->error) {
-	    case X509_V_ERR_UNABLE_TO_GET_CRL:
-		return 1;
-	    default:
-		return 0;
-	}
+        switch (ctx->error) {
+        case X509_V_ERR_UNABLE_TO_GET_CRL:
+            return 1;
+        default:
+            return 0;
+        }
     }
     return ok;
 }
@@ -2926,34 +2916,34 @@ pkinit_pkcs7type2oid(pkinit_plg_crypto_context cryptoctx, int pkcs7_type)
     int nid;
 
     switch (pkcs7_type) {
-	case CMS_SIGN_CLIENT:
-	    return cryptoctx->id_pkinit_authData;
-	case CMS_SIGN_DRAFT9:
-	    /*
-	     * Delay creating this OID until we know we need it.
-	     * It shadows an existing OpenSSL oid.  If it
-	     * is created too early, it breaks things like
-	     * the use of pkcs12 (which uses pkcs7 structures).
-	     * We need this shadow version because our code
-	     * depends on the "other" type to be unknown to the
-	     * OpenSSL code.
-	     */
-	    if (cryptoctx->id_pkinit_authData9 == NULL) {
-		pkiDebug("%s: Creating shadow instance of pkcs7-data oid\n",
-			 __FUNCTION__);
-		nid = OBJ_create("1.2.840.113549.1.7.1", "id-pkcs7-data",
-				 "PKCS7 data");
-		if (nid == NID_undef)
-		    return NULL;
-		cryptoctx->id_pkinit_authData9 = OBJ_nid2obj(nid);
-	    }
-	    return cryptoctx->id_pkinit_authData9;
-	case CMS_SIGN_SERVER:
-	    return cryptoctx->id_pkinit_DHKeyData;
-	case CMS_ENVEL_SERVER:
-	    return cryptoctx->id_pkinit_rkeyData;
-	default:
-	    return NULL;
+    case CMS_SIGN_CLIENT:
+        return cryptoctx->id_pkinit_authData;
+    case CMS_SIGN_DRAFT9:
+        /*
+         * Delay creating this OID until we know we need it.
+         * It shadows an existing OpenSSL oid.  If it
+         * is created too early, it breaks things like
+         * the use of pkcs12 (which uses pkcs7 structures).
+         * We need this shadow version because our code
+         * depends on the "other" type to be unknown to the
+         * OpenSSL code.
+         */
+        if (cryptoctx->id_pkinit_authData9 == NULL) {
+            pkiDebug("%s: Creating shadow instance of pkcs7-data oid\n",
+                     __FUNCTION__);
+            nid = OBJ_create("1.2.840.113549.1.7.1", "id-pkcs7-data",
+                             "PKCS7 data");
+            if (nid == NID_undef)
+                return NULL;
+            cryptoctx->id_pkinit_authData9 = OBJ_nid2obj(nid);
+        }
+        return cryptoctx->id_pkinit_authData9;
+    case CMS_SIGN_SERVER:
+        return cryptoctx->id_pkinit_DHKeyData;
+    case CMS_ENVEL_SERVER:
+        return cryptoctx->id_pkinit_rkeyData;
+    default:
+        return NULL;
     }
 
 }
@@ -2965,8 +2955,8 @@ pkinit_pkcs7type2oid(pkinit_plg_crypto_context cryptoctx, int pkcs7_type)
  */
 static int
 wrap_signeddata(unsigned char *data, unsigned int data_len,
-		unsigned char **out, unsigned int *out_len,
-		int is_longhorn_server)
+                unsigned char **out, unsigned int *out_len,
+                int is_longhorn_server)
 {
 
     unsigned int orig_len = 0, oid_len = 0, tot_len = 0;
@@ -2974,31 +2964,31 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
     unsigned char *p = NULL;
 
     pkiDebug("%s: This is the Longhorn version and is_longhorn_server = %d\n",
-	     __FUNCTION__, is_longhorn_server);
+             __FUNCTION__, is_longhorn_server);
 
     /* Get length to wrap the original data with SEQUENCE tag */
     tot_len = orig_len = ASN1_object_size(1, (int)data_len, V_ASN1_SEQUENCE);
 
     if (is_longhorn_server == 0) {
-	/* Add the signedData OID and adjust lengths */
-	oid = OBJ_nid2obj(NID_pkcs7_signed);
-	oid_len = i2d_ASN1_OBJECT(oid, NULL);
+        /* Add the signedData OID and adjust lengths */
+        oid = OBJ_nid2obj(NID_pkcs7_signed);
+        oid_len = i2d_ASN1_OBJECT(oid, NULL);
 
-	tot_len = ASN1_object_size(1, (int)(orig_len+oid_len), V_ASN1_SEQUENCE);
+        tot_len = ASN1_object_size(1, (int)(orig_len+oid_len), V_ASN1_SEQUENCE);
     }
 
     p = *out = malloc(tot_len);
     if (p == NULL) return -1;
 
     if (is_longhorn_server == 0) {
-	ASN1_put_object(&p, 1, (int)(orig_len+oid_len),
-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        ASN1_put_object(&p, 1, (int)(orig_len+oid_len),
+                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 
-	i2d_ASN1_OBJECT(oid, &p);
+        i2d_ASN1_OBJECT(oid, &p);
 
-	ASN1_put_object(&p, 1, (int)data_len, 0, V_ASN1_CONTEXT_SPECIFIC);
+        ASN1_put_object(&p, 1, (int)data_len, 0, V_ASN1_CONTEXT_SPECIFIC);
     } else {
-	ASN1_put_object(&p, 1, (int)data_len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        ASN1_put_object(&p, 1, (int)data_len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
     }
     memcpy(p, data, data_len);
 
@@ -3013,8 +3003,8 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
  */
 static int
 wrap_signeddata(unsigned char *data, unsigned int data_len,
-	       unsigned char **out, unsigned int *out_len,
-	       int is_longhorn_server)
+                unsigned char **out, unsigned int *out_len,
+                int is_longhorn_server)
 {
 
     unsigned int oid_len = 0, tot_len = 0, wrap_len = 0, tag_len = 0;
@@ -3022,13 +3012,13 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
     unsigned char *p = NULL;
 
     pkiDebug("%s: This is the Longhorn version and is_longhorn_server = %d\n",
-	     __FUNCTION__, is_longhorn_server);
+             __FUNCTION__, is_longhorn_server);
 
     /* New longhorn is missing another sequence */
     if (is_longhorn_server == 1)
-       wrap_len = ASN1_object_size(1, (int)(data_len), V_ASN1_SEQUENCE);
+        wrap_len = ASN1_object_size(1, (int)(data_len), V_ASN1_SEQUENCE);
     else
-       wrap_len = data_len;
+        wrap_len = data_len;
 
     /* Get length to wrap the original data with SEQUENCE tag */
     tag_len = ASN1_object_size(1, (int)wrap_len, V_ASN1_SEQUENCE);
@@ -3042,10 +3032,10 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
 
     p = *out = malloc(tot_len);
     if (p == NULL)
-       return -1;
+        return -1;
 
     ASN1_put_object(&p, 1, (int)(oid_len),
-		    V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+                    V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 
     i2d_ASN1_OBJECT(oid, &p);
 
@@ -3053,7 +3043,7 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
 
     /* Wrap in extra seq tag */
     if (is_longhorn_server == 1) {
-       ASN1_put_object(&p, 1, (int)data_len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+        ASN1_put_object(&p, 1, (int)data_len, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
     }
     memcpy(p, data, data_len);
 
@@ -3066,7 +3056,7 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
 #else
 static int
 wrap_signeddata(unsigned char *data, unsigned int data_len,
-		unsigned char **out, unsigned int *out_len)
+                unsigned char **out, unsigned int *out_len)
 {
 
     unsigned int orig_len = 0, oid_len = 0, tot_len = 0;
@@ -3086,7 +3076,7 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
     if (p == NULL) return -1;
 
     ASN1_put_object(&p, 1, (int)(orig_len+oid_len),
-		    V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+                    V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 
     i2d_ASN1_OBJECT(oid, &p);
 
@@ -3101,9 +3091,9 @@ wrap_signeddata(unsigned char *data, unsigned int data_len,
 
 static int
 prepare_enc_data(unsigned char *indata,
-		 int indata_len,
-		 unsigned char **outdata,
-		 int *outdata_len)
+                 int indata_len,
+                 unsigned char **outdata,
+                 int *outdata_len)
 {
     int retval = -1;
     ASN1_const_CTX c;
@@ -3127,8 +3117,8 @@ prepare_enc_data(unsigned char *indata,
 
     *outdata = malloc((size_t)Tlen);
     if (outdata == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memcpy(*outdata, c.p, (size_t)Tlen);
     *outdata_len = Tlen;
@@ -3149,14 +3139,14 @@ pkinit_C_LoadModule(const char *modname, CK_FUNCTION_LIST_PTR_PTR p11p)
     pkiDebug("loading module \"%s\"... ", modname);
     handle = dlopen(modname, RTLD_NOW);
     if (handle == NULL) {
-	pkiDebug("not found\n");
-	return NULL;
+        pkiDebug("not found\n");
+        return NULL;
     }
     getflist = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR)) dlsym(handle, "C_GetFunctionList");
     if (getflist == NULL || (*getflist)(p11p) != CKR_OK) {
-	dlclose(handle);
-	pkiDebug("failed\n");
-	return NULL;
+        dlclose(handle);
+        pkiDebug("failed\n");
+        return NULL;
     }
     pkiDebug("ok\n");
     return handle;
@@ -3171,8 +3161,8 @@ pkinit_C_UnloadModule(void *handle)
 
 static krb5_error_code
 pkinit_login(krb5_context context,
-	     pkinit_identity_crypto_context id_cryptoctx,
-	     CK_TOKEN_INFO *tip)
+             pkinit_identity_crypto_context id_cryptoctx,
+             CK_TOKEN_INFO *tip)
 {
     krb5_data rdat;
     char *prompt;
@@ -3182,44 +3172,44 @@ pkinit_login(krb5_context context,
     int r = 0;
 
     if (tip->flags & CKF_PROTECTED_AUTHENTICATION_PATH) {
-	rdat.data = NULL;
-	rdat.length = 0;
+        rdat.data = NULL;
+        rdat.length = 0;
     } else {
-	if (tip->flags & CKF_USER_PIN_LOCKED)
-	    warning = " (Warning: PIN locked)";
-	else if (tip->flags & CKF_USER_PIN_FINAL_TRY)
-	    warning = " (Warning: PIN final try)";
-	else if (tip->flags & CKF_USER_PIN_COUNT_LOW)
-	    warning = " (Warning: PIN count low)";
-	else
-	    warning = "";
-	if (asprintf(&prompt, "%.*s PIN%s", (int) sizeof (tip->label),
-		     tip->label, warning) < 0)
-	    return ENOMEM;
-	rdat.data = malloc(tip->ulMaxPinLen + 2);
-	rdat.length = tip->ulMaxPinLen + 1;
-
-	kprompt.prompt = prompt;
-	kprompt.hidden = 1;
-	kprompt.reply = &rdat;
-	prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
-
-	/* PROMPTER_INVOCATION */
-	k5int_set_prompt_types(context, &prompt_type);
-	r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
-		NULL, NULL, 1, &kprompt);
-	k5int_set_prompt_types(context, 0);
-	free(prompt);
+        if (tip->flags & CKF_USER_PIN_LOCKED)
+            warning = " (Warning: PIN locked)";
+        else if (tip->flags & CKF_USER_PIN_FINAL_TRY)
+            warning = " (Warning: PIN final try)";
+        else if (tip->flags & CKF_USER_PIN_COUNT_LOW)
+            warning = " (Warning: PIN count low)";
+        else
+            warning = "";
+        if (asprintf(&prompt, "%.*s PIN%s", (int) sizeof (tip->label),
+                     tip->label, warning) < 0)
+            return ENOMEM;
+        rdat.data = malloc(tip->ulMaxPinLen + 2);
+        rdat.length = tip->ulMaxPinLen + 1;
+
+        kprompt.prompt = prompt;
+        kprompt.hidden = 1;
+        kprompt.reply = &rdat;
+        prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+
+        /* PROMPTER_INVOCATION */
+        k5int_set_prompt_types(context, &prompt_type);
+        r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
+                                      NULL, NULL, 1, &kprompt);
+        k5int_set_prompt_types(context, 0);
+        free(prompt);
     }
 
     if (r == 0) {
-	r = id_cryptoctx->p11->C_Login(id_cryptoctx->session, CKU_USER,
-		(u_char *) rdat.data, rdat.length);
+        r = id_cryptoctx->p11->C_Login(id_cryptoctx->session, CKU_USER,
+                                       (u_char *) rdat.data, rdat.length);
 
-	if (r != CKR_OK) {
-	    pkiDebug("C_Login: %s\n", pkinit_pkcs11_code_to_text(r));
-	    r = KRB5KDC_ERR_PREAUTH_FAILED;
-	}
+        if (r != CKR_OK) {
+            pkiDebug("C_Login: %s\n", pkinit_pkcs11_code_to_text(r));
+            r = KRB5KDC_ERR_PREAUTH_FAILED;
+        }
     }
     free(rdat.data);
 
@@ -3228,7 +3218,7 @@ pkinit_login(krb5_context context,
 
 static krb5_error_code
 pkinit_open_session(krb5_context context,
-		    pkinit_identity_crypto_context cctx)
+                    pkinit_identity_crypto_context cctx)
 {
     int i, r;
     unsigned char *cp;
@@ -3237,73 +3227,73 @@ pkinit_open_session(krb5_context context,
     CK_TOKEN_INFO tinfo;
 
     if (cctx->p11_module != NULL)
-	return 0; /* session already open */
+        return 0; /* session already open */
 
     /* Load module */
     cctx->p11_module =
-	pkinit_C_LoadModule(cctx->p11_module_name, &cctx->p11);
+        pkinit_C_LoadModule(cctx->p11_module_name, &cctx->p11);
     if (cctx->p11_module == NULL)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
 
     /* Init */
     if ((r = cctx->p11->C_Initialize(NULL)) != CKR_OK) {
-	pkiDebug("C_Initialize: %s\n", pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("C_Initialize: %s\n", pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /* Get the list of available slots */
     if (cctx->slotid != PK_NOSLOT) {
-	/* A slot was specified, so that's the only one in the list */
-	count = 1;
-	slotlist = malloc(sizeof(CK_SLOT_ID));
-	slotlist[0] = cctx->slotid;
+        /* A slot was specified, so that's the only one in the list */
+        count = 1;
+        slotlist = malloc(sizeof(CK_SLOT_ID));
+        slotlist[0] = cctx->slotid;
     } else {
-	if (cctx->p11->C_GetSlotList(TRUE, NULL, &count) != CKR_OK)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	if (count == 0)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	slotlist = malloc(count * sizeof (CK_SLOT_ID));
-	if (cctx->p11->C_GetSlotList(TRUE, slotlist, &count) != CKR_OK)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
+        if (cctx->p11->C_GetSlotList(TRUE, NULL, &count) != CKR_OK)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        if (count == 0)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        slotlist = malloc(count * sizeof (CK_SLOT_ID));
+        if (cctx->p11->C_GetSlotList(TRUE, slotlist, &count) != CKR_OK)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /* Look for the given token label, or if none given take the first one */
     for (i = 0; i < count; i++) {
-	/* Open session */
-	if ((r = cctx->p11->C_OpenSession(slotlist[i], CKF_SERIAL_SESSION,
-					  NULL, NULL, &cctx->session)) != CKR_OK) {
-	    pkiDebug("C_OpenSession: %s\n", pkinit_pkcs11_code_to_text(r));
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-
-	/* Get token info */
-	if ((r = cctx->p11->C_GetTokenInfo(slotlist[i], &tinfo)) != CKR_OK) {
-	    pkiDebug("C_GetTokenInfo: %s\n", pkinit_pkcs11_code_to_text(r));
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-	for (cp = tinfo.label + sizeof (tinfo.label) - 1;
-	     *cp == '\0' || *cp == ' '; cp--)
-	    *cp = '\0';
-	pkiDebug("open_session: slotid %d token \"%s\"\n",
-		 (int) slotlist[i], tinfo.label);
-	if (cctx->token_label == NULL ||
-	    !strcmp((char *) cctx->token_label, (char *) tinfo.label))
-	    break;
-	cctx->p11->C_CloseSession(cctx->session);
+        /* Open session */
+        if ((r = cctx->p11->C_OpenSession(slotlist[i], CKF_SERIAL_SESSION,
+                                          NULL, NULL, &cctx->session)) != CKR_OK) {
+            pkiDebug("C_OpenSession: %s\n", pkinit_pkcs11_code_to_text(r));
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        }
+
+        /* Get token info */
+        if ((r = cctx->p11->C_GetTokenInfo(slotlist[i], &tinfo)) != CKR_OK) {
+            pkiDebug("C_GetTokenInfo: %s\n", pkinit_pkcs11_code_to_text(r));
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        }
+        for (cp = tinfo.label + sizeof (tinfo.label) - 1;
+             *cp == '\0' || *cp == ' '; cp--)
+            *cp = '\0';
+        pkiDebug("open_session: slotid %d token \"%s\"\n",
+                 (int) slotlist[i], tinfo.label);
+        if (cctx->token_label == NULL ||
+            !strcmp((char *) cctx->token_label, (char *) tinfo.label))
+            break;
+        cctx->p11->C_CloseSession(cctx->session);
     }
     if (i >= count) {
-	free(slotlist);
-	pkiDebug("open_session: no matching token found\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        free(slotlist);
+        pkiDebug("open_session: no matching token found\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     cctx->slotid = slotlist[i];
     free(slotlist);
     pkiDebug("open_session: slotid %d (%d of %d)\n", (int) cctx->slotid,
-	     i + 1, (int) count);
+             i + 1, (int) count);
 
     /* Login if needed */
     if (tinfo.flags & CKF_LOGIN_REQUIRED)
-	r = pkinit_login(context, cctx, &tinfo);
+        r = pkinit_login(context, cctx, &tinfo);
 
     return r;
 }
@@ -3327,8 +3317,8 @@ pkinit_open_session(krb5_context context,
 
 krb5_error_code
 pkinit_find_private_key(pkinit_identity_crypto_context id_cryptoctx,
-			CK_ATTRIBUTE_TYPE usage,
-			CK_OBJECT_HANDLE *objp)
+                        CK_ATTRIBUTE_TYPE usage,
+                        CK_OBJECT_HANDLE *objp)
 {
     CK_OBJECT_CLASS cls;
     CK_ATTRIBUTE attrs[4];
@@ -3373,64 +3363,69 @@ pkinit_find_private_key(pkinit_identity_crypto_context id_cryptoctx,
 
     r = id_cryptoctx->p11->C_FindObjectsInit(id_cryptoctx->session, attrs, nattrs);
     if (r != CKR_OK) {
-	pkiDebug("krb5_pkinit_sign_data: C_FindObjectsInit: %s\n",
-		 pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("krb5_pkinit_sign_data: C_FindObjectsInit: %s\n",
+                 pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     r = id_cryptoctx->p11->C_FindObjects(id_cryptoctx->session, objp, 1, &count);
     id_cryptoctx->p11->C_FindObjectsFinal(id_cryptoctx->session);
     pkiDebug("found %d private keys (%s)\n", (int) count, pkinit_pkcs11_code_to_text(r));
     if (r != CKR_OK || count < 1)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     return 0;
 }
 #endif
 
 static krb5_error_code
 pkinit_decode_data_fs(krb5_context context,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      unsigned char *data,
-		      unsigned int data_len,
-		      unsigned char **decoded_data,
-		      unsigned int *decoded_data_len)
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      unsigned char *data,
+                      unsigned int data_len,
+                      unsigned char **decoded_data,
+                      unsigned int *decoded_data_len)
 {
     if (decode_data(decoded_data, decoded_data_len, data, data_len,
-		id_cryptoctx->my_key, sk_X509_value(id_cryptoctx->my_certs,
-		id_cryptoctx->cert_index)) <= 0) {
-	pkiDebug("failed to decode data\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                    id_cryptoctx->my_key, sk_X509_value(id_cryptoctx->my_certs,
+                                                        id_cryptoctx->cert_index)) <= 0) {
+        pkiDebug("failed to decode data\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     return 0;
 }
 
 #ifndef WITHOUT_PKCS11
-#ifdef SILLYDECRYPT
-CK_RV
+/*
+ * When using the ActivCard Linux pkcs11 library (v2.0.1), the decrypt function
+ * fails.  By inserting an extra function call, which serves nothing but to
+ * change the stack, we were able to work around the issue.  If the ActivCard
+ * library is fixed in the future, this function can be inlined back into the
+ * caller.
+ */
+static CK_RV
 pkinit_C_Decrypt(pkinit_identity_crypto_context id_cryptoctx,
-		 CK_BYTE_PTR pEncryptedData,
-		 CK_ULONG  ulEncryptedDataLen,
-		 CK_BYTE_PTR pData,
-		 CK_ULONG_PTR pulDataLen)
+                 CK_BYTE_PTR pEncryptedData,
+                 CK_ULONG  ulEncryptedDataLen,
+                 CK_BYTE_PTR pData,
+                 CK_ULONG_PTR pulDataLen)
 {
     CK_RV rv = CKR_OK;
 
     rv = id_cryptoctx->p11->C_Decrypt(id_cryptoctx->session, pEncryptedData,
-	ulEncryptedDataLen, pData, pulDataLen);
+                                      ulEncryptedDataLen, pData, pulDataLen);
     if (rv == CKR_OK) {
-	pkiDebug("pData %x *pulDataLen %d\n", (int) pData, (int) *pulDataLen);
+        pkiDebug("pData %x *pulDataLen %d\n", (int) pData, (int) *pulDataLen);
     }
     return rv;
 }
-#endif
 
 static krb5_error_code
 pkinit_decode_data_pkcs11(krb5_context context,
-			  pkinit_identity_crypto_context id_cryptoctx,
-			  unsigned char *data,
-			  unsigned int data_len,
-			  unsigned char **decoded_data,
-			  unsigned int *decoded_data_len)
+                          pkinit_identity_crypto_context id_cryptoctx,
+                          unsigned char *data,
+                          unsigned int data_len,
+                          unsigned char **decoded_data,
+                          unsigned int *decoded_data_len)
 {
     CK_OBJECT_HANDLE obj;
     CK_ULONG len;
@@ -3439,8 +3434,8 @@ pkinit_decode_data_pkcs11(krb5_context context,
     int r;
 
     if (pkinit_open_session(context, id_cryptoctx)) {
-	pkiDebug("can't open pkcs11 session\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("can't open pkcs11 session\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     pkinit_find_private_key(id_cryptoctx, CKA_DECRYPT, &obj);
@@ -3450,29 +3445,24 @@ pkinit_decode_data_pkcs11(krb5_context context,
     mech.ulParameterLen = 0;
 
     if ((r = id_cryptoctx->p11->C_DecryptInit(id_cryptoctx->session, &mech,
-	    obj)) != CKR_OK) {
-	pkiDebug("C_DecryptInit: 0x%x\n", (int) r);
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                                              obj)) != CKR_OK) {
+        pkiDebug("C_DecryptInit: 0x%x\n", (int) r);
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     pkiDebug("data_len = %d\n", data_len);
     cp = malloc((size_t) data_len);
     if (cp == NULL)
-	return ENOMEM;
+        return ENOMEM;
     len = data_len;
-#ifdef SILLYDECRYPT
     pkiDebug("session %x edata %x edata_len %d data %x datalen @%x %d\n",
-	    (int) id_cryptoctx->session, (int) data, (int) data_len, (int) cp,
-	    (int) &len, (int) len);
+             (int) id_cryptoctx->session, (int) data, (int) data_len, (int) cp,
+             (int) &len, (int) len);
     if ((r = pkinit_C_Decrypt(id_cryptoctx, data, (CK_ULONG) data_len,
-	    cp, &len)) != CKR_OK) {
-#else
-    if ((r = id_cryptoctx->p11->C_Decrypt(id_cryptoctx->session, data,
-	    (CK_ULONG) data_len, cp, &len)) != CKR_OK) {
-#endif
-	pkiDebug("C_Decrypt: %s\n", pkinit_pkcs11_code_to_text(r));
-	if (r == CKR_BUFFER_TOO_SMALL)
-	    pkiDebug("decrypt %d needs %d\n", (int) data_len, (int) len);
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                              cp, &len)) != CKR_OK) {
+        pkiDebug("C_Decrypt: %s\n", pkinit_pkcs11_code_to_text(r));
+        if (r == CKR_BUFFER_TOO_SMALL)
+            pkiDebug("decrypt %d needs %d\n", (int) data_len, (int) len);
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     pkiDebug("decrypt %d -> %d\n", (int) data_len, (int) len);
     *decoded_data_len = len;
@@ -3484,21 +3474,21 @@ pkinit_decode_data_pkcs11(krb5_context context,
 
 krb5_error_code
 pkinit_decode_data(krb5_context context,
-		   pkinit_identity_crypto_context id_cryptoctx,
-		   unsigned char *data,
-		   unsigned int data_len,
-		   unsigned char **decoded_data,
-		   unsigned int *decoded_data_len)
+                   pkinit_identity_crypto_context id_cryptoctx,
+                   unsigned char *data,
+                   unsigned int data_len,
+                   unsigned char **decoded_data,
+                   unsigned int *decoded_data_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
 
     if (id_cryptoctx->pkcs11_method != 1)
-	retval = pkinit_decode_data_fs(context, id_cryptoctx, data, data_len,
-	    decoded_data, decoded_data_len);
+        retval = pkinit_decode_data_fs(context, id_cryptoctx, data, data_len,
+                                       decoded_data, decoded_data_len);
 #ifndef WITHOUT_PKCS11
     else
-	retval = pkinit_decode_data_pkcs11(context, id_cryptoctx, data,
-	    data_len, decoded_data, decoded_data_len);
+        retval = pkinit_decode_data_pkcs11(context, id_cryptoctx, data,
+                                           data_len, decoded_data, decoded_data_len);
 #endif
 
     return retval;
@@ -3506,16 +3496,16 @@ pkinit_decode_data(krb5_context context,
 
 static krb5_error_code
 pkinit_sign_data_fs(krb5_context context,
-		 pkinit_identity_crypto_context id_cryptoctx,
-		 unsigned char *data,
-		 unsigned int data_len,
-		 unsigned char **sig,
-		 unsigned int *sig_len)
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    unsigned char *data,
+                    unsigned int data_len,
+                    unsigned char **sig,
+                    unsigned int *sig_len)
 {
     if (create_signature(sig, sig_len, data, data_len,
-	    id_cryptoctx->my_key) != 0) {
-	    pkiDebug("failed to create the signature\n");
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
+                         id_cryptoctx->my_key) != 0) {
+        pkiDebug("failed to create the signature\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     return 0;
 }
@@ -3523,11 +3513,11 @@ pkinit_sign_data_fs(krb5_context context,
 #ifndef WITHOUT_PKCS11
 static krb5_error_code
 pkinit_sign_data_pkcs11(krb5_context context,
-			pkinit_identity_crypto_context id_cryptoctx,
-			unsigned char *data,
-			unsigned int data_len,
-			unsigned char **sig,
-			unsigned int *sig_len)
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        unsigned char *data,
+                        unsigned int data_len,
+                        unsigned char **sig,
+                        unsigned int *sig_len)
 {
     CK_OBJECT_HANDLE obj;
     CK_ULONG len;
@@ -3536,8 +3526,8 @@ pkinit_sign_data_pkcs11(krb5_context context,
     int r;
 
     if (pkinit_open_session(context, id_cryptoctx)) {
-	pkiDebug("can't open pkcs11 session\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("can't open pkcs11 session\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     pkinit_find_private_key(id_cryptoctx, CKA_SIGN, &obj);
@@ -3547,9 +3537,9 @@ pkinit_sign_data_pkcs11(krb5_context context,
     mech.ulParameterLen = 0;
 
     if ((r = id_cryptoctx->p11->C_SignInit(id_cryptoctx->session, &mech,
-	    obj)) != CKR_OK) {
-	pkiDebug("C_SignInit: %s\n", pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                                           obj)) != CKR_OK) {
+        pkiDebug("C_SignInit: %s\n", pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     /*
@@ -3559,20 +3549,20 @@ pkinit_sign_data_pkcs11(krb5_context context,
     len = PK_SIGLEN_GUESS;
     cp = malloc((size_t) len);
     if (cp == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     r = id_cryptoctx->p11->C_Sign(id_cryptoctx->session, data,
-				 (CK_ULONG) data_len, cp, &len);
+                                  (CK_ULONG) data_len, cp, &len);
     if (r == CKR_BUFFER_TOO_SMALL || (r == CKR_OK && len >= PK_SIGLEN_GUESS)) {
-	free(cp);
-	pkiDebug("C_Sign realloc %d\n", (int) len);
-	cp = malloc((size_t) len);
-	r = id_cryptoctx->p11->C_Sign(id_cryptoctx->session, data,
-				     (CK_ULONG) data_len, cp, &len);
+        free(cp);
+        pkiDebug("C_Sign realloc %d\n", (int) len);
+        cp = malloc((size_t) len);
+        r = id_cryptoctx->p11->C_Sign(id_cryptoctx->session, data,
+                                      (CK_ULONG) data_len, cp, &len);
     }
     if (r != CKR_OK) {
-	pkiDebug("C_Sign: %s\n", pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("C_Sign: %s\n", pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     pkiDebug("sign %d -> %d\n", (int) data_len, (int) len);
     *sig_len = len;
@@ -3584,21 +3574,21 @@ pkinit_sign_data_pkcs11(krb5_context context,
 
 krb5_error_code
 pkinit_sign_data(krb5_context context,
-		 pkinit_identity_crypto_context id_cryptoctx,
-		 unsigned char *data,
-		 unsigned int data_len,
-		 unsigned char **sig,
-		 unsigned int *sig_len)
+                 pkinit_identity_crypto_context id_cryptoctx,
+                 unsigned char *data,
+                 unsigned int data_len,
+                 unsigned char **sig,
+                 unsigned int *sig_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
 
     if (id_cryptoctx == NULL || id_cryptoctx->pkcs11_method != 1)
-	retval = pkinit_sign_data_fs(context, id_cryptoctx, data, data_len,
-				     sig, sig_len);
+        retval = pkinit_sign_data_fs(context, id_cryptoctx, data, data_len,
+                                     sig, sig_len);
 #ifndef WITHOUT_PKCS11
     else
-	retval = pkinit_sign_data_pkcs11(context, id_cryptoctx, data, data_len,
-					 sig, sig_len);
+        retval = pkinit_sign_data_pkcs11(context, id_cryptoctx, data, data_len,
+                                         sig, sig_len);
 #endif
 
     return retval;
@@ -3607,62 +3597,62 @@ pkinit_sign_data(krb5_context context,
 
 static krb5_error_code
 decode_data(unsigned char **out_data, unsigned int *out_data_len,
-	    unsigned char *data, unsigned int data_len,
-	    EVP_PKEY *pkey, X509 *cert)
+            unsigned char *data, unsigned int data_len,
+            EVP_PKEY *pkey, X509 *cert)
 {
     krb5_error_code retval = ENOMEM;
     unsigned char *buf = NULL;
     int buf_len = 0;
 
     if (cert && !X509_check_private_key(cert, pkey)) {
-	pkiDebug("private key does not match certificate\n");
-	goto cleanup;
+        pkiDebug("private key does not match certificate\n");
+        goto cleanup;
     }
 
     buf_len = EVP_PKEY_size(pkey);
     buf = malloc((size_t) buf_len + 10);
     if (buf == NULL)
-	goto cleanup;
+        goto cleanup;
 
 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
     retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
 #else
-     retval = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey);
+    retval = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey);
 #endif
     if (retval <= 0) {
-	pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
-	goto cleanup;
+        pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
+        goto cleanup;
     }
     *out_data = buf;
     *out_data_len = retval;
 
-  cleanup:
+cleanup:
     if (retval == ENOMEM)
-	free(buf);
+        free(buf);
 
     return retval;
 }
 
 static krb5_error_code
 create_signature(unsigned char **sig, unsigned int *sig_len,
-		 unsigned char *data, unsigned int data_len, EVP_PKEY *pkey)
+                 unsigned char *data, unsigned int data_len, EVP_PKEY *pkey)
 {
     krb5_error_code retval = ENOMEM;
     EVP_MD_CTX md_ctx;
 
     if (pkey == NULL)
-	return retval;
+        return retval;
 
     EVP_VerifyInit(&md_ctx, EVP_sha1());
     EVP_SignUpdate(&md_ctx, data, data_len);
     *sig_len = EVP_PKEY_size(pkey);
     if ((*sig = malloc(*sig_len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     EVP_SignFinal(&md_ctx, *sig, sig_len, pkey);
 
     retval = 0;
 
-  cleanup:
+cleanup:
     EVP_MD_CTX_cleanup(&md_ctx);
 
     return retval;
@@ -3677,10 +3667,10 @@ create_signature(unsigned char **sig, unsigned int *sig_len,
  */
 krb5_error_code
 pkinit_get_kdc_cert(krb5_context context,
-		    pkinit_plg_crypto_context plg_cryptoctx,
-		    pkinit_req_crypto_context req_cryptoctx,
-		    pkinit_identity_crypto_context id_cryptoctx,
-		    krb5_principal princ)
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    krb5_principal princ)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
 
@@ -3691,11 +3681,11 @@ pkinit_get_kdc_cert(krb5_context context,
 
 static krb5_error_code
 pkinit_get_certs_pkcs12(krb5_context context,
-			  pkinit_plg_crypto_context plg_cryptoctx,
-			  pkinit_req_crypto_context req_cryptoctx,
-			  pkinit_identity_opts *idopts,
-			  pkinit_identity_crypto_context id_cryptoctx,
-			  krb5_principal princ)
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        krb5_principal princ)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     X509 *x = NULL;
@@ -3705,29 +3695,29 @@ pkinit_get_certs_pkcs12(krb5_context context,
     EVP_PKEY *y = NULL;
 
     if (idopts->cert_filename == NULL) {
-	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
-	goto cleanup;
+        pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
+        goto cleanup;
     }
 
     if (idopts->key_filename == NULL) {
-	pkiDebug("%s: failed to get user's private key location\n", __FUNCTION__);
-	goto cleanup;
+        pkiDebug("%s: failed to get user's private key location\n", __FUNCTION__);
+        goto cleanup;
     }
 
     fp = fopen(idopts->cert_filename, "rb");
     if (fp == NULL) {
-	pkiDebug("Failed to open PKCS12 file '%s', error %d\n",
-		 idopts->cert_filename, errno);
-	goto cleanup;
+        pkiDebug("Failed to open PKCS12 file '%s', error %d\n",
+                 idopts->cert_filename, errno);
+        goto cleanup;
     }
     set_cloexec_file(fp);
 
     p12 = d2i_PKCS12_fp(fp, NULL);
     fclose(fp);
     if (p12 == NULL) {
-	pkiDebug("Failed to decode PKCS12 file '%s' contents\n",
-		 idopts->cert_filename);
-	goto cleanup;
+        pkiDebug("Failed to decode PKCS12 file '%s' contents\n",
+                 idopts->cert_filename);
+        goto cleanup;
     }
     /*
      * Try parsing with no pass phrase first.  If that fails,
@@ -3735,47 +3725,47 @@ pkinit_get_certs_pkcs12(krb5_context context,
      */
     ret = PKCS12_parse(p12, NULL, &y, &x, NULL);
     if (ret == 0) {
-	krb5_data rdat;
-	krb5_prompt kprompt;
-	krb5_prompt_type prompt_type;
-	int r = 0;
-	char prompt_string[128];
-	char prompt_reply[128];
-	char prompt_prefix[] = "Pass phrase for";
-
-	pkiDebug("Initial PKCS12_parse with no password failed\n");
-
-	memset(prompt_reply, '\0', sizeof(prompt_reply));
-	rdat.data = prompt_reply;
-	rdat.length = sizeof(prompt_reply);
-
-	r = snprintf(prompt_string, sizeof(prompt_string), "%s %s",
-		     prompt_prefix, idopts->cert_filename);
-	if (r >= sizeof(prompt_string)) {
-	    pkiDebug("Prompt string, '%s %s', is too long!\n",
-		     prompt_prefix, idopts->cert_filename);
-	    goto cleanup;
-	}
-	kprompt.prompt = prompt_string;
-	kprompt.hidden = 1;
-	kprompt.reply = &rdat;
-	prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
-
-	/* PROMPTER_INVOCATION */
-	k5int_set_prompt_types(context, &prompt_type);
-	r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
-				      NULL, NULL, 1, &kprompt);
-	k5int_set_prompt_types(context, 0);
-
-	ret = PKCS12_parse(p12, rdat.data, &y, &x, NULL);
-	if (ret == 0) {
-	    pkiDebug("Seconde PKCS12_parse with password failed\n");
-	    goto cleanup;
-	}
+        krb5_data rdat;
+        krb5_prompt kprompt;
+        krb5_prompt_type prompt_type;
+        int r = 0;
+        char prompt_string[128];
+        char prompt_reply[128];
+        char prompt_prefix[] = "Pass phrase for";
+
+        pkiDebug("Initial PKCS12_parse with no password failed\n");
+
+        memset(prompt_reply, '\0', sizeof(prompt_reply));
+        rdat.data = prompt_reply;
+        rdat.length = sizeof(prompt_reply);
+
+        r = snprintf(prompt_string, sizeof(prompt_string), "%s %s",
+                     prompt_prefix, idopts->cert_filename);
+        if (r >= sizeof(prompt_string)) {
+            pkiDebug("Prompt string, '%s %s', is too long!\n",
+                     prompt_prefix, idopts->cert_filename);
+            goto cleanup;
+        }
+        kprompt.prompt = prompt_string;
+        kprompt.hidden = 1;
+        kprompt.reply = &rdat;
+        prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
+
+        /* PROMPTER_INVOCATION */
+        k5int_set_prompt_types(context, &prompt_type);
+        r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
+                                      NULL, NULL, 1, &kprompt);
+        k5int_set_prompt_types(context, 0);
+
+        ret = PKCS12_parse(p12, rdat.data, &y, &x, NULL);
+        if (ret == 0) {
+            pkiDebug("Seconde PKCS12_parse with password failed\n");
+            goto cleanup;
+        }
     }
     id_cryptoctx->creds[0] = malloc(sizeof(struct _pkinit_cred_info));
     if (id_cryptoctx->creds[0] == NULL)
-	goto cleanup;
+        goto cleanup;
     id_cryptoctx->creds[0]->cert = x;
 #ifndef WITHOUT_PKCS11
     id_cryptoctx->creds[0]->cert_id = NULL;
@@ -3788,22 +3778,22 @@ pkinit_get_certs_pkcs12(krb5_context context,
 
 cleanup:
     if (p12)
-	PKCS12_free(p12);
+        PKCS12_free(p12);
     if (retval) {
-	if (x != NULL)
-	    X509_free(x);
-	if (y != NULL)
-	    EVP_PKEY_free(y);
+        if (x != NULL)
+            X509_free(x);
+        if (y != NULL)
+            EVP_PKEY_free(y);
     }
     return retval;
 }
 
 static krb5_error_code
 pkinit_load_fs_cert_and_key(krb5_context context,
-			    pkinit_identity_crypto_context id_cryptoctx,
-			    char *certname,
-			    char *keyname,
-			    int cindex)
+                            pkinit_identity_crypto_context id_cryptoctx,
+                            char *certname,
+                            char *keyname,
+                            int cindex)
 {
     krb5_error_code retval;
     X509 *x = NULL;
@@ -3812,19 +3802,19 @@ pkinit_load_fs_cert_and_key(krb5_context context,
     /* load the certificate */
     retval = get_cert(certname, &x);
     if (retval != 0 || x == NULL) {
-	pkiDebug("failed to load user's certificate from '%s'\n", certname);
-	goto cleanup;
+        pkiDebug("failed to load user's certificate from '%s'\n", certname);
+        goto cleanup;
     }
     retval = get_key(keyname, &y);
     if (retval != 0 || y == NULL) {
-	pkiDebug("failed to load user's private key from '%s'\n", keyname);
-	goto cleanup;
+        pkiDebug("failed to load user's private key from '%s'\n", keyname);
+        goto cleanup;
     }
 
     id_cryptoctx->creds[cindex] = malloc(sizeof(struct _pkinit_cred_info));
     if (id_cryptoctx->creds[cindex] == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     id_cryptoctx->creds[cindex]->cert = x;
 #ifndef WITHOUT_PKCS11
@@ -3838,49 +3828,49 @@ pkinit_load_fs_cert_and_key(krb5_context context,
 
 cleanup:
     if (retval) {
-	if (x != NULL)
-	    X509_free(x);
-	if (y != NULL)
-	    EVP_PKEY_free(y);
+        if (x != NULL)
+            X509_free(x);
+        if (y != NULL)
+            EVP_PKEY_free(y);
     }
     return retval;
 }
 
 static krb5_error_code
 pkinit_get_certs_fs(krb5_context context,
-			  pkinit_plg_crypto_context plg_cryptoctx,
-			  pkinit_req_crypto_context req_cryptoctx,
-			  pkinit_identity_opts *idopts,
-			  pkinit_identity_crypto_context id_cryptoctx,
-			  krb5_principal princ)
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_opts *idopts,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    krb5_principal princ)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
 
     if (idopts->cert_filename == NULL) {
-	pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
-	goto cleanup;
+        pkiDebug("%s: failed to get user's cert location\n", __FUNCTION__);
+        goto cleanup;
     }
 
     if (idopts->key_filename == NULL) {
-	pkiDebug("%s: failed to get user's private key location\n",
-		 __FUNCTION__);
-	goto cleanup;
+        pkiDebug("%s: failed to get user's private key location\n",
+                 __FUNCTION__);
+        goto cleanup;
     }
 
     retval = pkinit_load_fs_cert_and_key(context, id_cryptoctx,
-					 idopts->cert_filename,
-					 idopts->key_filename, 0);
+                                         idopts->cert_filename,
+                                         idopts->key_filename, 0);
 cleanup:
     return retval;
 }
 
 static krb5_error_code
 pkinit_get_certs_dir(krb5_context context,
-		     pkinit_plg_crypto_context plg_cryptoctx,
-		     pkinit_req_crypto_context req_cryptoctx,
-		     pkinit_identity_opts *idopts,
-		     pkinit_identity_crypto_context id_cryptoctx,
-		     krb5_principal princ)
+                     pkinit_plg_crypto_context plg_cryptoctx,
+                     pkinit_req_crypto_context req_cryptoctx,
+                     pkinit_identity_opts *idopts,
+                     pkinit_identity_crypto_context id_cryptoctx,
+                     krb5_principal princ)
 {
     krb5_error_code retval = ENOMEM;
     DIR *d = NULL;
@@ -3891,71 +3881,71 @@ pkinit_get_certs_dir(krb5_context context,
     char *dirname, *suf;
 
     if (idopts->cert_filename == NULL) {
-	pkiDebug("%s: failed to get user's certificate directory location\n",
-		 __FUNCTION__);
-	return ENOENT;
+        pkiDebug("%s: failed to get user's certificate directory location\n",
+                 __FUNCTION__);
+        return ENOENT;
     }
 
     dirname = idopts->cert_filename;
     d = opendir(dirname);
     if (d == NULL)
-	return errno;
+        return errno;
 
     /*
      * We'll assume that certs are named XXX.crt and the corresponding
      * key is named XXX.key
      */
     while ((i < MAX_CREDS_ALLOWED) &&  (dentry = readdir(d)) != NULL) {
-	/* Ignore subdirectories and anything starting with a dot */
+        /* Ignore subdirectories and anything starting with a dot */
 #ifdef DT_DIR
-	if (dentry->d_type == DT_DIR)
-	    continue;
+        if (dentry->d_type == DT_DIR)
+            continue;
 #endif
-	if (dentry->d_name[0] == '.')
-	    continue;
-	len = strlen(dentry->d_name);
-	if (len < 5)
-	    continue;
-	suf = dentry->d_name + (len - 4);
-	if (strncmp(suf, ".crt", 4) != 0)
-	    continue;
-
-	/* Checked length */
-	if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(certname)) {
-	    pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
-		     __FUNCTION__, dirname, dentry->d_name);
-	    continue;
-	}
-	snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
-	snprintf(keyname, sizeof(keyname), "%s/%s", dirname, dentry->d_name);
-	len = strlen(keyname);
-	keyname[len - 3] = 'k';
-	keyname[len - 2] = 'e';
-	keyname[len - 1] = 'y';
-
-	retval = pkinit_load_fs_cert_and_key(context, id_cryptoctx,
-					     certname, keyname, i);
-	if (retval == 0) {
-	    pkiDebug("%s: Successfully loaded cert (and key) for %s\n",
-		     __FUNCTION__, dentry->d_name);
-	    i++;
-	}
-	else
-	    continue;
+        if (dentry->d_name[0] == '.')
+            continue;
+        len = strlen(dentry->d_name);
+        if (len < 5)
+            continue;
+        suf = dentry->d_name + (len - 4);
+        if (strncmp(suf, ".crt", 4) != 0)
+            continue;
+
+        /* Checked length */
+        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(certname)) {
+            pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
+                     __FUNCTION__, dirname, dentry->d_name);
+            continue;
+        }
+        snprintf(certname, sizeof(certname), "%s/%s", dirname, dentry->d_name);
+        snprintf(keyname, sizeof(keyname), "%s/%s", dirname, dentry->d_name);
+        len = strlen(keyname);
+        keyname[len - 3] = 'k';
+        keyname[len - 2] = 'e';
+        keyname[len - 1] = 'y';
+
+        retval = pkinit_load_fs_cert_and_key(context, id_cryptoctx,
+                                             certname, keyname, i);
+        if (retval == 0) {
+            pkiDebug("%s: Successfully loaded cert (and key) for %s\n",
+                     __FUNCTION__, dentry->d_name);
+            i++;
+        }
+        else
+            continue;
     }
 
     if (i == 0) {
-	pkiDebug("%s: No cert/key pairs found in directory '%s'\n",
-		 __FUNCTION__, idopts->cert_filename);
-	retval = ENOENT;
-	goto cleanup;
+        pkiDebug("%s: No cert/key pairs found in directory '%s'\n",
+                 __FUNCTION__, idopts->cert_filename);
+        retval = ENOENT;
+        goto cleanup;
     }
 
     retval = 0;
 
-  cleanup:
+cleanup:
     if (d)
-	closedir(d);
+        closedir(d);
 
     return retval;
 }
@@ -3963,11 +3953,11 @@ pkinit_get_certs_dir(krb5_context context,
 #ifndef WITHOUT_PKCS11
 static krb5_error_code
 pkinit_get_certs_pkcs11(krb5_context context,
-			pkinit_plg_crypto_context plg_cryptoctx,
-			pkinit_req_crypto_context req_cryptoctx,
-			pkinit_identity_opts *idopts,
-			pkinit_identity_crypto_context id_cryptoctx,
-			krb5_principal princ)
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        krb5_principal princ)
 {
 #ifdef PKINIT_USE_MECH_LIST
     CK_MECHANISM_TYPE_PTR mechp;
@@ -3986,34 +3976,34 @@ pkinit_get_certs_pkcs11(krb5_context context,
 
     /* Copy stuff from idopts -> id_cryptoctx */
     if (idopts->p11_module_name != NULL) {
-	id_cryptoctx->p11_module_name = strdup(idopts->p11_module_name);
-	if (id_cryptoctx->p11_module_name == NULL)
-	    return ENOMEM;
+        id_cryptoctx->p11_module_name = strdup(idopts->p11_module_name);
+        if (id_cryptoctx->p11_module_name == NULL)
+            return ENOMEM;
     }
     if (idopts->token_label != NULL) {
-	id_cryptoctx->token_label = strdup(idopts->token_label);
-	if (id_cryptoctx->token_label == NULL)
-	    return ENOMEM;
+        id_cryptoctx->token_label = strdup(idopts->token_label);
+        if (id_cryptoctx->token_label == NULL)
+            return ENOMEM;
     }
     if (idopts->cert_label != NULL) {
-	id_cryptoctx->cert_label = strdup(idopts->cert_label);
-	if (id_cryptoctx->cert_label == NULL)
-	    return ENOMEM;
+        id_cryptoctx->cert_label = strdup(idopts->cert_label);
+        if (id_cryptoctx->cert_label == NULL)
+            return ENOMEM;
     }
     /* Convert the ascii cert_id string into a binary blob */
     if (idopts->cert_id_string != NULL) {
-	BIGNUM *bn = NULL;
-	BN_hex2bn(&bn, idopts->cert_id_string);
-	if (bn == NULL)
-	    return ENOMEM;
-	id_cryptoctx->cert_id_len = BN_num_bytes(bn);
-	id_cryptoctx->cert_id = malloc((size_t) id_cryptoctx->cert_id_len);
-	if (id_cryptoctx->cert_id == NULL) {
-	    BN_free(bn);
-	    return ENOMEM;
-	}
-	BN_bn2bin(bn, id_cryptoctx->cert_id);
-	BN_free(bn);
+        BIGNUM *bn = NULL;
+        BN_hex2bn(&bn, idopts->cert_id_string);
+        if (bn == NULL)
+            return ENOMEM;
+        id_cryptoctx->cert_id_len = BN_num_bytes(bn);
+        id_cryptoctx->cert_id = malloc((size_t) id_cryptoctx->cert_id_len);
+        if (id_cryptoctx->cert_id == NULL) {
+            BN_free(bn);
+            return ENOMEM;
+        }
+        BN_bn2bin(bn, id_cryptoctx->cert_id);
+        BN_free(bn);
     }
     id_cryptoctx->slotid = idopts->slotid;
     id_cryptoctx->pkcs11_method = 1;
@@ -4021,8 +4011,8 @@ pkinit_get_certs_pkcs11(krb5_context context,
 
 
     if (pkinit_open_session(context, id_cryptoctx)) {
-	pkiDebug("can't open pkcs11 session\n");
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("can't open pkcs11 session\n");
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
 #ifndef PKINIT_USE_MECH_LIST
@@ -4036,30 +4026,30 @@ pkinit_get_certs_pkcs11(krb5_context context,
     id_cryptoctx->mech = CKM_RSA_PKCS;
 #else
     if ((r = id_cryptoctx->p11->C_GetMechanismList(id_cryptoctx->slotid, NULL,
-	    &count)) != CKR_OK || count <= 0) {
-	pkiDebug("C_GetMechanismList: %s\n", pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                                                   &count)) != CKR_OK || count <= 0) {
+        pkiDebug("C_GetMechanismList: %s\n", pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
     mechp = malloc(count * sizeof (CK_MECHANISM_TYPE));
     if (mechp == NULL)
-	return ENOMEM;
+        return ENOMEM;
     if ((r = id_cryptoctx->p11->C_GetMechanismList(id_cryptoctx->slotid,
-	    mechp, &count)) != CKR_OK)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+                                                   mechp, &count)) != CKR_OK)
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     for (i = 0; i < count; i++) {
-	if ((r = id_cryptoctx->p11->C_GetMechanismInfo(id_cryptoctx->slotid,
-		mechp[i], &info)) != CKR_OK)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
+        if ((r = id_cryptoctx->p11->C_GetMechanismInfo(id_cryptoctx->slotid,
+                                                       mechp[i], &info)) != CKR_OK)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
 #ifdef DEBUG_MECHINFO
-	pkiDebug("mech %x flags %x\n", (int) mechp[i], (int) info.flags);
-	if ((info.flags & (CKF_SIGN|CKF_DECRYPT)) == (CKF_SIGN|CKF_DECRYPT))
-	    pkiDebug("  this mech is good for sign & decrypt\n");
+        pkiDebug("mech %x flags %x\n", (int) mechp[i], (int) info.flags);
+        if ((info.flags & (CKF_SIGN|CKF_DECRYPT)) == (CKF_SIGN|CKF_DECRYPT))
+            pkiDebug("  this mech is good for sign & decrypt\n");
 #endif
-	if (mechp[i] == CKM_RSA_PKCS) {
-	    /* This seems backwards... */
-	    id_cryptoctx->mech =
-		(info.flags & CKF_SIGN) ? CKM_SHA1_RSA_PKCS : CKM_RSA_PKCS;
-	}
+        if (mechp[i] == CKM_RSA_PKCS) {
+            /* This seems backwards... */
+            id_cryptoctx->mech =
+                (info.flags & CKF_SIGN) ? CKM_SHA1_RSA_PKCS : CKM_RSA_PKCS;
+        }
     }
     free(mechp);
 
@@ -4080,88 +4070,88 @@ pkinit_get_certs_pkcs11(krb5_context context,
 
     /* If a cert id and/or label were given, use them too */
     if (id_cryptoctx->cert_id_len > 0) {
-	attrs[nattrs].type = CKA_ID;
-	attrs[nattrs].pValue = id_cryptoctx->cert_id;
-	attrs[nattrs].ulValueLen = id_cryptoctx->cert_id_len;
-	nattrs++;
+        attrs[nattrs].type = CKA_ID;
+        attrs[nattrs].pValue = id_cryptoctx->cert_id;
+        attrs[nattrs].ulValueLen = id_cryptoctx->cert_id_len;
+        nattrs++;
     }
     if (id_cryptoctx->cert_label != NULL) {
-	attrs[nattrs].type = CKA_LABEL;
-	attrs[nattrs].pValue = id_cryptoctx->cert_label;
-	attrs[nattrs].ulValueLen = strlen(id_cryptoctx->cert_label);
-	nattrs++;
+        attrs[nattrs].type = CKA_LABEL;
+        attrs[nattrs].pValue = id_cryptoctx->cert_label;
+        attrs[nattrs].ulValueLen = strlen(id_cryptoctx->cert_label);
+        nattrs++;
     }
 
     r = id_cryptoctx->p11->C_FindObjectsInit(id_cryptoctx->session, attrs, nattrs);
     if (r != CKR_OK) {
-	pkiDebug("C_FindObjectsInit: %s\n", pkinit_pkcs11_code_to_text(r));
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        pkiDebug("C_FindObjectsInit: %s\n", pkinit_pkcs11_code_to_text(r));
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     }
 
     for (i = 0; ; i++) {
-	if (i >= MAX_CREDS_ALLOWED)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-
-	/* Look for x.509 cert */
-	if ((r = id_cryptoctx->p11->C_FindObjects(id_cryptoctx->session,
-		&obj, 1, &count)) != CKR_OK || count <= 0) {
-	    id_cryptoctx->creds[i] = NULL;
-	    break;
-	}
-
-	/* Get cert and id len */
-	attrs[0].type = CKA_VALUE;
-	attrs[0].pValue = NULL;
-	attrs[0].ulValueLen = 0;
-
-	attrs[1].type = CKA_ID;
-	attrs[1].pValue = NULL;
-	attrs[1].ulValueLen = 0;
-
-	if ((r = id_cryptoctx->p11->C_GetAttributeValue(id_cryptoctx->session,
-		obj, attrs, 2)) != CKR_OK && r != CKR_BUFFER_TOO_SMALL) {
-	    pkiDebug("C_GetAttributeValue: %s\n", pkinit_pkcs11_code_to_text(r));
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-	cert = (CK_BYTE_PTR) malloc((size_t) attrs[0].ulValueLen + 1);
-	cert_id = (CK_BYTE_PTR) malloc((size_t) attrs[1].ulValueLen + 1);
-	if (cert == NULL || cert_id == NULL)
-	    return ENOMEM;
-
-	/* Read the cert and id off the card */
-
-	attrs[0].type = CKA_VALUE;
-	attrs[0].pValue = cert;
-
-	attrs[1].type = CKA_ID;
-	attrs[1].pValue = cert_id;
-
-	if ((r = id_cryptoctx->p11->C_GetAttributeValue(id_cryptoctx->session,
-		obj, attrs, 2)) != CKR_OK) {
-	    pkiDebug("C_GetAttributeValue: %s\n", pkinit_pkcs11_code_to_text(r));
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	}
-
-	pkiDebug("cert %d size %d id %d idlen %d\n", i,
-	    (int) attrs[0].ulValueLen, (int) cert_id[0],
-	    (int) attrs[1].ulValueLen);
-
-	cp = (unsigned char *) cert;
-	x = d2i_X509(NULL, &cp, (int) attrs[0].ulValueLen);
-	if (x == NULL)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	id_cryptoctx->creds[i] = malloc(sizeof(struct _pkinit_cred_info));
-	if (id_cryptoctx->creds[i] == NULL)
-	    return KRB5KDC_ERR_PREAUTH_FAILED;
-	id_cryptoctx->creds[i]->cert = x;
-	id_cryptoctx->creds[i]->key = NULL;
-	id_cryptoctx->creds[i]->cert_id = cert_id;
-	id_cryptoctx->creds[i]->cert_id_len = attrs[1].ulValueLen;
-	free(cert);
+        if (i >= MAX_CREDS_ALLOWED)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+
+        /* Look for x.509 cert */
+        if ((r = id_cryptoctx->p11->C_FindObjects(id_cryptoctx->session,
+                                                  &obj, 1, &count)) != CKR_OK || count <= 0) {
+            id_cryptoctx->creds[i] = NULL;
+            break;
+        }
+
+        /* Get cert and id len */
+        attrs[0].type = CKA_VALUE;
+        attrs[0].pValue = NULL;
+        attrs[0].ulValueLen = 0;
+
+        attrs[1].type = CKA_ID;
+        attrs[1].pValue = NULL;
+        attrs[1].ulValueLen = 0;
+
+        if ((r = id_cryptoctx->p11->C_GetAttributeValue(id_cryptoctx->session,
+                                                        obj, attrs, 2)) != CKR_OK && r != CKR_BUFFER_TOO_SMALL) {
+            pkiDebug("C_GetAttributeValue: %s\n", pkinit_pkcs11_code_to_text(r));
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        }
+        cert = (CK_BYTE_PTR) malloc((size_t) attrs[0].ulValueLen + 1);
+        cert_id = (CK_BYTE_PTR) malloc((size_t) attrs[1].ulValueLen + 1);
+        if (cert == NULL || cert_id == NULL)
+            return ENOMEM;
+
+        /* Read the cert and id off the card */
+
+        attrs[0].type = CKA_VALUE;
+        attrs[0].pValue = cert;
+
+        attrs[1].type = CKA_ID;
+        attrs[1].pValue = cert_id;
+
+        if ((r = id_cryptoctx->p11->C_GetAttributeValue(id_cryptoctx->session,
+                                                        obj, attrs, 2)) != CKR_OK) {
+            pkiDebug("C_GetAttributeValue: %s\n", pkinit_pkcs11_code_to_text(r));
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        }
+
+        pkiDebug("cert %d size %d id %d idlen %d\n", i,
+                 (int) attrs[0].ulValueLen, (int) cert_id[0],
+                 (int) attrs[1].ulValueLen);
+
+        cp = (unsigned char *) cert;
+        x = d2i_X509(NULL, &cp, (int) attrs[0].ulValueLen);
+        if (x == NULL)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        id_cryptoctx->creds[i] = malloc(sizeof(struct _pkinit_cred_info));
+        if (id_cryptoctx->creds[i] == NULL)
+            return KRB5KDC_ERR_PREAUTH_FAILED;
+        id_cryptoctx->creds[i]->cert = x;
+        id_cryptoctx->creds[i]->key = NULL;
+        id_cryptoctx->creds[i]->cert_id = cert_id;
+        id_cryptoctx->creds[i]->cert_id_len = attrs[1].ulValueLen;
+        free(cert);
     }
     id_cryptoctx->p11->C_FindObjectsFinal(id_cryptoctx->session);
     if (cert == NULL)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     return 0;
 }
 #endif
@@ -4169,79 +4159,79 @@ pkinit_get_certs_pkcs11(krb5_context context,
 
 static void
 free_cred_info(krb5_context context,
-	       pkinit_identity_crypto_context id_cryptoctx,
-	       struct _pkinit_cred_info *cred)
+               pkinit_identity_crypto_context id_cryptoctx,
+               struct _pkinit_cred_info *cred)
 {
     if (cred != NULL) {
-	if (cred->cert != NULL)
-	    X509_free(cred->cert);
-	if (cred->key != NULL)
-	    EVP_PKEY_free(cred->key);
+        if (cred->cert != NULL)
+            X509_free(cred->cert);
+        if (cred->key != NULL)
+            EVP_PKEY_free(cred->key);
 #ifndef WITHOUT_PKCS11
-	free(cred->cert_id);
+        free(cred->cert_id);
 #endif
-	free(cred);
+        free(cred);
     }
 }
 
 krb5_error_code
 crypto_free_cert_info(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_crypto_context id_cryptoctx)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx)
 {
     int i;
 
     if (id_cryptoctx == NULL)
-	return EINVAL;
+        return EINVAL;
 
     for (i = 0; i < MAX_CREDS_ALLOWED; i++) {
-	if (id_cryptoctx->creds[i] != NULL) {
-	    free_cred_info(context, id_cryptoctx, id_cryptoctx->creds[i]);
-	    id_cryptoctx->creds[i] = NULL;
-	}
+        if (id_cryptoctx->creds[i] != NULL) {
+            free_cred_info(context, id_cryptoctx, id_cryptoctx->creds[i]);
+            id_cryptoctx->creds[i] = NULL;
+        }
     }
     return 0;
 }
 
 krb5_error_code
 crypto_load_certs(krb5_context context,
-		  pkinit_plg_crypto_context plg_cryptoctx,
-		  pkinit_req_crypto_context req_cryptoctx,
-		  pkinit_identity_opts *idopts,
-		  pkinit_identity_crypto_context id_cryptoctx,
-		  krb5_principal princ)
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context req_cryptoctx,
+                  pkinit_identity_opts *idopts,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  krb5_principal princ)
 {
     krb5_error_code retval;
 
     switch(idopts->idtype) {
-	case IDTYPE_FILE:
-	    retval = pkinit_get_certs_fs(context, plg_cryptoctx,
-					 req_cryptoctx, idopts,
-					 id_cryptoctx, princ);
-	    break;
-	case IDTYPE_DIR:
-	    retval = pkinit_get_certs_dir(context, plg_cryptoctx,
-					  req_cryptoctx, idopts,
-					  id_cryptoctx, princ);
-	    break;
+    case IDTYPE_FILE:
+        retval = pkinit_get_certs_fs(context, plg_cryptoctx,
+                                     req_cryptoctx, idopts,
+                                     id_cryptoctx, princ);
+        break;
+    case IDTYPE_DIR:
+        retval = pkinit_get_certs_dir(context, plg_cryptoctx,
+                                      req_cryptoctx, idopts,
+                                      id_cryptoctx, princ);
+        break;
 #ifndef WITHOUT_PKCS11
-	case IDTYPE_PKCS11:
-	    retval = pkinit_get_certs_pkcs11(context, plg_cryptoctx,
-					     req_cryptoctx, idopts,
-					     id_cryptoctx, princ);
-	    break;
+    case IDTYPE_PKCS11:
+        retval = pkinit_get_certs_pkcs11(context, plg_cryptoctx,
+                                         req_cryptoctx, idopts,
+                                         id_cryptoctx, princ);
+        break;
 #endif
-	case IDTYPE_PKCS12:
-	    retval = pkinit_get_certs_pkcs12(context, plg_cryptoctx,
-					     req_cryptoctx, idopts,
-					     id_cryptoctx, princ);
-		break;
-	default:
-	    retval = EINVAL;
+    case IDTYPE_PKCS12:
+        retval = pkinit_get_certs_pkcs12(context, plg_cryptoctx,
+                                         req_cryptoctx, idopts,
+                                         id_cryptoctx, princ);
+        break;
+    default:
+        retval = EINVAL;
     }
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
 cleanup:
     return retval;
@@ -4252,19 +4242,19 @@ cleanup:
  */
 krb5_error_code
 crypto_cert_get_count(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      int *cert_count)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      int *cert_count)
 {
     int count;
 
     if (id_cryptoctx == NULL || id_cryptoctx->creds[0] == NULL)
-	return EINVAL;
+        return EINVAL;
 
     for (count = 0;
-	 count <= MAX_CREDS_ALLOWED && id_cryptoctx->creds[count] != NULL;
-	 count++);
+         count <= MAX_CREDS_ALLOWED && id_cryptoctx->creds[count] != NULL;
+         count++);
     *cert_count = count;
     return 0;
 }
@@ -4275,25 +4265,25 @@ crypto_cert_get_count(krb5_context context,
  */
 krb5_error_code
 crypto_cert_iteration_begin(krb5_context context,
-			    pkinit_plg_crypto_context plg_cryptoctx,
-			    pkinit_req_crypto_context req_cryptoctx,
-			    pkinit_identity_crypto_context id_cryptoctx,
-			    pkinit_cert_iter_handle *ih_ret)
+                            pkinit_plg_crypto_context plg_cryptoctx,
+                            pkinit_req_crypto_context req_cryptoctx,
+                            pkinit_identity_crypto_context id_cryptoctx,
+                            pkinit_cert_iter_handle *ih_ret)
 {
     struct _pkinit_cert_iter_data *id;
 
     if (id_cryptoctx == NULL || ih_ret == NULL)
-	return EINVAL;
-    if (id_cryptoctx->creds[0] == NULL)	/* No cred info available */
-	return ENOENT;
+        return EINVAL;
+    if (id_cryptoctx->creds[0] == NULL) /* No cred info available */
+        return ENOENT;
 
     id = calloc(1, sizeof(*id));
     if (id == NULL)
-	return ENOMEM;
+        return ENOMEM;
     id->magic = ITER_MAGIC;
     id->plgctx = plg_cryptoctx,
-    id->reqctx = req_cryptoctx,
-    id->idctx = id_cryptoctx;
+        id->reqctx = req_cryptoctx,
+        id->idctx = id_cryptoctx;
     id->index = 0;
     *ih_ret = (pkinit_cert_iter_handle) id;
     return 0;
@@ -4304,12 +4294,12 @@ crypto_cert_iteration_begin(krb5_context context,
  */
 krb5_error_code
 crypto_cert_iteration_end(krb5_context context,
-			  pkinit_cert_iter_handle ih)
+                          pkinit_cert_iter_handle ih)
 {
     struct _pkinit_cert_iter_data *id = (struct _pkinit_cert_iter_data *)ih;
 
     if (id == NULL || id->magic != ITER_MAGIC)
-	return EINVAL;
+        return EINVAL;
     free(ih);
     return 0;
 }
@@ -4319,29 +4309,29 @@ crypto_cert_iteration_end(krb5_context context,
  */
 krb5_error_code
 crypto_cert_iteration_next(krb5_context context,
-			   pkinit_cert_iter_handle ih,
-			   pkinit_cert_handle *ch_ret)
+                           pkinit_cert_iter_handle ih,
+                           pkinit_cert_handle *ch_ret)
 {
     struct _pkinit_cert_iter_data *id = (struct _pkinit_cert_iter_data *)ih;
     struct _pkinit_cert_data *cd;
     pkinit_identity_crypto_context id_cryptoctx;
 
     if (id == NULL || id->magic != ITER_MAGIC)
-	return EINVAL;
+        return EINVAL;
 
     if (ch_ret == NULL)
-	return EINVAL;
+        return EINVAL;
 
     id_cryptoctx = id->idctx;
     if (id_cryptoctx == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if (id_cryptoctx->creds[id->index] == NULL)
-	return PKINIT_ITER_NO_MORE;
+        return PKINIT_ITER_NO_MORE;
 
     cd = calloc(1, sizeof(*cd));
     if (cd == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     cd->magic = CERT_MAGIC;
     cd->plgctx = id->plgctx;
@@ -4358,11 +4348,11 @@ crypto_cert_iteration_next(krb5_context context,
  */
 krb5_error_code
 crypto_cert_release(krb5_context context,
-		    pkinit_cert_handle ch)
+                    pkinit_cert_handle ch)
 {
     struct _pkinit_cert_data *cd = (struct _pkinit_cert_data *)ch;
     if (cd == NULL || cd->magic != CERT_MAGIC)
-	return EINVAL;
+        return EINVAL;
     free(cd);
     return 0;
 }
@@ -4372,11 +4362,11 @@ crypto_cert_release(krb5_context context,
  */
 static krb5_error_code
 crypto_retieve_X509_key_usage(krb5_context context,
-			      pkinit_plg_crypto_context plgcctx,
-			      pkinit_req_crypto_context reqcctx,
-			      X509 *x,
-			      unsigned int *ret_ku_bits,
-			      unsigned int *ret_eku_bits)
+                              pkinit_plg_crypto_context plgcctx,
+                              pkinit_req_crypto_context reqcctx,
+                              X509 *x,
+                              unsigned int *ret_ku_bits,
+                              unsigned int *ret_eku_bits)
 {
     krb5_error_code retval = 0;
     int i;
@@ -4384,36 +4374,36 @@ crypto_retieve_X509_key_usage(krb5_context context,
     ASN1_BIT_STRING *usage = NULL;
 
     if (ret_ku_bits == NULL && ret_eku_bits == NULL)
-	return EINVAL;
+        return EINVAL;
 
     if (ret_eku_bits)
-	*ret_eku_bits = 0;
+        *ret_eku_bits = 0;
     else {
-	pkiDebug("%s: EKUs not requested, not checking\n", __FUNCTION__);
-	goto check_kus;
+        pkiDebug("%s: EKUs not requested, not checking\n", __FUNCTION__);
+        goto check_kus;
     }
 
     /* Start with Extended Key usage */
     i = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
     if (i >= 0) {
-	EXTENDED_KEY_USAGE *eku;
-
-	eku = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL);
-	if (eku) {
-	    for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-		ASN1_OBJECT *certoid;
-		certoid = sk_ASN1_OBJECT_value(eku, i);
-		if ((OBJ_cmp(certoid, plgcctx->id_pkinit_KPClientAuth)) == 0)
-		    eku_bits |= PKINIT_EKU_PKINIT;
-		else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_ms_smartcard_login))) == 0)
-		    eku_bits |= PKINIT_EKU_MSSCLOGIN;
-		else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_client_auth))) == 0)
-		    eku_bits |= PKINIT_EKU_CLIENTAUTH;
-		else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_email_protect))) == 0)
-		    eku_bits |= PKINIT_EKU_EMAILPROTECTION;
-	    }
-	    EXTENDED_KEY_USAGE_free(eku);
-	}
+        EXTENDED_KEY_USAGE *eku;
+
+        eku = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL);
+        if (eku) {
+            for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+                ASN1_OBJECT *certoid;
+                certoid = sk_ASN1_OBJECT_value(eku, i);
+                if ((OBJ_cmp(certoid, plgcctx->id_pkinit_KPClientAuth)) == 0)
+                    eku_bits |= PKINIT_EKU_PKINIT;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_ms_smartcard_login))) == 0)
+                    eku_bits |= PKINIT_EKU_MSSCLOGIN;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_client_auth))) == 0)
+                    eku_bits |= PKINIT_EKU_CLIENTAUTH;
+                else if ((OBJ_cmp(certoid, OBJ_nid2obj(NID_email_protect))) == 0)
+                    eku_bits |= PKINIT_EKU_EMAILPROTECTION;
+            }
+            EXTENDED_KEY_USAGE_free(eku);
+        }
     }
     pkiDebug("%s: returning eku 0x%08x\n", __FUNCTION__, eku_bits);
     *ret_eku_bits = eku_bits;
@@ -4421,20 +4411,20 @@ crypto_retieve_X509_key_usage(krb5_context context,
 check_kus:
     /* Now the Key Usage bits */
     if (ret_ku_bits)
-	*ret_ku_bits = 0;
+        *ret_ku_bits = 0;
     else {
-	pkiDebug("%s: KUs not requested, not checking\n", __FUNCTION__);
-	goto out;
+        pkiDebug("%s: KUs not requested, not checking\n", __FUNCTION__);
+        goto out;
     }
 
     /* Make sure usage exists before checking bits */
     usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL);
     if (usage) {
-	if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
-	    ku_bits |= PKINIT_KU_DIGITALSIGNATURE;
-	if (!ku_reject(x, X509v3_KU_KEY_ENCIPHERMENT))
-	    ku_bits |= PKINIT_KU_KEYENCIPHERMENT;
-	ASN1_BIT_STRING_free(usage);
+        if (!ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
+            ku_bits |= PKINIT_KU_DIGITALSIGNATURE;
+        if (!ku_reject(x, X509v3_KU_KEY_ENCIPHERMENT))
+            ku_bits |= PKINIT_KU_KEYENCIPHERMENT;
+        ASN1_BIT_STRING_free(usage);
     }
 
     pkiDebug("%s: returning ku 0x%08x\n", __FUNCTION__, ku_bits);
@@ -4453,24 +4443,24 @@ out:
  */
 static char *
 X509_NAME_oneline_ex(X509_NAME * a,
-		     char *buf,
-		     unsigned int *size,
-		     unsigned long flag)
+                     char *buf,
+                     unsigned int *size,
+                     unsigned long flag)
 {
-  BIO *out = NULL;
+    BIO *out = NULL;
 
-  out = BIO_new(BIO_s_mem ());
-  if (X509_NAME_print_ex(out, a, 0, flag) > 0) {
-    if (buf != NULL && *size > (int) BIO_number_written(out)) {
-      memset(buf, 0, *size);
-      BIO_read(out, buf, (int) BIO_number_written(out));
-    }
-    else {
-      *size = BIO_number_written(out);
-    }
-  }
-  BIO_free(out);
-  return (buf);
+    out = BIO_new(BIO_s_mem ());
+    if (X509_NAME_print_ex(out, a, 0, flag) > 0) {
+        if (buf != NULL && *size > (int) BIO_number_written(out)) {
+            memset(buf, 0, *size);
+            BIO_read(out, buf, (int) BIO_number_written(out));
+        }
+        else {
+            *size = BIO_number_written(out);
+        }
+    }
+    BIO_free(out);
+    return (buf);
 }
 
 /*
@@ -4478,8 +4468,8 @@ X509_NAME_oneline_ex(X509_NAME * a,
  */
 krb5_error_code
 crypto_cert_get_matching_data(krb5_context context,
-			      pkinit_cert_handle ch,
-			      pkinit_cert_matching_data **ret_md)
+                              pkinit_cert_handle ch,
+                              pkinit_cert_matching_data **ret_md)
 {
     krb5_error_code retval;
     pkinit_cert_matching_data *md;
@@ -4490,85 +4480,85 @@ crypto_cert_get_matching_data(krb5_context context,
     unsigned int bufsize = sizeof(buf);
 
     if (cd == NULL || cd->magic != CERT_MAGIC)
-	return EINVAL;
+        return EINVAL;
     if (ret_md == NULL)
-	return EINVAL;
+        return EINVAL;
 
     md = calloc(1, sizeof(*md));
     if (md == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     md->ch = ch;
 
     /* get the subject name (in rfc2253 format) */
     X509_NAME_oneline_ex(X509_get_subject_name(cd->cred->cert),
-			 buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
+                         buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
     md->subject_dn = strdup(buf);
     if (md->subject_dn == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* get the issuer name (in rfc2253 format) */
     X509_NAME_oneline_ex(X509_get_issuer_name(cd->cred->cert),
-			 buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
+                         buf, &bufsize, XN_FLAG_SEP_COMMA_PLUS);
     md->issuer_dn = strdup(buf);
     if (md->issuer_dn == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     /* get the san data */
     retval = crypto_retrieve_X509_sans(context, cd->plgctx, cd->reqctx,
-				       cd->cred->cert, &pkinit_sans,
-				       &upn_sans, NULL);
+                                       cd->cred->cert, &pkinit_sans,
+                                       &upn_sans, NULL);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     j = 0;
     if (pkinit_sans != NULL) {
-	for (i = 0; pkinit_sans[i] != NULL; i++)
-	    j++;
+        for (i = 0; pkinit_sans[i] != NULL; i++)
+            j++;
     }
     if (upn_sans != NULL) {
-	for (i = 0; upn_sans[i] != NULL; i++)
-	    j++;
+        for (i = 0; upn_sans[i] != NULL; i++)
+            j++;
     }
     if (j != 0) {
-	md->sans = calloc((size_t)j+1, sizeof(*md->sans));
-	if (md->sans == NULL) {
-	    retval = ENOMEM;
-	    goto cleanup;
-	}
-	j = 0;
-	if (pkinit_sans != NULL) {
-	    for (i = 0; pkinit_sans[i] != NULL; i++)
-		md->sans[j++] = pkinit_sans[i];
-	    free(pkinit_sans);
-	}
-	if (upn_sans != NULL) {
-	    for (i = 0; upn_sans[i] != NULL; i++)
-		md->sans[j++] = upn_sans[i];
-	    free(upn_sans);
-	}
-	md->sans[j] = NULL;
+        md->sans = calloc((size_t)j+1, sizeof(*md->sans));
+        if (md->sans == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        j = 0;
+        if (pkinit_sans != NULL) {
+            for (i = 0; pkinit_sans[i] != NULL; i++)
+                md->sans[j++] = pkinit_sans[i];
+            free(pkinit_sans);
+        }
+        if (upn_sans != NULL) {
+            for (i = 0; upn_sans[i] != NULL; i++)
+                md->sans[j++] = upn_sans[i];
+            free(upn_sans);
+        }
+        md->sans[j] = NULL;
     } else
-	md->sans = NULL;
+        md->sans = NULL;
 
     /* get the KU and EKU data */
 
     retval = crypto_retieve_X509_key_usage(context, cd->plgctx, cd->reqctx,
-					   cd->cred->cert,
-					   &md->ku_bits, &md->eku_bits);
+                                           cd->cred->cert,
+                                           &md->ku_bits, &md->eku_bits);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     *ret_md = md;
     retval = 0;
 cleanup:
     if (retval) {
-	if (md)
-	    crypto_cert_free_matching_data(context, md);
+        if (md)
+            crypto_cert_free_matching_data(context, md);
     }
     return retval;
 }
@@ -4578,21 +4568,21 @@ cleanup:
  */
 krb5_error_code
 crypto_cert_free_matching_data(krb5_context context,
-		      pkinit_cert_matching_data *md)
+                               pkinit_cert_matching_data *md)
 {
     krb5_principal p;
     int i;
 
     if (md == NULL)
-	return EINVAL;
+        return EINVAL;
     if (md->subject_dn)
-	free(md->subject_dn);
+        free(md->subject_dn);
     if (md->issuer_dn)
-	free(md->issuer_dn);
+        free(md->issuer_dn);
     if (md->sans) {
-	for (i = 0, p = md->sans[i]; p != NULL; p = md->sans[++i])
-	    krb5_free_principal(context, p);
-	free(md->sans);
+        for (i = 0, p = md->sans[i]; p != NULL; p = md->sans[++i])
+            krb5_free_principal(context, p);
+        free(md->sans);
     }
     free(md);
     return 0;
@@ -4603,34 +4593,34 @@ crypto_cert_free_matching_data(krb5_context context,
  */
 krb5_error_code
 crypto_cert_select(krb5_context context,
-		   pkinit_cert_matching_data *md)
+                   pkinit_cert_matching_data *md)
 {
     struct _pkinit_cert_data *cd;
     if (md == NULL)
-	return EINVAL;
+        return EINVAL;
 
     cd = (struct _pkinit_cert_data *)md->ch;
     if (cd == NULL || cd->magic != CERT_MAGIC)
-	return EINVAL;
+        return EINVAL;
 
     /* copy the selected cert into our id_cryptoctx */
     if (cd->idctx->my_certs != NULL) {
-	sk_X509_pop_free(cd->idctx->my_certs, X509_free);
+        sk_X509_pop_free(cd->idctx->my_certs, X509_free);
     }
     cd->idctx->my_certs = sk_X509_new_null();
     sk_X509_push(cd->idctx->my_certs, cd->cred->cert);
-    cd->idctx->creds[cd->index]->cert = NULL;	    /* Don't free it twice */
+    cd->idctx->creds[cd->index]->cert = NULL;       /* Don't free it twice */
     cd->idctx->cert_index = 0;
 
     if (cd->idctx->pkcs11_method != 1) {
-	cd->idctx->my_key = cd->cred->key;
-	cd->idctx->creds[cd->index]->key = NULL;    /* Don't free it twice */
+        cd->idctx->my_key = cd->cred->key;
+        cd->idctx->creds[cd->index]->key = NULL;    /* Don't free it twice */
     }
 #ifndef WITHOUT_PKCS11
     else {
-	cd->idctx->cert_id = cd->cred->cert_id;
-	cd->idctx->creds[cd->index]->cert_id = NULL; /* Don't free it twice */
-	cd->idctx->cert_id_len = cd->cred->cert_id_len;
+        cd->idctx->cert_id = cd->cred->cert_id;
+        cd->idctx->creds[cd->index]->cert_id = NULL; /* Don't free it twice */
+        cd->idctx->cert_id_len = cd->cred->cert_id_len;
     }
 #endif
     return 0;
@@ -4641,45 +4631,45 @@ crypto_cert_select(krb5_context context,
  */
 krb5_error_code
 crypto_cert_select_default(krb5_context context,
-			   pkinit_plg_crypto_context plg_cryptoctx,
-			   pkinit_req_crypto_context req_cryptoctx,
-			   pkinit_identity_crypto_context id_cryptoctx)
+                           pkinit_plg_crypto_context plg_cryptoctx,
+                           pkinit_req_crypto_context req_cryptoctx,
+                           pkinit_identity_crypto_context id_cryptoctx)
 {
     krb5_error_code retval;
     int cert_count = 0;
 
     retval = crypto_cert_get_count(context, plg_cryptoctx, req_cryptoctx,
-				   id_cryptoctx, &cert_count);
+                                   id_cryptoctx, &cert_count);
     if (retval) {
-	pkiDebug("%s: crypto_cert_get_count error %d, %s\n",
-		 __FUNCTION__, retval, error_message(retval));
-	goto errout;
+        pkiDebug("%s: crypto_cert_get_count error %d, %s\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto errout;
     }
     if (cert_count != 1) {
-	pkiDebug("%s: ERROR: There are %d certs to choose from, "
-		 "but there must be exactly one.\n",
-		 __FUNCTION__, cert_count);
-	retval = EINVAL;
-	goto errout;
+        pkiDebug("%s: ERROR: There are %d certs to choose from, "
+                 "but there must be exactly one.\n",
+                 __FUNCTION__, cert_count);
+        retval = EINVAL;
+        goto errout;
     }
     /* copy the selected cert into our id_cryptoctx */
     if (id_cryptoctx->my_certs != NULL) {
-	sk_X509_pop_free(id_cryptoctx->my_certs, X509_free);
+        sk_X509_pop_free(id_cryptoctx->my_certs, X509_free);
     }
     id_cryptoctx->my_certs = sk_X509_new_null();
     sk_X509_push(id_cryptoctx->my_certs, id_cryptoctx->creds[0]->cert);
-    id_cryptoctx->creds[0]->cert = NULL;	/* Don't free it twice */
+    id_cryptoctx->creds[0]->cert = NULL;        /* Don't free it twice */
     id_cryptoctx->cert_index = 0;
 
     if (id_cryptoctx->pkcs11_method != 1) {
-	id_cryptoctx->my_key = id_cryptoctx->creds[0]->key;
-	id_cryptoctx->creds[0]->key = NULL;	/* Don't free it twice */
+        id_cryptoctx->my_key = id_cryptoctx->creds[0]->key;
+        id_cryptoctx->creds[0]->key = NULL;     /* Don't free it twice */
     }
 #ifndef WITHOUT_PKCS11
     else {
-	id_cryptoctx->cert_id = id_cryptoctx->creds[0]->cert_id;
-	id_cryptoctx->creds[0]->cert_id = NULL; /* Don't free it twice */
-	id_cryptoctx->cert_id_len = id_cryptoctx->creds[0]->cert_id_len;
+        id_cryptoctx->cert_id = id_cryptoctx->creds[0]->cert_id;
+        id_cryptoctx->creds[0]->cert_id = NULL; /* Don't free it twice */
+        id_cryptoctx->cert_id_len = id_cryptoctx->creds[0]->cert_id_len;
     }
 #endif
     retval = 0;
@@ -4691,11 +4681,11 @@ errout:
 
 static krb5_error_code
 load_cas_and_crls(krb5_context context,
-		  pkinit_plg_crypto_context plg_cryptoctx,
-		  pkinit_req_crypto_context req_cryptoctx,
-		  pkinit_identity_crypto_context id_cryptoctx,
-		  int catype,
-		  char *filename)
+                  pkinit_plg_crypto_context plg_cryptoctx,
+                  pkinit_req_crypto_context req_cryptoctx,
+                  pkinit_identity_crypto_context id_cryptoctx,
+                  int catype,
+                  char *filename)
 {
     STACK_OF(X509_INFO) *sk = NULL;
     STACK_OF(X509) *ca_certs = NULL;
@@ -4708,93 +4698,93 @@ load_cas_and_crls(krb5_context context,
      * create a temporary one now */
     switch(catype) {
     case CATYPE_ANCHORS:
-	if (id_cryptoctx->trustedCAs != NULL)
-	    ca_certs = id_cryptoctx->trustedCAs;
-	else {
-	    ca_certs = sk_X509_new_null();
-	    if (ca_certs == NULL)
-		return ENOMEM;
-	}
-	break;
+        if (id_cryptoctx->trustedCAs != NULL)
+            ca_certs = id_cryptoctx->trustedCAs;
+        else {
+            ca_certs = sk_X509_new_null();
+            if (ca_certs == NULL)
+                return ENOMEM;
+        }
+        break;
     case CATYPE_INTERMEDIATES:
-	if (id_cryptoctx->intermediateCAs != NULL)
-	    ca_certs = id_cryptoctx->intermediateCAs;
-	else {
-	    ca_certs = sk_X509_new_null();
-	    if (ca_certs == NULL)
-		return ENOMEM;
-	}
-	break;
+        if (id_cryptoctx->intermediateCAs != NULL)
+            ca_certs = id_cryptoctx->intermediateCAs;
+        else {
+            ca_certs = sk_X509_new_null();
+            if (ca_certs == NULL)
+                return ENOMEM;
+        }
+        break;
     case CATYPE_CRLS:
-	if (id_cryptoctx->revoked != NULL)
-	    ca_crls = id_cryptoctx->revoked;
-	else {
-	    ca_crls = sk_X509_CRL_new_null();
-	    if (ca_crls == NULL)
-		return ENOMEM;
-	}
-	break;
+        if (id_cryptoctx->revoked != NULL)
+            ca_crls = id_cryptoctx->revoked;
+        else {
+            ca_crls = sk_X509_CRL_new_null();
+            if (ca_crls == NULL)
+                return ENOMEM;
+        }
+        break;
     default:
-	return ENOTSUP;
+        return ENOTSUP;
     }
 
     if (!(in = BIO_new_file(filename, "r"))) {
-	retval = errno;
-	pkiDebug("%s: error opening file '%s': %s\n", __FUNCTION__,
-		 filename, error_message(errno));
-	goto cleanup;
+        retval = errno;
+        pkiDebug("%s: error opening file '%s': %s\n", __FUNCTION__,
+                 filename, error_message(errno));
+        goto cleanup;
     }
 
     /* This loads from a file, a stack of x509/crl/pkey sets */
     if ((sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL)) == NULL) {
-	pkiDebug("%s: error reading file '%s'\n", __FUNCTION__, filename);
-	retval = EIO;
-	goto cleanup;
+        pkiDebug("%s: error reading file '%s'\n", __FUNCTION__, filename);
+        retval = EIO;
+        goto cleanup;
     }
 
     /* scan over the stack created from loading the file contents,
      * weed out duplicates, and push new ones onto the return stack
      */
     for (i = 0; i < sk_X509_INFO_num(sk); i++) {
-	X509_INFO *xi = sk_X509_INFO_value(sk, i);
-	if (xi != NULL && xi->x509 != NULL && catype != CATYPE_CRLS) {
-	    int j = 0, size = sk_X509_num(ca_certs), flag = 0;
-
-	    if (!size) {
-		sk_X509_push(ca_certs, xi->x509);
-		xi->x509 = NULL;
-		continue;
-	    }
-	    for (j = 0; j < size; j++) {
-		X509 *x = sk_X509_value(ca_certs, j);
-		flag = X509_cmp(x, xi->x509);
-		if (flag == 0)
-		    break;
-		else
-		    continue;
-	    }
-	    if (flag != 0) {
-		sk_X509_push(ca_certs, X509_dup(xi->x509));
-	    }
-	} else if (xi != NULL && xi->crl != NULL && catype == CATYPE_CRLS) {
-	    int j = 0, size = sk_X509_CRL_num(ca_crls), flag = 0;
-	    if (!size) {
-		sk_X509_CRL_push(ca_crls, xi->crl);
-		xi->crl = NULL;
-		continue;
-	    }
-	    for (j = 0; j < size; j++) {
-		X509_CRL *x = sk_X509_CRL_value(ca_crls, j);
-		flag = X509_CRL_cmp(x, xi->crl);
-		if (flag == 0)
-		    break;
-		else
-		    continue;
-	    }
-	    if (flag != 0) {
-		sk_X509_push(ca_crls, X509_CRL_dup(xi->crl));
-	    }
-	}
+        X509_INFO *xi = sk_X509_INFO_value(sk, i);
+        if (xi != NULL && xi->x509 != NULL && catype != CATYPE_CRLS) {
+            int j = 0, size = sk_X509_num(ca_certs), flag = 0;
+
+            if (!size) {
+                sk_X509_push(ca_certs, xi->x509);
+                xi->x509 = NULL;
+                continue;
+            }
+            for (j = 0; j < size; j++) {
+                X509 *x = sk_X509_value(ca_certs, j);
+                flag = X509_cmp(x, xi->x509);
+                if (flag == 0)
+                    break;
+                else
+                    continue;
+            }
+            if (flag != 0) {
+                sk_X509_push(ca_certs, X509_dup(xi->x509));
+            }
+        } else if (xi != NULL && xi->crl != NULL && catype == CATYPE_CRLS) {
+            int j = 0, size = sk_X509_CRL_num(ca_crls), flag = 0;
+            if (!size) {
+                sk_X509_CRL_push(ca_crls, xi->crl);
+                xi->crl = NULL;
+                continue;
+            }
+            for (j = 0; j < size; j++) {
+                X509_CRL *x = sk_X509_CRL_value(ca_crls, j);
+                flag = X509_CRL_cmp(x, xi->crl);
+                if (flag == 0)
+                    break;
+                else
+                    continue;
+            }
+            if (flag != 0) {
+                sk_X509_push(ca_crls, X509_CRL_dup(xi->crl));
+            }
+        }
     }
 
     /* If we added something and there wasn't a stack in the
@@ -4802,60 +4792,60 @@ load_cas_and_crls(krb5_context context,
      */
     switch(catype) {
     case CATYPE_ANCHORS:
-	if (sk_X509_num(ca_certs) == 0) {
-	    pkiDebug("no anchors in file, %s\n", filename);
-	    if (id_cryptoctx->trustedCAs == NULL)
-		sk_X509_free(ca_certs);
-	} else {
-	    if (id_cryptoctx->trustedCAs == NULL)
-		id_cryptoctx->trustedCAs = ca_certs;
-	}
-	break;
+        if (sk_X509_num(ca_certs) == 0) {
+            pkiDebug("no anchors in file, %s\n", filename);
+            if (id_cryptoctx->trustedCAs == NULL)
+                sk_X509_free(ca_certs);
+        } else {
+            if (id_cryptoctx->trustedCAs == NULL)
+                id_cryptoctx->trustedCAs = ca_certs;
+        }
+        break;
     case CATYPE_INTERMEDIATES:
-	if (sk_X509_num(ca_certs) == 0) {
-	    pkiDebug("no intermediates in file, %s\n", filename);
-	    if (id_cryptoctx->intermediateCAs == NULL)
-		sk_X509_free(ca_certs);
-	} else {
-	    if (id_cryptoctx->intermediateCAs == NULL)
-		id_cryptoctx->intermediateCAs = ca_certs;
-	}
-	break;
+        if (sk_X509_num(ca_certs) == 0) {
+            pkiDebug("no intermediates in file, %s\n", filename);
+            if (id_cryptoctx->intermediateCAs == NULL)
+                sk_X509_free(ca_certs);
+        } else {
+            if (id_cryptoctx->intermediateCAs == NULL)
+                id_cryptoctx->intermediateCAs = ca_certs;
+        }
+        break;
     case CATYPE_CRLS:
-	if (sk_X509_num(ca_crls) == 0) {
-	    pkiDebug("no crls in file, %s\n", filename);
-	    if (id_cryptoctx->revoked == NULL)
-		sk_X509_CRL_free(ca_crls);
-	} else {
-	    if (id_cryptoctx->revoked == NULL)
-		id_cryptoctx->revoked = ca_crls;
-	}
-	break;
+        if (sk_X509_num(ca_crls) == 0) {
+            pkiDebug("no crls in file, %s\n", filename);
+            if (id_cryptoctx->revoked == NULL)
+                sk_X509_CRL_free(ca_crls);
+        } else {
+            if (id_cryptoctx->revoked == NULL)
+                id_cryptoctx->revoked = ca_crls;
+        }
+        break;
     default:
-	/* Should have been caught above! */
-	retval = EINVAL;
-	goto cleanup;
-	break;
+        /* Should have been caught above! */
+        retval = EINVAL;
+        goto cleanup;
+        break;
     }
 
     retval = 0;
 
-  cleanup:
+cleanup:
     if (in != NULL)
-	BIO_free(in);
+        BIO_free(in);
     if (sk != NULL)
-	sk_X509_INFO_pop_free(sk, X509_INFO_free);
+        sk_X509_INFO_pop_free(sk, X509_INFO_free);
 
     return retval;
 }
 
 static krb5_error_code
 load_cas_and_crls_dir(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      int catype,
-		      char *dirname)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      int catype,
+                      char *dirname)
 {
     krb5_error_code retval = EINVAL;
     DIR *d = NULL;
@@ -4863,72 +4853,72 @@ load_cas_and_crls_dir(krb5_context context,
     char filename[1024];
 
     if (dirname == NULL)
-	return EINVAL;
+        return EINVAL;
 
     d = opendir(dirname);
     if (d == NULL)
-	return ENOENT;
+        return ENOENT;
 
     while ((dentry = readdir(d))) {
-	if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(filename)) {
-	    pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
-		     __FUNCTION__, dirname, dentry->d_name);
-	    goto cleanup;
-	}
-	/* Ignore subdirectories and anything starting with a dot */
+        if (strlen(dirname) + strlen(dentry->d_name) + 2 > sizeof(filename)) {
+            pkiDebug("%s: Path too long -- directory '%s' and file '%s'\n",
+                     __FUNCTION__, dirname, dentry->d_name);
+            goto cleanup;
+        }
+        /* Ignore subdirectories and anything starting with a dot */
 #ifdef DT_DIR
-	if (dentry->d_type == DT_DIR)
-	    continue;
+        if (dentry->d_type == DT_DIR)
+            continue;
 #endif
-	if (dentry->d_name[0] == '.')
-	    continue;
-	snprintf(filename, sizeof(filename), "%s/%s", dirname, dentry->d_name);
+        if (dentry->d_name[0] == '.')
+            continue;
+        snprintf(filename, sizeof(filename), "%s/%s", dirname, dentry->d_name);
 
-	retval = load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
-				   id_cryptoctx, catype, filename);
-	if (retval)
-	    goto cleanup;
+        retval = load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
+                                   id_cryptoctx, catype, filename);
+        if (retval)
+            goto cleanup;
     }
 
     retval = 0;
 
-  cleanup:
+cleanup:
     if (d != NULL)
-	closedir(d);
+        closedir(d);
 
     return retval;
 }
 
 krb5_error_code
 crypto_load_cas_and_crls(krb5_context context,
-			 pkinit_plg_crypto_context plg_cryptoctx,
-			 pkinit_req_crypto_context req_cryptoctx,
-			 pkinit_identity_opts *idopts,
-			 pkinit_identity_crypto_context id_cryptoctx,
-			 int idtype,
-			 int catype,
-			 char *id)
+                         pkinit_plg_crypto_context plg_cryptoctx,
+                         pkinit_req_crypto_context req_cryptoctx,
+                         pkinit_identity_opts *idopts,
+                         pkinit_identity_crypto_context id_cryptoctx,
+                         int idtype,
+                         int catype,
+                         char *id)
 {
     pkiDebug("%s: called with idtype %s and catype %s\n",
-	     __FUNCTION__, idtype2string(idtype), catype2string(catype));
+             __FUNCTION__, idtype2string(idtype), catype2string(catype));
     switch (idtype) {
     case IDTYPE_FILE:
-	return load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
-				 id_cryptoctx, catype, id);
-	break;
+        return load_cas_and_crls(context, plg_cryptoctx, req_cryptoctx,
+                                 id_cryptoctx, catype, id);
+        break;
     case IDTYPE_DIR:
-	return load_cas_and_crls_dir(context, plg_cryptoctx, req_cryptoctx,
-				     id_cryptoctx, catype, id);
-	break;
+        return load_cas_and_crls_dir(context, plg_cryptoctx, req_cryptoctx,
+                                     id_cryptoctx, catype, id);
+        break;
     default:
-	return ENOTSUP;
-	break;
+        return ENOTSUP;
+        break;
     }
 }
 
 static krb5_error_code
 create_identifiers_from_stack(STACK_OF(X509) *sk,
-			      krb5_external_principal_identifier *** ids)
+                              krb5_external_principal_identifier *** ids)
 {
     krb5_error_code retval = ENOMEM;
     int i = 0, sk_size = sk_X509_num(sk);
@@ -4943,105 +4933,105 @@ create_identifiers_from_stack(STACK_OF(X509) *sk,
     *ids = NULL;
 
     krb5_cas =
-	malloc((sk_size + 1) * sizeof(krb5_external_principal_identifier *));
+        malloc((sk_size + 1) * sizeof(krb5_external_principal_identifier *));
     if (krb5_cas == NULL)
-	return ENOMEM;
+        return ENOMEM;
     krb5_cas[sk_size] = NULL;
 
     for (i = 0; i < sk_size; i++) {
-	krb5_cas[i] = malloc(sizeof(krb5_external_principal_identifier));
+        krb5_cas[i] = malloc(sizeof(krb5_external_principal_identifier));
 
-	x = sk_X509_value(sk, i);
+        x = sk_X509_value(sk, i);
 
-	X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
-	pkiDebug("#%d cert= %s\n", i, buf);
+        X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+        pkiDebug("#%d cert= %s\n", i, buf);
 
-	/* fill-in subjectName */
-	krb5_cas[i]->subjectName.magic = 0;
-	krb5_cas[i]->subjectName.length = 0;
-	krb5_cas[i]->subjectName.data = NULL;
+        /* fill-in subjectName */
+        krb5_cas[i]->subjectName.magic = 0;
+        krb5_cas[i]->subjectName.length = 0;
+        krb5_cas[i]->subjectName.data = NULL;
 
-	xn = X509_get_subject_name(x);
-	len = i2d_X509_NAME(xn, NULL);
-	if ((p = krb5_cas[i]->subjectName.data = malloc((size_t) len)) == NULL)
-	    goto cleanup;
-	i2d_X509_NAME(xn, &p);
-	krb5_cas[i]->subjectName.length = len;
+        xn = X509_get_subject_name(x);
+        len = i2d_X509_NAME(xn, NULL);
+        if ((p = krb5_cas[i]->subjectName.data = malloc((size_t) len)) == NULL)
+            goto cleanup;
+        i2d_X509_NAME(xn, &p);
+        krb5_cas[i]->subjectName.length = len;
 
-	/* fill-in issuerAndSerialNumber */
-	krb5_cas[i]->issuerAndSerialNumber.length = 0;
-	krb5_cas[i]->issuerAndSerialNumber.magic = 0;
-	krb5_cas[i]->issuerAndSerialNumber.data = NULL;
+        /* fill-in issuerAndSerialNumber */
+        krb5_cas[i]->issuerAndSerialNumber.length = 0;
+        krb5_cas[i]->issuerAndSerialNumber.magic = 0;
+        krb5_cas[i]->issuerAndSerialNumber.data = NULL;
 
 #ifdef LONGHORN_BETA_COMPAT
-if (longhorn == 0) { /* XXX Longhorn doesn't like this */
+        if (longhorn == 0) { /* XXX Longhorn doesn't like this */
 #endif
-	is = PKCS7_ISSUER_AND_SERIAL_new();
-	X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
-	M_ASN1_INTEGER_free(is->serial);
-	is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
-	len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
-	if ((p = krb5_cas[i]->issuerAndSerialNumber.data =
-	     malloc((size_t) len)) == NULL)
-	    goto cleanup;
-	i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
-	krb5_cas[i]->issuerAndSerialNumber.length = len;
+            is = PKCS7_ISSUER_AND_SERIAL_new();
+            X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
+            M_ASN1_INTEGER_free(is->serial);
+            is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
+            len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
+            if ((p = krb5_cas[i]->issuerAndSerialNumber.data =
+                 malloc((size_t) len)) == NULL)
+                goto cleanup;
+            i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
+            krb5_cas[i]->issuerAndSerialNumber.length = len;
 #ifdef LONGHORN_BETA_COMPAT
-}
+        }
 #endif
 
-	/* fill-in subjectKeyIdentifier */
-	krb5_cas[i]->subjectKeyIdentifier.length = 0;
-	krb5_cas[i]->subjectKeyIdentifier.magic = 0;
-	krb5_cas[i]->subjectKeyIdentifier.data = NULL;
+        /* fill-in subjectKeyIdentifier */
+        krb5_cas[i]->subjectKeyIdentifier.length = 0;
+        krb5_cas[i]->subjectKeyIdentifier.magic = 0;
+        krb5_cas[i]->subjectKeyIdentifier.data = NULL;
 
 
 #ifdef LONGHORN_BETA_COMPAT
-if (longhorn == 0) {	/* XXX Longhorn doesn't like this */
+        if (longhorn == 0) {    /* XXX Longhorn doesn't like this */
 #endif
-	if (X509_get_ext_by_NID(x, NID_subject_key_identifier, -1) >= 0) {
-	    ASN1_OCTET_STRING *ikeyid = NULL;
-
-	    if ((ikeyid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL,
-					   NULL))) {
-		len = i2d_ASN1_OCTET_STRING(ikeyid, NULL);
-		if ((p = krb5_cas[i]->subjectKeyIdentifier.data =
-		     malloc((size_t) len)) == NULL)
-		    goto cleanup;
-		i2d_ASN1_OCTET_STRING(ikeyid, &p);
-		krb5_cas[i]->subjectKeyIdentifier.length = len;
-	    }
-	    if (ikeyid != NULL)
-		ASN1_OCTET_STRING_free(ikeyid);
-	}
+            if (X509_get_ext_by_NID(x, NID_subject_key_identifier, -1) >= 0) {
+                ASN1_OCTET_STRING *ikeyid = NULL;
+
+                if ((ikeyid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL,
+                                               NULL))) {
+                    len = i2d_ASN1_OCTET_STRING(ikeyid, NULL);
+                    if ((p = krb5_cas[i]->subjectKeyIdentifier.data =
+                         malloc((size_t) len)) == NULL)
+                        goto cleanup;
+                    i2d_ASN1_OCTET_STRING(ikeyid, &p);
+                    krb5_cas[i]->subjectKeyIdentifier.length = len;
+                }
+                if (ikeyid != NULL)
+                    ASN1_OCTET_STRING_free(ikeyid);
+            }
 #ifdef LONGHORN_BETA_COMPAT
-}
+        }
 #endif
-	if (is != NULL) {
-	    if (is->issuer != NULL)
-		X509_NAME_free(is->issuer);
-	    if (is->serial != NULL)
-		ASN1_INTEGER_free(is->serial);
-	    free(is);
-	}
+        if (is != NULL) {
+            if (is->issuer != NULL)
+                X509_NAME_free(is->issuer);
+            if (is->serial != NULL)
+                ASN1_INTEGER_free(is->serial);
+            free(is);
+        }
     }
 
     *ids = krb5_cas;
 
     retval = 0;
-  cleanup:
+cleanup:
     if (retval)
-	free_krb5_external_principal_identifier(&krb5_cas);
+        free_krb5_external_principal_identifier(&krb5_cas);
 
     return retval;
 }
 
 static krb5_error_code
 create_krb5_invalidCertificates(krb5_context context,
-				pkinit_plg_crypto_context plg_cryptoctx,
-				pkinit_req_crypto_context req_cryptoctx,
-				pkinit_identity_crypto_context id_cryptoctx,
-				krb5_external_principal_identifier *** ids)
+                                pkinit_plg_crypto_context plg_cryptoctx,
+                                pkinit_req_crypto_context req_cryptoctx,
+                                pkinit_identity_crypto_context id_cryptoctx,
+                                krb5_external_principal_identifier *** ids)
 {
 
     krb5_error_code retval = ENOMEM;
@@ -5049,11 +5039,11 @@ create_krb5_invalidCertificates(krb5_context context,
 
     *ids = NULL;
     if (req_cryptoctx->received_cert == NULL)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
 
     sk = sk_X509_new_null();
     if (sk == NULL)
-	goto cleanup;
+        goto cleanup;
     sk_X509_push(sk, req_cryptoctx->received_cert);
 
     retval = create_identifiers_from_stack(sk, ids);
@@ -5066,10 +5056,10 @@ cleanup:
 
 krb5_error_code
 create_krb5_supportedCMSTypes(krb5_context context,
-			      pkinit_plg_crypto_context plg_cryptoctx,
-			      pkinit_req_crypto_context req_cryptoctx,
-			      pkinit_identity_crypto_context id_cryptoctx,
-			      krb5_algorithm_identifier ***oids)
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              krb5_algorithm_identifier ***oids)
 {
 
     krb5_error_code retval = ENOMEM;
@@ -5079,18 +5069,18 @@ create_krb5_supportedCMSTypes(krb5_context context,
     *oids = NULL;
     loids = malloc(2 * sizeof(krb5_algorithm_identifier *));
     if (loids == NULL)
-	goto cleanup;
+        goto cleanup;
     loids[1] = NULL;
     loids[0] = malloc(sizeof(krb5_algorithm_identifier));
     if (loids[0] == NULL) {
-	free(loids);
-	goto cleanup;
+        free(loids);
+        goto cleanup;
     }
     retval = pkinit_copy_krb5_octet_data(&loids[0]->algorithm, &des3oid);
     if (retval) {
-	free(loids[0]);
-	free(loids);
-	goto cleanup;
+        free(loids[0]);
+        free(loids);
+        goto cleanup;
     }
     loids[0]->parameters.length = 0;
     loids[0]->parameters.data = NULL;
@@ -5104,10 +5094,10 @@ cleanup:
 
 krb5_error_code
 create_krb5_trustedCertifiers(krb5_context context,
-			      pkinit_plg_crypto_context plg_cryptoctx,
-			      pkinit_req_crypto_context req_cryptoctx,
-			      pkinit_identity_crypto_context id_cryptoctx,
-			      krb5_external_principal_identifier *** ids)
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              krb5_external_principal_identifier *** ids)
 {
 
     krb5_error_code retval = ENOMEM;
@@ -5115,7 +5105,7 @@ create_krb5_trustedCertifiers(krb5_context context,
 
     *ids = NULL;
     if (id_cryptoctx->trustedCAs == NULL)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
 
     retval = create_identifiers_from_stack(sk, ids);
 
@@ -5124,11 +5114,11 @@ create_krb5_trustedCertifiers(krb5_context context,
 
 krb5_error_code
 create_krb5_trustedCas(krb5_context context,
-		       pkinit_plg_crypto_context plg_cryptoctx,
-		       pkinit_req_crypto_context req_cryptoctx,
-		       pkinit_identity_crypto_context id_cryptoctx,
-		       int flag,
-		       krb5_trusted_ca *** ids)
+                       pkinit_plg_crypto_context plg_cryptoctx,
+                       pkinit_req_crypto_context req_cryptoctx,
+                       pkinit_identity_crypto_context id_cryptoctx,
+                       int flag,
+                       krb5_trusted_ca *** ids)
 {
     krb5_error_code retval = ENOMEM;
     STACK_OF(X509) *sk = id_cryptoctx->trustedCAs;
@@ -5142,79 +5132,79 @@ create_krb5_trustedCas(krb5_context context,
 
     *ids = NULL;
     if (id_cryptoctx->trustedCAs == NULL)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
 
     krb5_cas = malloc((sk_size + 1) * sizeof(krb5_trusted_ca *));
     if (krb5_cas == NULL)
-	return ENOMEM;
+        return ENOMEM;
     krb5_cas[sk_size] = NULL;
 
     for (i = 0; i < sk_size; i++) {
-	krb5_cas[i] = malloc(sizeof(krb5_trusted_ca));
-	if (krb5_cas[i] == NULL)
-	    goto cleanup;
-	x = sk_X509_value(sk, i);
-
-	X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
-	pkiDebug("#%d cert= %s\n", i, buf);
-
-	switch (flag) {
-	    case choice_trusted_cas_principalName:
-		krb5_cas[i]->choice = choice_trusted_cas_principalName;
-		break;
-	    case choice_trusted_cas_caName:
-		krb5_cas[i]->choice = choice_trusted_cas_caName;
-		krb5_cas[i]->u.caName.data = NULL;
-		krb5_cas[i]->u.caName.length = 0;
-		xn = X509_get_subject_name(x);
-		len = i2d_X509_NAME(xn, NULL);
-		if ((p = krb5_cas[i]->u.caName.data =
-		     malloc((size_t) len)) == NULL)
-		    goto cleanup;
-		i2d_X509_NAME(xn, &p);
-		krb5_cas[i]->u.caName.length = len;
-		break;
-	    case choice_trusted_cas_issuerAndSerial:
-		krb5_cas[i]->choice = choice_trusted_cas_issuerAndSerial;
-		krb5_cas[i]->u.issuerAndSerial.data = NULL;
-		krb5_cas[i]->u.issuerAndSerial.length = 0;
-		is = PKCS7_ISSUER_AND_SERIAL_new();
-		X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
-		M_ASN1_INTEGER_free(is->serial);
-		is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
-		len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
-		if ((p = krb5_cas[i]->u.issuerAndSerial.data =
-		    malloc((size_t) len)) == NULL)
-		    goto cleanup;
-		i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
-		krb5_cas[i]->u.issuerAndSerial.length = len;
-		if (is != NULL) {
-		    if (is->issuer != NULL)
-			X509_NAME_free(is->issuer);
-		    if (is->serial != NULL)
-			ASN1_INTEGER_free(is->serial);
-		    free(is);
-		}
-		break;
-	    default: break;
-	}
+        krb5_cas[i] = malloc(sizeof(krb5_trusted_ca));
+        if (krb5_cas[i] == NULL)
+            goto cleanup;
+        x = sk_X509_value(sk, i);
+
+        X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof(buf));
+        pkiDebug("#%d cert= %s\n", i, buf);
+
+        switch (flag) {
+        case choice_trusted_cas_principalName:
+            krb5_cas[i]->choice = choice_trusted_cas_principalName;
+            break;
+        case choice_trusted_cas_caName:
+            krb5_cas[i]->choice = choice_trusted_cas_caName;
+            krb5_cas[i]->u.caName.data = NULL;
+            krb5_cas[i]->u.caName.length = 0;
+            xn = X509_get_subject_name(x);
+            len = i2d_X509_NAME(xn, NULL);
+            if ((p = krb5_cas[i]->u.caName.data =
+                 malloc((size_t) len)) == NULL)
+                goto cleanup;
+            i2d_X509_NAME(xn, &p);
+            krb5_cas[i]->u.caName.length = len;
+            break;
+        case choice_trusted_cas_issuerAndSerial:
+            krb5_cas[i]->choice = choice_trusted_cas_issuerAndSerial;
+            krb5_cas[i]->u.issuerAndSerial.data = NULL;
+            krb5_cas[i]->u.issuerAndSerial.length = 0;
+            is = PKCS7_ISSUER_AND_SERIAL_new();
+            X509_NAME_set(&is->issuer, X509_get_issuer_name(x));
+            M_ASN1_INTEGER_free(is->serial);
+            is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(x));
+            len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
+            if ((p = krb5_cas[i]->u.issuerAndSerial.data =
+                 malloc((size_t) len)) == NULL)
+                goto cleanup;
+            i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
+            krb5_cas[i]->u.issuerAndSerial.length = len;
+            if (is != NULL) {
+                if (is->issuer != NULL)
+                    X509_NAME_free(is->issuer);
+                if (is->serial != NULL)
+                    ASN1_INTEGER_free(is->serial);
+                free(is);
+            }
+            break;
+        default: break;
+        }
     }
     retval = 0;
     *ids = krb5_cas;
 cleanup:
     if (retval)
-	free_krb5_trusted_ca(&krb5_cas);
+        free_krb5_trusted_ca(&krb5_cas);
 
     return retval;
 }
 
 krb5_error_code
 create_issuerAndSerial(krb5_context context,
-		       pkinit_plg_crypto_context plg_cryptoctx,
-		       pkinit_req_crypto_context req_cryptoctx,
-		       pkinit_identity_crypto_context id_cryptoctx,
-		       unsigned char **out,
-		       unsigned int *out_len)
+                       pkinit_plg_crypto_context plg_cryptoctx,
+                       pkinit_req_crypto_context req_cryptoctx,
+                       pkinit_identity_crypto_context id_cryptoctx,
+                       unsigned char **out,
+                       unsigned int *out_len)
 {
     unsigned char *p = NULL;
     PKCS7_ISSUER_AND_SERIAL *is = NULL;
@@ -5225,7 +5215,7 @@ create_issuerAndSerial(krb5_context context,
     *out = NULL;
     *out_len = 0;
     if (req_cryptoctx->received_cert == NULL)
-	return 0;
+        return 0;
 
     is = PKCS7_ISSUER_AND_SERIAL_new();
     X509_NAME_set(&is->issuer, X509_get_issuer_name(cert));
@@ -5233,7 +5223,7 @@ create_issuerAndSerial(krb5_context context,
     is->serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
     len = i2d_PKCS7_ISSUER_AND_SERIAL(is, NULL);
     if ((p = *out = malloc((size_t) len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     i2d_PKCS7_ISSUER_AND_SERIAL(is, &p);
     *out_len = len;
     retval = 0;
@@ -5248,33 +5238,33 @@ cleanup:
 
 static int
 pkcs7_decrypt(krb5_context context,
-	      pkinit_identity_crypto_context id_cryptoctx,
-	      PKCS7 *p7,
-	      BIO *data)
+              pkinit_identity_crypto_context id_cryptoctx,
+              PKCS7 *p7,
+              BIO *data)
 {
     BIO *tmpmem = NULL;
     int retval = 0, i = 0;
     char buf[4096];
 
     if(p7 == NULL)
-	return 0;
+        return 0;
 
     if(!PKCS7_type_is_enveloped(p7)) {
-	pkiDebug("wrong pkcs7 content type\n");
-	return 0;
+        pkiDebug("wrong pkcs7 content type\n");
+        return 0;
     }
 
     if(!(tmpmem = pkcs7_dataDecode(context, id_cryptoctx, p7))) {
-	pkiDebug("unable to decrypt pkcs7 object\n");
-	return 0;
+        pkiDebug("unable to decrypt pkcs7 object\n");
+        return 0;
     }
 
     for(;;) {
-	i = BIO_read(tmpmem, buf, sizeof(buf));
-	if (i <= 0) break;
-	BIO_write(data, buf, i);
-	BIO_free_all(tmpmem);
-	return 1;
+        i = BIO_read(tmpmem, buf, sizeof(buf));
+        if (i <= 0) break;
+        BIO_write(data, buf, i);
+        BIO_free_all(tmpmem);
+        return 1;
     }
     return retval;
 }
@@ -5298,52 +5288,52 @@ pkinit_process_td_trusted_certifiers(
     int i = 0;
 
     if (td_type == TD_TRUSTED_CERTIFIERS)
-	pkiDebug("received trusted certifiers\n");
+        pkiDebug("received trusted certifiers\n");
     else
-	pkiDebug("received invalid certificate\n");
+        pkiDebug("received invalid certificate\n");
 
     sk_xn = sk_X509_NAME_new_null();
     while(krb5_trusted_certifiers[i] != NULL) {
-	if (krb5_trusted_certifiers[i]->subjectName.data != NULL) {
-	    p = krb5_trusted_certifiers[i]->subjectName.data;
-	    xn = d2i_X509_NAME(NULL, &p,
-		(int)krb5_trusted_certifiers[i]->subjectName.length);
-	    if (xn == NULL)
-		goto cleanup;
-	    X509_NAME_oneline(xn, buf, sizeof(buf));
-	    if (td_type == TD_TRUSTED_CERTIFIERS)
-		pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
-	    else
-		pkiDebug("#%d cert = %s is invalid\n", i, buf);
-		sk_X509_NAME_push(sk_xn, xn);
-	}
-
-	if (krb5_trusted_certifiers[i]->issuerAndSerialNumber.data != NULL) {
-	    p = krb5_trusted_certifiers[i]->issuerAndSerialNumber.data;
-	    is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p,
-		(int)krb5_trusted_certifiers[i]->issuerAndSerialNumber.length);
-	    if (is == NULL)
-		goto cleanup;
-	    X509_NAME_oneline(is->issuer, buf, sizeof(buf));
-	    if (td_type == TD_TRUSTED_CERTIFIERS)
-		pkiDebug("#%d issuer = %s serial = %ld is trusted bu kdc\n", i,
-			 buf, ASN1_INTEGER_get(is->serial));
-	    else
-		pkiDebug("#%d issuer = %s serial = %ld is invalid\n", i, buf,
-			 ASN1_INTEGER_get(is->serial));
-	    PKCS7_ISSUER_AND_SERIAL_free(is);
-	}
-
-	if (krb5_trusted_certifiers[i]->subjectKeyIdentifier.data != NULL) {
-	    p = krb5_trusted_certifiers[i]->subjectKeyIdentifier.data;
-	    id = d2i_ASN1_OCTET_STRING(NULL, &p,
-		(int)krb5_trusted_certifiers[i]->subjectKeyIdentifier.length);
-	    if (id == NULL)
-		goto cleanup;
-	    /* XXX */
-	    ASN1_OCTET_STRING_free(id);
-	}
-	i++;
+        if (krb5_trusted_certifiers[i]->subjectName.data != NULL) {
+            p = krb5_trusted_certifiers[i]->subjectName.data;
+            xn = d2i_X509_NAME(NULL, &p,
+                               (int)krb5_trusted_certifiers[i]->subjectName.length);
+            if (xn == NULL)
+                goto cleanup;
+            X509_NAME_oneline(xn, buf, sizeof(buf));
+            if (td_type == TD_TRUSTED_CERTIFIERS)
+                pkiDebug("#%d cert = %s is trusted by kdc\n", i, buf);
+            else
+                pkiDebug("#%d cert = %s is invalid\n", i, buf);
+            sk_X509_NAME_push(sk_xn, xn);
+        }
+
+        if (krb5_trusted_certifiers[i]->issuerAndSerialNumber.data != NULL) {
+            p = krb5_trusted_certifiers[i]->issuerAndSerialNumber.data;
+            is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p,
+                                             (int)krb5_trusted_certifiers[i]->issuerAndSerialNumber.length);
+            if (is == NULL)
+                goto cleanup;
+            X509_NAME_oneline(is->issuer, buf, sizeof(buf));
+            if (td_type == TD_TRUSTED_CERTIFIERS)
+                pkiDebug("#%d issuer = %s serial = %ld is trusted bu kdc\n", i,
+                         buf, ASN1_INTEGER_get(is->serial));
+            else
+                pkiDebug("#%d issuer = %s serial = %ld is invalid\n", i, buf,
+                         ASN1_INTEGER_get(is->serial));
+            PKCS7_ISSUER_AND_SERIAL_free(is);
+        }
+
+        if (krb5_trusted_certifiers[i]->subjectKeyIdentifier.data != NULL) {
+            p = krb5_trusted_certifiers[i]->subjectKeyIdentifier.data;
+            id = d2i_ASN1_OCTET_STRING(NULL, &p,
+                                       (int)krb5_trusted_certifiers[i]->subjectKeyIdentifier.length);
+            if (id == NULL)
+                goto cleanup;
+            /* XXX */
+            ASN1_OCTET_STRING_free(id);
+        }
+        i++;
     }
     /* XXX Since we not doing anything with received trusted certifiers
      * return an error. this is the place where we can pick a different
@@ -5352,15 +5342,15 @@ pkinit_process_td_trusted_certifiers(
     retval = KRB5KDC_ERR_PREAUTH_FAILED;
 cleanup:
     if (sk_xn != NULL)
-	sk_X509_NAME_pop_free(sk_xn, X509_NAME_free);
+        sk_X509_NAME_pop_free(sk_xn, X509_NAME_free);
 
     return retval;
 }
 
 static BIO *
 pkcs7_dataDecode(krb5_context context,
-		 pkinit_identity_crypto_context id_cryptoctx,
-		 PKCS7 *p7)
+                 pkinit_identity_crypto_context id_cryptoctx,
+                 PKCS7 *p7)
 {
     int i = 0;
     unsigned int jj = 0, tmp_len = 0;
@@ -5374,7 +5364,7 @@ pkcs7_dataDecode(krb5_context context,
     X509_ALGOR *xalg=NULL;
     PKCS7_RECIP_INFO *ri=NULL;
     X509 *cert = sk_X509_value(id_cryptoctx->my_certs,
-	id_cryptoctx->cert_index);
+                               id_cryptoctx->cert_index);
 
     p7->state=PKCS7_S_HEADER;
 
@@ -5383,14 +5373,14 @@ pkcs7_dataDecode(krb5_context context,
     data_body=p7->d.enveloped->enc_data->enc_data;
     evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
     if (evp_cipher == NULL) {
-	PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-	goto cleanup;
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+        goto cleanup;
     }
     xalg=p7->d.enveloped->enc_data->algorithm;
 
     if ((etmp=BIO_new(BIO_f_cipher())) == NULL) {
-	PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-	goto cleanup;
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
+        goto cleanup;
     }
 
     /* It was encrypted, we need to decrypt the secret key
@@ -5401,141 +5391,141 @@ pkcs7_dataDecode(krb5_context context,
      */
 
     if (cert) {
-	for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-	    int tmp_ret = 0;
-	    ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-	    tmp_ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-				    cert->cert_info->issuer);
-	    if (!tmp_ret) {
-		tmp_ret = M_ASN1_INTEGER_cmp(cert->cert_info->serialNumber,
-					     ri->issuer_and_serial->serial);
-		if (!tmp_ret)
-		    break;
-	    }
-	    ri=NULL;
-	}
-	if (ri == NULL) {
-	    PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-		     PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-	    goto cleanup;
-	}
+        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            int tmp_ret = 0;
+            ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+            tmp_ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                                    cert->cert_info->issuer);
+            if (!tmp_ret) {
+                tmp_ret = M_ASN1_INTEGER_cmp(cert->cert_info->serialNumber,
+                                             ri->issuer_and_serial->serial);
+                if (!tmp_ret)
+                    break;
+            }
+            ri=NULL;
+        }
+        if (ri == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+            goto cleanup;
+        }
 
     }
 
     /* If we haven't got a certificate try each ri in turn */
 
     if (cert == NULL) {
-	for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-	    ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-	    jj = pkinit_decode_data(context, id_cryptoctx,
-		M_ASN1_STRING_data(ri->enc_key),
-		(unsigned int) M_ASN1_STRING_length(ri->enc_key),
-		&tmp, &tmp_len);
-	    if (jj) {
-		PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_EVP_LIB);
-		goto cleanup;
-	    }
-
-	    if (!jj && tmp_len > 0) {
-		jj = tmp_len;
-		break;
-	    }
-
-	    ERR_clear_error();
-	    ri = NULL;
-	}
-
-	if (ri == NULL) {
-	    PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
-	    goto cleanup;
-	}
+        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+            jj = pkinit_decode_data(context, id_cryptoctx,
+                                    M_ASN1_STRING_data(ri->enc_key),
+                                    (unsigned int) M_ASN1_STRING_length(ri->enc_key),
+                                    &tmp, &tmp_len);
+            if (jj) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_EVP_LIB);
+                goto cleanup;
+            }
+
+            if (!jj && tmp_len > 0) {
+                jj = tmp_len;
+                break;
+            }
+
+            ERR_clear_error();
+            ri = NULL;
+        }
+
+        if (ri == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
+            goto cleanup;
+        }
     }
     else {
-	jj = pkinit_decode_data(context, id_cryptoctx,
-	    M_ASN1_STRING_data(ri->enc_key),
-	    (unsigned int) M_ASN1_STRING_length(ri->enc_key),
-	    &tmp, &tmp_len);
-	if (jj || tmp_len <= 0) {
-	    PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_EVP_LIB);
-	    goto cleanup;
-	}
-	jj = tmp_len;
+        jj = pkinit_decode_data(context, id_cryptoctx,
+                                M_ASN1_STRING_data(ri->enc_key),
+                                (unsigned int) M_ASN1_STRING_length(ri->enc_key),
+                                &tmp, &tmp_len);
+        if (jj || tmp_len <= 0) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_EVP_LIB);
+            goto cleanup;
+        }
+        jj = tmp_len;
     }
 
     evp_ctx=NULL;
     BIO_get_cipher_ctx(etmp,&evp_ctx);
     if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
-	goto cleanup;
+        goto cleanup;
     if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
-	goto cleanup;
+        goto cleanup;
 
     if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
-	/* Some S/MIME clients don't use the same key
-	 * and effective key length. The key length is
-	 * determined by the size of the decrypted RSA key.
-	 */
-	if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, (int)jj)) {
-	    PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-		     PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-	    goto cleanup;
-	}
+        /* Some S/MIME clients don't use the same key
+         * and effective key length. The key length is
+         * determined by the size of the decrypted RSA key.
+         */
+        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, (int)jj)) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+            goto cleanup;
+        }
     }
     if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
-	goto cleanup;
+        goto cleanup;
 
     OPENSSL_cleanse(tmp,jj);
 
     if (out == NULL)
-	out=etmp;
+        out=etmp;
     else
-	BIO_push(out,etmp);
+        BIO_push(out,etmp);
     etmp=NULL;
 
     if (data_body->length > 0)
-	bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        bio = BIO_new_mem_buf(data_body->data, data_body->length);
     else {
-	bio=BIO_new(BIO_s_mem());
-	BIO_set_mem_eof_return(bio,0);
+        bio=BIO_new(BIO_s_mem());
+        BIO_set_mem_eof_return(bio,0);
     }
     BIO_push(out,bio);
     bio=NULL;
 
     if (0) {
-cleanup:
-	if (out != NULL) BIO_free_all(out);
-	if (etmp != NULL) BIO_free_all(etmp);
-	if (bio != NULL) BIO_free_all(bio);
-	out=NULL;
+    cleanup:
+        if (out != NULL) BIO_free_all(out);
+        if (etmp != NULL) BIO_free_all(etmp);
+        if (bio != NULL) BIO_free_all(bio);
+        out=NULL;
     }
 
     if (tmp != NULL)
-	free(tmp);
+        free(tmp);
 
     return(out);
 }
 
 static krb5_error_code
 der_decode_data(unsigned char *data, long data_len,
-		unsigned char **out, long *out_len)
+                unsigned char **out, long *out_len)
 {
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
     ASN1_OCTET_STRING *s = NULL;
     const unsigned char *p = data;
 
     if ((s = d2i_ASN1_BIT_STRING(NULL, &p, data_len)) == NULL)
-	goto cleanup;
+        goto cleanup;
     *out_len = s->length;
     if ((*out = malloc((size_t) *out_len + 1)) == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
     memcpy(*out, s->data, (size_t) s->length);
     (*out)[s->length] = '\0';
 
     retval = 0;
-  cleanup:
+cleanup:
     if (s != NULL)
-	ASN1_OCTET_STRING_free(s);
+        ASN1_OCTET_STRING_free(s);
 
     return retval;
 }
@@ -5551,9 +5541,9 @@ print_dh(DH * dh, char *msg)
     BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
     if (msg)
-	BIO_puts(bio_err, (const char *)msg);
+        BIO_puts(bio_err, (const char *)msg);
     if (dh)
-	DHparams_print(bio_err, dh);
+        DHparams_print(bio_err, dh);
 
     BN_print(bio_err, dh->q);
     BIO_puts(bio_err, (const char *)"\n");
@@ -5570,9 +5560,9 @@ print_pubkey(BIGNUM * key, char *msg)
     BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
 
     if (msg)
-	BIO_puts(bio_err, (const char *)msg);
+        BIO_puts(bio_err, (const char *)msg);
     if (key)
-	BN_print(bio_err, key);
+        BN_print(bio_err, key);
     BIO_puts(bio_err, "\n");
 
     BIO_free(bio_err);
@@ -5587,10 +5577,10 @@ pkinit_pkcs11_code_to_text(int err)
     static char uc[32];
 
     for (i = 0; pkcs11_errstrings[i].text != NULL; i++)
-	if (pkcs11_errstrings[i].code == err)
-	    break;
+        if (pkcs11_errstrings[i].code == err)
+            break;
     if (pkcs11_errstrings[i].text != NULL)
-	return (pkcs11_errstrings[i].text);
+        return (pkcs11_errstrings[i].text);
     snprintf(uc, sizeof(uc), "unknown code 0x%x", err);
     return (uc);
 }
diff --git a/src/plugins/preauth/pkinit/pkinit_identity.c b/src/plugins/preauth/pkinit/pkinit_identity.c
index 48426e3..aef0393 100644
--- a/src/plugins/preauth/pkinit/pkinit_identity.c
+++ b/src/plugins/preauth/pkinit/pkinit_identity.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -44,11 +45,11 @@ free_list(char **list)
     int i;
 
     if (list == NULL)
-	return;
+        return;
 
     for (i = 0; list[i] != NULL; i++)
-	free(list[i]);
-     free(list);
+        free(list[i]);
+    free(list);
 }
 
 static krb5_error_code
@@ -58,22 +59,22 @@ copy_list(char ***dst, char **src)
     char **newlist;
 
     if (dst == NULL)
-	return EINVAL;
+        return EINVAL;
     *dst = NULL;
 
     if (src == NULL)
-	return 0;
+        return 0;
 
     for (i = 0; src[i] != NULL; i++);
 
     newlist = calloc(1, (i + 1) * sizeof(*newlist));
     if (newlist == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     for (i = 0; src[i] != NULL; i++) {
-	newlist[i] = strdup(src[i]);
-	if (newlist[i] == NULL)
-	    goto cleanup;
+        newlist[i] = strdup(src[i]);
+        if (newlist[i] == NULL)
+            goto cleanup;
     }
     newlist[i] = NULL;
     *dst = newlist;
@@ -115,7 +116,7 @@ pkinit_init_identity_opts(pkinit_identity_opts **idopts)
     *idopts = NULL;
     opts = calloc(1, sizeof(pkinit_identity_opts));
     if (opts == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     opts->identity = NULL;
     opts->anchors = NULL;
@@ -141,7 +142,7 @@ pkinit_init_identity_opts(pkinit_identity_opts **idopts)
 
 krb5_error_code
 pkinit_dup_identity_opts(pkinit_identity_opts *src_opts,
-			 pkinit_identity_opts **dest_opts)
+                         pkinit_identity_opts **dest_opts)
 {
     pkinit_identity_opts *newopts;
     krb5_error_code retval;
@@ -149,71 +150,71 @@ pkinit_dup_identity_opts(pkinit_identity_opts *src_opts,
     *dest_opts = NULL;
     retval = pkinit_init_identity_opts(&newopts);
     if (retval)
-	return retval;
+        return retval;
 
     retval = ENOMEM;
 
     if (src_opts->identity != NULL) {
-	newopts->identity = strdup(src_opts->identity);
-	if (newopts->identity == NULL)
-	    goto cleanup;
+        newopts->identity = strdup(src_opts->identity);
+        if (newopts->identity == NULL)
+            goto cleanup;
     }
 
     retval = copy_list(&newopts->anchors, src_opts->anchors);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = copy_list(&newopts->intermediates,src_opts->intermediates);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     retval = copy_list(&newopts->crls, src_opts->crls);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     if (src_opts->ocsp != NULL) {
-	newopts->ocsp = strdup(src_opts->ocsp);
-	if (newopts->ocsp == NULL)
-	    goto cleanup;
+        newopts->ocsp = strdup(src_opts->ocsp);
+        if (newopts->ocsp == NULL)
+            goto cleanup;
     }
 
     if (src_opts->cert_filename != NULL) {
-	newopts->cert_filename = strdup(src_opts->cert_filename);
-	if (newopts->cert_filename == NULL)
-	    goto cleanup;
+        newopts->cert_filename = strdup(src_opts->cert_filename);
+        if (newopts->cert_filename == NULL)
+            goto cleanup;
     }
 
     if (src_opts->key_filename != NULL) {
-	newopts->key_filename = strdup(src_opts->key_filename);
-	if (newopts->key_filename == NULL)
-	    goto cleanup;
+        newopts->key_filename = strdup(src_opts->key_filename);
+        if (newopts->key_filename == NULL)
+            goto cleanup;
     }
 
 #ifndef WITHOUT_PKCS11
     if (src_opts->p11_module_name != NULL) {
-	newopts->p11_module_name = strdup(src_opts->p11_module_name);
-	if (newopts->p11_module_name == NULL)
-	    goto cleanup;
+        newopts->p11_module_name = strdup(src_opts->p11_module_name);
+        if (newopts->p11_module_name == NULL)
+            goto cleanup;
     }
 
     newopts->slotid = src_opts->slotid;
 
     if (src_opts->token_label != NULL) {
-	newopts->token_label = strdup(src_opts->token_label);
-	if (newopts->token_label == NULL)
-	    goto cleanup;
+        newopts->token_label = strdup(src_opts->token_label);
+        if (newopts->token_label == NULL)
+            goto cleanup;
     }
 
     if (src_opts->cert_id_string != NULL) {
-	newopts->cert_id_string = strdup(src_opts->cert_id_string);
-	if (newopts->cert_id_string == NULL)
-	    goto cleanup;
+        newopts->cert_id_string = strdup(src_opts->cert_id_string);
+        if (newopts->cert_id_string == NULL)
+            goto cleanup;
     }
 
     if (src_opts->cert_label != NULL) {
-	newopts->cert_label = strdup(src_opts->cert_label);
-	if (newopts->cert_label == NULL)
-	    goto cleanup;
+        newopts->cert_label = strdup(src_opts->cert_label);
+        if (newopts->cert_label == NULL)
+            goto cleanup;
     }
 #endif
 
@@ -229,10 +230,10 @@ void
 pkinit_fini_identity_opts(pkinit_identity_opts *idopts)
 {
     if (idopts == NULL)
-	return;
+        return;
 
     if (idopts->identity != NULL)
-	free(idopts->identity);
+        free(idopts->identity);
     free_list(idopts->anchors);
     free_list(idopts->intermediates);
     free_list(idopts->crls);
@@ -252,64 +253,64 @@ pkinit_fini_identity_opts(pkinit_identity_opts *idopts)
 #ifndef WITHOUT_PKCS11
 static krb5_error_code
 parse_pkcs11_options(krb5_context context,
-		     pkinit_identity_opts *idopts,
-		     const char *residual)
+                     pkinit_identity_opts *idopts,
+                     const char *residual)
 {
     char *s, *cp, *vp, *save;
     krb5_error_code retval = ENOMEM;
 
     if (residual == NULL || residual[0] == '\0')
-	return 0;
+        return 0;
 
     /* Split string into attr=value substrings */
     s = strdup(residual);
     if (s == NULL)
-	return retval;
+        return retval;
 
     for (cp = strtok_r(s, ":", &save); cp; cp = strtok_r(NULL, ":", &save)) {
-	vp = strchr(cp, '=');
-
-	/* If there is no "=", this is a pkcs11 module name */
-	if (vp == NULL) {
-	    free(idopts->p11_module_name);
-	    idopts->p11_module_name = strdup(cp);
-	    if (idopts->p11_module_name == NULL)
-		goto cleanup;
-	    continue;
-	}
-	*vp++ = '\0';
-	if (!strcmp(cp, "module_name")) {
-	    free(idopts->p11_module_name);
-	    idopts->p11_module_name = strdup(vp);
-	    if (idopts->p11_module_name == NULL)
-		goto cleanup;
-	} else if (!strcmp(cp, "slotid")) {
-	    long slotid = strtol(vp, NULL, 10);
-	    if ((slotid == LONG_MIN || slotid == LONG_MAX) && errno != 0) {
-		retval = EINVAL;
-		goto cleanup;
-	    }
-	    if ((long) (int) slotid != slotid) {
-		retval = EINVAL;
-		goto cleanup;
-	    }
-	    idopts->slotid = slotid;
-	} else if (!strcmp(cp, "token")) {
-	    free(idopts->token_label);
-	    idopts->token_label = strdup(vp);
-	    if (idopts->token_label == NULL)
-		goto cleanup;
-	} else if (!strcmp(cp, "certid")) {
-	    free(idopts->cert_id_string);
-	    idopts->cert_id_string = strdup(vp);
-	    if (idopts->cert_id_string == NULL)
-		goto cleanup;
-	} else if (!strcmp(cp, "certlabel")) {
-	    free(idopts->cert_label);
-	    idopts->cert_label = strdup(vp);
-	    if (idopts->cert_label == NULL)
-		goto cleanup;
-	}
+        vp = strchr(cp, '=');
+
+        /* If there is no "=", this is a pkcs11 module name */
+        if (vp == NULL) {
+            free(idopts->p11_module_name);
+            idopts->p11_module_name = strdup(cp);
+            if (idopts->p11_module_name == NULL)
+                goto cleanup;
+            continue;
+        }
+        *vp++ = '\0';
+        if (!strcmp(cp, "module_name")) {
+            free(idopts->p11_module_name);
+            idopts->p11_module_name = strdup(vp);
+            if (idopts->p11_module_name == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "slotid")) {
+            long slotid = strtol(vp, NULL, 10);
+            if ((slotid == LONG_MIN || slotid == LONG_MAX) && errno != 0) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+            if ((long) (int) slotid != slotid) {
+                retval = EINVAL;
+                goto cleanup;
+            }
+            idopts->slotid = slotid;
+        } else if (!strcmp(cp, "token")) {
+            free(idopts->token_label);
+            idopts->token_label = strdup(vp);
+            if (idopts->token_label == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "certid")) {
+            free(idopts->cert_id_string);
+            idopts->cert_id_string = strdup(vp);
+            if (idopts->cert_id_string == NULL)
+                goto cleanup;
+        } else if (!strcmp(cp, "certlabel")) {
+            free(idopts->cert_label);
+            idopts->cert_label = strdup(vp);
+            if (idopts->cert_label == NULL)
+                goto cleanup;
+        }
     }
     retval = 0;
 cleanup:
@@ -320,29 +321,29 @@ cleanup:
 
 static krb5_error_code
 parse_fs_options(krb5_context context,
-		 pkinit_identity_opts *idopts,
-		 const char *residual)
+                 pkinit_identity_opts *idopts,
+                 const char *residual)
 {
     char *certname, *keyname, *save;
     krb5_error_code retval = ENOMEM;
 
     if (residual == NULL || residual[0] == '\0')
-	return 0;
+        return 0;
 
     certname = strdup(residual);
     if (certname == NULL)
-	goto cleanup;
+        goto cleanup;
 
     certname = strtok_r(certname, ",", &save);
     keyname = strtok_r(NULL, ",", &save);
 
     idopts->cert_filename = strdup(certname);
     if (idopts->cert_filename == NULL)
-	goto cleanup;
+        goto cleanup;
 
     idopts->key_filename = strdup(keyname ? keyname : certname);
     if (idopts->key_filename == NULL)
-	goto cleanup;
+        goto cleanup;
 
     retval = 0;
 cleanup:
@@ -352,25 +353,25 @@ cleanup:
 
 static krb5_error_code
 parse_pkcs12_options(krb5_context context,
-		     pkinit_identity_opts *idopts,
-		     const char *residual)
+                     pkinit_identity_opts *idopts,
+                     const char *residual)
 {
     krb5_error_code retval = ENOMEM;
 
     if (residual == NULL || residual[0] == '\0')
-	return 0;
+        return 0;
 
     idopts->cert_filename = strdup(residual);
     if (idopts->cert_filename == NULL)
-	goto cleanup;
+        goto cleanup;
 
     idopts->key_filename = strdup(residual);
     if (idopts->key_filename == NULL)
-	goto cleanup;
+        goto cleanup;
 
     pkiDebug("%s: cert_filename '%s' key_filename '%s'\n",
-	     __FUNCTION__, idopts->cert_filename,
-	     idopts->key_filename);
+             __FUNCTION__, idopts->cert_filename,
+             idopts->key_filename);
     retval = 0;
 cleanup:
     return retval;
@@ -378,134 +379,134 @@ cleanup:
 
 static krb5_error_code
 process_option_identity(krb5_context context,
-			pkinit_plg_crypto_context plg_cryptoctx,
-			pkinit_req_crypto_context req_cryptoctx,
-			pkinit_identity_opts *idopts,
-			pkinit_identity_crypto_context id_cryptoctx,
-			const char *value)
+                        pkinit_plg_crypto_context plg_cryptoctx,
+                        pkinit_req_crypto_context req_cryptoctx,
+                        pkinit_identity_opts *idopts,
+                        pkinit_identity_crypto_context id_cryptoctx,
+                        const char *value)
 {
     const char *residual;
     int idtype;
     krb5_error_code retval = 0;
 
     pkiDebug("%s: processing value '%s'\n",
-	     __FUNCTION__, value ? value : "NULL");
+             __FUNCTION__, value ? value : "NULL");
     if (value == NULL)
-	return EINVAL;
+        return EINVAL;
 
     residual = strchr(value, ':');
     if (residual != NULL) {
-	unsigned int typelen;
-	residual++; /* skip past colon */
-	typelen = residual - value;
-	if (strncmp(value, "FILE:", typelen) == 0) {
-	    idtype = IDTYPE_FILE;
+        unsigned int typelen;
+        residual++; /* skip past colon */
+        typelen = residual - value;
+        if (strncmp(value, "FILE:", typelen) == 0) {
+            idtype = IDTYPE_FILE;
 #ifndef WITHOUT_PKCS11
-	} else if (strncmp(value, "PKCS11:", typelen) == 0) {
-	    idtype = IDTYPE_PKCS11;
+        } else if (strncmp(value, "PKCS11:", typelen) == 0) {
+            idtype = IDTYPE_PKCS11;
 #endif
-	} else if (strncmp(value, "PKCS12:", typelen) == 0) {
-	    idtype = IDTYPE_PKCS12;
-	} else if (strncmp(value, "DIR:", typelen) == 0) {
-	    idtype = IDTYPE_DIR;
-	} else if (strncmp(value, "ENV:", typelen) == 0) {
-	    idtype = IDTYPE_ENVVAR;
-	} else {
-	    pkiDebug("%s: Unsupported type while processing '%s'\n",
-		     __FUNCTION__, value);
-	    krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
-				   "Unsupported type while processing '%s'\n",
-				   value);
-	    return KRB5_PREAUTH_FAILED;
-	}
+        } else if (strncmp(value, "PKCS12:", typelen) == 0) {
+            idtype = IDTYPE_PKCS12;
+        } else if (strncmp(value, "DIR:", typelen) == 0) {
+            idtype = IDTYPE_DIR;
+        } else if (strncmp(value, "ENV:", typelen) == 0) {
+            idtype = IDTYPE_ENVVAR;
+        } else {
+            pkiDebug("%s: Unsupported type while processing '%s'\n",
+                     __FUNCTION__, value);
+            krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                                   "Unsupported type while processing '%s'\n",
+                                   value);
+            return KRB5_PREAUTH_FAILED;
+        }
     } else {
-	idtype = IDTYPE_FILE;
-	residual = value;
+        idtype = IDTYPE_FILE;
+        residual = value;
     }
 
     idopts->idtype = idtype;
     pkiDebug("%s: idtype is %s\n", __FUNCTION__, idtype2string(idopts->idtype));
     switch (idtype) {
     case IDTYPE_ENVVAR:
-	return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
-				       idopts, id_cryptoctx, getenv(residual));
-	break;
+        return process_option_identity(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx, getenv(residual));
+        break;
     case IDTYPE_FILE:
-	retval = parse_fs_options(context, idopts, residual);
-	break;
+        retval = parse_fs_options(context, idopts, residual);
+        break;
     case IDTYPE_PKCS12:
-	retval = parse_pkcs12_options(context, idopts, residual);
-	break;
+        retval = parse_pkcs12_options(context, idopts, residual);
+        break;
 #ifndef WITHOUT_PKCS11
     case IDTYPE_PKCS11:
-	retval = parse_pkcs11_options(context, idopts, residual);
-	break;
+        retval = parse_pkcs11_options(context, idopts, residual);
+        break;
 #endif
     case IDTYPE_DIR:
-	idopts->cert_filename = strdup(residual);
-	if (idopts->cert_filename == NULL)
-	    retval = ENOMEM;
-	break;
+        idopts->cert_filename = strdup(residual);
+        if (idopts->cert_filename == NULL)
+            retval = ENOMEM;
+        break;
     default:
-	krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
-			       "Internal error parsing X509_user_identity\n");
-	retval = EINVAL;
-	break;
+        krb5_set_error_message(context, KRB5_PREAUTH_FAILED,
+                               "Internal error parsing X509_user_identity\n");
+        retval = EINVAL;
+        break;
     }
     return retval;
 }
 
 static krb5_error_code
 process_option_ca_crl(krb5_context context,
-		      pkinit_plg_crypto_context plg_cryptoctx,
-		      pkinit_req_crypto_context req_cryptoctx,
-		      pkinit_identity_opts *idopts,
-		      pkinit_identity_crypto_context id_cryptoctx,
-		      const char *value,
-		      int catype)
+                      pkinit_plg_crypto_context plg_cryptoctx,
+                      pkinit_req_crypto_context req_cryptoctx,
+                      pkinit_identity_opts *idopts,
+                      pkinit_identity_crypto_context id_cryptoctx,
+                      const char *value,
+                      int catype)
 {
     char *residual;
     unsigned int typelen;
     int idtype;
 
     pkiDebug("%s: processing catype %s, value '%s'\n",
-	     __FUNCTION__, catype2string(catype), value);
+             __FUNCTION__, catype2string(catype), value);
     residual = strchr(value, ':');
     if (residual == NULL) {
-	pkiDebug("No type given for '%s'\n", value);
-	return EINVAL;
+        pkiDebug("No type given for '%s'\n", value);
+        return EINVAL;
     }
     residual++; /* skip past colon */
     typelen = residual - value;
     if (strncmp(value, "FILE:", typelen) == 0) {
-	idtype = IDTYPE_FILE;
+        idtype = IDTYPE_FILE;
     } else if (strncmp(value, "DIR:", typelen) == 0) {
-	idtype = IDTYPE_DIR;
+        idtype = IDTYPE_DIR;
     } else {
-	return ENOTSUP;
+        return ENOTSUP;
     }
     return crypto_load_cas_and_crls(context,
-				    plg_cryptoctx,
-				    req_cryptoctx,
-				    idopts, id_cryptoctx,
-				    idtype, catype, residual);
+                                    plg_cryptoctx,
+                                    req_cryptoctx,
+                                    idopts, id_cryptoctx,
+                                    idtype, catype, residual);
 }
 
 krb5_error_code
 pkinit_identity_initialize(krb5_context context,
-			   pkinit_plg_crypto_context plg_cryptoctx,
-			   pkinit_req_crypto_context req_cryptoctx,
-			   pkinit_identity_opts *idopts,
-			   pkinit_identity_crypto_context id_cryptoctx,
-			   int do_matching,
-			   krb5_principal princ)
+                           pkinit_plg_crypto_context plg_cryptoctx,
+                           pkinit_req_crypto_context req_cryptoctx,
+                           pkinit_identity_opts *idopts,
+                           pkinit_identity_crypto_context id_cryptoctx,
+                           int do_matching,
+                           krb5_principal princ)
 {
     krb5_error_code retval = EINVAL;
     int i;
 
     pkiDebug("%s: %p %p %p\n", __FUNCTION__, context, idopts, id_cryptoctx);
     if (idopts == NULL || id_cryptoctx == NULL)
-	goto errout;
+        goto errout;
 
     /*
      * If identity was specified, use that.  (For the kdc, this
@@ -516,80 +517,80 @@ pkinit_identity_initialize(krb5_context context,
      * in the config file.
      */
     if (idopts->identity != NULL) {
-	retval = process_option_identity(context, plg_cryptoctx, req_cryptoctx,
-					 idopts, id_cryptoctx,
-					 idopts->identity);
+        retval = process_option_identity(context, plg_cryptoctx, req_cryptoctx,
+                                         idopts, id_cryptoctx,
+                                         idopts->identity);
     } else if (idopts->identity_alt != NULL) {
-	for (i = 0; retval != 0 && idopts->identity_alt[i] != NULL; i++)
-	    retval = process_option_identity(context, plg_cryptoctx,
-					     req_cryptoctx, idopts,
-					     id_cryptoctx,
-					     idopts->identity_alt[i]);
+        for (i = 0; retval != 0 && idopts->identity_alt[i] != NULL; i++)
+            retval = process_option_identity(context, plg_cryptoctx,
+                                             req_cryptoctx, idopts,
+                                             id_cryptoctx,
+                                             idopts->identity_alt[i]);
     } else {
-	pkiDebug("%s: no user identity options specified\n", __FUNCTION__);
-	goto errout;
+        pkiDebug("%s: no user identity options specified\n", __FUNCTION__);
+        goto errout;
     }
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = crypto_load_certs(context, plg_cryptoctx, req_cryptoctx,
-			       idopts, id_cryptoctx, princ);
+                               idopts, id_cryptoctx, princ);
     if (retval)
-	goto errout;
+        goto errout;
 
     if (do_matching) {
-	retval = pkinit_cert_matching(context, plg_cryptoctx, req_cryptoctx,
-				      id_cryptoctx, princ);
-	if (retval) {
-	    pkiDebug("%s: No matching certificate found\n", __FUNCTION__);
-	    crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
-				  id_cryptoctx);
-	    goto errout;
-	}
+        retval = pkinit_cert_matching(context, plg_cryptoctx, req_cryptoctx,
+                                      id_cryptoctx, princ);
+        if (retval) {
+            pkiDebug("%s: No matching certificate found\n", __FUNCTION__);
+            crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
+                                  id_cryptoctx);
+            goto errout;
+        }
     } else {
-	/* Tell crypto code to use the "default" */
-	retval = crypto_cert_select_default(context, plg_cryptoctx,
-					    req_cryptoctx, id_cryptoctx);
-	if (retval) {
-	    pkiDebug("%s: Failed while selecting default certificate\n",
-		     __FUNCTION__);
-	    crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
-				  id_cryptoctx);
-	    goto errout;
-	}
+        /* Tell crypto code to use the "default" */
+        retval = crypto_cert_select_default(context, plg_cryptoctx,
+                                            req_cryptoctx, id_cryptoctx);
+        if (retval) {
+            pkiDebug("%s: Failed while selecting default certificate\n",
+                     __FUNCTION__);
+            crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
+                                  id_cryptoctx);
+            goto errout;
+        }
     }
 
     retval = crypto_free_cert_info(context, plg_cryptoctx, req_cryptoctx,
-				   id_cryptoctx);
+                                   id_cryptoctx);
     if (retval)
-	    goto errout;
+        goto errout;
 
     for (i = 0; idopts->anchors != NULL && idopts->anchors[i] != NULL; i++) {
-	retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
-				       idopts, id_cryptoctx,
-				       idopts->anchors[i], CATYPE_ANCHORS);
-	if (retval)
-	    goto errout;
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx,
+                                       idopts->anchors[i], CATYPE_ANCHORS);
+        if (retval)
+            goto errout;
     }
     for (i = 0; idopts->intermediates != NULL
-		&& idopts->intermediates[i] != NULL; i++) {
-	retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
-				       idopts, id_cryptoctx,
-				       idopts->intermediates[i],
-				       CATYPE_INTERMEDIATES);
-	if (retval)
-	    goto errout;
+             && idopts->intermediates[i] != NULL; i++) {
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx,
+                                       idopts->intermediates[i],
+                                       CATYPE_INTERMEDIATES);
+        if (retval)
+            goto errout;
     }
     for (i = 0; idopts->crls != NULL && idopts->crls[i] != NULL; i++) {
-	retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
-				       idopts, id_cryptoctx, idopts->crls[i],
-				       CATYPE_CRLS);
-	if (retval)
-	    goto errout;
+        retval = process_option_ca_crl(context, plg_cryptoctx, req_cryptoctx,
+                                       idopts, id_cryptoctx, idopts->crls[i],
+                                       CATYPE_CRLS);
+        if (retval)
+            goto errout;
     }
     if (idopts->ocsp != NULL) {
-	retval = ENOTSUP;
-	goto errout;
+        retval = ENOTSUP;
+        goto errout;
     }
 
 errout:
diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c
index 88b9e69..e665b6c 100644
--- a/src/plugins/preauth/pkinit/pkinit_lib.c
+++ b/src/plugins/preauth/pkinit/pkinit_lib.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -43,7 +44,7 @@
 #define FAKECERT
 
 const krb5_octet_data
-	dh_oid = { 0, 7, (unsigned char *)"\x2A\x86\x48\xce\x3e\x02\x01" };
+dh_oid = { 0, 7, (unsigned char *)"\x2A\x86\x48\xce\x3e\x02\x01" };
 
 
 krb5_error_code
@@ -55,7 +56,7 @@ pkinit_init_req_opts(pkinit_req_opts **reqopts)
     *reqopts = NULL;
     opts = calloc(1, sizeof(*opts));
     if (opts == NULL)
-	return retval;
+        return retval;
 
     opts->require_eku = 1;
     opts->accept_secondary_eku = 0;
@@ -87,7 +88,7 @@ pkinit_init_plg_opts(pkinit_plg_opts **plgopts)
     *plgopts = NULL;
     opts = calloc(1, sizeof(pkinit_plg_opts));
     if (opts == NULL)
-	return retval;
+        return retval;
 
     opts->require_eku = 1;
     opts->accept_secondary_eku = 0;
@@ -115,7 +116,7 @@ free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in)
     if (*in == NULL) return;
     free((*in)->signedAuthPack.data);
     if ((*in)->trustedCertifiers != NULL)
-	free_krb5_external_principal_identifier(&(*in)->trustedCertifiers);
+        free_krb5_external_principal_identifier(&(*in)->trustedCertifiers);
     free((*in)->kdcPkId.data);
     free(*in);
 }
@@ -128,7 +129,7 @@ free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in)
     free((*in)->kdcCert.data);
     free((*in)->encryptionCert.data);
     if ((*in)->trustedCertifiers != NULL)
-	free_krb5_trusted_ca(&(*in)->trustedCertifiers);
+        free_krb5_trusted_ca(&(*in)->trustedCertifiers);
     free(*in);
 }
 
@@ -154,20 +155,20 @@ free_krb5_auth_pack(krb5_auth_pack **in)
 {
     if ((*in) == NULL) return;
     if ((*in)->clientPublicValue != NULL) {
-	free((*in)->clientPublicValue->algorithm.algorithm.data);
-	free((*in)->clientPublicValue->algorithm.parameters.data);
-	free((*in)->clientPublicValue->subjectPublicKey.data);
-	free((*in)->clientPublicValue);
+        free((*in)->clientPublicValue->algorithm.algorithm.data);
+        free((*in)->clientPublicValue->algorithm.parameters.data);
+        free((*in)->clientPublicValue->subjectPublicKey.data);
+        free((*in)->clientPublicValue);
     }
     free((*in)->pkAuthenticator.paChecksum.contents);
     if ((*in)->supportedCMSTypes != NULL)
-	free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes));
+        free_krb5_algorithm_identifiers(&((*in)->supportedCMSTypes));
     free(*in);
 }
 
 void
 free_krb5_auth_pack_draft9(krb5_context context,
-				krb5_auth_pack_draft9 **in)
+                           krb5_auth_pack_draft9 **in)
 {
     if ((*in) == NULL) return;
     krb5_free_principal(context, (*in)->pkAuthenticator.kdcName);
@@ -179,14 +180,14 @@ free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in)
 {
     if (*in == NULL) return;
     switch ((*in)->choice) {
-	case choice_pa_pk_as_rep_dhInfo:
-	    free((*in)->u.dh_Info.dhSignedData.data);
-	    break;
-	case choice_pa_pk_as_rep_encKeyPack:
-	    free((*in)->u.encKeyPack.data);
-	    break;
-	default:
-	    break;
+    case choice_pa_pk_as_rep_dhInfo:
+        free((*in)->u.dh_Info.dhSignedData.data);
+        break;
+    case choice_pa_pk_as_rep_encKeyPack:
+        free((*in)->u.encKeyPack.data);
+        break;
+    default:
+        break;
     }
     free(*in);
 }
@@ -205,11 +206,11 @@ free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in
     int i = 0;
     if (*in == NULL) return;
     while ((*in)[i] != NULL) {
-	free((*in)[i]->subjectName.data);
-	free((*in)[i]->issuerAndSerialNumber.data);
-	free((*in)[i]->subjectKeyIdentifier.data);
-	free((*in)[i]);
-	i++;
+        free((*in)[i]->subjectName.data);
+        free((*in)[i]->issuerAndSerialNumber.data);
+        free((*in)[i]->subjectKeyIdentifier.data);
+        free((*in)[i]);
+        i++;
     }
     free(*in);
 }
@@ -220,20 +221,20 @@ free_krb5_trusted_ca(krb5_trusted_ca ***in)
     int i = 0;
     if (*in == NULL) return;
     while ((*in)[i] != NULL) {
-	switch((*in)[i]->choice) {
-	    case choice_trusted_cas_principalName:
-		break;
-	    case choice_trusted_cas_caName:
-		free((*in)[i]->u.caName.data);
-		break;
-	    case choice_trusted_cas_issuerAndSerial:
-		free((*in)[i]->u.issuerAndSerial.data);
-		break;
-	    case choice_trusted_cas_UNKNOWN:
-		break;
-	}
-	free((*in)[i]);
-	i++;
+        switch((*in)[i]->choice) {
+        case choice_trusted_cas_principalName:
+            break;
+        case choice_trusted_cas_caName:
+            free((*in)[i]->u.caName.data);
+            break;
+        case choice_trusted_cas_issuerAndSerial:
+            free((*in)[i]->u.issuerAndSerial.data);
+            break;
+        case choice_trusted_cas_UNKNOWN:
+            break;
+        }
+        free((*in)[i]);
+        i++;
     }
     free(*in);
 }
@@ -244,9 +245,9 @@ free_krb5_typed_data(krb5_typed_data ***in)
     int i = 0;
     if (*in == NULL) return;
     while ((*in)[i] != NULL) {
-	free((*in)[i]->data);
-	free((*in)[i]);
-	i++;
+        free((*in)[i]->data);
+        free((*in)[i]);
+        i++;
     }
     free(*in);
 }
@@ -255,7 +256,7 @@ void
 free_krb5_algorithm_identifier(krb5_algorithm_identifier *in)
 {
     if (in == NULL)
-	return;
+        return;
     free(in->algorithm.data);
     free(in->parameters.data);
     free(in);
@@ -266,9 +267,9 @@ free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in)
 {
     int i;
     if (in == NULL || *in == NULL)
-	return;
+        return;
     for (i = 0; (*in)[i] != NULL; i++) {
-	free_krb5_algorithm_identifier((*in)[i]);
+        free_krb5_algorithm_identifier((*in)[i]);
     }
     free(*in);
 }
@@ -405,15 +406,15 @@ krb5_error_code
 pkinit_copy_krb5_octet_data(krb5_octet_data *dst, const krb5_octet_data *src)
 {
     if (dst == NULL || src == NULL)
-	return EINVAL;
+        return EINVAL;
     if (src->data == NULL) {
-	dst->data = NULL;
-	dst->length = 0;
-	return 0;
+        dst->data = NULL;
+        dst->length = 0;
+        return 0;
     }
     dst->data = malloc(src->length);
     if (dst->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     memcpy(dst->data, src->data, src->length);
     dst->length = src->length;
     return 0;
@@ -425,10 +426,10 @@ print_buffer(unsigned char *buf, unsigned int len)
 {
     int i = 0;
     if (len <= 0)
-	return;
+        return;
 
     for (i = 0; i < len; i++)
-	pkiDebug("%02x ", buf[i]);
+        pkiDebug("%02x ", buf[i]);
     pkiDebug("\n");
 }
 
@@ -439,15 +440,15 @@ print_buffer_bin(unsigned char *buf, unsigned int len, char *filename)
     int i = 0;
 
     if (len <= 0 || filename == NULL)
-	return;
+        return;
 
     if ((f = fopen(filename, "w")) == NULL)
-	return;
+        return;
 
     set_cloexec_file(f);
 
     for (i = 0; i < len; i++)
-	fputc(buf[i], f);
+        fputc(buf[i], f);
 
     fclose(f);
 }
diff --git a/src/plugins/preauth/pkinit/pkinit_matching.c b/src/plugins/preauth/pkinit/pkinit_matching.c
index 806fcbb..c7e2a4f 100644
--- a/src/plugins/preauth/pkinit/pkinit_matching.c
+++ b/src/plugins/preauth/pkinit/pkinit_matching.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -100,9 +101,9 @@ struct keyword_desc {
     keyword_type kwtype;
     kw_value_type kwvaltype;
 } matching_keywords[] = {
-    { "<KU>",	    4, kw_ku, kwvaltype_list },
-    { "<EKU>",	    5, kw_eku, kwvaltype_list },
-    { "<SAN>",	    5, kw_san, kwvaltype_regexp },
+    { "<KU>",       4, kw_ku, kwvaltype_list },
+    { "<EKU>",      5, kw_eku, kwvaltype_list },
+    { "<SAN>",      5, kw_san, kwvaltype_regexp },
     { "<ISSUER>",   8, kw_issuer, kwvaltype_regexp },
     { "<SUBJECT>",  9, kw_subject, kwvaltype_regexp },
     { NULL, 0, kw_undefined, kwvaltype_undefined},
@@ -121,9 +122,9 @@ struct ku_desc ku_keywords[] = {
 };
 
 struct ku_desc  eku_keywords[] = {
-    { "pkinit",		    6,  PKINIT_EKU_PKINIT },
-    { "msScLogin",	    9,  PKINIT_EKU_MSSCLOGIN },
-    { "clientAuth",	    10, PKINIT_EKU_CLIENTAUTH },
+    { "pkinit",             6,  PKINIT_EKU_PKINIT },
+    { "msScLogin",          9,  PKINIT_EKU_MSSCLOGIN },
+    { "clientAuth",         10, PKINIT_EKU_CLIENTAUTH },
     { "emailProtection",    15, PKINIT_EKU_EMAILPROTECTION },
     { NULL, 0, 0 },
 };
@@ -133,8 +134,8 @@ typedef struct _rule_component {
     struct _rule_component *next;
     keyword_type kw_type;
     kw_value_type kwval_type;
-    regex_t regexp;	    /* Compiled regular expression */
-    char *regsrc;	    /* The regular expression source (for debugging) */
+    regex_t regexp;         /* Compiled regular expression */
+    char *regsrc;           /* The regular expression source (for debugging) */
     unsigned int ku_bits;
     unsigned int eku_bits;
 } rule_component;
@@ -148,14 +149,14 @@ typedef struct _rule_set {
 
 static krb5_error_code
 free_rule_component(krb5_context context,
-		    rule_component *rc)
+                    rule_component *rc)
 {
     if (rc == NULL)
-	return 0;
+        return 0;
 
     if (rc->kwval_type == kwvaltype_regexp) {
-	free(rc->regsrc);
-	regfree(&rc->regexp);
+        free(rc->regsrc);
+        regfree(&rc->regexp);
     }
     free(rc);
     return 0;
@@ -163,16 +164,16 @@ free_rule_component(krb5_context context,
 
 static krb5_error_code
 free_rule_set(krb5_context context,
-	      rule_set *rs)
+              rule_set *rs)
 {
     rule_component *rc, *trc;
 
     if (rs == NULL)
-	return 0;
+        return 0;
     for (rc = rs->crs; rc != NULL;) {
-	trc = rc->next;
-	free_rule_component(context, rc);
-	rc = trc;
+        trc = rc->next;
+        free_rule_component(context, rc);
+        rc = trc;
     }
     free(rs);
     return 0;
@@ -180,9 +181,9 @@ free_rule_set(krb5_context context,
 
 static krb5_error_code
 parse_list_value(krb5_context context,
-		 keyword_type type,
-		 char *value,
-		 rule_component *rc)
+                 keyword_type type,
+                 char *value,
+                 rule_component *rc)
 {
     krb5_error_code retval;
     char *comma;
@@ -193,54 +194,54 @@ parse_list_value(krb5_context context,
 
 
     if (value == NULL || value[0] == '\0') {
-	pkiDebug("%s: Missing or empty value for list keyword type %d\n",
-		 __FUNCTION__, type);
-	retval = EINVAL;
-	goto out;
+        pkiDebug("%s: Missing or empty value for list keyword type %d\n",
+                 __FUNCTION__, type);
+        retval = EINVAL;
+        goto out;
     }
 
     if (type == kw_eku) {
-	bitptr = &rc->eku_bits;
+        bitptr = &rc->eku_bits;
     } else if (type == kw_ku) {
-	bitptr = &rc->ku_bits;
+        bitptr = &rc->ku_bits;
     } else {
-	pkiDebug("%s: Unknown list keyword type %d\n", __FUNCTION__, type);
-	retval = EINVAL;
-	goto out;
+        pkiDebug("%s: Unknown list keyword type %d\n", __FUNCTION__, type);
+        retval = EINVAL;
+        goto out;
     }
 
     do {
-	found = 0;
-	comma = strchr(value, ',');
-	if (comma != NULL)
-	    len = comma - value;
-	else
-	    len = strlen(value);
-
-	if (type == kw_eku) {
-	    ku = eku_keywords;
-	} else if (type == kw_ku) {
-	    ku = ku_keywords;
-	}
-
-	for (; ku->value != NULL; ku++) {
-	    if (strncasecmp(value, ku->value, len) == 0) {
-		*bitptr |= ku->bitval;
-		found = 1;
-		pkiDebug("%s: Found value '%s', bitfield is now 0x%x\n",
-			 __FUNCTION__, ku->value, *bitptr);
-		break;
-	    }
-	}
-	if (found) {
-	    value += ku->length;
-	    if (*value == ',')
-		value += 1;
-	} else {
-	    pkiDebug("%s: Urecognized value '%s'\n", __FUNCTION__, value);
-	    retval = EINVAL;
-	    goto out;
-	}
+        found = 0;
+        comma = strchr(value, ',');
+        if (comma != NULL)
+            len = comma - value;
+        else
+            len = strlen(value);
+
+        if (type == kw_eku) {
+            ku = eku_keywords;
+        } else if (type == kw_ku) {
+            ku = ku_keywords;
+        }
+
+        for (; ku->value != NULL; ku++) {
+            if (strncasecmp(value, ku->value, len) == 0) {
+                *bitptr |= ku->bitval;
+                found = 1;
+                pkiDebug("%s: Found value '%s', bitfield is now 0x%x\n",
+                         __FUNCTION__, ku->value, *bitptr);
+                break;
+            }
+        }
+        if (found) {
+            value += ku->length;
+            if (*value == ',')
+                value += 1;
+        } else {
+            pkiDebug("%s: Urecognized value '%s'\n", __FUNCTION__, value);
+            retval = EINVAL;
+            goto out;
+        }
     } while (found && *value != '\0');
 
     retval = 0;
@@ -251,9 +252,9 @@ out:
 
 static krb5_error_code
 parse_rule_component(krb5_context context,
-		     const char **rule,
-		     int *remaining,
-		     rule_component **ret_rule)
+                     const char **rule,
+                     int *remaining,
+                     rule_component **ret_rule)
 {
     krb5_error_code retval;
     rule_component *rc = NULL;
@@ -268,27 +269,27 @@ parse_rule_component(krb5_context context,
     size_t len;
 
     for (kw = matching_keywords; kw->value != NULL; kw++) {
-	if (strncmp(*rule, kw->value, kw->length) == 0) {
-	    kw_type = kw->kwtype;
-	    kwval_type = kw->kwvaltype;
-	    *rule += kw->length;
-	    *remaining -= kw->length;
-	    break;
-	}
+        if (strncmp(*rule, kw->value, kw->length) == 0) {
+            kw_type = kw->kwtype;
+            kwval_type = kw->kwvaltype;
+            *rule += kw->length;
+            *remaining -= kw->length;
+            break;
+        }
     }
     if (kw->value == NULL) {
-	pkiDebug("%s: Missing or invalid keyword in rule '%s'\n",
-		 __FUNCTION__, *rule);
-	retval = ENOENT;
-	goto out;
+        pkiDebug("%s: Missing or invalid keyword in rule '%s'\n",
+                 __FUNCTION__, *rule);
+        retval = ENOENT;
+        goto out;
     }
 
     pkiDebug("%s: found keyword '%s'\n", __FUNCTION__, kw->value);
 
     rc = calloc(1, sizeof(*rc));
     if (rc == NULL) {
-	retval = ENOMEM;
-	goto out;
+        retval = ENOMEM;
+        goto out;
     }
     rc->next = NULL;
     rc->kw_type = kw_type;
@@ -302,36 +303,36 @@ parse_rule_component(krb5_context context,
      */
     nk = strchr(*rule, '<');
     while (nk != NULL) {
-	/* Possibly another keyword, check it out */
-	for (nextkw = matching_keywords; nextkw->value != NULL; nextkw++) {
-	    if (strncmp(nk, nextkw->value, nextkw->length) == 0) {
-		/* Found a keyword, nk points to the beginning */
-		found_next_kw = 1;
-		break;	/* Need to break out of the while! */
-	    }
-	}
-	if (!found_next_kw)
-	    nk = strchr(nk+1, '<');	/* keep looking */
-	else
-	    break;
+        /* Possibly another keyword, check it out */
+        for (nextkw = matching_keywords; nextkw->value != NULL; nextkw++) {
+            if (strncmp(nk, nextkw->value, nextkw->length) == 0) {
+                /* Found a keyword, nk points to the beginning */
+                found_next_kw = 1;
+                break;  /* Need to break out of the while! */
+            }
+        }
+        if (!found_next_kw)
+            nk = strchr(nk+1, '<');     /* keep looking */
+        else
+            break;
     }
 
     if (nk != NULL && found_next_kw)
-	len = (nk - *rule);
+        len = (nk - *rule);
     else
-	len = (*remaining);
+        len = (*remaining);
 
     if (len == 0) {
-	pkiDebug("%s: Missing value for keyword '%s'\n",
-		 __FUNCTION__, kw->value);
-	retval = EINVAL;
-	goto out;
+        pkiDebug("%s: Missing value for keyword '%s'\n",
+                 __FUNCTION__, kw->value);
+        retval = EINVAL;
+        goto out;
     }
 
     value = calloc(1, len+1);
     if (value == NULL) {
-	retval = ENOMEM;
-	goto out;
+        retval = ENOMEM;
+        goto out;
     }
     memcpy(value, *rule, len);
     *remaining -= len;
@@ -339,26 +340,26 @@ parse_rule_component(krb5_context context,
     pkiDebug("%s: found value '%s'\n", __FUNCTION__, value);
 
     if (kw->kwvaltype == kwvaltype_regexp) {
-	ret = regcomp(&rc->regexp, value, REG_EXTENDED);
-	if (ret) {
-	    regerror(ret, &rc->regexp, err_buf, sizeof(err_buf));
-	    pkiDebug("%s: Error compiling reg-exp '%s': %s\n",
-		     __FUNCTION__, value, err_buf);
-	    retval = ret;
-	    goto out;
-	}
-	rc->regsrc = strdup(value);
-	if (rc->regsrc == NULL) {
-	    retval = ENOMEM;
-	    goto out;
-	}
+        ret = regcomp(&rc->regexp, value, REG_EXTENDED);
+        if (ret) {
+            regerror(ret, &rc->regexp, err_buf, sizeof(err_buf));
+            pkiDebug("%s: Error compiling reg-exp '%s': %s\n",
+                     __FUNCTION__, value, err_buf);
+            retval = ret;
+            goto out;
+        }
+        rc->regsrc = strdup(value);
+        if (rc->regsrc == NULL) {
+            retval = ENOMEM;
+            goto out;
+        }
     } else if (kw->kwvaltype == kwvaltype_list) {
-	retval = parse_list_value(context, rc->kw_type, value, rc);
-	if (retval) {
-	    pkiDebug("%s: Error %d, parsing list values for keyword %s\n",
-		     __FUNCTION__, retval, kw->value);
-	    goto out;
-	}
+        retval = parse_list_value(context, rc->kw_type, value, rc);
+        if (retval) {
+            pkiDebug("%s: Error %d, parsing list values for keyword %s\n",
+                     __FUNCTION__, retval, kw->value);
+            goto out;
+        }
     }
 
     *ret_rule = rc;
@@ -366,15 +367,15 @@ parse_rule_component(krb5_context context,
 out:
     free(value);
     if (retval && rc != NULL)
-	free_rule_component(context, rc);
+        free_rule_component(context, rc);
     pkiDebug("%s: returning %d\n", __FUNCTION__, retval);
     return retval;
 }
 
 static krb5_error_code
 parse_rule_set(krb5_context context,
-	       const char *rule_in,
-	       rule_set **out_rs)
+               const char *rule_in,
+               rule_set **out_rs)
 {
     const char *rule;
     int remaining, totlen;
@@ -384,55 +385,55 @@ parse_rule_set(krb5_context context,
 
 
     if (rule_in == NULL)
-	return EINVAL;
+        return EINVAL;
     rule = rule_in;
     totlen = remaining = strlen(rule);
 
     rs = calloc(1, sizeof(*rs));
     if (rs == NULL) {
-	retval = ENOMEM;
-	goto cleanup;
+        retval = ENOMEM;
+        goto cleanup;
     }
 
     rs->relation = relation_none;
     if (remaining > 1) {
-	if (rule[0] == '&' && rule[1] == '&') {
-	    rs->relation = relation_and;
-	    rule += 2;
-	    remaining -= 2;
-	} else if (rule_in[0] == '|' && rule_in[1] == '|') {
-	    rs->relation = relation_or;
-	    rule +=2;
-	    remaining -= 2;
-	}
+        if (rule[0] == '&' && rule[1] == '&') {
+            rs->relation = relation_and;
+            rule += 2;
+            remaining -= 2;
+        } else if (rule_in[0] == '|' && rule_in[1] == '|') {
+            rs->relation = relation_or;
+            rule +=2;
+            remaining -= 2;
+        }
     }
     rs->num_crs = 0;
     while (remaining > 0) {
-	if (rs->relation == relation_none && rs->num_crs > 1) {
-	    pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n",
-		     __FUNCTION__, rule_in);
-	    rs->relation = relation_and;
-	}
-	ret = parse_rule_component(context, &rule, &remaining, &rc);
-	if (ret) {
-	    retval = ret;
-	    goto cleanup;
-	}
-	pkiDebug("%s: After parse_rule_component, remaining %d, rule '%s'\n",
-		 __FUNCTION__, remaining, rule);
-	rs->num_crs++;
-
-	/*
-	 * Chain the new component on the end (order matters since
-	 * we can short-circuit an OR or an AND relation if an
-	 * earlier check passes
-	 */
-	for (trc = rs->crs; trc != NULL && trc->next != NULL; trc = trc->next);
-	if (trc == NULL)
-	    rs->crs = rc;
-	else {
-	    trc->next = rc;
-	}
+        if (rs->relation == relation_none && rs->num_crs > 1) {
+            pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n",
+                     __FUNCTION__, rule_in);
+            rs->relation = relation_and;
+        }
+        ret = parse_rule_component(context, &rule, &remaining, &rc);
+        if (ret) {
+            retval = ret;
+            goto cleanup;
+        }
+        pkiDebug("%s: After parse_rule_component, remaining %d, rule '%s'\n",
+                 __FUNCTION__, remaining, rule);
+        rs->num_crs++;
+
+        /*
+         * Chain the new component on the end (order matters since
+         * we can short-circuit an OR or an AND relation if an
+         * earlier check passes
+         */
+        for (trc = rs->crs; trc != NULL && trc->next != NULL; trc = trc->next);
+        if (trc == NULL)
+            rs->crs = rc;
+        else {
+            trc->next = rc;
+        }
     }
 
     *out_rs = rs;
@@ -440,7 +441,7 @@ parse_rule_set(krb5_context context,
     retval = 0;
 cleanup:
     if (retval && rs != NULL) {
-	free_rule_set(context, rs);
+        free_rule_set(context, rs);
     }
     pkiDebug("%s: returning %d\n", __FUNCTION__, retval);
     return retval;
@@ -452,20 +453,20 @@ regexp_match(krb5_context context, rule_component *rc, char *value)
     int code;
 
     pkiDebug("%s: checking %s rule '%s' with value '%s'\n",
-	     __FUNCTION__, keyword2string(rc->kw_type), rc->regsrc, value);
+             __FUNCTION__, keyword2string(rc->kw_type), rc->regsrc, value);
 
     code = regexec(&rc->regexp, value, 0, NULL, 0);
 
     pkiDebug("%s: the result is%s a match\n", __FUNCTION__,
-	     code == REG_NOMATCH ? " NOT" : "");
+             code == REG_NOMATCH ? " NOT" : "");
 
     return (code == 0 ? 1: 0);
 }
 
 static int
 component_match(krb5_context context,
-		rule_component *rc,
-		pkinit_cert_matching_data *md)
+                rule_component *rc,
+                pkinit_cert_matching_data *md)
 {
     int match = 0;
     int i;
@@ -474,58 +475,58 @@ component_match(krb5_context context,
 
     switch (rc->kwval_type) {
     case kwvaltype_regexp:
-	switch (rc->kw_type) {
-	case kw_subject:
-	    match = regexp_match(context, rc, md->subject_dn);
-	    break;
-	case kw_issuer:
-	    match = regexp_match(context, rc, md->issuer_dn);
-	    break;
-	case kw_san:
-	    if (md->sans == NULL)
-		break;
-	    for (i = 0, p = md->sans[i]; p != NULL; p = md->sans[++i]) {
-		krb5_unparse_name(context, p, &princ_string);
-		match = regexp_match(context, rc, princ_string);
-		krb5_free_unparsed_name(context, princ_string);
-		if (match)
-		    break;
-	    }
-	    break;
-	default:
-	    pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
-		     __FUNCTION__, keyword2string(rc->kw_type),
-		     kwval2string(kwvaltype_regexp));
-	    break;
-	}
-	break;
+        switch (rc->kw_type) {
+        case kw_subject:
+            match = regexp_match(context, rc, md->subject_dn);
+            break;
+        case kw_issuer:
+            match = regexp_match(context, rc, md->issuer_dn);
+            break;
+        case kw_san:
+            if (md->sans == NULL)
+                break;
+            for (i = 0, p = md->sans[i]; p != NULL; p = md->sans[++i]) {
+                krb5_unparse_name(context, p, &princ_string);
+                match = regexp_match(context, rc, princ_string);
+                krb5_free_unparsed_name(context, princ_string);
+                if (match)
+                    break;
+            }
+            break;
+        default:
+            pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     kwval2string(kwvaltype_regexp));
+            break;
+        }
+        break;
     case kwvaltype_list:
-	switch(rc->kw_type) {
-	case kw_eku:
-	    pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
-		     __FUNCTION__, keyword2string(rc->kw_type),
-		     rc->eku_bits, md->eku_bits);
-	    if ((rc->eku_bits & md->eku_bits) == rc->eku_bits)
-		match = 1;
-	    break;
-	case kw_ku:
-	    pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
-		     __FUNCTION__, keyword2string(rc->kw_type),
-		     rc->ku_bits, md->ku_bits);
-	    if ((rc->ku_bits & md->ku_bits) == rc->ku_bits)
-		match = 1;
-	    break;
-	default:
-	    pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
-		     __FUNCTION__, keyword2string(rc->kw_type),
-		     kwval2string(kwvaltype_regexp));
-	    break;
-	}
-	break;
+        switch(rc->kw_type) {
+        case kw_eku:
+            pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     rc->eku_bits, md->eku_bits);
+            if ((rc->eku_bits & md->eku_bits) == rc->eku_bits)
+                match = 1;
+            break;
+        case kw_ku:
+            pkiDebug("%s: checking %s: rule 0x%08x, cert 0x%08x\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     rc->ku_bits, md->ku_bits);
+            if ((rc->ku_bits & md->ku_bits) == rc->ku_bits)
+                match = 1;
+            break;
+        default:
+            pkiDebug("%s: keyword %s, keyword value %s mismatch\n",
+                     __FUNCTION__, keyword2string(rc->kw_type),
+                     kwval2string(kwvaltype_regexp));
+            break;
+        }
+        break;
     default:
-	pkiDebug("%s: unknown keyword value type %d\n",
-		 __FUNCTION__, rc->kwval_type);
-	break;
+        pkiDebug("%s: unknown keyword value type %d\n",
+                 __FUNCTION__, rc->kwval_type);
+        break;
     }
     pkiDebug("%s: returning match = %d\n", __FUNCTION__, match);
     return match;
@@ -536,14 +537,14 @@ component_match(krb5_context context,
  */
 static krb5_error_code
 check_all_certs(krb5_context context,
-		pkinit_plg_crypto_context plg_cryptoctx,
-		pkinit_req_crypto_context req_cryptoctx,
-		pkinit_identity_crypto_context id_cryptoctx,
-		krb5_principal princ,
-		rule_set *rs,	/* rule to check */
-		pkinit_cert_matching_data **matchdata,
-		int *match_found,
-		pkinit_cert_matching_data **matching_cert)
+                pkinit_plg_crypto_context plg_cryptoctx,
+                pkinit_req_crypto_context req_cryptoctx,
+                pkinit_identity_crypto_context id_cryptoctx,
+                krb5_principal princ,
+                rule_set *rs,   /* rule to check */
+                pkinit_cert_matching_data **matchdata,
+                int *match_found,
+                pkinit_cert_matching_data **matching_cert)
 {
     krb5_error_code retval;
     pkinit_cert_matching_data *md;
@@ -555,96 +556,96 @@ check_all_certs(krb5_context context,
     pkinit_cert_matching_data *save_match = NULL;
 
     if (match_found == NULL || matching_cert == NULL)
-	return EINVAL;
+        return EINVAL;
 
     *matching_cert = NULL;
     *match_found = 0;
 
     pkiDebug("%s: matching rule relation is %s with %d components\n",
-	     __FUNCTION__, relation2string(rs->relation), rs->num_crs);
+             __FUNCTION__, relation2string(rs->relation), rs->num_crs);
 
     /*
      * Loop through all the certs available and count
      * how many match the rule
      */
     for (i = 0, md = matchdata[i]; md != NULL; md = matchdata[++i]) {
-	pkiDebug("%s: subject: '%s'\n", __FUNCTION__, md->subject_dn);
+        pkiDebug("%s: subject: '%s'\n", __FUNCTION__, md->subject_dn);
 #if 0
-	pkiDebug("%s: issuer:  '%s'\n", __FUNCTION__, md->subject_dn);
-	for (j = 0, p = md->sans[j]; p != NULL; p = md->sans[++j]) {
-	    char *san_string;
-	    krb5_unparse_name(context, p, &san_string);
-	    pkiDebug("%s: san: '%s'\n", __FUNCTION__, san_string);
-	    krb5_free_unparsed_name(context, san_string);
-	}
+        pkiDebug("%s: issuer:  '%s'\n", __FUNCTION__, md->subject_dn);
+        for (j = 0, p = md->sans[j]; p != NULL; p = md->sans[++j]) {
+            char *san_string;
+            krb5_unparse_name(context, p, &san_string);
+            pkiDebug("%s: san: '%s'\n", __FUNCTION__, san_string);
+            krb5_free_unparsed_name(context, san_string);
+        }
 #endif
-	certs_checked++;
-	for (rc = rs->crs; rc != NULL; rc = rc->next) {
-	    comp_match = component_match(context, rc, md);
-	    if (comp_match) {
-		pkiDebug("%s: match for keyword type %s\n",
-			 __FUNCTION__, keyword2string(rc->kw_type));
-	    }
-	    if (comp_match && rs->relation == relation_or) {
-		pkiDebug("%s: cert matches rule (OR relation)\n",
-			 __FUNCTION__);
-		total_cert_matches++;
-		save_match = md;
-		goto nextcert;
-	    }
-	    if (!comp_match && rs->relation == relation_and) {
-		pkiDebug("%s: cert does not match rule (AND relation)\n",
-			 __FUNCTION__);
-		goto nextcert;
-	    }
-	}
-	if (rc == NULL && comp_match) {
-	    pkiDebug("%s: cert matches rule (AND relation)\n", __FUNCTION__);
-	    total_cert_matches++;
-	    save_match = md;
-	}
-nextcert:
-	continue;
+        certs_checked++;
+        for (rc = rs->crs; rc != NULL; rc = rc->next) {
+            comp_match = component_match(context, rc, md);
+            if (comp_match) {
+                pkiDebug("%s: match for keyword type %s\n",
+                         __FUNCTION__, keyword2string(rc->kw_type));
+            }
+            if (comp_match && rs->relation == relation_or) {
+                pkiDebug("%s: cert matches rule (OR relation)\n",
+                         __FUNCTION__);
+                total_cert_matches++;
+                save_match = md;
+                goto nextcert;
+            }
+            if (!comp_match && rs->relation == relation_and) {
+                pkiDebug("%s: cert does not match rule (AND relation)\n",
+                         __FUNCTION__);
+                goto nextcert;
+            }
+        }
+        if (rc == NULL && comp_match) {
+            pkiDebug("%s: cert matches rule (AND relation)\n", __FUNCTION__);
+            total_cert_matches++;
+            save_match = md;
+        }
+    nextcert:
+        continue;
     }
     pkiDebug("%s: After checking %d certs, we found %d matches\n",
-	     __FUNCTION__, certs_checked, total_cert_matches);
+             __FUNCTION__, certs_checked, total_cert_matches);
     if (total_cert_matches == 1) {
-	*match_found = 1;
-	*matching_cert = save_match;
+        *match_found = 1;
+        *matching_cert = save_match;
     }
 
     retval = 0;
 
     pkiDebug("%s: returning %d, match_found %d\n",
-	     __FUNCTION__, retval, *match_found);
+             __FUNCTION__, retval, *match_found);
     return retval;
 }
 
 static krb5_error_code
 free_all_cert_matching_data(krb5_context context,
-			    pkinit_cert_matching_data **matchdata)
+                            pkinit_cert_matching_data **matchdata)
 {
     krb5_error_code retval;
     pkinit_cert_matching_data *md;
     int i;
 
     if (matchdata == NULL)
-	return EINVAL;
+        return EINVAL;
 
     for (i = 0, md = matchdata[i]; md != NULL; md = matchdata[++i]) {
-	pkinit_cert_handle ch = md->ch;
-	retval = crypto_cert_free_matching_data(context, md);
-	if (retval) {
-	    pkiDebug("%s: crypto_cert_free_matching_data error %d, %s\n",
-		     __FUNCTION__, retval, error_message(retval));
-	    goto cleanup;
-	}
-	retval = crypto_cert_release(context, ch);
-	if (retval) {
-	    pkiDebug("%s: crypto_cert_release error %d, %s\n",
-		     __FUNCTION__, retval, error_message(retval));
-	    goto cleanup;
-	}
+        pkinit_cert_handle ch = md->ch;
+        retval = crypto_cert_free_matching_data(context, md);
+        if (retval) {
+            pkiDebug("%s: crypto_cert_free_matching_data error %d, %s\n",
+                     __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
+        retval = crypto_cert_release(context, ch);
+        if (retval) {
+            pkiDebug("%s: crypto_cert_release error %d, %s\n",
+                     __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
     }
     free(matchdata);
     retval = 0;
@@ -655,10 +656,10 @@ cleanup:
 
 static krb5_error_code
 obtain_all_cert_matching_data(krb5_context context,
-			      pkinit_plg_crypto_context plg_cryptoctx,
-			      pkinit_req_crypto_context req_cryptoctx,
-			      pkinit_identity_crypto_context id_cryptoctx,
-			      pkinit_cert_matching_data ***all_matching_data)
+                              pkinit_plg_crypto_context plg_cryptoctx,
+                              pkinit_req_crypto_context req_cryptoctx,
+                              pkinit_identity_crypto_context id_cryptoctx,
+                              pkinit_cert_matching_data ***all_matching_data)
 {
     krb5_error_code retval;
     int i, cert_count;
@@ -667,47 +668,47 @@ obtain_all_cert_matching_data(krb5_context context,
     pkinit_cert_matching_data **matchdata = NULL;
 
     retval = crypto_cert_get_count(context, plg_cryptoctx, req_cryptoctx,
-				   id_cryptoctx, &cert_count);
+                                   id_cryptoctx, &cert_count);
     if (retval) {
-	pkiDebug("%s: crypto_cert_get_count error %d, %s\n",
-		 __FUNCTION__, retval, error_message(retval));
-	goto cleanup;
+        pkiDebug("%s: crypto_cert_get_count error %d, %s\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto cleanup;
     }
 
     pkiDebug("%s: crypto_cert_get_count says there are %d certs\n",
-	      __FUNCTION__, cert_count);
+             __FUNCTION__, cert_count);
 
     matchdata = calloc((size_t)cert_count + 1, sizeof(*matchdata));
     if (matchdata == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     retval = crypto_cert_iteration_begin(context, plg_cryptoctx, req_cryptoctx,
-					 id_cryptoctx, &ih);
+                                         id_cryptoctx, &ih);
     if (retval) {
-	pkiDebug("%s: crypto_cert_iteration_begin returned %d, %s\n",
-		 __FUNCTION__, retval, error_message(retval));
-	goto cleanup;
+        pkiDebug("%s: crypto_cert_iteration_begin returned %d, %s\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto cleanup;
     }
 
     for (i = 0; i < cert_count; i++) {
-	retval = crypto_cert_iteration_next(context, ih, &ch);
-	if (retval) {
-	    if (retval == PKINIT_ITER_NO_MORE)
-		pkiDebug("%s: We thought there were %d certs, but "
-			 "crypto_cert_iteration_next stopped after %d?\n",
-			 __FUNCTION__, cert_count, i);
-	    else
-		pkiDebug("%s: crypto_cert_iteration_next error %d, %s\n",
-			 __FUNCTION__, retval, error_message(retval));
-	    goto cleanup;
-	}
-
-	retval = crypto_cert_get_matching_data(context, ch, &matchdata[i]);
-	if (retval) {
-	    pkiDebug("%s: crypto_cert_get_matching_data error %d, %s\n",
-		     __FUNCTION__, retval, error_message(retval));
-	    goto cleanup;
-	}
+        retval = crypto_cert_iteration_next(context, ih, &ch);
+        if (retval) {
+            if (retval == PKINIT_ITER_NO_MORE)
+                pkiDebug("%s: We thought there were %d certs, but "
+                         "crypto_cert_iteration_next stopped after %d?\n",
+                         __FUNCTION__, cert_count, i);
+            else
+                pkiDebug("%s: crypto_cert_iteration_next error %d, %s\n",
+                         __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
+
+        retval = crypto_cert_get_matching_data(context, ch, &matchdata[i]);
+        if (retval) {
+            pkiDebug("%s: crypto_cert_get_matching_data error %d, %s\n",
+                     __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
 
     }
 
@@ -715,22 +716,22 @@ obtain_all_cert_matching_data(krb5_context context,
     retval = 0;
 cleanup:
     if (ih != NULL)
-	crypto_cert_iteration_end(context, ih);
+        crypto_cert_iteration_end(context, ih);
     if (retval) {
-	if (matchdata != NULL)
-	    free_all_cert_matching_data(context, matchdata);
+        if (matchdata != NULL)
+            free_all_cert_matching_data(context, matchdata);
     }
     pkiDebug("%s: returning %d, certinfo %p\n",
-	     __FUNCTION__, retval, *all_matching_data);
+             __FUNCTION__, retval, *all_matching_data);
     return retval;
 }
 
 krb5_error_code
 pkinit_cert_matching(krb5_context context,
-		     pkinit_plg_crypto_context plg_cryptoctx,
-		     pkinit_req_crypto_context req_cryptoctx,
-		     pkinit_identity_crypto_context id_cryptoctx,
-		     krb5_principal princ)
+                     pkinit_plg_crypto_context plg_cryptoctx,
+                     pkinit_req_crypto_context req_cryptoctx,
+                     pkinit_identity_crypto_context id_cryptoctx,
+                     krb5_principal princ)
 {
 
     krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED;
@@ -743,85 +744,85 @@ pkinit_cert_matching(krb5_context context,
 
     /* If no matching rules, select the default cert and we're done */
     pkinit_libdefault_strings(context, krb5_princ_realm(context, princ),
-			      KRB5_CONF_PKINIT_CERT_MATCH, &rules);
+                              KRB5_CONF_PKINIT_CERT_MATCH, &rules);
     if (rules == NULL) {
-	pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__);
-	retval = crypto_cert_select_default(context, plg_cryptoctx,
-					    req_cryptoctx, id_cryptoctx);
-	goto cleanup;
+        pkiDebug("%s: no matching rules found in config file\n", __FUNCTION__);
+        retval = crypto_cert_select_default(context, plg_cryptoctx,
+                                            req_cryptoctx, id_cryptoctx);
+        goto cleanup;
     }
 
     /* parse each rule line one at a time and check all the certs against it */
     for (x = 0; rules[x] != NULL; x++) {
-	pkiDebug("%s: Processing rule '%s'\n", __FUNCTION__, rules[x]);
-
-	/* Free rules from previous time through... */
-	if (rs != NULL) {
-	    free_rule_set(context, rs);
-	    rs = NULL;
-	}
-	retval = parse_rule_set(context, rules[x], &rs);
-	if (retval) {
-	    if (retval == EINVAL) {
-		pkiDebug("%s: Ignoring invalid rule pkinit_cert_match = '%s'\n",
-			 __FUNCTION__, rules[x]);
-		continue;
-	    }
-	    goto cleanup;
-	}
-
-	/*
-	 * Optimize so that we do not get cert info unless we have
-	 * valid rules to check.  Once obtained, keep it around
-	 * until we are done.
-	 */
-	if (matchdata == NULL) {
-	    retval = obtain_all_cert_matching_data(context, plg_cryptoctx,
-						   req_cryptoctx, id_cryptoctx,
-						   &matchdata);
-	    if (retval || matchdata == NULL) {
-		pkiDebug("%s: Error %d obtaining certificate information\n",
-			 __FUNCTION__, retval);
-		retval = ENOENT;
-		goto cleanup;
-	    }
-	}
-
-	retval = check_all_certs(context, plg_cryptoctx, req_cryptoctx,
-				 id_cryptoctx, princ, rs, matchdata,
-				 &match_found, &the_matching_cert);
-	if (retval) {
-	    pkiDebug("%s: Error %d, checking certs against rule '%s'\n",
-		     __FUNCTION__, retval, rules[x]);
-	    goto cleanup;
-	}
-	if (match_found) {
-	    pkiDebug("%s: We have an exact match with rule '%s'\n",
-		     __FUNCTION__, rules[x]);
-	    break;
-	}
+        pkiDebug("%s: Processing rule '%s'\n", __FUNCTION__, rules[x]);
+
+        /* Free rules from previous time through... */
+        if (rs != NULL) {
+            free_rule_set(context, rs);
+            rs = NULL;
+        }
+        retval = parse_rule_set(context, rules[x], &rs);
+        if (retval) {
+            if (retval == EINVAL) {
+                pkiDebug("%s: Ignoring invalid rule pkinit_cert_match = '%s'\n",
+                         __FUNCTION__, rules[x]);
+                continue;
+            }
+            goto cleanup;
+        }
+
+        /*
+         * Optimize so that we do not get cert info unless we have
+         * valid rules to check.  Once obtained, keep it around
+         * until we are done.
+         */
+        if (matchdata == NULL) {
+            retval = obtain_all_cert_matching_data(context, plg_cryptoctx,
+                                                   req_cryptoctx, id_cryptoctx,
+                                                   &matchdata);
+            if (retval || matchdata == NULL) {
+                pkiDebug("%s: Error %d obtaining certificate information\n",
+                         __FUNCTION__, retval);
+                retval = ENOENT;
+                goto cleanup;
+            }
+        }
+
+        retval = check_all_certs(context, plg_cryptoctx, req_cryptoctx,
+                                 id_cryptoctx, princ, rs, matchdata,
+                                 &match_found, &the_matching_cert);
+        if (retval) {
+            pkiDebug("%s: Error %d, checking certs against rule '%s'\n",
+                     __FUNCTION__, retval, rules[x]);
+            goto cleanup;
+        }
+        if (match_found) {
+            pkiDebug("%s: We have an exact match with rule '%s'\n",
+                     __FUNCTION__, rules[x]);
+            break;
+        }
     }
 
     if (match_found && the_matching_cert != NULL) {
-	pkiDebug("%s: Selecting the matching cert!\n", __FUNCTION__);
-	retval = crypto_cert_select(context, the_matching_cert);
-	if (retval) {
-	    pkiDebug("%s: crypto_cert_select error %d, %s\n",
-		     __FUNCTION__, retval, error_message(retval));
-	    goto cleanup;
-	}
+        pkiDebug("%s: Selecting the matching cert!\n", __FUNCTION__);
+        retval = crypto_cert_select(context, the_matching_cert);
+        if (retval) {
+            pkiDebug("%s: crypto_cert_select error %d, %s\n",
+                     __FUNCTION__, retval, error_message(retval));
+            goto cleanup;
+        }
     } else {
-	retval = ENOENT;    /* XXX */
-	goto cleanup;
+        retval = ENOENT;    /* XXX */
+        goto cleanup;
     }
 
     retval = 0;
 cleanup:
     if (rules != NULL)
-	profile_free_list(rules);
+        profile_free_list(rules);
     if (rs != NULL)
-	free_rule_set(context, rs);
+        free_rule_set(context, rs);
     if (matchdata != NULL)
-	free_all_cert_matching_data(context, matchdata);
+        free_all_cert_matching_data(context, matchdata);
     return retval;
 }
diff --git a/src/plugins/preauth/pkinit/pkinit_profile.c b/src/plugins/preauth/pkinit/pkinit_profile.c
index 6b1b45b..6c22d7e 100644
--- a/src/plugins/preauth/pkinit/pkinit_profile.c
+++ b/src/plugins/preauth/pkinit/pkinit_profile.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -65,13 +66,13 @@ _krb5_conf_boolean(const char *s)
     const char *const *p;
 
     for(p=conf_yes; *p; p++) {
-	if (strcasecmp(*p,s) == 0)
-	    return 1;
+        if (strcasecmp(*p,s) == 0)
+            return 1;
     }
 
     for(p=conf_no; *p; p++) {
-	if (strcasecmp(*p,s) == 0)
-	    return 0;
+        if (strcasecmp(*p,s) == 0)
+            return 0;
     }
 
     /* Default to "no" */
@@ -92,7 +93,7 @@ _krb5_conf_boolean(const char *s)
  */
 krb5_error_code
 pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
-			  const char *option, char ***ret_value)
+                          const char *option, char ***ret_value)
 {
     profile_t profile = NULL;
     const char *names[5];
@@ -100,34 +101,34 @@ pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
     krb5_error_code retval;
 
     if (context == NULL)
-	return KV5M_CONTEXT;
+        return KV5M_CONTEXT;
 
     profile = context->profile;
 
     if (realmname != NULL) {
-	/*
-	 * Try number one:
-	 *
-	 * [realms]
-	 *	    REALM = {
-	 *		option = <value>
-	 *	    }
-	 */
-
-	names[0] = KRB5_CONF_REALMS;
-	names[1] = realmname;
-	names[2] = option;
-	names[3] = 0;
-	retval = profile_get_values(profile, names, &values);
-	if (retval == 0 && values != NULL)
-	    goto goodbye;
+        /*
+         * Try number one:
+         *
+         * [realms]
+         *          REALM = {
+         *              option = <value>
+         *          }
+         */
+
+        names[0] = KRB5_CONF_REALMS;
+        names[1] = realmname;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL)
+            goto goodbye;
     }
 
     /*
      * Try number two:
      *
      * [kdcdefaults]
-     *	    option = <value>
+     *      option = <value>
      */
 
     names[0] = KRB5_CONF_KDCDEFAULTS;
@@ -135,11 +136,11 @@ pkinit_kdcdefault_strings(krb5_context context, const char *realmname,
     names[2] = 0;
     retval = profile_get_values(profile, names, &values);
     if (retval == 0 && values != NULL)
-	goto goodbye;
+        goto goodbye;
 
 goodbye:
     if (values == NULL)
-	retval = ENOENT;
+        retval = ENOENT;
 
     *ret_value = values;
 
@@ -149,21 +150,21 @@ goodbye:
 
 krb5_error_code
 pkinit_kdcdefault_string(krb5_context context, const char *realmname,
-			 const char *option, char **ret_value)
+                         const char *option, char **ret_value)
 {
     krb5_error_code retval;
     char **values = NULL;
 
     retval = pkinit_kdcdefault_strings(context, realmname, option, &values);
     if (retval)
-	return retval;
+        return retval;
 
     if (values[0] == NULL) {
-	retval = ENOENT;
+        retval = ENOENT;
     } else {
-	*ret_value = strdup(values[0]);
-	if (*ret_value == NULL)
-	    retval = ENOMEM;
+        *ret_value = strdup(values[0]);
+        if (*ret_value == NULL)
+            retval = ENOMEM;
     }
 
     profile_free_list(values);
@@ -172,7 +173,7 @@ pkinit_kdcdefault_string(krb5_context context, const char *realmname,
 
 krb5_error_code
 pkinit_kdcdefault_boolean(krb5_context context, const char *realmname,
-			  const char *option, int default_value, int *ret_value)
+                          const char *option, int default_value, int *ret_value)
 {
     char *string = NULL;
     krb5_error_code retval;
@@ -180,17 +181,17 @@ pkinit_kdcdefault_boolean(krb5_context context, const char *realmname,
     retval = pkinit_kdcdefault_string(context, realmname, option, &string);
 
     if (retval == 0) {
-	*ret_value = _krb5_conf_boolean(string);
-	free(string);
+        *ret_value = _krb5_conf_boolean(string);
+        free(string);
     } else
-	*ret_value = default_value;
+        *ret_value = default_value;
 
     return 0;
 }
 
 krb5_error_code
 pkinit_kdcdefault_integer(krb5_context context, const char *realmname,
-			  const char *option, int default_value, int *ret_value)
+                          const char *option, int default_value, int *ret_value)
 {
     char *string = NULL;
     krb5_error_code retval;
@@ -198,16 +199,16 @@ pkinit_kdcdefault_integer(krb5_context context, const char *realmname,
     retval = pkinit_kdcdefault_string(context, realmname, option, &string);
 
     if (retval == 0) {
-	char *endptr;
-	long l;
-	l = strtol(string, &endptr, 0);
-	if (endptr == string)
-	    *ret_value = default_value;
-	else
-	    *ret_value = l;
-	free(string);
+        char *endptr;
+        long l;
+        l = strtol(string, &endptr, 0);
+        if (endptr == string)
+            *ret_value = default_value;
+        else
+            *ret_value = l;
+        free(string);
     } else
-	*ret_value = default_value;
+        *ret_value = default_value;
 
     return 0;
 }
@@ -224,7 +225,7 @@ pkinit_kdcdefault_integer(krb5_context context, const char *realmname,
 
 krb5_error_code
 pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
-			  const char *option, char ***ret_value)
+                          const char *option, char ***ret_value)
 {
     profile_t profile;
     const char *names[5];
@@ -233,60 +234,60 @@ pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
     char realmstr[1024];
 
     if (realm != NULL && realm->length > sizeof(realmstr)-1)
-	return EINVAL;
+        return EINVAL;
 
     if (realm != NULL) {
-	strncpy(realmstr, realm->data, realm->length);
-	realmstr[realm->length] = '\0';
+        strncpy(realmstr, realm->data, realm->length);
+        realmstr[realm->length] = '\0';
     }
 
     if (!context || (context->magic != KV5M_CONTEXT))
-	return KV5M_CONTEXT;
+        return KV5M_CONTEXT;
 
     profile = context->profile;
 
 
     if (realm != NULL) {
-	/*
-	 * Try number one:
-	 *
-	 * [libdefaults]
-	 *	  REALM = {
-	 *		  option = <value>
-	 *	  }
-	 */
-
-	names[0] = KRB5_CONF_LIBDEFAULTS;
-	names[1] = realmstr;
-	names[2] = option;
-	names[3] = 0;
-	retval = profile_get_values(profile, names, &values);
-	if (retval == 0 && values != NULL && values[0] != NULL)
-	    goto goodbye;
-
-	/*
-	 * Try number two:
-	 *
-	 * [realms]
-	 *	REALM = {
-	 *		option = <value>
-	 *	}
-	 */
-
-	names[0] = KRB5_CONF_REALMS;
-	names[1] = realmstr;
-	names[2] = option;
-	names[3] = 0;
-	retval = profile_get_values(profile, names, &values);
-	if (retval == 0 && values != NULL && values[0] != NULL)
-	    goto goodbye;
+        /*
+         * Try number one:
+         *
+         * [libdefaults]
+         *        REALM = {
+         *                option = <value>
+         *        }
+         */
+
+        names[0] = KRB5_CONF_LIBDEFAULTS;
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL && values[0] != NULL)
+            goto goodbye;
+
+        /*
+         * Try number two:
+         *
+         * [realms]
+         *      REALM = {
+         *              option = <value>
+         *      }
+         */
+
+        names[0] = KRB5_CONF_REALMS;
+        names[1] = realmstr;
+        names[2] = option;
+        names[3] = 0;
+        retval = profile_get_values(profile, names, &values);
+        if (retval == 0 && values != NULL && values[0] != NULL)
+            goto goodbye;
     }
 
     /*
      * Try number three:
      *
      * [libdefaults]
-     *	      option = <value>
+     *        option = <value>
      */
 
     names[0] = KRB5_CONF_LIBDEFAULTS;
@@ -294,11 +295,11 @@ pkinit_libdefault_strings(krb5_context context, const krb5_data *realm,
     names[2] = 0;
     retval = profile_get_values(profile, names, &values);
     if (retval == 0 && values != NULL && values[0] != NULL)
-	goto goodbye;
+        goto goodbye;
 
 goodbye:
     if (values == NULL)
-	return ENOENT;
+        return ENOENT;
 
     *ret_value = values;
 
@@ -307,21 +308,21 @@ goodbye:
 
 krb5_error_code
 pkinit_libdefault_string(krb5_context context, const krb5_data *realm,
-			 const char *option, char **ret_value)
+                         const char *option, char **ret_value)
 {
     krb5_error_code retval;
     char **values = NULL;
 
     retval = pkinit_libdefault_strings(context, realm, option, &values);
     if (retval)
-	return retval;
+        return retval;
 
     if (values[0] == NULL) {
-	retval = ENOENT;
+        retval = ENOENT;
     } else {
-	*ret_value = strdup(values[0]);
-	if (*ret_value == NULL)
-	    retval = ENOMEM;
+        *ret_value = strdup(values[0]);
+        if (*ret_value == NULL)
+            retval = ENOMEM;
     }
 
     profile_free_list(values);
@@ -330,27 +331,27 @@ pkinit_libdefault_string(krb5_context context, const krb5_data *realm,
 
 krb5_error_code
 pkinit_libdefault_boolean(krb5_context context, const krb5_data *realm,
-			  const char *option, int default_value,
-			  int *ret_value)
+                          const char *option, int default_value,
+                          int *ret_value)
 {
     char *string = NULL;
     krb5_error_code retval;
 
     retval = pkinit_libdefault_string(context, realm, option, &string);
 
-   if (retval == 0) {
-	*ret_value = _krb5_conf_boolean(string);
-	free(string);
+    if (retval == 0) {
+        *ret_value = _krb5_conf_boolean(string);
+        free(string);
     } else
-	*ret_value = default_value;
+        *ret_value = default_value;
 
     return 0;
 }
 
 krb5_error_code
 pkinit_libdefault_integer(krb5_context context, const krb5_data *realm,
-			  const char *option, int default_value,
-			  int *ret_value)
+                          const char *option, int default_value,
+                          int *ret_value)
 {
     char *string = NULL;
     krb5_error_code retval;
@@ -358,14 +359,14 @@ pkinit_libdefault_integer(krb5_context context, const krb5_data *realm,
     retval = pkinit_libdefault_string(context, realm, option, &string);
 
     if (retval == 0) {
-	char *endptr;
-	long l;
-	l = strtol(string, &endptr, 0);
-	if (endptr == string)
-	    *ret_value = default_value;
-	else
-	    *ret_value = l;
-	free(string);
+        char *endptr;
+        long l;
+        l = strtol(string, &endptr, 0);
+        if (endptr == string)
+            *ret_value = default_value;
+        else
+            *ret_value = l;
+        free(string);
     }
 
     return retval;
diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 8b74472..adfcb95 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * COPYRIGHT (C) 2006,2007
  * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
@@ -38,53 +39,55 @@
 /* Remove when FAST PKINIT is settled. */
 #include "../fast_factor.h"
 
-static krb5_error_code pkinit_init_kdc_req_context
-	(krb5_context, void **blob);
+static krb5_error_code
+pkinit_init_kdc_req_context(krb5_context, void **blob);
 
-static void pkinit_fini_kdc_req_context
-	(krb5_context context, void *blob);
+static void
+pkinit_fini_kdc_req_context(krb5_context context, void *blob);
 
-static void pkinit_server_plugin_fini_realm
-	(krb5_context context, pkinit_kdc_context plgctx);
+static void
+pkinit_server_plugin_fini_realm(krb5_context context,
+                                pkinit_kdc_context plgctx);
 
-static void pkinit_server_plugin_fini
-	(krb5_context context, void *blob);
+static void
+pkinit_server_plugin_fini(krb5_context context, void *blob);
 
-static pkinit_kdc_context pkinit_find_realm_context
-	(krb5_context context, void *pa_plugin_context, krb5_principal princ);
+static pkinit_kdc_context
+pkinit_find_realm_context(krb5_context context, void *pa_plugin_context,
+                          krb5_principal princ);
 
 static krb5_error_code
 pkinit_create_edata(krb5_context context,
-		    pkinit_plg_crypto_context plg_cryptoctx,
-		    pkinit_req_crypto_context req_cryptoctx,
-		    pkinit_identity_crypto_context id_cryptoctx,
-		    pkinit_plg_opts *opts,
-		    krb5_error_code err_code,
-		    krb5_data **e_data)
+                    pkinit_plg_crypto_context plg_cryptoctx,
+                    pkinit_req_crypto_context req_cryptoctx,
+                    pkinit_identity_crypto_context id_cryptoctx,
+                    pkinit_plg_opts *opts,
+                    krb5_error_code err_code,
+                    krb5_data **e_data)
 {
     krb5_error_code retval = KRB5KRB_ERR_GENERIC;
 
     pkiDebug("pkinit_create_edata: creating edata for error %d (%s)\n",
-	     err_code, error_message(err_code));
+             err_code, error_message(err_code));
     switch(err_code) {
-	case KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE:
-	    retval = pkinit_create_td_trusted_certifiers(context,
-		plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data);
-	    break;
-	case KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED:
-	    retval = pkinit_create_td_dh_parameters(context, plg_cryptoctx,
-		req_cryptoctx, id_cryptoctx, opts, e_data);
-	    break;
-	case KRB5KDC_ERR_INVALID_CERTIFICATE:
-	case KRB5KDC_ERR_REVOKED_CERTIFICATE:
-	    retval = pkinit_create_td_invalid_certificate(context,
-		plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data);
-	    break;
-	default:
-	    pkiDebug("no edata needed for error %d (%s)\n",
-		     err_code, error_message(err_code));
-	    retval = 0;
-	    goto cleanup;
+    case KRB5KDC_ERR_CANT_VERIFY_CERTIFICATE:
+        retval = pkinit_create_td_trusted_certifiers(context,
+                                                     plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data);
+        break;
+    case KRB5KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED:
+        retval = pkinit_create_td_dh_parameters(context, plg_cryptoctx,
+                                                req_cryptoctx, id_cryptoctx, opts, e_data);
+        break;
+    case KRB5KDC_ERR_INVALID_CERTIFICATE:
+    case KRB5KDC_ERR_REVOKED_CERTIFICATE:
+        retval = pkinit_create_td_invalid_certificate(context,
+                                                      plg_cryptoctx, req_cryptoctx, id_cryptoctx, e_data);
+        break;
+    default:
+        pkiDebug("no edata needed for error %d (%s)\n",
+                 err_code, error_message(err_code));
+        retval = 0;
+        goto cleanup;
     }
 
 cleanup:
@@ -94,12 +97,12 @@ cleanup:
 
 static krb5_error_code
 pkinit_server_get_edata(krb5_context context,
-			krb5_kdc_req * request,
-			struct _krb5_db_entry_new * client,
-			struct _krb5_db_entry_new * server,
-			preauth_get_entry_data_proc server_get_entry_data,
-			void *pa_plugin_context,
-			krb5_pa_data * data)
+                        krb5_kdc_req * request,
+                        struct _krb5_db_entry_new * client,
+                        struct _krb5_db_entry_new * server,
+                        preauth_get_entry_data_proc server_get_entry_data,
+                        void *pa_plugin_context,
+                        krb5_pa_data * data)
 {
     krb5_error_code retval = 0;
     pkinit_kdc_context plgctx = NULL;
@@ -109,11 +112,11 @@ pkinit_server_get_edata(krb5_context context,
 
     /* Remove (along with armor_key) when FAST PKINIT is settled. */
     retval = fast_kdc_get_armor_key(context, server_get_entry_data, request,
-				    client, &armor_key);
+                                    client, &armor_key);
     if (retval == 0 && armor_key != NULL) {
-	/* Don't advertise PKINIT if the client used FAST. */
-	krb5_free_keyblock(context, armor_key);
-	return EINVAL;
+        /* Don't advertise PKINIT if the client used FAST. */
+        krb5_free_keyblock(context, armor_key);
+        return EINVAL;
     }
 
     /*
@@ -121,19 +124,19 @@ pkinit_server_get_edata(krb5_context context,
      * don't tell the client that we support pkinit!
      */
     plgctx = pkinit_find_realm_context(context, pa_plugin_context,
-				       request->server);
+                                       request->server);
     if (plgctx == NULL)
-	retval = EINVAL;
+        retval = EINVAL;
 
     return retval;
 }
 
 static krb5_error_code
 verify_client_san(krb5_context context,
-		  pkinit_kdc_context plgctx,
-		  pkinit_kdc_req_context reqctx,
-		  krb5_principal client,
-		  int *valid_san)
+                  pkinit_kdc_context plgctx,
+                  pkinit_kdc_req_context reqctx,
+                  krb5_principal client,
+                  int *valid_san)
 {
     krb5_error_code retval;
     krb5_principal *princs = NULL;
@@ -144,30 +147,30 @@ verify_client_san(krb5_context context,
 #endif
 
     retval = crypto_retrieve_cert_sans(context, plgctx->cryptoctx,
-				       reqctx->cryptoctx, plgctx->idctx,
-				       &princs,
-				       plgctx->opts->allow_upn ? &upns : NULL,
-				       NULL);
+                                       reqctx->cryptoctx, plgctx->idctx,
+                                       &princs,
+                                       plgctx->opts->allow_upn ? &upns : NULL,
+                                       NULL);
     if (retval) {
-	pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
-	retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
-	goto out;
+        pkiDebug("%s: error from retrieve_certificate_sans()\n", __FUNCTION__);
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto out;
     }
     /* XXX Verify this is consistent with client side XXX */
 #if 0
     retval = call_san_checking_plugins(context, plgctx, reqctx, princs,
-				       upns, NULL, &plugin_decision, &ignore);
+                                       upns, NULL, &plugin_decision, &ignore);
     pkiDebug("%s: call_san_checking_plugins() returned retval %d\n",
-	     __FUNCTION__);
+             __FUNCTION__);
     if (retval) {
-	retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
-	goto cleanup;
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto cleanup;
     }
     pkiDebug("%s: call_san_checking_plugins() returned decision %d\n",
-	     __FUNCTION__, plugin_decision);
+             __FUNCTION__, plugin_decision);
     if (plugin_decision != NO_DECISION) {
-	retval = plugin_decision;
-	goto out;
+        retval = plugin_decision;
+        goto out;
     }
 #endif
 
@@ -177,17 +180,17 @@ verify_client_san(krb5_context context,
     pkiDebug("%s: Checking pkinit sans\n", __FUNCTION__);
     for (i = 0; princs != NULL && princs[i] != NULL; i++) {
 #ifdef DEBUG_SAN_INFO
-	krb5_unparse_name(context, princs[i], &san_string);
-	pkiDebug("%s: Comparing client '%s' to pkinit san value '%s'\n",
-		 __FUNCTION__, client_string, san_string);
-	krb5_free_unparsed_name(context, san_string);
+        krb5_unparse_name(context, princs[i], &san_string);
+        pkiDebug("%s: Comparing client '%s' to pkinit san value '%s'\n",
+                 __FUNCTION__, client_string, san_string);
+        krb5_free_unparsed_name(context, san_string);
 #endif
-	if (krb5_principal_compare(context, princs[i], client)) {
-	    pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
-	    *valid_san = 1;
-	    retval = 0;
-	    goto out;
-	}
+        if (krb5_principal_compare(context, princs[i], client)) {
+            pkiDebug("%s: pkinit san match found\n", __FUNCTION__);
+            *valid_san = 1;
+            retval = 0;
+            goto out;
+        }
     }
     pkiDebug("%s: no pkinit san match found\n", __FUNCTION__);
     /*
@@ -196,104 +199,104 @@ verify_client_san(krb5_context context,
      */
 
     if (upns == NULL) {
-	pkiDebug("%s: no upn sans (or we wouldn't accept them anyway)\n",
-		 __FUNCTION__);
-	retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
-	goto out;
+        pkiDebug("%s: no upn sans (or we wouldn't accept them anyway)\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto out;
     }
 
     pkiDebug("%s: Checking upn sans\n", __FUNCTION__);
     for (i = 0; upns[i] != NULL; i++) {
 #ifdef DEBUG_SAN_INFO
-	krb5_unparse_name(context, upns[i], &san_string);
-	pkiDebug("%s: Comparing client '%s' to upn san value '%s'\n",
-		 __FUNCTION__, client_string, san_string);
-	krb5_free_unparsed_name(context, san_string);
+        krb5_unparse_name(context, upns[i], &san_string);
+        pkiDebug("%s: Comparing client '%s' to upn san value '%s'\n",
+                 __FUNCTION__, client_string, san_string);
+        krb5_free_unparsed_name(context, san_string);
 #endif
-	if (krb5_principal_compare(context, upns[i], client)) {
-	    pkiDebug("%s: upn san match found\n", __FUNCTION__);
-	    *valid_san = 1;
-	    retval = 0;
-	    goto out;
-	}
+        if (krb5_principal_compare(context, upns[i], client)) {
+            pkiDebug("%s: upn san match found\n", __FUNCTION__);
+            *valid_san = 1;
+            retval = 0;
+            goto out;
+        }
     }
     pkiDebug("%s: no upn san match found\n", __FUNCTION__);
 
     /* We found no match */
     if (princs != NULL || upns != NULL) {
-	*valid_san = 0;
-	/* XXX ??? If there was one or more name in the cert, but
-	 * none matched the client name, then return mismatch? */
-	retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        *valid_san = 0;
+        /* XXX ??? If there was one or more name in the cert, but
+         * none matched the client name, then return mismatch? */
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
     }
     retval = 0;
 
 out:
     if (princs != NULL) {
-	for (i = 0; princs[i] != NULL; i++)
-	    krb5_free_principal(context, princs[i]);
-	free(princs);
+        for (i = 0; princs[i] != NULL; i++)
+            krb5_free_principal(context, princs[i]);
+        free(princs);
     }
     if (upns != NULL) {
-	for (i = 0; upns[i] != NULL; i++)
-	    krb5_free_principal(context, upns[i]);
-	free(upns);
+        for (i = 0; upns[i] != NULL; i++)
+            krb5_free_principal(context, upns[i]);
+        free(upns);
     }
 #ifdef DEBUG_SAN_INFO
     if (client_string != NULL)
-	krb5_free_unparsed_name(context, client_string);
+        krb5_free_unparsed_name(context, client_string);
 #endif
     pkiDebug("%s: returning retval %d, valid_san %d\n",
-	     __FUNCTION__, retval, *valid_san);
+             __FUNCTION__, retval, *valid_san);
     return retval;
 }
 
 static krb5_error_code
 verify_client_eku(krb5_context context,
-		  pkinit_kdc_context plgctx,
-		  pkinit_kdc_req_context reqctx,
-		  int *eku_accepted)
+                  pkinit_kdc_context plgctx,
+                  pkinit_kdc_req_context reqctx,
+                  int *eku_accepted)
 {
     krb5_error_code retval;
 
     *eku_accepted = 0;
 
     if (plgctx->opts->require_eku == 0) {
-	pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
-	*eku_accepted = 1;
-	retval = 0;
-	goto out;
+        pkiDebug("%s: configuration requests no EKU checking\n", __FUNCTION__);
+        *eku_accepted = 1;
+        retval = 0;
+        goto out;
     }
 
     retval = crypto_check_cert_eku(context, plgctx->cryptoctx,
-				   reqctx->cryptoctx, plgctx->idctx,
-				   0, /* kdc cert */
-				   plgctx->opts->accept_secondary_eku,
-				   eku_accepted);
+                                   reqctx->cryptoctx, plgctx->idctx,
+                                   0, /* kdc cert */
+                                   plgctx->opts->accept_secondary_eku,
+                                   eku_accepted);
     if (retval) {
-	pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
-		 __FUNCTION__, retval, error_message(retval));
-	goto out;
+        pkiDebug("%s: Error from crypto_check_cert_eku %d (%s)\n",
+                 __FUNCTION__, retval, error_message(retval));
+        goto out;
     }
 
 out:
     pkiDebug("%s: returning retval %d, eku_accepted %d\n",
-	     __FUNCTION__, retval, *eku_accepted);
+             __FUNCTION__, retval, *eku_accepted);
     return retval;
 }
 
 static krb5_error_code
 pkinit_server_verify_padata(krb5_context context,
-			    struct _krb5_db_entry_new * client,
-			    krb5_data *req_pkt,
-			    krb5_kdc_req * request,
-			    krb5_enc_tkt_part * enc_tkt_reply,
-			    krb5_pa_data * data,
-			    preauth_get_entry_data_proc server_get_entry_data,
-			    void *pa_plugin_context,
-			    void **pa_request_context,
-			    krb5_data **e_data,
-			    krb5_authdata ***authz_data)
+                            struct _krb5_db_entry_new * client,
+                            krb5_data *req_pkt,
+                            krb5_kdc_req * request,
+                            krb5_enc_tkt_part * enc_tkt_reply,
+                            krb5_pa_data * data,
+                            preauth_get_entry_data_proc server_get_entry_data,
+                            void *pa_plugin_context,
+                            void **pa_request_context,
+                            krb5_data **e_data,
+                            krb5_authdata ***authz_data)
 {
     krb5_error_code retval = 0;
     krb5_octet_data authp_data = {0, 0, NULL}, krb5_authz = {0, 0, NULL};
@@ -315,24 +318,24 @@ pkinit_server_verify_padata(krb5_context context,
 
     pkiDebug("pkinit_verify_padata: entered!\n");
     if (data == NULL || data->length <= 0 || data->contents == NULL)
-	return 0;
+        return 0;
 
     /* Remove (along with armor_key) when FAST PKINIT is settled. */
     retval = fast_kdc_get_armor_key(context, server_get_entry_data, request,
-				    client, &armor_key);
+                                    client, &armor_key);
     if (retval == 0 && armor_key != NULL) {
-	/* Don't allow PKINIT if the client used FAST. */
-	krb5_free_keyblock(context, armor_key);
-	return EINVAL;
+        /* Don't allow PKINIT if the client used FAST. */
+        krb5_free_keyblock(context, armor_key);
+        return EINVAL;
     }
 
     if (pa_plugin_context == NULL || e_data == NULL)
-	return EINVAL;
+        return EINVAL;
 
     plgctx = pkinit_find_realm_context(context, pa_plugin_context,
-				       request->server);
+                                       request->server);
     if (plgctx == NULL)
-	return 0;
+        return 0;
 
 #ifdef DEBUG_ASN1
     print_buffer_bin(data->contents, data->length, "/tmp/kdc_as_req");
@@ -340,83 +343,83 @@ pkinit_server_verify_padata(krb5_context context,
     /* create a per-request context */
     retval = pkinit_init_kdc_req_context(context, (void **)&reqctx);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     reqctx->pa_type = data->pa_type;
 
     PADATA_TO_KRB5DATA(data, &k5data);
 
     switch ((int)data->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
-	    pa_type = (int)data->pa_type;
-	    retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp);
-	    if (retval) {
-		pkiDebug("decode_krb5_pa_pk_as_req failed\n");
-		goto cleanup;
-	    }
+    case KRB5_PADATA_PK_AS_REQ:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REQ\n");
+        pa_type = (int)data->pa_type;
+        retval = k5int_decode_krb5_pa_pk_as_req(&k5data, &reqp);
+        if (retval) {
+            pkiDebug("decode_krb5_pa_pk_as_req failed\n");
+            goto cleanup;
+        }
 #ifdef DEBUG_ASN1
-	    print_buffer_bin(reqp->signedAuthPack.data,
-			     reqp->signedAuthPack.length,
-			     "/tmp/kdc_signed_data");
+        print_buffer_bin(reqp->signedAuthPack.data,
+                         reqp->signedAuthPack.length,
+                         "/tmp/kdc_signed_data");
 #endif
-	    retval = cms_signeddata_verify(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_CLIENT,
-		plgctx->opts->require_crl_checking,
-		reqp->signedAuthPack.data, reqp->signedAuthPack.length,
-		&authp_data.data, &authp_data.length, &krb5_authz.data,
-		&krb5_authz.length);
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
-	    pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
-	    retval = k5int_decode_krb5_pa_pk_as_req_draft9(&k5data, &reqp9);
-	    if (retval) {
-		pkiDebug("decode_krb5_pa_pk_as_req_draft9 failed\n");
-		goto cleanup;
-	    }
+        retval = cms_signeddata_verify(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_CLIENT,
+                                       plgctx->opts->require_crl_checking,
+                                       reqp->signedAuthPack.data, reqp->signedAuthPack.length,
+                                       &authp_data.data, &authp_data.length, &krb5_authz.data,
+                                       &krb5_authz.length);
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        pkiDebug("processing KRB5_PADATA_PK_AS_REQ_OLD\n");
+        pa_type = KRB5_PADATA_PK_AS_REQ_OLD;
+        retval = k5int_decode_krb5_pa_pk_as_req_draft9(&k5data, &reqp9);
+        if (retval) {
+            pkiDebug("decode_krb5_pa_pk_as_req_draft9 failed\n");
+            goto cleanup;
+        }
 #ifdef DEBUG_ASN1
-	    print_buffer_bin(reqp9->signedAuthPack.data,
-			     reqp9->signedAuthPack.length,
-			     "/tmp/kdc_signed_data_draft9");
+        print_buffer_bin(reqp9->signedAuthPack.data,
+                         reqp9->signedAuthPack.length,
+                         "/tmp/kdc_signed_data_draft9");
 #endif
 
-	    retval = cms_signeddata_verify(context, plgctx->cryptoctx,
-		reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9,
-		plgctx->opts->require_crl_checking,
-		reqp9->signedAuthPack.data, reqp9->signedAuthPack.length,
-		&authp_data.data, &authp_data.length, &krb5_authz.data,
-		&krb5_authz.length);
-	    break;
-	default:
-	    pkiDebug("unrecognized pa_type = %d\n", data->pa_type);
-	    retval = EINVAL;
-	    goto cleanup;
+        retval = cms_signeddata_verify(context, plgctx->cryptoctx,
+                                       reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9,
+                                       plgctx->opts->require_crl_checking,
+                                       reqp9->signedAuthPack.data, reqp9->signedAuthPack.length,
+                                       &authp_data.data, &authp_data.length, &krb5_authz.data,
+                                       &krb5_authz.length);
+        break;
+    default:
+        pkiDebug("unrecognized pa_type = %d\n", data->pa_type);
+        retval = EINVAL;
+        goto cleanup;
     }
     if (retval) {
-	pkiDebug("pkcs7_signeddata_verify failed\n");
-	goto cleanup;
+        pkiDebug("pkcs7_signeddata_verify failed\n");
+        goto cleanup;
     }
 
     retval = verify_client_san(context, plgctx, reqctx, request->client,
-			       &valid_san);
+                               &valid_san);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     if (!valid_san) {
-	pkiDebug("%s: did not find an acceptable SAN in user certificate\n",
-		 __FUNCTION__);
-	retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
-	goto cleanup;
+        pkiDebug("%s: did not find an acceptable SAN in user certificate\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_CLIENT_NAME_MISMATCH;
+        goto cleanup;
     }
     retval = verify_client_eku(context, plgctx, reqctx, &valid_eku);
     if (retval)
-	goto cleanup;
+        goto cleanup;
 
     if (!valid_eku) {
-	pkiDebug("%s: did not find an acceptable EKU in user certificate\n",
-		 __FUNCTION__);
-	retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
-	goto cleanup;
+        pkiDebug("%s: did not find an acceptable EKU in user certificate\n",
+                 __FUNCTION__);
+        retval = KRB5KDC_ERR_INCONSISTENT_KEY_PURPOSE;
+        goto cleanup;
     }
 
 #ifdef DEBUG_ASN1
@@ -425,226 +428,226 @@ pkinit_server_verify_padata(krb5_context context,
 
     OCTETDATA_TO_KRB5DATA(&authp_data, &k5data);
     switch ((int)data->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack);
-	    if (retval) {
-		pkiDebug("failed to decode krb5_auth_pack\n");
-		goto cleanup;
-	    }
-
-	    /* check dh parameters */
-	    if (auth_pack->clientPublicValue != NULL) {
-		retval = server_check_dh(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx,
-		    &auth_pack->clientPublicValue->algorithm.parameters,
-		    plgctx->opts->dh_min_bits);
-
-		if (retval) {
-		    pkiDebug("bad dh parameters\n");
-		    goto cleanup;
-		}
-	    }
-	    /*
-	     * The KDC may have modified the request after decoding it.
-	     * We need to compute the checksum on the data that
-	     * came from the client.  Therefore, we use the original
-	     * packet contents.
-	     */
-	    retval = k5int_decode_krb5_as_req(req_pkt, &tmp_as_req);
-	    if (retval) {
-		pkiDebug("decode_krb5_as_req returned %d\n", (int)retval);
-		goto cleanup;
-	    }
-
-	    retval = k5int_encode_krb5_kdc_req_body(tmp_as_req, &der_req);
-	    if (retval) {
-		pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
-		goto cleanup;
-	    }
-	    retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL,
-					  0, der_req, &cksum);
-	    if (retval) {
-		pkiDebug("unable to calculate AS REQ checksum\n");
-		goto cleanup;
-	    }
-	    if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length ||
-		memcmp(cksum.contents,
-		       auth_pack->pkAuthenticator.paChecksum.contents,
-		       cksum.length)) {
-		pkiDebug("failed to match the checksum\n");
+    case KRB5_PADATA_PK_AS_REQ:
+        retval = k5int_decode_krb5_auth_pack(&k5data, &auth_pack);
+        if (retval) {
+            pkiDebug("failed to decode krb5_auth_pack\n");
+            goto cleanup;
+        }
+
+        /* check dh parameters */
+        if (auth_pack->clientPublicValue != NULL) {
+            retval = server_check_dh(context, plgctx->cryptoctx,
+                                     reqctx->cryptoctx, plgctx->idctx,
+                                     &auth_pack->clientPublicValue->algorithm.parameters,
+                                     plgctx->opts->dh_min_bits);
+
+            if (retval) {
+                pkiDebug("bad dh parameters\n");
+                goto cleanup;
+            }
+        }
+        /*
+         * The KDC may have modified the request after decoding it.
+         * We need to compute the checksum on the data that
+         * came from the client.  Therefore, we use the original
+         * packet contents.
+         */
+        retval = k5int_decode_krb5_as_req(req_pkt, &tmp_as_req);
+        if (retval) {
+            pkiDebug("decode_krb5_as_req returned %d\n", (int)retval);
+            goto cleanup;
+        }
+
+        retval = k5int_encode_krb5_kdc_req_body(tmp_as_req, &der_req);
+        if (retval) {
+            pkiDebug("encode_krb5_kdc_req_body returned %d\n", (int) retval);
+            goto cleanup;
+        }
+        retval = krb5_c_make_checksum(context, CKSUMTYPE_NIST_SHA, NULL,
+                                      0, der_req, &cksum);
+        if (retval) {
+            pkiDebug("unable to calculate AS REQ checksum\n");
+            goto cleanup;
+        }
+        if (cksum.length != auth_pack->pkAuthenticator.paChecksum.length ||
+            memcmp(cksum.contents,
+                   auth_pack->pkAuthenticator.paChecksum.contents,
+                   cksum.length)) {
+            pkiDebug("failed to match the checksum\n");
 #ifdef DEBUG_CKSUM
-		pkiDebug("calculating checksum on buf size (%d)\n",
-			 req_pkt->length);
-		print_buffer(req_pkt->data, req_pkt->length);
-		pkiDebug("received checksum type=%d size=%d ",
-			auth_pack->pkAuthenticator.paChecksum.checksum_type,
-			auth_pack->pkAuthenticator.paChecksum.length);
-		print_buffer(auth_pack->pkAuthenticator.paChecksum.contents,
-			     auth_pack->pkAuthenticator.paChecksum.length);
-		pkiDebug("expected checksum type=%d size=%d ",
-			 cksum.checksum_type, cksum.length);
-		print_buffer(cksum.contents, cksum.length);
+            pkiDebug("calculating checksum on buf size (%d)\n",
+                     req_pkt->length);
+            print_buffer(req_pkt->data, req_pkt->length);
+            pkiDebug("received checksum type=%d size=%d ",
+                     auth_pack->pkAuthenticator.paChecksum.checksum_type,
+                     auth_pack->pkAuthenticator.paChecksum.length);
+            print_buffer(auth_pack->pkAuthenticator.paChecksum.contents,
+                         auth_pack->pkAuthenticator.paChecksum.length);
+            pkiDebug("expected checksum type=%d size=%d ",
+                     cksum.checksum_type, cksum.length);
+            print_buffer(cksum.contents, cksum.length);
 #endif
 
-		retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
-		goto cleanup;
-	    }
-
-	    /* check if kdcPkId present and match KDC's subjectIdentifier */
-	    if (reqp->kdcPkId.data != NULL) {
-		int valid_kdcPkId = 0;
-		retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx,
-		    reqp->kdcPkId.data, reqp->kdcPkId.length, &valid_kdcPkId);
-		if (retval)
-		    goto cleanup;
-		if (!valid_kdcPkId)
-		    pkiDebug("kdcPkId in AS_REQ does not match KDC's cert"
-			     "RFC says to ignore and proceed\n");
-
-	    }
-	    /* remember the decoded auth_pack for verify_padata routine */
-	    reqctx->rcv_auth_pack = auth_pack;
-	    auth_pack = NULL;
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    retval = k5int_decode_krb5_auth_pack_draft9(&k5data, &auth_pack9);
-	    if (retval) {
-		pkiDebug("failed to decode krb5_auth_pack_draft9\n");
-		goto cleanup;
-	    }
-	    if (auth_pack9->clientPublicValue != NULL) {
-		retval = server_check_dh(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx,
-		    &auth_pack9->clientPublicValue->algorithm.parameters,
-		    plgctx->opts->dh_min_bits);
-
-		if (retval) {
-		    pkiDebug("bad dh parameters\n");
-		    goto cleanup;
-		}
-	    }
-	    /* remember the decoded auth_pack for verify_padata routine */
-	    reqctx->rcv_auth_pack9 = auth_pack9;
-	    auth_pack9 = NULL;
-	    break;
+            retval = KRB5KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+            goto cleanup;
+        }
+
+        /* check if kdcPkId present and match KDC's subjectIdentifier */
+        if (reqp->kdcPkId.data != NULL) {
+            int valid_kdcPkId = 0;
+            retval = pkinit_check_kdc_pkid(context, plgctx->cryptoctx,
+                                           reqctx->cryptoctx, plgctx->idctx,
+                                           reqp->kdcPkId.data, reqp->kdcPkId.length, &valid_kdcPkId);
+            if (retval)
+                goto cleanup;
+            if (!valid_kdcPkId)
+                pkiDebug("kdcPkId in AS_REQ does not match KDC's cert"
+                         "RFC says to ignore and proceed\n");
+
+        }
+        /* remember the decoded auth_pack for verify_padata routine */
+        reqctx->rcv_auth_pack = auth_pack;
+        auth_pack = NULL;
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        retval = k5int_decode_krb5_auth_pack_draft9(&k5data, &auth_pack9);
+        if (retval) {
+            pkiDebug("failed to decode krb5_auth_pack_draft9\n");
+            goto cleanup;
+        }
+        if (auth_pack9->clientPublicValue != NULL) {
+            retval = server_check_dh(context, plgctx->cryptoctx,
+                                     reqctx->cryptoctx, plgctx->idctx,
+                                     &auth_pack9->clientPublicValue->algorithm.parameters,
+                                     plgctx->opts->dh_min_bits);
+
+            if (retval) {
+                pkiDebug("bad dh parameters\n");
+                goto cleanup;
+            }
+        }
+        /* remember the decoded auth_pack for verify_padata routine */
+        reqctx->rcv_auth_pack9 = auth_pack9;
+        auth_pack9 = NULL;
+        break;
     }
 
     /* return authorization data to be included in the ticket */
     switch ((int)data->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    my_authz_data = malloc(2 * sizeof(*my_authz_data));
-	    if (my_authz_data == NULL) {
-		retval = ENOMEM;
-		pkiDebug("Couldn't allocate krb5_authdata ptr array\n");
-		goto cleanup;
-	    }
-	    my_authz_data[1] = NULL;
-	    my_authz_data[0] = malloc(sizeof(krb5_authdata));
-	    if (my_authz_data[0] == NULL) {
-		retval = ENOMEM;
-		pkiDebug("Couldn't allocate krb5_authdata\n");
-		free(my_authz_data);
-		goto cleanup;
-	    }
-	    /* AD-INITIAL-VERIFIED-CAS must be wrapped in AD-IF-RELEVANT */
-	    my_authz_data[0]->magic = KV5M_AUTHDATA;
-	    my_authz_data[0]->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
-
-	    /* create an internal AD-INITIAL-VERIFIED-CAS data */
-	    pkinit_authz_data = malloc(sizeof(krb5_authdata));
-	    if (pkinit_authz_data == NULL) {
-		retval = ENOMEM;
-		pkiDebug("Couldn't allocate krb5_authdata\n");
-		free(my_authz_data[0]);
-		free(my_authz_data);
-		goto cleanup;
-	    }
-	    pkinit_authz_data->ad_type = KRB5_AUTHDATA_INITIAL_VERIFIED_CAS;
-	    /* content of this ad-type contains the certification
-	       path with which the client certificate was validated
-	     */
-	    pkinit_authz_data->contents = krb5_authz.data;
-	    pkinit_authz_data->length = krb5_authz.length;
-	    retval = k5int_encode_krb5_authdata_elt(pkinit_authz_data,
-			    &encoded_pkinit_authz_data);
+    case KRB5_PADATA_PK_AS_REQ:
+        my_authz_data = malloc(2 * sizeof(*my_authz_data));
+        if (my_authz_data == NULL) {
+            retval = ENOMEM;
+            pkiDebug("Couldn't allocate krb5_authdata ptr array\n");
+            goto cleanup;
+        }
+        my_authz_data[1] = NULL;
+        my_authz_data[0] = malloc(sizeof(krb5_authdata));
+        if (my_authz_data[0] == NULL) {
+            retval = ENOMEM;
+            pkiDebug("Couldn't allocate krb5_authdata\n");
+            free(my_authz_data);
+            goto cleanup;
+        }
+        /* AD-INITIAL-VERIFIED-CAS must be wrapped in AD-IF-RELEVANT */
+        my_authz_data[0]->magic = KV5M_AUTHDATA;
+        my_authz_data[0]->ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+
+        /* create an internal AD-INITIAL-VERIFIED-CAS data */
+        pkinit_authz_data = malloc(sizeof(krb5_authdata));
+        if (pkinit_authz_data == NULL) {
+            retval = ENOMEM;
+            pkiDebug("Couldn't allocate krb5_authdata\n");
+            free(my_authz_data[0]);
+            free(my_authz_data);
+            goto cleanup;
+        }
+        pkinit_authz_data->ad_type = KRB5_AUTHDATA_INITIAL_VERIFIED_CAS;
+        /* content of this ad-type contains the certification
+           path with which the client certificate was validated
+        */
+        pkinit_authz_data->contents = krb5_authz.data;
+        pkinit_authz_data->length = krb5_authz.length;
+        retval = k5int_encode_krb5_authdata_elt(pkinit_authz_data,
+                                                &encoded_pkinit_authz_data);
 #ifdef DEBUG_ASN1
-	    print_buffer_bin((unsigned char *)encoded_pkinit_authz_data->data,
-			     encoded_pkinit_authz_data->length,
-			     "/tmp/kdc_pkinit_authz_data");
+        print_buffer_bin((unsigned char *)encoded_pkinit_authz_data->data,
+                         encoded_pkinit_authz_data->length,
+                         "/tmp/kdc_pkinit_authz_data");
 #endif
-	    free(pkinit_authz_data);
-	    if (retval) {
-		pkiDebug("k5int_encode_krb5_authdata_elt failed\n");
-		free(my_authz_data[0]);
-		free(my_authz_data);
-		goto cleanup;
-	    }
-
-	    my_authz_data[0]->contents =
-			    (krb5_octet *) encoded_pkinit_authz_data->data;
-	    my_authz_data[0]->length = encoded_pkinit_authz_data->length;
-	    *authz_data = my_authz_data;
-	    pkiDebug("Returning %d bytes of authorization data\n",
-		     krb5_authz.length);
-	    encoded_pkinit_authz_data->data = NULL; /* Don't free during cleanup*/
-	    free(encoded_pkinit_authz_data);
-	    break;
-	default:
-	    *authz_data = NULL;
+        free(pkinit_authz_data);
+        if (retval) {
+            pkiDebug("k5int_encode_krb5_authdata_elt failed\n");
+            free(my_authz_data[0]);
+            free(my_authz_data);
+            goto cleanup;
+        }
+
+        my_authz_data[0]->contents =
+            (krb5_octet *) encoded_pkinit_authz_data->data;
+        my_authz_data[0]->length = encoded_pkinit_authz_data->length;
+        *authz_data = my_authz_data;
+        pkiDebug("Returning %d bytes of authorization data\n",
+                 krb5_authz.length);
+        encoded_pkinit_authz_data->data = NULL; /* Don't free during cleanup*/
+        free(encoded_pkinit_authz_data);
+        break;
+    default:
+        *authz_data = NULL;
     }
     /* remember to set the PREAUTH flag in the reply */
     enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
     *pa_request_context = reqctx;
     reqctx = NULL;
 
-  cleanup:
+cleanup:
     if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) {
-	pkiDebug("pkinit_verify_padata failed: creating e-data\n");
-	if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx,
-		plgctx->idctx, plgctx->opts, retval, e_data))
-	    pkiDebug("pkinit_create_edata failed\n");
+        pkiDebug("pkinit_verify_padata failed: creating e-data\n");
+        if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx,
+                                plgctx->idctx, plgctx->opts, retval, e_data))
+            pkiDebug("pkinit_create_edata failed\n");
     }
 
     switch ((int)data->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    free_krb5_pa_pk_as_req(&reqp);
-	    free(cksum.contents);
-	    if (der_req != NULL)
-		 krb5_free_data(context, der_req);
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    free_krb5_pa_pk_as_req_draft9(&reqp9);
+    case KRB5_PADATA_PK_AS_REQ:
+        free_krb5_pa_pk_as_req(&reqp);
+        free(cksum.contents);
+        if (der_req != NULL)
+            krb5_free_data(context, der_req);
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        free_krb5_pa_pk_as_req_draft9(&reqp9);
     }
     if (tmp_as_req != NULL)
-	k5int_krb5_free_kdc_req(context, tmp_as_req);
+        k5int_krb5_free_kdc_req(context, tmp_as_req);
     free(authp_data.data);
     free(krb5_authz.data);
     if (reqctx != NULL)
-	pkinit_fini_kdc_req_context(context, reqctx);
+        pkinit_fini_kdc_req_context(context, reqctx);
     if (auth_pack != NULL)
-	free_krb5_auth_pack(&auth_pack);
+        free_krb5_auth_pack(&auth_pack);
     if (auth_pack9 != NULL)
-	free_krb5_auth_pack_draft9(context, &auth_pack9);
+        free_krb5_auth_pack_draft9(context, &auth_pack9);
 
     return retval;
 }
 
 static krb5_error_code
 pkinit_server_return_padata(krb5_context context,
-			    krb5_pa_data * padata,
-			    struct _krb5_db_entry_new * client,
-			    krb5_data *req_pkt,
-			    krb5_kdc_req * request,
-			    krb5_kdc_rep * reply,
-			    struct _krb5_key_data * client_key,
-			    krb5_keyblock * encrypting_key,
-			    krb5_pa_data ** send_pa,
-			    preauth_get_entry_data_proc server_get_entry_data,
-			    void *pa_plugin_context,
-			    void **pa_request_context)
+                            krb5_pa_data * padata,
+                            struct _krb5_db_entry_new * client,
+                            krb5_data *req_pkt,
+                            krb5_kdc_req * request,
+                            krb5_kdc_rep * reply,
+                            struct _krb5_key_data * client_key,
+                            krb5_keyblock * encrypting_key,
+                            krb5_pa_data ** send_pa,
+                            preauth_get_entry_data_proc server_get_entry_data,
+                            void *pa_plugin_context,
+                            void **pa_request_context)
 {
     krb5_error_code retval = 0;
     krb5_data scratch = {0, 0, NULL};
@@ -678,355 +681,355 @@ pkinit_server_return_padata(krb5_context context,
 
     *send_pa = NULL;
     if (padata == NULL || padata->length <= 0 || padata->contents == NULL)
-	return 0;
+        return 0;
 
     if (pa_request_context == NULL || *pa_request_context == NULL) {
-	pkiDebug("missing request context \n");
-	return EINVAL;
+        pkiDebug("missing request context \n");
+        return EINVAL;
     }
 
     plgctx = pkinit_find_realm_context(context, pa_plugin_context,
-				       request->server);
+                                       request->server);
     if (plgctx == NULL) {
-	pkiDebug("Unable to locate correct realm context\n");
-	return ENOENT;
+        pkiDebug("Unable to locate correct realm context\n");
+        return ENOENT;
     }
 
     pkiDebug("pkinit_return_padata: entered!\n");
     reqctx = (pkinit_kdc_req_context)*pa_request_context;
 
     if (encrypting_key->contents) {
-	free(encrypting_key->contents);
-	encrypting_key->length = 0;
-	encrypting_key->contents = NULL;
+        free(encrypting_key->contents);
+        encrypting_key->length = 0;
+        encrypting_key->contents = NULL;
     }
 
     for(i = 0; i < request->nktypes; i++) {
-	enctype = request->ktype[i];
-	if (!krb5_c_valid_enctype(enctype))
-	    continue;
-	else {
-	    pkiDebug("KDC picked etype = %d\n", enctype);
-	    break;
-	}
+        enctype = request->ktype[i];
+        if (!krb5_c_valid_enctype(enctype))
+            continue;
+        else {
+            pkiDebug("KDC picked etype = %d\n", enctype);
+            break;
+        }
     }
 
     if (i == request->nktypes) {
-	retval = KRB5KDC_ERR_ETYPE_NOSUPP;
-	goto cleanup;
+        retval = KRB5KDC_ERR_ETYPE_NOSUPP;
+        goto cleanup;
     }
 
     switch((int)reqctx->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    init_krb5_pa_pk_as_rep(&rep);
-	    if (rep == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    /* let's assume it's RSA. we'll reset it to DH if needed */
-	    rep->choice = choice_pa_pk_as_rep_encKeyPack;
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    init_krb5_pa_pk_as_rep_draft9(&rep9);
-	    if (rep9 == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
-	    break;
-	default:
-	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
-	    goto cleanup;
+    case KRB5_PADATA_PK_AS_REQ:
+        init_krb5_pa_pk_as_rep(&rep);
+        if (rep == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        /* let's assume it's RSA. we'll reset it to DH if needed */
+        rep->choice = choice_pa_pk_as_rep_encKeyPack;
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        init_krb5_pa_pk_as_rep_draft9(&rep9);
+        if (rep9 == NULL) {
+            retval = ENOMEM;
+            goto cleanup;
+        }
+        rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
+        break;
+    default:
+        retval = KRB5KDC_ERR_PREAUTH_FAILED;
+        goto cleanup;
     }
 
     if (reqctx->rcv_auth_pack != NULL &&
-	    reqctx->rcv_auth_pack->clientPublicValue != NULL) {
-	subjectPublicKey =
-	    reqctx->rcv_auth_pack->clientPublicValue->subjectPublicKey.data;
-	subjectPublicKey_len =
-	    reqctx->rcv_auth_pack->clientPublicValue->subjectPublicKey.length;
-	rep->choice = choice_pa_pk_as_rep_dhInfo;
+        reqctx->rcv_auth_pack->clientPublicValue != NULL) {
+        subjectPublicKey =
+            reqctx->rcv_auth_pack->clientPublicValue->subjectPublicKey.data;
+        subjectPublicKey_len =
+            reqctx->rcv_auth_pack->clientPublicValue->subjectPublicKey.length;
+        rep->choice = choice_pa_pk_as_rep_dhInfo;
     } else if (reqctx->rcv_auth_pack9 != NULL &&
-		reqctx->rcv_auth_pack9->clientPublicValue != NULL) {
-	subjectPublicKey =
-	    reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.data;
-	subjectPublicKey_len =
-	    reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.length;
-	rep9->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
+               reqctx->rcv_auth_pack9->clientPublicValue != NULL) {
+        subjectPublicKey =
+            reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.data;
+        subjectPublicKey_len =
+            reqctx->rcv_auth_pack9->clientPublicValue->subjectPublicKey.length;
+        rep9->choice = choice_pa_pk_as_rep_draft9_dhSignedData;
     }
 
     /* if this DH, then process finish computing DH key */
     if (rep != NULL && (rep->choice == choice_pa_pk_as_rep_dhInfo ||
-	    rep->choice == choice_pa_pk_as_rep_draft9_dhSignedData)) {
-	pkiDebug("received DH key delivery AS REQ\n");
-	retval = server_process_dh(context, plgctx->cryptoctx,
-	    reqctx->cryptoctx, plgctx->idctx, subjectPublicKey,
-	    subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len,
-	    &server_key, &server_key_len);
-	if (retval) {
-	    pkiDebug("failed to process/create dh paramters\n");
-	    goto cleanup;
-	}
+                        rep->choice == choice_pa_pk_as_rep_draft9_dhSignedData)) {
+        pkiDebug("received DH key delivery AS REQ\n");
+        retval = server_process_dh(context, plgctx->cryptoctx,
+                                   reqctx->cryptoctx, plgctx->idctx, subjectPublicKey,
+                                   subjectPublicKey_len, &dh_pubkey, &dh_pubkey_len,
+                                   &server_key, &server_key_len);
+        if (retval) {
+            pkiDebug("failed to process/create dh paramters\n");
+            goto cleanup;
+        }
     }
 
     if ((rep9 != NULL &&
-	    rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
-	(rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
-	retval = pkinit_octetstring2key(context, enctype, server_key,
-					server_key_len, encrypting_key);
-	if (retval) {
-	    pkiDebug("pkinit_octetstring2key failed: %s\n",
-		     error_message(retval));
-	    goto cleanup;
-	}
-
-	dhkey_info.subjectPublicKey.length = dh_pubkey_len;
-	dhkey_info.subjectPublicKey.data = dh_pubkey;
-	dhkey_info.nonce = request->nonce;
-	dhkey_info.dhKeyExpiration = 0;
-
-	retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info,
-						   &encoded_dhkey_info);
-	if (retval) {
-	    pkiDebug("encode_krb5_kdc_dh_key_info failed\n");
-	    goto cleanup;
-	}
+         rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
+        (rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
+        retval = pkinit_octetstring2key(context, enctype, server_key,
+                                        server_key_len, encrypting_key);
+        if (retval) {
+            pkiDebug("pkinit_octetstring2key failed: %s\n",
+                     error_message(retval));
+            goto cleanup;
+        }
+
+        dhkey_info.subjectPublicKey.length = dh_pubkey_len;
+        dhkey_info.subjectPublicKey.data = dh_pubkey;
+        dhkey_info.nonce = request->nonce;
+        dhkey_info.dhKeyExpiration = 0;
+
+        retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info,
+                                                   &encoded_dhkey_info);
+        if (retval) {
+            pkiDebug("encode_krb5_kdc_dh_key_info failed\n");
+            goto cleanup;
+        }
 #ifdef DEBUG_ASN1
-	print_buffer_bin((unsigned char *)encoded_dhkey_info->data,
-			 encoded_dhkey_info->length,
-			 "/tmp/kdc_dh_key_info");
+        print_buffer_bin((unsigned char *)encoded_dhkey_info->data,
+                         encoded_dhkey_info->length,
+                         "/tmp/kdc_dh_key_info");
 #endif
 
-	switch ((int)padata->pa_type) {
-	    case KRB5_PADATA_PK_AS_REQ:
-		retval = cms_signeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_SERVER, 1,
-		    (unsigned char *)encoded_dhkey_info->data,
-		    encoded_dhkey_info->length,
-		    &rep->u.dh_Info.dhSignedData.data,
-		    &rep->u.dh_Info.dhSignedData.length);
-		if (retval) {
-		    pkiDebug("failed to create pkcs7 signed data\n");
-		    goto cleanup;
-		}
-		break;
-	    case KRB5_PADATA_PK_AS_REP_OLD:
-	    case KRB5_PADATA_PK_AS_REQ_OLD:
-		retval = cms_signeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9, 1,
-		    (unsigned char *)encoded_dhkey_info->data,
-		    encoded_dhkey_info->length,
-		    &rep9->u.dhSignedData.data,
-		    &rep9->u.dhSignedData.length);
-		if (retval) {
-		    pkiDebug("failed to create pkcs7 signed data\n");
-		    goto cleanup;
-		}
-		break;
-	}
+        switch ((int)padata->pa_type) {
+        case KRB5_PADATA_PK_AS_REQ:
+            retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                           reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_SERVER, 1,
+                                           (unsigned char *)encoded_dhkey_info->data,
+                                           encoded_dhkey_info->length,
+                                           &rep->u.dh_Info.dhSignedData.data,
+                                           &rep->u.dh_Info.dhSignedData.length);
+            if (retval) {
+                pkiDebug("failed to create pkcs7 signed data\n");
+                goto cleanup;
+            }
+            break;
+        case KRB5_PADATA_PK_AS_REP_OLD:
+        case KRB5_PADATA_PK_AS_REQ_OLD:
+            retval = cms_signeddata_create(context, plgctx->cryptoctx,
+                                           reqctx->cryptoctx, plgctx->idctx, CMS_SIGN_DRAFT9, 1,
+                                           (unsigned char *)encoded_dhkey_info->data,
+                                           encoded_dhkey_info->length,
+                                           &rep9->u.dhSignedData.data,
+                                           &rep9->u.dhSignedData.length);
+            if (retval) {
+                pkiDebug("failed to create pkcs7 signed data\n");
+                goto cleanup;
+            }
+            break;
+        }
     } else {
-	pkiDebug("received RSA key delivery AS REQ\n");
-
-	retval = krb5_c_make_random_key(context, enctype, encrypting_key);
-	if (retval) {
-	    pkiDebug("unable to make a session key\n");
-	    goto cleanup;
-	}
-
-	/* check if PA_TYPE of 132 is present which means the client is
-	 * requesting that a checksum is send back instead of the nonce
-	 */
-	for (i = 0; request->padata[i] != NULL; i++) {
-	    pkiDebug("%s: Checking pa_type 0x%08x\n",
-		     __FUNCTION__, request->padata[i]->pa_type);
-	    if (request->padata[i]->pa_type == 132)
-		fixed_keypack = 1;
-	}
-	pkiDebug("%s: return checksum instead of nonce = %d\n",
-		 __FUNCTION__, fixed_keypack);
-
-	/* if this is an RFC reply or draft9 client requested a checksum
-	 * in the reply instead of the nonce, create an RFC-style keypack
-	 */
-	if ((int)padata->pa_type == KRB5_PADATA_PK_AS_REQ || fixed_keypack) {
-	    init_krb5_reply_key_pack(&key_pack);
-	    if (key_pack == NULL) {
-		retval = ENOMEM;
-		goto cleanup;
-	    }
-	    /* retrieve checksums for a given enctype of the reply key */
-	    retval = krb5_c_keyed_checksum_types(context,
-		encrypting_key->enctype, &num_types, &cksum_types);
-	    if (retval)
-		goto cleanup;
-
-	    /* pick the first of acceptable enctypes for the checksum */
-	    retval = krb5_c_make_checksum(context, cksum_types[0],
-		    encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
-		    req_pkt, &key_pack->asChecksum);
-	    if (retval) {
-		pkiDebug("unable to calculate AS REQ checksum\n");
-		goto cleanup;
-	    }
+        pkiDebug("received RSA key delivery AS REQ\n");
+
+        retval = krb5_c_make_random_key(context, enctype, encrypting_key);
+        if (retval) {
+            pkiDebug("unable to make a session key\n");
+            goto cleanup;
+        }
+
+        /* check if PA_TYPE of 132 is present which means the client is
+         * requesting that a checksum is send back instead of the nonce
+         */
+        for (i = 0; request->padata[i] != NULL; i++) {
+            pkiDebug("%s: Checking pa_type 0x%08x\n",
+                     __FUNCTION__, request->padata[i]->pa_type);
+            if (request->padata[i]->pa_type == 132)
+                fixed_keypack = 1;
+        }
+        pkiDebug("%s: return checksum instead of nonce = %d\n",
+                 __FUNCTION__, fixed_keypack);
+
+        /* if this is an RFC reply or draft9 client requested a checksum
+         * in the reply instead of the nonce, create an RFC-style keypack
+         */
+        if ((int)padata->pa_type == KRB5_PADATA_PK_AS_REQ || fixed_keypack) {
+            init_krb5_reply_key_pack(&key_pack);
+            if (key_pack == NULL) {
+                retval = ENOMEM;
+                goto cleanup;
+            }
+            /* retrieve checksums for a given enctype of the reply key */
+            retval = krb5_c_keyed_checksum_types(context,
+                                                 encrypting_key->enctype, &num_types, &cksum_types);
+            if (retval)
+                goto cleanup;
+
+            /* pick the first of acceptable enctypes for the checksum */
+            retval = krb5_c_make_checksum(context, cksum_types[0],
+                                          encrypting_key, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM,
+                                          req_pkt, &key_pack->asChecksum);
+            if (retval) {
+                pkiDebug("unable to calculate AS REQ checksum\n");
+                goto cleanup;
+            }
 #ifdef DEBUG_CKSUM
-	    pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
-	    print_buffer(req_pkt->data, req_pkt->length);
-	    pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
-	    print_buffer(key_pack->asChecksum.contents,
-			 key_pack->asChecksum.length);
-	    pkiDebug("encrypting key (%d)\n", encrypting_key->length);
-	    print_buffer(encrypting_key->contents, encrypting_key->length);
+            pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length);
+            print_buffer(req_pkt->data, req_pkt->length);
+            pkiDebug("checksum size = %d\n", key_pack->asChecksum.length);
+            print_buffer(key_pack->asChecksum.contents,
+                         key_pack->asChecksum.length);
+            pkiDebug("encrypting key (%d)\n", encrypting_key->length);
+            print_buffer(encrypting_key->contents, encrypting_key->length);
 #endif
 
-	    krb5_copy_keyblock_contents(context, encrypting_key,
-					&key_pack->replyKey);
-
-	    retval = k5int_encode_krb5_reply_key_pack(key_pack,
-						      &encoded_key_pack);
-	    if (retval) {
-		pkiDebug("failed to encode reply_key_pack\n");
-		goto cleanup;
-	    }
-	}
-
-	switch ((int)padata->pa_type) {
-	    case KRB5_PADATA_PK_AS_REQ:
-		rep->choice = choice_pa_pk_as_rep_encKeyPack;
-		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
-		    (unsigned char *)encoded_key_pack->data,
-		    encoded_key_pack->length,
-		    &rep->u.encKeyPack.data, &rep->u.encKeyPack.length);
-		break;
-	    case KRB5_PADATA_PK_AS_REP_OLD:
-	    case KRB5_PADATA_PK_AS_REQ_OLD:
-		/* if the request is from the broken draft9 client that
-		 * expects back a nonce, create it now
-		 */
-		if (!fixed_keypack) {
-		    init_krb5_reply_key_pack_draft9(&key_pack9);
-		    if (key_pack9 == NULL) {
-			retval = ENOMEM;
-			goto cleanup;
-		    }
-		    key_pack9->nonce = reqctx->rcv_auth_pack9->pkAuthenticator.nonce;
-		    krb5_copy_keyblock_contents(context, encrypting_key,
-						&key_pack9->replyKey);
-
-		    retval = k5int_encode_krb5_reply_key_pack_draft9(key_pack9,
-							   &encoded_key_pack);
-		    if (retval) {
-			pkiDebug("failed to encode reply_key_pack\n");
-			goto cleanup;
-		    }
-		}
-
-		rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
-		retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
-		    reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
-		    (unsigned char *)encoded_key_pack->data,
-		    encoded_key_pack->length,
-		    &rep9->u.encKeyPack.data, &rep9->u.encKeyPack.length);
-		break;
-	}
-	if (retval) {
-	    pkiDebug("failed to create pkcs7 enveloped data: %s\n",
-		     error_message(retval));
-	    goto cleanup;
-	}
+            krb5_copy_keyblock_contents(context, encrypting_key,
+                                        &key_pack->replyKey);
+
+            retval = k5int_encode_krb5_reply_key_pack(key_pack,
+                                                      &encoded_key_pack);
+            if (retval) {
+                pkiDebug("failed to encode reply_key_pack\n");
+                goto cleanup;
+            }
+        }
+
+        switch ((int)padata->pa_type) {
+        case KRB5_PADATA_PK_AS_REQ:
+            rep->choice = choice_pa_pk_as_rep_encKeyPack;
+            retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
+                                              reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
+                                              (unsigned char *)encoded_key_pack->data,
+                                              encoded_key_pack->length,
+                                              &rep->u.encKeyPack.data, &rep->u.encKeyPack.length);
+            break;
+        case KRB5_PADATA_PK_AS_REP_OLD:
+        case KRB5_PADATA_PK_AS_REQ_OLD:
+            /* if the request is from the broken draft9 client that
+             * expects back a nonce, create it now
+             */
+            if (!fixed_keypack) {
+                init_krb5_reply_key_pack_draft9(&key_pack9);
+                if (key_pack9 == NULL) {
+                    retval = ENOMEM;
+                    goto cleanup;
+                }
+                key_pack9->nonce = reqctx->rcv_auth_pack9->pkAuthenticator.nonce;
+                krb5_copy_keyblock_contents(context, encrypting_key,
+                                            &key_pack9->replyKey);
+
+                retval = k5int_encode_krb5_reply_key_pack_draft9(key_pack9,
+                                                                 &encoded_key_pack);
+                if (retval) {
+                    pkiDebug("failed to encode reply_key_pack\n");
+                    goto cleanup;
+                }
+            }
+
+            rep9->choice = choice_pa_pk_as_rep_draft9_encKeyPack;
+            retval = cms_envelopeddata_create(context, plgctx->cryptoctx,
+                                              reqctx->cryptoctx, plgctx->idctx, padata->pa_type, 1,
+                                              (unsigned char *)encoded_key_pack->data,
+                                              encoded_key_pack->length,
+                                              &rep9->u.encKeyPack.data, &rep9->u.encKeyPack.length);
+            break;
+        }
+        if (retval) {
+            pkiDebug("failed to create pkcs7 enveloped data: %s\n",
+                     error_message(retval));
+            goto cleanup;
+        }
 #ifdef DEBUG_ASN1
-	print_buffer_bin((unsigned char *)encoded_key_pack->data,
-			 encoded_key_pack->length,
-			 "/tmp/kdc_key_pack");
-	switch ((int)padata->pa_type) {
-	    case KRB5_PADATA_PK_AS_REQ:
-		print_buffer_bin(rep->u.encKeyPack.data,
-				 rep->u.encKeyPack.length,
-				 "/tmp/kdc_enc_key_pack");
-		break;
-	    case KRB5_PADATA_PK_AS_REP_OLD:
-	    case KRB5_PADATA_PK_AS_REQ_OLD:
-		print_buffer_bin(rep9->u.encKeyPack.data,
-				 rep9->u.encKeyPack.length,
-				 "/tmp/kdc_enc_key_pack");
-		break;
-	}
+        print_buffer_bin((unsigned char *)encoded_key_pack->data,
+                         encoded_key_pack->length,
+                         "/tmp/kdc_key_pack");
+        switch ((int)padata->pa_type) {
+        case KRB5_PADATA_PK_AS_REQ:
+            print_buffer_bin(rep->u.encKeyPack.data,
+                             rep->u.encKeyPack.length,
+                             "/tmp/kdc_enc_key_pack");
+            break;
+        case KRB5_PADATA_PK_AS_REP_OLD:
+        case KRB5_PADATA_PK_AS_REQ_OLD:
+            print_buffer_bin(rep9->u.encKeyPack.data,
+                             rep9->u.encKeyPack.length,
+                             "/tmp/kdc_enc_key_pack");
+            break;
+        }
 #endif
     }
 
     switch ((int)padata->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data);
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    retval = k5int_encode_krb5_pa_pk_as_rep_draft9(rep9, &out_data);
-	    break;
+    case KRB5_PADATA_PK_AS_REQ:
+        retval = k5int_encode_krb5_pa_pk_as_rep(rep, &out_data);
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        retval = k5int_encode_krb5_pa_pk_as_rep_draft9(rep9, &out_data);
+        break;
     }
     if (retval) {
-	pkiDebug("failed to encode AS_REP\n");
-	goto cleanup;
+        pkiDebug("failed to encode AS_REP\n");
+        goto cleanup;
     }
 #ifdef DEBUG_ASN1
     if (out_data != NULL)
-	print_buffer_bin((unsigned char *)out_data->data, out_data->length,
-			 "/tmp/kdc_as_rep");
+        print_buffer_bin((unsigned char *)out_data->data, out_data->length,
+                         "/tmp/kdc_as_rep");
 #endif
 
     *send_pa = malloc(sizeof(krb5_pa_data));
     if (*send_pa == NULL) {
-	retval = ENOMEM;
-	free(out_data->data);
-	free(out_data);
-	out_data = NULL;
-	goto cleanup;
+        retval = ENOMEM;
+        free(out_data->data);
+        free(out_data);
+        out_data = NULL;
+        goto cleanup;
     }
     (*send_pa)->magic = KV5M_PA_DATA;
     switch ((int)padata->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
-	    break;
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	    (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
-	    break;
+    case KRB5_PADATA_PK_AS_REQ:
+        (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP;
+        break;
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+    case KRB5_PADATA_PK_AS_REP_OLD:
+        (*send_pa)->pa_type = KRB5_PADATA_PK_AS_REP_OLD;
+        break;
     }
     (*send_pa)->length = out_data->length;
     (*send_pa)->contents = (krb5_octet *) out_data->data;
 
 
-  cleanup:
+cleanup:
     pkinit_fini_kdc_req_context(context, reqctx);
     free(scratch.data);
     free(out_data);
     if (encoded_dhkey_info != NULL)
-	krb5_free_data(context, encoded_dhkey_info);
+        krb5_free_data(context, encoded_dhkey_info);
     if (encoded_key_pack != NULL)
-	krb5_free_data(context, encoded_key_pack);
+        krb5_free_data(context, encoded_key_pack);
     free(dh_pubkey);
     free(server_key);
     free(cksum_types);
 
     switch ((int)padata->pa_type) {
-	case KRB5_PADATA_PK_AS_REQ:
-	    free_krb5_pa_pk_as_req(&reqp);
-	    free_krb5_pa_pk_as_rep(&rep);
-	    free_krb5_reply_key_pack(&key_pack);
-	    break;
-	case KRB5_PADATA_PK_AS_REP_OLD:
-	case KRB5_PADATA_PK_AS_REQ_OLD:
-	    free_krb5_pa_pk_as_req_draft9(&reqp9);
-	    free_krb5_pa_pk_as_rep_draft9(&rep9);
-	    if (!fixed_keypack)
-		free_krb5_reply_key_pack_draft9(&key_pack9);
-	    else
-		free_krb5_reply_key_pack(&key_pack);
-	    break;
+    case KRB5_PADATA_PK_AS_REQ:
+        free_krb5_pa_pk_as_req(&reqp);
+        free_krb5_pa_pk_as_rep(&rep);
+        free_krb5_reply_key_pack(&key_pack);
+        break;
+    case KRB5_PADATA_PK_AS_REP_OLD:
+    case KRB5_PADATA_PK_AS_REQ_OLD:
+        free_krb5_pa_pk_as_req_draft9(&reqp9);
+        free_krb5_pa_pk_as_rep_draft9(&rep9);
+        if (!fixed_keypack)
+            free_krb5_reply_key_pack_draft9(&key_pack9);
+        else
+            free_krb5_reply_key_pack(&key_pack);
+        break;
     }
 
     if (retval)
-	pkiDebug("pkinit_verify_padata failure");
+        pkiDebug("pkinit_verify_padata failure");
 
     return retval;
 }
@@ -1061,80 +1064,80 @@ pkinit_init_kdc_profile(krb5_context context, pkinit_kdc_context plgctx)
 
     pkiDebug("%s: entered for realm %s\n", __FUNCTION__, plgctx->realmname);
     retval = pkinit_kdcdefault_string(context, plgctx->realmname,
-				      KRB5_CONF_PKINIT_IDENTITY,
-				      &plgctx->idopts->identity);
+                                      KRB5_CONF_PKINIT_IDENTITY,
+                                      &plgctx->idopts->identity);
     if (retval != 0 || NULL == plgctx->idopts->identity) {
-	retval = EINVAL;
-	krb5_set_error_message(context, retval,
-			       "No pkinit_identity supplied for realm %s",
-			       plgctx->realmname);
-	goto errout;
+        retval = EINVAL;
+        krb5_set_error_message(context, retval,
+                               "No pkinit_identity supplied for realm %s",
+                               plgctx->realmname);
+        goto errout;
     }
 
     retval = pkinit_kdcdefault_strings(context, plgctx->realmname,
-				       KRB5_CONF_PKINIT_ANCHORS,
-				       &plgctx->idopts->anchors);
+                                       KRB5_CONF_PKINIT_ANCHORS,
+                                       &plgctx->idopts->anchors);
     if (retval != 0 || NULL == plgctx->idopts->anchors) {
-	retval = EINVAL;
-	krb5_set_error_message(context, retval,
-			       "No pkinit_anchors supplied for realm %s",
-			       plgctx->realmname);
-	goto errout;
+        retval = EINVAL;
+        krb5_set_error_message(context, retval,
+                               "No pkinit_anchors supplied for realm %s",
+                               plgctx->realmname);
+        goto errout;
     }
 
     pkinit_kdcdefault_strings(context, plgctx->realmname,
-			      KRB5_CONF_PKINIT_POOL,
-			      &plgctx->idopts->intermediates);
+                              KRB5_CONF_PKINIT_POOL,
+                              &plgctx->idopts->intermediates);
 
     pkinit_kdcdefault_strings(context, plgctx->realmname,
-			      KRB5_CONF_PKINIT_REVOKE,
-			      &plgctx->idopts->crls);
+                              KRB5_CONF_PKINIT_REVOKE,
+                              &plgctx->idopts->crls);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-			     KRB5_CONF_PKINIT_KDC_OCSP,
-			     &plgctx->idopts->ocsp);
+                             KRB5_CONF_PKINIT_KDC_OCSP,
+                             &plgctx->idopts->ocsp);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-			     KRB5_CONF_PKINIT_MAPPING_FILE,
-			     &plgctx->idopts->dn_mapping_file);
+                             KRB5_CONF_PKINIT_MAPPING_FILE,
+                             &plgctx->idopts->dn_mapping_file);
 
     pkinit_kdcdefault_integer(context, plgctx->realmname,
-			      KRB5_CONF_PKINIT_DH_MIN_BITS,
-			      PKINIT_DEFAULT_DH_MIN_BITS,
-			      &plgctx->opts->dh_min_bits);
+                              KRB5_CONF_PKINIT_DH_MIN_BITS,
+                              PKINIT_DEFAULT_DH_MIN_BITS,
+                              &plgctx->opts->dh_min_bits);
     if (plgctx->opts->dh_min_bits < PKINIT_DEFAULT_DH_MIN_BITS) {
-	pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
-		 "using default value (%d) instead\n", __FUNCTION__,
-		 plgctx->opts->dh_min_bits, PKINIT_DEFAULT_DH_MIN_BITS);
-	plgctx->opts->dh_min_bits = PKINIT_DEFAULT_DH_MIN_BITS;
+        pkiDebug("%s: invalid value (%d) for pkinit_dh_min_bits, "
+                 "using default value (%d) instead\n", __FUNCTION__,
+                 plgctx->opts->dh_min_bits, PKINIT_DEFAULT_DH_MIN_BITS);
+        plgctx->opts->dh_min_bits = PKINIT_DEFAULT_DH_MIN_BITS;
     }
 
     pkinit_kdcdefault_boolean(context, plgctx->realmname,
-			      KRB5_CONF_PKINIT_ALLOW_UPN,
-			      0, &plgctx->opts->allow_upn);
+                              KRB5_CONF_PKINIT_ALLOW_UPN,
+                              0, &plgctx->opts->allow_upn);
 
     pkinit_kdcdefault_boolean(context, plgctx->realmname,
-			      KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
-			      0, &plgctx->opts->require_crl_checking);
+                              KRB5_CONF_PKINIT_REQUIRE_CRL_CHECKING,
+                              0, &plgctx->opts->require_crl_checking);
 
     pkinit_kdcdefault_string(context, plgctx->realmname,
-			     KRB5_CONF_PKINIT_EKU_CHECKING,
-			     &eku_string);
+                             KRB5_CONF_PKINIT_EKU_CHECKING,
+                             &eku_string);
     if (eku_string != NULL) {
-	if (strcasecmp(eku_string, "kpClientAuth") == 0) {
-	    plgctx->opts->require_eku = 1;
-	    plgctx->opts->accept_secondary_eku = 0;
-	} else if (strcasecmp(eku_string, "scLogin") == 0) {
-	    plgctx->opts->require_eku = 1;
-	    plgctx->opts->accept_secondary_eku = 1;
-	} else if (strcasecmp(eku_string, "none") == 0) {
-	    plgctx->opts->require_eku = 0;
-	    plgctx->opts->accept_secondary_eku = 0;
-	} else {
-	    pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
-		     __FUNCTION__, eku_string);
-	}
-	free(eku_string);
+        if (strcasecmp(eku_string, "kpClientAuth") == 0) {
+            plgctx->opts->require_eku = 1;
+            plgctx->opts->accept_secondary_eku = 0;
+        } else if (strcasecmp(eku_string, "scLogin") == 0) {
+            plgctx->opts->require_eku = 1;
+            plgctx->opts->accept_secondary_eku = 1;
+        } else if (strcasecmp(eku_string, "none") == 0) {
+            plgctx->opts->require_eku = 0;
+            plgctx->opts->accept_secondary_eku = 0;
+        } else {
+            pkiDebug("%s: Invalid value for pkinit_eku_checking: '%s'\n",
+                     __FUNCTION__, eku_string);
+        }
+        free(eku_string);
     }
 
 
@@ -1146,32 +1149,32 @@ errout:
 
 static pkinit_kdc_context
 pkinit_find_realm_context(krb5_context context, void *pa_plugin_context,
-			  krb5_principal princ)
+                          krb5_principal princ)
 {
     int i;
     pkinit_kdc_context *realm_contexts = pa_plugin_context;
 
     if (pa_plugin_context == NULL)
-	return NULL;
+        return NULL;
 
     for (i = 0; realm_contexts[i] != NULL; i++) {
-	pkinit_kdc_context p = realm_contexts[i];
-
-	if ((p->realmname_len == princ->realm.length) &&
-	    (strncmp(p->realmname, princ->realm.data, p->realmname_len) == 0)) {
-	    pkiDebug("%s: returning context at %p for realm '%s'\n",
-		     __FUNCTION__, p, p->realmname);
-	    return p;
-	}
+        pkinit_kdc_context p = realm_contexts[i];
+
+        if ((p->realmname_len == princ->realm.length) &&
+            (strncmp(p->realmname, princ->realm.data, p->realmname_len) == 0)) {
+            pkiDebug("%s: returning context at %p for realm '%s'\n",
+                     __FUNCTION__, p, p->realmname);
+            return p;
+        }
     }
     pkiDebug("%s: unable to find realm context for realm '%.*s'\n",
-	     __FUNCTION__, princ->realm.length, princ->realm.data);
+             __FUNCTION__, princ->realm.length, princ->realm.data);
     return NULL;
 }
 
 static int
 pkinit_server_plugin_init_realm(krb5_context context, const char *realmname,
-				pkinit_kdc_context *pplgctx)
+                                pkinit_kdc_context *pplgctx)
 {
     krb5_error_code retval = ENOMEM;
     pkinit_kdc_context plgctx = NULL;
@@ -1180,58 +1183,58 @@ pkinit_server_plugin_init_realm(krb5_context context, const char *realmname,
 
     plgctx = calloc(1, sizeof(*plgctx));
     if (plgctx == NULL)
-	goto errout;
+        goto errout;
 
     pkiDebug("%s: initializing context at %p for realm '%s'\n",
-	     __FUNCTION__, plgctx, realmname);
+             __FUNCTION__, plgctx, realmname);
     memset(plgctx, 0, sizeof(*plgctx));
     plgctx->magic = PKINIT_CTX_MAGIC;
 
     plgctx->realmname = strdup(realmname);
     if (plgctx->realmname == NULL)
-	goto errout;
+        goto errout;
     plgctx->realmname_len = strlen(plgctx->realmname);
 
     retval = pkinit_init_plg_crypto(&plgctx->cryptoctx);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_plg_opts(&plgctx->opts);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_identity_crypto(&plgctx->idctx);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_identity_opts(&plgctx->idopts);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_init_kdc_profile(context, plgctx);
     if (retval)
-	goto errout;
+        goto errout;
 
     retval = pkinit_identity_initialize(context, plgctx->cryptoctx, NULL,
-					plgctx->idopts, plgctx->idctx, 0, NULL);
+                                        plgctx->idopts, plgctx->idctx, 0, NULL);
     if (retval)
-	goto errout;
+        goto errout;
 
     pkiDebug("%s: returning context at %p for realm '%s'\n",
-	     __FUNCTION__, plgctx, realmname);
+             __FUNCTION__, plgctx, realmname);
     *pplgctx = plgctx;
     retval = 0;
 
 errout:
     if (retval)
-	pkinit_server_plugin_fini_realm(context, plgctx);
+        pkinit_server_plugin_fini_realm(context, plgctx);
 
     return retval;
 }
 
 static int
 pkinit_server_plugin_init(krb5_context context, void **blob,
-			  const char **realmnames)
+                          const char **realmnames)
 {
     krb5_error_code retval = ENOMEM;
     pkinit_kdc_context plgctx, *realm_contexts = NULL;
@@ -1240,7 +1243,7 @@ pkinit_server_plugin_init(krb5_context context, void **blob,
 
     retval = pkinit_accessor_init();
     if (retval)
-	return retval;
+        return retval;
 
     /* Determine how many realms we may need to support */
     for (i = 0; realmnames[i] != NULL; i++) {};
@@ -1248,20 +1251,20 @@ pkinit_server_plugin_init(krb5_context context, void **blob,
 
     realm_contexts = calloc(numrealms+1, sizeof(pkinit_kdc_context));
     if (realm_contexts == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     for (i = 0, j = 0; i < numrealms; i++) {
-	pkiDebug("%s: processing realm '%s'\n", __FUNCTION__, realmnames[i]);
-	retval = pkinit_server_plugin_init_realm(context, realmnames[i], &plgctx);
-	if (retval == 0 && plgctx != NULL)
-	    realm_contexts[j++] = plgctx;
+        pkiDebug("%s: processing realm '%s'\n", __FUNCTION__, realmnames[i]);
+        retval = pkinit_server_plugin_init_realm(context, realmnames[i], &plgctx);
+        if (retval == 0 && plgctx != NULL)
+            realm_contexts[j++] = plgctx;
     }
 
     if (j == 0) {
-	retval = EINVAL;
-	krb5_set_error_message(context, retval, "No realms configured "
-			       "correctly for pkinit support");
-	goto errout;
+        retval = EINVAL;
+        krb5_set_error_message(context, retval, "No realms configured "
+                               "correctly for pkinit support");
+        goto errout;
     }
 
     *blob = realm_contexts;
@@ -1270,7 +1273,7 @@ pkinit_server_plugin_init(krb5_context context, void **blob,
 
 errout:
     if (retval)
-	pkinit_server_plugin_fini(context, realm_contexts);
+        pkinit_server_plugin_fini(context, realm_contexts);
 
     return retval;
 }
@@ -1279,7 +1282,7 @@ static void
 pkinit_server_plugin_fini_realm(krb5_context context, pkinit_kdc_context plgctx)
 {
     if (plgctx == NULL)
-	return;
+        return;
 
     pkinit_fini_kdc_profile(context, plgctx);
     pkinit_fini_identity_opts(plgctx->idopts);
@@ -1297,10 +1300,10 @@ pkinit_server_plugin_fini(krb5_context context, void *blob)
     int i;
 
     if (realm_contexts == NULL)
-	return;
+        return;
 
     for (i = 0; realm_contexts[i] != NULL; i++) {
-	pkinit_server_plugin_fini_realm(context, realm_contexts[i]);
+        pkinit_server_plugin_fini_realm(context, realm_contexts[i]);
     }
     pkiDebug("%s: freeing   context at %p\n", __FUNCTION__, realm_contexts);
     free(realm_contexts);
@@ -1314,13 +1317,13 @@ pkinit_init_kdc_req_context(krb5_context context, void **ctx)
 
     reqctx = malloc(sizeof(*reqctx));
     if (reqctx == NULL)
-	return retval;
+        return retval;
     memset(reqctx, 0, sizeof(*reqctx));
     reqctx->magic = PKINIT_CTX_MAGIC;
 
     retval = pkinit_init_req_crypto(&reqctx->cryptoctx);
     if (retval)
-	goto cleanup;
+        goto cleanup;
     reqctx->rcv_auth_pack = NULL;
     reqctx->rcv_auth_pack9 = NULL;
 
@@ -1329,7 +1332,7 @@ pkinit_init_kdc_req_context(krb5_context context, void **ctx)
     retval = 0;
 cleanup:
     if (retval)
-	pkinit_fini_kdc_req_context(context, reqctx);
+        pkinit_fini_kdc_req_context(context, reqctx);
 
     return retval;
 }
@@ -1340,16 +1343,16 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
     pkinit_kdc_req_context reqctx = (pkinit_kdc_req_context)ctx;
 
     if (reqctx == NULL || reqctx->magic != PKINIT_CTX_MAGIC) {
-	pkiDebug("pkinit_fini_kdc_req_context: got bad reqctx (%p)!\n", reqctx);
-	return;
+        pkiDebug("pkinit_fini_kdc_req_context: got bad reqctx (%p)!\n", reqctx);
+        return;
     }
     pkiDebug("%s: freeing   reqctx at %p\n", __FUNCTION__, reqctx);
 
     pkinit_fini_req_crypto(reqctx->cryptoctx);
     if (reqctx->rcv_auth_pack != NULL)
-	free_krb5_auth_pack(&reqctx->rcv_auth_pack);
+        free_krb5_auth_pack(&reqctx->rcv_auth_pack);
     if (reqctx->rcv_auth_pack9 != NULL)
-	free_krb5_auth_pack_draft9(context, &reqctx->rcv_auth_pack9);
+        free_krb5_auth_pack_draft9(context, &reqctx->rcv_auth_pack9);
 
     free(reqctx);
 }
@@ -1359,13 +1362,13 @@ pkinit_fini_kdc_req_context(krb5_context context, void *ctx)
 
 struct krb5plugin_preauth_server_ftable_v1
 PLUGIN_SYMBOL_NAME(krb5_pkinit, preauthentication_server_1) = {
-    "pkinit",			/* name */
-    supported_server_pa_types,	/* pa_type_list */
-    pkinit_server_plugin_init,	/* (*init_proc) */
-    pkinit_server_plugin_fini,	/* (*fini_proc) */
-    pkinit_server_get_flags,	/* (*flags_proc) */
-    pkinit_server_get_edata,	/* (*edata_proc) */
+    "pkinit",                   /* name */
+    supported_server_pa_types,  /* pa_type_list */
+    pkinit_server_plugin_init,  /* (*init_proc) */
+    pkinit_server_plugin_fini,  /* (*fini_proc) */
+    pkinit_server_get_flags,    /* (*flags_proc) */
+    pkinit_server_get_edata,    /* (*edata_proc) */
     pkinit_server_verify_padata,/* (*verify_proc) */
     pkinit_server_return_padata,/* (*return_proc) */
-    NULL,			/* (*freepa_reqcontext_proc) */
+    NULL,                       /* (*freepa_reqcontext_proc) */
 };
diff --git a/src/plugins/preauth/wpse/Makefile.in b/src/plugins/preauth/wpse/Makefile.in
index d69a110..8a9c9ac 100644
--- a/src/plugins/preauth/wpse/Makefile.in
+++ b/src/plugins/preauth/wpse/Makefile.in
@@ -1,9 +1,7 @@
-thisconfigdir=../../..
-myfulldir=plugins/preauth/wpse
 mydir=plugins/preauth/wpse
 BUILDTOP=$(REL)..$(S)..$(S)..
 KRB5_RUN_ENV = @KRB5_RUN_ENV@
-KRB5_CONFIG_SETUP = KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;
+KRB5_CONFIG_SETUP = KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; export KRB5_CONFIG ;
 PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 MODULE_INSTALL_DIR = $(KRB5_PA_MODULE_DIR)
diff --git a/src/plugins/preauth/wpse/deps b/src/plugins/preauth/wpse/deps
index e84ae7a..64f5f2a 100644
--- a/src/plugins/preauth/wpse/deps
+++ b/src/plugins/preauth/wpse/deps
@@ -3,5 +3,5 @@
 #
 wpse_main.so wpse_main.po $(OUTPRE)wpse_main.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5/preauth_plugin.h \
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5/preauth_plugin.h \
   wpse_main.c
diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c
index 655f2b9..5576a08 100644
--- a/src/plugins/preauth/wpse/wpse_main.c
+++ b/src/plugins/preauth/wpse/wpse_main.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2006 Red Hat, Inc.
  * All rights reserved.
@@ -64,7 +65,7 @@ client_init(krb5_context kcontext, void **ctx)
 
     pctx = malloc(sizeof(int));
     if (pctx == NULL)
-	return ENOMEM;
+        return ENOMEM;
     *pctx = 0;
     *ctx = pctx;
     return 0;
@@ -86,22 +87,22 @@ client_fini(krb5_context kcontext, void *ctx)
 
 static krb5_error_code
 client_process(krb5_context kcontext,
-	       void *plugin_context,
-	       void *request_context,
-	       krb5_get_init_creds_opt *opt,
-	       preauth_get_client_data_proc client_get_data_proc,
-	       struct _krb5_preauth_client_rock *rock,
-	       krb5_kdc_req *request,
-	       krb5_data *encoded_request_body,
-	       krb5_data *encoded_previous_request,
-	       krb5_pa_data *pa_data,
-	       krb5_prompter_fct prompter,
-	       void *prompter_data,
-	       preauth_get_as_key_proc gak_fct,
-	       void *gak_data,
-	       krb5_data *salt, krb5_data *s2kparams,
-	       krb5_keyblock *as_key,
-	       krb5_pa_data ***out_pa_data)
+               void *plugin_context,
+               void *request_context,
+               krb5_get_init_creds_opt *opt,
+               preauth_get_client_data_proc client_get_data_proc,
+               struct _krb5_preauth_client_rock *rock,
+               krb5_kdc_req *request,
+               krb5_data *encoded_request_body,
+               krb5_data *encoded_previous_request,
+               krb5_pa_data *pa_data,
+               krb5_prompter_fct prompter,
+               void *prompter_data,
+               preauth_get_as_key_proc gak_fct,
+               void *gak_data,
+               krb5_data *salt, krb5_data *s2kparams,
+               krb5_keyblock *as_key,
+               krb5_pa_data ***out_pa_data)
 {
     krb5_pa_data **send_pa;
     krb5_int32 nnonce, enctype;
@@ -111,58 +112,58 @@ client_process(krb5_context kcontext,
 
 #ifdef DEBUG
     fprintf(stderr, "%d bytes of preauthentication data (type %d)\n",
-	    pa_data->length, pa_data->pa_type);
+            pa_data->length, pa_data->pa_type);
 #endif
 
     pctx = plugin_context;
     if (pctx) {
-	(*pctx)++;
+        (*pctx)++;
     }
 
     if (pa_data->length == 0) {
-	/* Create preauth data. */
-	send_pa = malloc(2 * sizeof(krb5_pa_data *));
-	if (send_pa == NULL)
-	    return ENOMEM;
-	send_pa[1] = NULL;  /* Terminate list */
-	send_pa[0] = malloc(sizeof(krb5_pa_data));
-	if (send_pa[0] == NULL) {
-	    free(send_pa);
-	    return ENOMEM;
-	}
-	send_pa[0]->pa_type = KRB5_PADATA_WPSE_REQ;
-	send_pa[0]->length = 4;
-	send_pa[0]->contents = malloc(4);
-	if (send_pa[0]->contents == NULL) {
-	    free(send_pa[0]);
-	    free(send_pa);
-	    return ENOMEM;
-	}
-	/* Store the preauth data. */
-	nnonce = htonl(request->nonce);
-	memcpy(send_pa[0]->contents, &nnonce, 4);
-	*out_pa_data = send_pa;
+        /* Create preauth data. */
+        send_pa = malloc(2 * sizeof(krb5_pa_data *));
+        if (send_pa == NULL)
+            return ENOMEM;
+        send_pa[1] = NULL;  /* Terminate list */
+        send_pa[0] = malloc(sizeof(krb5_pa_data));
+        if (send_pa[0] == NULL) {
+            free(send_pa);
+            return ENOMEM;
+        }
+        send_pa[0]->pa_type = KRB5_PADATA_WPSE_REQ;
+        send_pa[0]->length = 4;
+        send_pa[0]->contents = malloc(4);
+        if (send_pa[0]->contents == NULL) {
+            free(send_pa[0]);
+            free(send_pa);
+            return ENOMEM;
+        }
+        /* Store the preauth data. */
+        nnonce = htonl(request->nonce);
+        memcpy(send_pa[0]->contents, &nnonce, 4);
+        *out_pa_data = send_pa;
     } else {
-	/* A reply from the KDC.  Conventionally this would be
-	 * indicated by a different preauthentication type, but this
-	 * mechanism/implementation doesn't do that. */
-	if (pa_data->length > 4) {
-	    memcpy(&enctype, pa_data->contents, 4);
-	    kb = NULL;
-	    status = krb5_init_keyblock(kcontext, ntohl(enctype),
-					pa_data->length - 4, &kb);
-	    if (status != 0)
-		return status;
-	    memcpy(kb->contents, pa_data->contents + 4, pa_data->length - 4);
+        /* A reply from the KDC.  Conventionally this would be
+         * indicated by a different preauthentication type, but this
+         * mechanism/implementation doesn't do that. */
+        if (pa_data->length > 4) {
+            memcpy(&enctype, pa_data->contents, 4);
+            kb = NULL;
+            status = krb5_init_keyblock(kcontext, ntohl(enctype),
+                                        pa_data->length - 4, &kb);
+            if (status != 0)
+                return status;
+            memcpy(kb->contents, pa_data->contents + 4, pa_data->length - 4);
 #ifdef DEBUG
-	    fprintf(stderr, "Recovered key type=%d, length=%d.\n",
-		    kb->enctype, kb->length);
+            fprintf(stderr, "Recovered key type=%d, length=%d.\n",
+                    kb->enctype, kb->length);
 #endif
-	    status = krb5_copy_keyblock_contents(kcontext, kb, as_key);
-	    krb5_free_keyblock(kcontext, kb);
-	    return status;
-	}
-	return KRB5KRB_ERR_GENERIC;
+            status = krb5_copy_keyblock_contents(kcontext, kb, as_key);
+            krb5_free_keyblock(kcontext, kb);
+            return status;
+        }
+        return KRB5KRB_ERR_GENERIC;
     }
     return 0;
 }
@@ -185,7 +186,7 @@ client_req_init(krb5_context kcontext, void *plugin_context, void **req_context_
      * do per-request cleanup. */
     ctx = (wpse_req_ctx *) malloc(sizeof(*ctx));
     if (ctx == NULL)
-	return;
+        return;
     ctx->magic = WPSE_MAGIC;
     ctx->value = 0xc0dec0de;
 
@@ -199,31 +200,31 @@ client_req_cleanup(krb5_context kcontext, void *plugin_context, void *req_contex
 
     if (ctx) {
 #ifdef DEBUG
-	fprintf(stderr, "client_req_cleanup: req_ctx at %p has magic %x and value %x\n",
-		ctx, ctx->magic, ctx->value);
+        fprintf(stderr, "client_req_cleanup: req_ctx at %p has magic %x and value %x\n",
+                ctx, ctx->magic, ctx->value);
 #endif
-	if (ctx->magic != WPSE_MAGIC) {
+        if (ctx->magic != WPSE_MAGIC) {
 #ifdef DEBUG
-	    fprintf(stderr, "client_req_cleanup: req_context at %p has bad magic value %x\n",
-		    ctx, ctx->magic);
+            fprintf(stderr, "client_req_cleanup: req_context at %p has bad magic value %x\n",
+                    ctx, ctx->magic);
 #endif
-	    return;
-	}
-	free(ctx);
+            return;
+        }
+        free(ctx);
     }
     return;
 }
 
 static krb5_error_code
 client_gic_opt(krb5_context kcontext,
-	       void *plugin_context,
-	       krb5_get_init_creds_opt *opt,
-	       const char *attr,
-	       const char *value)
+               void *plugin_context,
+               krb5_get_init_creds_opt *opt,
+               const char *attr,
+               const char *value)
 {
 #ifdef DEBUG
     fprintf(stderr, "(wpse) client_gic_opt: received '%s' = '%s'\n",
-	    attr, value);
+            attr, value);
 #endif
     return 0;
 }
@@ -232,11 +233,11 @@ client_gic_opt(krb5_context kcontext,
 /* Free state. */
 static krb5_error_code
 server_free_pa_request_context(krb5_context kcontext, void *plugin_context,
-			       void **request_context)
+                               void **request_context)
 {
     if (*request_context != NULL) {
-	free(*request_context);
-	*request_context = NULL;
+        free(*request_context);
+        *request_context = NULL;
     }
     return 0;
 }
@@ -245,12 +246,12 @@ server_free_pa_request_context(krb5_context kcontext, void *plugin_context,
  * client) which matches type data->pa_type. */
 static krb5_error_code
 server_get_edata(krb5_context kcontext,
-		 krb5_kdc_req *request,
-		 struct _krb5_db_entry_new *client,
-		 struct _krb5_db_entry_new *server,
-		 preauth_get_entry_data_proc server_get_entry_data,
-		 void *pa_module_context,
-		 krb5_pa_data *data)
+                 krb5_kdc_req *request,
+                 struct _krb5_db_entry_new *client,
+                 struct _krb5_db_entry_new *server,
+                 preauth_get_entry_data_proc server_get_entry_data,
+                 void *pa_module_context,
+                 krb5_pa_data *data)
 {
     /* Return zero bytes of data. */
     data->length = 0;
@@ -261,16 +262,16 @@ server_get_edata(krb5_context kcontext,
 /* Verify a request from a client. */
 static krb5_error_code
 server_verify(krb5_context kcontext,
-	      struct _krb5_db_entry_new *client,
-	      krb5_data *req_pkt,
-	      krb5_kdc_req *request,
-	      krb5_enc_tkt_part *enc_tkt_reply,
-	      krb5_pa_data *data,
-	      preauth_get_entry_data_proc server_get_entry_data,
-	      void *pa_module_context,
-	      void **pa_request_context,
-	      krb5_data **e_data,
-	      krb5_authdata ***authz_data)
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_enc_tkt_part *enc_tkt_reply,
+              krb5_pa_data *data,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context,
+              krb5_data **e_data,
+              krb5_authdata ***authz_data)
 {
     krb5_int32 nnonce;
     krb5_data *test_edata;
@@ -281,18 +282,18 @@ server_verify(krb5_context kcontext,
 #endif
     /* Verify the preauth data. */
     if (data->length != 4)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     memcpy(&nnonce, data->contents, 4);
     nnonce = ntohl(nnonce);
     if (memcmp(&nnonce, &request->nonce, 4) != 0)
-	return KRB5KDC_ERR_PREAUTH_FAILED;
+        return KRB5KDC_ERR_PREAUTH_FAILED;
     /* Note that preauthentication succeeded. */
     enc_tkt_reply->flags |= TKT_FLG_PRE_AUTH;
     enc_tkt_reply->flags |= TKT_FLG_HW_AUTH;
     /* Allocate a context. Useful for verifying that we do in fact do
      * per-request cleanup. */
     if (*pa_request_context == NULL)
-	*pa_request_context = malloc(4);
+        *pa_request_context = malloc(4);
 
     /*
      * Return some junk authorization data just to exercise the
@@ -334,8 +335,8 @@ server_verify(krb5_context kcontext,
         my_authz_data[0]->length = AD_ALLOC_SIZE;
         memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header));
         snprintf(my_authz_data[0]->contents + sizeof(ad_header),
-		 AD_ALLOC_SIZE - sizeof(ad_header),
-		 "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
+                 AD_ALLOC_SIZE - sizeof(ad_header),
+                 "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE);
         *authz_data = my_authz_data;
 #ifdef DEBUG
         fprintf(stderr, "Returning %d bytes of authorization data\n",
@@ -346,14 +347,14 @@ server_verify(krb5_context kcontext,
     /* Return edata to exercise code that handles edata... */
     test_edata = malloc(sizeof(*test_edata));
     if (test_edata != NULL) {
-	test_edata->data = malloc(20);
-	if (test_edata->data == NULL) {
-	    free(test_edata);
-	} else {
-	    test_edata->length = 20;
-	    memset(test_edata->data, '#', 20); /* fill it with junk */
-	    *e_data = test_edata;
-	}
+        test_edata->data = malloc(20);
+        if (test_edata->data == NULL) {
+            free(test_edata);
+        } else {
+            test_edata->length = 20;
+            memset(test_edata->data, '#', 20); /* fill it with junk */
+            *e_data = test_edata;
+        }
     }
     return 0;
 }
@@ -361,17 +362,17 @@ server_verify(krb5_context kcontext,
 /* Create the response for a client. */
 static krb5_error_code
 server_return(krb5_context kcontext,
-	      krb5_pa_data *padata,
-	      struct _krb5_db_entry_new *client,
-	      krb5_data *req_pkt,
-	      krb5_kdc_req *request,
-	      krb5_kdc_rep *reply,
-	      struct _krb5_key_data *client_key,
-	      krb5_keyblock *encrypting_key,
-	      krb5_pa_data **send_pa,
-	      preauth_get_entry_data_proc server_get_entry_data,
-	      void *pa_module_context,
-	      void **pa_request_context)
+              krb5_pa_data *padata,
+              struct _krb5_db_entry_new *client,
+              krb5_data *req_pkt,
+              krb5_kdc_req *request,
+              krb5_kdc_rep *reply,
+              struct _krb5_key_data *client_key,
+              krb5_keyblock *encrypting_key,
+              krb5_pa_data **send_pa,
+              preauth_get_entry_data_proc server_get_entry_data,
+              void *pa_module_context,
+              void **pa_request_context)
 {
     /* This module does a couple of dumb things.  It tags its reply with
      * the same type as the initial challenge (expecting the client to sort
@@ -385,39 +386,39 @@ server_return(krb5_context kcontext,
 
     /* We'll want a key with the first supported enctype. */
     for (i = 0; i < request->nktypes; i++) {
-	kb = NULL;
-	if (krb5_init_keyblock(kcontext, request->ktype[i], 0, &kb) == 0) {
-	    break;
-	}
+        kb = NULL;
+        if (krb5_init_keyblock(kcontext, request->ktype[i], 0, &kb) == 0) {
+            break;
+        }
     }
     if (i >= request->nktypes) {
-	/* No matching cipher type found. */
-	return 0;
+        /* No matching cipher type found. */
+        return 0;
     }
 
     /* Randomize a key and save it for the client. */
     if (krb5_c_make_random_key(kcontext, request->ktype[i], kb) != 0) {
-	krb5_free_keyblock(kcontext, kb);
-	return 0;
+        krb5_free_keyblock(kcontext, kb);
+        return 0;
     }
 #ifdef DEBUG
     fprintf(stderr, "Generated random key, type=%d, length=%d.\n",
-	    kb->enctype, kb->length);
+            kb->enctype, kb->length);
 #endif
 
     *send_pa = malloc(sizeof(krb5_pa_data));
     if (*send_pa == NULL) {
-	krb5_free_keyblock(kcontext, kb);
-	return ENOMEM;
+        krb5_free_keyblock(kcontext, kb);
+        return ENOMEM;
     }
     (*send_pa)->pa_type = KRB5_PADATA_WPSE_REQ;
     (*send_pa)->length = 4 + kb->length;
     (*send_pa)->contents = malloc(4 + kb->length);
     if ((*send_pa)->contents == NULL) {
-	free(*send_pa);
-	*send_pa = NULL;
-	krb5_free_keyblock(kcontext, kb);
-	return ENOMEM;
+        free(*send_pa);
+        *send_pa = NULL;
+        krb5_free_keyblock(kcontext, kb);
+        return ENOMEM;
     }
 
     /* Store the preauth data. */
@@ -444,17 +445,17 @@ static krb5_preauthtype supported_client_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
 static krb5_preauthtype supported_server_pa_types[] = {KRB5_PADATA_WPSE_REQ, 0};
 
 struct krb5plugin_preauth_client_ftable_v1 preauthentication_client_1 = {
-    "wpse",				    /* name */
-    &supported_client_pa_types[0],	    /* pa_type_list */
-    NULL,				    /* enctype_list */
-    client_init,			    /* plugin init function */
-    client_fini,			    /* plugin fini function */
-    client_get_flags,			    /* get flags function */
-    client_req_init,			    /* request init function */
-    client_req_cleanup,			    /* request fini function */
-    client_process,			    /* process function */
-    NULL,				    /* try_again function */
-    client_gic_opt			    /* get init creds opts function */
+    "wpse",                                 /* name */
+    &supported_client_pa_types[0],          /* pa_type_list */
+    NULL,                                   /* enctype_list */
+    client_init,                            /* plugin init function */
+    client_fini,                            /* plugin fini function */
+    client_get_flags,                       /* get flags function */
+    client_req_init,                        /* request init function */
+    client_req_cleanup,                     /* request fini function */
+    client_process,                         /* process function */
+    NULL,                                   /* try_again function */
+    client_gic_opt                          /* get init creds opts function */
 };
 
 struct krb5plugin_preauth_server_ftable_v1 preauthentication_server_1 = {
diff --git a/src/slave/Makefile.in b/src/slave/Makefile.in
index bddbf65..20bef7c 100644
--- a/src/slave/Makefile.in
+++ b/src/slave/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=..
-myfulldir=slave
 mydir=slave
 BUILDTOP=$(REL)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/slave/deps b/src/slave/deps
index 4c93fc2..78ace8b 100644
--- a/src/slave/deps
+++ b/src/slave/deps
@@ -3,59 +3,59 @@
 #
 $(OUTPRE)kprop.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kprop.c kprop.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kprop.c kprop.h
 $(OUTPRE)kpropd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kprop.h kpropd.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kprop.h kpropd.c
 $(OUTPRE)kpropd_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/iprop.h \
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
   kpropd_rpc.c
 $(OUTPRE)kproplog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \
   $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \
   $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \
   $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \
-  $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \
-  $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \
-  $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \
-  $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \
-  $(SRCTOP)/include/iprop.h $(SRCTOP)/include/iprop_hdr.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-err.h \
-  $(SRCTOP)/include/k5-gmt_mktime.h $(SRCTOP)/include/k5-int-pkinit.h \
-  $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/kdb.h $(SRCTOP)/include/kdb_log.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  kproplog.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/iprop.h \
+  $(top_srcdir)/include/iprop_hdr.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/kdb_log.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kproplog.c
diff --git a/src/tests/Makefile.in b/src/tests/Makefile.in
index 09bc044..87098c6 100644
--- a/src/tests/Makefile.in
+++ b/src/tests/Makefile.in
@@ -1,6 +1,4 @@
-thisconfigdir=..
 mydir=tests
-myfulldir=tests
 BUILDTOP=$(REL)..
 SUBDIRS = resolve asn.1 create hammer verify gssapi dejagnu shlib \
 	gss-threads misc mkeystash_compat
@@ -30,7 +28,7 @@ kdc.conf: Makefile
 	@echo "}" >> kdc.conf
 
 krb5.conf: Makefile
-	cat $(SRCTOP)/config-files/krb5.conf > krb5.new
+	cat $(top_srcdir)/config-files/krb5.conf > krb5.new
 	echo "[dbmodules]" >> krb5.new
 	echo " db_module_dir = `pwd`/../util/fakedest$(KRB5_DB_MODULE_DIR)" >> krb5.new
 	mv krb5.new krb5.conf
diff --git a/src/tests/asn.1/Makefile.in b/src/tests/asn.1/Makefile.in
index 766cbb5..14585e3 100644
--- a/src/tests/asn.1/Makefile.in
+++ b/src/tests/asn.1/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/asn.1
 mydir=tests/asn.1
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
@@ -40,12 +38,12 @@ check:: check-encode check-encode-trval check-decode check-leak
 # Does not actually test for leaks unless using valgrind or a similar
 # tool, but does exercise a bunch of code.
 check-leak: krb5_decode_leak
-	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
+	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_decode_leak
 
 check-decode: krb5_decode_test
-	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
+	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_decode_test
 
@@ -64,13 +62,13 @@ expected_trval.out: trval_reference.out ldap_trval.out
 	fi
 
 check-encode: krb5_encode_test expected_encode.out
-	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
+	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_encode_test > test.out
 	cmp test.out expected_encode.out
 
 check-encode-trval: krb5_encode_test expected_trval.out
-	KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; \
+	KRB5_CONFIG=$(top_srcdir)/config-files/krb5.conf ; \
 		export KRB5_CONFIG ;\
 		$(RUN_SETUP) $(VALGRIND) ./krb5_encode_test -t > trval.out
 	cmp trval.out expected_trval.out
diff --git a/src/tests/asn.1/debug.h b/src/tests/asn.1/debug.h
index 0929962..c538c36 100644
--- a/src/tests/asn.1/debug.h
+++ b/src/tests/asn.1/debug.h
@@ -1,20 +1,21 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #ifndef __DEBUG_H__
 #define __DEBUG_H__
 
 /*
-   assert utility macro for test programs:
-   If the predicate (pred) is true, then
-   OK: <message> is printed.  Otherwise,
-   ERROR: <message> is printed.
+  assert utility macro for test programs:
+  If the predicate (pred) is true, then
+  OK: <message> is printed.  Otherwise,
+  ERROR: <message> is printed.
 
-   message should be a printf format string.
+  message should be a printf format string.
 */
 
 #include <stdio.h>
 
-#define test(pred,message)\
-  if(pred) printf("OK: ");\
-  else { printf("ERROR: "); error_count++; }\
-  printf(message);
+#define test(pred,message)                      \
+    if(pred) printf("OK: ");                    \
+    else { printf("ERROR: "); error_count++; }  \
+    printf(message);
 
 #endif
diff --git a/src/tests/asn.1/deps b/src/tests/asn.1/deps
index dbb109e..09fafd0 100644
--- a/src/tests/asn.1/deps
+++ b/src/tests/asn.1/deps
@@ -3,73 +3,73 @@
 #
 $(OUTPRE)krb5_encode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+  $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   debug.h krb5_encode_test.c ktest.h utility.h
 $(OUTPRE)krb5_decode_test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+  $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   debug.h krb5_decode_test.c ktest.h ktest_equal.h utility.h
 $(OUTPRE)krb5_decode_leak.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+  $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   debug.h krb5_decode_leak.c ktest.h utility.h
 $(OUTPRE)ktest.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SRCTOP)/lib/krb5/asn.1/asn1buf.h $(SRCTOP)/lib/krb5/asn.1/krbasn1.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+  $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktest.c ktest.h utility.h
 $(OUTPRE)ktest_equal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h $(top_srcdir)/include/krb5/authdata_plugin.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   ktest_equal.c ktest_equal.h
 $(OUTPRE)utility.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h $(SRCTOP)/lib/krb5/asn.1/asn1buf.h \
-  $(SRCTOP)/lib/krb5/asn.1/krbasn1.h utility.c utility.h
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(srcdir)/../../lib/krb5/asn.1/asn1buf.h \
+  $(srcdir)/../../lib/krb5/asn.1/krbasn1.h $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h utility.c utility.h
 $(OUTPRE)trval.$(OBJEXT): trval.c
 $(OUTPRE)t_trval.$(OBJEXT): t_trval.c trval.c
diff --git a/src/tests/asn.1/krb5_decode_leak.c b/src/tests/asn.1/krb5_decode_leak.c
index 9f68fb0..ab46fb9 100644
--- a/src/tests/asn.1/krb5_decode_leak.c
+++ b/src/tests/asn.1/krb5_decode_leak.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * This program is intended to help detect memory leaks in the ASN.1
  * decoder functions by exercising their failure paths.  The setup
@@ -50,12 +50,12 @@ main(int argc, char **argv)
     }
     init_access(argv[0]);
 
-#define setup(value, typestring, constructor) \
-    retval = constructor(&(value)); \
-    if (retval) { \
-        com_err("krb5_decode_leak", retval, "while making sample %s", \
-                typestring); \
-        exit(1); \
+#define setup(value, typestring, constructor)                           \
+    retval = constructor(&(value));                                     \
+    if (retval) {                                                       \
+        com_err("krb5_decode_leak", retval, "while making sample %s",   \
+                typestring);                                            \
+        exit(1);                                                        \
     }
 
 #define encode_run(value,type,typestring,description,encoder)
@@ -69,19 +69,19 @@ main(int argc, char **argv)
      * sure to define a pointer named "tmp" of the correct type in the
      * enclosing block.
      */
-#define leak_test(value, encoder, decoder, freefn) \
-    retval = encoder(&(value),&(code)); \
-    if (retval) { \
-        com_err("krb5_decode_leak", retval, "while encoding"); \
-        exit(1); \
-    } \
-    for (i = 0; i < code->length; i++) { \
-        code->data[i] = (char)~((unsigned char)code->data[i]); \
-        retval = decoder(code, &tmp); \
-        code->data[i] = (char)~((unsigned char)code->data[i]); \
-        if (retval == 0) \
-            freefn(test_context, tmp); \
-    } \
+#define leak_test(value, encoder, decoder, freefn)              \
+    retval = encoder(&(value),&(code));                         \
+    if (retval) {                                               \
+        com_err("krb5_decode_leak", retval, "while encoding");  \
+        exit(1);                                                \
+    }                                                           \
+    for (i = 0; i < code->length; i++) {                        \
+        code->data[i] = (char)~((unsigned char)code->data[i]);  \
+        retval = decoder(code, &tmp);                           \
+        code->data[i] = (char)~((unsigned char)code->data[i]);  \
+        if (retval == 0)                                        \
+            freefn(test_context, tmp);                          \
+    }                                                           \
     krb5_free_data(test_context, code);
 
     /****************************************************************/
@@ -636,8 +636,8 @@ main(int argc, char **argv)
                   krb5_free_predicted_sam_response);
         ktest_empty_predicted_sam_response(&sam_ch);
     }
-  /****************************************************************/
-  /* encode_krb5_sam_response_2 */
+    /****************************************************************/
+    /* encode_krb5_sam_response_2 */
     {
         krb5_sam_response_2 sam_ch2, *tmp;
 
diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c
index d996981..2ef70cf 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "k5-int.h"
 #include "ktest.h"
 #include "com_err.h"
@@ -12,7 +13,7 @@ int error_count = 0;
 
 void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val);
 void krb5_ktest_free_pwd_sequence(krb5_context context,
-				  passwd_phrase_element *val);
+                                  passwd_phrase_element *val);
 void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val);
 
 int main(argc, argv)
@@ -24,230 +25,230 @@ int main(argc, argv)
 
     retval = krb5_init_context(&test_context);
     if (retval) {
-	com_err(argv[0], retval, "while initializing krb5");
-	exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
     init_access(argv[0]);
 
 
-#define setup(type,typestring,constructor)				\
-    type ref, *var;							\
-    retval = constructor(&ref);						\
-    if (retval) {							\
-	com_err("krb5_decode_test", retval, "while making sample %s", typestring); \
-	exit(1);							\
+#define setup(type,typestring,constructor)                              \
+    type ref, *var;                                                     \
+    retval = constructor(&ref);                                         \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while making sample %s", typestring); \
+        exit(1);                                                        \
     }
 
 #define decode_run(typestring,description,encoding,decoder,comparator,cleanup) \
-    retval = krb5_data_hex_parse(&code,encoding);			\
-    if (retval) {							\
-	com_err("krb5_decode_test", retval, "while parsing %s", typestring); \
-	exit(1);							\
-    }									\
-    retval = decoder(&code,&var);					\
-    if (retval) {							\
-	com_err("krb5_decode_test", retval, "while decoding %s", typestring); \
-	error_count++;							\
-    }									\
-    test(comparator(&ref,var),typestring);				\
-    printf("%s\n",description);						\
-    krb5_free_data_contents(test_context, &code);			\
+    retval = krb5_data_hex_parse(&code,encoding);                       \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while parsing %s", typestring); \
+        exit(1);                                                        \
+    }                                                                   \
+    retval = decoder(&code,&var);                                       \
+    if (retval) {                                                       \
+        com_err("krb5_decode_test", retval, "while decoding %s", typestring); \
+        error_count++;                                                  \
+    }                                                                   \
+    test(comparator(&ref,var),typestring);                              \
+    printf("%s\n",description);                                         \
+    krb5_free_data_contents(test_context, &code);                       \
     cleanup(test_context, var);
 
     /****************************************************************/
     /* decode_krb5_authenticator */
     {
-	setup(krb5_authenticator,"krb5_authenticator",ktest_make_sample_authenticator);
-
-	decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0xffffff80;
-	decode_run("authenticator","(80 -> seq-number 0xffffff80)",
-		   "62 81 A1 30 81 9E"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 03 02 01 80"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0xffffffff;
-	decode_run("authenticator","(FF -> seq-number 0xffffffff)",
-		   "62 81 A1 30 81 9E"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 03 02 01 FF"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0xff;
-	decode_run("authenticator","(00FF -> seq-number 0xff)",
-		   "62 81 A2 30 81 9F"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 04 02 02 00 FF"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0xffffffff;
-	decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)",
-		   "62 81 A5 30 81 A2"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 07 02 05 00 FF FF FF FF"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0x7fffffff;
-	decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)",
-		   "62 81 A4 30 81 A1"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 06 02 04 7F FF FF FF"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ref.seq_number = 0xffffffff;
-	decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)",
-		   "62 81 A4 30 81 A1"
-		   "   A0 03 02 01 05"
-		   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
-		   "   A2 1A 30 18"
-		   "      A0 03 02 01 01"
-		   "      A1 11 30 0F"
-		   "         1B 06 68 66 74 73 61 69"
-		   "         1B 05 65 78 74 72 61"
-		   "   A3 0F 30 0D"
-		   "      A0 03 02 01 01"
-		   "      A1 06 04 04 31 32 33 34"
-		   "   A4 05 02 03 01 E2 40"
-		   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
-		   "   A6 13 30 11"
-		   "      A0 03 02 01 01"
-		   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
-		   "   A7 06 02 04 FF FF FF FF"
-		   "   A8 24 30 22"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   "      30 0F"
-		   "         A0 03 02 01 01"
-		   "         A1 08 04 06 66 6F 6F 62 61 72"
-		   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ktest_destroy_checksum(&(ref.checksum));
-	ktest_destroy_keyblock(&(ref.subkey));
-	ref.seq_number = 0;
-	ktest_empty_authorization_data(ref.authorization_data);
-	decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ktest_destroy_authorization_data(&(ref.authorization_data));
-
-	decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
-
-	ktest_empty_authenticator(&ref);
+        setup(krb5_authenticator,"krb5_authenticator",ktest_make_sample_authenticator);
+
+        decode_run("authenticator","","62 81 A1 30 81 9E A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A7 03 02 01 11 A8 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffff80;
+        decode_run("authenticator","(80 -> seq-number 0xffffff80)",
+                   "62 81 A1 30 81 9E"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 03 02 01 80"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(FF -> seq-number 0xffffffff)",
+                   "62 81 A1 30 81 9E"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 03 02 01 FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xff;
+        decode_run("authenticator","(00FF -> seq-number 0xff)",
+                   "62 81 A2 30 81 9F"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 04 02 02 00 FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(00FFFFFFFF -> seq-number 0xffffffff)",
+                   "62 81 A5 30 81 A2"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 07 02 05 00 FF FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0x7fffffff;
+        decode_run("authenticator","(7FFFFFFF -> seq-number 0x7fffffff)",
+                   "62 81 A4 30 81 A1"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 06 02 04 7F FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ref.seq_number = 0xffffffff;
+        decode_run("authenticator","(FFFFFFFF -> seq-number 0xffffffff)",
+                   "62 81 A4 30 81 A1"
+                   "   A0 03 02 01 05"
+                   "   A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55"
+                   "   A2 1A 30 18"
+                   "      A0 03 02 01 01"
+                   "      A1 11 30 0F"
+                   "         1B 06 68 66 74 73 61 69"
+                   "         1B 05 65 78 74 72 61"
+                   "   A3 0F 30 0D"
+                   "      A0 03 02 01 01"
+                   "      A1 06 04 04 31 32 33 34"
+                   "   A4 05 02 03 01 E2 40"
+                   "   A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A"
+                   "   A6 13 30 11"
+                   "      A0 03 02 01 01"
+                   "      A1 0A 04 08 31 32 33 34 35 36 37 38"
+                   "   A7 06 02 04 FF FF FF FF"
+                   "   A8 24 30 22"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   "      30 0F"
+                   "         A0 03 02 01 01"
+                   "         A1 08 04 06 66 6F 6F 62 61 72"
+                   ,decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_destroy_checksum(&(ref.checksum));
+        ktest_destroy_keyblock(&(ref.subkey));
+        ref.seq_number = 0;
+        ktest_empty_authorization_data(ref.authorization_data);
+        decode_run("authenticator","(optionals empty)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_destroy_authorization_data(&(ref.authorization_data));
+
+        decode_run("authenticator","(optionals NULL)","62 4F 30 4D A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 05 02 03 01 E2 40 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_authenticator,ktest_equal_authenticator,krb5_free_authenticator);
+
+        ktest_empty_authenticator(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_ticket */
     {
-	setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket);
-	decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
-	decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+        setup(krb5_ticket,"krb5_ticket",ktest_make_sample_ticket);
+        decode_run("ticket","","61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+        decode_run("ticket","(+ trailing [4] INTEGER","61 61 30 5F A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 03 02 01 01",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
 
 /*
   "61 80 30 80 "
@@ -268,7 +269,7 @@ int main(argc, argv)
   "  00 00 00 00"
   "00 00 00 00"
 */
-	decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+        decode_run("ticket","(indefinite lengths)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00" ,decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
 /*
   "61 80 30 80 "
   "  A0 03 02 01 05 "
@@ -289,105 +290,105 @@ int main(argc, argv)
   "  A4 03 02 01 01 "
   "00 00 00 00"
 */
-	decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
+        decode_run("ticket","(indefinite lengths + trailing [4] INTEGER)", "61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 A4 03 02 01 01 00 00 00 00",decode_krb5_ticket,ktest_equal_ticket,krb5_free_ticket);
 
-	ktest_empty_ticket(&ref);
+        ktest_empty_ticket(&ref);
 
     }
 
     /****************************************************************/
     /* decode_krb5_encryption_key */
     {
-	setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock);
+        setup(krb5_keyblock,"krb5_keyblock",ktest_make_sample_keyblock);
 
-	decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","","30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
 
-	decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	ref.enctype = -1;
-	decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	ref.enctype = -255;
-	decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	ref.enctype = 255;
-	decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	ref.enctype = -2147483648U;
-	decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
-	ref.enctype = 2147483647;
-	decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(+ trailing [2] INTEGER)","30 16 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(+ trailing [2] SEQUENCE {[0] INTEGER})","30 1A A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 07 30 05 A0 03 02 01 01",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(indefinite lengths)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(indefinite lengths + trailing [2] INTEGER)","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 03 02 01 01 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(indefinite lengths + trailing [2] SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 80 30 80 A0 03 02 01 01 00 00 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        decode_run("encryption_key","(indefinite lengths + trailing SEQUENCE {[0] INTEGER})","30 80 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 80 A0 03 02 01 01 00 00 00 00",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = -1;
+        decode_run("encryption_key","(enctype = -1)","30 11 A0 03 02 01 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = -255;
+        decode_run("encryption_key","(enctype = -255)","30 12 A0 04 02 02 FF 01 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = 255;
+        decode_run("encryption_key","(enctype = 255)","30 12 A0 04 02 02 00 FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = -2147483648U;
+        decode_run("encryption_key","(enctype = -2147483648)","30 14 A0 06 02 04 80 00 00 00 A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
+        ref.enctype = 2147483647;
+        decode_run("encryption_key","(enctype = 2147483647)","30 14 A0 06 02 04 7F FF FF FF A1 0A 04 08 31 32 33 34 35 36 37 38",decode_krb5_encryption_key,ktest_equal_encryption_key,krb5_free_keyblock);
 
-	ktest_empty_keyblock(&ref);
+        ktest_empty_keyblock(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_enc_tkt_part */
     {
-	setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part);
-	decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+        setup(krb5_enc_tkt_part,"krb5_enc_tkt_part",ktest_make_sample_enc_tkt_part);
+        decode_run("enc_tkt_part","","63 82 01 14 30 82 01 10 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-	/* ref.times.starttime = 0; */
-	ref.times.starttime = ref.times.authtime;
-	ref.times.renew_till = 0;
-	ktest_destroy_address(&(ref.caddrs[1]));
-	ktest_destroy_address(&(ref.caddrs[0]));
-	ktest_destroy_authdata(&(ref.authorization_data[1]));
-	ktest_destroy_authdata(&(ref.authorization_data[0]));
-	/* ISODE version fails on the empty caddrs field */
-	ktest_destroy_addresses(&(ref.caddrs));
-	ktest_destroy_authorization_data(&(ref.authorization_data));
+        /* ref.times.starttime = 0; */
+        ref.times.starttime = ref.times.authtime;
+        ref.times.renew_till = 0;
+        ktest_destroy_address(&(ref.caddrs[1]));
+        ktest_destroy_address(&(ref.caddrs[0]));
+        ktest_destroy_authdata(&(ref.authorization_data[1]));
+        ktest_destroy_authdata(&(ref.authorization_data[0]));
+        /* ISODE version fails on the empty caddrs field */
+        ktest_destroy_addresses(&(ref.caddrs));
+        ktest_destroy_authorization_data(&(ref.authorization_data));
 
-	decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
+        decode_run("enc_tkt_part","(optionals NULL)","63 81 A5 30 81 A2 A0 07 03 05 00 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part, krb5_free_enc_tkt_part);
 
-	decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+        decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 38 bits)","63 81 A6 30 81 A3 A0 08 03 06 02 FE DC BA 98 DC A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-	decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+        decode_run("enc_tkt_part","(optionals NULL + bitstring enlarged to 40 bits)","63 81 A6 30 81 A3 A0 08 03 06 00 FE DC BA 98 DE A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-	decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+        decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 29 bits)","63 81 A5 30 81 A2 A0 07 03 05 03 FE DC BA 98 A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-	ref.flags &= 0xFFFFFF00;
+        ref.flags &= 0xFFFFFF00;
 
-	decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
+        decode_run("enc_tkt_part","(optionals NULL + bitstring reduced to 24 bits)","63 81 A4 30 81 A1 A0 06 03 04 00 FE DC BA A1 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 2E 30 2C A0 03 02 01 01 A1 25 04 23 45 44 55 2C 4D 49 54 2E 2C 41 54 48 45 4E 41 2E 2C 57 41 53 48 49 4E 47 54 4F 4E 2E 45 44 55 2C 43 53 2E A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_enc_tkt_part,ktest_equal_enc_tkt_part,krb5_free_enc_tkt_part);
 
-	ktest_empty_enc_tkt_part(&ref);
+        ktest_empty_enc_tkt_part(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_enc_kdc_rep_part */
     {
-	setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
+        setup(krb5_enc_kdc_rep_part,"krb5_enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
 
 #ifdef KRB5_GENEROUS_LR_TYPE
-	decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+        decode_run("enc_kdc_rep_part","(compat_lr_type)","7A 82 01 10 30 82 01 0C A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
 
-	decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+        decode_run("enc_kdc_rep_part","","7A 82 01 0E 30 82 01 0A A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A3 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A4 07 03 05 00 FE DC BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 
-	ref.key_exp = 0;
-	/* ref.times.starttime = 0;*/
-	ref.times.starttime = ref.times.authtime;
-	ref.times.renew_till = 0;
-	ref.flags &= ~TKT_FLG_RENEWABLE;
-	ktest_destroy_addresses(&(ref.caddrs));
+        ref.key_exp = 0;
+        /* ref.times.starttime = 0;*/
+        ref.times.starttime = ref.times.authtime;
+        ref.times.renew_till = 0;
+        ref.flags &= ~TKT_FLG_RENEWABLE;
+        ktest_destroy_addresses(&(ref.caddrs));
 
 #ifdef KRB5_GENEROUS_LR_TYPE
-	decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+        decode_run("enc_kdc_rep_part","(optionals NULL)(compat lr_type)","7A 81 B4 30 81 B1 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 38 30 36 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 19 A0 04 02 02 00 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 #endif
 
-	decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
+        decode_run("enc_kdc_rep_part","(optionals NULL)","7A 81 B2 30 81 AF A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 36 30 34 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A 30 18 A0 03 02 01 FB A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 03 02 01 2A A4 07 03 05 00 FE 5C BA 98 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_enc_kdc_rep_part,ktest_equal_enc_kdc_rep_part,krb5_free_enc_kdc_rep_part);
 
-	ktest_empty_enc_kdc_rep_part(&ref);
+        ktest_empty_enc_kdc_rep_part(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_as_rep */
     {
-	setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
-	ref.msg_type = KRB5_AS_REP;
+        setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
+        ref.msg_type = KRB5_AS_REP;
 
-	decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+        decode_run("as_rep","","6B 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0B A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
 
 /*
   6B 80 30 80
@@ -438,101 +439,101 @@ int main(argc, argv)
   00 00 00 00
   00 00 00 00
 */
-	decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
-	ktest_destroy_pa_data_array(&(ref.padata));
-	decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+        decode_run("as_rep","(indefinite lengths)","6B 80 30 80 A0 03 02 01 05 A1 03 02 01 0B A2 80 30 80 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 30 80 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 00 00 00 00 00 00 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A5 80 61 80 30 80 A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 80 30 80 A0 03 02 01 01 A1 80 30 80 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 00 00 00 00 00 00 00 00 A3 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00 00 00 A6 80 30 80 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 00 00 00 00 00 00 00 00",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
+        ktest_destroy_pa_data_array(&(ref.padata));
+        decode_run("as_rep","(optionals NULL)","6B 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0B A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_rep,ktest_equal_as_rep,krb5_free_kdc_rep);
 
-	ktest_empty_kdc_rep(&ref);
+        ktest_empty_kdc_rep(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_tgs_rep */
     {
-	setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
-	ref.msg_type = KRB5_TGS_REP;
+        setup(krb5_kdc_rep,"krb5_kdc_rep",ktest_make_sample_kdc_rep);
+        ref.msg_type = KRB5_TGS_REP;
 
-	decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+        decode_run("tgs_rep","","6D 81 EA 30 81 E7 A0 03 02 01 05 A1 03 02 01 0D A2 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
 
-	ktest_destroy_pa_data_array(&(ref.padata));
-	decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
+        ktest_destroy_pa_data_array(&(ref.padata));
+        decode_run("tgs_rep","(optionals NULL)","6D 81 C2 30 81 BF A0 03 02 01 05 A1 03 02 01 0D A3 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A4 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A6 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_rep,ktest_equal_tgs_rep,krb5_free_kdc_rep);
 
-	ktest_empty_kdc_rep(&ref);
+        ktest_empty_kdc_rep(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_ap_req */
     {
-	setup(krb5_ap_req,"krb5_ap_req",ktest_make_sample_ap_req);
-	decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
-	ktest_empty_ap_req(&ref);
+        setup(krb5_ap_req,"krb5_ap_req",ktest_make_sample_ap_req);
+        decode_run("ap_req","","6E 81 9D 30 81 9A A0 03 02 01 05 A1 03 02 01 0E A2 07 03 05 00 FE DC BA 98 A3 5E 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A4 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_req,ktest_equal_ap_req,krb5_free_ap_req);
+        ktest_empty_ap_req(&ref);
 
     }
 
     /****************************************************************/
     /* decode_krb5_ap_rep */
     {
-	setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep);
-	decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
-	ktest_empty_ap_rep(&ref);
+        setup(krb5_ap_rep,"krb5_ap_rep",ktest_make_sample_ap_rep);
+        decode_run("ap_rep","","6F 33 30 31 A0 03 02 01 05 A1 03 02 01 0F A2 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_ap_rep,ktest_equal_ap_rep,krb5_free_ap_rep);
+        ktest_empty_ap_rep(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_ap_rep_enc_part */
     {
-	setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
+        setup(krb5_ap_rep_enc_part,"krb5_ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
 
-	decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+        decode_run("ap_rep_enc_part","","7B 36 30 34 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40 A2 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A3 03 02 01 11",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
 
-	ktest_destroy_keyblock(&(ref.subkey));
-	ref.seq_number = 0;
-	decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+        ktest_destroy_keyblock(&(ref.subkey));
+        ref.seq_number = 0;
+        decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
 
-	retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
-	if (retval) {
-	    com_err("krb5_decode_test", retval, "while parsing");
-	    exit(1);
-	}
-	retval = decode_krb5_ap_rep_enc_part(&code, &var);
-	if (retval != ASN1_OVERRUN) {
-	    printf("ERROR: ");
-	} else {
-	    printf("OK: ");
-	}
-	printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
-	krb5_free_data_contents(test_context, &code);
-	krb5_free_ap_rep_enc_part(test_context, var);
+        retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while parsing");
+            exit(1);
+        }
+        retval = decode_krb5_ap_rep_enc_part(&code, &var);
+        if (retval != ASN1_OVERRUN) {
+            printf("ERROR: ");
+        } else {
+            printf("OK: ");
+        }
+        printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for inconsistent length of timestamp)\n");
+        krb5_free_data_contents(test_context, &code);
+        krb5_free_ap_rep_enc_part(test_context, var);
 
-	ktest_empty_ap_rep_enc_part(&ref);
+        ktest_empty_ap_rep_enc_part(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_as_req */
     {
-	setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req);
-	ref.msg_type = KRB5_AS_REQ;
+        setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req);
+        ref.msg_type = KRB5_AS_REQ;
 
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("as_req","","6A 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0A A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
 
-	ktest_destroy_pa_data_array(&(ref.padata));
-	ktest_destroy_principal(&(ref.client));
+        ktest_destroy_pa_data_array(&(ref.padata));
+        ktest_destroy_principal(&(ref.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(ref.server));
+        ktest_destroy_principal(&(ref.server));
 #endif
-	ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	ref.from = 0;
-	ref.rtime = 0;
-	ktest_destroy_addresses(&(ref.addresses));
-	ktest_destroy_enc_data(&(ref.authorization_data));
-	decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
-	ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("as_req","(optionals NULL except second_ticket)","6A 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0A A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(ref.server));
+        ktest_make_sample_principal(&(ref.server));
 #endif
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("as_req","(optionals NULL except server)","6A 69 30 67 A1 03 02 01 05 A2 03 02 01 0A A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_as_req,ktest_equal_as_req,krb5_free_kdc_req);
 
-	ktest_empty_kdc_req(&ref);
+        ktest_empty_kdc_req(&ref);
 
     }
 
@@ -540,388 +541,388 @@ int main(argc, argv)
     /****************************************************************/
     /* decode_krb5_tgs_req */
     {
-	setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req);
-	ref.msg_type = KRB5_TGS_REQ;
+        setup(krb5_kdc_req,"krb5_kdc_req",ktest_make_sample_kdc_req);
+        ref.msg_type = KRB5_TGS_REQ;
 
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("tgs_req","","6C 82 01 E4 30 82 01 E0 A1 03 02 01 05 A2 03 02 01 0C A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 A4 82 01 AA 30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
 
-	ktest_destroy_pa_data_array(&(ref.padata));
-	ktest_destroy_principal(&(ref.client));
+        ktest_destroy_pa_data_array(&(ref.padata));
+        ktest_destroy_principal(&(ref.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(ref.server));
+        ktest_destroy_principal(&(ref.server));
 #endif
-	ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	ref.from = 0;
-	ref.rtime = 0;
-	ktest_destroy_addresses(&(ref.addresses));
-	ktest_destroy_enc_data(&(ref.authorization_data));
-	decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
-
-	ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("tgs_req","(optionals NULL except second_ticket)","6C 82 01 14 30 82 01 10 A1 03 02 01 05 A2 03 02 01 0C A4 82 01 02 30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(ref.server));
+        ktest_make_sample_principal(&(ref.server));
 #endif
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("tgs_req","(optionals NULL except server)","6C 69 30 67 A1 03 02 01 05 A2 03 02 01 0C A4 5B 30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_tgs_req,ktest_equal_tgs_req,krb5_free_kdc_req);
 
-	ktest_empty_kdc_req(&ref);
+        ktest_empty_kdc_req(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_kdc_req_body */
     {
-	krb5_kdc_req ref, *var;
-	memset(&ref, 0, sizeof(krb5_kdc_req));
-	retval = ktest_make_sample_kdc_req_body(&ref);
-	if (retval) {
-	    com_err("making sample kdc_req_body",retval,"");
-	    exit(1);
-	}
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
-
-	ktest_destroy_principal(&(ref.client));
+        krb5_kdc_req ref, *var;
+        memset(&ref, 0, sizeof(krb5_kdc_req));
+        retval = ktest_make_sample_kdc_req_body(&ref);
+        if (retval) {
+            com_err("making sample kdc_req_body",retval,"");
+            exit(1);
+        }
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("kdc_req_body","","30 82 01 A6 A0 07 03 05 00 FE DC BA 90 A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 A9 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 AA 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+        ktest_destroy_principal(&(ref.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(ref.server));
+        ktest_destroy_principal(&(ref.server));
 #endif
-	ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	ref.from = 0;
-	ref.rtime = 0;
-	ktest_destroy_addresses(&(ref.addresses));
-	ktest_destroy_enc_data(&(ref.authorization_data));
-	decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
-
-	ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
+        ref.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        ref.from = 0;
+        ref.rtime = 0;
+        ktest_destroy_addresses(&(ref.addresses));
+        ktest_destroy_enc_data(&(ref.authorization_data));
+        decode_run("kdc_req_body","(optionals NULL except second_ticket)","30 81 FF A0 07 03 05 00 FE DC BA 98 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01 AB 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+
+        ktest_destroy_sequence_of_ticket(&(ref.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(ref.server));
+        ktest_make_sample_principal(&(ref.server));
 #endif
-	ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
-	ref.nktypes = 0;
-	free(ref.ktype);
-	ref.ktype = NULL;
-	decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+        ref.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        decode_run("kdc_req_body","(optionals NULL except server)","30 59 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 08 30 06 02 01 00 02 01 01",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
+        ref.nktypes = 0;
+        free(ref.ktype);
+        ref.ktype = NULL;
+        decode_run("kdc_req_body","(optionals NULL except server; zero-length etypes)","30 53 A0 07 03 05 00 FE DC BA 90 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 03 02 01 2A A8 02 30 00",decode_krb5_kdc_req_body,ktest_equal_kdc_req_body,krb5_free_kdc_req);
 
-	ktest_empty_kdc_req(&ref);
+        ktest_empty_kdc_req(&ref);
     }
 
 
     /****************************************************************/
     /* decode_krb5_safe */
     {
-	setup(krb5_safe,"krb5_safe",ktest_make_sample_safe);
-	decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+        setup(krb5_safe,"krb5_safe",ktest_make_sample_safe);
+        decode_run("safe","","74 6E 30 6C A0 03 02 01 05 A1 03 02 01 14 A2 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
 
-	ref.timestamp = 0;
-	ref.usec = 0;
-	ref.seq_number = 0;
-	ktest_destroy_address(&(ref.r_address));
-	decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ref.seq_number = 0;
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("safe","(optionals NULL)","74 3E 30 3C A0 03 02 01 05 A1 03 02 01 14 A2 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A3 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_safe,ktest_equal_safe,krb5_free_safe);
 
-	ktest_empty_safe(&ref);
+        ktest_empty_safe(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_priv */
     {
-	setup(krb5_priv,"krb5_priv",ktest_make_sample_priv);
-	decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
-	ktest_empty_priv(&ref);
+        setup(krb5_priv,"krb5_priv",ktest_make_sample_priv);
+        decode_run("priv","","75 33 30 31 A0 03 02 01 05 A1 03 02 01 15 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_priv,ktest_equal_priv,krb5_free_priv);
+        ktest_empty_priv(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_enc_priv_part */
     {
-	setup(krb5_priv_enc_part,"krb5_priv_enc_part",ktest_make_sample_priv_enc_part);
-	decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+        setup(krb5_priv_enc_part,"krb5_priv_enc_part",ktest_make_sample_priv_enc_part);
+        decode_run("enc_priv_part","","7C 4F 30 4D A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A2 05 02 03 01 E2 40 A3 03 02 01 11 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
 
-	ref.timestamp = 0;
-	ref.usec = 0;
-	ref.seq_number = 0;
-	ktest_destroy_address(&(ref.r_address));
-	decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
-	ktest_empty_priv_enc_part(&ref);
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ref.seq_number = 0;
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("enc_priv_part","(optionals NULL)","7C 1F 30 1D A0 0A 04 08 6B 72 62 35 64 61 74 61 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_priv_part,ktest_equal_enc_priv_part,krb5_free_priv_enc_part);
+        ktest_empty_priv_enc_part(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_cred */
     {
-	setup(krb5_cred,"krb5_cred",ktest_make_sample_cred);
-	decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
-	ktest_empty_cred(&ref);
+        setup(krb5_cred,"krb5_cred",ktest_make_sample_cred);
+        decode_run("cred","","76 81 F6 30 81 F3 A0 03 02 01 05 A1 03 02 01 16 A2 81 BF 30 81 BC 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 61 5C 30 5A A0 03 02 01 05 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65 A3 25 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_cred,ktest_equal_cred,krb5_free_cred);
+        ktest_empty_cred(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_enc_cred_part */
     {
-	setup(krb5_cred_enc_part,"krb5_cred_enc_part",ktest_make_sample_cred_enc_part);
-	decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
-	/* free_cred_enc_part does not free the pointer */
-	free(var);
-	ktest_destroy_principal(&(ref.ticket_info[0]->client));
-	ktest_destroy_principal(&(ref.ticket_info[0]->server));
-	ref.ticket_info[0]->flags = 0;
-	ref.ticket_info[0]->times.authtime = 0;
-	ref.ticket_info[0]->times.starttime = 0;
-	ref.ticket_info[0]->times.endtime = 0;
-	ref.ticket_info[0]->times.renew_till = 0;
-	ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs));
-	ref.nonce = 0;
-	ref.timestamp = 0;
-	ref.usec = 0;
-	ktest_destroy_address(&(ref.s_address));
-	ktest_destroy_address(&(ref.r_address));
-	decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
-	/* free_cred_enc_part does not free the pointer */
-	free(var);
-
-	ktest_empty_cred_enc_part(&ref);
+        setup(krb5_cred_enc_part,"krb5_cred_enc_part",ktest_make_sample_cred_enc_part);
+        decode_run("enc_cred_part","","7D 82 02 23 30 82 02 1F A0 82 01 DA 30 82 01 D6 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A1 03 02 01 2A A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 A5 0F 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+        /* free_cred_enc_part does not free the pointer */
+        free(var);
+        ktest_destroy_principal(&(ref.ticket_info[0]->client));
+        ktest_destroy_principal(&(ref.ticket_info[0]->server));
+        ref.ticket_info[0]->flags = 0;
+        ref.ticket_info[0]->times.authtime = 0;
+        ref.ticket_info[0]->times.starttime = 0;
+        ref.ticket_info[0]->times.endtime = 0;
+        ref.ticket_info[0]->times.renew_till = 0;
+        ktest_destroy_addresses(&(ref.ticket_info[0]->caddrs));
+        ref.nonce = 0;
+        ref.timestamp = 0;
+        ref.usec = 0;
+        ktest_destroy_address(&(ref.s_address));
+        ktest_destroy_address(&(ref.r_address));
+        decode_run("enc_cred_part","(optionals NULL)","7D 82 01 0E 30 82 01 0A A0 82 01 06 30 82 01 02 30 15 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 30 81 E8 A0 13 30 11 A0 03 02 01 01 A1 0A 04 08 31 32 33 34 35 36 37 38 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 07 03 05 00 FE DC BA 98 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A7 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A8 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A9 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AA 20 30 1E 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23 30 0D A0 03 02 01 02 A1 06 04 04 12 D0 00 23",decode_krb5_enc_cred_part,ktest_equal_enc_cred_part,krb5_free_cred_enc_part);
+        /* free_cred_enc_part does not free the pointer */
+        free(var);
+
+        ktest_empty_cred_enc_part(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_error */
     {
-	setup(krb5_error,"krb5_error",ktest_make_sample_error);
-	decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+        setup(krb5_error,"krb5_error",ktest_make_sample_error);
+        decode_run("error","","7E 81 BA 30 81 B7 A0 03 02 01 05 A1 03 02 01 1E A2 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A7 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A8 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 AB 0A 1B 08 6B 72 62 35 64 61 74 61 AC 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
 
-	ref.ctime = 0;
-	ktest_destroy_principal(&(ref.client));
-	ktest_empty_data(&(ref.text));
-	ktest_empty_data(&(ref.e_data));
-	decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
+        ref.ctime = 0;
+        ktest_destroy_principal(&(ref.client));
+        ktest_empty_data(&(ref.text));
+        ktest_empty_data(&(ref.e_data));
+        decode_run("error","(optionals NULL)","7E 60 30 5E A0 03 02 01 05 A1 03 02 01 1E A3 05 02 03 01 E2 40 A4 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A5 05 02 03 01 E2 40 A6 03 02 01 3C A9 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 AA 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61",decode_krb5_error,ktest_equal_error,krb5_free_error);
 
-	ktest_empty_error(&ref);
+        ktest_empty_error(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_authdata */
     {
-	krb5_authdata **ref, **var;
-	retval = ktest_make_sample_authorization_data(&ref);
-	if (retval) {
-	    com_err("making sample authorization_data",retval,"");
-	    exit(1);
-	}
-	retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72");
-	if (retval) {
-	    com_err("parsing authorization_data",retval,"");
-	    exit(1);
-	}
-	retval = decode_krb5_authdata(&code,&var);
-	if (retval) com_err("decoding authorization_data",retval,"");
-	test(ktest_equal_authorization_data(ref,var),"authorization_data\n")
-	    krb5_free_data_contents(test_context, &code);
-	krb5_free_authdata(test_context, var);
-	ktest_destroy_authorization_data(&ref);
+        krb5_authdata **ref, **var;
+        retval = ktest_make_sample_authorization_data(&ref);
+        if (retval) {
+            com_err("making sample authorization_data",retval,"");
+            exit(1);
+        }
+        retval = krb5_data_hex_parse(&code,"30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72");
+        if (retval) {
+            com_err("parsing authorization_data",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_authdata(&code,&var);
+        if (retval) com_err("decoding authorization_data",retval,"");
+        test(ktest_equal_authorization_data(ref,var),"authorization_data\n")
+            krb5_free_data_contents(test_context, &code);
+        krb5_free_authdata(test_context, var);
+        ktest_destroy_authorization_data(&ref);
     }
 
     /****************************************************************/
     /* decode_pwd_sequence */
     {
-	setup(passwd_phrase_element,"passwd_phrase_element",ktest_make_sample_passwd_phrase_element);
-	decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element,krb5_ktest_free_pwd_sequence);
-	ktest_empty_passwd_phrase_element(&ref);
+        setup(passwd_phrase_element,"passwd_phrase_element",ktest_make_sample_passwd_phrase_element);
+        decode_run("PasswdSequence","","30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_sequence,ktest_equal_passwd_phrase_element,krb5_ktest_free_pwd_sequence);
+        ktest_empty_passwd_phrase_element(&ref);
     }
 
     /****************************************************************/
     /* decode_passwd_data */
     {
-	setup(krb5_pwd_data,"krb5_pwd_data",ktest_make_sample_krb5_pwd_data);
-	decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data,krb5_free_pwd_data);
-	ktest_empty_pwd_data(&ref);
+        setup(krb5_pwd_data,"krb5_pwd_data",ktest_make_sample_krb5_pwd_data);
+        decode_run("PasswdData","","30 3D A0 03 02 01 02 A1 36 30 34 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61 30 18 A0 0A 04 08 6B 72 62 35 64 61 74 61 A1 0A 04 08 6B 72 62 35 64 61 74 61",decode_krb5_pwd_data,ktest_equal_krb5_pwd_data,krb5_free_pwd_data);
+        ktest_empty_pwd_data(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_padata_sequence */
     {
-	krb5_pa_data **ref, **var;
-	retval = ktest_make_sample_pa_data_array(&ref);
-	if (retval) {
-	    com_err("making sample pa_data array",retval,"");
-	    exit(1);
-	}
-	retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61");
-	if (retval) {
-	    com_err("parsing padata_sequence",retval,"");
-	    exit(1);
-	}
-	retval = decode_krb5_padata_sequence(&code,&var);
-	if (retval) com_err("decoding padata_sequence",retval,"");
-	test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n");
-	krb5_free_pa_data(test_context, var);
-	krb5_free_data_contents(test_context, &code);
-	ktest_destroy_pa_data_array(&ref);
+        krb5_pa_data **ref, **var;
+        retval = ktest_make_sample_pa_data_array(&ref);
+        if (retval) {
+            com_err("making sample pa_data array",retval,"");
+            exit(1);
+        }
+        retval = krb5_data_hex_parse(&code,"30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61");
+        if (retval) {
+            com_err("parsing padata_sequence",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_padata_sequence(&code,&var);
+        if (retval) com_err("decoding padata_sequence",retval,"");
+        test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data\n");
+        krb5_free_pa_data(test_context, var);
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_pa_data_array(&ref);
     }
 
     /****************************************************************/
     /* decode_krb5_padata_sequence (empty) */
     {
-	krb5_pa_data **ref, **var;
-	retval = ktest_make_sample_empty_pa_data_array(&ref);
-	if (retval) {
-	    com_err("making sample empty pa_data array",retval,"");
-	    exit(1);
-	}
-	retval = krb5_data_hex_parse(&code,"30 00");
-	if (retval) {
-	    com_err("parsing padata_sequence (empty)",retval,"");
-	    exit(1);
-	}
-	retval = decode_krb5_padata_sequence(&code,&var);
-	if (retval) com_err("decoding padata_sequence (empty)",retval,"");
-	test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n");
-	krb5_free_pa_data(test_context, var);
-	krb5_free_data_contents(test_context, &code);
-	ktest_destroy_pa_data_array(&ref);
+        krb5_pa_data **ref, **var;
+        retval = ktest_make_sample_empty_pa_data_array(&ref);
+        if (retval) {
+            com_err("making sample empty pa_data array",retval,"");
+            exit(1);
+        }
+        retval = krb5_data_hex_parse(&code,"30 00");
+        if (retval) {
+            com_err("parsing padata_sequence (empty)",retval,"");
+            exit(1);
+        }
+        retval = decode_krb5_padata_sequence(&code,&var);
+        if (retval) com_err("decoding padata_sequence (empty)",retval,"");
+        test(ktest_equal_sequence_of_pa_data(ref,var),"pa_data (empty)\n");
+        krb5_free_pa_data(test_context, var);
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_pa_data_array(&ref);
     }
 
     /****************************************************************/
     /* decode_pwd_sequence */
     {
-	setup(krb5_alt_method,"krb5_alt_method",ktest_make_sample_alt_method);
-	decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
-	ref.length = 0;
-	decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
-	ktest_empty_alt_method(&ref);
+        setup(krb5_alt_method,"krb5_alt_method",ktest_make_sample_alt_method);
+        decode_run("alt_method","","30 0F A0 03 02 01 2A A1 08 04 06 73 65 63 72 65 74",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
+        ref.length = 0;
+        decode_run("alt_method (no data)","","30 05 A0 03 02 01 2A",decode_krb5_alt_method,ktest_equal_krb5_alt_method,krb5_ktest_free_alt_method);
+        ktest_empty_alt_method(&ref);
     }
 
     /****************************************************************/
     /* decode_etype_info */
     {
-	krb5_etype_info ref, var;
-
-	retval = ktest_make_sample_etype_info(&ref);
-	if (retval) {
-	    com_err("krb5_decode_test", retval,
-		    "while making sample etype info");
-	    exit(1);
-	}
-	retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32");
-	if (retval) {
-	    com_err("krb5_decode_test", retval, "while parsing etype_info");
-	    exit(1);
-	}
-	retval = decode_krb5_etype_info(&code,&var);
-	if (retval) {
-	    com_err("krb5_decode_test", retval, "while decoding etype_info");
-	}
-	test(ktest_equal_etype_info(ref,var),"etype_info\n");
-
-	ktest_destroy_etype_info(var);
-	ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
-	ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
-	krb5_free_data_contents(test_context, &code);
-
-	retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
-	if (retval) {
-	    com_err("krb5_decode_test", retval,
-		    "while parsing etype_info (only one)");
-	    exit(1);
-	}
-	retval = decode_krb5_etype_info(&code,&var);
-	if (retval) {
-	    com_err("krb5_decode_test", retval,
-		    "while decoding etype_info (only one)");
-	}
-	test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n");
-
-	ktest_destroy_etype_info(var);
-	ktest_destroy_etype_info_entry(ref[0]);      ref[0] = 0;
-	krb5_free_data_contents(test_context, &code);
-
-	retval = krb5_data_hex_parse(&code,"30 00");
-	if (retval) {
-	    com_err("krb5_decode_test", retval,
-		    "while parsing etype_info (no info)");
-	    exit(1);
-	}
-	retval = decode_krb5_etype_info(&code,&var);
-	if (retval) {
-	    com_err("krb5_decode_test", retval,
-		    "while decoding etype_info (no info)");
-	}
-	test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n");
-
-	krb5_free_data_contents(test_context, &code);
-	ktest_destroy_etype_info(var);
-	ktest_destroy_etype_info(ref);
+        krb5_etype_info ref, var;
+
+        retval = ktest_make_sample_etype_info(&ref);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while making sample etype info");
+            exit(1);
+        }
+        retval = krb5_data_hex_parse(&code,"30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32");
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while parsing etype_info");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval, "while decoding etype_info");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info\n");
+
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info_entry(ref[2]);      ref[2] = 0;
+        ktest_destroy_etype_info_entry(ref[1]);      ref[1] = 0;
+        krb5_free_data_contents(test_context, &code);
+
+        retval = krb5_data_hex_parse(&code,"30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30");
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while parsing etype_info (only one)");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while decoding etype_info (only one)");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info (only one)\n");
+
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info_entry(ref[0]);      ref[0] = 0;
+        krb5_free_data_contents(test_context, &code);
+
+        retval = krb5_data_hex_parse(&code,"30 00");
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while parsing etype_info (no info)");
+            exit(1);
+        }
+        retval = decode_krb5_etype_info(&code,&var);
+        if (retval) {
+            com_err("krb5_decode_test", retval,
+                    "while decoding etype_info (no info)");
+        }
+        test(ktest_equal_etype_info(ref,var),"etype_info (no info)\n");
+
+        krb5_free_data_contents(test_context, &code);
+        ktest_destroy_etype_info(var);
+        ktest_destroy_etype_info(ref);
     }
 
     /****************************************************************/
     /* decode_pa_enc_ts */
     {
-	setup(krb5_pa_enc_ts,"krb5_pa_enc_ts",ktest_make_sample_pa_enc_ts);
-	decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
-	ref.pausec = 0;
-	decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+        setup(krb5_pa_enc_ts,"krb5_pa_enc_ts",ktest_make_sample_pa_enc_ts);
+        decode_run("pa_enc_ts","","30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
+        ref.pausec = 0;
+        decode_run("pa_enc_ts (no usec)","","30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_pa_enc_ts,ktest_equal_krb5_pa_enc_ts,krb5_free_pa_enc_ts);
     }
 
     /****************************************************************/
     /* decode_enc_data */
     {
-	setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data);
-	decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
-	ktest_destroy_enc_data(&ref);
+        setup(krb5_enc_data,"krb5_enc_data",ktest_make_sample_enc_data);
+        decode_run("enc_data","","30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65",decode_krb5_enc_data,ktest_equal_enc_data,krb5_ktest_free_enc_data);
+        ktest_destroy_enc_data(&ref);
     }
 
     /****************************************************************/
     /* decode_sam_challenge */
     {
-	setup(krb5_sam_challenge,"krb5_sam_challenge",ktest_make_sample_sam_challenge);
-	decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
-	ktest_empty_sam_challenge(&ref);
+        setup(krb5_sam_challenge,"krb5_sam_challenge",ktest_make_sample_sam_challenge);
+        decode_run("sam_challenge","","30 78 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A3 02 04 00 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A7 02 04 00 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
+        ktest_empty_sam_challenge(&ref);
 
     }
 
     /****************************************************************/
     /* decode_sam_challenge */
     {
-	setup(krb5_sam_challenge,"krb5_sam_challenge - no optionals",ktest_make_sample_sam_challenge);
-	decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
-	ktest_empty_sam_challenge(&ref);
+        setup(krb5_sam_challenge,"krb5_sam_challenge - no optionals",ktest_make_sample_sam_challenge);
+        decode_run("sam_challenge","","30 70 A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0B 04 09 74 79 70 65 20 6E 61 6D 65 A4 11 04 0F 63 68 61 6C 6C 65 6E 67 65 20 6C 61 62 65 6C A5 10 04 0E 63 68 61 6C 6C 65 6E 67 65 20 69 70 73 65 A6 16 04 14 72 65 73 70 6F 6E 73 65 5F 70 72 6F 6D 70 74 20 69 70 73 65 A8 05 02 03 54 32 10 A9 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_sam_challenge,ktest_equal_sam_challenge,krb5_free_sam_challenge);
+        ktest_empty_sam_challenge(&ref);
     }
 
     /****************************************************************/
     /* decode_sam_response */
     {
-	setup(krb5_sam_response,"krb5_sam_response",ktest_make_sample_sam_response);
-	decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response,krb5_free_sam_response);
+        setup(krb5_sam_response,"krb5_sam_response",ktest_make_sample_sam_response);
+        decode_run("sam_response","","30 6A A0 03 02 01 2A A1 07 03 05 00 80 00 00 00 A2 0C 04 0A 74 72 61 63 6B 20 64 61 74 61 A3 14 30 12 A0 03 02 01 01 A1 04 02 02 07 96 A2 05 04 03 6B 65 79 A4 1C 30 1A A0 03 02 01 01 A1 04 02 02 0D 36 A2 0D 04 0B 6E 6F 6E 63 65 20 6F 72 20 74 73 A5 05 02 03 54 32 10 A6 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A",decode_krb5_sam_response,ktest_equal_sam_response,krb5_free_sam_response);
 
-	ktest_empty_sam_response(&ref);
+        ktest_empty_sam_response(&ref);
     }
 
     /****************************************************************/
     /* decode_pa_s4u_x509_user */
     {
-	setup(krb5_pa_s4u_x509_user,"krb5_pa_s4u_x509_user",ktest_make_sample_pa_s4u_x509_user);
-	decode_run("pa_s4u_x509_user","","30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_pa_s4u_x509_user,ktest_equal_pa_s4u_x509_user,krb5_free_pa_s4u_x509_user);
-	ktest_empty_pa_s4u_x509_user(&ref);
+        setup(krb5_pa_s4u_x509_user,"krb5_pa_s4u_x509_user",ktest_make_sample_pa_s4u_x509_user);
+        decode_run("pa_s4u_x509_user","","30 68 A0 55 30 53 A0 06 02 04 00 CA 14 9A A1 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A2 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A3 12 04 10 70 61 5F 73 34 75 5F 78 35 30 39 5F 75 73 65 72 A4 07 03 05 00 80 00 00 00 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34",decode_krb5_pa_s4u_x509_user,ktest_equal_pa_s4u_x509_user,krb5_free_pa_s4u_x509_user);
+        ktest_empty_pa_s4u_x509_user(&ref);
     }
 
     /****************************************************************/
     /* decode_ad_kdcissued */
     {
-	setup(krb5_ad_kdcissued,"krb5_ad_kdcissued",ktest_make_sample_ad_kdcissued);
-	decode_run("ad_kdcissued","","30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_ad_kdcissued,ktest_equal_ad_kdcissued,krb5_free_ad_kdcissued);
-	ktest_empty_ad_kdcissued(&ref);
+        setup(krb5_ad_kdcissued,"krb5_ad_kdcissued",ktest_make_sample_ad_kdcissued);
+        decode_run("ad_kdcissued","","30 65 A0 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A1 10 1B 0E 41 54 48 45 4E 41 2E 4D 49 54 2E 45 44 55 A2 1A 30 18 A0 03 02 01 01 A1 11 30 0F 1B 06 68 66 74 73 61 69 1B 05 65 78 74 72 61 A3 24 30 22 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72 30 0F A0 03 02 01 01 A1 08 04 06 66 6F 6F 62 61 72",decode_krb5_ad_kdcissued,ktest_equal_ad_kdcissued,krb5_free_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&ref);
     }
 
     /****************************************************************/
     /* decode_ad_signedpath */
     {
-	setup(krb5_ad_signedpath,"krb5_ad_signedpath",ktest_make_sample_ad_signedpath);
-	decode_run("ad_signedpath","","30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_ad_signedpath,ktest_equal_ad_signedpath,krb5_free_ad_signedpath);
-	ktest_empty_ad_signedpath(&ref);
+        setup(krb5_ad_signedpath,"krb5_ad_signedpath",ktest_make_sample_ad_signedpath);
+        decode_run("ad_signedpath","","30 3E A0 03 02 01 01 A1 0F 30 0D A0 03 02 01 01 A1 06 04 04 31 32 33 34 A3 26 30 24 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61 30 10 A1 03 02 01 0D A2 09 04 07 70 61 2D 64 61 74 61",decode_krb5_ad_signedpath,ktest_equal_ad_signedpath,krb5_free_ad_signedpath);
+        ktest_empty_ad_signedpath(&ref);
     }
 
 #ifdef ENABLE_LDAP
     /* ldap sequence_of_keys */
     {
-	setup(ldap_seqof_key_data,"ldap_seqof_key_data",
-	      ktest_make_sample_ldap_seqof_key_data);
-	decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data);
-	ktest_empty_ldap_seqof_key_data(test_context, &ref);
+        setup(ldap_seqof_key_data,"ldap_seqof_key_data",
+              ktest_make_sample_ldap_seqof_key_data);
+        decode_run("ldap_seqof_key_data","","30 81 87 A0 03 02 01 01 A1 03 02 01 01 A2 03 02 01 2A A3 03 02 01 0E A4 71 30 6F 30 23 A0 10 30 0E A0 03 02 01 00 A1 07 04 05 73 61 6C 74 30 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 30 30 23 A0 10 30 0E A0 03 02 01 01 A1 07 04 05 73 61 6C 74 31 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 31 30 23 A0 10 30 0E A0 03 02 01 02 A1 07 04 05 73 61 6C 74 32 A1 0F 30 0D A0 03 02 01 02 A1 06 04 04 6B 65 79 32",acc.asn1_ldap_decode_sequence_of_keys,ktest_equal_ldap_sequence_of_keys,ktest_empty_ldap_seqof_key_data);
+        ktest_empty_ldap_seqof_key_data(test_context, &ref);
     }
 
 #endif
@@ -935,12 +936,12 @@ int main(argc, argv)
 void krb5_ktest_free_alt_method(krb5_context context, krb5_alt_method *val)
 {
     if (val->data)
-	free(val->data);
+        free(val->data);
     free(val);
 }
 
 void krb5_ktest_free_pwd_sequence(krb5_context context,
-				  passwd_phrase_element *val)
+                                  passwd_phrase_element *val)
 {
     krb5_free_data(context, val->passwd);
     krb5_free_data(context, val->phrase);
@@ -950,7 +951,7 @@ void krb5_ktest_free_pwd_sequence(krb5_context context,
 void krb5_ktest_free_enc_data(krb5_context context, krb5_enc_data *val)
 {
     if (val) {
-	krb5_free_data_contents(context, &(val->ciphertext));
-	free(val);
+        krb5_free_data_contents(context, &(val->ciphertext));
+        free(val);
     }
 }
diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c
index 3716eb4..9694746 100644
--- a/src/tests/asn.1/krb5_encode_test.c
+++ b/src/tests/asn.1/krb5_encode_test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include "k5-int.h"
 #include "com_err.h"
@@ -17,65 +18,65 @@ int trval2();
 
 static void encoder_print_results(code, typestring, description)
     krb5_data *code;
-    char	*typestring;
-    char	*description;
+    char        *typestring;
+    char        *description;
 {
-    char	*code_string = NULL;
-    krb5_error_code	retval;
+    char        *code_string = NULL;
+    krb5_error_code     retval;
     int r, rlen;
 
     if (do_trval) {
-	printf("encode_krb5_%s%s:\n", typestring, description);
-	r = trval2(stdout, code->data, code->length, 0, &rlen);
-	printf("\n\n");
-	if (rlen < 0 || (unsigned int) rlen != code->length) {
-	    printf("Error: length mismatch: was %d, parsed %d\n",
-		   code->length, rlen);
-	    exit(1);
-	}
-	if (r != 0) {
-	    printf("Error: Return from trval2 is %d.\n", r);
-	    exit(1);
-	}
-	current_appl_type = -1;	/* Reset type */
+        printf("encode_krb5_%s%s:\n", typestring, description);
+        r = trval2(stdout, code->data, code->length, 0, &rlen);
+        printf("\n\n");
+        if (rlen < 0 || (unsigned int) rlen != code->length) {
+            printf("Error: length mismatch: was %d, parsed %d\n",
+                   code->length, rlen);
+            exit(1);
+        }
+        if (r != 0) {
+            printf("Error: Return from trval2 is %d.\n", r);
+            exit(1);
+        }
+        current_appl_type = -1; /* Reset type */
     } else {
-	retval = asn1_krb5_data_unparse(code,&(code_string));
-	if (retval) {
-	    com_err("krb5_encode_test", retval ,
-		    "while unparsing %s", typestring);
-	    exit(1);
-	}
-	printf("encode_krb5_%s%s: %s\n", typestring, description,
-	       code_string);
-	free(code_string);
+        retval = asn1_krb5_data_unparse(code,&(code_string));
+        if (retval) {
+            com_err("krb5_encode_test", retval ,
+                    "while unparsing %s", typestring);
+            exit(1);
+        }
+        printf("encode_krb5_%s%s: %s\n", typestring, description,
+               code_string);
+        free(code_string);
     }
     ktest_destroy_data(&code);
 }
 
 static void PRS(argc, argv)
-    int	argc;
-    char	**argv;
+    int argc;
+    char        **argv;
 {
     extern char *optarg;
     int optchar;
     extern int print_types, print_krb5_types, print_id_and_len,
-	print_constructed_length, print_skip_context,
-	print_skip_tagnum, print_context_shortcut;
+        print_constructed_length, print_skip_context,
+        print_skip_tagnum, print_context_shortcut;
 
     while ((optchar = getopt(argc, argv, "tp:")) != -1) {
-	switch(optchar) {
-	case 't':
-	    do_trval = 1;
-	    break;
-	case 'p':
-	    sample_principal_name = optarg;
-	    break;
-	case '?':
-	default:
-	    fprintf(stderr, "Usage: %s [-t] [-p principal]\n",
-		    argv[0]);
-	    exit(1);
-	}
+        switch(optchar) {
+        case 't':
+            do_trval = 1;
+            break;
+        case 'p':
+            sample_principal_name = optarg;
+            break;
+        case '?':
+        default:
+            fprintf(stderr, "Usage: %s [-t] [-p principal]\n",
+                    argv[0]);
+            exit(1);
+        }
     }
     print_types = 1;
     print_krb5_types = 1;
@@ -88,8 +89,8 @@ static void PRS(argc, argv)
 
 int
 main(argc, argv)
-    int	argc;
-    char	**argv;
+    int argc;
+    char        **argv;
 {
     krb5_data *code;
     krb5_error_code retval;
@@ -98,509 +99,509 @@ main(argc, argv)
 
     retval = krb5_init_context(&test_context);
     if (retval) {
-	com_err(argv[0], retval, "while initializing krb5");
-	exit(1);
+        com_err(argv[0], retval, "while initializing krb5");
+        exit(1);
     }
     init_access(argv[0]);
 
-#define setup(value,type,typestring,constructor)			\
-    retval = constructor(&(value));					\
-    if (retval) {							\
-	com_err("krb5_encode_test", retval, "while making sample %s", typestring); \
-	exit(1);							\
+#define setup(value,type,typestring,constructor)                        \
+    retval = constructor(&(value));                                     \
+    if (retval) {                                                       \
+        com_err("krb5_encode_test", retval, "while making sample %s", typestring); \
+        exit(1);                                                        \
     }
 
-#define encode_run(value,type,typestring,description,encoder)		\
-    retval = encoder(&(value),&(code));					\
-    if (retval) {							\
-	com_err("krb5_encode_test", retval,"while encoding %s", typestring); \
-	exit(1);							\
-    }									\
+#define encode_run(value,type,typestring,description,encoder)           \
+    retval = encoder(&(value),&(code));                                 \
+    if (retval) {                                                       \
+        com_err("krb5_encode_test", retval,"while encoding %s", typestring); \
+        exit(1);                                                        \
+    }                                                                   \
     encoder_print_results(code, typestring, description);
 
     /****************************************************************/
     /* encode_krb5_authenticator */
     {
-	krb5_authenticator authent;
-	setup(authent,authenticator,"authenticator",ktest_make_sample_authenticator);
+        krb5_authenticator authent;
+        setup(authent,authenticator,"authenticator",ktest_make_sample_authenticator);
 
-	encode_run(authent,authenticator,"authenticator","",encode_krb5_authenticator);
+        encode_run(authent,authenticator,"authenticator","",encode_krb5_authenticator);
 
-	ktest_destroy_checksum(&(authent.checksum));
-	ktest_destroy_keyblock(&(authent.subkey));
-	authent.seq_number = 0;
-	ktest_empty_authorization_data(authent.authorization_data);
-	encode_run(authent,authenticator,"authenticator","(optionals empty)",encode_krb5_authenticator);
+        ktest_destroy_checksum(&(authent.checksum));
+        ktest_destroy_keyblock(&(authent.subkey));
+        authent.seq_number = 0;
+        ktest_empty_authorization_data(authent.authorization_data);
+        encode_run(authent,authenticator,"authenticator","(optionals empty)",encode_krb5_authenticator);
 
-	ktest_destroy_authorization_data(&(authent.authorization_data));
-	encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator);
-	ktest_empty_authenticator(&authent);
+        ktest_destroy_authorization_data(&(authent.authorization_data));
+        encode_run(authent,authenticator,"authenticator","(optionals NULL)",encode_krb5_authenticator);
+        ktest_empty_authenticator(&authent);
     }
 
     /****************************************************************/
     /* encode_krb5_ticket */
     {
-	krb5_ticket tkt;
-	setup(tkt,ticket,"ticket",ktest_make_sample_ticket);
-	encode_run(tkt,ticket,"ticket","",encode_krb5_ticket);
-	ktest_empty_ticket(&tkt);
+        krb5_ticket tkt;
+        setup(tkt,ticket,"ticket",ktest_make_sample_ticket);
+        encode_run(tkt,ticket,"ticket","",encode_krb5_ticket);
+        ktest_empty_ticket(&tkt);
     }
 
     /****************************************************************/
     /* encode_krb5_encryption_key */
     {
-	krb5_keyblock keyblk;
-	setup(keyblk,keyblock,"keyblock",ktest_make_sample_keyblock);
-	current_appl_type = 1005;
-	encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key);
-	ktest_empty_keyblock(&keyblk);
+        krb5_keyblock keyblk;
+        setup(keyblk,keyblock,"keyblock",ktest_make_sample_keyblock);
+        current_appl_type = 1005;
+        encode_run(keyblk,keyblock,"keyblock","",encode_krb5_encryption_key);
+        ktest_empty_keyblock(&keyblk);
     }
 
     /****************************************************************/
     /* encode_krb5_enc_tkt_part */
     {
-	krb5_ticket tkt;
-	memset(&tkt, 0, sizeof(krb5_ticket));
-	tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part));
-	if (tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,"");
-	setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part);
+        krb5_ticket tkt;
+        memset(&tkt, 0, sizeof(krb5_ticket));
+        tkt.enc_part2 = (krb5_enc_tkt_part*)calloc(1,sizeof(krb5_enc_tkt_part));
+        if (tkt.enc_part2 == NULL) com_err("allocating enc_tkt_part",errno,"");
+        setup(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part",ktest_make_sample_enc_tkt_part);
 
-	encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","",encode_krb5_enc_tkt_part);
+        encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","",encode_krb5_enc_tkt_part);
 
-	tkt.enc_part2->times.starttime = 0;
-	tkt.enc_part2->times.renew_till = 0;
-	ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
-	ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
-	ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
-	ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
+        tkt.enc_part2->times.starttime = 0;
+        tkt.enc_part2->times.renew_till = 0;
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[1]));
+        ktest_destroy_address(&(tkt.enc_part2->caddrs[0]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[1]));
+        ktest_destroy_authdata(&(tkt.enc_part2->authorization_data[0]));
 
-	/* ISODE version fails on the empty caddrs field */
-	ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
-	ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
+        /* ISODE version fails on the empty caddrs field */
+        ktest_destroy_addresses(&(tkt.enc_part2->caddrs));
+        ktest_destroy_authorization_data(&(tkt.enc_part2->authorization_data));
 
-	encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part);
-	ktest_empty_ticket(&tkt);
+        encode_run(*(tkt.enc_part2),enc_tkt_part,"enc_tkt_part","(optionals NULL)",encode_krb5_enc_tkt_part);
+        ktest_empty_ticket(&tkt);
     }
 
     /****************************************************************/
     /* encode_krb5_enc_kdc_rep_part */
     {
-	krb5_kdc_rep kdcr;
+        krb5_kdc_rep kdcr;
 
-	memset(&kdcr, 0, sizeof(kdcr));
+        memset(&kdcr, 0, sizeof(kdcr));
 
-	kdcr.enc_part2 = (krb5_enc_kdc_rep_part*)
-	    calloc(1,sizeof(krb5_enc_kdc_rep_part));
-	if (kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,"");
-	setup(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
+        kdcr.enc_part2 = (krb5_enc_kdc_rep_part*)
+            calloc(1,sizeof(krb5_enc_kdc_rep_part));
+        if (kdcr.enc_part2 == NULL) com_err("allocating enc_kdc_rep_part",errno,"");
+        setup(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part",ktest_make_sample_enc_kdc_rep_part);
 
-	encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","",encode_krb5_enc_kdc_rep_part);
+        encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","",encode_krb5_enc_kdc_rep_part);
 
-	kdcr.enc_part2->key_exp = 0;
-	kdcr.enc_part2->times.starttime = 0;
-	kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
-	ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
+        kdcr.enc_part2->key_exp = 0;
+        kdcr.enc_part2->times.starttime = 0;
+        kdcr.enc_part2->flags &= ~TKT_FLG_RENEWABLE;
+        ktest_destroy_addresses(&(kdcr.enc_part2->caddrs));
 
-	encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part);
+        encode_run(*(kdcr.enc_part2),enc_kdc_rep_part,"enc_kdc_rep_part","(optionals NULL)",encode_krb5_enc_kdc_rep_part);
 
-	ktest_empty_kdc_rep(&kdcr);
+        ktest_empty_kdc_rep(&kdcr);
     }
 
     /****************************************************************/
     /* encode_krb5_as_rep */
     {
-	krb5_kdc_rep kdcr;
-	setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep);
+        krb5_kdc_rep kdcr;
+        setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep);
 
 /*    kdcr.msg_type = KRB5_TGS_REP;
       test(encode_krb5_as_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
       "encode_krb5_as_rep type check\n");
       ktest_destroy_data(&code);*/
 
-	kdcr.msg_type = KRB5_AS_REP;
-	encode_run(kdcr,as_rep,"as_rep","",encode_krb5_as_rep);
+        kdcr.msg_type = KRB5_AS_REP;
+        encode_run(kdcr,as_rep,"as_rep","",encode_krb5_as_rep);
 
-	ktest_destroy_pa_data_array(&(kdcr.padata));
-	encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep);
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        encode_run(kdcr,as_rep,"as_rep","(optionals NULL)",encode_krb5_as_rep);
 
-	ktest_empty_kdc_rep(&kdcr);
+        ktest_empty_kdc_rep(&kdcr);
 
     }
 
     /****************************************************************/
     /* encode_krb5_tgs_rep */
     {
-	krb5_kdc_rep kdcr;
-	setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep);
+        krb5_kdc_rep kdcr;
+        setup(kdcr,kdc_rep,"kdc_rep",ktest_make_sample_kdc_rep);
 
 /*    kdcr.msg_type = KRB5_AS_REP;
       test(encode_krb5_tgs_rep(&kdcr,&code) == KRB5_BADMSGTYPE,
       "encode_krb5_tgs_rep type check\n");*/
 
-	kdcr.msg_type = KRB5_TGS_REP;
-	encode_run(kdcr,tgs_rep,"tgs_rep","",encode_krb5_tgs_rep);
+        kdcr.msg_type = KRB5_TGS_REP;
+        encode_run(kdcr,tgs_rep,"tgs_rep","",encode_krb5_tgs_rep);
 
-	ktest_destroy_pa_data_array(&(kdcr.padata));
-	encode_run(kdcr,tgs_rep,"tgs_rep","(optionals NULL)",encode_krb5_tgs_rep);
+        ktest_destroy_pa_data_array(&(kdcr.padata));
+        encode_run(kdcr,tgs_rep,"tgs_rep","(optionals NULL)",encode_krb5_tgs_rep);
 
-	ktest_empty_kdc_rep(&kdcr);
+        ktest_empty_kdc_rep(&kdcr);
 
     }
 
     /****************************************************************/
     /* encode_krb5_ap_req */
     {
-	krb5_ap_req apreq;
-	setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req);
-	encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req);
-	ktest_empty_ap_req(&apreq);
+        krb5_ap_req apreq;
+        setup(apreq,ap_req,"ap_req",ktest_make_sample_ap_req);
+        encode_run(apreq,ap_req,"ap_req","",encode_krb5_ap_req);
+        ktest_empty_ap_req(&apreq);
     }
 
     /****************************************************************/
     /* encode_krb5_ap_rep */
     {
-	krb5_ap_rep aprep;
-	setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep);
-	encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep);
-	ktest_empty_ap_rep(&aprep);
+        krb5_ap_rep aprep;
+        setup(aprep,ap_rep,"ap_rep",ktest_make_sample_ap_rep);
+        encode_run(aprep,ap_rep,"ap_rep","",encode_krb5_ap_rep);
+        ktest_empty_ap_rep(&aprep);
     }
 
     /****************************************************************/
     /* encode_krb5_ap_rep_enc_part */
     {
-	krb5_ap_rep_enc_part apenc;
-	setup(apenc,ap_rep_enc_part,"ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
-	encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","",encode_krb5_ap_rep_enc_part);
+        krb5_ap_rep_enc_part apenc;
+        setup(apenc,ap_rep_enc_part,"ap_rep_enc_part",ktest_make_sample_ap_rep_enc_part);
+        encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","",encode_krb5_ap_rep_enc_part);
 
-	ktest_destroy_keyblock(&(apenc.subkey));
-	apenc.seq_number = 0;
-	encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part);
-	ktest_empty_ap_rep_enc_part(&apenc);
+        ktest_destroy_keyblock(&(apenc.subkey));
+        apenc.seq_number = 0;
+        encode_run(apenc,ap_rep_enc_part,"ap_rep_enc_part","(optionals NULL)",encode_krb5_ap_rep_enc_part);
+        ktest_empty_ap_rep_enc_part(&apenc);
     }
 
     /****************************************************************/
     /* encode_krb5_as_req */
     {
-	krb5_kdc_req asreq;
-	setup(asreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req);
-	asreq.msg_type = KRB5_AS_REQ;
-	asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	encode_run(asreq,as_req,"as_req","",encode_krb5_as_req);
+        krb5_kdc_req asreq;
+        setup(asreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req);
+        asreq.msg_type = KRB5_AS_REQ;
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(asreq,as_req,"as_req","",encode_krb5_as_req);
 
-	ktest_destroy_pa_data_array(&(asreq.padata));
-	ktest_destroy_principal(&(asreq.client));
+        ktest_destroy_pa_data_array(&(asreq.padata));
+        ktest_destroy_principal(&(asreq.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(asreq.server));
+        ktest_destroy_principal(&(asreq.server));
 #endif
-	asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	asreq.from = 0;
-	asreq.rtime = 0;
-	ktest_destroy_addresses(&(asreq.addresses));
-	ktest_destroy_enc_data(&(asreq.authorization_data));
-	encode_run(asreq,as_req,"as_req","(optionals NULL except second_ticket)",encode_krb5_as_req);
-	ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
+        asreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        asreq.from = 0;
+        asreq.rtime = 0;
+        ktest_destroy_addresses(&(asreq.addresses));
+        ktest_destroy_enc_data(&(asreq.authorization_data));
+        encode_run(asreq,as_req,"as_req","(optionals NULL except second_ticket)",encode_krb5_as_req);
+        ktest_destroy_sequence_of_ticket(&(asreq.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(asreq.server));
+        ktest_make_sample_principal(&(asreq.server));
 #endif
-	asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req);
-	ktest_empty_kdc_req(&asreq);
+        asreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(asreq,as_req,"as_req","(optionals NULL except server)",encode_krb5_as_req);
+        ktest_empty_kdc_req(&asreq);
     }
 
     /****************************************************************/
     /* encode_krb5_tgs_req */
     {
-	krb5_kdc_req tgsreq;
-	setup(tgsreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req);
-	tgsreq.msg_type = KRB5_TGS_REQ;
-	tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	encode_run(tgsreq,tgs_req,"tgs_req","",encode_krb5_tgs_req);
+        krb5_kdc_req tgsreq;
+        setup(tgsreq,kdc_req,"kdc_req",ktest_make_sample_kdc_req);
+        tgsreq.msg_type = KRB5_TGS_REQ;
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(tgsreq,tgs_req,"tgs_req","",encode_krb5_tgs_req);
 
-	ktest_destroy_pa_data_array(&(tgsreq.padata));
-	ktest_destroy_principal(&(tgsreq.client));
+        ktest_destroy_pa_data_array(&(tgsreq.padata));
+        ktest_destroy_principal(&(tgsreq.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(tgsreq.server));
+        ktest_destroy_principal(&(tgsreq.server));
 #endif
-	tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	tgsreq.from = 0;
-	tgsreq.rtime = 0;
-	ktest_destroy_addresses(&(tgsreq.addresses));
-	ktest_destroy_enc_data(&(tgsreq.authorization_data));
-	encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except second_ticket)",encode_krb5_tgs_req);
-
-	ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
+        tgsreq.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        tgsreq.from = 0;
+        tgsreq.rtime = 0;
+        ktest_destroy_addresses(&(tgsreq.addresses));
+        ktest_destroy_enc_data(&(tgsreq.authorization_data));
+        encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except second_ticket)",encode_krb5_tgs_req);
+
+        ktest_destroy_sequence_of_ticket(&(tgsreq.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(tgsreq.server));
+        ktest_make_sample_principal(&(tgsreq.server));
 #endif
-	tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except server)",encode_krb5_tgs_req);
+        tgsreq.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        encode_run(tgsreq,tgs_req,"tgs_req","(optionals NULL except server)",encode_krb5_tgs_req);
 
-	ktest_empty_kdc_req(&tgsreq);
+        ktest_empty_kdc_req(&tgsreq);
     }
 
     /****************************************************************/
     /* encode_krb5_kdc_req_body */
     {
-	krb5_kdc_req kdcrb;
-	memset(&kdcrb, 0, sizeof(kdcrb));
-	setup(kdcrb,kdc_req_body,"kdc_req_body",ktest_make_sample_kdc_req_body);
-	kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	current_appl_type = 1007;	/* Force interpretation as kdc-req-body */
-	encode_run(kdcrb,kdc_req_body,"kdc_req_body","",encode_krb5_kdc_req_body);
+        krb5_kdc_req kdcrb;
+        memset(&kdcrb, 0, sizeof(kdcrb));
+        setup(kdcrb,kdc_req_body,"kdc_req_body",ktest_make_sample_kdc_req_body);
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb,kdc_req_body,"kdc_req_body","",encode_krb5_kdc_req_body);
 
-	ktest_destroy_principal(&(kdcrb.client));
+        ktest_destroy_principal(&(kdcrb.client));
 #ifndef ISODE_SUCKS
-	ktest_destroy_principal(&(kdcrb.server));
+        ktest_destroy_principal(&(kdcrb.server));
 #endif
-	kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
-	kdcrb.from = 0;
-	kdcrb.rtime = 0;
-	ktest_destroy_addresses(&(kdcrb.addresses));
-	ktest_destroy_enc_data(&(kdcrb.authorization_data));
-	current_appl_type = 1007;	/* Force interpretation as kdc-req-body */
-	encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except second_ticket)",encode_krb5_kdc_req_body);
-
-	ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
+        kdcrb.kdc_options |= KDC_OPT_ENC_TKT_IN_SKEY;
+        kdcrb.from = 0;
+        kdcrb.rtime = 0;
+        ktest_destroy_addresses(&(kdcrb.addresses));
+        ktest_destroy_enc_data(&(kdcrb.authorization_data));
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except second_ticket)",encode_krb5_kdc_req_body);
+
+        ktest_destroy_sequence_of_ticket(&(kdcrb.second_ticket));
 #ifndef ISODE_SUCKS
-	ktest_make_sample_principal(&(kdcrb.server));
+        ktest_make_sample_principal(&(kdcrb.server));
 #endif
-	kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
-	current_appl_type = 1007;	/* Force interpretation as kdc-req-body */
-	encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except server)",encode_krb5_kdc_req_body);
+        kdcrb.kdc_options &= ~KDC_OPT_ENC_TKT_IN_SKEY;
+        current_appl_type = 1007;       /* Force interpretation as kdc-req-body */
+        encode_run(kdcrb,kdc_req_body,"kdc_req_body","(optionals NULL except server)",encode_krb5_kdc_req_body);
 
-	ktest_empty_kdc_req(&kdcrb);
+        ktest_empty_kdc_req(&kdcrb);
     }
 
     /****************************************************************/
     /* encode_krb5_safe */
     {
-	krb5_safe s;
-	setup(s,safe,"safe",ktest_make_sample_safe);
-	encode_run(s,safe,"safe","",encode_krb5_safe);
+        krb5_safe s;
+        setup(s,safe,"safe",ktest_make_sample_safe);
+        encode_run(s,safe,"safe","",encode_krb5_safe);
 
-	s.timestamp = 0;
-	/* s.usec should be opted out by the timestamp */
-	s.seq_number = 0;
-	ktest_destroy_address(&(s.r_address));
-	encode_run(s,safe,"safe","(optionals NULL)",encode_krb5_safe);
+        s.timestamp = 0;
+        /* s.usec should be opted out by the timestamp */
+        s.seq_number = 0;
+        ktest_destroy_address(&(s.r_address));
+        encode_run(s,safe,"safe","(optionals NULL)",encode_krb5_safe);
 
-	ktest_empty_safe(&s);
+        ktest_empty_safe(&s);
     }
 
     /****************************************************************/
     /* encode_krb5_priv */
     {
-	krb5_priv p;
-	setup(p,priv,"priv",ktest_make_sample_priv);
-	encode_run(p,priv,"priv","",encode_krb5_priv);
-	ktest_empty_priv(&p);
+        krb5_priv p;
+        setup(p,priv,"priv",ktest_make_sample_priv);
+        encode_run(p,priv,"priv","",encode_krb5_priv);
+        ktest_empty_priv(&p);
     }
 
     /****************************************************************/
     /* encode_krb5_enc_priv_part */
     {
-	krb5_priv_enc_part ep;
-	setup(ep,priv_enc_part,"priv_enc_part",ktest_make_sample_priv_enc_part);
-	encode_run(ep,enc_priv_part,"enc_priv_part","",encode_krb5_enc_priv_part);
+        krb5_priv_enc_part ep;
+        setup(ep,priv_enc_part,"priv_enc_part",ktest_make_sample_priv_enc_part);
+        encode_run(ep,enc_priv_part,"enc_priv_part","",encode_krb5_enc_priv_part);
 
-	ep.timestamp = 0;
-	/* ep.usec should be opted out along with timestamp */
-	ep.seq_number = 0;
-	ktest_destroy_address(&(ep.r_address));
-	encode_run(ep,enc_priv_part,"enc_priv_part","(optionals NULL)",encode_krb5_enc_priv_part);
+        ep.timestamp = 0;
+        /* ep.usec should be opted out along with timestamp */
+        ep.seq_number = 0;
+        ktest_destroy_address(&(ep.r_address));
+        encode_run(ep,enc_priv_part,"enc_priv_part","(optionals NULL)",encode_krb5_enc_priv_part);
 
-	ktest_empty_priv_enc_part(&ep);
+        ktest_empty_priv_enc_part(&ep);
     }
 
     /****************************************************************/
     /* encode_krb5_cred */
     {
-	krb5_cred c;
-	setup(c,cred,"cred",ktest_make_sample_cred);
-	encode_run(c,cred,"cred","",encode_krb5_cred);
-	ktest_empty_cred(&c);
+        krb5_cred c;
+        setup(c,cred,"cred",ktest_make_sample_cred);
+        encode_run(c,cred,"cred","",encode_krb5_cred);
+        ktest_empty_cred(&c);
     }
 
     /****************************************************************/
     /* encode_krb5_enc_cred_part */
     {
-	krb5_cred_enc_part cep;
-	setup(cep,cred_enc_part,"cred_enc_part",ktest_make_sample_cred_enc_part);
-	encode_run(cep,enc_cred_part,"enc_cred_part","",encode_krb5_enc_cred_part);
+        krb5_cred_enc_part cep;
+        setup(cep,cred_enc_part,"cred_enc_part",ktest_make_sample_cred_enc_part);
+        encode_run(cep,enc_cred_part,"enc_cred_part","",encode_krb5_enc_cred_part);
 
-	ktest_destroy_principal(&(cep.ticket_info[0]->client));
-	ktest_destroy_principal(&(cep.ticket_info[0]->server));
-	cep.ticket_info[0]->flags = 0;
-	cep.ticket_info[0]->times.authtime = 0;
-	cep.ticket_info[0]->times.starttime = 0;
-	cep.ticket_info[0]->times.endtime = 0;
-	cep.ticket_info[0]->times.renew_till = 0;
-	ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
-	cep.nonce = 0;
-	cep.timestamp = 0;
-	ktest_destroy_address(&(cep.s_address));
-	ktest_destroy_address(&(cep.r_address));
-	encode_run(cep,enc_cred_part,"enc_cred_part","(optionals NULL)",encode_krb5_enc_cred_part);
+        ktest_destroy_principal(&(cep.ticket_info[0]->client));
+        ktest_destroy_principal(&(cep.ticket_info[0]->server));
+        cep.ticket_info[0]->flags = 0;
+        cep.ticket_info[0]->times.authtime = 0;
+        cep.ticket_info[0]->times.starttime = 0;
+        cep.ticket_info[0]->times.endtime = 0;
+        cep.ticket_info[0]->times.renew_till = 0;
+        ktest_destroy_addresses(&(cep.ticket_info[0]->caddrs));
+        cep.nonce = 0;
+        cep.timestamp = 0;
+        ktest_destroy_address(&(cep.s_address));
+        ktest_destroy_address(&(cep.r_address));
+        encode_run(cep,enc_cred_part,"enc_cred_part","(optionals NULL)",encode_krb5_enc_cred_part);
 
-	ktest_empty_cred_enc_part(&cep);
+        ktest_empty_cred_enc_part(&cep);
     }
 
     /****************************************************************/
     /* encode_krb5_error */
     {
-	krb5_error kerr;
-	setup(kerr,error,"error",ktest_make_sample_error);
-	encode_run(kerr,error,"error","",encode_krb5_error);
+        krb5_error kerr;
+        setup(kerr,error,"error",ktest_make_sample_error);
+        encode_run(kerr,error,"error","",encode_krb5_error);
 
-	kerr.ctime = 0;
-	ktest_destroy_principal(&(kerr.client));
-	ktest_empty_data(&(kerr.text));
-	ktest_empty_data(&(kerr.e_data));
-	encode_run(kerr,error,"error","(optionals NULL)",encode_krb5_error);
+        kerr.ctime = 0;
+        ktest_destroy_principal(&(kerr.client));
+        ktest_empty_data(&(kerr.text));
+        ktest_empty_data(&(kerr.e_data));
+        encode_run(kerr,error,"error","(optionals NULL)",encode_krb5_error);
 
-	ktest_empty_error(&kerr);
+        ktest_empty_error(&kerr);
     }
 
     /****************************************************************/
     /* encode_krb5_authdata */
     {
-	krb5_authdata **ad;
-	setup(ad,authorization_data,"authorization_data",ktest_make_sample_authorization_data);
+        krb5_authdata **ad;
+        setup(ad,authorization_data,"authorization_data",ktest_make_sample_authorization_data);
 
-	retval = encode_krb5_authdata(ad,&(code));
-	if (retval) {
-	    com_err("encoding authorization_data",retval,"");
-	    exit(1);
-	}
-	current_appl_type = 1004;	/* Force type to be authdata */
-	encoder_print_results(code, "authorization_data", "");
+        retval = encode_krb5_authdata(ad,&(code));
+        if (retval) {
+            com_err("encoding authorization_data",retval,"");
+            exit(1);
+        }
+        current_appl_type = 1004;       /* Force type to be authdata */
+        encoder_print_results(code, "authorization_data", "");
 
-	ktest_destroy_authorization_data(&ad);
+        ktest_destroy_authorization_data(&ad);
     }
 
     /****************************************************************/
     /* encode_pwd_sequence */
     {
-	passwd_phrase_element ppe;
-	setup(ppe,passwd_phrase_element,"PasswdSequence",ktest_make_sample_passwd_phrase_element);
-	encode_run(ppe,passwd_phrase_element,"pwd_sequence","",encode_krb5_pwd_sequence);
-	ktest_empty_passwd_phrase_element(&ppe);
+        passwd_phrase_element ppe;
+        setup(ppe,passwd_phrase_element,"PasswdSequence",ktest_make_sample_passwd_phrase_element);
+        encode_run(ppe,passwd_phrase_element,"pwd_sequence","",encode_krb5_pwd_sequence);
+        ktest_empty_passwd_phrase_element(&ppe);
     }
 
     /****************************************************************/
     /* encode_passwd_data */
     {
-	krb5_pwd_data pd;
-	setup(pd,krb5_pwd_data,"PasswdData",ktest_make_sample_krb5_pwd_data);
-	encode_run(pd,krb5_pwd_data,"pwd_data","",encode_krb5_pwd_data);
-	ktest_empty_pwd_data(&pd);
+        krb5_pwd_data pd;
+        setup(pd,krb5_pwd_data,"PasswdData",ktest_make_sample_krb5_pwd_data);
+        encode_run(pd,krb5_pwd_data,"pwd_data","",encode_krb5_pwd_data);
+        ktest_empty_pwd_data(&pd);
     }
 
     /****************************************************************/
     /* encode_padata_sequence */
     {
-	krb5_pa_data **pa;
+        krb5_pa_data **pa;
 
-	setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array);
-	retval = encode_krb5_padata_sequence(pa,&(code));
-	if (retval) {
-	    com_err("encoding padata_sequence",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "padata_sequence", "");
+        setup(pa,krb5_pa_data,"PreauthData",ktest_make_sample_pa_data_array);
+        retval = encode_krb5_padata_sequence(pa,&(code));
+        if (retval) {
+            com_err("encoding padata_sequence",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "padata_sequence", "");
 
-	ktest_destroy_pa_data_array(&pa);
+        ktest_destroy_pa_data_array(&pa);
     }
 
     /****************************************************************/
     /* encode_padata_sequence (empty) */
     {
-	krb5_pa_data **pa;
+        krb5_pa_data **pa;
 
-	setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array);
-	retval = encode_krb5_padata_sequence(pa,&(code));
-	if (retval) {
-	    com_err("encoding padata_sequence(empty)",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "padata_sequence(empty)", "");
+        setup(pa,krb5_pa_data,"EmptyPreauthData",ktest_make_sample_empty_pa_data_array);
+        retval = encode_krb5_padata_sequence(pa,&(code));
+        if (retval) {
+            com_err("encoding padata_sequence(empty)",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "padata_sequence(empty)", "");
 
-	ktest_destroy_pa_data_array(&pa);
+        ktest_destroy_pa_data_array(&pa);
     }
 
     /****************************************************************/
     /* encode_alt_method */
     {
-	krb5_alt_method am;
-	setup(am,krb5_alt_method,"AltMethod",ktest_make_sample_alt_method);
-	encode_run(am,krb5_alt_method,"alt_method","",encode_krb5_alt_method);
-	am.length = 0;
-	if (am.data)
-	    free(am.data);
-	am.data = 0;
-	encode_run(am,krb5_alt_method,"alt_method (no data)","",
-		   encode_krb5_alt_method);
-	ktest_empty_alt_method(&am);
+        krb5_alt_method am;
+        setup(am,krb5_alt_method,"AltMethod",ktest_make_sample_alt_method);
+        encode_run(am,krb5_alt_method,"alt_method","",encode_krb5_alt_method);
+        am.length = 0;
+        if (am.data)
+            free(am.data);
+        am.data = 0;
+        encode_run(am,krb5_alt_method,"alt_method (no data)","",
+                   encode_krb5_alt_method);
+        ktest_empty_alt_method(&am);
     }
 
     /****************************************************************/
     /* encode_etype_info */
     {
-	krb5_etype_info_entry **info;
+        krb5_etype_info_entry **info;
 
-	setup(info,krb5_etype_info_entry **,"etype_info",
-	      ktest_make_sample_etype_info);
-	retval = encode_krb5_etype_info(info,&(code));
-	if (retval) {
-	    com_err("encoding etype_info",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "etype_info", "");
-	ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
-	ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+        setup(info,krb5_etype_info_entry **,"etype_info",
+              ktest_make_sample_etype_info);
+        retval = encode_krb5_etype_info(info,&(code));
+        if (retval) {
+            com_err("encoding etype_info",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "etype_info", "");
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
 
-	retval = encode_krb5_etype_info(info,&(code));
-	if (retval) {
-	    com_err("encoding etype_info (only 1)",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "etype_info (only 1)", "");
+        retval = encode_krb5_etype_info(info,&(code));
+        if (retval) {
+            com_err("encoding etype_info (only 1)",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "etype_info (only 1)", "");
 
-	ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
+        ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;
 
-	retval = encode_krb5_etype_info(info,&(code));
-	if (retval) {
-	    com_err("encoding etype_info (no info)",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "etype_info (no info)", "");
+        retval = encode_krb5_etype_info(info,&(code));
+        if (retval) {
+            com_err("encoding etype_info (no info)",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "etype_info (no info)", "");
 
-	ktest_destroy_etype_info(info);
+        ktest_destroy_etype_info(info);
     }
 
     /* encode_etype_info 2*/
     {
-	krb5_etype_info_entry **info;
-
-	setup(info,krb5_etype_info_entry **,"etype_info2",
-	      ktest_make_sample_etype_info2);
-	retval = encode_krb5_etype_info2(info,&(code));
-	if (retval) {
-	    com_err("encoding etype_info",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "etype_info2", "");
-	ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
-	ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
-
-	retval = encode_krb5_etype_info2(info,&(code));
-	if (retval) {
-	    com_err("encoding etype_info (only 1)",retval,"");
-	    exit(1);
-	}
-	encoder_print_results(code, "etype_info2 (only 1)", "");
-
-	ktest_destroy_etype_info(info);
+        krb5_etype_info_entry **info;
+
+        setup(info,krb5_etype_info_entry **,"etype_info2",
+              ktest_make_sample_etype_info2);
+        retval = encode_krb5_etype_info2(info,&(code));
+        if (retval) {
+            com_err("encoding etype_info",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "etype_info2", "");
+        ktest_destroy_etype_info_entry(info[2]);      info[2] = 0;
+        ktest_destroy_etype_info_entry(info[1]);      info[1] = 0;
+
+        retval = encode_krb5_etype_info2(info,&(code));
+        if (retval) {
+            com_err("encoding etype_info (only 1)",retval,"");
+            exit(1);
+        }
+        encoder_print_results(code, "etype_info2 (only 1)", "");
+
+        ktest_destroy_etype_info(info);
 /*    ktest_destroy_etype_info_entry(info[0]);      info[0] = 0;*/
 
     }
@@ -608,146 +609,146 @@ main(argc, argv)
     /****************************************************************/
     /* encode_pa_enc_ts */
     {
-	krb5_pa_enc_ts pa_enc;
-	setup(pa_enc,krb5_pa_enc_ts,"pa_enc_ts",ktest_make_sample_pa_enc_ts);
-	encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts","",encode_krb5_pa_enc_ts);
-	pa_enc.pausec = 0;
-	encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts (no usec)","",encode_krb5_pa_enc_ts);
+        krb5_pa_enc_ts pa_enc;
+        setup(pa_enc,krb5_pa_enc_ts,"pa_enc_ts",ktest_make_sample_pa_enc_ts);
+        encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts","",encode_krb5_pa_enc_ts);
+        pa_enc.pausec = 0;
+        encode_run(pa_enc,krb5_pa_enc_ts,"pa_enc_ts (no usec)","",encode_krb5_pa_enc_ts);
     }
 
     /****************************************************************/
     /* encode_enc_data */
     {
-	krb5_enc_data enc_data;
-	setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data);
-	current_appl_type = 1001;
-	encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data);
-	ktest_destroy_enc_data(&enc_data);
+        krb5_enc_data enc_data;
+        setup(enc_data,krb5_enc_data,"enc_data",ktest_make_sample_enc_data);
+        current_appl_type = 1001;
+        encode_run(enc_data,krb5_enc_data,"enc_data","",encode_krb5_enc_data);
+        ktest_destroy_enc_data(&enc_data);
     }
     /****************************************************************/
     /* encode_krb5_sam_challenge */
     {
-	krb5_sam_challenge sam_ch;
-	setup(sam_ch,krb5_sam_challenge,"sam_challenge",
-	      ktest_make_sample_sam_challenge);
-	encode_run(sam_ch,krb5_sam_challenge,"sam_challenge","",
-		   encode_krb5_sam_challenge);
-	ktest_empty_sam_challenge(&sam_ch);
+        krb5_sam_challenge sam_ch;
+        setup(sam_ch,krb5_sam_challenge,"sam_challenge",
+              ktest_make_sample_sam_challenge);
+        encode_run(sam_ch,krb5_sam_challenge,"sam_challenge","",
+                   encode_krb5_sam_challenge);
+        ktest_empty_sam_challenge(&sam_ch);
     }
     /****************************************************************/
     /* encode_krb5_sam_response */
     {
-	krb5_sam_response sam_ch;
-	setup(sam_ch,krb5_sam_response,"sam_response",
-	      ktest_make_sample_sam_response);
-	encode_run(sam_ch,krb5_sam_response,"sam_response","",
-		   encode_krb5_sam_response);
-	ktest_empty_sam_response(&sam_ch);
+        krb5_sam_response sam_ch;
+        setup(sam_ch,krb5_sam_response,"sam_response",
+              ktest_make_sample_sam_response);
+        encode_run(sam_ch,krb5_sam_response,"sam_response","",
+                   encode_krb5_sam_response);
+        ktest_empty_sam_response(&sam_ch);
     }
     /****************************************************************/
     /* encode_krb5_sam_key */
     {
-	krb5_sam_key sam_ch;
-	setup(sam_ch,krb5_sam_key,"sam_key",
-	      ktest_make_sample_sam_key);
-	encode_run(sam_ch,krb5_sam_key,"sam_key","",
-		   encode_krb5_sam_key);
-	ktest_empty_sam_key(&sam_ch);
+        krb5_sam_key sam_ch;
+        setup(sam_ch,krb5_sam_key,"sam_key",
+              ktest_make_sample_sam_key);
+        encode_run(sam_ch,krb5_sam_key,"sam_key","",
+                   encode_krb5_sam_key);
+        ktest_empty_sam_key(&sam_ch);
     }
     /****************************************************************/
     /* encode_krb5_enc_sam_response_enc */
     {
-	krb5_enc_sam_response_enc sam_ch;
-	setup(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc",
-	      ktest_make_sample_enc_sam_response_enc);
-	encode_run(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc","",
-		   encode_krb5_enc_sam_response_enc);
-	ktest_empty_enc_sam_response_enc(&sam_ch);
+        krb5_enc_sam_response_enc sam_ch;
+        setup(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc",
+              ktest_make_sample_enc_sam_response_enc);
+        encode_run(sam_ch,krb5_enc_sam_response_enc,"enc_sam_response_enc","",
+                   encode_krb5_enc_sam_response_enc);
+        ktest_empty_enc_sam_response_enc(&sam_ch);
     }
     /****************************************************************/
     /* encode_krb5_predicted_sam_response */
     {
-	krb5_predicted_sam_response sam_ch;
-	setup(sam_ch,krb5_predicted_sam_response,"predicted_sam_response",
-	      ktest_make_sample_predicted_sam_response);
-	encode_run(sam_ch,krb5_predicted_sam_response,"predicted_sam_response","",
-		   encode_krb5_predicted_sam_response);
-	ktest_empty_predicted_sam_response(&sam_ch);
+        krb5_predicted_sam_response sam_ch;
+        setup(sam_ch,krb5_predicted_sam_response,"predicted_sam_response",
+              ktest_make_sample_predicted_sam_response);
+        encode_run(sam_ch,krb5_predicted_sam_response,"predicted_sam_response","",
+                   encode_krb5_predicted_sam_response);
+        ktest_empty_predicted_sam_response(&sam_ch);
     }
-  /****************************************************************/
-  /* encode_krb5_sam_response_2 */
+    /****************************************************************/
+    /* encode_krb5_sam_response_2 */
     {
-	krb5_sam_response_2 sam_ch2;
-	setup(sam_ch2,krb5_sam_response_2,"sam_response_2",
-	      ktest_make_sample_sam_response_2);
-	encode_run(sam_ch2,krb5_sam_response_2,"sam_response_2","",
-		   acc.encode_krb5_sam_response_2);
-	ktest_empty_sam_response_2(&sam_ch2);
+        krb5_sam_response_2 sam_ch2;
+        setup(sam_ch2,krb5_sam_response_2,"sam_response_2",
+              ktest_make_sample_sam_response_2);
+        encode_run(sam_ch2,krb5_sam_response_2,"sam_response_2","",
+                   acc.encode_krb5_sam_response_2);
+        ktest_empty_sam_response_2(&sam_ch2);
     }
     /****************************************************************/
     /* encode_krb5_sam_response_enc_2 */
     {
-	krb5_enc_sam_response_enc_2 sam_ch2;
-	setup(sam_ch2,krb5_enc_sam_response_enc_2,"enc_sam_response_enc_2",
-	      ktest_make_sample_enc_sam_response_enc_2);
-	encode_run(sam_ch2,krb5_enc_sam_response_enc_2,
-		   "enc_sam_response_enc_2","",
-		   acc.encode_krb5_enc_sam_response_enc_2);
-	ktest_empty_enc_sam_response_enc_2(&sam_ch2);
+        krb5_enc_sam_response_enc_2 sam_ch2;
+        setup(sam_ch2,krb5_enc_sam_response_enc_2,"enc_sam_response_enc_2",
+              ktest_make_sample_enc_sam_response_enc_2);
+        encode_run(sam_ch2,krb5_enc_sam_response_enc_2,
+                   "enc_sam_response_enc_2","",
+                   acc.encode_krb5_enc_sam_response_enc_2);
+        ktest_empty_enc_sam_response_enc_2(&sam_ch2);
     }
     /****************************************************************/
     /* encode_krb5_pa_s4u_x509_user */
     {
-	krb5_pa_s4u_x509_user s4u;
-	setup(s4u,krb5_pa_s4u_x509_user,"pa_s4u_x509_user",
-	      ktest_make_sample_pa_s4u_x509_user);
-	encode_run(s4u,krb5_pa_s4u_x509_user,
-		   "pa_s4u_x509_user","",
-		   encode_krb5_pa_s4u_x509_user);
-	ktest_empty_pa_s4u_x509_user(&s4u);
+        krb5_pa_s4u_x509_user s4u;
+        setup(s4u,krb5_pa_s4u_x509_user,"pa_s4u_x509_user",
+              ktest_make_sample_pa_s4u_x509_user);
+        encode_run(s4u,krb5_pa_s4u_x509_user,
+                   "pa_s4u_x509_user","",
+                   encode_krb5_pa_s4u_x509_user);
+        ktest_empty_pa_s4u_x509_user(&s4u);
     }
     /****************************************************************/
     /* encode_krb5_ad_kdcissued */
     {
-	krb5_ad_kdcissued kdci;
-	setup(kdci,krb5_ad_kdcissued,"ad_kdcissued",
-	      ktest_make_sample_ad_kdcissued);
-	encode_run(kdci,krb5_ad_kdcissued,
-		   "ad_kdcissued","",
-		   encode_krb5_ad_kdcissued);
-	ktest_empty_ad_kdcissued(&kdci);
+        krb5_ad_kdcissued kdci;
+        setup(kdci,krb5_ad_kdcissued,"ad_kdcissued",
+              ktest_make_sample_ad_kdcissued);
+        encode_run(kdci,krb5_ad_kdcissued,
+                   "ad_kdcissued","",
+                   encode_krb5_ad_kdcissued);
+        ktest_empty_ad_kdcissued(&kdci);
     }
     /****************************************************************/
     /* encode_krb5_ad_signedpath_data */
     {
-	krb5_ad_signedpath_data spd;
-	setup(spd,krb5_ad_signedpath_data,"ad_signedpath_data",
-	      ktest_make_sample_ad_signedpath_data);
-	encode_run(spd,krb5_ad_signedpath_data,
-		   "ad_signedpath_data","",
-		   encode_krb5_ad_signedpath_data);
-	ktest_empty_ad_signedpath_data(&spd);
+        krb5_ad_signedpath_data spd;
+        setup(spd,krb5_ad_signedpath_data,"ad_signedpath_data",
+              ktest_make_sample_ad_signedpath_data);
+        encode_run(spd,krb5_ad_signedpath_data,
+                   "ad_signedpath_data","",
+                   encode_krb5_ad_signedpath_data);
+        ktest_empty_ad_signedpath_data(&spd);
     }
     /****************************************************************/
     /* encode_krb5_ad_signedpath */
     {
-	krb5_ad_signedpath sp;
-	setup(sp,krb5_ad_signedpath,"ad_signedpath",
-	      ktest_make_sample_ad_signedpath);
-	encode_run(sp,krb5_ad_signedpath,
-		   "ad_signedpath","",
-		   encode_krb5_ad_signedpath);
-	ktest_empty_ad_signedpath(&sp);
+        krb5_ad_signedpath sp;
+        setup(sp,krb5_ad_signedpath,"ad_signedpath",
+              ktest_make_sample_ad_signedpath);
+        encode_run(sp,krb5_ad_signedpath,
+                   "ad_signedpath","",
+                   encode_krb5_ad_signedpath);
+        ktest_empty_ad_signedpath(&sp);
     }
 #ifdef ENABLE_LDAP
     {
-	ldap_seqof_key_data skd;
+        ldap_seqof_key_data skd;
 
-	setup(skd, ldap_seqof_key_data, "ldap_seqof_key_data",
-	      ktest_make_sample_ldap_seqof_key_data);
-	encode_run(skd, ldap_seqof_key_data, "ldap_seqof_key_data", "",
-		   acc.asn1_ldap_encode_sequence_of_keys);
-	ktest_empty_ldap_seqof_key_data(test_context, &skd);
+        setup(skd, ldap_seqof_key_data, "ldap_seqof_key_data",
+              ktest_make_sample_ldap_seqof_key_data);
+        encode_run(skd, ldap_seqof_key_data, "ldap_seqof_key_data", "",
+                   acc.asn1_ldap_encode_sequence_of_keys);
+        ktest_empty_ldap_seqof_key_data(test_context, &skd);
     }
 #endif
 
diff --git a/src/tests/asn.1/ktest.c b/src/tests/asn.1/ktest.c
index 64c4fbd..370b640 100644
--- a/src/tests/asn.1/ktest.c
+++ b/src/tests/asn.1/ktest.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "ktest.h"
 #include "utility.h"
 #include <stdlib.h>
@@ -121,10 +122,10 @@ krb5_error_code ktest_make_sample_addresses(caddrs)
     *caddrs = (krb5_address**)calloc(3,sizeof(krb5_address*));
     if (*caddrs == NULL) return ENOMEM;
     for (i=0; i<2; i++) {
-	(*caddrs)[i] = (krb5_address*)calloc(1,sizeof(krb5_address));
-	if ((*caddrs)[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_address((*caddrs)[i]);
-	if (retval) return retval;
+        (*caddrs)[i] = (krb5_address*)calloc(1,sizeof(krb5_address));
+        if ((*caddrs)[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_address((*caddrs)[i]);
+        if (retval) return retval;
     }
     (*caddrs)[2] = NULL;
     return 0;
@@ -140,10 +141,10 @@ krb5_error_code ktest_make_sample_authorization_data(ad)
     if (*ad == NULL) return ENOMEM;
 
     for (i=0; i<=1; i++) {
-	(*ad)[i] = (krb5_authdata*)calloc(1,sizeof(krb5_authdata));
-	if ((*ad)[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_authdata((*ad)[i]);
-	if (retval) return retval;
+        (*ad)[i] = (krb5_authdata*)calloc(1,sizeof(krb5_authdata));
+        if ((*ad)[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_authdata((*ad)[i]);
+        if (retval) return retval;
     }
     (*ad)[2] = NULL;
 
@@ -155,7 +156,7 @@ krb5_error_code ktest_make_sample_transited(t)
 {
     t->tr_type = 1;
     return krb5_data_parse(&(t->tr_contents),
-			   "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.");
+                           "EDU,MIT.,ATHENA.,WASHINGTON.EDU,CS.");
 }
 
 krb5_error_code ktest_make_sample_ticket_times(tt)
@@ -229,8 +230,8 @@ krb5_error_code ktest_make_sample_last_req(lr)
     *lr = (krb5_last_req_entry**)calloc(3,sizeof(krb5_last_req_entry*));
     if (*lr == NULL) return ENOMEM;
     for (i=0; i<=1; i++) {
-	retval = ktest_make_sample_last_req_entry(&((*lr)[i]));
-	if (retval) return retval;
+        retval = ktest_make_sample_last_req_entry(&((*lr)[i]));
+        if (retval) return retval;
     }
     (*lr)[2] = NULL;
     return 0;
@@ -276,10 +277,10 @@ krb5_error_code ktest_make_sample_pa_data_array(pad)
     if (*pad == NULL) return ENOMEM;
 
     for (i=0; i<=1; i++) {
-	(*pad)[i] = (krb5_pa_data*)calloc(1,sizeof(krb5_pa_data));
-	if ((*pad)[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_pa_data((*pad)[i]);
-	if (retval) return retval;
+        (*pad)[i] = (krb5_pa_data*)calloc(1,sizeof(krb5_pa_data));
+        if ((*pad)[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_pa_data((*pad)[i]);
+        if (retval) return retval;
     }
     (*pad)[2] = NULL;
 
@@ -477,10 +478,10 @@ krb5_error_code ktest_make_sample_sequence_of_ticket(sot)
     *sot = (krb5_ticket**)calloc(3,sizeof(krb5_ticket*));
     if (*sot == NULL) return ENOMEM;
     for (i=0; i<2; i++) {
-	(*sot)[i] = (krb5_ticket*)calloc(1,sizeof(krb5_ticket));
-	if ((*sot)[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_ticket((*sot)[i]);
-	if (retval) return retval;
+        (*sot)[i] = (krb5_ticket*)calloc(1,sizeof(krb5_ticket));
+        if ((*sot)[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_ticket((*sot)[i]);
+        if (retval) return retval;
     }
     (*sot)[2] = NULL;
 
@@ -518,10 +519,10 @@ krb5_error_code ktest_make_sequence_of_cred_info(soci)
     *soci = (krb5_cred_info**)calloc(3,sizeof(krb5_cred_info*));
     if (*soci == NULL) return ENOMEM;
     for (i=0; i<2; i++) {
-	(*soci)[i] = (krb5_cred_info*)calloc(1,sizeof(krb5_cred_info));
-	if ((*soci)[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_cred_info((*soci)[i]);
-	if (retval) return retval;
+        (*soci)[i] = (krb5_cred_info*)calloc(1,sizeof(krb5_cred_info));
+        if ((*soci)[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_cred_info((*soci)[i]);
+        if (retval) return retval;
     }
     (*soci)[2] = NULL;
 
@@ -613,10 +614,10 @@ krb5_error_code ktest_make_sample_krb5_pwd_data(pd)
     if (pd->element == NULL) return ENOMEM;
 
     for (i=0; i<=1; i++) {
-	pd->element[i] = (passwd_phrase_element*)calloc(1,sizeof(passwd_phrase_element));
-	if (pd->element[i] == NULL) return ENOMEM;
-	retval = ktest_make_sample_passwd_phrase_element(pd->element[i]);
-	if (retval) return retval;
+        pd->element[i] = (passwd_phrase_element*)calloc(1,sizeof(passwd_phrase_element));
+        if (pd->element[i] == NULL) return ENOMEM;
+        retval = ktest_make_sample_passwd_phrase_element(pd->element[i]);
+        if (retval) return retval;
     }
     pd->element[2] = NULL;
 
@@ -637,27 +638,27 @@ krb5_error_code ktest_make_sample_etype_info(p)
     krb5_etype_info_entry *** p;
 {
     krb5_etype_info_entry **info;
-    int	i, len;
+    int i, len;
     char *str;
 
     info = malloc(sizeof(krb5_etype_info_entry *) * 4);
     if (!info)
-	return ENOMEM;
+        return ENOMEM;
     memset(info, 0, sizeof(krb5_etype_info_entry *) * 4);
 
     for (i=0; i < 3; i++) {
-	info[i] = malloc(sizeof(krb5_etype_info_entry));
-	if (info[i] == 0)
-	    goto memfail;
-	info[i]->etype = i;
-	len = asprintf(&str, "Morton's #%d", i);
-	if (len < 0)
-	    goto memfail;
-	info[i]->salt = (krb5_octet *) str;
-	info[i]->length = len;
-	info[i]->s2kparams.data = NULL;
-	info[i]->s2kparams.length = 0;
-	info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+        info[i] = malloc(sizeof(krb5_etype_info_entry));
+        if (info[i] == 0)
+            goto memfail;
+        info[i]->etype = i;
+        len = asprintf(&str, "Morton's #%d", i);
+        if (len < 0)
+            goto memfail;
+        info[i]->salt = (krb5_octet *) str;
+        info[i]->length = len;
+        info[i]->s2kparams.data = NULL;
+        info[i]->s2kparams.length = 0;
+        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
     }
     free(info[1]->salt);
     info[1]->length = KRB5_ETYPE_NO_SALT;
@@ -674,29 +675,29 @@ krb5_error_code ktest_make_sample_etype_info2(p)
     krb5_etype_info_entry *** p;
 {
     krb5_etype_info_entry **info;
-    int	i, len;
+    int i, len;
     char *str;
 
     info = malloc(sizeof(krb5_etype_info_entry *) * 4);
     if (!info)
-	return ENOMEM;
+        return ENOMEM;
     memset(info, 0, sizeof(krb5_etype_info_entry *) * 4);
 
     for (i=0; i < 3; i++) {
-	info[i] = malloc(sizeof(krb5_etype_info_entry));
-	if (info[i] == 0)
-	    goto memfail;
-	info[i]->etype = i;
-	len = asprintf(&str, "Morton's #%d", i);
-	if (len < 0)
-	    goto memfail;
-	info[i]->salt = (krb5_octet *) str;
-	info[i]->length = (unsigned int) len;
-	len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i);
-	if (len < 0)
-	    goto memfail;
-	info[i]->s2kparams.length = (unsigned int) len;
-	info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
+        info[i] = malloc(sizeof(krb5_etype_info_entry));
+        if (info[i] == 0)
+            goto memfail;
+        info[i]->etype = i;
+        len = asprintf(&str, "Morton's #%d", i);
+        if (len < 0)
+            goto memfail;
+        info[i]->salt = (krb5_octet *) str;
+        info[i]->length = (unsigned int) len;
+        len = asprintf(&info[i]->s2kparams.data, "s2k: %d", i);
+        if (len < 0)
+            goto memfail;
+        info[i]->s2kparams.length = (unsigned int) len;
+        info[i]->magic = KV5M_ETYPE_INFO_ENTRY;
     }
     free(info[1]->salt);
     info[1]->length = KRB5_ETYPE_NO_SALT;
@@ -766,7 +767,7 @@ krb5_error_code ktest_make_sample_sam_response(p)
     p->sam_enc_nonce_or_ts.ciphertext.data = strdup("nonce or ts");
     if (p->sam_enc_nonce_or_ts.ciphertext.data == NULL) return ENOMEM;
     p->sam_enc_nonce_or_ts.ciphertext.length =
-	strlen(p->sam_enc_nonce_or_ts.ciphertext.data);
+        strlen(p->sam_enc_nonce_or_ts.ciphertext.data);
     p->sam_enc_nonce_or_ts.enctype = ENCTYPE_DES_CBC_CRC;
     p->sam_enc_nonce_or_ts.kvno = 3382;
     p->sam_nonce = 0x543210;
@@ -786,7 +787,7 @@ krb5_error_code ktest_make_sample_sam_response_2(p)
     p->sam_enc_nonce_or_sad.ciphertext.data = strdup("nonce or sad");
     if (p->sam_enc_nonce_or_sad.ciphertext.data == NULL) return ENOMEM;
     p->sam_enc_nonce_or_sad.ciphertext.length =
-	strlen(p->sam_enc_nonce_or_sad.ciphertext.data);
+        strlen(p->sam_enc_nonce_or_sad.ciphertext.data);
     p->sam_enc_nonce_or_sad.enctype = ENCTYPE_DES_CBC_CRC;
     p->sam_enc_nonce_or_sad.kvno = 3382;
     p->sam_nonce = 0x543210;
@@ -907,7 +908,7 @@ static krb5_error_code ktest_make_sample_key_data(krb5_key_data *p, int i)
     p->key_data_length[1] = (unsigned int) len;
     p->key_data_contents[1] = (krb5_octet *) str;
     if (p->key_data_contents[0] == NULL || p->key_data_contents[1] == NULL)
-	return ENOMEM;
+        return ENOMEM;
     return 0;
 }
 
@@ -919,9 +920,9 @@ krb5_error_code ktest_make_sample_ldap_seqof_key_data(p)
     p->n_key_data = 3;
     p->key_data = calloc(3,sizeof(krb5_key_data));
     for (i = 0; i < 3; i++) {
-	krb5_error_code ret;
-	ret = ktest_make_sample_key_data(&p->key_data[i], i);
-	if (ret) return ret;
+        krb5_error_code ret;
+        ret = ktest_make_sample_key_data(&p->key_data[i], i);
+        if (ret) return ret;
     }
     return 0;
 }
@@ -953,9 +954,9 @@ void ktest_destroy_data(d)
     krb5_data ** d;
 {
     if (*d != NULL) {
-	if ((*d)->data != NULL) free((*d)->data);
-	free(*d);
-	*d = NULL;
+        if ((*d)->data != NULL) free((*d)->data);
+        free(*d);
+        *d = NULL;
     }
 }
 
@@ -963,9 +964,9 @@ void ktest_empty_data(d)
     krb5_data * d;
 {
     if (d->data != NULL) {
-	free(d->data);
-	d->data = NULL;
-	d->length = 0;
+        free(d->data);
+        d->data = NULL;
+        d->length = 0;
     }
 }
 
@@ -973,9 +974,9 @@ void ktest_destroy_checksum(cs)
     krb5_checksum ** cs;
 {
     if (*cs != NULL) {
-	if ((*cs)->contents != NULL) free((*cs)->contents);
-	free(*cs);
-	*cs = NULL;
+        if ((*cs)->contents != NULL) free((*cs)->contents);
+        free(*cs);
+        *cs = NULL;
     }
 }
 
@@ -983,10 +984,10 @@ void ktest_empty_keyblock(kb)
     krb5_keyblock * kb;
 {
     if (kb != NULL) {
-	if (kb->contents) {
-	    free (kb->contents);
-	    kb->contents = NULL;
-	}
+        if (kb->contents) {
+            free (kb->contents);
+            kb->contents = NULL;
+        }
     }
 }
 
@@ -994,9 +995,9 @@ void ktest_destroy_keyblock(kb)
     krb5_keyblock ** kb;
 {
     if (*kb != NULL) {
-	if ((*kb)->contents != NULL) free((*kb)->contents);
-	free(*kb);
-	*kb = NULL;
+        if ((*kb)->contents != NULL) free((*kb)->contents);
+        free(*kb);
+        *kb = NULL;
     }
 }
 
@@ -1006,8 +1007,8 @@ void ktest_empty_authorization_data(ad)
     int i;
 
     if (*ad != NULL) {
-	for (i=0; ad[i] != NULL; i++)
-	    ktest_destroy_authdata(&(ad[i]));
+        for (i=0; ad[i] != NULL; i++)
+            ktest_destroy_authdata(&(ad[i]));
     }
 }
 
@@ -1023,9 +1024,9 @@ void ktest_destroy_authdata(ad)
     krb5_authdata ** ad;
 {
     if (*ad != NULL) {
-	if ((*ad)->contents != NULL) free((*ad)->contents);
-	free(*ad);
-	*ad = NULL;
+        if ((*ad)->contents != NULL) free((*ad)->contents);
+        free(*ad);
+        *ad = NULL;
     }
 }
 
@@ -1035,7 +1036,7 @@ void ktest_empty_pa_data_array(pad)
     int i;
 
     for (i=0; pad[i] != NULL; i++)
-	ktest_destroy_pa_data(&(pad[i]));
+        ktest_destroy_pa_data(&(pad[i]));
 }
 
 void ktest_destroy_pa_data_array(pad)
@@ -1050,9 +1051,9 @@ void ktest_destroy_pa_data(pad)
     krb5_pa_data ** pad;
 {
     if (*pad != NULL) {
-	if ((*pad)->contents != NULL) free((*pad)->contents);
-	free(*pad);
-	*pad = NULL;
+        if ((*pad)->contents != NULL) free((*pad)->contents);
+        free(*pad);
+        *pad = NULL;
     }
 }
 
@@ -1061,9 +1062,9 @@ void ktest_destroy_address(a)
     krb5_address ** a;
 {
     if (*a != NULL) {
-	if ((*a)->contents != NULL) free((*a)->contents);
-	free(*a);
-	*a = NULL;
+        if ((*a)->contents != NULL) free((*a)->contents);
+        free(*a);
+        *a = NULL;
     }
 }
 
@@ -1073,7 +1074,7 @@ void ktest_empty_addresses(a)
     int i;
 
     for (i=0; a[i] != NULL; i++)
-	ktest_destroy_address(&(a[i]));
+        ktest_destroy_address(&(a[i]));
 }
 
 void ktest_destroy_addresses(a)
@@ -1090,7 +1091,7 @@ void ktest_destroy_principal(p)
     int i;
 
     for (i=0; i<(*p)->length; i++)
-	ktest_empty_data(&(((*p)->data)[i]));
+        ktest_empty_data(&(((*p)->data)[i]));
     ktest_empty_data(&((*p)->realm));
     free((*p)->data);
     free(*p);
@@ -1119,7 +1120,7 @@ void ktest_destroy_sequence_of_ticket(sot)
     int i;
 
     for (i=0; (*sot)[i] != NULL; i++)
-	ktest_destroy_ticket(&((*sot)[i]));
+        ktest_destroy_ticket(&((*sot)[i]));
     free(*sot);
     *sot = NULL;
 }
@@ -1138,10 +1139,10 @@ void ktest_empty_ticket(tkt)
     krb5_ticket * tkt;
 {
     if (tkt->server)
-	ktest_destroy_principal(&((tkt)->server));
+        ktest_destroy_principal(&((tkt)->server));
     ktest_destroy_enc_data(&((tkt)->enc_part));
     if (tkt->enc_part2) {
-	ktest_destroy_enc_tkt_part(&(tkt->enc_part2));
+        ktest_destroy_enc_tkt_part(&(tkt->enc_part2));
     }
 }
 
@@ -1156,7 +1157,7 @@ void ktest_destroy_etype_info_entry(i)
     krb5_etype_info_entry *i;
 {
     if (i->salt)
-	free(i->salt);
+        free(i->salt);
     ktest_empty_data(&(i->s2kparams));
     free(i);
 }
@@ -1167,7 +1168,7 @@ void ktest_destroy_etype_info(info)
     int i;
 
     for (i=0; info[i] != NULL; i++)
-	ktest_destroy_etype_info_entry(info[i]);
+        ktest_destroy_etype_info_entry(info[i]);
     free(info);
 }
 
@@ -1176,22 +1177,22 @@ void ktest_empty_kdc_req(kr)
     krb5_kdc_req *kr;
 {
     if (kr->padata)
-	ktest_destroy_pa_data_array(&(kr->padata));
+        ktest_destroy_pa_data_array(&(kr->padata));
 
     if (kr->client)
-	ktest_destroy_principal(&(kr->client));
+        ktest_destroy_principal(&(kr->client));
 
     if (kr->server)
-	ktest_destroy_principal(&(kr->server));
+        ktest_destroy_principal(&(kr->server));
     if (kr->ktype)
-	free(kr->ktype);
+        free(kr->ktype);
     if (kr->addresses)
-	ktest_destroy_addresses(&(kr->addresses));
+        ktest_destroy_addresses(&(kr->addresses));
     ktest_destroy_enc_data(&(kr->authorization_data));
     if (kr->unenc_authdata)
-	ktest_destroy_authorization_data(&(kr->unenc_authdata));
+        ktest_destroy_authorization_data(&(kr->unenc_authdata));
     if (kr->second_ticket)
-	ktest_destroy_sequence_of_ticket(&(kr->second_ticket));
+        ktest_destroy_sequence_of_ticket(&(kr->second_ticket));
 
 }
 
@@ -1199,20 +1200,20 @@ void ktest_empty_kdc_rep(kr)
     krb5_kdc_rep *kr;
 {
     if (kr->padata)
-	ktest_destroy_pa_data_array(&(kr->padata));
+        ktest_destroy_pa_data_array(&(kr->padata));
 
     if (kr->client)
-	ktest_destroy_principal(&(kr->client));
+        ktest_destroy_principal(&(kr->client));
 
     if (kr->ticket)
-	ktest_destroy_ticket(&(kr->ticket));
+        ktest_destroy_ticket(&(kr->ticket));
 
     ktest_destroy_enc_data(&kr->enc_part);
 
     if (kr->enc_part2) {
-	ktest_empty_enc_kdc_rep_part(kr->enc_part2);
-	free(kr->enc_part2);
-	kr->enc_part2 = NULL;
+        ktest_empty_enc_kdc_rep_part(kr->enc_part2);
+        free(kr->enc_part2);
+        kr->enc_part2 = NULL;
     }
 }
 
@@ -1222,13 +1223,13 @@ void ktest_empty_authenticator(a)
 {
 
     if (a->client)
-	ktest_destroy_principal(&(a->client));
+        ktest_destroy_principal(&(a->client));
     if (a->checksum)
-	ktest_destroy_checksum(&(a->checksum));
+        ktest_destroy_checksum(&(a->checksum));
     if (a->subkey)
-	ktest_destroy_keyblock(&(a->subkey));
+        ktest_destroy_keyblock(&(a->subkey));
     if (a->authorization_data)
-	ktest_destroy_authorization_data(&(a->authorization_data));
+        ktest_destroy_authorization_data(&(a->authorization_data));
 }
 
 void ktest_empty_enc_tkt_part(etp)
@@ -1236,13 +1237,13 @@ void ktest_empty_enc_tkt_part(etp)
 {
 
     if (etp->session)
-	ktest_destroy_keyblock(&(etp->session));
+        ktest_destroy_keyblock(&(etp->session));
     if (etp->client)
-	ktest_destroy_principal(&(etp->client));
+        ktest_destroy_principal(&(etp->client));
     if (etp->caddrs)
-	ktest_destroy_addresses(&(etp->caddrs));
+        ktest_destroy_addresses(&(etp->caddrs));
     if (etp->authorization_data)
-	ktest_destroy_authorization_data(&(etp->authorization_data));
+        ktest_destroy_authorization_data(&(etp->authorization_data));
     ktest_destroy_transited(&(etp->transited));
 }
 
@@ -1250,9 +1251,9 @@ void ktest_destroy_enc_tkt_part(etp)
     krb5_enc_tkt_part ** etp;
 {
     if (*etp) {
-	ktest_empty_enc_tkt_part(*etp);
-	free(*etp);
-	*etp = NULL;
+        ktest_empty_enc_tkt_part(*etp);
+        free(*etp);
+        *etp = NULL;
     }
 }
 
@@ -1261,13 +1262,13 @@ void ktest_empty_enc_kdc_rep_part(ekr)
 {
 
     if (ekr->session)
-	ktest_destroy_keyblock(&(ekr->session));
+        ktest_destroy_keyblock(&(ekr->session));
 
     if (ekr->server)
-	ktest_destroy_principal(&(ekr->server));
+        ktest_destroy_principal(&(ekr->server));
 
     if (ekr->caddrs)
-	ktest_destroy_addresses(&(ekr->caddrs));
+        ktest_destroy_addresses(&(ekr->caddrs));
     ktest_destroy_last_req(&(ekr->last_req));
 }
 
@@ -1276,7 +1277,7 @@ void ktest_destroy_transited(t)
     krb5_transited * t;
 {
     if (t->tr_contents.data)
-	ktest_empty_data(&(t->tr_contents));
+        ktest_empty_data(&(t->tr_contents));
 }
 
 
@@ -1291,7 +1292,7 @@ void ktest_empty_ap_req(ar)
 {
 
     if (ar->ticket)
-	ktest_destroy_ticket(&(ar->ticket));
+        ktest_destroy_ticket(&(ar->ticket));
     ktest_destroy_enc_data(&(ar->authenticator));
 }
 
@@ -1299,24 +1300,24 @@ void ktest_empty_cred_enc_part(cep)
     krb5_cred_enc_part * cep;
 {
     if (cep->s_address)
-	ktest_destroy_address(&(cep->s_address));
+        ktest_destroy_address(&(cep->s_address));
     if (cep->r_address)
-	ktest_destroy_address(&(cep->r_address));
+        ktest_destroy_address(&(cep->r_address));
     if (cep->ticket_info)
-	ktest_destroy_sequence_of_cred_info(&(cep->ticket_info));
+        ktest_destroy_sequence_of_cred_info(&(cep->ticket_info));
 }
 
 void ktest_destroy_cred_info(ci)
     krb5_cred_info ** ci;
 {
     if ((*ci)->session)
-	ktest_destroy_keyblock(&((*ci)->session));
+        ktest_destroy_keyblock(&((*ci)->session));
     if ((*ci)->client)
-	ktest_destroy_principal(&((*ci)->client));
+        ktest_destroy_principal(&((*ci)->client));
     if ((*ci)->server)
-	ktest_destroy_principal(&((*ci)->server));
+        ktest_destroy_principal(&((*ci)->server));
     if ((*ci)->caddrs)
-	ktest_destroy_addresses(&((*ci)->caddrs));
+        ktest_destroy_addresses(&((*ci)->caddrs));
     free(*ci);
     *ci = NULL;
 }
@@ -1327,7 +1328,7 @@ void ktest_destroy_sequence_of_cred_info(soci)
     int i;
 
     for (i=0; (*soci)[i] != NULL; i++)
-	ktest_destroy_cred_info(&((*soci)[i]));
+        ktest_destroy_cred_info(&((*soci)[i]));
     free(*soci);
     *soci = NULL;
 }
@@ -1372,10 +1373,10 @@ void ktest_destroy_last_req(lr)
     int i;
 
     if (*lr) {
-	for (i=0; (*lr)[i] != NULL; i++) {
-	    free((*lr)[i]);
-	}
-	free(*lr);
+        for (i=0; (*lr)[i] != NULL; i++) {
+            free((*lr)[i]);
+        }
+        free(*lr);
     }
 }
 
@@ -1383,9 +1384,9 @@ void ktest_empty_error(kerr)
     krb5_error * kerr;
 {
     if (kerr->client)
-	ktest_destroy_principal(&(kerr->client));
+        ktest_destroy_principal(&(kerr->client));
     if (kerr->server)
-	ktest_destroy_principal(&(kerr->server));
+        ktest_destroy_principal(&(kerr->server));
     ktest_empty_data(&(kerr->text));
     ktest_empty_data(&(kerr->e_data));
 }
@@ -1409,11 +1410,11 @@ void ktest_empty_pwd_data(pd)
     int i;
 
     for (i=0; i <= pd->sequence_count; i++) {
-	if (pd->element[i]) {
-	    ktest_empty_passwd_phrase_element(pd->element[i]);
-	    free(pd->element[i]);
-	    pd->element[i] = NULL;
-	}
+        if (pd->element[i]) {
+            ktest_empty_passwd_phrase_element(pd->element[i]);
+            free(pd->element[i]);
+            pd->element[i] = NULL;
+        }
     }
     free(pd->element);
 
@@ -1423,8 +1424,8 @@ void ktest_empty_alt_method(am)
     krb5_alt_method *am;
 {
     if (am->data) {
-	free(am->data);
-	am->data = NULL;
+        free(am->data);
+        am->data = NULL;
     }
 }
 
@@ -1439,8 +1440,8 @@ void ktest_empty_sam_challenge(p)
     ktest_empty_data(&(p->sam_pk_for_sad));
 
     if (p->sam_cksum.contents != NULL) {
-	free(p->sam_cksum.contents);
-	p->sam_cksum.contents = NULL;
+        free(p->sam_cksum.contents);
+        p->sam_cksum.contents = NULL;
     }
 
 }
@@ -1457,7 +1458,7 @@ void ktest_empty_sam_key(p)
     krb5_sam_key *p;
 {
     if (p->sam_key.contents)
-	free(p->sam_key.contents);
+        free(p->sam_key.contents);
 }
 
 void ktest_empty_predicted_sam_response(p)
@@ -1471,19 +1472,19 @@ void ktest_empty_predicted_sam_response(p)
 void ktest_empty_enc_sam_response_enc(p)
     krb5_enc_sam_response_enc *p;
 {
-  ktest_empty_data(&p->sam_sad);
+    ktest_empty_data(&p->sam_sad);
 }
 
 void ktest_empty_sam_response_2(p)
     krb5_sam_response_2 *p;
 {
-  ktest_empty_data(&p->sam_track_id);
-  ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
+    ktest_empty_data(&p->sam_track_id);
+    ktest_empty_data(&p->sam_enc_nonce_or_sad.ciphertext);
 }
 void ktest_empty_enc_sam_response_enc_2(p)
     krb5_enc_sam_response_enc_2 *p;
 {
-  ktest_empty_data(&p->sam_sad);
+    ktest_empty_data(&p->sam_sad);
 }
 
 void ktest_empty_pa_s4u_x509_user(p)
@@ -1509,9 +1510,9 @@ void ktest_empty_ad_signedpath_data(p)
     ktest_destroy_principal(&p->client);
     if (p->delegated != NULL) {
         for (i = 0; p->delegated[i] != NULL; i++) {
-	    krb5_principal princ = p->delegated[i];
+            krb5_principal princ = p->delegated[i];
             ktest_destroy_principal(&princ);
-	}
+        }
         free(p->delegated);
     }
     ktest_destroy_pa_data_array(&p->method_data);
@@ -1525,9 +1526,9 @@ void ktest_empty_ad_signedpath(p)
     if (p->checksum.contents) free(p->checksum.contents);
     if (p->delegated != NULL) {
         for (i = 0; p->delegated[i] != NULL; i++) {
-	    krb5_principal princ = p->delegated[i];
+            krb5_principal princ = p->delegated[i];
             ktest_destroy_principal(&princ);
-	}
+        }
         free(p->delegated);
     }
     ktest_destroy_pa_data_array(&p->method_data);
@@ -1540,8 +1541,8 @@ void ktest_empty_ldap_seqof_key_data(ctx, p)
 {
     int i;
     for (i = 0; i < p->n_key_data; i++) {
-	free(p->key_data[i].key_data_contents[0]);
-	free(p->key_data[i].key_data_contents[1]);
+        free(p->key_data[i].key_data_contents[0]);
+        free(p->key_data[i].key_data_contents[1]);
     }
     free(p->key_data);
 }
diff --git a/src/tests/asn.1/ktest_equal.c b/src/tests/asn.1/ktest_equal.c
index 67c8d7e..f84357b 100644
--- a/src/tests/asn.1/ktest_equal.c
+++ b/src/tests/asn.1/ktest_equal.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdlib.h>
 #include <stdio.h>
 #include "ktest_equal.h"
@@ -5,17 +6,17 @@
 #define FALSE 0
 #define TRUE 1
 
-#define struct_equal(field,comparator)		\
+#define struct_equal(field,comparator)          \
     comparator(&(ref->field),&(var->field))
 
-#define ptr_equal(field,comparator)		\
+#define ptr_equal(field,comparator)             \
     comparator(ref->field,var->field)
 
-#define scalar_equal(field)			\
+#define scalar_equal(field)                     \
     ((ref->field) == (var->field))
 
-#define len_equal(length,field,comparator)		\
-    ((ref->length == var->length) &&			\
+#define len_equal(length,field,comparator)              \
+    ((ref->length == var->length) &&                    \
      comparator(ref->length,ref->field,var->field))
 
 int ktest_equal_authenticator(ref, var)
@@ -42,8 +43,8 @@ int ktest_equal_principal_data(ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     return(struct_equal(realm,ktest_equal_data) &&
-	   len_equal(length,data,ktest_equal_array_of_data) &&
-	   scalar_equal(type));
+           len_equal(length,data,ktest_equal_array_of_data) &&
+           scalar_equal(type));
 }
 
 int ktest_equal_authdata(ref, var)
@@ -53,7 +54,7 @@ int ktest_equal_authdata(ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     return(scalar_equal(ad_type) &&
-	   len_equal(length,contents,ktest_equal_array_of_octet));
+           len_equal(length,contents,ktest_equal_array_of_octet));
 }
 
 int ktest_equal_checksum(ref, var)
@@ -470,11 +471,11 @@ int ktest_equal_krb5_alt_method(ref, var)
     krb5_alt_method *var;
 {
     if (ref->method != var->method)
-	return FALSE;
+        return FALSE;
     if (ref->length != var->length)
-	return FALSE;
+        return FALSE;
     if (memcmp(ref->data, var->data, ref->length) != 0)
-	return FALSE;
+        return FALSE;
     return TRUE;
 }
 
@@ -483,12 +484,12 @@ int ktest_equal_krb5_etype_info_entry(ref, var)
     krb5_etype_info_entry *var;
 {
     if (ref->etype != var->etype)
-	return FALSE;
+        return FALSE;
     if (ref->length != var->length)
-	return FALSE;
+        return FALSE;
     if (ref->length > 0 && ref->length != KRB5_ETYPE_NO_SALT)
-    	if (memcmp(ref->salt, var->salt, ref->length) != 0)
-	    return FALSE;
+        if (memcmp(ref->salt, var->salt, ref->length) != 0)
+            return FALSE;
     return TRUE;
 }
 
@@ -612,16 +613,16 @@ static int equal_key_data(ref, var)
     p=p&&scalar_equal(key_data_type[0]);
     p=p&&scalar_equal(key_data_type[1]);
     p=p&&len_equal(key_data_length[0],key_data_contents[0],
-		   ktest_equal_array_of_octet);
+                   ktest_equal_array_of_octet);
     p=p&&len_equal(key_data_length[1],key_data_contents[1],
-		   ktest_equal_array_of_octet);
+                   ktest_equal_array_of_octet);
     return p;
 }
 static int equal_key_data_array(int n, krb5_key_data *ref, krb5_key_data *val)
 {
     int i, p=TRUE;
     for (i = 0; i < n; i++) {
-	p=p&&equal_key_data(ref+i, val+i);
+        p=p&&equal_key_data(ref+i, val+i);
     }
     return p;
 }
@@ -650,7 +651,7 @@ int ktest_equal_array_of_data(length, ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     for (i=0; i<(length); i++) {
-	p = p && ktest_equal_data(&(ref[i]),&(var[i]));
+        p = p && ktest_equal_data(&(ref[i]),&(var[i]));
     }
     return p;
 }
@@ -665,7 +666,7 @@ int ktest_equal_array_of_octet(length, ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     for (i=0; i<length; i++)
-	p = p && (ref[i] == var[i]);
+        p = p && (ref[i] == var[i]);
     return p;
 }
 
@@ -679,7 +680,7 @@ int ktest_equal_array_of_char(length, ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     for (i=0; i<length; i++)
-	p = p && (ref[i] == var[i]);
+        p = p && (ref[i] == var[i]);
     return p;
 }
 
@@ -693,19 +694,19 @@ int ktest_equal_array_of_enctype(length, ref, var)
     if (ref==var) return TRUE;
     else if (ref == NULL || var == NULL) return FALSE;
     for (i=0; i<length; i++)
-	p = p && (ref[i] == var[i]);
+        p = p && (ref[i] == var[i]);
     return p;
 }
 
-#define array_compare(comparator)			\
-    int i,p=TRUE;					\
-    if (ref==var) return TRUE;				\
-    if (!ref || !ref[0])				\
-	return (!var || !var[0]);			\
-    if (!var || !var[0]) return FALSE;			\
-    for (i=0; ref[i] != NULL && var[i] != NULL; i++)	\
-	p = p && comparator(ref[i],var[i]);		\
-    if (ref[i] == NULL && var[i] == NULL) return p;	\
+#define array_compare(comparator)                       \
+    int i,p=TRUE;                                       \
+    if (ref==var) return TRUE;                          \
+    if (!ref || !ref[0])                                \
+        return (!var || !var[0]);                       \
+    if (!var || !var[0]) return FALSE;                  \
+    for (i=0; ref[i] != NULL && var[i] != NULL; i++)    \
+        p = p && comparator(ref[i],var[i]);             \
+    if (ref[i] == NULL && var[i] == NULL) return p;     \
     else return FALSE
 
 int ktest_equal_authorization_data(ref, var)
diff --git a/src/tests/asn.1/t_trval.c b/src/tests/asn.1/t_trval.c
index d1b261f..204f60f 100644
--- a/src/tests/asn.1/t_trval.c
+++ b/src/tests/asn.1/t_trval.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
  *
@@ -52,11 +53,11 @@ int check_option(word, option)
     char *option;
 {
     if (word[0] != '-')
-	return 0;
+        return 0;
     if (word[1] == '-')
-	word++;
+        word++;
     if (strcmp(word+1, option))
-	return 0;
+        return 0;
     return 1;
 }
 
@@ -69,37 +70,37 @@ int main(argc, argv)
     int r = 0;
 
     while (--argc > 0) {
-	argv++;
-	if (optflg && *(argv)[0] == '-') {
-	    if (check_option(*argv, "help"))
-		usage();
-	    else if (check_option(*argv, "types"))
-		print_types = 1;
-	    else if (check_option(*argv, "notypes"))
-		print_types = 0;
-	    else if (check_option(*argv, "krb5"))
-		print_krb5_types = 1;
-	    else if (check_option(*argv, "hex"))
-		do_hex = 1;
-	    else if (check_option(*argv, "notypebytes"))
-		print_id_and_len = 0;
-	    else if (check_option(*argv, "krb5decode")) {
-		print_id_and_len = 0;
-		print_krb5_types = 1;
-		print_types = 1;
-	    } else {
-		fprintf(stderr,"trval: unknown option: %s\n", *argv);
-		usage();
-	    }
-	} else {
-	    optflg = 0;
-	    if ((fp = fopen(*argv,"r")) == NULL) {
-		fprintf(stderr,"trval: unable to open %s\n", *argv);
-		continue;
-	    }
-	    r = trval(fp, stdout);
-	    fclose(fp);
-	}
+        argv++;
+        if (optflg && *(argv)[0] == '-') {
+            if (check_option(*argv, "help"))
+                usage();
+            else if (check_option(*argv, "types"))
+                print_types = 1;
+            else if (check_option(*argv, "notypes"))
+                print_types = 0;
+            else if (check_option(*argv, "krb5"))
+                print_krb5_types = 1;
+            else if (check_option(*argv, "hex"))
+                do_hex = 1;
+            else if (check_option(*argv, "notypebytes"))
+                print_id_and_len = 0;
+            else if (check_option(*argv, "krb5decode")) {
+                print_id_and_len = 0;
+                print_krb5_types = 1;
+                print_types = 1;
+            } else {
+                fprintf(stderr,"trval: unknown option: %s\n", *argv);
+                usage();
+            }
+        } else {
+            optflg = 0;
+            if ((fp = fopen(*argv,"r")) == NULL) {
+                fprintf(stderr,"trval: unable to open %s\n", *argv);
+                continue;
+            }
+            r = trval(fp, stdout);
+            fclose(fp);
+        }
     }
     if (optflg) r = trval(stdin, stdout);
 
diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c
index 4d80ed5..b61bc3c 100644
--- a/src/tests/asn.1/trval.c
+++ b/src/tests/asn.1/trval.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1992,1993 Trusted Information Systems, Inc.
  *
@@ -47,50 +48,50 @@
 /* IDENTIFIER OCTET = TAG CLASS | FORM OF ENCODING | TAG NUMBER */
 
 /* TAG CLASSES */
-#define ID_CLASS   0xc0		/* bits 8 and 7 */
-#define CLASS_UNIV 0x00		/* 0 = universal */
-#define CLASS_APPL 0x40		/* 1 = application */
-#define CLASS_CONT 0x80		/* 2 = context-specific */
-#define CLASS_PRIV 0xc0		/* 3 = private */
+#define ID_CLASS   0xc0         /* bits 8 and 7 */
+#define CLASS_UNIV 0x00         /* 0 = universal */
+#define CLASS_APPL 0x40         /* 1 = application */
+#define CLASS_CONT 0x80         /* 2 = context-specific */
+#define CLASS_PRIV 0xc0         /* 3 = private */
 
 /* FORM OF ENCODING */
-#define ID_FORM   0x20		/* bit 6 */
-#define FORM_PRIM 0x00		/* 0 = primitive */
-#define FORM_CONS 0x20		/* 1 = constructed */
+#define ID_FORM   0x20          /* bit 6 */
+#define FORM_PRIM 0x00          /* 0 = primitive */
+#define FORM_CONS 0x20          /* 1 = constructed */
 
 /* TAG NUMBERS */
-#define ID_TAG    0x1f		/* bits 5-1 */
-#define PRIM_BOOL 0x01		/* Boolean */
-#define PRIM_INT  0x02		/* Integer */
-#define PRIM_BITS 0x03		/* Bit String */
-#define PRIM_OCTS 0x04		/* Octet String */
-#define PRIM_NULL 0x05		/* Null */
-#define PRIM_OID  0x06		/* Object Identifier */
-#define PRIM_ODE  0x07		/* Object Descriptor */
-#define CONS_EXTN 0x08		/* External */
-#define PRIM_REAL 0x09		/* Real */
-#define PRIM_ENUM 0x0a		/* Enumerated type */
-#define PRIM_ENCR 0x0b		/* Encrypted */
-#define CONS_SEQ  0x10		/* SEQUENCE/SEQUENCE OF */
-#define CONS_SET  0x11		/* SET/SET OF */
-#define DEFN_NUMS 0x12		/* Numeric String */
-#define DEFN_PRTS 0x13		/* Printable String */
-#define DEFN_T61S 0x14		/* T.61 String */
-#define DEFN_VTXS 0x15		/* Videotex String */
-#define DEFN_IA5S 0x16		/* IA5 String */
-#define DEFN_UTCT 0x17		/* UTCTime */
-#define DEFN_GENT 0x18		/* Generalized Time */
-#define DEFN_GFXS 0x19		/* Graphics string (ISO2375) */
-#define DEFN_VISS 0x1a		/* Visible string */
-#define DEFN_GENS 0x1b		/* General string */
-#define DEFN_CHRS 0x1c		/* Character string */
-
-#define	LEN_XTND	0x80	/* long or indefinite form */
-#define	LEN_SMAX	127	/* largest short form */
-#define	LEN_MASK	0x7f	/* mask to get number of bytes in length */
-#define	LEN_INDF	(-1)	/* indefinite length */
-
-#define KRB5	/* Do krb5 application types */
+#define ID_TAG    0x1f          /* bits 5-1 */
+#define PRIM_BOOL 0x01          /* Boolean */
+#define PRIM_INT  0x02          /* Integer */
+#define PRIM_BITS 0x03          /* Bit String */
+#define PRIM_OCTS 0x04          /* Octet String */
+#define PRIM_NULL 0x05          /* Null */
+#define PRIM_OID  0x06          /* Object Identifier */
+#define PRIM_ODE  0x07          /* Object Descriptor */
+#define CONS_EXTN 0x08          /* External */
+#define PRIM_REAL 0x09          /* Real */
+#define PRIM_ENUM 0x0a          /* Enumerated type */
+#define PRIM_ENCR 0x0b          /* Encrypted */
+#define CONS_SEQ  0x10          /* SEQUENCE/SEQUENCE OF */
+#define CONS_SET  0x11          /* SET/SET OF */
+#define DEFN_NUMS 0x12          /* Numeric String */
+#define DEFN_PRTS 0x13          /* Printable String */
+#define DEFN_T61S 0x14          /* T.61 String */
+#define DEFN_VTXS 0x15          /* Videotex String */
+#define DEFN_IA5S 0x16          /* IA5 String */
+#define DEFN_UTCT 0x17          /* UTCTime */
+#define DEFN_GENT 0x18          /* Generalized Time */
+#define DEFN_GFXS 0x19          /* Graphics string (ISO2375) */
+#define DEFN_VISS 0x1a          /* Visible string */
+#define DEFN_GENS 0x1b          /* General string */
+#define DEFN_CHRS 0x1c          /* Character string */
+
+#define LEN_XTND        0x80    /* long or indefinite form */
+#define LEN_SMAX        127     /* largest short form */
+#define LEN_MASK        0x7f    /* mask to get number of bytes in length */
+#define LEN_INDF        (-1)    /* indefinite length */
+
+#define KRB5    /* Do krb5 application types */
 
 int print_types = 0;
 int print_id_and_len = 1;
@@ -122,17 +123,17 @@ int trval2 (FILE *, unsigned char *, int, int, int *);
 static int convert_nibble(int ch)
 {
     if (isdigit(ch))
-	return (ch - '0');
+        return (ch - '0');
     if (ch >= 'a' && ch <= 'f')
-	return (ch - 'a' + 10);
+        return (ch - 'a' + 10);
     if (ch >= 'A' && ch <= 'F')
-	return (ch - 'A' + 10);
+        return (ch - 'A' + 10);
     return -1;
 }
 
 int trval(fin, fout)
-    FILE	*fin;
-    FILE	*fout;
+    FILE        *fin;
+    FILE        *fout;
 {
     unsigned char *p;
     unsigned int maxlen;
@@ -145,21 +146,21 @@ int trval(fin, fout)
     p = (unsigned char *)malloc(maxlen);
     len = 0;
     while ((cc = fgetc(fin)) != EOF) {
-	if ((unsigned int) len == maxlen) {
-	    maxlen += BUFSIZ;
-	    p = (unsigned char *)realloc(p, maxlen);
-	}
-	if (do_hex) {
-	    if (cc == ' ' || cc == '\n' || cc == '\t')
-		continue;
-	    cc2 = fgetc(fin);
-	    if (cc2 == EOF)
-		break;
-	    n1 = convert_nibble(cc);
-	    n2 = convert_nibble(cc2);
-	    cc = (n1 << 4) + n2;
-	}
-	p[len++] = cc;
+        if ((unsigned int) len == maxlen) {
+            maxlen += BUFSIZ;
+            p = (unsigned char *)realloc(p, maxlen);
+        }
+        if (do_hex) {
+            if (cc == ' ' || cc == '\n' || cc == '\t')
+                continue;
+            cc2 = fgetc(fin);
+            if (cc2 == EOF)
+                break;
+            n1 = convert_nibble(cc);
+            n2 = convert_nibble(cc2);
+            cc = (n1 << 4) + n2;
+        }
+        p[len++] = cc;
     }
     fprintf(fout, "<%d>", len);
     r = trval2(fout, p, len, 0, &rlen);
@@ -181,8 +182,8 @@ int trval2(fp, enc, len, lev, rlen)
     r = OK;
 
     if (len < 2) {
-	fprintf(fp, "missing id and length octets (%d)\n", len);
-	return(NOTOK);
+        fprintf(fp, "missing id and length octets (%d)\n", len);
+        return(NOTOK);
     }
 
     fprintf(fp, "\n");
@@ -193,53 +194,53 @@ context_restart:
     elen = enc[1];
 
     if (print_id_and_len) {
-	fprintf(fp, "%02x ", eid);
-	fprintf(fp, "%02x ", elen);
+        fprintf(fp, "%02x ", eid);
+        fprintf(fp, "%02x ", elen);
     }
 
     if (elen == LEN_XTND) {
-	fprintf(fp,
-		"indefinite length encoding not implemented (0x%02x)\n", elen);
-	return(NOTOK);
+        fprintf(fp,
+                "indefinite length encoding not implemented (0x%02x)\n", elen);
+        return(NOTOK);
     }
 
     xlen = 0;
     if (elen & LEN_XTND) {
-	xlen = elen & LEN_MASK;
-	if (xlen > len - 2) {
-	    fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len);
-	    return(NOTOK);
-	}
-	elen = decode_len(fp, enc+2, xlen);
+        xlen = elen & LEN_MASK;
+        if (xlen > len - 2) {
+            fprintf(fp, "extended length too long (%d > %d - 2)\n", xlen, len);
+            return(NOTOK);
+        }
+        elen = decode_len(fp, enc+2, xlen);
     }
 
     if (elen > len - 2 - xlen) {
-	fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen);
-	return(NOTOK);
+        fprintf(fp, "length too long (%d > %d - 2 - %d)\n", elen, len, xlen);
+        return(NOTOK);
     }
 
     print_tag_type(fp, eid, lev);
 
     if (print_context_shortcut &&
-	((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) {
-	rlen_ext += 2 + xlen;
-	enc += 2 + xlen;
-	goto context_restart;
+        ((eid & ID_CLASS) == CLASS_CONT) && (lev > 0)) {
+        rlen_ext += 2 + xlen;
+        enc += 2 + xlen;
+        goto context_restart;
     }
 
     switch(eid & ID_FORM) {
     case FORM_PRIM:
-	r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1);
-	*rlen = 2 + xlen + elen + rlen_ext;
-	break;
+        r = do_prim(fp, eid & ID_TAG, enc+2+xlen, elen, lev+1);
+        *rlen = 2 + xlen + elen + rlen_ext;
+        break;
     case FORM_CONS:
-	if (print_constructed_length) {
-	    fprintf(fp, "constr ");
-	    fprintf(fp, "<%d>", elen);
-	}
-	r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2);
-	*rlen = 2 + xlen + rlen2 + rlen_ext;
-	break;
+        if (print_constructed_length) {
+            fprintf(fp, "constr ");
+            fprintf(fp, "<%d>", elen);
+        }
+        r = do_cons(fp, enc+2+xlen, elen, lev+1, &rlen2);
+        *rlen = 2 + xlen + rlen2 + rlen_ext;
+        break;
     }
 
     return(r);
@@ -254,12 +255,12 @@ int decode_len(fp, enc, len)
     int i;
 
     if (print_id_and_len)
-	fprintf(fp, "%02x ", enc[0]);
+        fprintf(fp, "%02x ", enc[0]);
     rlen = enc[0];
     for (i=1; i<len; i++) {
-	if (print_id_and_len)
-	    fprintf(fp, "%02x ", enc[i]);
-	rlen = (rlen * 0x100) + enc[i];
+        if (print_id_and_len)
+            fprintf(fp, "%02x ", enc[i]);
+        rlen = (rlen * 0x100) + enc[i];
     }
     return(rlen);
 }
@@ -274,20 +275,20 @@ int do_prim_bitstring(fp, tag, enc, len, lev)
     int len;
     int lev;
 {
-    int	i;
-    long	num = 0;
+    int i;
+    long        num = 0;
 
     if (tag != PRIM_BITS || len > 5)
-	return 0;
+        return 0;
 
     for (i=1; i < len; i++) {
-	num = num << 8;
-	num += enc[i];
+        num = num << 8;
+        num += enc[i];
     }
 
     fprintf(fp, "0x%lx", num);
     if (enc[0])
-	fprintf(fp, " (%d unused bits)", enc[0]);
+        fprintf(fp, " (%d unused bits)", enc[0]);
     return 1;
 }
 
@@ -301,18 +302,18 @@ int do_prim_int(fp, tag, enc, len, lev)
     int len;
     int lev;
 {
-    int	i;
-    long	num = 0;
+    int i;
+    long        num = 0;
 
     if (tag != PRIM_INT || len > 4)
-	return 0;
+        return 0;
 
     if (enc[0] & 0x80)
-	num = -1;
+        num = -1;
 
     for (i=0; i < len; i++) {
-	num = num << 8;
-	num += enc[i];
+        num = num << 8;
+        num += enc[i];
     }
 
     fprintf(fp, "%ld", num);
@@ -331,17 +332,17 @@ int do_prim_string(fp, tag, enc, len, lev)
     int len;
     int lev;
 {
-    int	i;
+    int i;
 
     /*
      * Only try this printing function with "reasonable" types
      */
     if ((tag < DEFN_NUMS) && (tag != PRIM_OCTS))
-	return 0;
+        return 0;
 
     for (i=0; i < len; i++)
-	if (!isprint(enc[i]))
-	    return 0;
+        if (!isprint(enc[i]))
+            return 0;
     fprintf(fp, "\"%.*s\"", len, enc);
     return 1;
 }
@@ -359,36 +360,36 @@ int do_prim(fp, tag, enc, len, lev)
     int width;
 
     if (do_prim_string(fp, tag, enc, len, lev))
-	return OK;
+        return OK;
     if (do_prim_int(fp, tag, enc, len, lev))
-	return OK;
+        return OK;
     if (do_prim_bitstring(fp, tag, enc, len, lev))
-	return OK;
+        return OK;
 
     if (print_primitive_length)
-	fprintf(fp, "<%d>", len);
+        fprintf(fp, "<%d>", len);
 
     width = (80 - (lev * 3) - 8) / 4;
 
     for (n = 0; n < len; n++) {
-	if ((n % width) == 0) {
-	    fprintf(fp, "\n");
-	    for (i=0; i<lev; i++) fprintf(fp, "   ");
-	}
-	fprintf(fp, "%02x ", enc[n]);
-	if ((n % width) == (width-1)) {
-	    fprintf(fp, "    ");
-	    for (i=n-(width-1); i<=n; i++)
-		if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
-		else fprintf(fp, ".");
-	}
+        if ((n % width) == 0) {
+            fprintf(fp, "\n");
+            for (i=0; i<lev; i++) fprintf(fp, "   ");
+        }
+        fprintf(fp, "%02x ", enc[n]);
+        if ((n % width) == (width-1)) {
+            fprintf(fp, "    ");
+            for (i=n-(width-1); i<=n; i++)
+                if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+                else fprintf(fp, ".");
+        }
     }
     if ((j = (n % width)) != 0) {
-	fprintf(fp, "    ");
-	for (i=0; i<width-j; i++) fprintf(fp, "   ");
-	for (i=n-j; i<n; i++)
-	    if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
-	    else fprintf(fp, ".");
+        fprintf(fp, "    ");
+        for (i=0; i<width-j; i++) fprintf(fp, "   ");
+        for (i=n-j; i<n; i++)
+            if (isprint(enc[i])) fprintf(fp, "%c", enc[i]);
+            else fprintf(fp, ".");
     }
     return(OK);
 }
@@ -408,38 +409,38 @@ int do_cons(fp, enc, len, lev, rlen)
 
     save_appl = current_appl_type;
     for (n = 0, rlent = 0; n < len; n+=rlen2, rlent+=rlen2) {
-	r = trval2(fp, enc+n, len-n, lev, &rlen2);
-	current_appl_type = save_appl;
-	if (r != OK) return(r);
+        r = trval2(fp, enc+n, len-n, lev, &rlen2);
+        current_appl_type = save_appl;
+        if (r != OK) return(r);
     }
     if (rlent != len) {
-	fprintf(fp, "inconsistent constructed lengths (%d != %d)\n",
-		rlent, len);
-	return(NOTOK);
+        fprintf(fp, "inconsistent constructed lengths (%d != %d)\n",
+                rlent, len);
+        return(NOTOK);
     }
     *rlen = rlent;
     return(r);
 }
 
 struct typestring_table {
-    int	k1, k2;
-    char	*str;
-    int	new_appl;
+    int k1, k2;
+    char        *str;
+    int new_appl;
 };
 
 static char *lookup_typestring(table, key1, key2)
     struct typestring_table *table;
-    int	key1, key2;
+    int key1, key2;
 {
     struct typestring_table *ent;
 
     for (ent = table; ent->k1 > 0; ent++) {
-	if ((ent->k1 == key1) &&
-	    (ent->k2 == key2)) {
-	    if (ent->new_appl)
-		current_appl_type = ent->new_appl;
-	    return ent->str;
-	}
+        if ((ent->k1 == key1) &&
+            (ent->k2 == key2)) {
+            if (ent->new_appl)
+                current_appl_type = ent->new_appl;
+            return ent->str;
+        }
     }
     return 0;
 }
@@ -500,26 +501,26 @@ struct typestring_table krb5_fields[] = {
     { 1000, 0, "name-type"}, /* PrincipalName */
     { 1000, 1, "name-string"},
 
-    { 1001, 0, "etype"},	/* Encrypted data */
+    { 1001, 0, "etype"},        /* Encrypted data */
     { 1001, 1, "kvno"},
     { 1001, 2, "cipher"},
 
-    { 1002, 0, "addr-type"},	/* HostAddress */
+    { 1002, 0, "addr-type"},    /* HostAddress */
     { 1002, 1, "address"},
 
-    { 1003, 0, "addr-type"},	/* HostAddresses */
+    { 1003, 0, "addr-type"},    /* HostAddresses */
     { 1003, 1, "address"},
 
-    { 1004, 0, "ad-type"},	/* AuthorizationData */
+    { 1004, 0, "ad-type"},      /* AuthorizationData */
     { 1004, 1, "ad-data"},
 
-    { 1005, 0, "keytype"},	/* EncryptionKey */
+    { 1005, 0, "keytype"},      /* EncryptionKey */
     { 1005, 1, "keyvalue"},
 
-    { 1006, 0, "cksumtype"},	/* Checksum */
+    { 1006, 0, "cksumtype"},    /* Checksum */
     { 1006, 1, "checksum"},
 
-    { 1007, 0, "kdc-options"},	/* KDC-REQ-BODY */
+    { 1007, 0, "kdc-options"},  /* KDC-REQ-BODY */
     { 1007, 1, "cname", 1000},
     { 1007, 2, "realm"},
     { 1007, 3, "sname", 1000},
@@ -532,20 +533,20 @@ struct typestring_table krb5_fields[] = {
     { 1007, 10, "enc-authorization-data", 1001},
     { 1007, 11, "additional-tickets"},
 
-    { 1008, 1, "padata-type"},	/* PA-DATA */
+    { 1008, 1, "padata-type"},  /* PA-DATA */
     { 1008, 2, "pa-data"},
 
-    { 1009, 0, "user-data"},	/* KRB-SAFE-BODY */
+    { 1009, 0, "user-data"},    /* KRB-SAFE-BODY */
     { 1009, 1, "timestamp"},
     { 1009, 2, "usec"},
     { 1009, 3, "seq-number"},
     { 1009, 4, "s-address", 1002},
     { 1009, 5, "r-address", 1002},
 
-    { 1010, 0, "lr-type"},	/* LastReq */
+    { 1010, 0, "lr-type"},      /* LastReq */
     { 1010, 1, "lr-value"},
 
-    { 1011, 0, "key", 1005},	/* KRB-CRED-INFO */
+    { 1011, 0, "key", 1005},    /* KRB-CRED-INFO */
     { 1011, 1, "prealm"},
     { 1011, 2, "pname", 1000},
     { 1011, 3, "flags"},
@@ -557,7 +558,7 @@ struct typestring_table krb5_fields[] = {
     { 1011, 9, "sname", 1000},
     { 1011, 10, "caddr", 1002},
 
-    { 1, 0, "tkt-vno"},	/* Ticket */
+    { 1, 0, "tkt-vno"}, /* Ticket */
     { 1, 1, "realm"},
     { 1, 2, "sname", 1000},
     { 1, 3, "tkt-enc-part", 1001},
@@ -584,12 +585,12 @@ struct typestring_table krb5_fields[] = {
     { 3, 9, "caddr", 1003},
     { 3, 10, "authorization-data", 1004},
 
-    { 10, 1, "pvno"},	/* AS-REQ */
+    { 10, 1, "pvno"},   /* AS-REQ */
     { 10, 2, "msg-type"},
     { 10, 3, "padata", 1008},
     { 10, 4, "req-body", 1007},
 
-    { 11, 0, "pvno"},	/* AS-REP */
+    { 11, 0, "pvno"},   /* AS-REP */
     { 11, 1, "msg-type"},
     { 11, 2, "padata", 1008},
     { 11, 3, "crealm"},
@@ -597,12 +598,12 @@ struct typestring_table krb5_fields[] = {
     { 11, 5, "ticket"},
     { 11, 6, "enc-part", 1001},
 
-    { 12, 1, "pvno"},	/* TGS-REQ */
+    { 12, 1, "pvno"},   /* TGS-REQ */
     { 12, 2, "msg-type"},
     { 12, 3, "padata", 1008},
     { 12, 4, "req-body", 1007},
 
-    { 13, 0, "pvno"},	/* TGS-REP */
+    { 13, 0, "pvno"},   /* TGS-REP */
     { 13, 1, "msg-type"},
     { 13, 2, "padata", 1008},
     { 13, 3, "crealm"},
@@ -610,31 +611,31 @@ struct typestring_table krb5_fields[] = {
     { 13, 5, "ticket"},
     { 13, 6, "enc-part", 1001},
 
-    { 14, 0, "pvno"},	/* AP-REQ */
+    { 14, 0, "pvno"},   /* AP-REQ */
     { 14, 1, "msg-type"},
     { 14, 2, "ap-options"},
     { 14, 3, "ticket"},
     { 14, 4, "authenticator", 1001},
 
-    { 15, 0, "pvno"},	/* AP-REP */
+    { 15, 0, "pvno"},   /* AP-REP */
     { 15, 1, "msg-type"},
     { 15, 2, "enc-part", 1001},
 
-    { 20, 0, "pvno"},	/* KRB-SAFE */
+    { 20, 0, "pvno"},   /* KRB-SAFE */
     { 20, 1, "msg-type"},
     { 20, 2, "safe-body", 1009},
     { 20, 3, "cksum", 1006},
 
-    { 21, 0, "pvno"},	/* KRB-PRIV */
+    { 21, 0, "pvno"},   /* KRB-PRIV */
     { 21, 1, "msg-type"},
     { 21, 2, "enc-part", 1001},
 
-    { 22, 0, "pvno"},	/* KRB-CRED */
+    { 22, 0, "pvno"},   /* KRB-CRED */
     { 22, 1, "msg-type"},
     { 22, 2, "tickets"},
     { 22, 3, "enc-part", 1001},
 
-    { 25, 0, "key", 1005},	/* EncASRepPart */
+    { 25, 0, "key", 1005},      /* EncASRepPart */
     { 25, 1, "last-req", 1010},
     { 25, 2, "nonce"},
     { 25, 3, "key-expiration"},
@@ -647,7 +648,7 @@ struct typestring_table krb5_fields[] = {
     { 25, 10, "sname", 1000},
     { 25, 11, "caddr", 1003},
 
-    { 26, 0, "key", 1005},	/* EncTGSRepPart */
+    { 26, 0, "key", 1005},      /* EncTGSRepPart */
     { 26, 1, "last-req", 1010},
     { 26, 2, "nonce"},
     { 26, 3, "key-expiration"},
@@ -660,26 +661,26 @@ struct typestring_table krb5_fields[] = {
     { 26, 10, "sname", 1000},
     { 26, 11, "caddr", 1003},
 
-    { 27, 0, "ctime"},	/* EncApRepPart */
+    { 27, 0, "ctime"},  /* EncApRepPart */
     { 27, 1, "cusec"},
     { 27, 2, "subkey", 1005},
     { 27, 3, "seq-number"},
 
-    { 28, 0, "user-data"},	/* EncKrbPrivPart */
+    { 28, 0, "user-data"},      /* EncKrbPrivPart */
     { 28, 1, "timestamp"},
     { 28, 2, "usec"},
     { 28, 3, "seq-number"},
     { 28, 4, "s-address", 1002},
     { 28, 5, "r-address", 1002},
 
-    { 29, 0, "ticket-info", 1011},	/* EncKrbCredPart */
+    { 29, 0, "ticket-info", 1011},      /* EncKrbCredPart */
     { 29, 1, "nonce"},
     { 29, 2, "timestamp"},
     { 29, 3, "usec"},
     { 29, 4, "s-address", 1002},
     { 29, 5, "r-address", 1002},
 
-    { 30, 0, "pvno"},	/* KRB-ERROR */
+    { 30, 0, "pvno"},   /* KRB-ERROR */
     { 30, 1, "msg-type"},
     { 30, 2, "ctime"},
     { 30, 3, "cusec"},
@@ -702,61 +703,61 @@ void print_tag_type(fp, eid, lev)
     int     eid;
     int     lev;
 {
-    int	tag = eid & ID_TAG;
-    int	do_space = 1;
-    char	*str;
+    int tag = eid & ID_TAG;
+    int do_space = 1;
+    char        *str;
 
     fprintf(fp, "[");
 
     switch(eid & ID_CLASS) {
     case CLASS_UNIV:
-	if (print_types && print_skip_tagnum)
-	    do_space = 0;
-	else
-	    fprintf(fp, "UNIV %d", tag);
-	break;
+        if (print_types && print_skip_tagnum)
+            do_space = 0;
+        else
+            fprintf(fp, "UNIV %d", tag);
+        break;
     case CLASS_APPL:
-	current_appl_type = tag;
+        current_appl_type = tag;
 #ifdef KRB5
-	if (print_krb5_types) {
-	    str = lookup_typestring(krb5_types, tag, -1);
-	    if (str) {
-		fputs(str, fp);
-		break;
-	    }
-	}
+        if (print_krb5_types) {
+            str = lookup_typestring(krb5_types, tag, -1);
+            if (str) {
+                fputs(str, fp);
+                break;
+            }
+        }
 #endif
-	fprintf(fp, "APPL %d", tag);
-	break;
+        fprintf(fp, "APPL %d", tag);
+        break;
     case CLASS_CONT:
 #ifdef KRB5
-	if (print_krb5_types && current_appl_type) {
-	    str = lookup_typestring(krb5_fields,
-				    current_appl_type, tag);
-	    if (str) {
-		fputs(str, fp);
-		break;
-	    }
-	}
+        if (print_krb5_types && current_appl_type) {
+            str = lookup_typestring(krb5_fields,
+                                    current_appl_type, tag);
+            if (str) {
+                fputs(str, fp);
+                break;
+            }
+        }
 #endif
-	if (print_skip_context && lev)
-	    fprintf(fp, "%d", tag);
-	else
-	    fprintf(fp, "CONT %d", tag);
-	break;
+        if (print_skip_context && lev)
+            fprintf(fp, "%d", tag);
+        else
+            fprintf(fp, "CONT %d", tag);
+        break;
     case CLASS_PRIV:
-	fprintf(fp, "PRIV %d", tag);
-	break;
+        fprintf(fp, "PRIV %d", tag);
+        break;
     }
 
     if (print_types && ((eid & ID_CLASS) == CLASS_UNIV)) {
-	if (do_space)
-	    fputs(" ", fp);
-	str = lookup_typestring(univ_types, eid & ID_TAG, -1);
-	if (str)
-	    fputs(str, fp);
-	else
-	    fprintf(fp, "UNIV %d???", eid & ID_TAG);
+        if (do_space)
+            fputs(" ", fp);
+        str = lookup_typestring(univ_types, eid & ID_TAG, -1);
+        if (str)
+            fputs(str, fp);
+        else
+            fprintf(fp, "UNIV %d???", eid & ID_TAG);
     }
 
     fprintf(fp, "] ");
diff --git a/src/tests/asn.1/utility.c b/src/tests/asn.1/utility.c
index 1b2e982..b3d3639 100644
--- a/src/tests/asn.1/utility.c
+++ b/src/tests/asn.1/utility.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "utility.h"
 #include "krb5.h"
 #include <stdlib.h>
@@ -15,22 +16,22 @@ asn1_error_code asn1_krb5_data_unparse(code, s)
     if (*s != NULL) free(*s);
 
     if (code==NULL) {
-	*s = strdup("<NULL>");
-	if (*s == NULL) return ENOMEM;
+        *s = strdup("<NULL>");
+        if (*s == NULL) return ENOMEM;
     } else if (code->data == NULL || ((int) code->length) <= 0) {
-	*s = strdup("<EMPTY>");
-	if (*s==NULL) return ENOMEM;
+        *s = strdup("<EMPTY>");
+        if (*s==NULL) return ENOMEM;
     } else {
-	unsigned int i;
+        unsigned int i;
 
-	*s = (char*)calloc((size_t) 3*(code->length), sizeof(char));
-	if (*s == NULL) return ENOMEM;
-	for (i = 0; i < code->length; i++) {
-	    (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4));
-	    (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F));
-	    (*s)[3*i+2] = ' ';
-	}
-	(*s)[3*(code->length)-1] = '\0';
+        *s = (char*)calloc((size_t) 3*(code->length), sizeof(char));
+        if (*s == NULL) return ENOMEM;
+        for (i = 0; i < code->length; i++) {
+            (*s)[3*i] = hexchar((unsigned char) (((code->data)[i]&0xF0)>>4));
+            (*s)[3*i+1] = hexchar((unsigned char) ((code->data)[i]&0x0F));
+            (*s)[3*i+2] = ' ';
+        }
+        (*s)[3*(code->length)-1] = '\0';
     }
     return 0;
 }
@@ -39,11 +40,11 @@ char hexchar(digit)
     const unsigned int digit;
 {
     if (digit<=9)
-	return '0'+digit;
+        return '0'+digit;
     else if (digit<=15)
-	return 'A'+digit-10;
+        return 'A'+digit-10;
     else
-	return 'X';
+        return 'X';
 }
 
 krb5_error_code krb5_data_parse(d, s)
@@ -71,26 +72,26 @@ krb5_error_code krb5_data_hex_parse(krb5_data *d, const char *s)
 
     d->data = calloc((strlen(s) / 2 + 1), 1);
     if (d->data == NULL)
-	return ENOMEM;
+        return ENOMEM;
     d->length = 0;
     buf[1] = '\0';
     for (lo = 0, dp = d->data, cp = s; *cp; cp++) {
-	if (*cp < 0)
-	    return ASN1_PARSE_ERROR;
-	else if (isspace((unsigned char) *cp))
-	    continue;
-	else if (isxdigit((unsigned char) *cp)) {
-	    buf[0] = *cp;
-	    v = strtol(buf, NULL, 16);
-	} else
-	    return ASN1_PARSE_ERROR;
-	if (lo) {
-	    *dp++ |= v;
-	    lo = 0;
-	} else {
-	    *dp = v << 4;
-	    lo = 1;
-	}
+        if (*cp < 0)
+            return ASN1_PARSE_ERROR;
+        else if (isspace((unsigned char) *cp))
+            continue;
+        else if (isxdigit((unsigned char) *cp)) {
+            buf[0] = *cp;
+            v = strtol(buf, NULL, 16);
+        } else
+            return ASN1_PARSE_ERROR;
+        if (lo) {
+            *dp++ |= v;
+            lo = 0;
+        } else {
+            *dp = v << 4;
+            lo = 1;
+        }
     }
 
     d->length = dp - d->data;
@@ -113,9 +114,9 @@ void asn1buf_print(buf)
     s = calloc(3*length, sizeof(char));
     if (s == NULL) return;
     for (i=0; i<length; i++) {
-	s[3*i] = hexchar(((bufcopy.base)[i]&0xF0)>>4);
-	s[3*i+1] = hexchar((bufcopy.base)[i]&0x0F);
-	s[3*i+2] = ' ';
+        s[3*i] = hexchar(((bufcopy.base)[i]&0xF0)>>4);
+        s[3*i+1] = hexchar((bufcopy.base)[i]&0x0F);
+        s[3*i+2] = ' ';
     }
     s[3*length-1] = '\0';
 
@@ -129,7 +130,7 @@ void init_access(const char *progname)
     krb5_error_code ret;
     ret = krb5int_accessor(&acc, KRB5INT_ACCESS_VERSION);
     if (ret) {
-	com_err(progname, ret, "while initializing accessor");
-	exit(1);
+        com_err(progname, ret, "while initializing accessor");
+        exit(1);
     }
 }
diff --git a/src/tests/create/Makefile.in b/src/tests/create/Makefile.in
index 26f8b6c..bacb5d2 100644
--- a/src/tests/create/Makefile.in
+++ b/src/tests/create/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/create
 mydir=tests/create
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/tests/create/deps b/src/tests/create/deps
index e24e7a8..c34ae10 100644
--- a/src/tests/create/deps
+++ b/src/tests/create/deps
@@ -3,12 +3,12 @@
 #
 $(OUTPRE)kdb5_mkdums.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SS_DEPS) kdb5_mkdums.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_mkdums.c
diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c
index 2f78a30..29143e0 100644
--- a/src/tests/create/kdb5_mkdums.c
+++ b/src/tests/create/kdb5_mkdums.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/create/kdb5_mkdums.c
  *
@@ -34,8 +35,8 @@
 #include <stdio.h>
 
 
-#define REALM_SEP	'@'
-#define REALM_SEP_STR	"@"
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
 
 struct mblock {
     krb5_deltat max_life;
@@ -43,7 +44,7 @@ struct mblock {
     krb5_timestamp expiration;
     krb5_flags flags;
     krb5_kvno mkvno;
-} mblock = {				/* XXX */
+} mblock = {                            /* XXX */
     KRB5_KDB_MAX_LIFE,
     KRB5_KDB_MAX_RLIFE,
     KRB5_KDB_EXPIRATION,
@@ -55,12 +56,12 @@ int set_dbname_help (char *, char *);
 
 static void
 usage(who, status)
-char *who;
-int status;
+    char *who;
+    int status;
 {
     fprintf(stderr,
-	    "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n",
-	    who);
+            "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n",
+            who);
     fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");
 
     exit(status);
@@ -102,7 +103,7 @@ main(argc, argv)
     krb5_init_context(&test_context);
 
     if (strrchr(argv[0], '/'))
-	argv[0] = strrchr(argv[0], '/')+1;
+        argv[0] = strrchr(argv[0], '/')+1;
 
     progname = argv[0];
 
@@ -111,98 +112,98 @@ main(argc, argv)
     depth = 1;
 
     while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:k:M:e:m")) != -1) {
-	switch(optchar) {
-	case 'D':
-	    depth = atoi(optarg);       /* how deep to go */
-	    break;
-        case 'P':		/* Only used for testing!!! */
-	    mkey_password = optarg;
-	    break;
-	case 'p':                       /* prefix name to create */
-	    strncpy(principal_string, optarg, sizeof(principal_string) - 1);
-	    principal_string[sizeof(principal_string) - 1] = '\0';
-	    suffix = principal_string + strlen(principal_string);
-	    suffix_size = sizeof(principal_string) -
-	      (suffix - principal_string);
-	    break;
-	case 'n':                        /* how many to create */
-	    num_to_create = atoi(optarg);
-	    break;
-	case 'd':			/* set db name */
-	    dbname = optarg;
-	    break;
-	case 'r':
-	    cur_realm = optarg;
-	    break;
-	case 'k':
-	    master_keyblock.enctype = atoi(optarg);
-	    enctypedone++;
-	    break;
-	case 'M':			/* master key name in DB */
-	    mkey_name = optarg;
-	    break;
-	case 'm':
-	    manual_mkey = TRUE;
-	    break;
-	case '?':
-	default:
-	    usage(progname, 1);
-	    /*NOTREACHED*/
-	}
+        switch(optchar) {
+        case 'D':
+            depth = atoi(optarg);       /* how deep to go */
+            break;
+        case 'P':               /* Only used for testing!!! */
+            mkey_password = optarg;
+            break;
+        case 'p':                       /* prefix name to create */
+            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+            principal_string[sizeof(principal_string) - 1] = '\0';
+            suffix = principal_string + strlen(principal_string);
+            suffix_size = sizeof(principal_string) -
+                (suffix - principal_string);
+            break;
+        case 'n':                        /* how many to create */
+            num_to_create = atoi(optarg);
+            break;
+        case 'd':                       /* set db name */
+            dbname = optarg;
+            break;
+        case 'r':
+            cur_realm = optarg;
+            break;
+        case 'k':
+            master_keyblock.enctype = atoi(optarg);
+            enctypedone++;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'm':
+            manual_mkey = TRUE;
+            break;
+        case '?':
+        default:
+            usage(progname, 1);
+            /*NOTREACHED*/
+        }
     }
 
     if (!(num_to_create && suffix)) usage(progname, 1);
 
     if (!enctypedone)
-	master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+        master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
 
     if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
-	com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
-		"while setting up enctype %d", master_keyblock.enctype);
-	exit(1);
+        com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
+        exit(1);
     }
 
     if (!dbname)
-	dbname = DEFAULT_KDB_FILE;	/* XXX? */
+        dbname = DEFAULT_KDB_FILE;      /* XXX? */
 
     if (!cur_realm) {
-	if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
-	    com_err(progname, retval, "while retrieving default realm name");
-	    exit(1);
-	}
+        if ((retval = krb5_get_default_realm(test_context, &cur_realm))) {
+            com_err(progname, retval, "while retrieving default realm name");
+            exit(1);
+        }
     }
     if ((retval = set_dbname_help(progname, dbname)))
-	exit(retval);
+        exit(retval);
 
     for (n = 1; n <= num_to_create; n++) {
-      /* build the new principal name */
-      /* we can't pick random names because we need to generate all the names
-	 again given a prefix and count to test the db lib and kdb */
-      (void) snprintf(suffix, suffix_size, "%d", n);
-      (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
-      tmp[sizeof(tmp) - 1] = '\0';
-      str_newprinc = tmp;
-      add_princ(test_context, str_newprinc);
-
-      for (i = 2; i <= depth; i++) {
-	(void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
-			principal_string, i);
-	tmp2[sizeof(tmp2) - 1] = '\0';
-	strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
-	str_newprinc = tmp;
-	add_princ(test_context, str_newprinc);
-      }
+        /* build the new principal name */
+        /* we can't pick random names because we need to generate all the names
+           again given a prefix and count to test the db lib and kdb */
+        (void) snprintf(suffix, suffix_size, "%d", n);
+        (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
+        tmp[sizeof(tmp) - 1] = '\0';
+        str_newprinc = tmp;
+        add_princ(test_context, str_newprinc);
+
+        for (i = 2; i <= depth; i++) {
+            (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
+                            principal_string, i);
+            tmp2[sizeof(tmp2) - 1] = '\0';
+            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
+            str_newprinc = tmp;
+            add_princ(test_context, str_newprinc);
+        }
     }
 
     retval = krb5_db_fini(test_context);
     memset(master_keyblock.contents, 0,
-	   (size_t) master_keyblock.length);
+           (size_t) master_keyblock.length);
     if (retval && retval != KRB5_KDB_DBNOTINITED) {
-	com_err(progname, retval, "while closing database");
-	exit(1);
+        com_err(progname, retval, "while closing database");
+        exit(1);
     }
     if (master_princ_set) {
-	krb5_free_principal(test_context, master_princ);
+        krb5_free_principal(test_context, master_princ);
     }
     krb5_free_context(test_context);
     exit(0);
@@ -210,19 +211,19 @@ main(argc, argv)
 
 void
 add_princ(context, str_newprinc)
-    krb5_context 	  context;
-    char 		* str_newprinc;
+    krb5_context          context;
+    char                * str_newprinc;
 {
-    krb5_error_code 	  retval;
-    krb5_principal 	  newprinc;
-    krb5_db_entry 	  newentry;
-    char 		  princ_name[4096];
+    krb5_error_code       retval;
+    krb5_principal        newprinc;
+    krb5_db_entry         newentry;
+    char                  princ_name[4096];
 
     memset(&newentry, 0, sizeof(newentry));
     snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm);
     if ((retval = krb5_parse_name(context, princ_name, &newprinc))) {
-      com_err(progname, retval, "while parsing '%s'", princ_name);
-      return;
+        com_err(progname, retval, "while parsing '%s'", princ_name);
+        return;
     }
 
     /* Add basic data */
@@ -235,29 +236,29 @@ add_princ(context, str_newprinc)
 
     /* Add princ to db entry */
     if ((retval = krb5_copy_principal(context, newprinc, &newentry.princ))) {
-      	com_err(progname, retval, "while encoding princ to db entry for '%s'",
-	        princ_name);
-	krb5_free_principal(context, newprinc);
-	goto error;
+        com_err(progname, retval, "while encoding princ to db entry for '%s'",
+                princ_name);
+        krb5_free_principal(context, newprinc);
+        goto error;
     }
 
     {
-	/* Add mod princ to db entry */
-	krb5_int32 now;
-
-	retval = krb5_timeofday(context, &now);
-	if (retval) {
-	    com_err(progname, retval, "while fetching date");
-	    krb5_free_principal(context, newprinc);
-	    goto error;
-	}
-	retval = krb5_dbe_update_mod_princ_data(context, &newentry, now,
-					       master_princ);
-	if (retval) {
-	    com_err(progname, retval, "while encoding mod_princ data");
-	    krb5_free_principal(context, newprinc);
-	    goto error;
-	}
+        /* Add mod princ to db entry */
+        krb5_int32 now;
+
+        retval = krb5_timeofday(context, &now);
+        if (retval) {
+            com_err(progname, retval, "while fetching date");
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
+        retval = krb5_dbe_update_mod_princ_data(context, &newentry, now,
+                                                master_princ);
+        if (retval) {
+            com_err(progname, retval, "while encoding mod_princ data");
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
     }
 
     {   /* Add key and salt data to db entry */
@@ -265,54 +266,54 @@ add_princ(context, str_newprinc)
         krb5_keyblock key;
 
         if ((retval = krb5_principal2salt(context, newprinc, &salt))) {
-	    com_err(progname, retval, "while converting princ to salt for '%s'",
-		    princ_name);
-	    krb5_free_principal(context, newprinc);
-	    goto error;
+            com_err(progname, retval, "while converting princ to salt for '%s'",
+                    princ_name);
+            krb5_free_principal(context, newprinc);
+            goto error;
+        }
+
+        krb5_free_principal(context, newprinc);
+
+        pwd.length = strlen(princ_name);
+        pwd.data = princ_name;  /* must be able to regenerate */
+        if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
+                                           &pwd, &salt, &key))) {
+            com_err(progname,retval,"while converting password to key for '%s'",
+                    princ_name);
+            krb5_free_data_contents(context, &salt);
+            goto error;
         }
+        krb5_free_data_contents(context, &salt);
 
-	krb5_free_principal(context, newprinc);
-
-    	pwd.length = strlen(princ_name);
-    	pwd.data = princ_name;  /* must be able to regenerate */
-    	if ((retval = krb5_c_string_to_key(context, master_keyblock.enctype,
-					   &pwd, &salt, &key))) {
-	    com_err(progname,retval,"while converting password to key for '%s'",
-		    princ_name);
-	    krb5_free_data_contents(context, &salt);
-	    goto error;
-	}
-	krb5_free_data_contents(context, &salt);
-
-	if ((retval = krb5_dbe_create_key_data(context, &newentry))) {
-	    com_err(progname, retval, "while creating key_data for '%s'",
-		    princ_name);
+        if ((retval = krb5_dbe_create_key_data(context, &newentry))) {
+            com_err(progname, retval, "while creating key_data for '%s'",
+                    princ_name);
             free(key.contents);
-	    goto error;
+            goto error;
         }
 
         if ((retval = krb5_dbekd_encrypt_key_data(context,&master_keyblock,
-						  &key, NULL, 1,
-						  newentry.key_data))) {
-    	    com_err(progname, retval, "while encrypting key for '%s'",
-		    princ_name);
+                                                  &key, NULL, 1,
+                                                  newentry.key_data))) {
+            com_err(progname, retval, "while encrypting key for '%s'",
+                    princ_name);
             free(key.contents);
-	    goto error;
+            goto error;
         }
         free(key.contents);
     }
 
     {
-	int one = 1;
-
-    	if ((retval = krb5_db_put_principal(context, &newentry, &one))) {
-	    com_err(progname, retval, "while storing principal date");
-	    goto error;
-    	}
-    	if (one != 1) {
-	   com_err(progname,0,"entry not stored in database (unknown failure)");
-	    goto error;
-    	}
+        int one = 1;
+
+        if ((retval = krb5_db_put_principal(context, &newentry, &one))) {
+            com_err(progname, retval, "while storing principal date");
+            goto error;
+        }
+        if (one != 1) {
+            com_err(progname,0,"entry not stored in database (unknown failure)");
+            goto error;
+        }
     }
 
     fprintf(stdout, "Added %s to database\n", princ_name);
@@ -327,8 +328,8 @@ error: /* Do cleanup of newentry regardless of error */
 
 int
 set_dbname_help(pname, dbname)
-char *pname;
-char *dbname;
+    char *pname;
+    char *dbname;
 {
     krb5_error_code retval;
     int nentries;
@@ -339,79 +340,79 @@ char *dbname;
     /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(test_context, mkey_name, cur_realm,
-					  0, &master_princ))) {
-	com_err(pname, retval, "while setting up master key name");
-	return(1);
+                                          0, &master_princ))) {
+        com_err(pname, retval, "while setting up master key name");
+        return(1);
     }
     master_princ_set = 1;
     if (mkey_password) {
-	pwd.data = mkey_password;
-	pwd.length = strlen(mkey_password);
-	retval = krb5_principal2salt(test_context, master_princ, &scratch);
-	if (retval) {
-	    com_err(pname, retval, "while calculated master key salt");
-	    return(1);
-	}
-	if ((retval = krb5_c_string_to_key(test_context,
-					   master_keyblock.enctype,
-					   &pwd, &scratch,
-					   &master_keyblock))) {
-	    com_err(pname, retval,
-		    "while transforming master key from password");
-	    return(1);
-	}
-	free(scratch.data);
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(test_context, master_princ, &scratch);
+        if (retval) {
+            com_err(pname, retval, "while calculated master key salt");
+            return(1);
+        }
+        if ((retval = krb5_c_string_to_key(test_context,
+                                           master_keyblock.enctype,
+                                           &pwd, &scratch,
+                                           &master_keyblock))) {
+            com_err(pname, retval,
+                    "while transforming master key from password");
+            return(1);
+        }
+        free(scratch.data);
     } else {
-	if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
-					master_keyblock.enctype, manual_mkey,
-					FALSE, 0, NULL, NULL,
-                                        &master_keyblock))) {
-	    com_err(pname, retval, "while reading master key");
-	    return(1);
-	}
+        if ((retval = krb5_db_fetch_mkey(test_context, master_princ,
+                                         master_keyblock.enctype, manual_mkey,
+                                         FALSE, 0, NULL, NULL,
+                                         &master_keyblock))) {
+            com_err(pname, retval, "while reading master key");
+            return(1);
+        }
     }
 
     /* Ick!  Current DAL interface requires that the default_realm
        field be set in the krb5_context.  */
     if ((retval = krb5_set_default_realm(test_context, cur_realm))) {
-	com_err(pname, retval, "setting default realm");
-	return 1;
+        com_err(pname, retval, "setting default realm");
+        return 1;
     }
     /* Pathname is passed to db2 via 'args' parameter.  */
     args[1] = NULL;
     if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
-	com_err(pname, errno, "while setting up db parameters");
-	return 1;
+        com_err(pname, errno, "while setting up db parameters");
+        return 1;
     }
 
     if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) {
-	com_err(pname, retval, "while initializing database");
-	return(1);
+        com_err(pname, retval, "while initializing database");
+        return(1);
     }
     /* Done with args */
     free(args[0]);
 
     if ((retval = krb5_db_verify_master_key(test_context, master_princ,
-					   IGNORE_VNO, &master_keyblock))){
-	com_err(pname, retval, "while verifying master key");
-	(void) krb5_db_fini(test_context);
-	return(1);
+                                            IGNORE_VNO, &master_keyblock))){
+        com_err(pname, retval, "while verifying master key");
+        (void) krb5_db_fini(test_context);
+        return(1);
     }
     nentries = 1;
     if ((retval = krb5_db_get_principal(test_context, master_princ,
-				       &master_entry, &nentries, &more))) {
-	com_err(pname, retval, "while retrieving master entry");
-	(void) krb5_db_fini(test_context);
-	return(1);
+                                        &master_entry, &nentries, &more))) {
+        com_err(pname, retval, "while retrieving master entry");
+        (void) krb5_db_fini(test_context);
+        return(1);
     } else if (more) {
-	com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
-		"while retrieving master entry");
-	(void) krb5_db_fini(test_context);
-	return(1);
+        com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
+                "while retrieving master entry");
+        (void) krb5_db_fini(test_context);
+        return(1);
     } else if (!nentries) {
-	com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry");
-	(void) krb5_db_fini(test_context);
-	return(1);
+        com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry");
+        (void) krb5_db_fini(test_context);
+        return(1);
     }
 
     mblock.max_life = master_entry.max_life;
diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in
index e426f32..51e9c1f 100644
--- a/src/tests/dejagnu/Makefile.in
+++ b/src/tests/dejagnu/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/dejagnu
 mydir=tests/dejagnu
 BUILDTOP=$(REL)..$(S)..
 RUNTEST = @RUNTEST@ $(DEJAFLAGS)
diff --git a/src/tests/dejagnu/krb-root/rlogin.exp b/src/tests/dejagnu/krb-root/rlogin.exp
deleted file mode 100644
index a0e8e4f..0000000
--- a/src/tests/dejagnu/krb-root/rlogin.exp
+++ /dev/null
@@ -1,322 +0,0 @@
-# Kerberos rlogin test.
-# This is a DejaGnu test script.
-# This script tests Kerberos rlogin.
-# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-
-# Find the programs we need.  We use the binaries from the build tree
-# if they exist.  If they do not, then they must be in PATH.  We
-# expect $objdir to be .../kerberos/src.
-
-if ![info exists KRLOGIN] {
-    set KRLOGIN [findfile $objdir/../../appl/bsd/rlogin]
-}
-
-if ![info exists KRLOGIND] {
-    set KRLOGIND [findfile $objdir/../../appl/bsd/klogind]
-}
-
-if ![info exists LOGINKRB5] {
-    set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5]
-}
-
-# Start up a root shell.
-if ![setup_root_shell rlogin] {
-    return
-}
-
-# Make sure .k5login is reasonable.
-if ![check_k5login rlogin] {
-    stop_root_shell
-    return
-}
-
-# Set up the kerberos database.
-if {![get_hostname] \
-    || ![setup_kerberos_files] \
-    || ![setup_kerberos_env] \
-    || ![setup_kerberos_db 0]} {
-    stop_root_shell
-    return
-}
-
-# A procedure to start up the rlogin daemon.
-
-proc start_rlogin_daemon { option } {
-    global REALMNAME
-    global KRLOGIND
-    global LOGINKRB5
-    global ROOT_PROMPT
-    global tmppwd
-    global hostname
-    global rlogin_spawn_id
-    global krlogind_pid
-    global portbase
-
-    # The -p argument tells it to accept a single connection, so we
-    # don't need to use inetd.  The 3543 is the port to listen at.
-    # Note that tmppwd here is a shell variable, which is set in
-    # setup_root_shell, not a TCL variable.  The sh -c is to workaround
-    # the broken controlling tty handling in hpux, and shouldn't hurt
-    # anything else.
-    send -i $rlogin_spawn_id "sh -c \"$KRLOGIND -k -c -D [expr 8 + $portbase] -S \$tmppwd/srvtab -M $REALMNAME -L $LOGINKRB5 $option\" &\r"
-    expect {
-	-i $rlogin_spawn_id 
-	-re "$ROOT_PROMPT" { }
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-    send -i $rlogin_spawn_id "echo \$!\r"
-    expect {
-	-i $rlogin_spawn_id
-	-re "\[0-9\]+" {
-	    set krlogind_pid $expect_out(0,string)
-	    verbose "krlogind process ID is $krlogind_pid"
-	}
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-    expect {
-	-i $rlogin_spawn_id
-	-re "$ROOT_PROMPT" { }
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-
-    # Give the rlogin daemon a few seconds to get set up.
-    sleep 2
-}
-
-# A procedure to stop the rlogin daemon.
-
-proc stop_rlogin_daemon { } {
-    global krlogind_pid
-
-    if [info exists krlogind_pid] {
-	catch "exec kill $krlogind_pid"
-	unset krlogind_pid
-    }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc rlogin_test { } {
-    global REALMNAME
-    global KRLOGIN
-    global BINSH
-    global SHELL_PROMPT
-    global KEY
-    global hostname
-    global hostname
-    global env
-    global portbase
-
-    # Start up the kerberos and kadmind daemons and get a srvtab and a
-    # ticket file.
-    if {![start_kerberos_daemons 0] \
-        || ![add_kerberos_key host/$hostname 0] \
-        || ![setup_srvtab 0] \
-	|| ![add_kerberos_key $env(USER) 0] \
-	|| ![kinit $env(USER) $env(USER)$KEY 0]} {
-	return
-    }
-
-    # Start up the rlogin daemon.
-    start_rlogin_daemon -k
-
-    # Make an rlogin connection.
-    spawn $KRLOGIN $hostname -k $REALMNAME -D [expr 8 + $portbase]
-
-    expect_after {
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	"onnection closed." {
-	    fail "$testname (connection closed)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "rlogin"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Switch to /bin/sh to try to avoid confusion from the shell
-    # prompt.
-    set testname "shell"
-    send "$BINSH\r"
-    expect "$BINSH"
-    expect -re "$SHELL_PROMPT"
-
-    set testname "date"
-    send "date\r"
-    expect "date"
-    expect {
-	-re "\[A-Za-z0-9 :\]+\[\r\n\]+" {
-	    if [check_date $expect_out(0,string)] {
-		pass "date"
-	    } else {
-		fail "date"
-	    }
-	}
-    }
-    expect -re "$SHELL_PROMPT"
-
-    set testname "exit"
-    send "exit\r"
-    expect -re "$SHELL_PROMPT"
-    send "exit\r"
-    expect {
-	"onnection closed." {
-	    pass $testname
-	}
-    }
-    # This last expect seems useless, but without it the rlogin process
-    # sometimes hangs on HP-UX, in a tcsetattr call with TCSADRAIN.
-    expect {
-        "\r" { }
-    }
-
-    expect_after
-
-    if [check_exit_status "exit status"] {
-	pass "exit status"
-    }
-
-    # The rlogin daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_rlogin_daemon
-
-    # Try an encrypted connection.
-    start_rlogin_daemon -e
-    spawn $KRLOGIN $hostname -x -k $REALMNAME -D [expr 8 + $portbase]
-
-    expect_after {
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	"onnection closed" {
-	    fail "$testname (connection closed)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "encrypted rlogin"
-    expect -re "encrypting .* transmissions"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Switch to /bin/sh to try to avoid confusion from the shell
-    # prompt.
-    set testname "shell"
-    send "$BINSH\r"
-    expect "$BINSH"
-    expect -re "$SHELL_PROMPT"
-
-    # Make sure the encryption is not destroying the text.
-    set testname "echo"
-    send "echo hello\r"
-    expect "echo hello"
-    expect "hello"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Send some characters which might cause an interrupt, and then
-    # make sure we can still talk to the shell.
-    set testname "interrupt characters"
-    send "\003\177\034\r"
-    expect -re "$SHELL_PROMPT"
-    send "echo hello\r"
-    expect "echo hello"
-    expect "hello"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    set testname "~."
-    send "~."
-    expect {
-	"Closed connection.\r" {
-	    pass $testname
-	}
-	"onnection closed" {
-	    pass $testname
-	}
-    }
-
-    expect_after
-
-    if [check_exit_status "exit status"] {
-	pass "exit status"
-    }
-
-    # The rlogin daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_rlogin_daemon
-}
-
-# Run the test.  Logging in sometimes takes a while, so increase the
-# timeout.
-set oldtimeout $timeout
-set timeout 60
-set status [catch rlogin_test msg]
-set timeout $oldtimeout
-
-# Shut down the kerberos daemons, the rlogin daemon, and the root
-# process.
-stop_kerberos_daemons
-
-stop_rlogin_daemon
-
-stop_root_shell
-
-if { $status != 0 } {
-    send_error "ERROR: error in rlogin.exp\n"
-    send_error "$msg\n"
-    exit 1
-}
diff --git a/src/tests/dejagnu/krb-root/telnet.exp b/src/tests/dejagnu/krb-root/telnet.exp
deleted file mode 100644
index 17095b3..0000000
--- a/src/tests/dejagnu/krb-root/telnet.exp
+++ /dev/null
@@ -1,451 +0,0 @@
-# Kerberos telnet test.
-# This is a DejaGnu test script.
-# This script tests Kerberos telnet.
-# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-
-# Find the programs we need.  We use the binaries from the build tree
-# if they exist.  If they do not, then they must be in PATH.  We
-# expect $objdir to be .../kerberos/src.
-
-if ![info exists TELNET] {
-    set TELNET [findfile $objdir/../../appl/telnet/telnet/telnet]
-}
-
-if ![info exists TELNETD] {
-    set TELNETD [findfile $objdir/../../appl/telnet/telnetd/telnetd]
-}
-
-if ![info exists LOGINKRB5] {
-    set LOGINKRB5 [findfile $objdir/../../appl/bsd/login.krb5]
-}
-
-if ![regexp des- $supported_enctypes] {
-    # Telnet needs a DES enctype.
-    verbose "Skipping telnet tests for lack of DES support."
-    return
-}
-
-# A procedure to start up the telnet daemon.
-
-proc start_telnet_daemon { args } {
-    global REALMNAME
-    global TELNETD
-    global LOGINKRB5
-    global ROOT_PROMPT
-    global tmppwd
-    global hostname
-    global rlogin_spawn_id
-    global telnetd_pid
-    global portbase
-
-    # Setup the shared library wrapper for login.krb5
-    if ![file exists $tmppwd/login.wrap] {
-	    setup_wrapper $tmppwd/login.wrap "$LOGINKRB5 $*"
-    }
-
-    # The -debug argument tells it to accept a single connection, so
-    # we don't need to use inetd.  The portbase+8 is the port to listen at.
-    # Note that tmppwd here is a shell variable, which is set in
-    # setup_root_shell, not a TCL variable.
-    send -i $rlogin_spawn_id "sh -c \"$TELNETD $args -debug -t \$tmppwd/srvtab -R $REALMNAME -L $tmppwd/login.wrap [expr 8 + $portbase]\" &\r"
-    expect {
-	-i $rlogin_spawn_id 
-	-re "$ROOT_PROMPT" { }
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-    send -i $rlogin_spawn_id "echo \$!\r"
-    expect {
-	-i $rlogin_spawn_id
-	-re "\[0-9\]+" {
-	    set telnetd_pid $expect_out(0,string)
-	    verbose "telnetd process ID is $telnetd_pid"
-	}
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-    expect {
-	-i $rlogin_spawn_id
-	-re "$ROOT_PROMPT" { }
-	timeout {
-	    send_error "ERROR: timeout from rlogin $hostname -l root\n"
-	    return
-	}
-	eof {
-	    send_error "ERROR: eof from rlogin $hostname -l root\n"
-	    return
-	}
-    }
-
-    # Give the telnet daemon a few seconds to get set up.
-    sleep 2
-}
-
-# A procedure to stop the telnet daemon.
-
-proc stop_telnet_daemon { } {
-    global telnetd_pid
-
-    if [info exists telnetd_pid] {
-	catch "exec kill $telnetd_pid"
-	unset telnetd_pid
-    }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc telnet_test { } {
-    global REALMNAME
-    global TELNET
-    global BINSH
-    global SHELL_PROMPT
-    global KEY
-    global hostname
-    global localhostname
-    global env
-    global portbase
-
-    # Start up the kerberos and kadmind daemons and get a srvtab and a
-    # ticket file.
-    if {![start_kerberos_daemons 0] \
-        || ![add_kerberos_key host/$hostname 0] \
-        || ![setup_srvtab 0] \
-	|| ![add_kerberos_key $env(USER) 0] \
-	|| ![kinit $env(USER) $env(USER)$KEY 0]} {
-	return
-    }
-
-    # Start up the telnet daemon.
-    start_telnet_daemon
-
-    # Start up our telnet connection.  We first try it without
-    # authentication, so the daemon should prompt for a login.
-    spawn $TELNET -- $hostname -[expr 8 + $portbase]
-    set telnet_pid [exp_pid]
-
-    expect_after {
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "simple telnet"
-    expect {
-	"ogin: " {
-	    pass $testname
-	}
-    }
-
-    # Move back to telnet command mode and make sure it seems
-    # reasonable.
-    set testname "telnet command mode"
-    send "\035"
-    expect {
-	"telnet> " {
-	    pass $testname
-	}
-    }
-
-    set testname "telnet status"
-    send "status\r"
-    # use -nocase because telnet may output the fqdn in upper-case;
-    # however, -nocase requires the whole pattern to be in lower case
-    expect {
-	-nocase -re "connected to $localhostname.*operating in single character mode.*catching signals locally.*remote character echo.*flow control.*escape character is '.\]'" {
-	    pass $testname
-	}
-    }
-
-    set testname "back to command mode"
-
-    # For some reason, the telnet client doesn't necessarily reset the
-    # terminal mode back to raw after exiting command mode.
-    # Kick it somewhat by sending a CR.
-    send "\r"
-    expect "ogin: "
-
-    send "\035"
-    expect {
-	"telnet> " {
-	    pass $testname
-	}
-    }
-
-    set testname "quit"
-    send "quit\r"
-    expect {
-	"Connection closed.\r" {
-	    pass $testname
-	}
-    }
-
-    expect_after
-
-# on hpux 10.x, the child telnet will hang in an ioctl().  This will
-# wait a while for an EOF, and kill the process if it doesn't exit by
-# itself.  The hang doesn't happen when telnet is run at the shell.
-
-    expect {
-	eof { }
-	timeout {
-	    stop_telnet_daemon
-	}
-    }
-
-    if ![check_exit_status "exit status"] {
-	return
-    }
-
-    pass "exit status"
-
-    # The telnet daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_telnet_daemon
-
-    # Try an authenticated connection.
-    start_telnet_daemon
-    spawn $TELNET -a -k $REALMNAME -- $hostname -[expr 8 + $portbase]
-
-    expect_after {
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	"Connection closed by foreign host.\r" {
-	    fail "$testname (connection closed)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "authenticated telnet"
-    expect "Kerberos V5 accepts you"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Switch to /bin/sh to try to avoid confusion from the shell
-    # prompt.
-    set testname "shell"
-    send "$BINSH\r"
-    expect -re "$SHELL_PROMPT"
-
-    set testname "date"
-    send "date\r"
-    expect "date"
-    expect {
-	-re "\[A-Za-z0-9 :\]+\[\r\n\]+" {
-	    if [check_date $expect_out(0,string)] {
-		pass "date"
-	    } else {
-		fail "date"
-	    }
-	}
-    }
-    expect -re "$SHELL_PROMPT"
-
-    set testname "exit"
-    send "exit\r"
-    expect -re "$SHELL_PROMPT"
-    send "exit\r"
-    expect {
-	"Connection closed by foreign host.\r" {
-	    pass $testname
-	}
-    }
-
-    expect_after
-    catch "expect eof"
-
-    # We can't use check_exit_status, because we expect an exit status
-    # of 1.
-    set status_list [wait -i $spawn_id]
-    verbose "wait -i $spawn_id returned $status_list (klist)"
-    if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
-	send_log "exit status: $status_list\n"
-	verbose "exit status: $status_list"
-	fail "exit status"
-    } else {
-	pass "exit status"
-    }
-
-    # The telnet daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_telnet_daemon
-
-    # Try an authenticated encrypted connection.
-    start_telnet_daemon
-    spawn $TELNET -a -x -k $REALMNAME -- $hostname -[expr 8 + $portbase]
-
-    expect_after {
-	timeout {
-	    fail $testname
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail $testname
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "encrypted telnet"
-    expect "Kerberos V5 accepts you"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Make sure the encryption is not destroying the text.
-    set testname "echo"
-    send "echo hello\r"
-    expect "echo hello"
-    expect "hello"
-    expect {
-	-re "$SHELL_PROMPT" {
-	    pass $testname
-	}
-    }
-
-    # Move back to telnet command mode and check the encryption status.
-    set testname "encryption status"
-    send "\035"
-    expect "telnet> "
-    send "status\r"
-    expect {
-	-re "Currently encrypting output with DES_CFB64.*Currently decrypting input with DES_CFB64" {
-	    pass $testname
-	}
-    }
-
-    set testname "exit status"
-    send "exit\r"
-    expect "Connection closed by foreign host.\r"
-
-    expect_after
-    catch "expect eof"
-
-    # We can't use check_exit_status, because we expect an exit status
-    # of 1.
-    set status_list [wait -i $spawn_id]
-    verbose "wait -i $spawn_id returned $status_list (klist)"
-    if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 1 } {
-	send_log "exit status: $status_list\n"
-	verbose "exit status: $status_list"
-	fail "exit status"
-    } else {
-	pass "exit status"
-    }
-
-    # The telnet daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_telnet_daemon
-
-    set testname "reject unencrypted telnet"
-    # Check rejection of unencrypted client when encryption is required
-    start_telnet_daemon -e
-
-    # unencrypted, unauthenticated
-    spawn $TELNET -- $hostname -[expr 8 + $portbase]
-    expect_after {
-	timeout {
-	    fail $testname
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail $testname
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    expect {
-	-re "Unencrypted connection refused.*\n" {
-	    pass $testname
-	}
-    }
-    catch "expect_after"
-    catch "expect eof"
-    catch wait
-
-    # The telnet daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_telnet_daemon
-}
-
-run_once telnet {
-    # Remove old wrapper script
-    catch "exec rm -f $tmppwd/login.wrap"
-
-    # Start up a root shell.
-    if ![setup_root_shell telnet] {
-	return
-    }
-
-    # Make sure .k5login is reasonable.
-    if ![check_k5login rlogin] {
-	stop_root_shell
-	return
-    }
-
-    # Set up the kerberos database.
-    if {![get_hostname] \
-	    || ![setup_kerberos_files] \
-	    || ![setup_kerberos_env] \
-	    || ![setup_kerberos_db 0]} {
-	stop_root_shell
-	return
-    }
-
-    # Run the test.  Logging in sometimes takes a while, so increase the
-    # timeout.
-    set oldtimeout $timeout
-    set timeout 60
-    set status [catch telnet_test msg]
-    set timeout $oldtimeout
-
-    # Shut down the kerberos daemons, the telnet daemon, and the rlogin
-    # process.
-    stop_kerberos_daemons
-
-    stop_telnet_daemon
-
-    stop_root_shell
-
-    if { $status != 0 } {
-	send_error "ERROR: error in telnet.exp\n"
-	send_error "$msg\n"
-	exit 1
-    }
-}
diff --git a/src/tests/dejagnu/krb-standalone/gssftp.exp b/src/tests/dejagnu/krb-standalone/gssftp.exp
deleted file mode 100644
index 42dc94c..0000000
--- a/src/tests/dejagnu/krb-standalone/gssftp.exp
+++ /dev/null
@@ -1,507 +0,0 @@
-# Kerberos ftp test.
-# This is a DejaGnu test script.
-# This script tests Kerberos ftp.
-# Originally written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-# Modified bye Ezra Peisach for GSSAPI support.
-
-# Find the programs we need.  We use the binaries from the build tree
-# if they exist.  If they do not, then they must be in PATH.  We
-# expect $objdir to be .../kerberos/build/tests/dejagnu
-
-if ![info exists FTP] {
-    set FTP [findfile $objdir/../../appl/gssftp/ftp/ftp]
-}
-
-if ![info exists FTPD] {
-    set FTPD [findfile $objdir/../../appl/gssftp/ftpd/ftpd]
-}
-
-# A procedure to start up the ftp daemon.
-
-proc start_ftp_daemon { } {
-    global FTPD
-    global tmppwd
-    global ftpd_spawn_id
-    global ftpd_pid
-    global portbase
-
-    # The -p argument tells it to accept a single connection, so we
-    # don't need to use inetd.  Portbase+8 is the port to listen at.
-    # We rely on KRB5_KTNAME being set to the proper keyfile as there is
-    # no way to cleanly set it with the gssapi API.
-    # The -U argument tells it to use an alternate ftpusers file (using
-    # /dev/null will allow root to login regardless of /etc/ftpusers).
-    # The -a argument requires authorization, to mitigate any
-    # vulnerability introduced by circumventing ftpusers.
-    spawn $FTPD -p [expr 8 + $portbase] -a -U /dev/null -r $tmppwd/krb5.conf
-    set ftpd_spawn_id $spawn_id
-    set ftpd_pid [exp_pid]
-
-    # Give the ftp daemon a few seconds to get set up.
-    sleep 2
-}
-
-# A procedure to stop the ftp daemon.
-
-proc stop_ftp_daemon { } {
-    global ftpd_spawn_id
-    global ftpd_pid
-
-    if [info exists ftpd_pid] {
-	catch "close -i $ftpd_spawn_id"
-	catch "exec kill $ftpd_pid"
-	catch "wait -i $ftpd_spawn_id"
-	unset ftpd_pid
-    }
-}
-
-# Test that a file was copied correctly.
-proc check_file { filename {bigfile 0}} {
-    if ![file exists $filename] {
-	verbose "$filename does not exist"
-	send_log "$filename does not exist\n"
-	return 0
-    }
-
-    set file [open $filename r]
-    if { [gets $file line] == -1 } {
-	verbose "$filename is empty"
-	send_log "$filename is empty\n"
-	close $file
-	return 0
-    }
-
-    if ![string match "This file is used for ftp testing." $line] {
-	verbose "$filename contains $line"
-	send_log "$filename contains $line\n"
-	close $file
-	return 0
-    }
-
-    if {$bigfile} {
-	# + 1 for the newline
-	seek $file 1048577 current
-	if { [gets $file line] == -1 } {
-	    verbose "$filename is truncated"
-	    send_log "$filename is truncated\n"
-	    close $file
-	    return 0
-	}
-
-	if ![string match "This file is used for ftp testing." $line] {
-	    verbose "$filename contains $line"
-	    send_log "$filename contains $line\n"
-	    close $file
-	    return 0
-	}
-    }
-
-    if { [gets $file line] != -1} {
-	verbose "$filename is too long ($line)"
-	send_log "$filename is too long ($line)\n"
-	close $file
-	return 0
-    }
-
-    close $file
-
-    return 1
-}
-
-#
-# Restore environment variables possibly set.
-#
-proc ftp_restore_env { } {
-    global env
-    global ftp_save_ktname
-
-    catch "unset env(KRB5_KTNAME)"
-    if [info exists ftp_save_ktname] {
-	set env(KRB5_KTNAME) $ftp_save_ktname
-	unset ftp_save_ktname
-    }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc ftp_test { } {
-    global FTP
-    global KEY
-    global REALMNAME
-    global hostname
-    global localhostname
-    global env
-    global ftpd_spawn_id
-    global ftpd_pid
-    global spawn_id
-    global tmppwd
-    global ftp_save_ktname
-    global portbase
-
-    # Start up the kerberos and kadmind daemons and get a srvtab and a
-    # ticket file.
-    if {![start_kerberos_daemons 0] \
-        || ![add_random_key ftp/$hostname 0] \
-	|| ![modify_principal ftp/$hostname -kvno 254] \
-        || ![setup_srvtab 0 ftp] \
-	|| ![xst $tmppwd/srvtab ftp/$hostname]
-	|| ![xst $tmppwd/srvtab ftp/$hostname]
-	|| ![xst $tmppwd/srvtab ftp/$hostname]
-	|| ![do_klist_kt $tmppwd/srvtab "gssftp keytab list"]
-	|| ![add_kerberos_key $env(USER) 0] \
-	|| ![kinit $env(USER) $env(USER)$KEY 0]} {
-	return
-    }
-    # Force the host key to exist, so we get consistent errors below.
-    catch "add_random_key host/$hostname 0"
-
-    #
-    # Save settings of KRB5_KTNAME
-    #
-    if [info exists env(KRB5_KTNAME)] {
-	set ftp_save_ktname $env(KRB5_KTNAME)
-    }
-
-    #
-    # set KRB5_KTNAME *incorrectly*
-    #
-    set env(KRB5_KTNAME) FILE:$tmppwd/srvtabxx
-    verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
-    # Force some auth errors.
-    set testname "ftp auth errors"
-
-    # Start the ftp daemon.
-    start_ftp_daemon
-
-    # Try connecting.
-    spawn $FTP -d -v $hostname [expr 8 + $portbase]
-    expect_after {
-	-re "--->\[^\r\n\]*\r\n" { exp_continue }
-	-re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue }
-	-re "sealed \[A-Z()\]*" { exp_continue }
-	-re "secure_command\[A-Z()\]*" { exp_continue }
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-    expect -nocase "connected to $hostname"
-    expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
-    expect -re "Using authentication type GSSAPI; ADAT must follow"
-    expect "GSSAPI accepted as authentication type"
-    expect -re "Trying to authenticate to <ftp@.*>"
-    # The ftp client doesn't print the gssapi error except on the last attempt.
-#    expect "GSSAPI error major: Unspecified GSS failure."
-#    expect -re "GSSAPI error minor: Key table file '.*' not found"
-    expect -re "Trying to authenticate to <host@.*>"
-    expect "GSSAPI error major: Unspecified GSS failure."
-    expect -re "GSSAPI error minor: Key table file '.*' not found"
-    expect -re "Name (.*): "
-    close -i $spawn_id
-    wait -i $spawn_id
-    wait -i $ftpd_spawn_id
-    catch "close -i $ftpd_spawn_id"
-
-    #
-    # set KRB5_KTNAME correctly now
-    #
-    set env(KRB5_KTNAME) FILE:$tmppwd/srvtab
-    verbose "KRB5_KTNAME=$env(KRB5_KTNAME)"
-
-    # Start the ftp daemon.
-    start_ftp_daemon
-
-    # Make an ftp client connection to it.
-    spawn $FTP -d -v $hostname [expr 8 + $portbase]
-
-    expect_after {
-	"GSSAPI authentication failed" {
-	    fail "$testname (auth failed)"
-	    catch "expect_after"
-	    return
-	}
-	-re "--->\[^\r\n\]*\r\n" { exp_continue }
-	-re "encoding \[0-9\]* bytes MIC \[a-zA-Z0-9/+=\]*\r\n" { exp_continue }
-	-re "sealed \[A-Z()\]*" { exp_continue }
-	-re "secure_command\[A-Z()\]*" { exp_continue }
-	timeout {
-	    fail "$testname (timeout)"
-	    catch "expect_after"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    catch "expect_after"
-	    return
-	}
-    }
-
-    set testname "ftp connection"
-    expect -nocase "connected to $hostname"
-    expect -nocase -re "$localhostname.*ftp server .version \[0-9.\]*. ready."
-    expect -re "Using authentication type GSSAPI; ADAT must follow"
-    expect "GSSAPI accepted as authentication type"
-    expect {
-	"GSSAPI authentication succeeded" { pass "ftp authentication" }
-	eof	{ fail "ftp authentication" ; catch "expect_after" ; return }
-    }
-    expect -nocase "name ($hostname:$env(USER)): "
-    send "$env(USER)\r"
-    expect "GSSAPI user $env(USER)@$REALMNAME is authorized as $env(USER)"
-    expect "Remote system type is UNIX."
-    expect "Using binary mode to transfer files."
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "binary"
-    send "binary\r"
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "status"
-    send "status\r"
-    expect -nocase "connected to $hostname."
-    expect "Authentication type: GSSAPI"
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "ls"
-    send "ls $tmppwd/ftp-test\r"
-    expect -re "Opening ASCII mode data connection for .*ls."
-    expect -re ".* $tmppwd/ftp-test"
-    expect "ftp> " {
-	pass $testname
-    } 
-
-    set testname "nlist"
-    send "nlist $tmppwd/ftp-test\r"
-    expect -re "Opening ASCII mode data connection for file list."
-    expect -re "$tmppwd/ftp-test"
-    expect -re ".* Transfer complete."
-    expect "ftp> " {
-	pass $testname
-    } 
-
-    set testname "ls missing"
-    send "ls $tmppwd/ftp-testmiss\r"
-    expect -re "Opening ASCII mode data connection for .*ls."
-    expect {
-	-re "$tmppwd/ftp-testmiss not found" {}
-	-re "$tmppwd/ftp-testmiss: No such file or directory"
-    }
-    expect "ftp> " {
-	pass $testname
-    } 
-
-
-    set testname "get"
-    catch "exec rm -f $tmppwd/copy"
-    send "get $tmppwd/ftp-test $tmppwd/copy\r"
-    expect "Opening BINARY mode data connection for $tmppwd/ftp-test"
-    expect "Transfer complete"
-    expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    set testname "put"
-    catch "exec rm -f $tmppwd/copy"
-    send "put $tmppwd/ftp-test $tmppwd/copy\r"
-    expect "Opening BINARY mode data connection for $tmppwd/copy"
-    expect "Transfer complete"
-    expect -re "\[0-9\]+ bytes sent in \[0-9.e-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    set testname "cd"
-    send "cd $tmppwd\r"
-    expect "CWD command successful."
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "lcd"
-    send "lcd $tmppwd\r"
-    expect "Local directory now $tmppwd"
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "local get"
-    catch "exec rm -f $tmppwd/copy"
-    send "get ftp-test copy\r"
-    expect "Opening BINARY mode data connection for ftp-test"
-    expect "Transfer complete"
-    expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    set testname "big local get"
-    catch "exec rm -f $tmppwd/copy"
-    send "get bigftp-test copy\r"
-    expect "Opening BINARY mode data connection for bigftp-test"
-    expect "Transfer complete"
-    expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy 1] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    set testname "start encryption"
-    send "private\r"
-    expect "Data channel protection level set to private"
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "status"
-    send "status\r"
-    expect "Protection Level: private"
-    expect "ftp> " {
-	pass $testname
-    }
-
-    set testname "encrypted get"
-    catch "exec rm -f $tmppwd/copy"
-    send "get ftp-test copy\r"
-    expect "Opening BINARY mode data connection for ftp-test"
-    expect "Transfer complete"
-    expect -re "\[0-9\]+ bytes received in \[0-9.e-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    set testname "big encrypted get"
-    catch "exec rm -f $tmppwd/copy"
-    send "get bigftp-test copy\r"
-    expect "Opening BINARY mode data connection for bigftp-test"
-    expect {
-	-timeout 300
-	"Transfer complete" {}
-	-re "Length .* of PROT buffer > PBSZ" {
-	    fail "$testname (PBSZ)"
-	    return 0
-	}
-    }
-    expect -re "\[0-9\]+ bytes received in \[0-9.e+-\]+ seconds"
-    expect "ftp> "
-    if [check_file $tmppwd/copy 1] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-    
-    set testname "close"
-    send "close\r"
-    expect "Goodbye."
-    expect "ftp> "
-    set status_list [wait -i $ftpd_spawn_id]
-    verbose "wait -i $ftpd_spawn_id returned $status_list ($testname)"
-    catch "close -i $ftpd_spawn_id"
-    if { [lindex $status_list 2] != 0 || [lindex $status_list 3] != 0 } {
-	send_log "exit status: $status_list\n"
-	verbose "exit status: $status_list"
-	fail $testname
-    } else {
-	pass $testname
-	unset ftpd_pid
-    }
-
-    set testname "quit"
-    send "quit\r"
-    expect_after
-    expect eof
-    if [check_exit_status $testname] {
-	pass $testname
-    }
-}
-
-run_once gssftp {
-    # Make sure .klogin is reasonable.
-    if ![check_k5login ftp] {
-	return
-    }
-
-    # Set up the kerberos database.
-    if {![get_hostname] \
-	    || ![setup_kerberos_files] \
-	    || ![setup_kerberos_env] \
-	    || ![setup_kerberos_db 0]} {
-	return
-    }
-
-    # Create a file to use for ftp testing.
-    set file [open $tmppwd/ftp-test w]
-    puts $file "This file is used for ftp testing."
-    close $file
-
-    # Create a large file to use for ftp testing. File needs to be 
-    # larger that 2^20 or 1MB for PBSZ testing.
-    set file [open $tmppwd/bigftp-test w]
-    puts $file "This file is used for ftp testing.\n"
-    seek $file 1048576 current
-    puts $file "This file is used for ftp testing."
-    close $file
-
-    # The ftp client will look in $HOME/.netrc for the user name to use.
-    # To avoid confusing the testsuite, point $HOME at a directory where
-    # we know there is no .netrc file.
-    if [info exists env(HOME)] {
-	set home $env(HOME)
-    } elseif [info exists home] {
-	unset home
-    }
-    set env(HOME) $tmppwd
-
-    # Run the test.  Logging in sometimes takes a while, so increase the
-    # timeout.
-    set oldtimeout $timeout
-    set timeout 60
-    set status [catch ftp_test msg]
-    set timeout $oldtimeout
-
-    # Shut down the kerberos daemons and the ftp daemon.
-    stop_kerberos_daemons
-
-    stop_ftp_daemon
-
-    ftp_restore_env
-
-    # Reset $HOME, for safety in case we are going to run more tests.
-    if [info exists home] {
-	set env(HOME) $home
-    } else {
-	unset env(HOME)
-    }
-
-    if { $status != 0 } {
-	perror "error in gssftp.exp: $msg"
-    }
-}
diff --git a/src/tests/dejagnu/krb-standalone/rcp.exp b/src/tests/dejagnu/krb-standalone/rcp.exp
deleted file mode 100644
index ab6a2c9..0000000
--- a/src/tests/dejagnu/krb-standalone/rcp.exp
+++ /dev/null
@@ -1,231 +0,0 @@
-# Kerberos rcp test.
-# This is a DejaGnu test script.
-# This script tests Kerberos rcp.
-# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-
-# Find the programs we need.  We use the binaries from the build tree
-# if they exist.  If they do not, then they must be in PATH.  We
-# expect $objdir to be .../kerberos/src.
-
-if ![info exists RCP] {
-    set RCP [findfile $objdir/../../appl/bsd/rcp]
-}
-
-if ![info exists KRSHD] {
-    set KRSHD [findfile $objdir/../../appl/bsd/kshd]
-}
-
-# Remove old wrapper script
-    catch "exec rm -f $tmppwd/rcp"
-
-# Make sure .k5login is reasonable.
-if ![check_k5login rcp] {
-    return
-}
-
-# Set up the kerberos database.
-if {![get_hostname] \
-    || ![setup_kerberos_files] \
-    || ![setup_kerberos_env] \
-    || ![setup_kerberos_db 0]} {
-    return
-}
-
-# A procedure to start up the rsh daemon (rcp talks to the rsh
-# daemon).
-
-proc start_rsh_daemon { } {
-    global REALMNAME
-    global KRSHD T_INETD
-    global RCP
-    global tmppwd
-    global krshd_spawn_id
-    global krshd_pid
-    global portbase
-
-    # Setup the shared library wrapper for login.krb5
-    if ![file exists $tmppwd/rcp] {
-	    setup_wrapper $tmppwd/rcp "$RCP $*"
-    }
-
-
-    # The -L ENV_SET is for the I/S Athena brokeness in dot files where
-    #	LD_LIBRARY_PATH will be overridden causing the "exec csh -c rcp ..." 
-    #	to fail as the .cshrc is read in. We do not use the -f option as
-    #	a users shell might be sh...
-    #	Later a proper fix would be to have kshd exec rcp directly
-    #   shell indirection...
-    spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -P $tmppwd -S $tmppwd/srvtab -M $REALMNAME -L ENV_SET
-    set krshd_spawn_id $spawn_id
-    set krshd_pid [exp_pid]
-
-    expect {
-	-ex "Ready!"	{ }
-	eof		{ error "couldn't start t_inetd helper" }
-    }
-}
-
-# A procedure to stop the rsh daemon.
-
-proc stop_rsh_daemon { } {
-    global krshd_spawn_id
-    global krshd_pid
-
-    if [info exists krshd_pid] {
-	catch "exec kill $krshd_pid"
-	catch {
-	    expect {
-		-i $krshd_spawn_id
-		-re ..*	{ exp_continue }
-		eof	{}
-	    }
-	}
-	catch "close -i $krshd_spawn_id"
-	catch "wait -i $krshd_spawn_id"
-	unset krshd_pid
-    }
-}
-
-# Create a file to use for rcp testing.
-set file [open $tmppwd/rcp-test w]
-puts $file "This file is used for rcp testing."
-close $file
-
-# Test that a file was copied correctly.
-proc check_file { filename } {
-    if ![file exists $filename] {
-	verbose "$filename does not exist"
-	send_log "$filename does not exist\n"
-	return 0
-    }
-
-    set file [open $filename r]
-    if { [gets $file line] == -1 } {
-	verbose "$filename is empty"
-	send_log "$filename is empty\n"
-	close $file
-	return 0
-    }
-
-    if ![string match "This file is used for rcp testing." $line] {
-	verbose "$filename contains $line"
-	send_log "$filename contains $line\n"
-	close $file
-	return 0
-    }
-
-    if { [gets $file line] != -1} {
-	verbose "$filename is too long ($line)"
-	send_log "$filename is too long ($line)\n"
-	close $file
-	return 0
-    }
-
-    close $file
-
-    return 1
-}
-
-# Test copying one file to another.
-proc rcp_one_test { testname options frompref topref } {
-    global REALMNAME
-    global RCP
-    global tmppwd
-    global portbase
-
-    send_log "rm -f $tmppwd/copy\n"
-    verbose "exec rm -f $tmppwd/copy"
-    catch "exec rm -f $tmppwd/copy"
-
-    set from [format "%s%s" $frompref $tmppwd/rcp-test]
-    set to [format "%s%s" $topref $tmppwd/copy]
-
-    send_log "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to\n"
-    verbose "$RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to"
-    catch "exec $RCP $options -D [expr 8 + $portbase] -N -k $REALMNAME $from $to" exec_output
-
-    if ![string match "" $exec_output] {
-	send_log "$exec_output\n"
-	verbose "$exec_output"
-	fail $testname
-	return 0
-    }
-
-    if ![check_file $tmppwd/copy] {
-	fail $testname
-	return 0
-    }
-
-    pass $testname
-
-    return 1
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc rcp_test { } {
-    global RCP
-    global KEY
-    global hostname
-    global hostname
-    global env
-
-    # Start up the kerberos and kadmind daemons and get a srvtab and a
-    # ticket file.
-    if {![start_kerberos_daemons 0] \
-        || ![add_kerberos_key host/$hostname 0] \
-        || ![setup_srvtab 0] \
-	|| ![add_kerberos_key $env(USER) 0] \
-	|| ![kinit $env(USER) $env(USER)$KEY 0]} {
-	return
-    }
-
-    rcp_one_test "local rcp" "" "" ""
-
-    start_rsh_daemon
-    rcp_one_test "rcp from" "" "$hostname:" ""
-    stop_rsh_daemon
-
-    start_rsh_daemon
-    rcp_one_test "rcp to" "" "" "$hostname:"
-    stop_rsh_daemon
-
-    # Doing rcp between two hosts actually just executes rsh rcp on
-    # the source.  We could test this, but we're not set up for it
-    # right now.  Also, it's pretty much covered by the other rcp
-    # tests and by the rsh tests.
-    # start_rsh_daemon
-    # rcp_one_test "rcp between" "" "$hostname:" "$hostname:"
-    # stop_rsh_daemon
-
-    start_rsh_daemon
-    rcp_one_test "encrypted rcp from" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "$hostname:" ""
-    stop_rsh_daemon
-
-    start_rsh_daemon
-    rcp_one_test "encrypted rcp to" "-x -c $env(KRB5CCNAME) -C $env(KRB5_CONFIG)" "" "$hostname:"
-    stop_rsh_daemon
-
-    # Doing rcp between two hosts actually just executes rsh rcp on
-    # the source.  We could test this, but we're not set up for it
-    # right now.  Also, it's pretty much covered by the other rcp
-    # tests and by the rsh tests.
-    # start_rsh_daemon
-    # rcp_one_test "encrypted rcp between" "-x" "$hostname:" "$hostname:"
-    # stop_rsh_daemon
-}
-
-# Run the test.
-set status [catch rcp_test msg]
-
-# Shut down the kerberos daemons and the rsh daemon.
-stop_kerberos_daemons
-
-stop_rsh_daemon
-
-if { $status != 0 } {
-    send_error "ERROR: error in rcp.exp\n"
-    send_error "$msg\n"
-    exit 1
-}
diff --git a/src/tests/dejagnu/krb-standalone/rsh.exp b/src/tests/dejagnu/krb-standalone/rsh.exp
deleted file mode 100644
index 050a71c..0000000
--- a/src/tests/dejagnu/krb-standalone/rsh.exp
+++ /dev/null
@@ -1,294 +0,0 @@
-# Kerberos rsh test.
-# This is a DejaGnu test script.
-# This script tests Kerberos rsh.
-# Written by Ian Lance Taylor, Cygnus Support, <ian@cygnus.com>.
-
-# Find the programs we need.  We use the binaries from the build tree
-# if they exist.  If they do not, then they must be in PATH.  We
-# expect $objdir to be .../kerberos/src.
-
-if ![info exists RSH] {
-    set RSH [findfile $objdir/../../appl/bsd/rsh]
-}
-
-if ![info exists KRSHD] {
-    set KRSHD [findfile $objdir/../../appl/bsd/kshd]
-}
-
-if ![info exists KLIST] {
-    set KLIST [findfile $objdir/../../clients/klist/klist]
-}
-
-# Make sure .k5login is reasonable.
-if ![check_k5login rsh] {
-    return
-}
-
-# Set up the kerberos database.
-if {![get_hostname] \
-    || ![setup_kerberos_files] \
-    || ![setup_kerberos_db 0]} {
-    return
-}
-
-# A procedure to start up the rsh daemon.
-
-proc start_rsh_daemon { option } {
-    global REALMNAME
-    global KRSHD T_INETD
-    global tmppwd
-    global krshd_spawn_id
-    global krshd_pid
-    global portbase
-
-    spawn $T_INETD [expr 8 + $portbase] $KRSHD $KRSHD -k -c -S $tmppwd/srvtab -M $REALMNAME -A $option
-    set krshd_spawn_id $spawn_id
-    set krshd_pid [exp_pid]
-
-    expect {
-	-ex "Ready!"	{ }
-	eof		{ error "couldn't start t_inetd helper" }
-    }
-}
-
-# A procedure to stop the rsh daemon.
-
-proc stop_rsh_daemon { } {
-    global krshd_spawn_id
-    global krshd_pid
-
-    if [info exists krshd_pid] {
-	catch "exec kill $krshd_pid"
-	catch {
-	    expect {
-		-i $krshd_spawn_id
-		-re ..*	{ exp_continue }
-		eof	{}
-	    }
-	}
-	catch "close -i $krshd_spawn_id"
-	catch "wait -i $krshd_spawn_id"
-	unset krshd_pid
-    }
-}
-
-# Wrap the tests in a procedure, so that we can kill the daemons if
-# we get some sort of error.
-
-proc rsh_test { } {
-    global REALMNAME
-    global KLIST
-    global RSH
-    global KEY
-    global BINSH
-    global hostname
-    global env
-    global spawn_id
-    global tmppwd
-    global portbase
-
-    # Start up the kerberos and kadmind daemons and get a srvtab and a
-    # ticket file.
-    if {![start_kerberos_daemons 0] \
-        || ![add_kerberos_key host/$hostname 0] \
-        || ![setup_srvtab 0] \
-	|| ![add_kerberos_key $env(USER) 0] \
-	|| ![setup_kerberos_env client] \
-	|| ![kinit $env(USER) $env(USER)$KEY 0]} {
-	return
-    }
-
-    # Start up the rsh daemon.
-    start_rsh_daemon -k
-
-    # Run rsh date.
-    set testname "date"
-    spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A date
-    expect {
-	-re "\[A-Za-z0-9\]+ \[A-Za-z0-9\]+ +\[0-9\]+ \[0-9\]+:\[0-9\]+:\[0-9\]+ \[A-Za-z0-9\]+ \[0-9\]+\r\n" {
-	    set result $expect_out(0,string)
-	}
-	timeout {
-	    fail "$testname (timeout)"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    return
-	}
-    }
-    expect eof
-    if ![check_exit_status $testname] {
-	return
-    }
-
-    if [check_date $result] {
-	pass $testname
-    } else {
-	fail $testname
-    }
-
-    # The rsh daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_rsh_daemon
-
-    # Check encrypted rsh.
-    set failed no
-    start_rsh_daemon -ek
-    set testname "encrypted rsh"
-    spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A echo hello
-    expect {
-	"hello" { expect eof }
-	timeout {
-	    fail "$testname (timeout)"
-	    set failed yes
-	}
-	eof {
-	    fail "$testname (eof)"
-	    set failed yes
-	}
-    }
-
-    catch "expect eof"
-    if { $failed == "no" } {
-	if ![check_exit_status $testname] {
-	    return
-	}
-	pass $testname
-	stop_rsh_daemon
-    } else {
-	catch "wait -i $spawn_id"
-	catch "close -i $spawn_id"
-	stop_rsh_daemon
-    }
-
-    # Check ticket forwarding
-    set failed no
-    start_rsh_daemon -k
-    set testname "rsh forwarding tickets"
-
-    # We need a wrapper for klist in order to setup for shared library 
-    # runtime environment
-    setup_wrapper $tmppwd/klist.wrap $KLIST
-
-    spawn $RSH $hostname -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap 
-    expect {
-	"Ticket cache:*\r" {
-	    expect eof
-	}
- 	"klist: No credentials cache file found" {
-	    fail "$testname (not forwarded)"
-	    return
-	}
-	timeout {
-	    fail "$testname (timeout)"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    return
-	}
-    }
-
-    if ![check_exit_status $testname] {
-	return
-    }
-
-    pass $testname
-
-    stop_rsh_daemon
-
-    # Check encrypted ticket forwarding
-    set failed no
-    start_rsh_daemon -e
-    set testname "encrypted rsh forwarding tickets"
-    spawn $RSH $hostname -x -f -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c $tmppwd/klist.wrap 
-    expect {
-	"Ticket cache:*\r" {
-	    expect eof
-	}
- 	"klist: No credentials cache file found" {
-	    fail "$testname (not forwarded)"
-	    return
-	}
-	timeout {
-	    fail "$testname (timeout)"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    return
-	}
-    }
-
-    if ![check_exit_status $testname] {
-	return
-    }
-
-    pass $testname
-
-    stop_rsh_daemon
-
-    # Check stderr
-    start_rsh_daemon -k
-    set testname "rsh to stderr"
-    spawn $RSH $hostname -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
-    expect {
-	"hello" { expect eof }
-	timeout {
-	    fail "$testname (timeout)"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    return
-	}
-    }
-
-    if ![check_exit_status $testname] {
-	return
-    }
-
-    pass $testname
-
-    stop_rsh_daemon
-
-    start_rsh_daemon -e
-    set testname "encrypted rsh to stderr"
-    spawn $RSH $hostname -x -k $REALMNAME -D [expr 8 + $portbase] -A $BINSH -c "'echo hello 1>&2'"
-    expect {
-	"hello" { expect eof }
-	timeout {
-	    fail "$testname (timeout)"
-	    return
-	}
-	eof {
-	    fail "$testname (eof)"
-	    return
-	}
-    }
-
-    if ![check_exit_status $testname] {
-	return
-    }
-
-    pass $testname
-
-    # The rsh daemon should have stopped, but we have no easy way
-    # of checking whether it actually did.  Kill it just in case.
-    stop_rsh_daemon
-}
-
-# Run the test.
-set status [catch rsh_test msg]
-
-# Shut down the kerberos daemons and the rsh daemon.
-stop_kerberos_daemons
-
-stop_rsh_daemon
-
-if { $status != 0 } {
-    send_error "ERROR: error in rsh.exp\n"
-    send_error "$msg\n"
-    exit 1
-}
diff --git a/src/tests/dejagnu/t_inetd.c b/src/tests/dejagnu/t_inetd.c
index 702f025..6356a07 100644
--- a/src/tests/dejagnu/t_inetd.c
+++ b/src/tests/dejagnu/t_inetd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/dejagnu/t_inetd.c
  *
@@ -60,8 +61,8 @@ char *progname;
 
 static void usage()
 {
-	fprintf(stderr, "%s: port program argv0 argv1 ...\n", progname);
-	exit(1);
+    fprintf(stderr, "%s: port program argv0 argv1 ...\n", progname);
+    exit(1);
 }
 
 int
@@ -69,71 +70,71 @@ main(argc, argv)
     int argc;
     char **argv;
 {
-	unsigned short port;
-	char *path;
-	int sock, acc;
-	int one = 1;
-	struct sockaddr_in l_inaddr, f_inaddr;	/* local, foreign address */
-	int namelen = sizeof(f_inaddr);
+    unsigned short port;
+    char *path;
+    int sock, acc;
+    int one = 1;
+    struct sockaddr_in l_inaddr, f_inaddr;  /* local, foreign address */
+    int namelen = sizeof(f_inaddr);
 #ifdef POSIX_SIGNALS
-	struct sigaction csig;
+    struct sigaction csig;
 #endif
 
-	progname = argv[0];
+    progname = argv[0];
 
-	if(argc <= 3) usage();
+    if(argc <= 3) usage();
 
-	if(atoi(argv[1]) == 0) usage();
+    if(atoi(argv[1]) == 0) usage();
 
-	port = htons(atoi(argv[1]));
-	path = argv[2];
+    port = htons(atoi(argv[1]));
+    path = argv[2];
 
-	if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
-	    com_err(progname, errno, "creating socket");
-	    exit(3);
-	}
+    if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0) {
+        com_err(progname, errno, "creating socket");
+        exit(3);
+    }
 
-	(void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one,
-			  sizeof (one));
+    (void) setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (char *)&one,
+                      sizeof (one));
 
-	l_inaddr.sin_family = AF_INET;
-	l_inaddr.sin_addr.s_addr = 0;
-	l_inaddr.sin_port = port;
+    l_inaddr.sin_family = AF_INET;
+    l_inaddr.sin_addr.s_addr = 0;
+    l_inaddr.sin_port = port;
 
-	if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
-	    com_err(progname, errno, "binding socket");
-	    exit(3);
-	}
+    if (bind(sock, (struct sockaddr *)&l_inaddr, sizeof(l_inaddr))) {
+        com_err(progname, errno, "binding socket");
+        exit(3);
+    }
 
-	if (listen(sock, 1) == -1) {
-	    com_err(progname, errno, "listening");
-	    exit(3);
-	}
+    if (listen(sock, 1) == -1) {
+        com_err(progname, errno, "listening");
+        exit(3);
+    }
 
-	printf("Ready!\n");
-	if ((acc = accept(sock, (struct sockaddr *)&f_inaddr,
-			  &namelen)) == -1) {
-	    com_err(progname, errno, "accepting");
-	    exit(3);
-	}
+    printf("Ready!\n");
+    if ((acc = accept(sock, (struct sockaddr *)&f_inaddr,
+                      &namelen)) == -1) {
+        com_err(progname, errno, "accepting");
+        exit(3);
+    }
 
-	dup2(acc, 0);
-	dup2(acc, 1);
-	dup2(acc, 2);
-	close(sock);
-	sock = 0;
+    dup2(acc, 0);
+    dup2(acc, 1);
+    dup2(acc, 2);
+    close(sock);
+    sock = 0;
 
-	/* Don't wait for a child signal... Otherwise dejagnu gets confused */
+    /* Don't wait for a child signal... Otherwise dejagnu gets confused */
 #ifdef POSIX_SIGNALS
-	csig.sa_handler = (RETSIGTYPE (*)())0;
-	sigemptyset(&csig.sa_mask);
-	csig.sa_flags = 0;
-	sigaction(SIGCHLD, &csig, (struct sigaction *)0);
+    csig.sa_handler = (RETSIGTYPE (*)())0;
+    sigemptyset(&csig.sa_mask);
+    csig.sa_flags = 0;
+    sigaction(SIGCHLD, &csig, (struct sigaction *)0);
 #else
-	signal(SIGCHLD, SIG_IGN);
+    signal(SIGCHLD, SIG_IGN);
 #endif
 
-	if(execv(path, &argv[3]))
-		fprintf(stderr, "t_inetd: Could not exec %s\n", path);
-	exit(1);
+    if(execv(path, &argv[3]))
+        fprintf(stderr, "t_inetd: Could not exec %s\n", path);
+    exit(1);
 }
diff --git a/src/tests/dump.c b/src/tests/dump.c
index 3f49c46..ba74f88 100644
--- a/src/tests/dump.c
+++ b/src/tests/dump.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/dump.c
  *
@@ -36,8 +37,8 @@ void dump_data (data)
     unsigned char *ptr = (unsigned char *)data->data;
     int i;
     for (i=0; i<data->length; i++) {
-	fprintf(stderr, "%02x ", ptr[i]);
-	if ((i % 16) == 15) fprintf(stderr, "\n");
+        fprintf(stderr, "%02x ", ptr[i]);
+        if ((i % 16) == 15) fprintf(stderr, "\n");
     }
     fprintf(stderr, "\n");
 }
diff --git a/src/tests/gss-threads/Makefile.in b/src/tests/gss-threads/Makefile.in
index 53c2574..917bd1f 100644
--- a/src/tests/gss-threads/Makefile.in
+++ b/src/tests/gss-threads/Makefile.in
@@ -1,7 +1,5 @@
 # Derived from appl/gss-sample, January 2005.
 
-thisconfigdir=../..
-myfulldir=tests/gss-threads
 mydir=tests/gss-threads
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DUSE_AUTOCONF_H -DGSSAPI_V2
diff --git a/src/tests/gss-threads/deps b/src/tests/gss-threads/deps
index f25c664..8aebcc1 100644
--- a/src/tests/gss-threads/deps
+++ b/src/tests/gss-threads/deps
@@ -3,13 +3,13 @@
 #
 $(OUTPRE)gss-client.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h gss-client.c gss-misc.h
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h gss-client.c gss-misc.h
 $(OUTPRE)gss-misc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   gss-misc.c gss-misc.h
 $(OUTPRE)gss-server.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
-  $(SRCTOP)/include/port-sockets.h gss-misc.h gss-server.c
+  $(top_srcdir)/include/port-sockets.h gss-misc.h gss-server.c
diff --git a/src/tests/gss-threads/gss-client.c b/src/tests/gss-threads/gss-client.c
index 0987184..e66f154 100644
--- a/src/tests/gss-threads/gss-client.c
+++ b/src/tests/gss-threads/gss-client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -72,13 +73,13 @@ static int verbose = 1;
 
 static void usage()
 {
-     fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
-     fprintf(stderr, "       [-seq] [-noreplay] [-nomutual]");
-     fprintf(stderr, " [-threads num]");
-     fprintf(stderr, "\n");
-     fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
-     fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
-     exit(1);
+    fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n");
+    fprintf(stderr, "       [-seq] [-noreplay] [-nomutual]");
+    fprintf(stderr, " [-threads num]");
+    fprintf(stderr, "\n");
+    fprintf(stderr, "       [-f] [-q] [-ccount count] [-mcount count]\n");
+    fprintf(stderr, "       [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n");
+    exit(1);
 }
 
 /*
@@ -88,8 +89,8 @@ static void usage()
  *
  * Arguments:
  *
- * 	host		(r) the target host name
- * 	port		(r) the target port, in host byte order
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
  *
  * Returns: 0 on success, or -1 on failure
  *
@@ -104,17 +105,17 @@ static int get_server_info(host, port)
     char *host;
     u_short port;
 {
-     struct hostent *hp;
+    struct hostent *hp;
 
-     if ((hp = gethostbyname(host)) == NULL) {
-	  fprintf(stderr, "Unknown host: %s\n", host);
-	  return -1;
-     }
+    if ((hp = gethostbyname(host)) == NULL) {
+        fprintf(stderr, "Unknown host: %s\n", host);
+        return -1;
+    }
 
-     saddr.sin_family = hp->h_addrtype;
-     memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
-     saddr.sin_port = htons(port);
-     return 0;
+    saddr.sin_family = hp->h_addrtype;
+    memcpy(&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
+    saddr.sin_port = htons(port);
+    return 0;
 }
 
 /*
@@ -124,8 +125,8 @@ static int get_server_info(host, port)
  *
  * Arguments:
  *
- * 	host		(r) the target host name
- * 	port		(r) the target port, in host byte order
+ *      host            (r) the target host name
+ *      port            (r) the target port, in host byte order
  *
  * Returns: the established socket file desciptor, or -1 on failure
  *
@@ -139,16 +140,16 @@ static int connect_to_server()
 {
     int s;
 
-     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-	  perror("creating socket");
-	  return -1;
-     }
-     if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
-	  perror("connecting to server");
-	  (void) closesocket(s);
-	  return -1;
-     }
-     return s;
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    if (connect(s, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) {
+        perror("connecting to server");
+        (void) closesocket(s);
+        return -1;
+    }
+    return s;
 }
 
 /*
@@ -159,14 +160,14 @@ static int connect_to_server()
  *
  * Arguments:
  *
- * 	s		    (r) an established TCP connection to the service
- * 	service_name(r) the ASCII service name of the service
- *	gss_flags	(r) GSS-API delegation flag (if any)
- *	auth_flag	(r) whether to actually do authentication
+ *      s                   (r) an established TCP connection to the service
+ *      service_name(r) the ASCII service name of the service
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to actually do authentication
  *  v1_format   (r) whether the v1 sample protocol should be used
- *	oid		    (r) OID of the mechanism to use
- * 	context		(w) the established GSS-API context
- *	ret_flags	(w) the returned flags from init_sec_context
+ *      oid                 (r) OID of the mechanism to use
+ *      context         (w) the established GSS-API context
+ *      ret_flags       (w) the returned flags from init_sec_context
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -183,157 +184,157 @@ static int connect_to_server()
  * and -1 is returned.
  */
 static int client_establish_context(s, service_name, gss_flags, auth_flag,
-				    v1_format, oid, gss_context, ret_flags)
-     int s;
-     char *service_name;
-     gss_OID oid;
-     OM_uint32 gss_flags;
-     int auth_flag;
-     int v1_format;
-     gss_ctx_id_t *gss_context;
-     OM_uint32 *ret_flags;
+                                    v1_format, oid, gss_context, ret_flags)
+    int s;
+    char *service_name;
+    gss_OID oid;
+    OM_uint32 gss_flags;
+    int auth_flag;
+    int v1_format;
+    gss_ctx_id_t *gss_context;
+    OM_uint32 *ret_flags;
 {
-     if (auth_flag) {
-       gss_buffer_desc send_tok, recv_tok, *token_ptr;
-       gss_name_t target_name;
-       OM_uint32 maj_stat, min_stat, init_sec_min_stat;
-       int token_flags;
-
-       /*
-	* Import the name into target_name.  Use send_tok to save
-	* local variable space.
-	*/
-       send_tok.value = service_name;
-       send_tok.length = strlen(service_name) ;
-       maj_stat = gss_import_name(&min_stat, &send_tok,
-				  (gss_OID) gss_nt_service_name, &target_name);
-       if (maj_stat != GSS_S_COMPLETE) {
-	 display_status("parsing name", maj_stat, min_stat);
-	 return -1;
-       }
-
-       if (!v1_format) {
-	 if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
-	   (void) gss_release_name(&min_stat, &target_name);
-	   return -1;
-	 }
-       }
-
-       /*
-	* Perform the context-establishement loop.
-	*
-	* On each pass through the loop, token_ptr points to the token
-	* to send to the server (or GSS_C_NO_BUFFER on the first pass).
-	* Every generated token is stored in send_tok which is then
-	* transmitted to the server; every received token is stored in
-	* recv_tok, which token_ptr is then set to, to be processed by
-	* the next call to gss_init_sec_context.
-	*
-	* GSS-API guarantees that send_tok's length will be non-zero
-	* if and only if the server is expecting another token from us,
-	* and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
-	* and only if the server has another token to send us.
-	*/
-
-       token_ptr = GSS_C_NO_BUFFER;
-       *gss_context = GSS_C_NO_CONTEXT;
-
-       do {
-	 maj_stat =
-	   gss_init_sec_context(&init_sec_min_stat,
-				GSS_C_NO_CREDENTIAL,
-				gss_context,
-				target_name,
-				oid,
-				gss_flags,
-				0,
-				NULL,	/* no channel bindings */
-				token_ptr,
-				NULL,	/* ignore mech type */
-				&send_tok,
-				ret_flags,
-				NULL);	/* ignore time_rec */
-
-	 if (token_ptr != GSS_C_NO_BUFFER)
-	   free (recv_tok.value);
-
-	 if (send_tok.length != 0) {
-	   if (verbose)
-	     printf("Sending init_sec_context token (size=%d)...",
-		    (int) send_tok.length);
-	   if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) {
-	     (void) gss_release_buffer(&min_stat, &send_tok);
-	     (void) gss_release_name(&min_stat, &target_name);
-	     if (*gss_context != GSS_C_NO_CONTEXT) {
-		 gss_delete_sec_context(&min_stat, gss_context,
-					GSS_C_NO_BUFFER);
-		 *gss_context = GSS_C_NO_CONTEXT;
-	     }
-	     return -1;
-	   }
-	 }
-	 (void) gss_release_buffer(&min_stat, &send_tok);
-
-	 if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
-	      display_status("initializing context", maj_stat,
-			     init_sec_min_stat);
-	      (void) gss_release_name(&min_stat, &target_name);
-	      if (*gss_context != GSS_C_NO_CONTEXT)
-		      gss_delete_sec_context(&min_stat, gss_context,
-					     GSS_C_NO_BUFFER);
-	      return -1;
-	 }
-
-	 if (maj_stat == GSS_S_CONTINUE_NEEDED) {
-	   if (verbose)
-	     printf("continue needed...");
-	   if (recv_token(s, &token_flags, &recv_tok) < 0) {
-	     (void) gss_release_name(&min_stat, &target_name);
-	     return -1;
-	   }
-	   token_ptr = &recv_tok;
-	 }
-	 if (verbose)
-	   printf("\n");
-       } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
-       (void) gss_release_name(&min_stat, &target_name);
-     }
-     else {
-       if (send_token(s, TOKEN_NOOP, empty_token) < 0)
-	 return -1;
-     }
-
-     return 0;
+    if (auth_flag) {
+        gss_buffer_desc send_tok, recv_tok, *token_ptr;
+        gss_name_t target_name;
+        OM_uint32 maj_stat, min_stat, init_sec_min_stat;
+        int token_flags;
+
+        /*
+         * Import the name into target_name.  Use send_tok to save
+         * local variable space.
+         */
+        send_tok.value = service_name;
+        send_tok.length = strlen(service_name) ;
+        maj_stat = gss_import_name(&min_stat, &send_tok,
+                                   (gss_OID) gss_nt_service_name, &target_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("parsing name", maj_stat, min_stat);
+            return -1;
+        }
+
+        if (!v1_format) {
+            if (send_token(s, TOKEN_NOOP|TOKEN_CONTEXT_NEXT, empty_token) < 0) {
+                (void) gss_release_name(&min_stat, &target_name);
+                return -1;
+            }
+        }
+
+        /*
+         * Perform the context-establishement loop.
+         *
+         * On each pass through the loop, token_ptr points to the token
+         * to send to the server (or GSS_C_NO_BUFFER on the first pass).
+         * Every generated token is stored in send_tok which is then
+         * transmitted to the server; every received token is stored in
+         * recv_tok, which token_ptr is then set to, to be processed by
+         * the next call to gss_init_sec_context.
+         *
+         * GSS-API guarantees that send_tok's length will be non-zero
+         * if and only if the server is expecting another token from us,
+         * and that gss_init_sec_context returns GSS_S_CONTINUE_NEEDED if
+         * and only if the server has another token to send us.
+         */
+
+        token_ptr = GSS_C_NO_BUFFER;
+        *gss_context = GSS_C_NO_CONTEXT;
+
+        do {
+            maj_stat =
+                gss_init_sec_context(&init_sec_min_stat,
+                                     GSS_C_NO_CREDENTIAL,
+                                     gss_context,
+                                     target_name,
+                                     oid,
+                                     gss_flags,
+                                     0,
+                                     NULL,   /* no channel bindings */
+                                     token_ptr,
+                                     NULL,   /* ignore mech type */
+                                     &send_tok,
+                                     ret_flags,
+                                     NULL);  /* ignore time_rec */
+
+            if (token_ptr != GSS_C_NO_BUFFER)
+                free (recv_tok.value);
+
+            if (send_tok.length != 0) {
+                if (verbose)
+                    printf("Sending init_sec_context token (size=%d)...",
+                           (int) send_tok.length);
+                if (send_token(s, v1_format?0:TOKEN_CONTEXT, &send_tok) < 0) {
+                    (void) gss_release_buffer(&min_stat, &send_tok);
+                    (void) gss_release_name(&min_stat, &target_name);
+                    if (*gss_context != GSS_C_NO_CONTEXT) {
+                        gss_delete_sec_context(&min_stat, gss_context,
+                                               GSS_C_NO_BUFFER);
+                        *gss_context = GSS_C_NO_CONTEXT;
+                    }
+                    return -1;
+                }
+            }
+            (void) gss_release_buffer(&min_stat, &send_tok);
+
+            if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
+                display_status("initializing context", maj_stat,
+                               init_sec_min_stat);
+                (void) gss_release_name(&min_stat, &target_name);
+                if (*gss_context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, gss_context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (maj_stat == GSS_S_CONTINUE_NEEDED) {
+                if (verbose)
+                    printf("continue needed...");
+                if (recv_token(s, &token_flags, &recv_tok) < 0) {
+                    (void) gss_release_name(&min_stat, &target_name);
+                    return -1;
+                }
+                token_ptr = &recv_tok;
+            }
+            if (verbose)
+                printf("\n");
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        (void) gss_release_name(&min_stat, &target_name);
+    }
+    else {
+        if (send_token(s, TOKEN_NOOP, empty_token) < 0)
+            return -1;
+    }
+
+    return 0;
 }
 
 static void read_file(file_name, in_buf)
-    char		*file_name;
-    gss_buffer_t	in_buf;
+    char                *file_name;
+    gss_buffer_t        in_buf;
 {
     int fd, count;
     struct stat stat_buf;
 
     if ((fd = open(file_name, O_RDONLY, 0)) < 0) {
-	perror("open");
-	fprintf(stderr, "Couldn't open file %s\n", file_name);
-	exit(2);
+        perror("open");
+        fprintf(stderr, "Couldn't open file %s\n", file_name);
+        exit(2);
     }
     if (fstat(fd, &stat_buf) < 0) {
-	perror("fstat");
-	exit(3);
+        perror("fstat");
+        exit(3);
     }
     in_buf->length = stat_buf.st_size;
 
     if (in_buf->length == 0) {
-	in_buf->value = NULL;
-	return;
+        in_buf->value = NULL;
+        return;
     }
 
     if ((in_buf->value = malloc(in_buf->length)) == 0) {
-	fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
-		(int) in_buf->length);
-	exit(4);
+        fprintf(stderr, "Couldn't allocate %d byte buffer for reading file\n",
+                (int) in_buf->length);
+        exit(4);
     }
 
     /* this code used to check for incomplete reads, but you can't get
@@ -341,12 +342,12 @@ static void read_file(file_name, in_buf)
 
     count = read(fd, in_buf->value, in_buf->length);
     if (count < 0) {
-	perror("read");
-	exit(5);
+        perror("read");
+        exit(5);
     }
     if (count < in_buf->length)
-	fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
-		count, (int) in_buf->length);
+        fprintf(stderr, "Warning, only read in %d bytes, expected %d\n",
+                count, (int) in_buf->length);
 }
 
 /*
@@ -356,17 +357,17 @@ static void read_file(file_name, in_buf)
  *
  * Arguments:
  *
- * 	host		(r) the host providing the service
- * 	port		(r) the port to connect to on host
- * 	service_name	(r) the GSS-API service name to authenticate to
- *	gss_flags	(r) GSS-API delegation flag (if any)
- *	auth_flag	(r) whether to do authentication
- *	wrap_flag	(r) whether to do message wrapping at all
- *	encrypt_flag	(r) whether to do encryption while wrapping
- *	mic_flag	(r) whether to request a MIC from the server
- * 	msg		(r) the message to have "signed"
- *	use_file	(r) whether to treat msg as an input file name
- *	mcount		(r) the number of times to send the message
+ *      host            (r) the host providing the service
+ *      port            (r) the port to connect to on host
+ *      service_name    (r) the GSS-API service name to authenticate to
+ *      gss_flags       (r) GSS-API delegation flag (if any)
+ *      auth_flag       (r) whether to do authentication
+ *      wrap_flag       (r) whether to do message wrapping at all
+ *      encrypt_flag    (r) whether to do encryption while wrapping
+ *      mic_flag        (r) whether to request a MIC from the server
+ *      msg             (r) the message to have "signed"
+ *      use_file        (r) whether to treat msg as an input file name
+ *      mcount          (r) the number of times to send the message
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -379,135 +380,135 @@ static void read_file(file_name, in_buf)
  * verifies it with gss_verify.  -1 is returned if any step fails,
  * otherwise 0 is returned.  */
 static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
-		       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
-		       mcount)
-     char *host;
-     u_short port;
-     gss_OID oid;
-     char *service_name;
-     OM_uint32 gss_flags;
-     int auth_flag, wrap_flag, encrypt_flag, mic_flag;
-     int v1_format;
-     char *msg;
-     int use_file;
-     int mcount;
+                       wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file,
+                       mcount)
+    char *host;
+    u_short port;
+    gss_OID oid;
+    char *service_name;
+    OM_uint32 gss_flags;
+    int auth_flag, wrap_flag, encrypt_flag, mic_flag;
+    int v1_format;
+    char *msg;
+    int use_file;
+    int mcount;
 {
-     gss_ctx_id_t context;
-     gss_buffer_desc in_buf, out_buf;
-     int s, state;
-     OM_uint32 ret_flags;
-     OM_uint32 maj_stat, min_stat;
-     gss_name_t		src_name, targ_name;
-     gss_buffer_desc	sname, tname;
-     OM_uint32		lifetime;
-     gss_OID		mechanism, name_type;
-     int		is_local;
-     OM_uint32		context_flags;
-     int		is_open;
-     gss_qop_t		qop_state;
-     gss_OID_set	mech_names;
-     gss_buffer_desc	oid_name;
-     size_t	i;
-     int token_flags;
-
-     /* Open connection */
-     if ((s = connect_to_server()) < 0)
-	  return -1;
-
-     /* Establish context */
-     if (client_establish_context(s, service_name, gss_flags, auth_flag,
-				  v1_format, oid, &context,
-				  &ret_flags) < 0) {
-         (void) closesocket(s);
-         return -1;
-     }
-
-     if (auth_flag && verbose) {
-         /* display the flags */
-         display_ctx_flags(ret_flags);
-
-         /* Get context information */
-         maj_stat = gss_inquire_context( &min_stat, context,
-                                         &src_name, &targ_name, &lifetime,
-                                         &mechanism, &context_flags,
-                                         &is_local,
-                                         &is_open);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("inquiring context", maj_stat, min_stat);
-             return -1;
-         }
-
-         maj_stat = gss_display_name(&min_stat, src_name, &sname,
-                                      &name_type);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("displaying source name", maj_stat, min_stat);
-             return -1;
-         }
-         maj_stat = gss_display_name(&min_stat, targ_name, &tname,
-                                      (gss_OID *) NULL);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("displaying target name", maj_stat, min_stat);
-             return -1;
-         }
-         printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
-                 (int) sname.length, (char *) sname.value,
-                 (int) tname.length, (char *) tname.value, lifetime,
-                 context_flags,
-                 (is_local) ? "locally initiated" : "remotely initiated",
-                 (is_open) ? "open" : "closed");
-
-         (void) gss_release_name(&min_stat, &src_name);
-         (void) gss_release_name(&min_stat, &targ_name);
-         (void) gss_release_buffer(&min_stat, &sname);
-         (void) gss_release_buffer(&min_stat, &tname);
-
-         maj_stat = gss_oid_to_str(&min_stat,
-                                    name_type,
-                                    &oid_name);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("converting oid->string", maj_stat, min_stat);
-             return -1;
-         }
-         printf("Name type of source name is %.*s.\n",
-                 (int) oid_name.length, (char *) oid_name.value);
-         (void) gss_release_buffer(&min_stat, &oid_name);
-
-         /* Now get the names supported by the mechanism */
-         maj_stat = gss_inquire_names_for_mech(&min_stat,
-                                                mechanism,
-                                                &mech_names);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("inquiring mech names", maj_stat, min_stat);
-             return -1;
-         }
-
-         maj_stat = gss_oid_to_str(&min_stat,
-                                    mechanism,
-                                    &oid_name);
-         if (maj_stat != GSS_S_COMPLETE) {
-             display_status("converting oid->string", maj_stat, min_stat);
-             return -1;
-         }
-         printf("Mechanism %.*s supports %d names\n",
-                 (int) oid_name.length, (char *) oid_name.value,
-                 (int) mech_names->count);
-         (void) gss_release_buffer(&min_stat, &oid_name);
-
-         for (i=0; i<mech_names->count; i++) {
-             maj_stat = gss_oid_to_str(&min_stat,
-                                        &mech_names->elements[i],
-                                        &oid_name);
-             if (maj_stat != GSS_S_COMPLETE) {
-                 display_status("converting oid->string", maj_stat, min_stat);
-                 return -1;
-             }
-             printf("  %d: %.*s\n", (int) i,
-                     (int) oid_name.length, (char *) oid_name.value);
-
-             (void) gss_release_buffer(&min_stat, &oid_name);
-         }
-         (void) gss_release_oid_set(&min_stat, &mech_names);
-     }
+    gss_ctx_id_t context;
+    gss_buffer_desc in_buf, out_buf;
+    int s, state;
+    OM_uint32 ret_flags;
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t         src_name, targ_name;
+    gss_buffer_desc    sname, tname;
+    OM_uint32          lifetime;
+    gss_OID            mechanism, name_type;
+    int                is_local;
+    OM_uint32          context_flags;
+    int                is_open;
+    gss_qop_t          qop_state;
+    gss_OID_set        mech_names;
+    gss_buffer_desc    oid_name;
+    size_t     i;
+    int token_flags;
+
+    /* Open connection */
+    if ((s = connect_to_server()) < 0)
+        return -1;
+
+    /* Establish context */
+    if (client_establish_context(s, service_name, gss_flags, auth_flag,
+                                 v1_format, oid, &context,
+                                 &ret_flags) < 0) {
+        (void) closesocket(s);
+        return -1;
+    }
+
+    if (auth_flag && verbose) {
+        /* display the flags */
+        display_ctx_flags(ret_flags);
+
+        /* Get context information */
+        maj_stat = gss_inquire_context( &min_stat, context,
+                                        &src_name, &targ_name, &lifetime,
+                                        &mechanism, &context_flags,
+                                        &is_local,
+                                        &is_open);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring context", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_display_name(&min_stat, src_name, &sname,
+                                    &name_type);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying source name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_display_name(&min_stat, targ_name, &tname,
+                                    (gss_OID *) NULL);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying target name", maj_stat, min_stat);
+            return -1;
+        }
+        printf("\"%.*s\" to \"%.*s\", lifetime %d, flags %x, %s, %s\n",
+               (int) sname.length, (char *) sname.value,
+               (int) tname.length, (char *) tname.value, lifetime,
+               context_flags,
+               (is_local) ? "locally initiated" : "remotely initiated",
+               (is_open) ? "open" : "closed");
+
+        (void) gss_release_name(&min_stat, &src_name);
+        (void) gss_release_name(&min_stat, &targ_name);
+        (void) gss_release_buffer(&min_stat, &sname);
+        (void) gss_release_buffer(&min_stat, &tname);
+
+        maj_stat = gss_oid_to_str(&min_stat,
+                                  name_type,
+                                  &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Name type of source name is %.*s.\n",
+               (int) oid_name.length, (char *) oid_name.value);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        /* Now get the names supported by the mechanism */
+        maj_stat = gss_inquire_names_for_mech(&min_stat,
+                                              mechanism,
+                                              &mech_names);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("inquiring mech names", maj_stat, min_stat);
+            return -1;
+        }
+
+        maj_stat = gss_oid_to_str(&min_stat,
+                                  mechanism,
+                                  &oid_name);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("converting oid->string", maj_stat, min_stat);
+            return -1;
+        }
+        printf("Mechanism %.*s supports %d names\n",
+               (int) oid_name.length, (char *) oid_name.value,
+               (int) mech_names->count);
+        (void) gss_release_buffer(&min_stat, &oid_name);
+
+        for (i=0; i<mech_names->count; i++) {
+            maj_stat = gss_oid_to_str(&min_stat,
+                                      &mech_names->elements[i],
+                                      &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            printf("  %d: %.*s\n", (int) i,
+                   (int) oid_name.length, (char *) oid_name.value);
+
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+        (void) gss_release_oid_set(&min_stat, &mech_names);
+    }
 
     if (use_file) {
         read_file(msg, &in_buf);
@@ -520,7 +521,7 @@ static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
     for (i = 0; i < mcount; i++) {
         if (wrap_flag) {
             maj_stat = gss_wrap(&min_stat, context, encrypt_flag, GSS_C_QOP_DEFAULT,
-                                 &in_buf, &state, &out_buf);
+                                &in_buf, &state, &out_buf);
             if (maj_stat != GSS_S_COMPLETE) {
                 display_status("wrapping message", maj_stat, min_stat);
                 (void) closesocket(s);
@@ -536,10 +537,10 @@ static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
 
         /* Send to server */
         if (send_token(s, (v1_format?0
-                            :(TOKEN_DATA |
-                               (wrap_flag ? TOKEN_WRAPPED : 0) |
-                               (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
-                               (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) {
+                           :(TOKEN_DATA |
+                             (wrap_flag ? TOKEN_WRAPPED : 0) |
+                             (encrypt_flag ? TOKEN_ENCRYPTED : 0) |
+                             (mic_flag ? TOKEN_SEND_MIC : 0))), &out_buf) < 0) {
             (void) closesocket(s);
             (void) gss_delete_sec_context(&min_stat, &context, GSS_C_NO_BUFFER);
             return -1;
@@ -557,7 +558,7 @@ static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
         if (mic_flag) {
             /* Verify signature block */
             maj_stat = gss_verify_mic(&min_stat, context, &in_buf,
-                                       &out_buf, &qop_state);
+                                      &out_buf, &qop_state);
             if (maj_stat != GSS_S_COMPLETE) {
                 display_status("verifying signature", maj_stat, min_stat);
                 (void) closesocket(s);
@@ -602,29 +603,29 @@ static int call_server(host, port, oid, service_name, gss_flags, auth_flag,
 
 static void parse_oid(char *mechanism, gss_OID *oid)
 {
-    char	*mechstr = 0, *cp;
+    char        *mechstr = 0, *cp;
     gss_buffer_desc tok;
     OM_uint32 maj_stat, min_stat;
 
     if (isdigit((int) mechanism[0])) {
-	if (asprintf(&mechstr, "{ %s }", mechanism) < 0) {
-	    fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
-	    return;
-	}
-	for (cp = mechstr; *cp; cp++)
-	    if (*cp == '.')
-		*cp = ' ';
-	tok.value = mechstr;
+        if (asprintf(&mechstr, "{ %s }", mechanism) < 0) {
+            fprintf(stderr, "Couldn't allocate mechanism scratch!\n");
+            return;
+        }
+        for (cp = mechstr; *cp; cp++)
+            if (*cp == '.')
+                *cp = ' ';
+        tok.value = mechstr;
     } else
-	tok.value = mechanism;
+        tok.value = mechanism;
     tok.length = strlen(tok.value);
     maj_stat = gss_str_to_oid(&min_stat, &tok, oid);
     if (maj_stat != GSS_S_COMPLETE) {
-	display_status("str_to_oid", maj_stat, min_stat);
-	return;
+        display_status("str_to_oid", maj_stat, min_stat);
+        return;
     }
     if (mechstr)
-	free(mechstr);
+        free(mechstr);
 }
 
 static int max_threads = 1;
@@ -696,16 +697,16 @@ WaitAndIncrementThreadCounter(void)
     int err;
     err = pthread_mutex_lock(&counter_mutex);
     if (err) {
-	perror("pthread_mutex_lock");
-	return 0;
+        perror("pthread_mutex_lock");
+        return 0;
     }
     if (counter == max_threads) {
-	err = pthread_cond_wait(&counter_cond, &counter_mutex);
-	if (err) {
-	    pthread_mutex_unlock(&counter_mutex);
-	    perror("pthread_cond_wait");
-	    return 0;
-	}
+        err = pthread_cond_wait(&counter_cond, &counter_mutex);
+        if (err) {
+            pthread_mutex_unlock(&counter_mutex);
+            perror("pthread_cond_wait");
+            return 0;
+        }
     }
     counter++;
     pthread_mutex_unlock(&counter_mutex);
@@ -718,11 +719,11 @@ DecrementAndSignalThreadCounter(void)
     sleep(1);
     err = pthread_mutex_lock(&counter_mutex);
     if (err) {
-	perror("pthread_mutex_lock");
-	return;
+        perror("pthread_mutex_lock");
+        return;
     }
     if (counter == max_threads)
-	pthread_cond_broadcast(&counter_cond);
+        pthread_cond_broadcast(&counter_cond);
     counter--;
     pthread_mutex_unlock(&counter_mutex);
 }
@@ -753,72 +754,72 @@ static void worker_bee(void * unused)
 }
 
 int main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-     int i;
-
-     display_file = stdout;
-     auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
-     v1_format = 0;
-
-     /* Parse arguments. */
-     argc--; argv++;
-     while (argc) {
-	  if (strcmp(*argv, "-port") == 0) {
-	       argc--; argv++;
-	       if (!argc) usage();
-	       port = atoi(*argv);
-	   } else if (strcmp(*argv, "-mech") == 0) {
-	       argc--; argv++;
-	       if (!argc) usage();
-	       mechanism = *argv;
-	   }
+    int i;
+
+    display_file = stdout;
+    auth_flag = wrap_flag = encrypt_flag = mic_flag = 1;
+    v1_format = 0;
+
+    /* Parse arguments. */
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            port = atoi(*argv);
+        } else if (strcmp(*argv, "-mech") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            mechanism = *argv;
+        }
 #if defined(_WIN32) || 1
-           else if (strcmp(*argv, "-threads") == 0) {
-               argc--; argv++;
-               if (!argc) usage();
-               max_threads = atoi(*argv);
-           }
+        else if (strcmp(*argv, "-threads") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            max_threads = atoi(*argv);
+        }
 #endif
-           else if (strcmp(*argv, "-d") == 0) {
-	       gss_flags |= GSS_C_DELEG_FLAG;
-	   } else if (strcmp(*argv, "-seq") == 0) {
-	       gss_flags |= GSS_C_SEQUENCE_FLAG;
-	   } else if (strcmp(*argv, "-noreplay") == 0) {
-	       gss_flags &= ~GSS_C_REPLAY_FLAG;
-	   } else if (strcmp(*argv, "-nomutual") == 0) {
-	       gss_flags &= ~GSS_C_MUTUAL_FLAG;
-	  } else if (strcmp(*argv, "-f") == 0) {
-	       use_file = 1;
-	  } else if (strcmp(*argv, "-q") == 0) {
-	       verbose = 0;
-	  } else if (strcmp(*argv, "-ccount") == 0) {
-	    argc--; argv++;
-	    if (!argc) usage();
-	    ccount = atoi(*argv);
-	    if (ccount <= 0) usage();
-	  } else if (strcmp(*argv, "-mcount") == 0) {
-	    argc--; argv++;
-	    if (!argc) usage();
-	    mcount = atoi(*argv);
-	    if (mcount < 0) usage();
-	  } else if (strcmp(*argv, "-na") == 0) {
-	    auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
-	  } else if (strcmp(*argv, "-nw") == 0) {
-	    wrap_flag = 0;
-	  } else if (strcmp(*argv, "-nx") == 0) {
-	    encrypt_flag = 0;
-	  } else if (strcmp(*argv, "-nm") == 0) {
-	    mic_flag = 0;
-	  } else  if (strcmp(*argv, "-v1") == 0) {
-	    v1_format = 1;
-	  } else
-	    break;
-	  argc--; argv++;
-     }
-     if (argc != 3)
-	  usage();
+        else if (strcmp(*argv, "-d") == 0) {
+            gss_flags |= GSS_C_DELEG_FLAG;
+        } else if (strcmp(*argv, "-seq") == 0) {
+            gss_flags |= GSS_C_SEQUENCE_FLAG;
+        } else if (strcmp(*argv, "-noreplay") == 0) {
+            gss_flags &= ~GSS_C_REPLAY_FLAG;
+        } else if (strcmp(*argv, "-nomutual") == 0) {
+            gss_flags &= ~GSS_C_MUTUAL_FLAG;
+        } else if (strcmp(*argv, "-f") == 0) {
+            use_file = 1;
+        } else if (strcmp(*argv, "-q") == 0) {
+            verbose = 0;
+        } else if (strcmp(*argv, "-ccount") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            ccount = atoi(*argv);
+            if (ccount <= 0) usage();
+        } else if (strcmp(*argv, "-mcount") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            mcount = atoi(*argv);
+            if (mcount < 0) usage();
+        } else if (strcmp(*argv, "-na") == 0) {
+            auth_flag = wrap_flag = encrypt_flag = mic_flag = 0;
+        } else if (strcmp(*argv, "-nw") == 0) {
+            wrap_flag = 0;
+        } else if (strcmp(*argv, "-nx") == 0) {
+            encrypt_flag = 0;
+        } else if (strcmp(*argv, "-nm") == 0) {
+            mic_flag = 0;
+        } else  if (strcmp(*argv, "-v1") == 0) {
+            v1_format = 1;
+        } else
+            break;
+        argc--; argv++;
+    }
+    if (argc != 3)
+        usage();
 
 #ifdef _WIN32
     if (max_threads < 1) {
@@ -830,16 +831,16 @@ int main(argc, argv)
     SetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT","1");
 #endif
 
-     server_host = *argv++;
-     service_name = *argv++;
-     msg = *argv++;
+    server_host = *argv++;
+    service_name = *argv++;
+    msg = *argv++;
 
-     if (mechanism)
-	 parse_oid(mechanism, &oid);
+    if (mechanism)
+        parse_oid(mechanism, &oid);
 
-     if (get_server_info(server_host, port) < 0) {
-	 exit(1);
-     }
+    if (get_server_info(server_host, port) < 0) {
+        exit(1);
+    }
 
     if ( max_threads == 1 ) {
         for (i = 0; i < ccount; i++) {
@@ -854,14 +855,14 @@ int main(argc, argv)
                     exit(7);
                 }
 #else
-		int err;
-		pthread_t thr;
-		err = pthread_create(&thr, 0, (void *(*)(void *))worker_bee, malloc(12));
-		if (err) {
-		    perror("pthread_create");
-		    exit(7);
-		}
-		(void) pthread_detach(thr);
+                int err;
+                pthread_t thr;
+                err = pthread_create(&thr, 0, (void *(*)(void *))worker_bee, malloc(12));
+                if (err) {
+                    perror("pthread_create");
+                    exit(7);
+                }
+                (void) pthread_detach(thr);
 #endif
             } else {
                 exit(8);
@@ -876,7 +877,7 @@ int main(argc, argv)
     CleanupHandles();
 #else
     if (max_threads > 1)
-	sleep(10);
+        sleep(10);
 #endif
 
     return 0;
diff --git a/src/tests/gss-threads/gss-server.c b/src/tests/gss-threads/gss-server.c
index a751bf2..532ee86 100644
--- a/src/tests/gss-threads/gss-server.c
+++ b/src/tests/gss-threads/gss-server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1994 by OpenVision Technologies, Inc.
  *
@@ -74,13 +75,13 @@
 
 static void usage()
 {
-     fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
+    fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]");
 #ifdef _WIN32
-     fprintf(stderr, " [-threads num]");
+    fprintf(stderr, " [-threads num]");
 #endif
-     fprintf(stderr, "\n");
-     fprintf(stderr, "       [-inetd] [-export] [-logfile file] service_name\n");
-     exit(1);
+    fprintf(stderr, "\n");
+    fprintf(stderr, "       [-inetd] [-export] [-logfile file] service_name\n");
+    exit(1);
 }
 
 FILE *logfile;
@@ -94,8 +95,8 @@ int verbose = 0;
  *
  * Arguments:
  *
- * 	service_name	(r) the ASCII service name
- * 	server_creds	(w) the GSS-API service credentials
+ *      service_name    (r) the ASCII service name
+ *      server_creds    (w) the GSS-API service credentials
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -107,33 +108,33 @@ int verbose = 0;
  * 0 is returned.
  */
 static int server_acquire_creds(service_name, server_creds)
-     char *service_name;
-     gss_cred_id_t *server_creds;
+    char *service_name;
+    gss_cred_id_t *server_creds;
 {
-     gss_buffer_desc name_buf;
-     gss_name_t server_name;
-     OM_uint32 maj_stat, min_stat;
-
-     name_buf.value = service_name;
-     name_buf.length = strlen(name_buf.value) + 1;
-     maj_stat = gss_import_name(&min_stat, &name_buf,
-				(gss_OID) gss_nt_service_name, &server_name);
-     if (maj_stat != GSS_S_COMPLETE) {
-	  display_status("importing name", maj_stat, min_stat);
-	  return -1;
-     }
-
-     maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
-				 GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
-				 server_creds, NULL, NULL);
-     if (maj_stat != GSS_S_COMPLETE) {
-	  display_status("acquiring credentials", maj_stat, min_stat);
-	  return -1;
-     }
-
-     (void) gss_release_name(&min_stat, &server_name);
-
-     return 0;
+    gss_buffer_desc name_buf;
+    gss_name_t server_name;
+    OM_uint32 maj_stat, min_stat;
+
+    name_buf.value = service_name;
+    name_buf.length = strlen(name_buf.value) + 1;
+    maj_stat = gss_import_name(&min_stat, &name_buf,
+                               (gss_OID) gss_nt_service_name, &server_name);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing name", maj_stat, min_stat);
+        return -1;
+    }
+
+    maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
+                                GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
+                                server_creds, NULL, NULL);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("acquiring credentials", maj_stat, min_stat);
+        return -1;
+    }
+
+    (void) gss_release_name(&min_stat, &server_name);
+
+    return 0;
 }
 
 /*
@@ -145,10 +146,10 @@ static int server_acquire_creds(service_name, server_creds)
  *
  * Arguments:
  *
- * 	s		(r) an established TCP connection to the client
- * 	service_creds	(r) server credentials, from gss_acquire_cred
- * 	context		(w) the established GSS-API context
- * 	client_name	(w) the client's ASCII name
+ *      s               (r) an established TCP connection to the client
+ *      service_creds   (r) server credentials, from gss_acquire_cred
+ *      context         (w) the established GSS-API context
+ *      client_name     (w) the client's ASCII name
  *
  * Returns: 0 on success, -1 on failure
  *
@@ -160,131 +161,131 @@ static int server_acquire_creds(service_name, server_creds)
  * message is displayed and -1 is returned.
  */
 static int server_establish_context(s, server_creds, context, client_name,
-				    ret_flags)
-     int s;
-     gss_cred_id_t server_creds;
-     gss_ctx_id_t *context;
-     gss_buffer_t client_name;
-     OM_uint32 *ret_flags;
+                                    ret_flags)
+    int s;
+    gss_cred_id_t server_creds;
+    gss_ctx_id_t *context;
+    gss_buffer_t client_name;
+    OM_uint32 *ret_flags;
 {
-     gss_buffer_desc send_tok, recv_tok;
-     gss_name_t client;
-     gss_OID doid;
-     OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
-     gss_buffer_desc	oid_name;
-     int token_flags;
-
-     if (recv_token(s, &token_flags, &recv_tok) < 0)
-       return -1;
-
-     if (recv_tok.value) {
-       free (recv_tok.value);
-       recv_tok.value = NULL;
-     }
-
-     if (! (token_flags & TOKEN_NOOP)) {
-       if (logfile)
-	 fprintf(logfile, "Expected NOOP token, got %d token instead\n",
-		 token_flags);
-       return -1;
-     }
-
-     *context = GSS_C_NO_CONTEXT;
-
-     if (token_flags & TOKEN_CONTEXT_NEXT) {
-       do {
-	 if (recv_token(s, &token_flags, &recv_tok) < 0)
-	   return -1;
-
-	 if (verbose && logfile) {
-	   fprintf(logfile, "Received token (size=%d): \n", (int) recv_tok.length);
-	   print_token(&recv_tok);
-	 }
-
-	 maj_stat =
-	   gss_accept_sec_context(&acc_sec_min_stat,
-				  context,
-				  server_creds,
-				  &recv_tok,
-				  GSS_C_NO_CHANNEL_BINDINGS,
-				  &client,
-				  &doid,
-				  &send_tok,
-				  ret_flags,
-				  NULL, 	/* ignore time_rec */
-				  NULL); 	/* ignore del_cred_handle */
-
-	 if(recv_tok.value) {
-	     free(recv_tok.value);
-	     recv_tok.value = NULL;
-	 }
-
-	 if (send_tok.length != 0) {
-	   if (verbose && logfile) {
-	     fprintf(logfile,
-		     "Sending accept_sec_context token (size=%d):\n",
-		     (int) send_tok.length);
-	     print_token(&send_tok);
-	   }
-	   if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
-	     if (logfile)
-	       fprintf(logfile, "failure sending token\n");
-	     return -1;
-	   }
-
-	   (void) gss_release_buffer(&min_stat, &send_tok);
-	 }
-	 if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
-	      display_status("accepting context", maj_stat,
-			     acc_sec_min_stat);
-	      if (*context != GSS_C_NO_CONTEXT)
-		      gss_delete_sec_context(&min_stat, context,
-					     GSS_C_NO_BUFFER);
-	      return -1;
-	 }
-
-	 if (verbose && logfile) {
-	   if (maj_stat == GSS_S_CONTINUE_NEEDED)
-	     fprintf(logfile, "continue needed...\n");
-	   else
-	     fprintf(logfile, "\n");
-	   fflush(logfile);
-	 }
-       } while (maj_stat == GSS_S_CONTINUE_NEEDED);
-
-       /* display the flags */
-       display_ctx_flags(*ret_flags);
-
-       if (verbose && logfile) {
-	 maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
-	 if (maj_stat != GSS_S_COMPLETE) {
-	   display_status("converting oid->string", maj_stat, min_stat);
-	   return -1;
-	 }
-	 fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
-		 (int) oid_name.length, (char *) oid_name.value);
-	 (void) gss_release_buffer(&min_stat, &oid_name);
-       }
-
-       maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
-       if (maj_stat != GSS_S_COMPLETE) {
-	 display_status("displaying name", maj_stat, min_stat);
-	 return -1;
-       }
-       maj_stat = gss_release_name(&min_stat, &client);
-       if (maj_stat != GSS_S_COMPLETE) {
-	 display_status("releasing name", maj_stat, min_stat);
-	 return -1;
-       }
-     }
-     else {
-       client_name->length = *ret_flags = 0;
-
-       if (logfile)
-	 fprintf(logfile, "Accepted unauthenticated connection.\n");
-     }
-
-     return 0;
+    gss_buffer_desc send_tok, recv_tok;
+    gss_name_t client;
+    gss_OID doid;
+    OM_uint32 maj_stat, min_stat, acc_sec_min_stat;
+    gss_buffer_desc    oid_name;
+    int token_flags;
+
+    if (recv_token(s, &token_flags, &recv_tok) < 0)
+        return -1;
+
+    if (recv_tok.value) {
+        free (recv_tok.value);
+        recv_tok.value = NULL;
+    }
+
+    if (! (token_flags & TOKEN_NOOP)) {
+        if (logfile)
+            fprintf(logfile, "Expected NOOP token, got %d token instead\n",
+                    token_flags);
+        return -1;
+    }
+
+    *context = GSS_C_NO_CONTEXT;
+
+    if (token_flags & TOKEN_CONTEXT_NEXT) {
+        do {
+            if (recv_token(s, &token_flags, &recv_tok) < 0)
+                return -1;
+
+            if (verbose && logfile) {
+                fprintf(logfile, "Received token (size=%d): \n", (int) recv_tok.length);
+                print_token(&recv_tok);
+            }
+
+            maj_stat =
+                gss_accept_sec_context(&acc_sec_min_stat,
+                                       context,
+                                       server_creds,
+                                       &recv_tok,
+                                       GSS_C_NO_CHANNEL_BINDINGS,
+                                       &client,
+                                       &doid,
+                                       &send_tok,
+                                       ret_flags,
+                                       NULL,         /* ignore time_rec */
+                                       NULL);        /* ignore del_cred_handle */
+
+            if(recv_tok.value) {
+                free(recv_tok.value);
+                recv_tok.value = NULL;
+            }
+
+            if (send_tok.length != 0) {
+                if (verbose && logfile) {
+                    fprintf(logfile,
+                            "Sending accept_sec_context token (size=%d):\n",
+                            (int) send_tok.length);
+                    print_token(&send_tok);
+                }
+                if (send_token(s, TOKEN_CONTEXT, &send_tok) < 0) {
+                    if (logfile)
+                        fprintf(logfile, "failure sending token\n");
+                    return -1;
+                }
+
+                (void) gss_release_buffer(&min_stat, &send_tok);
+            }
+            if (maj_stat!=GSS_S_COMPLETE && maj_stat!=GSS_S_CONTINUE_NEEDED) {
+                display_status("accepting context", maj_stat,
+                               acc_sec_min_stat);
+                if (*context != GSS_C_NO_CONTEXT)
+                    gss_delete_sec_context(&min_stat, context,
+                                           GSS_C_NO_BUFFER);
+                return -1;
+            }
+
+            if (verbose && logfile) {
+                if (maj_stat == GSS_S_CONTINUE_NEEDED)
+                    fprintf(logfile, "continue needed...\n");
+                else
+                    fprintf(logfile, "\n");
+                fflush(logfile);
+            }
+        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
+
+        /* display the flags */
+        display_ctx_flags(*ret_flags);
+
+        if (verbose && logfile) {
+            maj_stat = gss_oid_to_str(&min_stat, doid, &oid_name);
+            if (maj_stat != GSS_S_COMPLETE) {
+                display_status("converting oid->string", maj_stat, min_stat);
+                return -1;
+            }
+            fprintf(logfile, "Accepted connection using mechanism OID %.*s.\n",
+                    (int) oid_name.length, (char *) oid_name.value);
+            (void) gss_release_buffer(&min_stat, &oid_name);
+        }
+
+        maj_stat = gss_display_name(&min_stat, client, client_name, &doid);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("displaying name", maj_stat, min_stat);
+            return -1;
+        }
+        maj_stat = gss_release_name(&min_stat, &client);
+        if (maj_stat != GSS_S_COMPLETE) {
+            display_status("releasing name", maj_stat, min_stat);
+            return -1;
+        }
+    }
+    else {
+        client_name->length = *ret_flags = 0;
+
+        if (logfile)
+            fprintf(logfile, "Accepted unauthenticated connection.\n");
+    }
+
+    return 0;
 }
 
 /*
@@ -294,7 +295,7 @@ static int server_establish_context(s, server_creds, context, client_name,
  *
  * Arguments:
  *
- * 	port		(r) the port number on which to listen
+ *      port            (r) the port number on which to listen
  *
  * Returns: the listening socket file descriptor, or -1 on failure
  *
@@ -304,88 +305,88 @@ static int server_establish_context(s, server_creds, context, client_name,
  * On error, an error message is displayed and -1 is returned.
  */
 static int create_socket(port)
-     u_short port;
+    u_short port;
 {
-     struct sockaddr_in saddr;
-     int s;
-     int on = 1;
-
-     saddr.sin_family = AF_INET;
-     saddr.sin_port = htons(port);
-     saddr.sin_addr.s_addr = INADDR_ANY;
-
-     if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-	  perror("creating socket");
-	  return -1;
-     }
-     /* Let the socket be reused right away */
-     (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
-     if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
-	  perror("binding socket");
-	  (void) close(s);
-	  return -1;
-     }
-     if (listen(s, 5) < 0) {
-	  perror("listening on socket");
-	  (void) close(s);
-	  return -1;
-     }
-     return s;
+    struct sockaddr_in saddr;
+    int s;
+    int on = 1;
+
+    saddr.sin_family = AF_INET;
+    saddr.sin_port = htons(port);
+    saddr.sin_addr.s_addr = INADDR_ANY;
+
+    if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+        perror("creating socket");
+        return -1;
+    }
+    /* Let the socket be reused right away */
+    (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof(on));
+    if (bind(s, (struct sockaddr *) &saddr, sizeof(saddr)) < 0) {
+        perror("binding socket");
+        (void) close(s);
+        return -1;
+    }
+    if (listen(s, 5) < 0) {
+        perror("listening on socket");
+        (void) close(s);
+        return -1;
+    }
+    return s;
 }
 
 static float timeval_subtract(tv1, tv2)
-	struct timeval *tv1, *tv2;
+    struct timeval *tv1, *tv2;
 {
-	return ((tv1->tv_sec - tv2->tv_sec) +
-		((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
+    return ((tv1->tv_sec - tv2->tv_sec) +
+            ((float) (tv1->tv_usec - tv2->tv_usec)) / 1000000);
 }
 
 /*
  * Yes, yes, this isn't the best place for doing this test.
  * DO NOT REMOVE THIS UNTIL A BETTER TEST HAS BEEN WRITTEN, THOUGH.
- * 					-TYT
+ *                                      -TYT
  */
 static int test_import_export_context(context)
-	gss_ctx_id_t *context;
+    gss_ctx_id_t *context;
 {
-	OM_uint32	min_stat, maj_stat;
-	gss_buffer_desc context_token, copied_token;
-	struct timeval tm1, tm2;
-
-	/*
-	 * Attempt to save and then restore the context.
-	 */
-	gettimeofday(&tm1, (struct timezone *)0);
-	maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
-	if (maj_stat != GSS_S_COMPLETE) {
-		display_status("exporting context", maj_stat, min_stat);
-		return 1;
-	}
-	gettimeofday(&tm2, (struct timezone *)0);
-	if (verbose && logfile)
-		fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
-			(int) context_token.length,
-			timeval_subtract(&tm2, &tm1));
-	copied_token.length = context_token.length;
-	copied_token.value = malloc(context_token.length);
-	if (copied_token.value == 0) {
-	  if (logfile)
-	    fprintf(logfile, "Couldn't allocate memory to copy context token.\n");
-	  return 1;
-	}
-	memcpy(copied_token.value, context_token.value, copied_token.length);
-	maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
-	if (maj_stat != GSS_S_COMPLETE) {
-		display_status("importing context", maj_stat, min_stat);
-		return 1;
-	}
-	free(copied_token.value);
-	gettimeofday(&tm1, (struct timezone *)0);
-	if (verbose && logfile)
-		fprintf(logfile, "Importing context: %7.4f seconds\n",
-			timeval_subtract(&tm1, &tm2));
-	(void) gss_release_buffer(&min_stat, &context_token);
-	return 0;
+    OM_uint32       min_stat, maj_stat;
+    gss_buffer_desc context_token, copied_token;
+    struct timeval tm1, tm2;
+
+    /*
+     * Attempt to save and then restore the context.
+     */
+    gettimeofday(&tm1, (struct timezone *)0);
+    maj_stat = gss_export_sec_context(&min_stat, context, &context_token);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("exporting context", maj_stat, min_stat);
+        return 1;
+    }
+    gettimeofday(&tm2, (struct timezone *)0);
+    if (verbose && logfile)
+        fprintf(logfile, "Exported context: %d bytes, %7.4f seconds\n",
+                (int) context_token.length,
+                timeval_subtract(&tm2, &tm1));
+    copied_token.length = context_token.length;
+    copied_token.value = malloc(context_token.length);
+    if (copied_token.value == 0) {
+        if (logfile)
+            fprintf(logfile, "Couldn't allocate memory to copy context token.\n");
+        return 1;
+    }
+    memcpy(copied_token.value, context_token.value, copied_token.length);
+    maj_stat = gss_import_sec_context(&min_stat, &copied_token, context);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("importing context", maj_stat, min_stat);
+        return 1;
+    }
+    free(copied_token.value);
+    gettimeofday(&tm1, (struct timezone *)0);
+    if (verbose && logfile)
+        fprintf(logfile, "Importing context: %7.4f seconds\n",
+                timeval_subtract(&tm1, &tm2));
+    (void) gss_release_buffer(&min_stat, &context_token);
+    return 0;
 }
 
 /*
@@ -395,11 +396,11 @@ static int test_import_export_context(context)
  *
  * Arguments:
  *
- * 	s		(r) a TCP socket on which a connection has been
- *			accept()ed
- * 	service_name	(r) the ASCII name of the GSS-API service to
- * 			establish a context as
- *	export		(r) whether to test context exporting
+ *      s               (r) a TCP socket on which a connection has been
+ *                      accept()ed
+ *      service_name    (r) the ASCII name of the GSS-API service to
+ *                      establish a context as
+ *      export          (r) whether to test context exporting
  *
  * Returns: -1 on error
  *
@@ -415,20 +416,20 @@ static int test_import_export_context(context)
  * If any error occurs, -1 is returned.
  */
 static int sign_server(s, server_creds, export)
-     int s;
-     gss_cred_id_t server_creds;
-     int export;
+    int s;
+    gss_cred_id_t server_creds;
+    int export;
 {
     gss_buffer_desc client_name, xmit_buf, msg_buf;
     gss_ctx_id_t context;
     OM_uint32 maj_stat, min_stat;
     int i, conf_state, ret_flags;
-    char	*cp;
+    char        *cp;
     int token_flags;
 
     /* Establish a context with the client */
     if (server_establish_context(s, server_creds, &context,
-                                  &client_name, &ret_flags) < 0)
+                                 &client_name, &ret_flags) < 0)
         return(-1);
 
     if (context == GSS_C_NO_CONTEXT) {
@@ -436,7 +437,7 @@ static int sign_server(s, server_creds, export)
     }
     else {
         printf("Accepted connection: \"%.*s\"\n",
-                (int) client_name.length, (char *) client_name.value);
+               (int) client_name.length, (char *) client_name.value);
         (void) gss_release_buffer(&min_stat, &client_name);
 
         if (export) {
@@ -467,10 +468,10 @@ static int sign_server(s, server_creds, export)
         }
 
         if ((context == GSS_C_NO_CONTEXT) &&
-             (    token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
+            (    token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) {
             if (logfile)
                 fprintf(logfile,
-                         "Unauthenticated client requested authenticated services!\n");
+                        "Unauthenticated client requested authenticated services!\n");
             if(xmit_buf.value) {
                 free (xmit_buf.value);
                 xmit_buf.value = 0;
@@ -480,7 +481,7 @@ static int sign_server(s, server_creds, export)
 
         if (token_flags & TOKEN_WRAPPED) {
             maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf,
-                                   &conf_state, (gss_qop_t *) NULL);
+                                  &conf_state, (gss_qop_t *) NULL);
             if (maj_stat != GSS_S_COMPLETE) {
                 display_status("unsealing message", maj_stat, min_stat);
                 if(xmit_buf.value) {
@@ -505,19 +506,19 @@ static int sign_server(s, server_creds, export)
             fprintf(logfile, "Received message: ");
             cp = msg_buf.value;
             if ((isprint((int) cp[0]) || isspace((int) cp[0])) &&
-                 (isprint((int) cp[1]) || isspace((int) cp[1]))) {
+                (isprint((int) cp[1]) || isspace((int) cp[1]))) {
                 fprintf(logfile, "\"%.*s\"\n", (int) msg_buf.length,
-                         (char *) msg_buf.value);
-                 } else {
-                     fprintf(logfile, "\n");
-                     print_token(&msg_buf);
-                 }
+                        (char *) msg_buf.value);
+            } else {
+                fprintf(logfile, "\n");
+                print_token(&msg_buf);
+            }
         }
 
         if (token_flags & TOKEN_SEND_MIC) {
             /* Produce a signature block for the message */
             maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT,
-                                    &msg_buf, &xmit_buf);
+                                   &msg_buf, &xmit_buf);
             if (maj_stat != GSS_S_COMPLETE) {
                 display_status("signing message", maj_stat, min_stat);
                 return(-1);
@@ -631,16 +632,16 @@ WaitAndIncrementThreadCounter(void)
     int err;
     err = pthread_mutex_lock(&counter_mutex);
     if (err) {
-	perror("pthread_mutex_lock");
-	return 0;
+        perror("pthread_mutex_lock");
+        return 0;
     }
     if (counter == max_threads) {
-	err = pthread_cond_wait(&counter_cond, &counter_mutex);
-	if (err) {
-	    pthread_mutex_unlock(&counter_mutex);
-	    perror("pthread_cond_wait");
-	    return 0;
-	}
+        err = pthread_cond_wait(&counter_cond, &counter_mutex);
+        if (err) {
+            pthread_mutex_unlock(&counter_mutex);
+            perror("pthread_cond_wait");
+            return 0;
+        }
     }
     counter++;
     pthread_mutex_unlock(&counter_mutex);
@@ -652,11 +653,11 @@ DecrementAndSignalThreadCounter(void)
     int err;
     err = pthread_mutex_lock(&counter_mutex);
     if (err) {
-	perror("pthread_mutex_lock");
-	return;
+        perror("pthread_mutex_lock");
+        return;
     }
     if (counter == max_threads)
-	pthread_cond_broadcast(&counter_cond);
+        pthread_cond_broadcast(&counter_cond);
     counter--;
     pthread_mutex_unlock(&counter_mutex);
 }
@@ -689,69 +690,69 @@ worker_bee(void * param)
 
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-     char *service_name;
-     gss_cred_id_t server_creds;
-     OM_uint32 min_stat;
-     u_short port = 4444;
-     int once = 0;
-     int do_inetd = 0;
-     int export = 0;
-
-     signal(SIGPIPE, SIG_IGN);
-     logfile = stdout;
-     display_file = stdout;
-     argc--; argv++;
-     while (argc) {
-	  if (strcmp(*argv, "-port") == 0) {
-	       argc--; argv++;
-	       if (!argc) usage();
-	       port = atoi(*argv);
-	  }
+    char *service_name;
+    gss_cred_id_t server_creds;
+    OM_uint32 min_stat;
+    u_short port = 4444;
+    int once = 0;
+    int do_inetd = 0;
+    int export = 0;
+
+    signal(SIGPIPE, SIG_IGN);
+    logfile = stdout;
+    display_file = stdout;
+    argc--; argv++;
+    while (argc) {
+        if (strcmp(*argv, "-port") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            port = atoi(*argv);
+        }
 #if defined _WIN32 || 1
-          else if (strcmp(*argv, "-threads") == 0) {
-              argc--; argv++;
-              if (!argc) usage();
-              max_threads = atoi(*argv);
-          }
+        else if (strcmp(*argv, "-threads") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            max_threads = atoi(*argv);
+        }
 #endif
-          else if (strcmp(*argv, "-verbose") == 0) {
-	      verbose = 1;
-	  } else if (strcmp(*argv, "-once") == 0) {
-	      once = 1;
-	  } else if (strcmp(*argv, "-inetd") == 0) {
-	      do_inetd = 1;
-	  } else if (strcmp(*argv, "-export") == 0) {
-	      export = 1;
-	  } else if (strcmp(*argv, "-logfile") == 0) {
-	      argc--; argv++;
-	      if (!argc) usage();
-	      /* Gross hack, but it makes it unnecessary to add an
-                 extra argument to disable logging, and makes the code
-                 more efficient because it doesn't actually write data
-                 to /dev/null. */
-	      if (! strcmp(*argv, "/dev/null")) {
-		logfile = display_file = NULL;
-	      }
-	      else {
-		logfile = fopen(*argv, "a");
-		display_file = logfile;
-		if (!logfile) {
-		  perror(*argv);
-		  exit(1);
-		}
-	      }
-	  } else
-	       break;
-	  argc--; argv++;
-     }
-     if (argc != 1)
-	  usage();
-
-     if ((*argv)[0] == '-')
-	  usage();
+        else if (strcmp(*argv, "-verbose") == 0) {
+            verbose = 1;
+        } else if (strcmp(*argv, "-once") == 0) {
+            once = 1;
+        } else if (strcmp(*argv, "-inetd") == 0) {
+            do_inetd = 1;
+        } else if (strcmp(*argv, "-export") == 0) {
+            export = 1;
+        } else if (strcmp(*argv, "-logfile") == 0) {
+            argc--; argv++;
+            if (!argc) usage();
+            /* Gross hack, but it makes it unnecessary to add an
+               extra argument to disable logging, and makes the code
+               more efficient because it doesn't actually write data
+               to /dev/null. */
+            if (! strcmp(*argv, "/dev/null")) {
+                logfile = display_file = NULL;
+            }
+            else {
+                logfile = fopen(*argv, "a");
+                display_file = logfile;
+                if (!logfile) {
+                    perror(*argv);
+                    exit(1);
+                }
+            }
+        } else
+            break;
+        argc--; argv++;
+    }
+    if (argc != 1)
+        usage();
+
+    if ((*argv)[0] == '-')
+        usage();
 
 #ifdef _WIN32
     if (max_threads < 1) {
@@ -765,88 +766,88 @@ main(argc, argv)
     InitHandles();
 #endif
 
-     service_name = *argv;
+    service_name = *argv;
 
-     if (server_acquire_creds(service_name, &server_creds) < 0)
-	 return -1;
+    if (server_acquire_creds(service_name, &server_creds) < 0)
+        return -1;
 
-     if (do_inetd) {
-	 close(1);
-	 close(2);
+    if (do_inetd) {
+        close(1);
+        close(2);
 
-	 sign_server(0, server_creds, export);
-	 close(0);
-     } else {
-	 int stmp;
+        sign_server(0, server_creds, export);
+        close(0);
+    } else {
+        int stmp;
 
- 	 if ((stmp = create_socket(port)) >= 0) {
-             if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
-                 perror("listening on socket");
+        if ((stmp = create_socket(port)) >= 0) {
+            if (listen(stmp, max_threads == 1 ? 0 : max_threads) < 0)
+                perror("listening on socket");
 
-             do {
-                 struct _work_plan * work = malloc(sizeof(struct _work_plan));
+            do {
+                struct _work_plan * work = malloc(sizeof(struct _work_plan));
 
-                 if ( work == NULL ) {
-                     fprintf(stderr, "fatal error: out of memory");
-                     break;
-                 }
+                if ( work == NULL ) {
+                    fprintf(stderr, "fatal error: out of memory");
+                    break;
+                }
 
-                 /* Accept a TCP connection */
-                 if ((work->s = accept(stmp, NULL, 0)) < 0) {
-                     perror("accepting connection");
-                     continue;
-                 }
+                /* Accept a TCP connection */
+                if ((work->s = accept(stmp, NULL, 0)) < 0) {
+                    perror("accepting connection");
+                    continue;
+                }
 
-                 work->server_creds = server_creds;
-                 work->export = export;
+                work->server_creds = server_creds;
+                work->export = export;
 
-                 if (max_threads == 1) {
-                     worker_bee((void *)work);
-                 }
+                if (max_threads == 1) {
+                    worker_bee((void *)work);
+                }
 #if defined _WIN32 || 1
-                 else {
-                     if ( WaitAndIncrementThreadCounter() ) {
+                else {
+                    if ( WaitAndIncrementThreadCounter() ) {
 #ifdef _WIN32
-                         uintptr_t handle = _beginthread(worker_bee, 0, (void *)work);
-                         if (handle == (uintptr_t)-1) {
-                             closesocket(work->s);
-                             free(work);
-                         }
+                        uintptr_t handle = _beginthread(worker_bee, 0, (void *)work);
+                        if (handle == (uintptr_t)-1) {
+                            closesocket(work->s);
+                            free(work);
+                        }
 #else
-			 int err;
-			 pthread_t thr;
-			 err = pthread_create(&thr, 0, (void *(*)(void *))worker_bee,
-					      (void *) work);
-			 if (err) {
-			     perror("pthread_create");
-			     closesocket(work->s);
-			     free(work);
-			 }
-			 (void) pthread_detach(thr);
+                        int err;
+                        pthread_t thr;
+                        err = pthread_create(&thr, 0, (void *(*)(void *))worker_bee,
+                                             (void *) work);
+                        if (err) {
+                            perror("pthread_create");
+                            closesocket(work->s);
+                            free(work);
+                        }
+                        (void) pthread_detach(thr);
 #endif
-                     } else {
-                         fprintf(stderr, "fatal error incrementing thread counter");
-                         closesocket(work->s);
-                         free(work);
-                         break;
-                     }
-                 }
+                    } else {
+                        fprintf(stderr, "fatal error incrementing thread counter");
+                        closesocket(work->s);
+                        free(work);
+                        break;
+                    }
+                }
 #endif
-             } while (!once);
+            } while (!once);
 
- 	     closesocket(stmp);
- 	 }
-     }
+            closesocket(stmp);
+        }
+    }
 
-     (void) gss_release_cred(&min_stat, &server_creds);
+    (void) gss_release_cred(&min_stat, &server_creds);
 
 #ifdef _WIN32
     CleanupHandles();
 #else
     if (max_threads > 1)
-	while (1)
-	    sleep (999999);
+        while (1)
+            sleep (999999);
 #endif
 
-     return 0;
+    return 0;
 }
diff --git a/src/tests/gssapi/Makefile.in b/src/tests/gssapi/Makefile.in
index 1f48b8b..98020d4 100644
--- a/src/tests/gssapi/Makefile.in
+++ b/src/tests/gssapi/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/gssapi
 mydir=tests/gssapi
 BUILDTOP=$(REL)..$(S)..
 DEFINES = -DUSE_AUTOCONF_H
diff --git a/src/tests/gssapi/deps b/src/tests/gssapi/deps
index 4a367a6..c59b74f 100644
--- a/src/tests/gssapi/deps
+++ b/src/tests/gssapi/deps
@@ -5,9 +5,9 @@ $(OUTPRE)t_imp_name.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_generic.h t_imp_name.c
 $(OUTPRE)t_s4u.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   t_s4u.c
 $(OUTPRE)t_namingexts.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssapi/gssapi_ext.h $(BUILDTOP)/include/gssapi/gssapi_generic.h \
   $(BUILDTOP)/include/gssapi/gssapi_krb5.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_namingexts.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h t_namingexts.c
diff --git a/src/tests/gssapi/t_imp_name.c b/src/tests/gssapi/t_imp_name.c
index e64a1f5..a51c980 100644
--- a/src/tests/gssapi/t_imp_name.c
+++ b/src/tests/gssapi/t_imp_name.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1996, Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -42,68 +43,68 @@ static int test_import_name (char *);
 FILE *display_file;
 
 int main(argc, argv)
-	int argc;
-	char **argv;
+    int argc;
+    char **argv;
 {
-	int retval;
+    int retval;
 
-	display_file = stdout;
+    display_file = stdout;
 
-	retval = test_import_name("host@dcl.mit.edu");
+    retval = test_import_name("host@dcl.mit.edu");
 
-	return retval;
+    return retval;
 }
 
 static int test_import_name(name)
-	char *name;
+    char *name;
 {
-	OM_uint32 maj_stat, min_stat;
-	gss_name_t gss_name;
-	gss_buffer_desc buffer_name;
-	gss_OID	name_oid;
-
-	buffer_name.value = name;
-	buffer_name.length = strlen(name) + 1;
-	maj_stat = gss_import_name(&min_stat, &buffer_name,
-				   (gss_OID) gss_nt_service_name,
-				   &gss_name);
-	if (maj_stat != GSS_S_COMPLETE) {
-		display_status("parsing name", maj_stat, min_stat);
-		return -1;
-	}
-
-	maj_stat = gss_display_name(&min_stat, gss_name, &buffer_name,
-				    &name_oid);
-	if (maj_stat != GSS_S_COMPLETE) {
-		display_status("displaying context", maj_stat, min_stat);
-		return -1;
-	}
-	printf("name is: ");
-	display_buffer(buffer_name);
-	printf("\n");
-	(void) gss_release_buffer(&min_stat, &buffer_name);
-
-	gss_oid_to_str(&min_stat, name_oid, &buffer_name);
-	printf("name type is: ");
-	display_buffer(buffer_name);
-	printf("\n");
-	(void) gss_release_buffer(&min_stat, &buffer_name);
-#ifdef	GSSAPI_V2
-	(void) gss_release_oid(&min_stat, &name_oid);
+    OM_uint32 maj_stat, min_stat;
+    gss_name_t gss_name;
+    gss_buffer_desc buffer_name;
+    gss_OID name_oid;
+
+    buffer_name.value = name;
+    buffer_name.length = strlen(name) + 1;
+    maj_stat = gss_import_name(&min_stat, &buffer_name,
+                               (gss_OID) gss_nt_service_name,
+                               &gss_name);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("parsing name", maj_stat, min_stat);
+        return -1;
+    }
+
+    maj_stat = gss_display_name(&min_stat, gss_name, &buffer_name,
+                                &name_oid);
+    if (maj_stat != GSS_S_COMPLETE) {
+        display_status("displaying context", maj_stat, min_stat);
+        return -1;
+    }
+    printf("name is: ");
+    display_buffer(buffer_name);
+    printf("\n");
+    (void) gss_release_buffer(&min_stat, &buffer_name);
+
+    gss_oid_to_str(&min_stat, name_oid, &buffer_name);
+    printf("name type is: ");
+    display_buffer(buffer_name);
+    printf("\n");
+    (void) gss_release_buffer(&min_stat, &buffer_name);
+#ifdef  GSSAPI_V2
+    (void) gss_release_oid(&min_stat, &name_oid);
 #endif
-	(void) gss_release_name(&min_stat, &gss_name);
-	return 0;
+    (void) gss_release_name(&min_stat, &gss_name);
+    return 0;
 }
 
 static void display_buffer(buffer)
-	gss_buffer_desc buffer;
+    gss_buffer_desc buffer;
 {
     char *namebuf;
 
     namebuf = malloc(buffer.length+1);
     if (!namebuf) {
-	fprintf(stderr, "display_buffer: couldn't allocate buffer!\n");
-	exit(1);
+        fprintf(stderr, "display_buffer: couldn't allocate buffer!\n");
+        exit(1);
     }
     strncpy(namebuf, buffer.value, buffer.length);
     namebuf[buffer.length] = '\0';
@@ -112,38 +113,38 @@ static void display_buffer(buffer)
 }
 
 void display_status(msg, maj_stat, min_stat)
-     char *msg;
-     OM_uint32 maj_stat;
-     OM_uint32 min_stat;
+    char *msg;
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
 {
-     display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
-     display_status_1(msg, min_stat, GSS_C_MECH_CODE);
+    display_status_1(msg, maj_stat, GSS_C_GSS_CODE);
+    display_status_1(msg, min_stat, GSS_C_MECH_CODE);
 }
 
 static void display_status_1(m, code, type)
-     char *m;
-     OM_uint32 code;
-     int type;
+    char *m;
+    OM_uint32 code;
+    int type;
 {
-     OM_uint32 min_stat;
-     gss_buffer_desc msg;
-#ifdef	GSSAPI_V2
-     OM_uint32 msg_ctx;
-#else	/* GSSAPI_V2 */
-     int msg_ctx;
-#endif	/* GSSAPI_V2 */
-
-     msg_ctx = 0;
-     while (1) {
-	  (void) gss_display_status(&min_stat, code,
-				       type, GSS_C_NULL_OID,
-				       &msg_ctx, &msg);
-	  if (display_file)
-	      fprintf(display_file, "GSS-API error %s: %s\n", m,
-		      (char *)msg.value);
-	  (void) gss_release_buffer(&min_stat, &msg);
-
-	  if (!msg_ctx)
-	       break;
-     }
+    OM_uint32 min_stat;
+    gss_buffer_desc msg;
+#ifdef  GSSAPI_V2
+    OM_uint32 msg_ctx;
+#else   /* GSSAPI_V2 */
+    int msg_ctx;
+#endif  /* GSSAPI_V2 */
+
+    msg_ctx = 0;
+    while (1) {
+        (void) gss_display_status(&min_stat, code,
+                                  type, GSS_C_NULL_OID,
+                                  &msg_ctx, &msg);
+        if (display_file)
+            fprintf(display_file, "GSS-API error %s: %s\n", m,
+                    (char *)msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
 }
diff --git a/src/tests/gssapi/t_namingexts.c b/src/tests/gssapi/t_namingexts.c
index 1f771c4..a75be95 100644
--- a/src/tests/gssapi/t_namingexts.c
+++ b/src/tests/gssapi/t_namingexts.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2009  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -36,34 +36,34 @@ static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
 static int use_spnego = 0;
 
 static void displayStatus_1(m, code, type)
-     char *m;
-     OM_uint32 code;
-     int type;
+    char *m;
+    OM_uint32 code;
+    int type;
 {
-     OM_uint32 maj_stat, min_stat;
-     gss_buffer_desc msg;
-     OM_uint32 msg_ctx;
-
-     msg_ctx = 0;
-     while (1) {
-          maj_stat = gss_display_status(&min_stat, code,
-                                       type, GSS_C_NULL_OID,
-                                       &msg_ctx, &msg);
-          fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
-          (void) gss_release_buffer(&min_stat, &msg);
-
-          if (!msg_ctx)
-               break;
-     }
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        maj_stat = gss_display_status(&min_stat, code,
+                                      type, GSS_C_NULL_OID,
+                                      &msg_ctx, &msg);
+        fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
 }
 
 static void displayStatus(msg, maj_stat, min_stat)
-     char *msg;
-     OM_uint32 maj_stat;
-     OM_uint32 min_stat;
+    char *msg;
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
 {
-     displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
-     displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
+    displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
+    displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
 }
 
 static OM_uint32
@@ -128,7 +128,7 @@ dumpAttribute(OM_uint32 *minor,
         printf("Attribute %.*s %s %s\n\n%.*s\n",
                (int)attribute->length, (char *)attribute->value,
                authenticated ? "Authenticated" : "",
-                complete ? "Complete" : "",
+               complete ? "Complete" : "",
                (int)display_value.length, (char *)display_value.value);
 
         if (noisy) {
@@ -347,8 +347,8 @@ initAcceptSecContext(OM_uint32 *minor,
                                  &initiator_context,
                                  target_name,
                                  use_spnego ?
-                                    (gss_OID)&spnego_mech :
-                                    (gss_OID)gss_mech_krb5,
+                                 (gss_OID)&spnego_mech :
+                                 (gss_OID)gss_mech_krb5,
                                  GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
                                  GSS_C_INDEFINITE,
                                  GSS_C_NO_CHANNEL_BINDINGS,
@@ -453,7 +453,7 @@ int main(int argc, char *argv[])
 
 
     mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
-                                  (gss_OID)gss_mech_krb5;
+        (gss_OID)gss_mech_krb5;
     mechs.count = 1;
 
     /* get default cred */
diff --git a/src/tests/gssapi/t_s4u.c b/src/tests/gssapi/t_s4u.c
index 08cf84f..2e23044 100644
--- a/src/tests/gssapi/t_s4u.c
+++ b/src/tests/gssapi/t_s4u.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2009  by the Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -62,34 +62,34 @@ static gss_OID_desc spnego_mech = { 6, "\053\006\001\005\005\002" };
 static int use_spnego = 0;
 
 static void displayStatus_1(m, code, type)
-     char *m;
-     OM_uint32 code;
-     int type;
+    char *m;
+    OM_uint32 code;
+    int type;
 {
-     OM_uint32 maj_stat, min_stat;
-     gss_buffer_desc msg;
-     OM_uint32 msg_ctx;
-
-     msg_ctx = 0;
-     while (1) {
-          maj_stat = gss_display_status(&min_stat, code,
-                                       type, GSS_C_NULL_OID,
-                                       &msg_ctx, &msg);
-          fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
-          (void) gss_release_buffer(&min_stat, &msg);
-
-          if (!msg_ctx)
-               break;
-     }
+    OM_uint32 maj_stat, min_stat;
+    gss_buffer_desc msg;
+    OM_uint32 msg_ctx;
+
+    msg_ctx = 0;
+    while (1) {
+        maj_stat = gss_display_status(&min_stat, code,
+                                      type, GSS_C_NULL_OID,
+                                      &msg_ctx, &msg);
+        fprintf(stderr, "%s: %s\n", m, (char *)msg.value);
+        (void) gss_release_buffer(&min_stat, &msg);
+
+        if (!msg_ctx)
+            break;
+    }
 }
 
 static void displayStatus(msg, maj_stat, min_stat)
-     char *msg;
-     OM_uint32 maj_stat;
-     OM_uint32 min_stat;
+    char *msg;
+    OM_uint32 maj_stat;
+    OM_uint32 min_stat;
 {
-     displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
-     displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
+    displayStatus_1(msg, maj_stat, GSS_C_GSS_CODE);
+    displayStatus_1(msg, min_stat, GSS_C_MECH_CODE);
 }
 
 static OM_uint32
@@ -174,7 +174,7 @@ dumpAttribute(OM_uint32 *minor,
         printf("Attribute %.*s %s %s\n\n%.*s\n",
                (int)attribute->length, (char *)attribute->value,
                authenticated ? "Authenticated" : "",
-                complete ? "Complete" : "",
+               complete ? "Complete" : "",
                (int)display_value.length, (char *)display_value.value);
 
         if (noisy) {
@@ -395,7 +395,7 @@ constrainedDelegate(OM_uint32 *minor,
                                  &initiator_context,
                                  target,
                                  mechs ? &mechs->elements[0] :
-                                         (gss_OID)gss_mech_krb5,
+                                 (gss_OID)gss_mech_krb5,
                                  GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG,
                                  GSS_C_INDEFINITE,
                                  GSS_C_NO_CHANNEL_BINDINGS,
@@ -427,7 +427,7 @@ int main(int argc, char *argv[])
 
     if (argc < 2 || argc > 5) {
         fprintf(stderr, "Usage: %s [--spnego] [user] "
-                        "[proxy-target] [keytab]\n", argv[0]);
+                "[proxy-target] [keytab]\n", argv[0]);
         fprintf(stderr, "       proxy-target and keytab are optional\n");
         exit(1);
     }
@@ -474,7 +474,7 @@ int main(int argc, char *argv[])
     }
 
     mechs.elements = use_spnego ? (gss_OID)&spnego_mech :
-                                  (gss_OID)gss_mech_krb5;
+        (gss_OID)gss_mech_krb5;
     mechs.count = 1;
 
     /* get default cred */
diff --git a/src/tests/hammer/Makefile.in b/src/tests/hammer/Makefile.in
index 263abd0..2321028 100644
--- a/src/tests/hammer/Makefile.in
+++ b/src/tests/hammer/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/hammer
 mydir=tests/hammer
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/tests/hammer/deps b/src/tests/hammer/deps
index 100c385..1f93adc 100644
--- a/src/tests/hammer/deps
+++ b/src/tests/hammer/deps
@@ -3,11 +3,11 @@
 #
 $(OUTPRE)kdc5_hammer.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h kdc5_hammer.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdc5_hammer.c
diff --git a/src/tests/hammer/pp.c b/src/tests/hammer/pp.c
index 403d60d..7fb9255 100644
--- a/src/tests/hammer/pp.c
+++ b/src/tests/hammer/pp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/hammer/pp.c
  *
@@ -13,16 +14,16 @@
 
 void
 print_principal(p)
-	krb5_principal	p;
+    krb5_principal  p;
 {
-	char	*buf;
-	krb5_error_code	retval;
+    char    *buf;
+    krb5_error_code retval;
 
-	if (retval = krb5_unparse_name(p, &buf)) {
-		com_err("DEBUG: Print_principal", retval,
-			"while unparsing name");
-		exit(1);
-	}
-	printf("%s\n", buf);
-	free(buf);
+    if (retval = krb5_unparse_name(p, &buf)) {
+        com_err("DEBUG: Print_principal", retval,
+                "while unparsing name");
+        exit(1);
+    }
+    printf("%s\n", buf);
+    free(buf);
 }
diff --git a/src/tests/misc/Makefile.in b/src/tests/misc/Makefile.in
index 45c43f4..9e52f88 100644
--- a/src/tests/misc/Makefile.in
+++ b/src/tests/misc/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/misc
 mydir=tests/misc
 BUILDTOP=$(REL)..$(S)..
 RUN_SETUP = @KRB5_RUN_ENV@
diff --git a/src/tests/misc/deps b/src/tests/misc/deps
index ead1f44..fa2e622 100644
--- a/src/tests/misc/deps
+++ b/src/tests/misc/deps
@@ -2,40 +2,40 @@
 # Generated makefile dependencies follow.
 #
 $(OUTPRE)test_getpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   test_getpw.c
 $(OUTPRE)test_getsockname.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   test_getsockname.c
 $(OUTPRE)test_cxx_krb5.$(OBJEXT): $(BUILDTOP)/include/krb5/krb5.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h test_cxx_krb5.cpp
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h test_cxx_krb5.cpp
 $(OUTPRE)test_cxx_k5int.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-ipc_stream.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-utf8.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/authdata_plugin.h $(SRCTOP)/include/krb5/locate_plugin.h \
-  $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h test_cxx_k5int.cpp
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-ipc_stream.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-utf8.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h test_cxx_k5int.cpp
 $(OUTPRE)test_cxx_gss.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   test_cxx_gss.cpp
 $(OUTPRE)test_cxx_rpc.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h test_cxx_rpc.cpp
+  $(BUILDTOP)/include/gssrpc/types.h $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h test_cxx_rpc.cpp
 $(OUTPRE)test_cxx_kadm5.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
   $(BUILDTOP)/include/gssrpc/types.h $(BUILDTOP)/include/kadm5/admin.h \
   $(BUILDTOP)/include/kadm5/chpass_util_strings.h $(BUILDTOP)/include/kadm5/kadm_err.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/gssrpc/auth.h \
-  $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \
-  $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \
-  $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \
-  $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \
-  $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h test_cxx_kadm5.cpp
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/gssrpc/auth.h \
+  $(top_srcdir)/include/gssrpc/auth_gss.h $(top_srcdir)/include/gssrpc/auth_unix.h \
+  $(top_srcdir)/include/gssrpc/clnt.h $(top_srcdir)/include/gssrpc/rename.h \
+  $(top_srcdir)/include/gssrpc/rpc.h $(top_srcdir)/include/gssrpc/rpc_msg.h \
+  $(top_srcdir)/include/gssrpc/svc.h $(top_srcdir)/include/gssrpc/svc_auth.h \
+  $(top_srcdir)/include/gssrpc/xdr.h $(top_srcdir)/include/kdb.h \
+  $(top_srcdir)/include/krb5.h test_cxx_kadm5.cpp
diff --git a/src/tests/misc/test_getpw.c b/src/tests/misc/test_getpw.c
index 6d0fb18..6264821 100644
--- a/src/tests/misc/test_getpw.c
+++ b/src/tests/misc/test_getpw.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "autoconf.h"
 #include "k5-platform.h"
 #include <stdio.h>
@@ -19,7 +20,7 @@ int main()
     x = k5_getpwuid_r(my_uid, &pwx, pwbuf, sizeof(pwbuf), &pwd);
     printf("k5_getpwuid_r returns %d\n", x);
     if (x != 0)
-	exit(1);
+        exit(1);
     printf("    username is '%s'\n", pwd->pw_name);
     exit(0);
 }
diff --git a/src/tests/misc/test_getsockname.c b/src/tests/misc/test_getsockname.c
index 6254cca..dfd5682 100644
--- a/src/tests/misc/test_getsockname.c
+++ b/src/tests/misc/test_getsockname.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test_getsockname.c
  *
@@ -27,22 +28,22 @@ main(argc, argv)
     int sock;
     GETSOCKNAME_ARG3_TYPE i;
     struct hostent *host;
-    struct sockaddr_in s_sock;		/* server address */
-    struct sockaddr_in c_sock;		/* client address */
+    struct sockaddr_in s_sock;          /* server address */
+    struct sockaddr_in c_sock;          /* client address */
 
     char *hostname;
 
     if (argc == 2) {
-	hostname = argv[1];
+        hostname = argv[1];
     } else {
-	fprintf(stderr, "Usage: %s hostname\n", argv[0]);
-	exit(1);
+        fprintf(stderr, "Usage: %s hostname\n", argv[0]);
+        exit(1);
     }
 
     /* Look up server host */
     if ((host = gethostbyname(hostname)) == (struct hostent *) 0) {
-	fprintf(stderr, "%s: unknown host\n", hostname);
-	exit(1);
+        fprintf(stderr, "%s: unknown host\n", hostname);
+        exit(1);
     }
 
     /* Set server's address */
@@ -57,8 +58,8 @@ main(argc, argv)
 
     /* Open a socket */
     if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
-	perror("socket");
-	exit(1);
+        perror("socket");
+        exit(1);
     }
 
     memset(&c_sock, 0, sizeof(c_sock));
@@ -66,23 +67,23 @@ main(argc, argv)
 
     /* Bind it to set the address; kernel will fill in port # */
     if (bind(sock, (struct sockaddr *)&c_sock, sizeof(c_sock)) < 0) {
-	perror("bind");
-	exit(1);
+        perror("bind");
+        exit(1);
     }
 
     /* "connect" the datagram socket; this is necessary to get a local address
        properly bound for getsockname() below. */
     if (connect(sock, (struct sockaddr *)&s_sock, sizeof(s_sock)) == -1) {
-	perror("connect");
-	exit(1);
+        perror("connect");
+        exit(1);
     }
 
     /* Get my address */
     memset(&c_sock, 0, sizeof(c_sock));
     i = sizeof(c_sock);
     if (getsockname(sock, (struct sockaddr *)&c_sock, &i) < 0) {
-	perror("getsockname");
-	exit(1);
+        perror("getsockname");
+        exit(1);
     }
 
     printf("My interface address is: %s\n", inet_ntoa(c_sock.sin_addr));
diff --git a/src/tests/misc/test_nfold.c b/src/tests/misc/test_nfold.c
index dc26b39..e72502d 100644
--- a/src/tests/misc/test_nfold.c
+++ b/src/tests/misc/test_nfold.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
  *
@@ -34,31 +35,31 @@ int main(int argc, char *argv[])
     unsigned char *instr, *outstr;
 
     if (argc != 3) {
-	fprintf(stderr, "%s: instr outlen\n", argv[0]);
-	exit(1);
+        fprintf(stderr, "%s: instr outlen\n", argv[0]);
+        exit(1);
     }
 
     instr = (unsigned char *) argv[1];
     inlen = strlen(instr)*8;
     outlen = atoi(argv[2]);
     if (outlen%8) {
-	fprintf(stderr, "outlen must be a multiple of 8\n");
-	exit(1);
+        fprintf(stderr, "outlen must be a multiple of 8\n");
+        exit(1);
     }
 
     if ((outstr = (unsigned char *) malloc(outlen/8)) == NULL) {
-	fprintf(stderr, "ENOMEM\n");
-	exit(1);
+        fprintf(stderr, "ENOMEM\n");
+        exit(1);
     }
 
     krb5int_nfold(inlen,instr,outlen,outstr);
 
     printf("%d-fold(",outlen);
     for (i=0; i<(inlen/8); i++)
-	printf("%02x",instr[i]);
+        printf("%02x",instr[i]);
     printf(") = ");
     for (i=0; i<(outlen/8); i++)
-	printf("%02x",outstr[i]);
+        printf("%02x",outstr[i]);
     printf("\n");
 
     exit(0);
diff --git a/src/tests/mkeystash_compat/Makefile.in b/src/tests/mkeystash_compat/Makefile.in
index af81621..59bc827 100644
--- a/src/tests/mkeystash_compat/Makefile.in
+++ b/src/tests/mkeystash_compat/Makefile.in
@@ -1,6 +1,4 @@
-thisconfigdir=../..
 mydir=tests/mkeystash_compat
-myfulldir=tests/mkeystash_compat
 BUILDTOP=$(REL)..$(S)..
 
 RUN_SETUP = @KRB5_RUN_ENV@ KRB5_KDC_PROFILE=kdc.conf KRB5_CONFIG=krb5.conf
@@ -31,7 +29,7 @@ kdc.conf: Makefile
 	@echo "}" >> kdc.conf
 
 krb5.conf: Makefile
-	cat $(SRCTOP)/config-files/krb5.conf > krb5.new
+	cat $(top_srcdir)/config-files/krb5.conf > krb5.new
 	echo "[dbmodules]" >> krb5.new
 	echo " db_module_dir = $(BUILDTOP)/util/fakedest$(KRB5_DB_MODULE_DIR)" >> krb5.new
 	mv krb5.new krb5.conf
diff --git a/src/tests/mkeystash_compat/bigendian.c b/src/tests/mkeystash_compat/bigendian.c
index bcdeeb5..7c649bd 100644
--- a/src/tests/mkeystash_compat/bigendian.c
+++ b/src/tests/mkeystash_compat/bigendian.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 
 /*
@@ -11,7 +12,7 @@ int main()
     unsigned char *char_array = (unsigned char*)&int_var;
 
     if (char_array[0] == 0)
-	return 0; /* big endian */
+        return 0; /* big endian */
     else
-	return 1; /* little endian */
+        return 1; /* little endian */
 }
diff --git a/src/tests/resolve/Makefile.in b/src/tests/resolve/Makefile.in
index 1a7d340..98b87d1 100644
--- a/src/tests/resolve/Makefile.in
+++ b/src/tests/resolve/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/resolve
 mydir=tests/resolve
 BUILDTOP=$(REL)..$(S)..
 RUN_SETUP = @KRB5_RUN_ENV@
diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c
index f011b6a..218f350 100644
--- a/src/tests/resolve/addrinfo-test.c
+++ b/src/tests/resolve/addrinfo-test.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test/resolve/addrinfo-test.c
  *
@@ -92,31 +93,31 @@ static char *whoami;
 
 static void usage () {
     fprintf(stderr,
-	    "usage:\n"
-	    "\t%s [ options ] [host]\n"
-	    "options:\n"
-	    "\t-t\tspecify protocol IPPROTO_TCP\n"
-	    "\t-u\tspecify protocol IPPROTO_UDP\n"
-	    "\t-R\tspecify protocol IPPROTO_RAW\n"
-	    "\t-I\tspecify protocol IPPROTO_ICMP\n"
-	    "\n"
-	    "\t-d\tspecify socket type SOCK_DGRAM\n"
-	    "\t-s\tspecify socket type SOCK_STREAM\n"
-	    "\t-r\tspecify socket type SOCK_RAW\n"
-	    "\n"
-	    "\t-4\tspecify address family AF_INET\n"
+            "usage:\n"
+            "\t%s [ options ] [host]\n"
+            "options:\n"
+            "\t-t\tspecify protocol IPPROTO_TCP\n"
+            "\t-u\tspecify protocol IPPROTO_UDP\n"
+            "\t-R\tspecify protocol IPPROTO_RAW\n"
+            "\t-I\tspecify protocol IPPROTO_ICMP\n"
+            "\n"
+            "\t-d\tspecify socket type SOCK_DGRAM\n"
+            "\t-s\tspecify socket type SOCK_STREAM\n"
+            "\t-r\tspecify socket type SOCK_RAW\n"
+            "\n"
+            "\t-4\tspecify address family AF_INET\n"
 #ifdef AF_INET6
-	    "\t-6\tspecify address family AF_INET6\n"
+            "\t-6\tspecify address family AF_INET6\n"
 #endif
-	    "\n"
-	    "\t-p P\tspecify port P (service name or port number)\n"
-	    "\t-N\thostname is numeric, skip DNS query\n"
-	    "\t-n\tservice/port is numeric (sets AI_NUMERICSERV)\n"
-	    "\t-P\tset AI_PASSIVE\n"
-	    "\n"
-	    "default: protocol 0, socket type 0, address family 0, null port\n"
-	    ,
-	    whoami);
+            "\n"
+            "\t-p P\tspecify port P (service name or port number)\n"
+            "\t-N\thostname is numeric, skip DNS query\n"
+            "\t-n\tservice/port is numeric (sets AI_NUMERICSERV)\n"
+            "\t-P\tset AI_PASSIVE\n"
+            "\n"
+            "default: protocol 0, socket type 0, address family 0, null port\n"
+            ,
+            whoami);
     /* [ -t | -u | -R | -I ] [ -d | -s | -r ] [ -p port ] */
     exit (1);
 }
@@ -125,8 +126,8 @@ static const char *familyname (int f) {
     static char buf[30];
     switch (f) {
     default:
-	snprintf(buf, sizeof(buf), "AF %d", f);
-	return buf;
+        snprintf(buf, sizeof(buf), "AF %d", f);
+        return buf;
     case AF_INET: return "AF_INET";
 #ifdef AF_INET6
     case AF_INET6: return "AF_INET6";
@@ -145,9 +146,9 @@ int main (int argc, char *argv[])
 
     whoami = strrchr(argv[0], '/');
     if (whoami == 0)
-	whoami = argv[0];
+        whoami = argv[0];
     else
-	whoami = whoami+1;
+        whoami = whoami+1;
 
     memset(&hints, 0, sizeof(hints));
     hints.ai_flags = 0;
@@ -157,89 +158,89 @@ int main (int argc, char *argv[])
     hints.ai_family = 0;
 
     if (argc == 1)
-	usage ();
+        usage ();
 
     while (++argv, --argc > 0) {
-	char *arg;
-	arg = *argv;
+        char *arg;
+        arg = *argv;
 
-	if (*arg != '-')
-	    hname = arg;
-	else if (arg[1] == 0 || arg[2] != 0)
-	    usage ();
-	else
-	    switch (arg[1]) {
-	    case 'u':
-		hints.ai_protocol = IPPROTO_UDP;
-		break;
-	    case 't':
-		hints.ai_protocol = IPPROTO_TCP;
-		break;
-	    case 'R':
-		hints.ai_protocol = IPPROTO_RAW;
-		break;
-	    case 'I':
-		hints.ai_protocol = IPPROTO_ICMP;
-		break;
-	    case 'd':
-		hints.ai_socktype = SOCK_DGRAM;
-		break;
-	    case 's':
-		hints.ai_socktype = SOCK_STREAM;
-		break;
-	    case 'r':
-		hints.ai_socktype = SOCK_RAW;
-		break;
-	    case 'p':
-		if (argv[1] == 0 || argv[1][0] == 0 || argv[1][0] == '-')
-		    usage ();
-		port = argv[1];
-		argc--, argv++;
-		break;
-	    case '4':
-		hints.ai_family = AF_INET;
-		break;
+        if (*arg != '-')
+            hname = arg;
+        else if (arg[1] == 0 || arg[2] != 0)
+            usage ();
+        else
+            switch (arg[1]) {
+            case 'u':
+                hints.ai_protocol = IPPROTO_UDP;
+                break;
+            case 't':
+                hints.ai_protocol = IPPROTO_TCP;
+                break;
+            case 'R':
+                hints.ai_protocol = IPPROTO_RAW;
+                break;
+            case 'I':
+                hints.ai_protocol = IPPROTO_ICMP;
+                break;
+            case 'd':
+                hints.ai_socktype = SOCK_DGRAM;
+                break;
+            case 's':
+                hints.ai_socktype = SOCK_STREAM;
+                break;
+            case 'r':
+                hints.ai_socktype = SOCK_RAW;
+                break;
+            case 'p':
+                if (argv[1] == 0 || argv[1][0] == 0 || argv[1][0] == '-')
+                    usage ();
+                port = argv[1];
+                argc--, argv++;
+                break;
+            case '4':
+                hints.ai_family = AF_INET;
+                break;
 #ifdef AF_INET6
-	    case '6':
-		hints.ai_family = AF_INET6;
-		break;
+            case '6':
+                hints.ai_family = AF_INET6;
+                break;
 #endif
-	    case 'N':
-		numerichost = 1;
-		break;
-	    case 'n':
-		numericserv = 1;
-		break;
-	    case 'P':
-		hints.ai_flags |= AI_PASSIVE;
-		break;
-	    default:
-		usage ();
-	    }
+            case 'N':
+                numerichost = 1;
+                break;
+            case 'n':
+                numericserv = 1;
+                break;
+            case 'P':
+                hints.ai_flags |= AI_PASSIVE;
+                break;
+            default:
+                usage ();
+            }
     }
 
     if (hname && !numerichost)
-	hints.ai_flags |= AI_CANONNAME;
+        hints.ai_flags |= AI_CANONNAME;
     if (numerichost) {
 #ifdef AI_NUMERICHOST
-	hints.ai_flags |= AI_NUMERICHOST;
+        hints.ai_flags |= AI_NUMERICHOST;
 #else
-	fprintf(stderr, "AI_NUMERICHOST not defined on this platform\n");
-	exit(1);
+        fprintf(stderr, "AI_NUMERICHOST not defined on this platform\n");
+        exit(1);
 #endif
     }
     if (numericserv) {
 #ifdef AI_NUMERICSERV
-	hints.ai_flags |= AI_NUMERICSERV;
+        hints.ai_flags |= AI_NUMERICSERV;
 #else
-	fprintf(stderr, "AI_NUMERICSERV not defined on this platform\n");
-	exit(1);
+        fprintf(stderr, "AI_NUMERICSERV not defined on this platform\n");
+        exit(1);
 #endif
     }
 
     printf("getaddrinfo(hostname %s, service %s,\n"
-	   "            hints { ",
-	   hname ? hname : "(null)", port ? port : "(null)");
+           "            hints { ",
+           hname ? hname : "(null)", port ? port : "(null)");
     sep = "";
 #define Z(FLAG) if (hints.ai_flags & AI_##FLAG) printf("%s%s", sep, #FLAG), sep = "|"
     Z(CANONNAME);
@@ -251,65 +252,65 @@ int main (int argc, char *argv[])
     Z(NUMERICSERV);
 #endif
     if (sep[0] == 0)
-	printf ("no-flags");
+        printf ("no-flags");
     if (hints.ai_family)
-	printf(" %s", familyname(hints.ai_family));
+        printf(" %s", familyname(hints.ai_family));
     if (hints.ai_socktype)
-	printf(" SOCK_%s", socktypename(hints.ai_socktype));
+        printf(" SOCK_%s", socktypename(hints.ai_socktype));
     if (hints.ai_protocol)
-	printf(" IPPROTO_%s", protoname(hints.ai_protocol));
+        printf(" IPPROTO_%s", protoname(hints.ai_protocol));
     printf(" }):\n");
 
     err = getaddrinfo(hname, port, &hints, &ap);
     if (err) {
-	printf("\terror => %s\n", eaistr(err));
-	return 1;
+        printf("\terror => %s\n", eaistr(err));
+        return 1;
     }
 
 #if defined(SIN6_LEN)
     if (ap->ai_addr->sa_len == 0)
-	printf ("BAD: sa_len not set!\n");
+        printf ("BAD: sa_len not set!\n");
 #endif
 
 
     for (ap2 = ap; ap2; ap2 = ap2->ai_next) {
-	char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
-	/* If we don't do this, even AIX's own getnameinfo will reject
-	   the sockaddr structures.  The sa_len field doesn't get set
-	   either, on AIX, but getnameinfo won't complain.  */
-	if (ap2->ai_addr->sa_family == 0) {
-	    printf("BAD: sa_family zero! fixing...\n");
-	    ap2->ai_addr->sa_family = ap2->ai_family;
-	} else if (ap2->ai_addr->sa_family != ap2->ai_family) {
-	    printf("BAD: sa_family != ai_family! fixing...\n");
-	    ap2->ai_addr->sa_family = ap2->ai_family;
-	}
-	if (getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof(hbuf),
-			pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
-	    strlcpy(hbuf, "...", sizeof(hbuf));
-	    strlcpy(pbuf, "...", sizeof(pbuf));
-	}
-	printf("%p:\n"
-	       "\tfamily = %s\tproto = %-4s\tsocktype = %s\n",
-	       ap2, familyname(ap2->ai_family),
-	       protoname (ap2->ai_protocol),
-	       socktypename (ap2->ai_socktype));
-	if (ap2->ai_canonname) {
-	    if (ap2->ai_canonname[0])
-		printf("\tcanonname = %s\n", ap2->ai_canonname);
-	    else
-		printf("BAD: ai_canonname is set but empty!\n");
-	} else if (ap2 == ap && (hints.ai_flags & AI_CANONNAME)) {
-	    printf("BAD: first ai_canonname is null!\n");
-	}
-	printf("\taddr = %-28s\tport = %s\n", hbuf, pbuf);
+        char hbuf[NI_MAXHOST], pbuf[NI_MAXSERV];
+        /* If we don't do this, even AIX's own getnameinfo will reject
+           the sockaddr structures.  The sa_len field doesn't get set
+           either, on AIX, but getnameinfo won't complain.  */
+        if (ap2->ai_addr->sa_family == 0) {
+            printf("BAD: sa_family zero! fixing...\n");
+            ap2->ai_addr->sa_family = ap2->ai_family;
+        } else if (ap2->ai_addr->sa_family != ap2->ai_family) {
+            printf("BAD: sa_family != ai_family! fixing...\n");
+            ap2->ai_addr->sa_family = ap2->ai_family;
+        }
+        if (getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof(hbuf),
+                        pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
+            strlcpy(hbuf, "...", sizeof(hbuf));
+            strlcpy(pbuf, "...", sizeof(pbuf));
+        }
+        printf("%p:\n"
+               "\tfamily = %s\tproto = %-4s\tsocktype = %s\n",
+               ap2, familyname(ap2->ai_family),
+               protoname (ap2->ai_protocol),
+               socktypename (ap2->ai_socktype));
+        if (ap2->ai_canonname) {
+            if (ap2->ai_canonname[0])
+                printf("\tcanonname = %s\n", ap2->ai_canonname);
+            else
+                printf("BAD: ai_canonname is set but empty!\n");
+        } else if (ap2 == ap && (hints.ai_flags & AI_CANONNAME)) {
+            printf("BAD: first ai_canonname is null!\n");
+        }
+        printf("\taddr = %-28s\tport = %s\n", hbuf, pbuf);
 
-	err = getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof (hbuf),
-			  pbuf, sizeof(pbuf), NI_NAMEREQD);
-	if (err)
-	    printf("\tgetnameinfo(NI_NAMEREQD): %s\n", eaistr(err));
-	else
-	    printf("\tgetnameinfo => %s, %s\n", hbuf, pbuf);
+        err = getnameinfo(ap2->ai_addr, ap2->ai_addrlen, hbuf, sizeof (hbuf),
+                          pbuf, sizeof(pbuf), NI_NAMEREQD);
+        if (err)
+            printf("\tgetnameinfo(NI_NAMEREQD): %s\n", eaistr(err));
+        else
+            printf("\tgetnameinfo => %s, %s\n", hbuf, pbuf);
     }
     freeaddrinfo(ap);
     return 0;
diff --git a/src/tests/resolve/deps b/src/tests/resolve/deps
index 109bf32..a9f5bf6 100644
--- a/src/tests/resolve/deps
+++ b/src/tests/resolve/deps
@@ -4,9 +4,10 @@
 $(OUTPRE)resolve.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   resolve.c
 $(OUTPRE)addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   addrinfo-test.c
 $(OUTPRE)fake-addrinfo-test.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h addrinfo-test.c fake-addrinfo-test.c
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h addrinfo-test.c \
+  fake-addrinfo-test.c
diff --git a/src/tests/resolve/fake-addrinfo-test.c b/src/tests/resolve/fake-addrinfo-test.c
index f04024d..86365a5 100644
--- a/src/tests/resolve/fake-addrinfo-test.c
+++ b/src/tests/resolve/fake-addrinfo-test.c
@@ -1,2 +1,3 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #define USE_FAKE_ADDRINFO
 #include "addrinfo-test.c"
diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c
index 09be148..282fba7 100644
--- a/src/tests/resolve/resolve.c
+++ b/src/tests/resolve/resolve.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test/resolve/resolve.c
  *
@@ -30,7 +31,7 @@
  * domain name, then the resolve library is broken.
  *
  * Warning: It is possible to fool this program into thinking everything is
- * alright byt a clever use of /etc/hosts - but this is better than nothing.
+ * alright by a clever use of /etc/hosts - but this is better than nothing.
  *
  * Usage:
  *   resolve [hostname]
@@ -74,97 +75,110 @@ char *strchr();
 
 int
 main(argc, argv)
-     int argc;
-     char **argv;
+    int argc;
+    char **argv;
 {
-	char myname[MAXHOSTNAMELEN+1];
-	char *ptr;
-	struct in_addr addrcopy;
-	struct hostent *host;
-	int quiet = 0;
-
-	argc--; argv++;
-	while (argc) {
-	    if ((strcmp(*argv, "--quiet") == 0) ||
-		(strcmp(*argv, "-q") == 0)) {
-		quiet++;
-	    } else
-		break;
-	    argc--; argv++;
-	}
-
-	if (argc >= 1) {
-		strncpy(myname, *argv, MAXHOSTNAMELEN);
-	} else {
-		if(gethostname(myname, MAXHOSTNAMELEN)) {
-			perror("gethostname failure");
-			exit(1);
-		}
-	}
-
-	myname[MAXHOSTNAMELEN] = '\0';	/* for safety */
-
-	/* Look up the address... */
-	if (!quiet)
-	    printf("Hostname:  %s\n", myname);
-
-
-	/* Set the hosts db to close each time - effectively rewinding file */
-	sethostent(0);
-
-	if((host = gethostbyname (myname)) == NULL) {
-		fprintf(stderr,
-			"Could not look up address for hostname '%s' - fatal\n",
-			myname);
-		exit(2);
-	}
-
-	ptr = host->h_addr_list[0];
+    char myname[MAXHOSTNAMELEN+1];
+    char *ptr, *fqdn;
+    struct in_addr addrcopy;
+    struct hostent *host;
+    int quiet = 0;
+
+    argc--; argv++;
+    while (argc) {
+        if ((strcmp(*argv, "--quiet") == 0) ||
+            (strcmp(*argv, "-q") == 0)) {
+            quiet++;
+        } else
+            break;
+        argc--; argv++;
+    }
+
+    if (argc >= 1) {
+        strncpy(myname, *argv, MAXHOSTNAMELEN);
+    } else {
+        if(gethostname(myname, MAXHOSTNAMELEN)) {
+            perror("gethostname failure");
+            exit(1);
+        }
+    }
+
+    myname[MAXHOSTNAMELEN] = '\0';  /* for safety */
+
+    /* Look up the address... */
+    if (!quiet)
+        printf("Hostname:  %s\n", myname);
+
+
+    /* Set the hosts db to close each time - effectively rewinding file */
+    sethostent(0);
+
+    if((host = gethostbyname (myname)) == NULL) {
+        fprintf(stderr,
+                "Could not look up address for hostname '%s' - fatal\n",
+                myname);
+        exit(2);
+    }
+
+    fqdn = strdup(host->h_name);
+    if (fqdn == NULL) {
+        perror("strdup");
+        exit(2);
+    }
+
+    ptr = host->h_addr_list[0];
 #define UC(a) (((int)a)&0xff)
-	if (!quiet)
-	    printf("Host address: %d.%d.%d.%d\n",
-		   UC(ptr[0]), UC(ptr[1]), UC(ptr[2]), UC(ptr[3]));
-
-	memcpy(&addrcopy.s_addr, ptr, 4);
-
-	/* Convert back to full name */
-	if((host = gethostbyaddr(&addrcopy.s_addr, 4, AF_INET)) == NULL) {
-		fprintf(stderr, "Error looking up IP address - fatal\n");
-		exit(2);
-	}
-
-	if (quiet)
-	    printf("%s\n", host->h_name);
-	else
-	    printf("FQDN: %s\n", host->h_name);
-
-	/*
-	 * The host name must have at least one '.' in the name, and
-	 * if there is only one '.', it must not be at the end of the
-	 * string.  (i.e., "foo." is not a FQDN)
-	 */
-	ptr = strchr(host->h_name, '.');
-	if (ptr == NULL || ptr[1] == '\0') {
-		fprintf(stderr,
-			"\nResolve library did not return a "
-			"fully qualified domain name.\n\n"
-			"If you are using /etc/hosts before DNS, "
-			"e.g. \"files\" is listed first\n"
-			"for \"hosts:\" in nsswitch.conf, ensure that "
-			"you have listed the FQDN\n"
-			"as the first name for the local host.\n\n"
-			"If this does not correct the problem, "
-			"you may have to reconfigure the kerberos\n"
-			"distribution to select a "
-			"different set of libraries using \n"
-			"--with-netlib[=libs]\n");
-		exit(3);
-	}
-
-	if (!quiet)
-	    printf("Resolve library appears to have passed the test\n");
-
-	/* All ok */
-	exit(0);
+    if (!quiet)
+        printf("Host address: %d.%d.%d.%d\n",
+               UC(ptr[0]), UC(ptr[1]), UC(ptr[2]), UC(ptr[3]));
+
+    memcpy(&addrcopy.s_addr, ptr, 4);
+
+    /* Convert back to full name */
+    if ((host = gethostbyaddr(&addrcopy.s_addr, 4, AF_INET)) == NULL) {
+        if (!quiet)
+            fprintf(stderr, "Error looking up IP address\n");
+    } else {
+        free(fqdn);
+        fqdn = strdup(host->h_name);
+        if (fqdn == NULL) {
+            perror("strdup");
+            exit (2);
+        }
+    }
+
+    if (quiet)
+        printf("%s\n", fqdn);
+    else
+        printf("FQDN: %s\n", fqdn);
+
+    /*
+     * The host name must have at least one '.' in the name, and
+     * if there is only one '.', it must not be at the end of the
+     * string.  (i.e., "foo." is not a FQDN)
+     */
+    ptr = strchr(fqdn, '.');
+    if (ptr == NULL || ptr[1] == '\0') {
+        fprintf(stderr,
+                "\nResolve library did not return a "
+                "fully qualified domain name.\n\n"
+                "If you are using /etc/hosts before DNS, "
+                "e.g. \"files\" is listed first\n"
+                "for \"hosts:\" in nsswitch.conf, ensure that "
+                "you have listed the FQDN\n"
+                "as the first name for the local host.\n\n"
+                "If this does not correct the problem, "
+                "you may have to reconfigure the kerberos\n"
+                "distribution to select a "
+                "different set of libraries using \n"
+                "--with-netlib[=libs]\n");
+        exit(3);
+    }
+
+    if (!quiet)
+        printf("Resolve library appears to have passed the test\n");
+
+    /* All ok */
+    exit(0);
 
 }
diff --git a/src/tests/shlib/Makefile.in b/src/tests/shlib/Makefile.in
index 58fd58d..e8a0615 100644
--- a/src/tests/shlib/Makefile.in
+++ b/src/tests/shlib/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/shlib
 mydir=tests/shlib
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/tests/shlib/deps b/src/tests/shlib/deps
index 0626113..18d7c14 100644
--- a/src/tests/shlib/deps
+++ b/src/tests/shlib/deps
@@ -3,5 +3,6 @@
 #
 $(OUTPRE)t_loader.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/krb5/krb5.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/krb5.h t_loader.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  t_loader.c
diff --git a/src/tests/shlib/t_loader.c b/src/tests/shlib/t_loader.c
index 6b2b1b7..6bdbebd 100644
--- a/src/tests/shlib/t_loader.c
+++ b/src/tests/shlib/t_loader.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* foo */
 #include <stdio.h>
 #include <string.h>
@@ -50,23 +51,23 @@ static void do_close_1(void *libhandle, int line);
 #define HORIZ 25
 
 static void *do_open_1(const char *libname, const char *rev,
-		       int lazy, int line)
+                       int lazy, int line)
 {
     void *p;
     char *namebuf;
     int r;
 
     if (verbose)
-	printf("from line %d: do_open(%s)...%*s", line, libname,
-	       HORIZ-strlen(libname), "");
+        printf("from line %d: do_open(%s)...%*s", line, libname,
+               HORIZ-strlen(libname), "");
 #ifdef _AIX
     r = asprintf(&namebuf, "lib%s%s", libname, SHLIB_SUFFIX);
 #else
     r = asprintf(&namebuf, "lib%s%s(shr.o.%s)", libname, SHLIB_SUFFIX, rev);
 #endif
     if (r < 0) {
-	perror("asprintf");
-	exit(1);
+        perror("asprintf");
+        exit(1);
     }
 
 #ifndef RTLD_MEMBER
@@ -74,12 +75,12 @@ static void *do_open_1(const char *libname, const char *rev,
 #endif
     p = dlopen(namebuf, (lazy ? RTLD_LAZY : RTLD_NOW) | RTLD_MEMBER);
     if (p == 0) {
-	fprintf(stderr, "dlopen of %s failed: %s\n", namebuf, dlerror());
-	exit(1);
+        fprintf(stderr, "dlopen of %s failed: %s\n", namebuf, dlerror());
+        exit(1);
     }
     free(namebuf);
     if (verbose)
-	printf("done: %p\n", p);
+        printf("done: %p\n", p);
     return p;
 }
 
@@ -92,33 +93,33 @@ static void *get_sym_1(void *libhandle, const char *symname, int line)
     assert(strlen(SYM_PREFIX) == 0);
 
     if (verbose)
-	printf("from line %d: get_sym(%s)...%*s", line, symname,
-	       HORIZ-strlen(symname), "");
+        printf("from line %d: get_sym(%s)...%*s", line, symname,
+               HORIZ-strlen(symname), "");
 
     s = dlsym(libhandle, symname);
     if (s == 0) {
-	fprintf(stderr, "symbol %s not found\n", symname);
-	exit(1);
+        fprintf(stderr, "symbol %s not found\n", symname);
+        exit(1);
     }
     if (verbose)
-	printf("done: %p\n", s);
+        printf("done: %p\n", s);
     return s;
 }
 
 static void do_close_1(void *libhandle, int line)
 {
     if (verbose) {
-	char pbuf[3*sizeof(libhandle)+4];
-	snprintf(pbuf, sizeof(pbuf), "%p", libhandle);
-	printf("from line %d: do_close(%s)...%*s", line, pbuf,
-	       HORIZ-1-strlen(pbuf), "");
+        char pbuf[3*sizeof(libhandle)+4];
+        snprintf(pbuf, sizeof(pbuf), "%p", libhandle);
+        printf("from line %d: do_close(%s)...%*s", line, pbuf,
+               HORIZ-1-strlen(pbuf), "");
     }
     if (dlclose(libhandle) != 0) {
-	fprintf(stderr, "dlclose failed: %s\n", dlerror());
-	exit(1);
+        fprintf(stderr, "dlclose failed: %s\n", dlerror());
+        exit(1);
     }
     if (verbose)
-	printf("done\n");
+        printf("done\n");
 }
 
 #elif defined _WIN32
@@ -183,28 +184,28 @@ int main()
     celib2 = do_open("com_err", "3.0", 0);
     do_close(celib2);
     {
-	typedef krb5_error_code KRB5_CALLCONV (*ict)(krb5_context *);
-	typedef void KRB5_CALLCONV (*fct)(krb5_context);
+        typedef krb5_error_code KRB5_CALLCONV (*ict)(krb5_context *);
+        typedef void KRB5_CALLCONV (*fct)(krb5_context);
 
-	ict init_context = (ict) get_sym(k5lib, "krb5_init_context");
-	fct free_context = (fct) get_sym(k5lib, "krb5_free_context");
-	krb5_context ctx;
-	krb5_error_code err;
+        ict init_context = (ict) get_sym(k5lib, "krb5_init_context");
+        fct free_context = (fct) get_sym(k5lib, "krb5_free_context");
+        krb5_context ctx;
+        krb5_error_code err;
 
 #define CALLING(S) (verbose ? printf("at   line %d: calling %s...%*s", __LINE__, #S, (int)(HORIZ+1-strlen(#S)), "") : 0)
 #define DONE() (verbose ? printf("done\n") : 0)
 
-	CALLING(krb5_init_context);
-	err = init_context(&ctx);
-	DONE();
-	if (err) {
-	    fprintf(stderr, "error 0x%lx initializing context\n",
-		    (unsigned long) err);
-	    exit(1);
-	}
-	CALLING(krb5_free_context);
-	free_context(ctx);
-	DONE();
+        CALLING(krb5_init_context);
+        err = init_context(&ctx);
+        DONE();
+        if (err) {
+            fprintf(stderr, "error 0x%lx initializing context\n",
+                    (unsigned long) err);
+            exit(1);
+        }
+        CALLING(krb5_free_context);
+        free_context(ctx);
+        DONE();
     }
     celib2 = do_open("com_err", "3.0", 0);
     do_close(celib);
@@ -215,73 +216,73 @@ int main()
     /* Test gssapi_krb5 without having loaded anything else.  */
     gsslib = do_open("gssapi_krb5", "2.2", 1);
     {
-	OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
-						    gss_ctx_id_t *, gss_name_t,
-						    gss_OID,
-						    OM_uint32, OM_uint32,
-						    gss_channel_bindings_t,
-						    gss_buffer_t, gss_OID *,
-						    gss_buffer_t,
-						    OM_uint32 *, OM_uint32 *)
-	    = get_gfun(gsslib, "gss_init_sec_context");
-	OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
-					       gss_OID, gss_name_t *)
-	    = get_gfun(gsslib, "gss_import_name");
-	OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
-	    = get_gfun(gsslib, "gss_release_buffer");
-	OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
-	    = get_gfun(gsslib, "gss_release_name");
-	OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
-						      gss_ctx_id_t *,
-						      gss_buffer_t)
-	    = get_gfun(gsslib, "gss_delete_sec_context");
-
-	OM_uint32 gmaj, gmin;
-	OM_uint32 retflags;
-	gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
-	gss_buffer_desc token;
-	gss_name_t target;
-	static gss_buffer_desc target_name_buf = {
-	    9, "x@mit.edu"
-	};
-	static gss_OID_desc service_name = {
-	    10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
-	};
-
-	CALLING(gss_import_name);
-	gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
-	DONE();
-	if (gmaj != GSS_S_COMPLETE) {
-	    fprintf(stderr,
-		    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
-		    (unsigned long) gmaj, (unsigned long) gmin,
-		    (signed long) gmin);
-	    exit(1);
-	}
-	/* This will probably get different errors, depending on
-	   whether we have tickets at the time.  Doesn't matter much,
-	   we're ignoring the error and testing whether we're doing
-	   cleanup properly.  (Though the internal cleanup needed in
-	   the two cases might be different.)  */
-	CALLING(gss_init_sec_context);
-	gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
-				GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
-				NULL, &token, &retflags, NULL);
-	DONE();
-	/* Ignore success/failure indication.  */
-	if (token.length) {
-	    CALLING(gss_release_buffer);
-	    release_buffer(&gmin, &token);
-	    DONE();
-	}
-	CALLING(gss_release_name);
-	release_name(&gmin, &target);
-	DONE();
-	if (gctx != GSS_C_NO_CONTEXT) {
-	    CALLING(gss_delete_sec_context);
-	    delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
-	    DONE();
-	}
+        OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
+                                                    gss_ctx_id_t *, gss_name_t,
+                                                    gss_OID,
+                                                    OM_uint32, OM_uint32,
+                                                    gss_channel_bindings_t,
+                                                    gss_buffer_t, gss_OID *,
+                                                    gss_buffer_t,
+                                                    OM_uint32 *, OM_uint32 *)
+            = get_gfun(gsslib, "gss_init_sec_context");
+        OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
+                                               gss_OID, gss_name_t *)
+            = get_gfun(gsslib, "gss_import_name");
+        OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
+            = get_gfun(gsslib, "gss_release_buffer");
+        OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
+            = get_gfun(gsslib, "gss_release_name");
+        OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
+                                                      gss_ctx_id_t *,
+                                                      gss_buffer_t)
+            = get_gfun(gsslib, "gss_delete_sec_context");
+
+        OM_uint32 gmaj, gmin;
+        OM_uint32 retflags;
+        gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
+        gss_buffer_desc token;
+        gss_name_t target;
+        static gss_buffer_desc target_name_buf = {
+            9, "x@mit.edu"
+        };
+        static gss_OID_desc service_name = {
+            10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
+        };
+
+        CALLING(gss_import_name);
+        gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
+        DONE();
+        if (gmaj != GSS_S_COMPLETE) {
+            fprintf(stderr,
+                    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
+                    (unsigned long) gmaj, (unsigned long) gmin,
+                    (signed long) gmin);
+            exit(1);
+        }
+        /* This will probably get different errors, depending on
+           whether we have tickets at the time.  Doesn't matter much,
+           we're ignoring the error and testing whether we're doing
+           cleanup properly.  (Though the internal cleanup needed in
+           the two cases might be different.)  */
+        CALLING(gss_init_sec_context);
+        gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
+                                GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
+                                NULL, &token, &retflags, NULL);
+        DONE();
+        /* Ignore success/failure indication.  */
+        if (token.length) {
+            CALLING(gss_release_buffer);
+            release_buffer(&gmin, &token);
+            DONE();
+        }
+        CALLING(gss_release_name);
+        release_name(&gmin, &target);
+        DONE();
+        if (gctx != GSS_C_NO_CONTEXT) {
+            CALLING(gss_delete_sec_context);
+            delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
+            DONE();
+        }
     }
     do_close(gsslib);
 
@@ -290,73 +291,73 @@ int main()
     celib = do_open("com_err", "3.0", 1);
     gsslib = do_open("gssapi_krb5", "2.2", 1);
     {
-	OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
-						    gss_ctx_id_t *, gss_name_t,
-						    gss_OID,
-						    OM_uint32, OM_uint32,
-						    gss_channel_bindings_t,
-						    gss_buffer_t, gss_OID *,
-						    gss_buffer_t,
-						    OM_uint32 *, OM_uint32 *)
-	    = get_gfun(gsslib, "gss_init_sec_context");
-	OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
-					       gss_OID, gss_name_t *)
-	    = get_gfun(gsslib, "gss_import_name");
-	OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
-	    = get_gfun(gsslib, "gss_release_buffer");
-	OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
-	    = get_gfun(gsslib, "gss_release_name");
-	OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
-						      gss_ctx_id_t *,
-						      gss_buffer_t)
-	    = get_gfun(gsslib, "gss_delete_sec_context");
-
-	OM_uint32 gmaj, gmin;
-	OM_uint32 retflags;
-	gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
-	gss_buffer_desc token;
-	gss_name_t target;
-	static gss_buffer_desc target_name_buf = {
-	    9, "x@mit.edu"
-	};
-	static gss_OID_desc service_name = {
-	    10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
-	};
-
-	CALLING(gss_import_name);
-	gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
-	DONE();
-	if (gmaj != GSS_S_COMPLETE) {
-	    fprintf(stderr,
-		    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
-		    (unsigned long) gmaj, (unsigned long) gmin,
-		    (signed long) gmin);
-	    exit(1);
-	}
-	/* This will probably get different errors, depending on
-	   whether we have tickets at the time.  Doesn't matter much,
-	   we're ignoring the error and testing whether we're doing
-	   cleanup properly.  (Though the internal cleanup needed in
-	   the two cases might be different.)  */
-	CALLING(gss_init_sec_context);
-	gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
-				GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
-				NULL, &token, &retflags, NULL);
-	DONE();
-	/* Ignore success/failure indication.  */
-	if (token.length) {
-	    CALLING(gss_release_buffer);
-	    release_buffer(&gmin, &token);
-	    DONE();
-	}
-	CALLING(gss_release_name);
-	release_name(&gmin, &target);
-	DONE();
-	if (gctx != GSS_C_NO_CONTEXT) {
-	    CALLING(gss_delete_sec_context);
-	    delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
-	    DONE();
-	}
+        OM_uint32 KRB5_CALLCONV (*init_sec_context)(OM_uint32 *, gss_cred_id_t,
+                                                    gss_ctx_id_t *, gss_name_t,
+                                                    gss_OID,
+                                                    OM_uint32, OM_uint32,
+                                                    gss_channel_bindings_t,
+                                                    gss_buffer_t, gss_OID *,
+                                                    gss_buffer_t,
+                                                    OM_uint32 *, OM_uint32 *)
+            = get_gfun(gsslib, "gss_init_sec_context");
+        OM_uint32 KRB5_CALLCONV (*import_name)(OM_uint32 *, gss_buffer_t,
+                                               gss_OID, gss_name_t *)
+            = get_gfun(gsslib, "gss_import_name");
+        OM_uint32 KRB5_CALLCONV (*release_buffer)(OM_uint32 *, gss_buffer_t)
+            = get_gfun(gsslib, "gss_release_buffer");
+        OM_uint32 KRB5_CALLCONV (*release_name)(OM_uint32 *, gss_name_t *)
+            = get_gfun(gsslib, "gss_release_name");
+        OM_uint32 KRB5_CALLCONV (*delete_sec_context)(OM_uint32 *,
+                                                      gss_ctx_id_t *,
+                                                      gss_buffer_t)
+            = get_gfun(gsslib, "gss_delete_sec_context");
+
+        OM_uint32 gmaj, gmin;
+        OM_uint32 retflags;
+        gss_ctx_id_t gctx = GSS_C_NO_CONTEXT;
+        gss_buffer_desc token;
+        gss_name_t target;
+        static gss_buffer_desc target_name_buf = {
+            9, "x@mit.edu"
+        };
+        static gss_OID_desc service_name = {
+            10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"
+        };
+
+        CALLING(gss_import_name);
+        gmaj = import_name(&gmin, &target_name_buf, &service_name, &target);
+        DONE();
+        if (gmaj != GSS_S_COMPLETE) {
+            fprintf(stderr,
+                    "import_name reports error major 0x%lx minor 0x%lx(%ld)\n",
+                    (unsigned long) gmaj, (unsigned long) gmin,
+                    (signed long) gmin);
+            exit(1);
+        }
+        /* This will probably get different errors, depending on
+           whether we have tickets at the time.  Doesn't matter much,
+           we're ignoring the error and testing whether we're doing
+           cleanup properly.  (Though the internal cleanup needed in
+           the two cases might be different.)  */
+        CALLING(gss_init_sec_context);
+        gmaj = init_sec_context(&gmin, GSS_C_NO_CREDENTIAL, &gctx, target,
+                                GSS_C_NULL_OID, 0, 0, NULL, GSS_C_NO_BUFFER,
+                                NULL, &token, &retflags, NULL);
+        DONE();
+        /* Ignore success/failure indication.  */
+        if (token.length) {
+            CALLING(gss_release_buffer);
+            release_buffer(&gmin, &token);
+            DONE();
+        }
+        CALLING(gss_release_name);
+        release_name(&gmin, &target);
+        DONE();
+        if (gctx != GSS_C_NO_CONTEXT) {
+            CALLING(gss_delete_sec_context);
+            delete_sec_context(&gmin, gctx, GSS_C_NO_BUFFER);
+            DONE();
+        }
     }
     do_close(celib);
     do_close(gsslib);
diff --git a/src/tests/test1.c b/src/tests/test1.c
index 5ecac0e..53b0d7c 100644
--- a/src/tests/test1.c
+++ b/src/tests/test1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/test1.c
  *
@@ -51,19 +52,19 @@ tkt_test_1()
      */
     code = krb5_parse_name ("server/test/1@BOGUS.ORG", &tk_in.server);
     if (code != 0) {
-	com_err("tkt_test_1", code, " parsing server principal");
-	return;
+        com_err("tkt_test_1", code, " parsing server principal");
+        return;
     }
 
-    serv_k.enctype = 1;		/* XXX symbolic constant */
-    serv_k.length = 8;		/* XXX symbolic constant */
+    serv_k.enctype = 1;         /* XXX symbolic constant */
+    serv_k.length = 8;          /* XXX symbolic constant */
     serv_k.contents = key_one;
 
-    sess_k.enctype = 1;		/* XXX symbolic constant */
-    sess_k.length = 8;		/* XXX symbolic constant */
+    sess_k.enctype = 1;         /* XXX symbolic constant */
+    sess_k.length = 8;          /* XXX symbolic constant */
     sess_k.contents = key_two;
 
-    tk_in.etype = 1;		/* XXX symbolic constant here */
+    tk_in.etype = 1;            /* XXX symbolic constant here */
     tk_in.skvno = 4;
 
     tk_in.enc_part2 = &tk_in_enc;
@@ -77,8 +78,8 @@ tkt_test_1()
 
     code = krb5_parse_name ("client/test/1@BOGUS.ORG", &tk_in_enc.client);
     if (code != 0) {
-	com_err("tkt_test_1", code, " parsing client principal");
-	return;
+        com_err("tkt_test_1", code, " parsing client principal");
+        return;
     }
     tk_in_enc.transited.length = 0;
 
@@ -95,16 +96,16 @@ tkt_test_1()
 
     code = krb5_encrypt_tkt_part(&serv_k, &tk_in);
     if (code != 0) {
-	com_err ("tkt_test_1", code, " encrypting ticket");
-	return;
+        com_err ("tkt_test_1", code, " encrypting ticket");
+        return;
     }
 
     data = 0;
 
     code = krb5_encode_ticket (&tk_in,  &data);
     if (code != 0) {
-	com_err ("tkt_test_1", code, " encoding ticket");
-	return;
+        com_err ("tkt_test_1", code, " encoding ticket");
+        return;
     }
 
     dump_data(data);
@@ -112,27 +113,27 @@ tkt_test_1()
     tk_out = 0;
     code = krb5_decode_ticket (data, &tk_out);
     if (code != 0) {
-	com_err ("tkt_test_1", code, "decoding ticket");
-	return;
+        com_err ("tkt_test_1", code, "decoding ticket");
+        return;
     }
     /* check the plaintext values */
     if (tk_out->etype != 1) {
-	com_err ("tkt_test_1", 0, "wrong etype");
-	return;
+        com_err ("tkt_test_1", 0, "wrong etype");
+        return;
     }
     if (tk_out->skvno != 4) {
-	com_err ("tkt_test_1", 0, "wrong kvno");
-	return;
+        com_err ("tkt_test_1", 0, "wrong kvno");
+        return;
     }
 
     code = krb5_unparse_name(tk_out->server, &out);
     if (code != 0) {
-	com_err ("tkt_test_1", code, "couldn't unparse server principal");
-	return;
+        com_err ("tkt_test_1", code, "couldn't unparse server principal");
+        return;
     }
     if (strcmp (out, "server/test/1@BOGUS.ORG") != 0) {
-	com_err("tkt_test_1", 0, "wrong server principal");
-	return;
+        com_err("tkt_test_1", 0, "wrong server principal");
+        return;
     }
     free(out);
     out = 0;
@@ -140,45 +141,45 @@ tkt_test_1()
     /* decode the ciphertext */
     code = krb5_decrypt_tkt_part (&serv_k, tk_out);
     if (code != 0) {
-	com_err ("tkt_test_1", code, "while decrypting ticket");
-	return;
+        com_err ("tkt_test_1", code, "while decrypting ticket");
+        return;
     }
 
     /* check the contents */
     if (tk_out->enc_part2->flags != 0x11) {
-	com_err("tkt_test_1", 0, "wrong flags");
-	return;
+        com_err("tkt_test_1", 0, "wrong flags");
+        return;
     }
 
     nsess = tk_out->enc_part2->session;
 
     if (nsess->enctype != 1) {
-	com_err("tkt_test_1", 0, "wrong session key type");
-	return;
+        com_err("tkt_test_1", 0, "wrong session key type");
+        return;
     }
     if (nsess->length != 8) {
-	com_err("tkt_test_1", 0, "wrong session key length");
-	return;
+        com_err("tkt_test_1", 0, "wrong session key length");
+        return;
     }
     if (memcmp(nsess->contents, key_two, 8) != 0) {
-	com_err("tkt_test_1", 0, "wrong session key contents");
-	return;
+        com_err("tkt_test_1", 0, "wrong session key contents");
+        return;
     }
 
     code = krb5_unparse_name(tk_out->enc_part2->client, &out);
     if (code != 0) {
-	com_err ("tkt_test_1", code, "couldn't unparse client principal");
-	return;
+        com_err ("tkt_test_1", code, "couldn't unparse client principal");
+        return;
     }
     if (strcmp (out, "client/test/1@BOGUS.ORG") != 0) {
-	com_err("tkt_test_1", 0, "wrong client principal");
-	return;
+        com_err("tkt_test_1", 0, "wrong client principal");
+        return;
     }
     free(out);
     out = 0;
     if (tk_out->enc_part2->transited.length != 0) {
-	com_err("tkt_test_1", 0, "wrong transited length");
-	return;
+        com_err("tkt_test_1", 0, "wrong transited length");
+        return;
     }
     /* XXX should check address here, too */
     /* XXX should check times here */
diff --git a/src/tests/threads/Makefile.in b/src/tests/threads/Makefile.in
index d3e30e9..1b291e1 100644
--- a/src/tests/threads/Makefile.in
+++ b/src/tests/threads/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/threads
 mydir=tests/threads
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/tests/threads/deps b/src/tests/threads/deps
index 05a248c..a8f6a8e 100644
--- a/src/tests/threads/deps
+++ b/src/tests/threads/deps
@@ -3,16 +3,16 @@
 #
 $(OUTPRE)t_rcache.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-buf.h \
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-gmt_mktime.h \
+  $(top_srcdir)/include/k5-int-pkinit.h $(top_srcdir)/include/k5-int.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-plugin.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/locate_plugin.h $(top_srcdir)/include/krb5/preauth_plugin.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   t_rcache.c
 $(OUTPRE)gss-perf.$(OBJEXT): $(BUILDTOP)/include/gssapi/gssapi.h \
-  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \
+  $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(top_srcdir)/include/krb5.h \
   gss-perf.c
 $(OUTPRE)prof1.$(OBJEXT): $(BUILDTOP)/include/profile.h \
   $(COM_ERR_DEPS) prof1.c
diff --git a/src/tests/threads/gss-perf.c b/src/tests/threads/gss-perf.c
index 5c7cd2f..7b4b738 100644
--- a/src/tests/threads/gss-perf.c
+++ b/src/tests/threads/gss-perf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test/threads/gss-perf.c
  *
@@ -86,9 +87,9 @@ usage ()
     fprintf (stderr, "\t-A\ttest gss_accept_sec_context\n");
     fprintf (stderr, "\t-k K\tspecify keytab (remember FILE: or other prefix!)\n");
     fprintf (stderr, "\t-t N\tspecify number of threads (default %d)\n",
-	     N_THREADS);
+             N_THREADS);
     fprintf (stderr, "\t-i N\tset iteration count (default %d)\n",
-	     ITER_COUNT);
+             ITER_COUNT);
     fprintf (stderr, "\t-m\tenable mutual authentication flag (but don't do the additional calls)\n");
     fprintf (stderr, "\t-K\tinitialize a krb5_context for the duration\n");
     fprintf (stderr, "\t-P\tpause briefly after starting, to allow attaching dtrace/strace/etc\n");
@@ -103,13 +104,13 @@ numarg (char *arg)
 
     val = strtol (arg, &end, 10);
     if (*arg == 0 || *end != 0) {
-	fprintf (stderr, "invalid numeric argument '%s'\n", arg);
-	usage ();
+        fprintf (stderr, "invalid numeric argument '%s'\n", arg);
+        usage ();
     }
     if (val >= 1 && val <= INT_MAX)
-	return val;
+        return val;
     fprintf (stderr, "out of range numeric value %ld (1..%d)\n",
-	     val, INT_MAX);
+             val, INT_MAX);
     usage ();
 }
 
@@ -122,59 +123,59 @@ process_options (int argc, char *argv[])
 
     prog = strrchr (argv[0], '/');
     if (prog)
-	prog++;
+        prog++;
     else
-	prog = argv[0];
+        prog = argv[0];
     while ((c = getopt (argc, argv, optstring)) != -1) {
-	switch (c) {
-	case '?':
-	case ':':
-	    usage ();
-	    break;
-
-	case 'k':
-	    setenv ("KRB5_KTNAME", optarg, 1);
-	    break;
-
-	case 't':
-	    n_threads = numarg (optarg);
-	    if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) {
-		n_threads = SIZE_MAX / sizeof (struct thread_info);
-		fprintf (stderr, "limiting n_threads to %u\n", n_threads);
-	    }
-	    break;
-
-	case 'i':
-	    iter_count = numarg (optarg);
-	    break;
-
-	case 'K':
-	    init_krb5_first = 1;
-	    break;
-
-	case 'P':
-	    do_pause = 1;
-	    break;
-
-	case 'I':
-	    test_init = 1;
-	    break;
-	case 'A':
-	    test_accept = 1;
-	    break;
-	}
+        switch (c) {
+        case '?':
+        case ':':
+            usage ();
+            break;
+
+        case 'k':
+            setenv ("KRB5_KTNAME", optarg, 1);
+            break;
+
+        case 't':
+            n_threads = numarg (optarg);
+            if (n_threads >= SIZE_MAX / sizeof (struct thread_info)) {
+                n_threads = SIZE_MAX / sizeof (struct thread_info);
+                fprintf (stderr, "limiting n_threads to %u\n", n_threads);
+            }
+            break;
+
+        case 'i':
+            iter_count = numarg (optarg);
+            break;
+
+        case 'K':
+            init_krb5_first = 1;
+            break;
+
+        case 'P':
+            do_pause = 1;
+            break;
+
+        case 'I':
+            test_init = 1;
+            break;
+        case 'A':
+            test_accept = 1;
+            break;
+        }
     }
     if (argc == optind + 1)
-	set_target (argv[optind]);
+        set_target (argv[optind]);
     else
-	usage ();
+        usage ();
 
     if (test_init && test_accept) {
-	fprintf (stderr, "-I and -A are mutually exclusive\n");
-	usage ();
+        fprintf (stderr, "-I and -A are mutually exclusive\n");
+        usage ();
     }
     if (test_init == 0 && test_accept == 0)
-	test_init = 1;
+        test_init = 1;
 }
 
 static void
@@ -185,21 +186,21 @@ display_a_status (const char *s_type, OM_uint32 type, OM_uint32 val)
     gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
 
     do {
-	maj_stat = gss_display_status (&min_stat,
-				       val,
-				       type,
-				       GSS_C_NO_OID,
-				       &mctx,
-				       &msg);
-	if (maj_stat != GSS_S_COMPLETE) {
-	    fprintf (stderr,
-		     "error getting display form of %s status code %#lx\n",
-		     s_type, (unsigned long) val);
-	    exit (1);
-	}
-	fprintf (stderr, " %s: %.*s\n", s_type,
-		 (int) msg.length, (char *) msg.value);
-	gss_release_buffer (&min_stat, &msg);
+        maj_stat = gss_display_status (&min_stat,
+                                       val,
+                                       type,
+                                       GSS_C_NO_OID,
+                                       &mctx,
+                                       &msg);
+        if (maj_stat != GSS_S_COMPLETE) {
+            fprintf (stderr,
+                     "error getting display form of %s status code %#lx\n",
+                     s_type, (unsigned long) val);
+            exit (1);
+        }
+        fprintf (stderr, " %s: %.*s\n", s_type,
+                 (int) msg.length, (char *) msg.value);
+        gss_release_buffer (&min_stat, &msg);
     } while (mctx != 0);
 }
 
@@ -225,25 +226,25 @@ do_accept (gss_buffer_desc *msg, int iter)
     reply.value = NULL;
     reply.length = 0;
     maj_stat = gss_accept_sec_context (&min_stat,
-				       &ctx,
-				       GSS_C_NO_CREDENTIAL,
-				       msg,
-				       GSS_C_NO_CHANNEL_BINDINGS,
-				       &client,
-				       &oid,
-				       &reply,
-				       &flags,
-				       NULL, /* time_rec */
-				       NULL); /* del_cred_handle */
+                                       &ctx,
+                                       GSS_C_NO_CREDENTIAL,
+                                       msg,
+                                       GSS_C_NO_CHANNEL_BINDINGS,
+                                       &client,
+                                       &oid,
+                                       &reply,
+                                       &flags,
+                                       NULL, /* time_rec */
+                                       NULL); /* del_cred_handle */
     if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
-	fprintf (stderr, "pid %lu thread %#lx failing in iteration %d\n",
-		 (unsigned long) getpid (), (unsigned long) pthread_self (),
-		 iter);
-	gss_error ("accepting context", maj_stat, min_stat);
+        fprintf (stderr, "pid %lu thread %#lx failing in iteration %d\n",
+                 (unsigned long) getpid (), (unsigned long) pthread_self (),
+                 iter);
+        gss_error ("accepting context", maj_stat, min_stat);
     }
     gss_release_buffer (&min_stat, &reply);
     if (ctx != GSS_C_NO_CONTEXT)
-	gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
+        gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
     gss_release_name (&min_stat, &client);
 }
 
@@ -256,28 +257,28 @@ do_init ()
     gss_buffer_desc msg = GSS_C_EMPTY_BUFFER;
 
     if (do_mutual)
-	flags |= GSS_C_MUTUAL_FLAG;
+        flags |= GSS_C_MUTUAL_FLAG;
 
     msg.value = NULL;
     msg.length = 0;
     maj_stat = gss_init_sec_context (&min_stat,
-				     GSS_C_NO_CREDENTIAL,
-				     &ctx,
-				     target,
-				     GSS_C_NO_OID,
-				     flags,
-				     0,
-				     NULL, /* no channel bindings */
-				     NULL, /* no previous token */
-				     NULL, /* ignore mech type */
-				     &msg,
-				     &ret_flags,
-				     NULL); /* time_rec */
+                                     GSS_C_NO_CREDENTIAL,
+                                     &ctx,
+                                     target,
+                                     GSS_C_NO_OID,
+                                     flags,
+                                     0,
+                                     NULL, /* no channel bindings */
+                                     NULL, /* no previous token */
+                                     NULL, /* ignore mech type */
+                                     &msg,
+                                     &ret_flags,
+                                     NULL); /* time_rec */
     if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) {
-	gss_error ("initiating", maj_stat, min_stat);
+        gss_error ("initiating", maj_stat, min_stat);
     }
     if (ctx != GSS_C_NO_CONTEXT)
-	gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
+        gss_delete_sec_context (&min_stat, &ctx, GSS_C_NO_BUFFER);
     return msg;
 }
 
@@ -291,11 +292,11 @@ set_target (char *name)
     namebuf.value = name;
     namebuf.length = strlen (name);
     maj_stat = gss_import_name (&min_stat,
-				&namebuf,
-				GSS_C_NT_HOSTBASED_SERVICE,
-				&target);
+                                &namebuf,
+                                GSS_C_NT_HOSTBASED_SERVICE,
+                                &target);
     if (maj_stat != GSS_S_COMPLETE)
-	gss_error ("importing target name", maj_stat, min_stat);
+        gss_error ("importing target name", maj_stat, min_stat);
 }
 
 static long double
@@ -303,7 +304,7 @@ tvsub (struct timeval t1, struct timeval t2)
 {
     /* POSIX says .tv_usec is signed.  */
     return (t1.tv_sec - t2.tv_sec
-	    + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec));
+            + (long double) 1.0e-6 * (t1.tv_usec - t2.tv_usec));
 }
 
 static struct timeval
@@ -311,8 +312,8 @@ now (void)
 {
     struct timeval tv;
     if (gettimeofday (&tv, NULL) < 0) {
-	perror ("gettimeofday");
-	exit (1);
+        perror ("gettimeofday");
+        exit (1);
     }
     return tv;
 }
@@ -326,13 +327,13 @@ static void run_iterations (struct resource_info *r)
 
     r->start_time = now ();
     for (i = 0; i < iter_count; i++) {
-	if (test_init) {
-	    gss_buffer_desc msg = do_init ();
-	    gss_release_buffer (&min_stat, &msg);
-	} else if (test_accept) {
-	    do_accept (&init_msg, i);
-	} else
-	    assert (test_init || test_accept);
+        if (test_init) {
+            gss_buffer_desc msg = do_init ();
+            gss_release_buffer (&min_stat, &msg);
+        } else if (test_accept) {
+            do_accept (&init_msg, i);
+        } else
+            assert (test_init || test_accept);
     }
     r->end_time = now ();
 }
@@ -369,20 +370,20 @@ main (int argc, char *argv[])
      * This option allows you to test the effect of that.
      */
     if (init_krb5_first && krb5_init_context (&kctx) != 0) {
-	fprintf (stderr, "krb5_init_context error\n");
-	exit (1);
+        fprintf (stderr, "krb5_init_context error\n");
+        exit (1);
     }
     tinfo = calloc (n_threads, sizeof (*tinfo));
     if (tinfo == NULL) {
-	perror ("calloc");
-	exit (1);
+        perror ("calloc");
+        exit (1);
     }
     printf ("Test: %s  threads: %d  iterations: %d  target: %s\n",
-	    test_init ? "init" : "accept", n_threads, iter_count,
-	    target_name ? target_name : "(NONE)");
+            test_init ? "init" : "accept", n_threads, iter_count,
+            target_name ? target_name : "(NONE)");
     if (do_pause) {
-	printf ("pid %lu napping...\n", (unsigned long) getpid ());
-	sleep (10);
+        printf ("pid %lu napping...\n", (unsigned long) getpid ());
+        sleep (10);
     }
     /*
      * Some tests use one message and process it over and over.  Even
@@ -393,40 +394,40 @@ main (int argc, char *argv[])
     printf ("starting...\n");
     /* And *now* we start measuring the performance.  */
     if (getrusage (RUSAGE_SELF, &start) < 0) {
-	perror ("getrusage");
-	exit (1);
+        perror ("getrusage");
+        exit (1);
     }
     start_time = now ();
 #define foreach_thread(IDXVAR) for (IDXVAR = 0; IDXVAR < n_threads; IDXVAR++)
     foreach_thread (i) {
-	int err;
+        int err;
 
-	err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r);
-	if (err) {
-	    fprintf (stderr, "pthread_create: %s\n", strerror (err));
-	    exit (1);
-	}
+        err = pthread_create (&tinfo[i].tid, NULL, thread_proc, &tinfo[i].r);
+        if (err) {
+            fprintf (stderr, "pthread_create: %s\n", strerror (err));
+            exit (1);
+        }
     }
     foreach_thread (i) {
-	int err;
-	void *val;
-
-	err = pthread_join (tinfo[i].tid, &val);
-	if (err) {
-	    fprintf (stderr, "pthread_join: %s\n", strerror (err));
-	    exit (1);
-	}
+        int err;
+        void *val;
+
+        err = pthread_join (tinfo[i].tid, &val);
+        if (err) {
+            fprintf (stderr, "pthread_join: %s\n", strerror (err));
+            exit (1);
+        }
     }
     finish_time = now ();
     if (getrusage (RUSAGE_SELF, &finish) < 0) {
-	perror ("getrusage");
-	exit (1);
+        perror ("getrusage");
+        exit (1);
     }
     if (init_krb5_first)
-	krb5_free_context (kctx);
+        krb5_free_context (kctx);
     foreach_thread (i) {
-	printf ("Thread %2d: elapsed time %Lfs\n", i,
-		tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time));
+        printf ("Thread %2d: elapsed time %Lfs\n", i,
+                tvsub (tinfo[i].r.end_time, tinfo[i].r.start_time));
     }
     wallclock = tvsub (finish_time, start_time);
     /*
@@ -435,20 +436,20 @@ main (int argc, char *argv[])
      * of particular interest, so report all the info we've got.
      */
     printf ("Overall run time with %d threads = %Lfs, %Lfms per iteration.\n",
-	    n_threads, wallclock, 1000 * wallclock / iter_count);
+            n_threads, wallclock, 1000 * wallclock / iter_count);
     user = tvsub (finish.ru_utime, start.ru_utime);
     sys = tvsub (finish.ru_stime, start.ru_stime);
     total = user + sys;
     printf ("CPU usage:   user=%Lfs sys=%Lfs total=%Lfs.\n", user, sys, total);
     printf ("Utilization: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
-	    100 * user / wallclock,
-	    100 * sys / wallclock,
-	    100 * total / wallclock);
+            100 * user / wallclock,
+            100 * sys / wallclock,
+            100 * total / wallclock);
     printf ("Util/thread: user=%5.1Lf%% sys=%5.1Lf%% total=%5.1Lf%%\n",
-	    100 * user / wallclock / n_threads,
-	    100 * sys / wallclock / n_threads,
-	    100 * total / wallclock / n_threads);
+            100 * user / wallclock / n_threads,
+            100 * sys / wallclock / n_threads,
+            100 * total / wallclock / n_threads);
     printf ("Total CPU use per iteration per thread: %Lfms\n",
-	    1000 * total / n_threads / iter_count);
+            1000 * total / n_threads / iter_count);
     return 0;
 }
diff --git a/src/tests/threads/prof1.c b/src/tests/threads/prof1.c
index 766bfa3..fba54e9 100644
--- a/src/tests/threads/prof1.c
+++ b/src/tests/threads/prof1.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
@@ -26,24 +27,24 @@ static void *worker(void *arg)
     long err;
     int i;
     const char *const names[] = {
-	"one", "two", "three", 0
+        "one", "two", "three", 0
     };
     char **values;
     const char *mypath = (random() & 1) ? path : filename;
 
     while (!done) {
-	err = profile_init_path(mypath, &p);
-	if (err) {
-	    com_err(prog, err, "calling profile_init(\"%s\")", mypath);
-	    exit(1);
-	}
-	for (i = 0; i < 10; i++) {
-	    values = 0;
-	    err = profile_get_values(p, names, &values);
-	    if (err == 0 && values != 0)
-		profile_free_list(values);
-	}
-	profile_release(p);
+        err = profile_init_path(mypath, &p);
+        if (err) {
+            com_err(prog, err, "calling profile_init(\"%s\")", mypath);
+            exit(1);
+        }
+        for (i = 0; i < 10; i++) {
+            values = 0;
+            err = profile_get_values(p, names, &values);
+            if (err == 0 && values != 0)
+                profile_free_list(values);
+        }
+        profile_release(p);
     }
     return 0;
 }
@@ -52,11 +53,11 @@ static void *modifier(void *arg)
 {
     struct timespec req;
     while (!done) {
-	req.tv_sec = 0;
-	req.tv_nsec = random() & 499999999;
-	nanosleep(&req, 0);
-	utime(filename, 0);
-/*	printf("."), fflush(stdout); */
+        req.tv_sec = 0;
+        req.tv_nsec = random() & 499999999;
+        nanosleep(&req, 0);
+        utime(filename, 0);
+/*      printf("."), fflush(stdout); */
     }
     return 0;
 }
@@ -68,7 +69,7 @@ int main(int argc, char *argv[])
 
     prog = argv[0];
     for (i = 0; i < nthreads; i++) {
-	assert(0 == pthread_create(&thr, 0, worker, 0));
+        assert(0 == pthread_create(&thr, 0, worker, 0));
     }
     sleep(1);
     pthread_create(&thr, 0, modifier, 0);
diff --git a/src/tests/threads/t_rcache.c b/src/tests/threads/t_rcache.c
index e952309..d0607ed 100644
--- a/src/tests/threads/t_rcache.c
+++ b/src/tests/threads/t_rcache.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test/threads/t_rcache.c
  *
@@ -59,7 +60,7 @@ static void wait_for_tick ()
     time_t now, next;
     now = time(0);
     do {
-	next = time(0);
+        next = time(0);
     } while (now == next);
 }
 
@@ -71,39 +72,39 @@ static void try_one (struct tinfo *t)
     krb5_rcache my_rcache;
 
     snprintf(buf, sizeof(buf), "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU",
-	     buf);
+             buf);
     r.server = buf;
     r.client = (t->my_cusec & 7) + "abcdefgh@ATHENA.MIT.EDU";
     r.msghash = NULL;
     if (t->now != t->my_ctime) {
-	if (t->my_ctime != 0) {
-	    snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx,
-		     t->my_ctime, t->my_cusec);
-	    printf("%s", buf2);
-	}
-	t->my_ctime = t->now;
-	t->my_cusec = 1;
+        if (t->my_ctime != 0) {
+            snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx,
+                     t->my_ctime, t->my_cusec);
+            printf("%s", buf2);
+        }
+        t->my_ctime = t->now;
+        t->my_cusec = 1;
     } else
-	t->my_cusec++;
+        t->my_cusec++;
     r.ctime = t->my_ctime;
     r.cusec = t->my_cusec;
     if (!init_once) {
-	err = krb5_get_server_rcache(ctx, &piece, &my_rcache);
-	if (err) {
-	    const char *msg = krb5_get_error_message(ctx, err);
-	    fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg);
-	    krb5_free_error_message(ctx, msg);
-	    exit(1);
-	}
+        err = krb5_get_server_rcache(ctx, &piece, &my_rcache);
+        if (err) {
+            const char *msg = krb5_get_error_message(ctx, err);
+            fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg);
+            krb5_free_error_message(ctx, msg);
+            exit(1);
+        }
     } else
-	my_rcache = rcache;
+        my_rcache = rcache;
     err = krb5_rc_store(ctx, my_rcache, &r);
     if (err) {
-	com_err(prog, err, "storing in replay cache");
-	exit(1);
+        com_err(prog, err, "storing in replay cache");
+        exit(1);
     }
     if (!init_once)
-	krb5_rc_close(ctx, my_rcache);
+        krb5_rc_close(ctx, my_rcache);
 }
 
 static void *run_a_loop (void *x)
@@ -114,15 +115,15 @@ static void *run_a_loop (void *x)
     t.now = time(0);
     t.idx = *(int *)x;
     while (t.now != time(0))
-	;
+        ;
     t.now = time(0);
     while (t.now < end_time) {
-	t.now = time(0);
-	try_one(&t);
-	t.total++;
+        t.now = time(0);
+        try_one(&t);
+        t.total++;
 #if 0
-	printf("%c", chr);
-	fflush(stdout);
+        printf("%c", chr);
+        fflush(stdout);
 #endif
     }
 /*    printf("thread %u total %u\n", (unsigned) ((int *)x-ip), t.total);*/
@@ -148,25 +149,25 @@ static void process_options (int argc, char *argv[])
 
     prog = argv[0];
     while ((c = getopt(argc, argv, optstring)) != -1) {
-	switch (c) {
-	case '?':
-	case ':':
-	default:
-	    usage ();
-	case '1':
-	    init_once = 1;
-	    break;
-	case 't':
-	    n_threads = atoi (optarg);
-	    if (n_threads < 1 || n_threads > 10000)
-		usage ();
-	    break;
-	case 'i':
-	    interval = atoi (optarg);
-	    if (interval < 2 || n_threads > 100000)
-		usage ();
-	    break;
-	}
+        switch (c) {
+        case '?':
+        case ':':
+        default:
+            usage ();
+        case '1':
+            init_once = 1;
+            break;
+        case 't':
+            n_threads = atoi (optarg);
+            if (n_threads < 1 || n_threads > 10000)
+                usage ();
+            break;
+        case 'i':
+            interval = atoi (optarg);
+            if (interval < 2 || n_threads > 100000)
+                usage ();
+            break;
+        }
     }
 }
 
@@ -179,8 +180,8 @@ int main (int argc, char *argv[])
     process_options (argc, argv);
     err = krb5_init_context(&ctx);
     if (err) {
-	com_err(prog, err, "initializing context");
-	return 1;
+        com_err(prog, err, "initializing context");
+        return 1;
     }
 
     /*
@@ -191,68 +192,68 @@ int main (int argc, char *argv[])
      */
     err = krb5_get_server_rcache(ctx, &piece, &rcache);
     if (err) {
-	const char *msg = krb5_get_error_message(ctx, err);
-	fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg);
-	krb5_free_error_message(ctx, msg);
-	return 1;
+        const char *msg = krb5_get_error_message(ctx, err);
+        fprintf(stderr, "%s: %s while initializing replay cache\n", prog, msg);
+        krb5_free_error_message(ctx, msg);
+        return 1;
     }
     err = krb5_rc_destroy(ctx, rcache);
     if (err) {
-	const char *msg = krb5_get_error_message(ctx, err);
-	fprintf(stderr, "%s: %s while destroying old replay cache\n",
-		prog, msg);
-	krb5_free_error_message(ctx, msg);
-	return 1;
+        const char *msg = krb5_get_error_message(ctx, err);
+        fprintf(stderr, "%s: %s while destroying old replay cache\n",
+                prog, msg);
+        krb5_free_error_message(ctx, msg);
+        return 1;
     }
     rcache = NULL;
 
     if (init_once) {
-	err = krb5_get_server_rcache(ctx, &piece, &rcache);
-	if (err) {
-	    const char *msg = krb5_get_error_message(ctx, err);
-	    fprintf(stderr, "%s: %s while initializing new replay cache\n",
-		    prog, msg);
-	    krb5_free_error_message(ctx, msg);
-	    return 1;
-	}
+        err = krb5_get_server_rcache(ctx, &piece, &rcache);
+        if (err) {
+            const char *msg = krb5_get_error_message(ctx, err);
+            fprintf(stderr, "%s: %s while initializing new replay cache\n",
+                    prog, msg);
+            krb5_free_error_message(ctx, msg);
+            return 1;
+        }
     }
 
     ip = malloc(sizeof(int) * n_threads);
     if (ip == 0 && n_threads > 0) {
-	perror("malloc");
-	exit(1);
+        perror("malloc");
+        exit(1);
     }
     for (i = 0; i < n_threads; i++)
-	ip[i] = i;
+        ip[i] = i;
 
     wait_for_tick ();
     end_time = time(0) + interval;
 
     for (i = 0; i < n_threads; i++) {
-	pthread_t new_thread;
-	int perr;
-	perr = pthread_create(&new_thread, 0, run_a_loop, &ip[i]);
-	if (perr) {
-	    errno = perr;
-	    perror("pthread_create");
-	    exit(1);
-	}
+        pthread_t new_thread;
+        int perr;
+        perr = pthread_create(&new_thread, 0, run_a_loop, &ip[i]);
+        if (perr) {
+            errno = perr;
+            perror("pthread_create");
+            exit(1);
+        }
     }
     while (time(0) < end_time + 1)
-	sleep(1);
+        sleep(1);
     sum = 0;
     for (i = 0; i < n_threads; i++) {
-	sum += ip[i];
-	printf("thread %d total %5d, about %.1f per second\n", i, ip[i],
-	       ((double) ip[i])/interval);
+        sum += ip[i];
+        printf("thread %d total %5d, about %.1f per second\n", i, ip[i],
+               ((double) ip[i])/interval);
     }
     printf("total %lu in %d seconds, avg ~%.1f/sec, ~%.1f/sec/thread\n",
-	   sum, interval,
-	   ((double)sum)/interval, ((double)sum)/interval/n_threads);
+           sum, interval,
+           ((double)sum)/interval, ((double)sum)/interval/n_threads);
     free(ip);
 
     if (init_once)
-	krb5_rc_close(ctx, rcache);
+        krb5_rc_close(ctx, rcache);
     krb5_free_context(ctx);
     return 0;
 }
diff --git a/src/tests/verify/Makefile.in b/src/tests/verify/Makefile.in
index a78bef1..d46bff0 100644
--- a/src/tests/verify/Makefile.in
+++ b/src/tests/verify/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=tests/verify
 mydir=tests/verify
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD)
diff --git a/src/tests/verify/deps b/src/tests/verify/deps
index 1664d01..bed5216 100644
--- a/src/tests/verify/deps
+++ b/src/tests/verify/deps
@@ -3,12 +3,12 @@
 #
 $(OUTPRE)kdb5_verify.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
-  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
-  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \
-  $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/authdata_plugin.h \
-  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
-  $(SS_DEPS) kdb5_verify.c
+  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SS_DEPS) \
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-err.h \
+  $(top_srcdir)/include/k5-gmt_mktime.h $(top_srcdir)/include/k5-int-pkinit.h \
+  $(top_srcdir)/include/k5-int.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-plugin.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/kdb.h $(top_srcdir)/include/krb5.h \
+  $(top_srcdir)/include/krb5/authdata_plugin.h $(top_srcdir)/include/krb5/locate_plugin.h \
+  $(top_srcdir)/include/krb5/preauth_plugin.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h kdb5_verify.c
diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c
index a2a0f90..63995a5 100644
--- a/src/tests/verify/kdb5_verify.c
+++ b/src/tests/verify/kdb5_verify.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/verify/kdb5_verify.c
  *
@@ -33,8 +34,8 @@
 #include <ss/ss.h>
 #include <stdio.h>
 
-#define REALM_SEP	'@'
-#define REALM_SEP_STR	"@"
+#define REALM_SEP       '@'
+#define REALM_SEP_STR   "@"
 
 struct mblock {
     krb5_deltat max_life;
@@ -42,7 +43,7 @@ struct mblock {
     krb5_timestamp expiration;
     krb5_flags flags;
     krb5_kvno mkvno;
-} mblock = {				/* XXX */
+} mblock = {                            /* XXX */
     KRB5_KDB_MAX_LIFE,
     KRB5_KDB_MAX_RLIFE,
     KRB5_KDB_EXPIRATION,
@@ -54,12 +55,12 @@ int set_dbname_help (krb5_context, char *, char *);
 
 static void
 usage(who, status)
-char *who;
-int status;
+    char *who;
+    int status;
 {
     fprintf(stderr,
-	    "usage: %s -p prefix -n num_to_check [-d dbpathname] [-r realmname]\n",
-	    who);
+            "usage: %s -p prefix -n num_to_check [-d dbpathname] [-r realmname]\n",
+            who);
     fprintf(stderr, "\t [-D depth] [-k enctype] [-M mkeyname]\n");
 
     exit(status);
@@ -103,7 +104,7 @@ main(argc, argv)
     krb5_init_context(&context);
 
     if (strrchr(argv[0], '/'))
-	argv[0] = strrchr(argv[0], '/')+1;
+        argv[0] = strrchr(argv[0], '/')+1;
 
     progname = argv[0];
 
@@ -112,98 +113,98 @@ main(argc, argv)
     depth = 1;
 
     while ((optchar = getopt(argc, argv, "D:P:p:n:d:r:R:k:M:e:m")) != -1) {
-	switch(optchar) {
-	case 'D':
-	    depth = atoi(optarg);       /* how deep to go */
-	    break;
-        case 'P':		/* Only used for testing!!! */
-	    mkey_password = optarg;
-	    break;
-	case 'p':                       /* prefix name to check */
-	    strncpy(principal_string, optarg, sizeof(principal_string) - 1);
-	    principal_string[sizeof(principal_string) - 1] = '\0';
-	    suffix = principal_string + strlen(principal_string);
-	    suffix_size = sizeof(principal_string) -
-		(suffix - principal_string);
-	    break;
-       case 'n':                        /* how many to check */
-	    num_to_check = atoi(optarg);
-	    break;
-	case 'd':			/* set db name */
-	    dbname = optarg;
-	    break;
-	case 'r':
-	    cur_realm = optarg;
-	    break;
-	case 'k':
-	    master_keyblock.enctype = atoi(optarg);
-	    enctypedone++;
-	    break;
-	case 'M':			/* master key name in DB */
-	    mkey_name = optarg;
-	    break;
-	case 'm':
-	    manual_mkey = TRUE;
-	    break;
-	case '?':
-	default:
-	    usage(progname, 1);
-	    /*NOTREACHED*/
-	}
+        switch(optchar) {
+        case 'D':
+            depth = atoi(optarg);       /* how deep to go */
+            break;
+        case 'P':               /* Only used for testing!!! */
+            mkey_password = optarg;
+            break;
+        case 'p':                       /* prefix name to check */
+            strncpy(principal_string, optarg, sizeof(principal_string) - 1);
+            principal_string[sizeof(principal_string) - 1] = '\0';
+            suffix = principal_string + strlen(principal_string);
+            suffix_size = sizeof(principal_string) -
+                (suffix - principal_string);
+            break;
+        case 'n':                        /* how many to check */
+            num_to_check = atoi(optarg);
+            break;
+        case 'd':                       /* set db name */
+            dbname = optarg;
+            break;
+        case 'r':
+            cur_realm = optarg;
+            break;
+        case 'k':
+            master_keyblock.enctype = atoi(optarg);
+            enctypedone++;
+            break;
+        case 'M':                       /* master key name in DB */
+            mkey_name = optarg;
+            break;
+        case 'm':
+            manual_mkey = TRUE;
+            break;
+        case '?':
+        default:
+            usage(progname, 1);
+            /*NOTREACHED*/
+        }
     }
 
     if (!(num_to_check && suffix)) usage(progname, 1);
 
     if (!enctypedone)
-	master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
+        master_keyblock.enctype = DEFAULT_KDC_ENCTYPE;
 
     if (!krb5_c_valid_enctype(master_keyblock.enctype)) {
-	com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
-		"while setting up enctype %d", master_keyblock.enctype);
-	exit(1);
+        com_err(progname, KRB5_PROG_ETYPE_NOSUPP,
+                "while setting up enctype %d", master_keyblock.enctype);
+        exit(1);
     }
 
     krb5_use_enctype(context, &master_encblock, master_keyblock.enctype);
 
     if (!dbname)
-	dbname = DEFAULT_KDB_FILE;	/* XXX? */
+        dbname = DEFAULT_KDB_FILE;      /* XXX? */
 
     if (!cur_realm) {
-	if ((retval = krb5_get_default_realm(context, &cur_realm))) {
-	    com_err(progname, retval, "while retrieving default realm name");
-	    exit(1);
-	}
+        if ((retval = krb5_get_default_realm(context, &cur_realm))) {
+            com_err(progname, retval, "while retrieving default realm name");
+            exit(1);
+        }
     }
     if ((retval = set_dbname_help(context, progname, dbname)))
-	exit(retval);
+        exit(retval);
 
     errors = 0;
 
     fprintf(stdout, "\nChecking ");
 
     for (n = 1; n <= num_to_check; n++) {
-      /* build the new principal name */
-      /* we can't pick random names because we need to generate all the names
-	 again given a prefix and count to test the db lib and kdb */
-      (void) snprintf(suffix, suffix_size, "%d", n);
-      (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
-      str_princ = tmp;
-      if (check_princ(context, str_princ)) errors++;
-
-      for (i = 2; i <= depth; i++) {
-	(void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
-			principal_string, i);
-	tmp2[sizeof(tmp2) - 1] = '\0';
-	strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
-	str_princ = tmp;
-	if (check_princ(context, str_princ)) errors++;
-      }
+        /* build the new principal name */
+        /* we can't pick random names because we need to generate all the names
+           again given a prefix and count to test the db lib and kdb */
+        (void) snprintf(suffix, suffix_size, "%d", n);
+        (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string);
+        str_princ = tmp;
+        if (check_princ(context, str_princ)) errors++;
+
+        for (i = 2; i <= depth; i++) {
+            (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d",
+                            principal_string, i);
+            tmp2[sizeof(tmp2) - 1] = '\0';
+            strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp));
+            str_princ = tmp;
+            if (check_princ(context, str_princ)) errors++;
+        }
     }
 
     if (errors)
-      fprintf(stdout, "\n%d errors/principals failed.\n", errors);
+        fprintf(stdout, "\n%d errors/principals failed.\n", errors);
     else
-      fprintf(stdout, "\nNo errors.\n");
+        fprintf(stdout, "\nNo errors.\n");
 
     krb5_finish_random_key(context, &master_encblock, &master_random);
     krb5_finish_key(context, &master_encblock);
@@ -211,12 +212,12 @@ main(argc, argv)
     retval = krb5_db_fini(context);
     memset(master_keyblock.contents, 0, (size_t) master_keyblock.length);
     if (retval && retval != KRB5_KDB_DBNOTINITED) {
-	com_err(progname, retval, "while closing database");
-	exit(1);
+        com_err(progname, retval, "while closing database");
+        exit(1);
     }
 
     if (str_master_princ) {
-	krb5_free_unparsed_name(context, str_master_princ);
+        krb5_free_unparsed_name(context, str_master_princ);
     }
     krb5_free_principal(context, master_princ);
     krb5_free_context(context);
@@ -243,114 +244,114 @@ check_princ(context, str_princ)
     fprintf(stderr, "\t%s ...\n", princ_name);
 
     if ((retval = krb5_parse_name(context, princ_name, &princ))) {
-      com_err(progname, retval, "while parsing '%s'", princ_name);
-      goto out;
+        com_err(progname, retval, "while parsing '%s'", princ_name);
+        goto out;
     }
 
     pwd.data = princ_name;  /* must be able to regenerate */
     pwd.length = strlen(princ_name);
 
     if ((retval = krb5_principal2salt(context, princ, &salt))) {
-	com_err(progname, retval, "while converting principal to salt for '%s'", princ_name);
-	krb5_free_principal(context, princ);
-	goto out;
+        com_err(progname, retval, "while converting principal to salt for '%s'", princ_name);
+        krb5_free_principal(context, princ);
+        goto out;
     }
 
     if ((retval = krb5_string_to_key(context, &master_encblock,
-				    &pwd_key, &pwd, &salt))) {
-	com_err(progname, retval, "while converting password to key for '%s'",
-		princ_name);
-	krb5_free_data_contents(context, &salt);
-	krb5_free_principal(context, princ);
-	goto out;
+                                     &pwd_key, &pwd, &salt))) {
+        com_err(progname, retval, "while converting password to key for '%s'",
+                princ_name);
+        krb5_free_data_contents(context, &salt);
+        krb5_free_principal(context, princ);
+        goto out;
     }
     krb5_free_data_contents(context, &salt);
 
     if ((retval = krb5_db_get_principal(context, princ, &kdbe,
-					&nprincs, &more))) {
-      com_err(progname, retval, "while attempting to verify principal's existence");
-      krb5_free_principal(context, princ);
-      goto out;
+                                        &nprincs, &more))) {
+        com_err(progname, retval, "while attempting to verify principal's existence");
+        krb5_free_principal(context, princ);
+        goto out;
     }
     krb5_free_principal(context, princ);
 
     if (nprincs != 1) {
-      com_err(progname, 0, "Found %d entries db entry for %s.\n", nprincs,
-	      princ_name);
-      goto errout;
+        com_err(progname, 0, "Found %d entries db entry for %s.\n", nprincs,
+                princ_name);
+        goto errout;
     }
 
     if ((retval = krb5_dbekd_decrypt_key_data(context, &master_keyblock,
-				       	     kdbe.key_data, &db_key, NULL))) {
-	com_err(progname, retval, "while decrypting key for '%s'", princ_name);
-	goto errout;
+                                              kdbe.key_data, &db_key, NULL))) {
+        com_err(progname, retval, "while decrypting key for '%s'", princ_name);
+        goto errout;
     }
 
     if ((pwd_key.enctype != db_key.enctype) ||
-	(pwd_key.length != db_key.length)) {
-      fprintf (stderr, "\tKey types do not agree (%d expected, %d from db)\n",
-	       pwd_key.enctype, db_key.enctype);
-errout:
-      krb5_db_free_principal(context, &kdbe, nprincs);
-      return(-1);
+        (pwd_key.length != db_key.length)) {
+        fprintf (stderr, "\tKey types do not agree (%d expected, %d from db)\n",
+                 pwd_key.enctype, db_key.enctype);
+    errout:
+        krb5_db_free_principal(context, &kdbe, nprincs);
+        return(-1);
     }
     else {
-      if (memcmp((char *)pwd_key.contents, (char *) db_key.contents,
-		 (size_t) pwd_key.length)) {
-	fprintf(stderr, "\t key did not match stored value for %s\n",
-		princ_name);
-	goto errout;
-      }
+        if (memcmp((char *)pwd_key.contents, (char *) db_key.contents,
+                   (size_t) pwd_key.length)) {
+            fprintf(stderr, "\t key did not match stored value for %s\n",
+                    princ_name);
+            goto errout;
+        }
     }
 
     free(pwd_key.contents);
     free(db_key.contents);
 
     if (kdbe.key_data[0].key_data_kvno != 1) {
-      fprintf(stderr,"\tkvno did not match stored value for %s.\n", princ_name);
-      goto errout;
+        fprintf(stderr,"\tkvno did not match stored value for %s.\n", princ_name);
+        goto errout;
     }
 
     if (kdbe.max_life != mblock.max_life) {
-      fprintf(stderr, "\tmax life did not match stored value for %s.\n",
-	      princ_name);
-      goto errout;
+        fprintf(stderr, "\tmax life did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
     }
 
     if (kdbe.max_renewable_life != mblock.max_rlife) {
-      fprintf(stderr,
-	      "\tmax renewable life did not match stored value for %s.\n",
-	      princ_name);
-      goto errout;
+        fprintf(stderr,
+                "\tmax renewable life did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
     }
 
     if (kdbe.expiration != mblock.expiration) {
-      fprintf(stderr, "\texpiration time did not match stored value for %s.\n",
-	      princ_name);
-      goto errout;
+        fprintf(stderr, "\texpiration time did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
     }
 
 /*
-    if ((retval = krb5_unparse_name(context, kdbe.mod_name, &str_mod_name)))
-      com_err(progname, retval, "while unparsing mode name");
-    else {
-      if (strcmp(str_mod_name, str_master_princ) != 0) {
-	fprintf(stderr, "\tmod name isn't the master princ (%s not %s).\n",
-		str_mod_name, str_master_princ);
-	free(str_mod_name);
-	goto errout;
-      }
-      else free(str_mod_name);
-    }
+  if ((retval = krb5_unparse_name(context, kdbe.mod_name, &str_mod_name)))
+  com_err(progname, retval, "while unparsing mode name");
+  else {
+  if (strcmp(str_mod_name, str_master_princ) != 0) {
+  fprintf(stderr, "\tmod name isn't the master princ (%s not %s).\n",
+  str_mod_name, str_master_princ);
+  free(str_mod_name);
+  goto errout;
+  }
+  else free(str_mod_name);
+  }
 */
 
     if (kdbe.attributes != mblock.flags) {
-      fprintf(stderr, "\tAttributes did not match stored value for %s.\n",
-	      princ_name);
-      goto errout;
+        fprintf(stderr, "\tAttributes did not match stored value for %s.\n",
+                princ_name);
+        goto errout;
     }
 
-    out:
+out:
     krb5_db_free_principal(context, &kdbe, nprincs);
 
     return(0);
@@ -371,96 +372,96 @@ set_dbname_help(context, pname, dbname)
     /* assemble & parse the master key name */
 
     if ((retval = krb5_db_setup_mkey_name(context, mkey_name, cur_realm, 0,
-					 &master_princ))) {
-	com_err(pname, retval, "while setting up master key name");
-	return(1);
+                                          &master_princ))) {
+        com_err(pname, retval, "while setting up master key name");
+        return(1);
     }
     if (mkey_password) {
-	pwd.data = mkey_password;
-	pwd.length = strlen(mkey_password);
-	retval = krb5_principal2salt(context, master_princ, &scratch);
-	if (retval) {
-	    com_err(pname, retval, "while calculated master key salt");
-	    return(1);
-	}
-	if ((retval = krb5_string_to_key(context, &master_encblock,
-				    &master_keyblock, &pwd, &scratch))) {
-	    com_err(pname, retval,
-		    "while transforming master key from password");
-	    return(1);
-	}
-	free(scratch.data);
+        pwd.data = mkey_password;
+        pwd.length = strlen(mkey_password);
+        retval = krb5_principal2salt(context, master_princ, &scratch);
+        if (retval) {
+            com_err(pname, retval, "while calculated master key salt");
+            return(1);
+        }
+        if ((retval = krb5_string_to_key(context, &master_encblock,
+                                         &master_keyblock, &pwd, &scratch))) {
+            com_err(pname, retval,
+                    "while transforming master key from password");
+            return(1);
+        }
+        free(scratch.data);
     } else {
-	if ((retval = krb5_db_fetch_mkey(context, master_princ,
-					 master_keyblock.enctype,
-					 manual_mkey, FALSE, (char *) NULL,
+        if ((retval = krb5_db_fetch_mkey(context, master_princ,
+                                         master_keyblock.enctype,
+                                         manual_mkey, FALSE, (char *) NULL,
                                          NULL, NULL,
-					 &master_keyblock))) {
-	    com_err(pname, retval, "while reading master key");
-	    return(1);
-	}
+                                         &master_keyblock))) {
+            com_err(pname, retval, "while reading master key");
+            return(1);
+        }
     }
 
     /* Ick!  Current DAL interface requires that the default_realm
        field be set in the krb5_context.  */
     if ((retval = krb5_set_default_realm(context, cur_realm))) {
-	com_err(pname, retval, "setting default realm");
-	return 1;
+        com_err(pname, retval, "setting default realm");
+        return 1;
     }
     /* Pathname is passed to db2 via 'args' parameter.  */
     args[1] = NULL;
     if (asprintf(&args[0], "dbname=%s", dbname) < 0) {
-	com_err(pname, errno, "while setting up db parameters");
-	return 1;
+        com_err(pname, errno, "while setting up db parameters");
+        return 1;
     }
 
     if ((retval = krb5_db_open(context, args, KRB5_KDB_OPEN_RO))) {
-	com_err(pname, retval, "while initializing database");
-	return(1);
+        com_err(pname, retval, "while initializing database");
+        return(1);
     }
     if ((retval = krb5_db_verify_master_key(context, master_princ,
-					    IGNORE_VNO, &master_keyblock))) {
-	com_err(pname, retval, "while verifying master key");
-	(void) krb5_db_fini(context);
-	return(1);
+                                            IGNORE_VNO, &master_keyblock))) {
+        com_err(pname, retval, "while verifying master key");
+        (void) krb5_db_fini(context);
+        return(1);
     }
     nentries = 1;
     if ((retval = krb5_db_get_principal(context, master_princ, &master_entry,
-				       &nentries, &more))) {
-	com_err(pname, retval, "while retrieving master entry");
-	(void) krb5_db_fini(context);
-	return(1);
+                                        &nentries, &more))) {
+        com_err(pname, retval, "while retrieving master entry");
+        (void) krb5_db_fini(context);
+        return(1);
     } else if (more) {
-	com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
-		"while retrieving master entry");
-	(void) krb5_db_fini(context);
-	return(1);
+        com_err(pname, KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE,
+                "while retrieving master entry");
+        (void) krb5_db_fini(context);
+        return(1);
     } else if (!nentries) {
-	com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry");
-	(void) krb5_db_fini(context);
-	return(1);
+        com_err(pname, KRB5_KDB_NOENTRY, "while retrieving master entry");
+        (void) krb5_db_fini(context);
+        return(1);
     }
 
     if ((retval = krb5_unparse_name(context, master_princ,
-				    &str_master_princ))) {
-      com_err(pname, retval, "while unparsing master principal");
-      krb5_db_fini(context);
-      return(1);
+                                    &str_master_princ))) {
+        com_err(pname, retval, "while unparsing master principal");
+        krb5_db_fini(context);
+        return(1);
     }
 
     if ((retval = krb5_process_key(context,
-				  &master_encblock, &master_keyblock))) {
-	com_err(pname, retval, "while processing master key");
-	(void) krb5_db_fini(context);
-	return(1);
+                                   &master_encblock, &master_keyblock))) {
+        com_err(pname, retval, "while processing master key");
+        (void) krb5_db_fini(context);
+        return(1);
     }
     if ((retval = krb5_init_random_key(context,
-				      &master_encblock, &master_keyblock,
-				      &master_random))) {
-	com_err(pname, retval, "while initializing random key generator");
-	krb5_finish_key(context, &master_encblock);
-	(void) krb5_db_fini(context);
-	return(1);
+                                       &master_encblock, &master_keyblock,
+                                       &master_random))) {
+        com_err(pname, retval, "while initializing random key generator");
+        krb5_finish_key(context, &master_encblock);
+        (void) krb5_db_fini(context);
+        return(1);
     }
     mblock.max_life = master_entry.max_life;
     mblock.max_rlife = master_entry.max_renewable_life;
diff --git a/src/tests/verify/pkey.c b/src/tests/verify/pkey.c
index a577f06..5f159ce 100644
--- a/src/tests/verify/pkey.c
+++ b/src/tests/verify/pkey.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * tests/verify/pkey.c
  *
@@ -12,13 +13,13 @@
 #include <stdio.h>
 
 void pkey(k)
-     unsigned char *k;
+    unsigned char *k;
 {
-  int i;
-  unsigned int foo;
+    int i;
+    unsigned int foo;
 
-  for (i = 0 ; i < 8 ; i++) {
-    foo = *k++;
-    fprintf(stderr, "%x ", foo);
-  }
+    for (i = 0 ; i < 8 ; i++) {
+        foo = *k++;
+        fprintf(stderr, "%x ", foo);
+    }
 }
diff --git a/src/util/Makefile.in b/src/util/Makefile.in
index 0af0977..ec92828 100644
--- a/src/util/Makefile.in
+++ b/src/util/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./..
-myfulldir=util
 mydir=util
 ##WIN32###Windows NMAKE doesn't like @ in make variable names, and on
 ##WIN32### Windows we don't do the @FOO@ substitutions we do with UNIX
diff --git a/src/util/collected-client-lib/Makefile.in b/src/util/collected-client-lib/Makefile.in
index c583d66..0776b10 100644
--- a/src/util/collected-client-lib/Makefile.in
+++ b/src/util/collected-client-lib/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=util/collected-client-lib
 mydir=util/collected-client-lib
 BUILDTOP=$(REL)..$(S)..
 RELDIR=../util/collected-client-lib
diff --git a/src/util/depfix.pl b/src/util/depfix.pl
index 0ab02d7..4dec887 100644
--- a/src/util/depfix.pl
+++ b/src/util/depfix.pl
@@ -27,37 +27,29 @@ eval 'exec perl -S $0 ${1+"$@"}'
   if 0;
 $0 =~ s/^.*?(\w+)[\.\w+]*$/$1/;
 
-# Input: srctop thisdir srcdir buildtop libgccfilename stlibobjs
+# Input: srctop thisdir srcdir buildtop stlibobjs
 
 # Notes: myrelativedir is something like "lib/krb5/asn.1" or ".".
 # stlibobjs will usually be empty, or include spaces.
 
 # A typical set of inputs, produced with srcdir=.. at top level:
 #
-# SRCTOP = ../../../util/et/../..
+# top_srcdir = ../../../util/et/../..
 # thisdir = util/et
 # srcdir = ../../../util/et
 # BUILDTOP = ../..
-# libgcc file name = /usr/lib/gcc-lib/i386-redhat-linux/3.2.3/libgcc.a
 # STLIBOBJS = error_message.o et_name.o com_err.o
 
-my($SRCTOP,$thisdir,$srcdir,$BUILDTOP,$libgccpath,$STLIBOBJS) = @ARGV;
+my($top_srcdir,$thisdir,$srcdir,$BUILDTOP,$STLIBOBJS) = @ARGV;
 
 if (0) {
-    print STDERR "SRCTOP = $SRCTOP\n";
+    print STDERR "top_srcdir = $top_srcdir\n";
     print STDERR "BUILDTOP = $BUILDTOP\n";
     print STDERR "STLIBOBJS = $STLIBOBJS\n";
 }
 
-$libgccincdir = $libgccpath;
-$libgccincdir =~ s,libgcc\.[^ ]*$,include,;
-$libgccincdir = quotemeta($libgccincdir);
 #$srcdirpat = quotemeta($srcdir);
 
-# Tweak here if you need to ignore additional directories.
-#my(@ignoredirs) = ( $libgccincdir, "/var/raeburn/openldap/Install/include" );
-my(@ignoredirs) = ( $libgccincdir );
-
 my($extrasuffixes) = ($STLIBOBJS ne "");
 
 sub my_qm {
@@ -100,31 +92,25 @@ sub do_subs {
     } else {
 	s,^([a-zA-Z0-9_\-]*)\.o:,\$(OUTPRE)$1.\$(OBJEXT):,;
     }
-    # Drop GCC include files, they're basically system headers.
-    my ($x);
-    foreach $x (@ignoredirs) {
-	s,$x/[^ ]* ,,g;
-	s,$x/[^ ]*$,,g;
-    }
-    # Recognize $(SRCTOP) and variants.
-    my($srct) = $SRCTOP . "/";
-    $_ = strrep(" $srct", " \$(SRCTOP)/", $_);
-#    s, $pat, \$(SRCTOP)/,go;
+    # Recognize $(top_srcdir) and variants.
+    my($srct) = $top_srcdir . "/";
+    $_ = strrep(" $srct", " \$(top_srcdir)/", $_);
+#    s, $pat, \$(top_srcdir)/,go;
     while ($srct =~ m,/[a-z][a-zA-Z0-9_.\-]*/\.\./,) {
 	$srct =~ s,/[a-z][a-zA-Z0-9_.\-]*/\.\./,/,;
-	$_ = strrep(" $srct", " \$(SRCTOP)/", $_);
+	$_ = strrep(" $srct", " \$(top_srcdir)/", $_);
     }
     # Now try to produce pathnames relative to $(srcdir).
     if ($thisdir eq ".") {
 	# blah
     } else {
-	my($pat) = " \$(SRCTOP)/$thisdir/";
+	my($pat) = " \$(top_srcdir)/$thisdir/";
 	my($out) = " \$(srcdir)/";
 	$_ = strrep($pat, $out, $_);
 	while ($pat =~ m,/[a-z][a-zA-Z0-9_.\-]*/$,) {
 	    $pat =~ s,/[a-z][a-zA-Z0-9_.\-]*/$,/,;
 	    $out .= "../";
-	    if ($pat ne " \$(SRCTOP)/") {
+	    if ($pat ne " \$(top_srcdir)/") {
 		$_ = strrep($pat, $out, $_);
 	    }
 	}
@@ -140,14 +126,8 @@ sub do_subs_2 {
     s/$/ /;
     # Remove excess spaces.
     s/  */ /g;
-    # Delete Tcl-specific headers.
-    s;/[^ ]*/tcl\.h ;;g;
-    s;/[^ ]*/tclDecls\.h ;;g;
-    s;/[^ ]*/tclPlatDecls\.h ;;g;
-    # Delete system-specific or compiler-specific files.
-    s;/os/usr/include/[^ ]* ;;g;
-    s;/usr/include/[^ ]* ;;g;
-    s;/usr/lib/[^ ]* ;;g;
+    # Delete headers external to the source and build tree.
+    s; /[^ ]*;;g;
     # Remove foo/../ sequences.
     while (m/\/[a-z][a-z0-9_.\-]*\/\.\.\//) {
 	s//\//g;
diff --git a/src/util/et/Makefile.in b/src/util/et/Makefile.in
index 9dde520..e585fb3 100644
--- a/src/util/et/Makefile.in
+++ b/src/util/et/Makefile.in
@@ -2,8 +2,6 @@ prefix=@prefix@
 bindir=@bindir@
 datadir=@datadir@
 mydatadir=$(datadir)/et
-thisconfigdir=../..
-myfulldir=util/et
 mydir=util/et
 BUILDTOP=$(REL)..$(S)..
 RELDIR=../util/et
diff --git a/src/util/et/com_err.c b/src/util/et/com_err.c
index a483e54..aaba897 100644
--- a/src/util/et/com_err.c
+++ b/src/util/et/com_err.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997 by Massachusetts Institute of Technology
  *
@@ -35,79 +36,79 @@ k5_mutex_t com_err_hook_lock = K5_MUTEX_PARTIAL_INITIALIZER;
 
 #if defined(_WIN32)
 BOOL  isGuiApp() {
-	DWORD mypid;
-	HANDLE myprocess;
-	mypid = GetCurrentProcessId();
-	myprocess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid);
-	return GetGuiResources(myprocess, 1) > 0;
-	}
+    DWORD mypid;
+    HANDLE myprocess;
+    mypid = GetCurrentProcessId();
+    myprocess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, mypid);
+    return GetGuiResources(myprocess, 1) > 0;
+}
 #endif
 
 static void default_com_err_proc (const char *whoami, errcode_t code,
-				  const char *fmt, va_list ap)
+                                  const char *fmt, va_list ap)
 {
 #if defined(_WIN32)
 
-	char errbuf[1024] = "";
-
-	if (whoami) {
-		errbuf[sizeof(errbuf) - 1] = '\0';
-		strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
-		strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
-	}
-	if (code) {
-		errbuf[sizeof(errbuf) - 1] = '\0';
-		strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
-		strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
-	}
-	if (fmt)
-	    /* ITS4: ignore vsprintf */
-	    vsprintf (errbuf + strlen (errbuf), fmt, ap);
-	errbuf[sizeof(errbuf) - 1] = '\0';
-
-	if (_isatty(_fileno(stderr)) || !isGuiApp()) {
-	    fputs(errbuf, stderr);
-	    fputc('\r', stderr);
-	    fputc('\n', stderr);
-	    fflush(stderr);
-	} else
-	    MessageBox ((HWND)NULL, errbuf, "Kerberos", MB_ICONEXCLAMATION);
+    char errbuf[1024] = "";
+
+    if (whoami) {
+        errbuf[sizeof(errbuf) - 1] = '\0';
+        strncat (errbuf, whoami, sizeof(errbuf) - 1 - strlen(errbuf));
+        strncat (errbuf, ": ", sizeof(errbuf) - 1 - strlen(errbuf));
+    }
+    if (code) {
+        errbuf[sizeof(errbuf) - 1] = '\0';
+        strncat (errbuf, error_message(code), sizeof(errbuf) - 1 - strlen(errbuf));
+        strncat (errbuf, " ", sizeof(errbuf) - 1 - strlen(errbuf));
+    }
+    if (fmt)
+        /* ITS4: ignore vsprintf */
+        vsprintf (errbuf + strlen (errbuf), fmt, ap);
+    errbuf[sizeof(errbuf) - 1] = '\0';
+
+    if (_isatty(_fileno(stderr)) || !isGuiApp()) {
+        fputs(errbuf, stderr);
+        fputc('\r', stderr);
+        fputc('\n', stderr);
+        fflush(stderr);
+    } else
+        MessageBox ((HWND)NULL, errbuf, "Kerberos", MB_ICONEXCLAMATION);
 
 #else /* !_WIN32 */
 
-	if (whoami) {
-		fputs(whoami, stderr);
-		fputs(": ", stderr);
-	}
-	if (code) {
-		fputs(error_message(code), stderr);
-		fputs(" ", stderr);
-	}
-	if (fmt) {
-		vfprintf(stderr, fmt, ap);
-	}
-	/* should do this only on a tty in raw mode */
-	putc('\r', stderr);
-	putc('\n', stderr);
-	fflush(stderr);
+    if (whoami) {
+        fputs(whoami, stderr);
+        fputs(": ", stderr);
+    }
+    if (code) {
+        fputs(error_message(code), stderr);
+        fputs(" ", stderr);
+    }
+    if (fmt) {
+        vfprintf(stderr, fmt, ap);
+    }
+    /* should do this only on a tty in raw mode */
+    putc('\r', stderr);
+    putc('\n', stderr);
+    fflush(stderr);
 
 #endif
 }
 
 void KRB5_CALLCONV com_err_va(const char *whoami,
-			      errcode_t code,
-			      const char *fmt,
-			      va_list ap)
+                              errcode_t code,
+                              const char *fmt,
+                              va_list ap)
 {
     int err;
     et_old_error_hook_func p;
 
     err = com_err_finish_init();
     if (err)
-	goto best_try;
+        goto best_try;
     err = k5_mutex_lock(&com_err_hook_lock);
     if (err)
-	goto best_try;
+        goto best_try;
     p = com_err_hook ? com_err_hook : default_com_err_proc;
     (*p)(whoami, code, fmt, ap);
     k5_mutex_unlock(&com_err_hook_lock);
@@ -121,23 +122,23 @@ best_try:
        there's a good chance it has to do with failed initialization
        of the caller.  */
     if (!com_err_hook)
-	default_com_err_proc(whoami, code, fmt, ap);
+        default_com_err_proc(whoami, code, fmt, ap);
     else
-	(com_err_hook)(whoami, code, fmt, ap);
+        (com_err_hook)(whoami, code, fmt, ap);
     assert(err == 0);
     abort();
 }
 
 
 void KRB5_CALLCONV_C com_err(const char *whoami,
-			     errcode_t code,
-			     const char *fmt, ...)
+                             errcode_t code,
+                             const char *fmt, ...)
 {
-	va_list ap;
+    va_list ap;
 
-	va_start(ap, fmt);
-	com_err_va(whoami, code, fmt, ap);
-	va_end(ap);
+    va_start(ap, fmt);
+    com_err_va(whoami, code, fmt, ap);
+    va_end(ap);
 }
 
 /* Make a separate function because the assert invocations below
@@ -150,26 +151,26 @@ static int com_err_lock_hook_handle(void)
 
 et_old_error_hook_func set_com_err_hook (et_old_error_hook_func new_proc)
 {
-	et_old_error_hook_func x;
-
-	/* Broken initialization?  What can we do?  */
-	assert(com_err_finish_init() == 0);
-	assert(com_err_lock_hook_handle() == 0);
-	x = com_err_hook;
-	com_err_hook = new_proc;
-	k5_mutex_unlock(&com_err_hook_lock);
-	return x;
+    et_old_error_hook_func x;
+
+    /* Broken initialization?  What can we do?  */
+    assert(com_err_finish_init() == 0);
+    assert(com_err_lock_hook_handle() == 0);
+    x = com_err_hook;
+    com_err_hook = new_proc;
+    k5_mutex_unlock(&com_err_hook_lock);
+    return x;
 }
 
 et_old_error_hook_func reset_com_err_hook ()
 {
-	et_old_error_hook_func x;
-
-	/* Broken initialization?  What can we do?  */
-	assert(com_err_finish_init() == 0);
-	assert(com_err_lock_hook_handle() == 0);
-	x = com_err_hook;
-	com_err_hook = NULL;
-	k5_mutex_unlock(&com_err_hook_lock);
-	return x;
+    et_old_error_hook_func x;
+
+    /* Broken initialization?  What can we do?  */
+    assert(com_err_finish_init() == 0);
+    assert(com_err_lock_hook_handle() == 0);
+    x = com_err_hook;
+    com_err_hook = NULL;
+    k5_mutex_unlock(&com_err_hook_lock);
+    return x;
 }
diff --git a/src/util/et/compile_et.c b/src/util/et/compile_et.c
index dfaad5f..993b3ed 100644
--- a/src/util/et/compile_et.c
+++ b/src/util/et/compile_et.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  *
  * Copyright 1986, 1987, 1988
@@ -36,16 +37,16 @@ extern int yylineno;
 char * xmalloc (size) unsigned int size; {
     char * p = malloc (size);
     if (!p) {
-	perror (whoami);
-	exit (1);
+        perror (whoami);
+        exit (1);
     }
     return p;
 }
 
 static int check_arg (str_list, arg) char const *const *str_list, *arg; {
     while (*str_list)
-	if (!strcmp(arg, *str_list++))
-	    return 1;
+        if (!strcmp(arg, *str_list++))
+            return 1;
     return 0;
 }
 
@@ -102,18 +103,18 @@ static const char warning[] =
     "/*\n * %s:\n * This file is automatically generated; please do not edit it.\n */\n";
 
 /* pathnames */
-char c_file[MAXPATHLEN];	/* output file */
-char h_file[MAXPATHLEN];	/* output */
+char c_file[MAXPATHLEN];        /* output file */
+char h_file[MAXPATHLEN];        /* output */
 
 static void usage () {
     fprintf (stderr, "%s: usage: %s ERROR_TABLE\n",
-	     whoami, whoami);
+             whoami, whoami);
     exit (1);
 }
 
 static void dup_err (type, one, two) char const *type, *one, *two; {
     fprintf (stderr, "%s: multiple %s specified: `%s' and `%s'\n",
-	     whoami, type, one, two);
+             whoami, type, one, two);
     usage ();
 }
 
@@ -129,60 +130,60 @@ int main (argc, argv) int argc; char **argv; {
     whoami = argv[0];
     p = strrchr (whoami, '/');
     if (p)
-	whoami = p+1;
+        whoami = p+1;
     while (argv++, --argc) {
-	char *arg = *argv;
-	if (arg[0] != '-') {
-	    if (filename)
-		dup_err ("filenames", filename, arg);
-	    filename = arg;
-	}
-	else {
-	    arg++;
-	    if (check_arg (debug_args, arg))
-		debug++;
-	    else if (check_arg (lang_args, arg)) {
-		got_language++;
-		arg = *++argv, argc--;
-		if (!arg)
-		    usage ();
-		if (language)
-		    dup_err ("languanges", language_names[(int)language], arg);
+        char *arg = *argv;
+        if (arg[0] != '-') {
+            if (filename)
+                dup_err ("filenames", filename, arg);
+            filename = arg;
+        }
+        else {
+            arg++;
+            if (check_arg (debug_args, arg))
+                debug++;
+            else if (check_arg (lang_args, arg)) {
+                got_language++;
+                arg = *++argv, argc--;
+                if (!arg)
+                    usage ();
+                if (language)
+                    dup_err ("languanges", language_names[(int)language], arg);
 #define check_lang(x,v) else if (!strcasecmp(arg,x)) language = v
-		check_lang ("c", lang_C);
-		check_lang ("ansi_c", lang_C);
-		check_lang ("ansi-c", lang_C);
-		check_lang ("krc", lang_KRC);
-		check_lang ("kr_c", lang_KRC);
-		check_lang ("kr-c", lang_KRC);
-		check_lang ("k&r-c", lang_KRC);
-		check_lang ("k&r_c", lang_KRC);
-		check_lang ("c++", lang_CPP);
-		check_lang ("cplusplus", lang_CPP);
-		check_lang ("c-plus-plus", lang_CPP);
+                check_lang ("c", lang_C);
+                check_lang ("ansi_c", lang_C);
+                check_lang ("ansi-c", lang_C);
+                check_lang ("krc", lang_KRC);
+                check_lang ("kr_c", lang_KRC);
+                check_lang ("kr-c", lang_KRC);
+                check_lang ("k&r-c", lang_KRC);
+                check_lang ("k&r_c", lang_KRC);
+                check_lang ("c++", lang_CPP);
+                check_lang ("cplusplus", lang_CPP);
+                check_lang ("c-plus-plus", lang_CPP);
 #undef check_lang
-		else {
-		    fprintf (stderr, "%s: unknown language name `%s'\n",
-			     whoami, arg);
-		    fprintf (stderr, "\tpick one of: C K&R-C\n");
-		    exit (1);
-		}
-	    }
-	    else {
-		fprintf (stderr, "%s: unknown control argument -`%s'\n",
-			 whoami, arg);
-		usage ();
-	    }
-	}
+                else {
+                    fprintf (stderr, "%s: unknown language name `%s'\n",
+                             whoami, arg);
+                    fprintf (stderr, "\tpick one of: C K&R-C\n");
+                    exit (1);
+                }
+            }
+            else {
+                fprintf (stderr, "%s: unknown control argument -`%s'\n",
+                         whoami, arg);
+                usage ();
+            }
+        }
     }
     if (!filename)
-	usage ();
+        usage ();
     if (!got_language)
-	language = lang_KRC;
+        language = lang_KRC;
     else if (language == lang_CPP) {
-	fprintf (stderr, "%s: Sorry, C++ support is not yet finished.\n",
-		 whoami);
-	exit (1);
+        fprintf (stderr, "%s: Sorry, C++ support is not yet finished.\n",
+                 whoami);
+        exit (1);
     }
 
     p = xmalloc (strlen (filename) + 5);
@@ -190,14 +191,14 @@ int main (argc, argv) int argc; char **argv; {
     filename = p;
     p = strrchr(filename, '/');
     if (p == (char *)NULL)
-	p = filename;
+        p = filename;
     else
-	p++;
+        p++;
     ename = p;
     len = strlen (ename);
     p += len - 3;
     if (strcmp (p, ".et"))
-	p += 3;
+        p += 3;
     *p++ = '.';
     /* now p points to where "et" suffix should start */
     /* generate new filenames */
@@ -209,48 +210,48 @@ int main (argc, argv) int argc; char **argv; {
 
     yyin = fopen(filename, "r");
     if (!yyin) {
-	perror(filename);
-	exit(1);
+        perror(filename);
+        exit(1);
     }
 
     hfile = fopen(h_file, "w");
     if (hfile == (FILE *)NULL) {
-	perror(h_file);
-	exit(1);
+        perror(h_file);
+        exit(1);
     }
     fprintf (hfile, warning, h_file);
 
     cfile = fopen(c_file, "w");
     if (cfile == (FILE *)NULL) {
-	perror(c_file);
-	exit(1);
+        perror(c_file);
+        exit(1);
     }
     fprintf (cfile, warning, c_file);
 
     /* prologue */
     if (language == lang_C)
-	cpp = c_src_prolog;
+        cpp = c_src_prolog;
     else if (language == lang_KRC)
-	cpp = krc_src_prolog;
+        cpp = krc_src_prolog;
     else
-	abort ();
+        abort ();
     while (*cpp)
-	fputs (*cpp++, cfile);
+        fputs (*cpp++, cfile);
 
     /* parse it */
     yyparse();
-    fclose(yyin);		/* bye bye input file */
+    fclose(yyin);               /* bye bye input file */
 
     fputs ("    0\n};\n\n", cfile);
     for (cpp = struct_def; *cpp; cpp++)
-	fputs (*cpp, cfile);
+        fputs (*cpp, cfile);
     fprintf(cfile,
-	    "const struct error_table et_%s_error_table = { text, %ldL, %d };\n\n",
-	    table_name, table_number, current);
+            "const struct error_table et_%s_error_table = { text, %ldL, %d };\n\n",
+            table_name, table_number, current);
     fputs("static struct et_list link = { 0, 0 };\n\n",
-	  cfile);
+          cfile);
     fprintf(cfile, "void initialize_%s_error_table (%s) {\n",
-	    table_name, (language == lang_C) ? "void" : "NOARGS");
+            table_name, (language == lang_C) ? "void" : "NOARGS");
     fputs("    if (!link.table) {\n", cfile);
     fputs("        link.next = _et_list;\n", cfile);
     fprintf(cfile, "        link.table = &et_%s_error_table;\n", table_name);
@@ -260,19 +261,19 @@ int main (argc, argv) int argc; char **argv; {
     fclose(cfile);
 
     fprintf (hfile, "extern void initialize_%s_error_table ();\n",
-	     table_name);
+             table_name);
     fprintf (hfile, "#define ERROR_TABLE_BASE_%s (%ldL)\n",
-	     table_name, table_number);
+             table_name, table_number);
     /* compatibility... */
     fprintf (hfile, "\n/* for compatibility with older versions... */\n");
     fprintf (hfile, "#define init_%s_err_tbl initialize_%s_error_table\n",
-	     table_name, table_name);
+             table_name, table_name);
     fprintf (hfile, "#define %s_err_base ERROR_TABLE_BASE_%s\n", table_name,
-	     table_name);
-    fclose(hfile);		/* bye bye include file */
+             table_name);
+    fclose(hfile);              /* bye bye include file */
 
     return 0;
-}
+                                }
 
 int yyerror(s) char *s; {
     fputs(s, stderr);
@@ -280,7 +281,7 @@ int yyerror(s) char *s; {
     fprintf(stderr, "\nLast token was '%s'\n", current_token);
 #else
     fprintf(stderr, "\nLine number %d; last token was '%s'\n",
-	    yylineno, current_token);
+            yylineno, current_token);
 #endif
 }
 
@@ -292,7 +293,7 @@ int yyerror(s) char *s; {
  * specifies the terms and conditions for redistribution.
  */
 
-/* based on @(#)strcasecmp.c	1.3 (Berkeley) 8/3/87 */
+/* based on @(#)strcasecmp.c    1.3 (Berkeley) 8/3/87 */
 
 /*
  * This array is designed for mapping upper and lower case letter
@@ -300,49 +301,49 @@ int yyerror(s) char *s; {
  * based upon ascii character sequences.
  */
 static char charmap[] = {
-	'\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
-	'\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
-	'\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
-	'\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
-	'\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
-	'\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
-	'\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
-	'\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
-	'\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
-	'\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
-	'\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
-	'\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
-	'\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
-	'\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
-	'\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
-	'\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
-	'\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
-	'\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
-	'\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
-	'\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
-	'\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
-	'\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
-	'\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
-	'\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
-	'\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
-	'\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
+    '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007',
+    '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017',
+    '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027',
+    '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037',
+    '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047',
+    '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057',
+    '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067',
+    '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077',
+    '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+    '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+    '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+    '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137',
+    '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147',
+    '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157',
+    '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167',
+    '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177',
+    '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207',
+    '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217',
+    '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227',
+    '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237',
+    '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247',
+    '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257',
+    '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267',
+    '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277',
+    '\300', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
+    '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
+    '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+    '\370', '\371', '\372', '\333', '\334', '\335', '\336', '\337',
+    '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347',
+    '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357',
+    '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367',
+    '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377',
 };
 
 strcasecmp(s1, s2)
-	register char *s1, *s2;
+register char *s1, *s2;
 {
-	register char *cm = charmap;
+    register char *cm = charmap;
 
-	while (cm[*s1] == cm[*s2++])
-		if (*s1++ == '\0')
-			return(0);
-	return(cm[*s1] - cm[*--s2]);
+    while (cm[*s1] == cm[*s2++])
+        if (*s1++ == '\0')
+            return(0);
+    return(cm[*s1] - cm[*--s2]);
 }
 
 #endif
diff --git a/src/util/et/compiler.h b/src/util/et/compiler.h
index 3e23f12..8b70144 100644
--- a/src/util/et/compiler.h
+++ b/src/util/et/compiler.h
@@ -1,14 +1,15 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * definitions common to the source files of the error table compiler
  */
 
 enum lang {
-    lang_C,			/* ANSI C (default) */
-    lang_KRC,			/* C: ANSI + K&R */
-    lang_CPP			/* C++ */
+    lang_C,                     /* ANSI C (default) */
+    lang_KRC,                   /* C: ANSI + K&R */
+    lang_CPP                    /* C++ */
 };
 
-int debug;			/* dump debugging info? */
-char *filename;			/* error table source */
+int debug;                      /* dump debugging info? */
+char *filename;                 /* error table source */
 enum lang language;
 const char *whoami;
diff --git a/src/util/et/deps b/src/util/et/deps
index 2919ddb..718a5fd 100644
--- a/src/util/et/deps
+++ b/src/util/et/deps
@@ -2,11 +2,12 @@
 # Generated makefile dependencies follow.
 #
 error_message.so error_message.po $(OUTPRE)error_message.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h com_err.h error_message.c \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h com_err.h error_message.c \
   error_table.h
 et_name.so et_name.po $(OUTPRE)et_name.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-thread.h com_err.h error_table.h \
+  $(top_srcdir)/include/k5-thread.h com_err.h error_table.h \
   et_name.c
 com_err.so com_err.po $(OUTPRE)com_err.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-thread.h com_err.c com_err.h error_table.h
+  $(top_srcdir)/include/k5-thread.h com_err.c com_err.h \
+  error_table.h
diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c
index bcff6cd..e3fc52d 100644
--- a/src/util/et/error_message.c
+++ b/src/util/et/error_message.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997,2000,2001,2004,2008 by Massachusetts Institute of Technology
  *
@@ -37,7 +38,7 @@ extern const int sys_nerr;
 /*@null@*/ static struct et_list * _et_list = (struct et_list *) NULL;
 /*@null@*//*@only@*/static struct dynamic_et_list * et_list_dynamic;
 static k5_mutex_t et_list_lock = K5_MUTEX_PARTIAL_INITIALIZER;
-static int terminated = 0;	/* for debugging shlib fini sequence errors */
+static int terminated = 0;      /* for debugging shlib fini sequence errors */
 
 MAKE_INIT_FUNCTION(com_err_initialize);
 MAKE_FINI_FUNCTION(com_err_terminate);
@@ -51,13 +52,13 @@ int com_err_initialize(void)
     terminated = 0;
     err = k5_mutex_finish_init(&et_list_lock);
     if (err)
-	return err;
+        return err;
     err = k5_mutex_finish_init(&com_err_hook_lock);
     if (err)
-	return err;
+        return err;
     err = k5_key_register(K5_KEY_COM_ERR, free);
     if (err)
-	return err;
+        return err;
     return 0;
 }
 
@@ -66,9 +67,9 @@ void com_err_terminate(void)
     struct dynamic_et_list *e, *enext;
     if (! INITIALIZER_RAN(com_err_initialize) || PROGRAM_EXITING()) {
 #ifdef SHOW_INITFINI_FUNCS
-	printf("com_err_terminate: skipping\n");
+        printf("com_err_terminate: skipping\n");
 #endif
-	return;
+        return;
     }
 #ifdef SHOW_INITFINI_FUNCS
     printf("com_err_terminate\n");
@@ -76,10 +77,10 @@ void com_err_terminate(void)
     k5_key_delete(K5_KEY_COM_ERR);
     k5_mutex_destroy(&com_err_hook_lock);
     if (k5_mutex_lock(&et_list_lock) != 0)
-	return;
+        return;
     for (e = et_list_dynamic; e; e = enext) {
-	enext = e->next;
-	free(e);
+        enext = e->next;
+        free(e);
     }
     k5_mutex_unlock(&et_list_lock);
     k5_mutex_destroy(&et_list_lock);
@@ -98,211 +99,211 @@ get_thread_buffer ()
     char *cp;
     cp = k5_getspecific(K5_KEY_COM_ERR);
     if (cp == NULL) {
-	cp = malloc(ET_EBUFSIZ);
-	if (cp == NULL) {
-	    return NULL;
-	}
-	if (k5_setspecific(K5_KEY_COM_ERR, cp) != 0) {
-	    free(cp);
-	    return NULL;
-	}
+        cp = malloc(ET_EBUFSIZ);
+        if (cp == NULL) {
+            return NULL;
+        }
+        if (k5_setspecific(K5_KEY_COM_ERR, cp) != 0) {
+            free(cp);
+            return NULL;
+        }
     }
     return cp;
 }
 
 const char * KRB5_CALLCONV
 error_message(long code)
-    /*@modifies internalState@*/
+/*@modifies internalState@*/
 {
-	unsigned long offset;
-	unsigned long l_offset;
-	struct et_list *et;
-	struct dynamic_et_list *det;
-	unsigned long table_num;
-	int started = 0;
-	unsigned int divisor = 100;
-	char *cp, *cp1;
-	const struct error_table *table;
-	int merr;
+    unsigned long offset;
+    unsigned long l_offset;
+    struct et_list *et;
+    struct dynamic_et_list *det;
+    unsigned long table_num;
+    int started = 0;
+    unsigned int divisor = 100;
+    char *cp, *cp1;
+    const struct error_table *table;
+    int merr;
 
-	l_offset = (unsigned long)code & ((1<<ERRCODE_RANGE)-1);
-	offset = l_offset;
-	table_num = ((unsigned long)code - l_offset) & ERRCODE_MAX;
-	if (table_num == 0
+    l_offset = (unsigned long)code & ((1<<ERRCODE_RANGE)-1);
+    offset = l_offset;
+    table_num = ((unsigned long)code - l_offset) & ERRCODE_MAX;
+    if (table_num == 0
 #ifdef __sgi
-	    /* Irix 6.5 uses a much bigger table than other UNIX
-	       systems I've looked at, but the table is sparse.  The
-	       sparse entries start around 500, but sys_nerr is only
-	       152.  */
-	    || (code > 0 && code <= 1600)
+        /* Irix 6.5 uses a much bigger table than other UNIX
+           systems I've looked at, but the table is sparse.  The
+           sparse entries start around 500, but sys_nerr is only
+           152.  */
+        || (code > 0 && code <= 1600)
 #endif
-	    ) {
-		if (code == 0)
-			goto oops;
+    ) {
+        if (code == 0)
+            goto oops;
 
-		/* This could trip if int is 16 bits.  */
-		if ((unsigned long)(int)code != (unsigned long)code)
-		    abort ();
+        /* This could trip if int is 16 bits.  */
+        if ((unsigned long)(int)code != (unsigned long)code)
+            abort ();
 #ifdef HAVE_STRERROR_R
-		cp = get_thread_buffer();
-		if (cp && strerror_r((int) code, cp, ET_EBUFSIZ) == 0)
-		    return cp;
+        cp = get_thread_buffer();
+        if (cp && strerror_r((int) code, cp, ET_EBUFSIZ) == 0)
+            return cp;
 #endif
 #ifdef HAVE_STRERROR
-		cp = strerror((int) code);
-		if (cp)
-			return cp;
+        cp = strerror((int) code);
+        if (cp)
+            return cp;
 #elif defined HAVE_SYS_ERRLIST
-		if (offset < sys_nerr)
-			return(sys_errlist[offset]);
+        if (offset < sys_nerr)
+            return(sys_errlist[offset]);
 #endif
-		goto oops;
-	}
+        goto oops;
+    }
 
-	if (CALL_INIT_FUNCTION(com_err_initialize))
-	    return 0;
-	merr = k5_mutex_lock(&et_list_lock);
-	if (merr)
-	    goto oops;
-	dprintf (("scanning static list for %x\n", table_num));
-	for (et = _et_list; et != NULL; et = et->next) {
-	    if (et->table == NULL)
-		continue;
-	    dprintf (("\t%x = %s\n", et->table->base & ERRCODE_MAX,
-		      et->table->msgs[0]));
-	    if ((et->table->base & ERRCODE_MAX) == table_num) {
-		table = et->table;
-		goto found;
-	    }
-	}
-	dprintf (("scanning dynamic list for %x\n", table_num));
-	for (det = et_list_dynamic; det != NULL; det = det->next) {
-	    dprintf (("\t%x = %s\n", det->table->base & ERRCODE_MAX,
-		      det->table->msgs[0]));
-	    if ((det->table->base & ERRCODE_MAX) == table_num) {
-		table = det->table;
-		goto found;
-	    }
-	}
-	goto no_table_found;
+    if (CALL_INIT_FUNCTION(com_err_initialize))
+        return 0;
+    merr = k5_mutex_lock(&et_list_lock);
+    if (merr)
+        goto oops;
+    dprintf (("scanning static list for %x\n", table_num));
+    for (et = _et_list; et != NULL; et = et->next) {
+        if (et->table == NULL)
+            continue;
+        dprintf (("\t%x = %s\n", et->table->base & ERRCODE_MAX,
+                  et->table->msgs[0]));
+        if ((et->table->base & ERRCODE_MAX) == table_num) {
+            table = et->table;
+            goto found;
+        }
+    }
+    dprintf (("scanning dynamic list for %x\n", table_num));
+    for (det = et_list_dynamic; det != NULL; det = det->next) {
+        dprintf (("\t%x = %s\n", det->table->base & ERRCODE_MAX,
+                  det->table->msgs[0]));
+        if ((det->table->base & ERRCODE_MAX) == table_num) {
+            table = det->table;
+            goto found;
+        }
+    }
+    goto no_table_found;
 
- found:
-	k5_mutex_unlock(&et_list_lock);
-	dprintf (("found it!\n"));
-	/* This is the right table */
+found:
+    k5_mutex_unlock(&et_list_lock);
+    dprintf (("found it!\n"));
+    /* This is the right table */
 
-	/* This could trip if int is 16 bits.  */
-	if ((unsigned long)(unsigned int)offset != offset)
-	    goto no_table_found;
+    /* This could trip if int is 16 bits.  */
+    if ((unsigned long)(unsigned int)offset != offset)
+        goto no_table_found;
 
-	if (table->n_msgs <= (unsigned int) offset)
-	    goto no_table_found;
+    if (table->n_msgs <= (unsigned int) offset)
+        goto no_table_found;
 
-	return table->msgs[offset];
+    return table->msgs[offset];
 
- no_table_found:
-	k5_mutex_unlock(&et_list_lock);
+no_table_found:
+    k5_mutex_unlock(&et_list_lock);
 #if defined(_WIN32)
-	/*
-	 * WinSock errors exist in the 10000 and 11000 ranges
-	 * but might not appear if WinSock is not initialized
-	 */
-	if (code >= WSABASEERR && code < WSABASEERR + 1100) {
-		table_num = 0;
-		offset = code;
-		divisor = WSABASEERR;
-	}
+    /*
+     * WinSock errors exist in the 10000 and 11000 ranges
+     * but might not appear if WinSock is not initialized
+     */
+    if (code >= WSABASEERR && code < WSABASEERR + 1100) {
+        table_num = 0;
+        offset = code;
+        divisor = WSABASEERR;
+    }
 #endif
 #ifdef _WIN32
-	{
-		LPVOID msgbuf;
+    {
+        LPVOID msgbuf;
 
-		if (! FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
-				     NULL /* lpSource */,
-				     (DWORD) code,
-				     MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
-				     (LPTSTR) &msgbuf,
-				     (DWORD) 0 /*sizeof(buffer)*/,
-				     NULL /* va_list */ )) {
-			/*
-			 * WinSock errors exist in the 10000 and 11000 ranges
-			 * but might not appear if WinSock is not initialized
-			 */
-			if (code >= WSABASEERR && code < WSABASEERR + 1100) {
-			    table_num = 0;
-			    offset = code;
-			    divisor = 10000;
-			}
+        if (! FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
+                             NULL /* lpSource */,
+                             (DWORD) code,
+                             MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                             (LPTSTR) &msgbuf,
+                             (DWORD) 0 /*sizeof(buffer)*/,
+                             NULL /* va_list */ )) {
+            /*
+             * WinSock errors exist in the 10000 and 11000 ranges
+             * but might not appear if WinSock is not initialized
+             */
+            if (code >= WSABASEERR && code < WSABASEERR + 1100) {
+                table_num = 0;
+                offset = code;
+                divisor = 10000;
+            }
 
-			goto oops;
-		} else {
-			char *buffer;
-			cp = get_thread_buffer();
-			if (cp == NULL)
-			    return "Unknown error code";
-			buffer = cp;
-			strncpy(buffer, msgbuf, ET_EBUFSIZ);
-			buffer[ET_EBUFSIZ-1] = '\0';
-			cp = buffer + strlen(buffer) - 1;
-			if (*cp == '\n') *cp-- = '\0';
-			if (*cp == '\r') *cp-- = '\0';
-			if (*cp == '.') *cp-- = '\0';
+            goto oops;
+        } else {
+            char *buffer;
+            cp = get_thread_buffer();
+            if (cp == NULL)
+                return "Unknown error code";
+            buffer = cp;
+            strncpy(buffer, msgbuf, ET_EBUFSIZ);
+            buffer[ET_EBUFSIZ-1] = '\0';
+            cp = buffer + strlen(buffer) - 1;
+            if (*cp == '\n') *cp-- = '\0';
+            if (*cp == '\r') *cp-- = '\0';
+            if (*cp == '.') *cp-- = '\0';
 
-			LocalFree(msgbuf);
-			return buffer;
-		}
-	}
+            LocalFree(msgbuf);
+            return buffer;
+        }
+    }
 #endif
 
 oops:
 
-	cp = get_thread_buffer();
-	if (cp == NULL)
-	    return "Unknown error code";
-	cp1 = cp;
-	strlcpy(cp, "Unknown code ", ET_EBUFSIZ);
-	cp += sizeof("Unknown code ") - 1;
-	if (table_num != 0L) {
-		(void) error_table_name_r(table_num, cp);
-		while (*cp != '\0')
-			cp++;
-		*cp++ = ' ';
-	}
-	while (divisor > 1) {
-	    if (started != 0 || offset >= divisor) {
-		*cp++ = '0' + offset / divisor;
-		offset %= divisor;
-		started++;
-	    }
-	    divisor /= 10;
-	}
-	*cp++ = '0' + offset;
-	*cp = '\0';
-	return(cp1);
+    cp = get_thread_buffer();
+    if (cp == NULL)
+        return "Unknown error code";
+    cp1 = cp;
+    strlcpy(cp, "Unknown code ", ET_EBUFSIZ);
+    cp += sizeof("Unknown code ") - 1;
+    if (table_num != 0L) {
+        (void) error_table_name_r(table_num, cp);
+        while (*cp != '\0')
+            cp++;
+        *cp++ = ' ';
+    }
+    while (divisor > 1) {
+        if (started != 0 || offset >= divisor) {
+            *cp++ = '0' + offset / divisor;
+            offset %= divisor;
+            started++;
+        }
+        divisor /= 10;
+    }
+    *cp++ = '0' + offset;
+    *cp = '\0';
+    return(cp1);
 }
 
 /*@-incondefs@*/ /* _et_list is global on unix but not in header annotations */
 errcode_t KRB5_CALLCONV
 add_error_table(/*@dependent@*/ const struct error_table * et)
-     /*@modifies _et_list,et_list_dynamic@*/
+/*@modifies _et_list,et_list_dynamic@*/
 /*@=incondefs@*/
 {
     struct dynamic_et_list *del;
     int merr;
 
     if (CALL_INIT_FUNCTION(com_err_initialize))
-	return 0;
+        return 0;
 
     del = (struct dynamic_et_list *)malloc(sizeof(struct dynamic_et_list));
     if (del == NULL)
-	return ENOMEM;
+        return ENOMEM;
 
     del->table = et;
 
     merr = k5_mutex_lock(&et_list_lock);
     if (merr) {
-	free(del);
-	return merr;
+        free(del);
+        return merr;
     }
     del->next = et_list_dynamic;
     et_list_dynamic = del;
@@ -312,7 +313,7 @@ add_error_table(/*@dependent@*/ const struct error_table * et)
 /*@-incondefs@*/ /* _et_list is global on unix but not in header annotations */
 errcode_t KRB5_CALLCONV
 remove_error_table(const struct error_table * et)
-     /*@modifies _et_list,et_list_dynamic@*/
+/*@modifies _et_list,et_list_dynamic@*/
 /*@=incondefs@*/
 {
     struct dynamic_et_list **del;
@@ -320,28 +321,28 @@ remove_error_table(const struct error_table * et)
     int merr;
 
     if (CALL_INIT_FUNCTION(com_err_initialize))
-	return 0;
+        return 0;
     merr = k5_mutex_lock(&et_list_lock);
     if (merr)
-	return merr;
+        return merr;
 
     /* Remove the entry that matches the error table instance.  Prefer dynamic
        entries, but if there are none, check for a static one too.  */
     for (del = &et_list_dynamic; *del; del = &(*del)->next)
-	if ((*del)->table == et) {
-	    /*@only@*/ struct dynamic_et_list *old = *del;
-	    *del = old->next;
-	    free (old);
-	    return k5_mutex_unlock(&et_list_lock);
-	}
+        if ((*del)->table == et) {
+            /*@only@*/ struct dynamic_et_list *old = *del;
+            *del = old->next;
+            free (old);
+            return k5_mutex_unlock(&et_list_lock);
+        }
     for (el = &_et_list; *el; el = &(*el)->next)
-	if ((*el)->table == et) {
-	    struct et_list *old = *el;
-	    *el = old->next;
-	    old->next = NULL;
-	    old->table = NULL;
-	    return k5_mutex_unlock(&et_list_lock);
-	}
+        if ((*el)->table == et) {
+            struct et_list *old = *el;
+            *el = old->next;
+            old->next = NULL;
+            old->table = NULL;
+            return k5_mutex_unlock(&et_list_lock);
+        }
     k5_mutex_unlock(&et_list_lock);
     return ENOENT;
 }
diff --git a/src/util/et/error_table.h b/src/util/et/error_table.h
index b58502a..ce7f4ba 100644
--- a/src/util/et/error_table.h
+++ b/src/util/et/error_table.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1988 by the Student Information Processing Board of the
  * Massachusetts Institute of Technology.
@@ -21,15 +22,15 @@ struct dynamic_et_list {
     /*@dependent@*/ const struct error_table *table;
 };
 
-#define	ERRCODE_RANGE	8	/* # of bits to shift table number */
-#define	BITS_PER_CHAR	6	/* # bits to shift per character in name */
+#define ERRCODE_RANGE   8       /* # of bits to shift table number */
+#define BITS_PER_CHAR   6       /* # bits to shift per character in name */
 #define ERRCODE_MAX   0xFFFFFFFFUL      /* Mask for maximum error table */
 
 extern /*@observer@*/ const char *error_table_name (unsigned long)
-     /*@modifies internalState@*/;
+    /*@modifies internalState@*/;
 extern const char *error_table_name_r (unsigned long,
-					   /*@out@*/ /*@returned@*/ char *outbuf)
-     /*@modifies outbuf@*/;
+                                       /*@out@*/ /*@returned@*/ char *outbuf)
+    /*@modifies outbuf@*/;
 
 #include "k5-thread.h"
 extern k5_mutex_t com_err_hook_lock;
diff --git a/src/util/et/et_name.c b/src/util/et/et_name.c
index 507a111..a337f7f 100644
--- a/src/util/et/et_name.c
+++ b/src/util/et/et_name.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997 by Massachusetts Institute of Technology
  *
@@ -23,34 +24,34 @@
 #include "error_table.h"
 
 static const char char_set[] =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
 
 const char *
 error_table_name_r (unsigned long num,
-		    /*@out@*/ /*@returned@*/ char *outbuf)
-     /*@modifies outbuf@*/
+                    /*@out@*/ /*@returned@*/ char *outbuf)
+/*@modifies outbuf@*/
 {
-	long ch;
-	int i;
-	/*@out@*/ char *p;
+    long ch;
+    int i;
+    /*@out@*/ char *p;
 
-	p = outbuf;
-	num >>= ERRCODE_RANGE;
+    p = outbuf;
+    num >>= ERRCODE_RANGE;
 
-	for (i = 3; i >= 0; i--) {
-		ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
-		if (ch != 0)
-			*p++ = char_set[ch-1];
-	}
-	*p = '\0';
-	return(outbuf);
+    for (i = 3; i >= 0; i--) {
+        ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
+        if (ch != 0)
+            *p++ = char_set[ch-1];
+    }
+    *p = '\0';
+    return(outbuf);
 }
 
 /*@observer@*/
 const char * error_table_name(unsigned long num)
-     /*@modifies internalState@*/
+/*@modifies internalState@*/
 {
-	static char buf[6];
+    static char buf[6];
 
-	return error_table_name_r(num, buf);
+    return error_table_name_r(num, buf);
 }
diff --git a/src/util/et/init_et.c b/src/util/et/init_et.c
index 501528c..2c8974a 100644
--- a/src/util/et/init_et.c
+++ b/src/util/et/init_et.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1997, 2008 by Massachusetts Institute of Technology
  *
@@ -43,11 +44,11 @@ int init_error_table(msgs, base, count)
     struct foobar * new_et;
 
     if (!base || !count || !msgs)
-	return 0;
+        return 0;
 
     new_et = (struct foobar *) malloc(sizeof(struct foobar));
     if (!new_et)
-	return ENOMEM;	/* oops */
+        return ENOMEM;  /* oops */
     new_et->etl.table = &new_et->et;
     new_et->et.msgs = msgs;
     new_et->et.base = base;
@@ -59,50 +60,50 @@ int init_error_table(msgs, base, count)
 }
 
 extern errcode_t KRB5_CALLCONV et_init(ectx)
-	et_ctx *ectx;
+    et_ctx *ectx;
 {
-	struct et_context *ctx;
+    struct et_context *ctx;
 
-	ctx = malloc(sizeof(struct et_context));
-	if (!ctx)
-		return ENOMEM;
-	ctx->tables = 0;
-	ctx->hook_func = 0;
-	ctx->hook_func_data = 0;
+    ctx = malloc(sizeof(struct et_context));
+    if (!ctx)
+        return ENOMEM;
+    ctx->tables = 0;
+    ctx->hook_func = 0;
+    ctx->hook_func_data = 0;
 
-	*ectx = ctx;
-	return 0;
+    *ectx = ctx;
+    return 0;
 }
 
 extern void KRB5_CALLCONV et_shutdown(ectx)
-	et_ctx ectx;
+    et_ctx ectx;
 {
-	struct et_list *p, *n;
-
-	p = ectx->tables;
-	while (p) {
-		n = p->next;
-		free(p);
-		p = n;
-	}
-	free(ectx);
+    struct et_list *p, *n;
+
+    p = ectx->tables;
+    while (p) {
+        n = p->next;
+        free(p);
+        p = n;
+    }
+    free(ectx);
 }
 
 extern errcode_t KRB5_CALLCONV et_add_error_table(ectx, tbl)
-	et_ctx ectx;
-	struct error_table *tbl;
+    et_ctx ectx;
+    struct error_table *tbl;
 {
-	struct et_list *e;
+    struct et_list *e;
 
-	e = malloc(sizeof(struct et_list));
-	if (!e)
-		return ENOMEM;
+    e = malloc(sizeof(struct et_list));
+    if (!e)
+        return ENOMEM;
 
-	e->table = tbl;
-	e->next = ectx->tables;
-	ectx->tables = e;
+    e->table = tbl;
+    e->next = ectx->tables;
+    ectx->tables = e;
 
-	return 0;
+    return 0;
 }
 
 #endif
diff --git a/src/util/et/internal.h b/src/util/et/internal.h
index f3e3abe..1e8d62d 100644
--- a/src/util/et/internal.h
+++ b/src/util/et/internal.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * internal include file for com_err package
  */
diff --git a/src/util/et/mit-sipb-copyright.h b/src/util/et/mit-sipb-copyright.h
index 9c4375d..41dc249 100644
--- a/src/util/et/mit-sipb-copyright.h
+++ b/src/util/et/mit-sipb-copyright.h
@@ -1,21 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 
-Copyright 1987, 1988 by the Student Information Processing Board
-	of the Massachusetts Institute of Technology
+  Copyright 1987, 1988 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
 
-Permission to use, copy, modify, and distribute this software
-and its documentation for any purpose and without fee is
-hereby granted, provided that the above copyright notice
-appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation,
-and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
-used in advertising or publicity pertaining to distribution
-of the software without specific, written prior permission.
-Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original M.I.T. software.
-M.I.T. and the M.I.T. S.I.P.B. make no representations about
-the suitability of this software for any purpose.  It is
-provided "as is" without express or implied warranty.
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
 
 */
diff --git a/src/util/et/t_com_err.c b/src/util/et/t_com_err.c
index 5c4a460..385e6e7 100644
--- a/src/util/et/t_com_err.c
+++ b/src/util/et/t_com_err.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
@@ -5,7 +6,7 @@
 #include "et1.h"
 #include "et2.h"
 
-int misc_err, known_err;	/* known_err is err in whether or not
+int misc_err, known_err;        /* known_err is err in whether or not
                                    table is 'known' to library */
 int fail;
 
@@ -17,38 +18,38 @@ try_one (errcode_t code, int known, int table, int msgno)
 
     snprintf (buffy, sizeof(buffy), "error table %d message %d", table, msgno);
     if (0 == strcmp (buffy, msg)) {
-	if (!known) {
-	    known_err++;
-	}
-	return;
+        if (!known) {
+            known_err++;
+        }
+        return;
     }
     snprintf (buffy, sizeof(buffy), "Unknown code et%d %d", table, msgno);
     if (!strcmp (buffy, msg)) {
-	if (known)
-	    known_err++;
-	return;
+        if (known)
+            known_err++;
+        return;
     }
     printf ("error code %ld got unrecognized message '%s',\n"
-	    "should have been table %d message %d\n",
-	    (long) code, msg, table, msgno);
+            "should have been table %d message %d\n",
+            (long) code, msg, table, msgno);
     misc_err++;
 }
 
 static void
 try_table (int table, int known, int lineno,
-	   errcode_t c0, errcode_t c1, errcode_t c2)
+           errcode_t c0, errcode_t c1, errcode_t c2)
 {
     try_one (c0, known, table, 0);
     try_one (c1, known, table, 1);
     try_one (c2, known, table, 2);
     if (misc_err != 0 || known_err != 0) {
-	fail++;
-	if (known_err)
-	    printf ("table list error from line %d, table %d\n", lineno,
-		    table);
-	if (misc_err)
-	    printf ("misc errors from line %d table %d\n", lineno, table);
-	misc_err = known_err = 0;
+        fail++;
+        if (known_err)
+            printf ("table list error from line %d, table %d\n", lineno,
+                    table);
+        if (misc_err)
+            printf ("misc errors from line %d table %d\n", lineno, table);
+        misc_err = known_err = 0;
     }
 }
 
@@ -127,13 +128,13 @@ int main (/*@unused@*/ int argc, /*@unused@*/ char *argv[])
 
     err = pthread_create(&t, 0, run, 0);
     if (err) {
-	fprintf(stderr, "pthread_create error: %s\n", strerror(err));
-	exit(1);
+        fprintf(stderr, "pthread_create error: %s\n", strerror(err));
+        exit(1);
     }
     err = pthread_join(t, &t_retval);
     if (err) {
-	fprintf(stderr, "pthread_join error: %s\n", strerror(err));
-	exit(1);
+        fprintf(stderr, "pthread_join error: %s\n", strerror(err));
+        exit(1);
     }
     return fail;
 #else
diff --git a/src/util/et/test_et.c b/src/util/et/test_et.c
index 8bd88fc..ab2b2e5 100644
--- a/src/util/et/test_et.c
+++ b/src/util/et/test_et.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include <stdio.h>
 #include <errno.h>
 #include "com_err.h"
@@ -18,59 +19,59 @@ extern int sys_nerr;
 
 int main()
 {
-	printf("Before initiating error table:\n\n");
+    printf("Before initiating error table:\n\n");
 #ifndef EXPORT_LIST
-	printf("Table name '%s'\n", error_table_name(KRB_MK_AP_TGTEXP));
-	printf("UNIX  name '%s'\n", error_table_name(EPERM));
+    printf("Table name '%s'\n", error_table_name(KRB_MK_AP_TGTEXP));
+    printf("UNIX  name '%s'\n", error_table_name(EPERM));
 #endif
-	printf("Msg TGT-expired is '%s'\n", error_message(KRB_MK_AP_TGTEXP));
-	printf("Msg EPERM is '%s'\n", error_message(EPERM));
-	printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
-	printf("Msg 1002 is '%s'\n", error_message (1002));
+    printf("Msg TGT-expired is '%s'\n", error_message(KRB_MK_AP_TGTEXP));
+    printf("Msg EPERM is '%s'\n", error_message(EPERM));
+    printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
+    printf("Msg 1002 is '%s'\n", error_message (1002));
 #ifdef HAVE_SYS_ERRLIST
-	printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
-	printf("Msg {sys_nerr} is '%s'\n", error_message(sys_nerr));
+    printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
+    printf("Msg {sys_nerr} is '%s'\n", error_message(sys_nerr));
 #endif
-	printf("Msg 0 is '%s'\n", error_message(0));
+    printf("Msg 0 is '%s'\n", error_message(0));
 
-	printf("With 0: tgt-expired -> %s\n", error_message(KRB_MK_AP_TGTEXP));
+    printf("With 0: tgt-expired -> %s\n", error_message(KRB_MK_AP_TGTEXP));
 
-	initialize_krb_error_table();
+    initialize_krb_error_table();
 #ifndef EXPORT_LIST
-	printf("KRB error table initialized:  base %ld (%s), name %s\n",
-	       ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb),
-	       error_table_name(ERROR_TABLE_BASE_krb));
+    printf("KRB error table initialized:  base %ld (%s), name %s\n",
+           ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb),
+           error_table_name(ERROR_TABLE_BASE_krb));
 #else
-	printf("KRB error table initialized:  base %ld (%s)\n",
-	       ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb));
+    printf("KRB error table initialized:  base %ld (%s)\n",
+           ERROR_TABLE_BASE_krb, error_message(ERROR_TABLE_BASE_krb));
 #endif
-	add_error_table(&et_krb_error_table);
-	printf("With krb: tgt-expired -> %s\n",
-	       error_message(KRB_MK_AP_TGTEXP));
+    add_error_table(&et_krb_error_table);
+    printf("With krb: tgt-expired -> %s\n",
+           error_message(KRB_MK_AP_TGTEXP));
 
-	add_error_table(&et_quux_error_table);
+    add_error_table(&et_quux_error_table);
 #ifndef EXPORT_LIST
-	printf("QUUX error table initialized: base %ld (%s), name %s\n",
-	       ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux),
-	       error_table_name(ERROR_TABLE_BASE_quux));
+    printf("QUUX error table initialized: base %ld (%s), name %s\n",
+           ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux),
+           error_table_name(ERROR_TABLE_BASE_quux));
 #else
-	printf("QUUX error table initialized: base %ld (%s)\n",
-	       ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux));
+    printf("QUUX error table initialized: base %ld (%s)\n",
+           ERROR_TABLE_BASE_quux, error_message(ERROR_TABLE_BASE_quux));
 #endif
 
-	printf("Msg for TGT-expired is '%s'\n",
-	       error_message(KRB_MK_AP_TGTEXP));
+    printf("Msg for TGT-expired is '%s'\n",
+           error_message(KRB_MK_AP_TGTEXP));
 #ifdef HAVE_SYS_ERRLIST
-	printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
+    printf("Msg {sys_nerr-1} is '%s'\n", error_message(sys_nerr-1));
 #endif
-	printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
-	printf("Msg KRB_SKDC_CANT is '%s'\n",
-		    error_message(KRB_SKDC_CANT));
-	printf("Msg 1e6 (8B 64) is '%s'\n", error_message(1000000));
-	printf("\n\nCOM_ERR tests:\n");
-	com_err("whoami", FOO_ERR, (char *)NULL);
-	com_err("whoami", FOO_ERR, " -- message goes %s", "here");
-	com_err("whoami", 0, (char *)0);
-	com_err("whoami", 0, "error number %d\n", 0);
-	return 0;
+    printf("Msg FOO_ERR is '%s'\n", error_message(FOO_ERR));
+    printf("Msg KRB_SKDC_CANT is '%s'\n",
+           error_message(KRB_SKDC_CANT));
+    printf("Msg 1e6 (8B 64) is '%s'\n", error_message(1000000));
+    printf("\n\nCOM_ERR tests:\n");
+    com_err("whoami", FOO_ERR, (char *)NULL);
+    com_err("whoami", FOO_ERR, " -- message goes %s", "here");
+    com_err("whoami", 0, (char *)0);
+    com_err("whoami", 0, "error number %d\n", 0);
+    return 0;
 }
diff --git a/src/util/exitsleep.c b/src/util/exitsleep.c
index 3b3737b..c027526 100644
--- a/src/util/exitsleep.c
+++ b/src/util/exitsleep.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/exitsleep.c
  *
diff --git a/src/util/mac/k5_mig_client.c b/src/util/mac/k5_mig_client.c
index 6964abc..1891b31 100644
--- a/src/util/mac/k5_mig_client.c
+++ b/src/util/mac/k5_mig_client.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Header$
  *
@@ -54,8 +55,8 @@ typedef struct k5_ipc_service_port {
 /* global service ports and mutex to protect it */
 static k5_mutex_t g_service_ports_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
 static k5_ipc_service_port g_service_ports[KIPC_SERVICE_COUNT] = {
-{ "edu.mit.Kerberos.CCacheServer", MACH_PORT_NULL },
-{ "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL } };
+    { "edu.mit.Kerberos.CCacheServer", MACH_PORT_NULL },
+    { "edu.mit.Kerberos.KerberosAgent", MACH_PORT_NULL } };
 
 /* ------------------------------------------------------------------------ */
 
@@ -77,8 +78,8 @@ typedef struct k5_ipc_connection_info {
 
 /* initializer for k5_ipc_request_port to fill in server names in TLS */
 static const char *k5_ipc_known_services[KIPC_SERVICE_COUNT] = {
-"edu.mit.Kerberos.CCacheServer",
-"edu.mit.Kerberos.KerberosAgent" };
+    "edu.mit.Kerberos.CCacheServer",
+    "edu.mit.Kerberos.KerberosAgent" };
 
 /* ------------------------------------------------------------------------ */
 
@@ -326,11 +327,11 @@ kern_return_t k5_ipc_client_reply (mach_port_t             in_reply_port,
     if (!err) {
         if (in_inl_replyCnt) {
             err = krb5int_ipc_stream_write (cinfo->reply_stream,
-					    in_inl_reply, in_inl_replyCnt);
+                                            in_inl_reply, in_inl_replyCnt);
 
         } else if (in_ool_replyCnt) {
             err = krb5int_ipc_stream_write (cinfo->reply_stream,
-					    in_ool_reply, in_ool_replyCnt);
+                                            in_ool_reply, in_ool_replyCnt);
 
         } else {
             err = EINVAL;
@@ -466,7 +467,7 @@ int32_t k5_ipc_send_request (const char    *in_service_id,
             done = 1;
 
             /* Because we use ",dealloc" ool_request will be freed by mach.
-            * Don't double free it. */
+             * Don't double free it. */
             ool_request = NULL;
             ool_request_length = 0;
         }
diff --git a/src/util/mac/k5_mig_client.h b/src/util/mac/k5_mig_client.h
index 10cc43f..3fa8591 100644
--- a/src/util/mac/k5_mig_client.h
+++ b/src/util/mac/k5_mig_client.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Header$
  *
diff --git a/src/util/mac/k5_mig_server.c b/src/util/mac/k5_mig_server.c
index 815fbed..baea165 100644
--- a/src/util/mac/k5_mig_server.c
+++ b/src/util/mac/k5_mig_server.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Header$
  *
@@ -189,7 +190,7 @@ static kern_return_t k5_ipc_server_get_lookup_and_service_names (char **out_look
 
     if (!err) {
         len = CFStringGetMaximumSizeForEncoding (CFStringGetLength (id_string),
-                                                    kCFStringEncodingUTF8) + 1;
+                                                 kCFStringEncodingUTF8) + 1;
     }
 
     if (!err) {
diff --git a/src/util/mac/k5_mig_server.h b/src/util/mac/k5_mig_server.h
index 4bd4c2c..9ee0fa1 100644
--- a/src/util/mac/k5_mig_server.h
+++ b/src/util/mac/k5_mig_server.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Header$
  *
diff --git a/src/util/mac/k5_mig_types.h b/src/util/mac/k5_mig_types.h
index 87c786b..9387e31 100644
--- a/src/util/mac/k5_mig_types.h
+++ b/src/util/mac/k5_mig_types.h
@@ -1,45 +1,46 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* $Copyright:
-*
-* Copyright 2004-2006 by the Massachusetts Institute of Technology.
-*
-* All rights reserved.
-*
-* Export of this software from the United States of America may require a
-* specific license from the United States Government.  It is the
-* responsibility of any person or organization contemplating export to
-* obtain such a license before exporting.
-*
-* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
-* this software and its documentation for any purpose and without fee is
-* hereby granted, provided that the above copyright notice appear in all
-* copies and that both that copyright notice and this permission notice
-* appear in supporting documentation, and that the name of M.I.T. not be
-* used in advertising or publicity pertaining to distribution of the
-* software without specific, written prior permission.  Furthermore if you
-* modify this software you must label your software as modified software
-* and not distribute it in such a fashion that it might be confused with
-* the original MIT software. M.I.T. makes no representations about the
-* suitability of this software for any purpose.  It is provided "as is"
-* without express or implied warranty.
-*
-* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
-* WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
-* MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
-*
-* Individual source code files are copyright MIT, Cygnus Support,
-* OpenVision, Oracle, Sun Soft, FundsXpress, and others.
-*
-* Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
-* and Zephyr are trademarks of the Massachusetts Institute of Technology
-* (MIT).  No commercial use of these trademarks may be made without prior
-* written permission of MIT.
-*
-* "Commercial use" means use of a name in a product or other for-profit
-* manner.  It does NOT prevent a commercial firm from referring to the MIT
-* trademarks in order to convey information (although in doing so,
-* recognition of their trademark status should be given).
-* $
-*/
+ *
+ * Copyright 2004-2006 by the Massachusetts Institute of Technology.
+ *
+ * All rights reserved.
+ *
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ *
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ *
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
 
 #ifndef K5_MIG_TYPES_H
 #define K5_MIG_TYPES_H
diff --git a/src/util/profile/Makefile.in b/src/util/profile/Makefile.in
index 064e72d..33a1321 100644
--- a/src/util/profile/Makefile.in
+++ b/src/util/profile/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=util/profile
 mydir=util/profile
 BUILDTOP=$(REL)..$(S)..
 PROG_LIBPATH=-L$(TOPLIBD) $(TCL_LIBPATH) -L.
diff --git a/src/util/profile/argv_parse.c b/src/util/profile/argv_parse.c
index acdced8..5101281 100644
--- a/src/util/profile/argv_parse.c
+++ b/src/util/profile/argv_parse.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * argv_parse.c --- utility function for parsing a string into a
- * 	argc, argv array.
+ *      argc, argv array.
  *
  * This file defines a function argv_parse() which parsing a
  * passed-in string, handling double quotes and backslashes, and
@@ -37,100 +38,100 @@
 #include <string.h>
 #include "argv_parse.h"
 
-#define STATE_WHITESPACE	1
-#define STATE_TOKEN		2
-#define STATE_QUOTED		3
+#define STATE_WHITESPACE        1
+#define STATE_TOKEN             2
+#define STATE_QUOTED            3
 
 /*
  * Returns 0 on success, -1 on failure.
  */
 int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv)
 {
-	int	argc = 0, max_argc = 0;
-	char 	**argv, **new_argv, *buf, ch;
-	char	*cp = 0, *outcp = 0;
-	int	state = STATE_WHITESPACE;
+    int     argc = 0, max_argc = 0;
+    char    **argv, **new_argv, *buf, ch;
+    char    *cp = 0, *outcp = 0;
+    int     state = STATE_WHITESPACE;
 
-	buf = malloc(strlen(in_buf)+1);
-	if (!buf)
-		return -1;
+    buf = malloc(strlen(in_buf)+1);
+    if (!buf)
+        return -1;
 
-	max_argc = 0; argc = 0; argv = 0;
-	outcp = buf;
-	for (cp = in_buf; (ch = *cp); cp++) {
-		if (state == STATE_WHITESPACE) {
-			if (isspace((int) ch))
-				continue;
-			/* Not whitespace, so start a new token */
-			state = STATE_TOKEN;
-			if (argc >= max_argc) {
-				max_argc += 3;
-				new_argv = realloc(argv,
-						  (max_argc+1)*sizeof(char *));
-				if (!new_argv) {
-					if (argv) free(argv);
-					free(buf);
-					return -1;
-				}
-				argv = new_argv;
-			}
-			argv[argc++] = outcp;
-		}
-		if (state == STATE_QUOTED) {
-			if (ch == '"')
-				state = STATE_TOKEN;
-			else
-				*outcp++ = ch;
-			continue;
-		}
-		/* Must be processing characters in a word */
-		if (isspace((int) ch)) {
-			/*
-			 * Terminate the current word and start
-			 * looking for the beginning of the next word.
-			 */
-			*outcp++ = 0;
-			state = STATE_WHITESPACE;
-			continue;
-		}
-		if (ch == '"') {
-			state = STATE_QUOTED;
-			continue;
-		}
-		if (ch == '\\') {
-			ch = *++cp;
-			switch (ch) {
-			case '\0':
-				ch = '\\'; cp--; break;
-			case 'n':
-				ch = '\n'; break;
-			case 't':
-				ch = '\t'; break;
-			case 'b':
-				ch = '\b'; break;
-			}
-		}
-		*outcp++ = ch;
-	}
-	if (state != STATE_WHITESPACE)
-		*outcp++ = '\0';
-	if (argv == 0) {
-		argv = malloc(sizeof(char *));
-		free(buf);
-	}
-	argv[argc] = 0;
-	if (ret_argc)
-		*ret_argc = argc;
-	if (ret_argv)
-		*ret_argv = argv;
-	return 0;
+    max_argc = 0; argc = 0; argv = 0;
+    outcp = buf;
+    for (cp = in_buf; (ch = *cp); cp++) {
+        if (state == STATE_WHITESPACE) {
+            if (isspace((int) ch))
+                continue;
+            /* Not whitespace, so start a new token */
+            state = STATE_TOKEN;
+            if (argc >= max_argc) {
+                max_argc += 3;
+                new_argv = realloc(argv,
+                                   (max_argc+1)*sizeof(char *));
+                if (!new_argv) {
+                    if (argv) free(argv);
+                    free(buf);
+                    return -1;
+                }
+                argv = new_argv;
+            }
+            argv[argc++] = outcp;
+        }
+        if (state == STATE_QUOTED) {
+            if (ch == '"')
+                state = STATE_TOKEN;
+            else
+                *outcp++ = ch;
+            continue;
+        }
+        /* Must be processing characters in a word */
+        if (isspace((int) ch)) {
+            /*
+             * Terminate the current word and start
+             * looking for the beginning of the next word.
+             */
+            *outcp++ = 0;
+            state = STATE_WHITESPACE;
+            continue;
+        }
+        if (ch == '"') {
+            state = STATE_QUOTED;
+            continue;
+        }
+        if (ch == '\\') {
+            ch = *++cp;
+            switch (ch) {
+            case '\0':
+                ch = '\\'; cp--; break;
+            case 'n':
+                ch = '\n'; break;
+            case 't':
+                ch = '\t'; break;
+            case 'b':
+                ch = '\b'; break;
+            }
+        }
+        *outcp++ = ch;
+    }
+    if (state != STATE_WHITESPACE)
+        *outcp++ = '\0';
+    if (argv == 0) {
+        argv = malloc(sizeof(char *));
+        free(buf);
+    }
+    argv[argc] = 0;
+    if (ret_argc)
+        *ret_argc = argc;
+    if (ret_argv)
+        *ret_argv = argv;
+    return 0;
 }
 
 void argv_free(char **argv)
 {
-	if (*argv)
-		free(*argv);
-	free(argv);
+    if (*argv)
+        free(*argv);
+    free(argv);
 }
 
 #ifdef DEBUG
@@ -142,27 +143,27 @@ void argv_free(char **argv)
 
 int main(int argc, char **argv)
 {
-	int	ac, ret;
-	char	**av, **cpp;
-	char	buf[256];
+    int     ac, ret;
+    char    **av, **cpp;
+    char    buf[256];
 
-	while (!feof(stdin)) {
-		if (fgets(buf, sizeof(buf), stdin) == NULL)
-			break;
-		ret = argv_parse(buf, &ac, &av);
-		if (ret != 0) {
-			printf("Argv_parse returned %d!\n", ret);
-			continue;
-		}
-		printf("Argv_parse returned %d arguments...\n", ac);
-		for (cpp = av; *cpp; cpp++) {
-			if (cpp != av)
-				printf(", ");
-			printf("'%s'", *cpp);
-		}
-		printf("\n");
-		argv_free(av);
-	}
-	exit(0);
+    while (!feof(stdin)) {
+        if (fgets(buf, sizeof(buf), stdin) == NULL)
+            break;
+        ret = argv_parse(buf, &ac, &av);
+        if (ret != 0) {
+            printf("Argv_parse returned %d!\n", ret);
+            continue;
+        }
+        printf("Argv_parse returned %d arguments...\n", ac);
+        for (cpp = av; *cpp; cpp++) {
+            if (cpp != av)
+                printf(", ");
+            printf("'%s'", *cpp);
+        }
+        printf("\n");
+        argv_free(av);
+    }
+    exit(0);
 }
 #endif /* DEBUG */
diff --git a/src/util/profile/argv_parse.h b/src/util/profile/argv_parse.h
index 86f4564..a84bdee 100644
--- a/src/util/profile/argv_parse.h
+++ b/src/util/profile/argv_parse.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * argv_parse.h --- header file for the argv parser.
  *
diff --git a/src/util/profile/deps b/src/util/profile/deps
index 2b4082c..837bea7 100644
--- a/src/util/profile/deps
+++ b/src/util/profile/deps
@@ -3,37 +3,38 @@
 #
 prof_tree.so prof_tree.po $(OUTPRE)prof_tree.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_int.h prof_tree.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_int.h prof_tree.c
 prof_file.so prof_file.po $(OUTPRE)prof_file.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_file.c prof_int.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_file.c prof_int.h
 prof_parse.so prof_parse.po $(OUTPRE)prof_parse.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_int.h prof_parse.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_int.h prof_parse.c
 prof_get.so prof_get.po $(OUTPRE)prof_get.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_get.c prof_int.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_get.c prof_int.h
 prof_set.so prof_set.po $(OUTPRE)prof_set.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_int.h prof_set.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_int.h prof_set.c
 prof_err.so prof_err.po $(OUTPRE)prof_err.$(OBJEXT): \
   $(COM_ERR_DEPS) prof_err.c
 prof_init.so prof_init.po $(OUTPRE)prof_init.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_init.c prof_int.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_init.c prof_int.h
 test_parse.so test_parse.po $(OUTPRE)test_parse.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  prof_int.h test_parse.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h prof_int.h test_parse.c
 test_profile.so test_profile.po $(OUTPRE)test_profile.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/profile.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  argv_parse.h prof_int.h test_profile.c
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h argv_parse.h prof_int.h \
+  test_profile.c
 profile_tcl.so profile_tcl.po $(OUTPRE)profile_tcl.$(OBJEXT): \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) profile_tcl.c
diff --git a/src/util/profile/prof_FSp_glue.c b/src/util/profile/prof_FSp_glue.c
index 6b9b5f0..f1c7b07 100644
--- a/src/util/profile/prof_FSp_glue.c
+++ b/src/util/profile/prof_FSp_glue.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_FSp_glue.c --- Deprecated FSSpec functions.  Mac-only.
  */
@@ -13,8 +14,8 @@ long KRB5_CALLCONV FSp_profile_init_path (const FSSpec* files, profile_t *ret_pr
 
 errcode_t KRB5_CALLCONV
 FSp_profile_init(files, ret_profile)
-	const FSSpec* files;
-	profile_t *ret_profile;
+    const FSSpec* files;
+    profile_t *ret_profile;
 {
     unsigned int        fileCount = 0;
     const FSSpec       *nextSpec;
@@ -84,8 +85,8 @@ FSp_profile_init(files, ret_profile)
 
 errcode_t KRB5_CALLCONV
 FSp_profile_init_path(files, ret_profile)
-	const FSSpec* files;
-	profile_t *ret_profile;
+    const FSSpec* files;
+    profile_t *ret_profile;
 {
     return FSp_profile_init (files, ret_profile);
 }
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
index 13aa18c..cbc274d 100644
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_file.c ---- routines that manipulate an individual profile file.
  */
@@ -31,13 +32,13 @@
 #include "k5-platform.h"
 
 struct global_shared_profile_data {
-	/* This is the head of the global list of shared trees */
-	prf_data_t trees;
-	/* Lock for above list.  */
-	k5_mutex_t mutex;
+    /* This is the head of the global list of shared trees */
+    prf_data_t trees;
+    /* Lock for above list.  */
+    k5_mutex_t mutex;
 };
-#define g_shared_trees		(krb5int_profile_shared_data.trees)
-#define g_shared_trees_mutex	(krb5int_profile_shared_data.mutex)
+#define g_shared_trees          (krb5int_profile_shared_data.trees)
+#define g_shared_trees_mutex    (krb5int_profile_shared_data.mutex)
 
 static struct global_shared_profile_data krb5int_profile_shared_data = {
     0,
@@ -60,9 +61,9 @@ void profile_library_finalizer(void)
 {
     if (! INITIALIZER_RAN(profile_library_initializer) || PROGRAM_EXITING()) {
 #ifdef SHOW_INITFINI_FUNCS
-	printf("profile_library_finalizer: skipping\n");
+        printf("profile_library_finalizer: skipping\n");
 #endif
-	return;
+        return;
     }
 #ifdef SHOW_INITFINI_FUNCS
     printf("profile_library_finalizer\n");
@@ -76,82 +77,82 @@ static void profile_free_file_data(prf_data_t);
 
 #if 0
 
-#define scan_shared_trees_locked()				\
-	{							\
-	    prf_data_t d;					\
-	    k5_mutex_assert_locked(&g_shared_trees_mutex);	\
-	    for (d = g_shared_trees; d; d = d->next) {		\
-		assert(d->magic == PROF_MAGIC_FILE_DATA);	\
-		assert((d->flags & PROFILE_FILE_SHARED) != 0);	\
-		assert(d->filespec[0] != 0);			\
-		assert(d->fslen <= 1000); /* XXX */		\
-		assert(d->filespec[d->fslen] == 0);		\
-		assert(d->fslen = strlen(d->filespec));		\
-		assert(d->root != NULL);			\
-	    }							\
-	}
-
-#define scan_shared_trees_unlocked()			\
-	{						\
-	    int r;					\
-	    r = k5_mutex_lock(&g_shared_trees_mutex);	\
-	    assert (r == 0);				\
-	    scan_shared_trees_locked();			\
-	    k5_mutex_unlock(&g_shared_trees_mutex);	\
-	}
+#define scan_shared_trees_locked()                              \
+    {                                                           \
+        prf_data_t d;                                           \
+        k5_mutex_assert_locked(&g_shared_trees_mutex);          \
+        for (d = g_shared_trees; d; d = d->next) {              \
+            assert(d->magic == PROF_MAGIC_FILE_DATA);           \
+            assert((d->flags & PROFILE_FILE_SHARED) != 0);      \
+            assert(d->filespec[0] != 0);                        \
+            assert(d->fslen <= 1000); /* XXX */                 \
+            assert(d->filespec[d->fslen] == 0);                 \
+            assert(d->fslen = strlen(d->filespec));             \
+            assert(d->root != NULL);                            \
+        }                                                       \
+    }
+
+#define scan_shared_trees_unlocked()                    \
+    {                                                   \
+        int r;                                          \
+        r = k5_mutex_lock(&g_shared_trees_mutex);       \
+        assert (r == 0);                                \
+        scan_shared_trees_locked();                     \
+        k5_mutex_unlock(&g_shared_trees_mutex);         \
+    }
 
 #else
 
-#define scan_shared_trees_locked()	{ ; }
-#define scan_shared_trees_unlocked()	{ ; }
+#define scan_shared_trees_locked()      { ; }
+#define scan_shared_trees_unlocked()    { ; }
 
 #endif
 
 static int rw_access(const_profile_filespec_t filespec)
 {
 #ifdef HAVE_ACCESS
-	if (access(filespec, W_OK) == 0)
-		return 1;
-	else
-		return 0;
+    if (access(filespec, W_OK) == 0)
+        return 1;
+    else
+        return 0;
 #else
-	/*
-	 * We're on a substandard OS that doesn't support access.  So
-	 * we kludge a test using stdio routines, and hope fopen
-	 * checks the r/w permissions.
-	 */
-	FILE	*f;
-
-	f = fopen(filespec, "r+");
-	if (f) {
-		fclose(f);
-		return 1;
-	}
-	return 0;
+    /*
+     * We're on a substandard OS that doesn't support access.  So
+     * we kludge a test using stdio routines, and hope fopen
+     * checks the r/w permissions.
+     */
+    FILE    *f;
+
+    f = fopen(filespec, "r+");
+    if (f) {
+        fclose(f);
+        return 1;
+    }
+    return 0;
 #endif
 }
 
 static int r_access(const_profile_filespec_t filespec)
 {
 #ifdef HAVE_ACCESS
-	if (access(filespec, R_OK) == 0)
-		return 1;
-	else
-		return 0;
+    if (access(filespec, R_OK) == 0)
+        return 1;
+    else
+        return 0;
 #else
-	/*
-	 * We're on a substandard OS that doesn't support access.  So
-	 * we kludge a test using stdio routines, and hope fopen
-	 * checks the r/w permissions.
-	 */
-	FILE	*f;
-
-	f = fopen(filespec, "r");
-	if (f) {
-		fclose(f);
-		return 1;
-	}
-	return 0;
+    /*
+     * We're on a substandard OS that doesn't support access.  So
+     * we kludge a test using stdio routines, and hope fopen
+     * checks the r/w permissions.
+     */
+    FILE    *f;
+
+    f = fopen(filespec, "r");
+    if (f) {
+        fclose(f);
+        return 1;
+    }
+    return 0;
 #endif
 }
 
@@ -175,10 +176,10 @@ profile_make_prf_data(const char *filename)
     slen = offsetof(struct _prf_data_t, filespec);
     len = slen + flen + 1;
     if (len < sizeof(struct _prf_data_t))
-	len = sizeof(struct _prf_data_t);
+        len = sizeof(struct _prf_data_t);
     d = malloc(len);
     if (d == NULL)
-	return NULL;
+        return NULL;
     memset(d, 0, len);
     fcopy = (char *) d + slen;
     assert(fcopy == d->filespec);
@@ -193,189 +194,189 @@ profile_make_prf_data(const char *filename)
 }
 
 errcode_t profile_open_file(const_profile_filespec_t filespec,
-			    prf_file_t *ret_prof)
+                            prf_file_t *ret_prof)
 {
-	prf_file_t	prf;
-	errcode_t	retval;
-	char		*home_env = 0;
-	prf_data_t	data;
-	char		*expanded_filename;
-
-	retval = CALL_INIT_FUNCTION(profile_library_initializer);
-	if (retval)
-		return retval;
-
-	scan_shared_trees_unlocked();
-
-	prf = malloc(sizeof(struct _prf_file_t));
-	if (!prf)
-		return ENOMEM;
-	memset(prf, 0, sizeof(struct _prf_file_t));
-	prf->magic = PROF_MAGIC_FILE;
-
-	if (filespec[0] == '~' && filespec[1] == '/') {
-		home_env = getenv("HOME");
+    prf_file_t      prf;
+    errcode_t       retval;
+    char            *home_env = 0;
+    prf_data_t      data;
+    char            *expanded_filename;
+
+    retval = CALL_INIT_FUNCTION(profile_library_initializer);
+    if (retval)
+        return retval;
+
+    scan_shared_trees_unlocked();
+
+    prf = malloc(sizeof(struct _prf_file_t));
+    if (!prf)
+        return ENOMEM;
+    memset(prf, 0, sizeof(struct _prf_file_t));
+    prf->magic = PROF_MAGIC_FILE;
+
+    if (filespec[0] == '~' && filespec[1] == '/') {
+        home_env = getenv("HOME");
 #ifdef HAVE_PWD_H
-		if (home_env == NULL) {
-		    uid_t uid;
-		    struct passwd *pw, pwx;
-		    char pwbuf[BUFSIZ];
-
-		    uid = getuid();
-		    if (!k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw)
-			&& pw != NULL && pw->pw_dir[0] != 0)
-			home_env = pw->pw_dir;
-		}
+        if (home_env == NULL) {
+            uid_t uid;
+            struct passwd *pw, pwx;
+            char pwbuf[BUFSIZ];
+
+            uid = getuid();
+            if (!k5_getpwuid_r(uid, &pwx, pwbuf, sizeof(pwbuf), &pw)
+                && pw != NULL && pw->pw_dir[0] != 0)
+                home_env = pw->pw_dir;
+        }
 #endif
-	}
-	if (home_env) {
-	    if (asprintf(&expanded_filename, "%s%s", home_env,
-			 filespec + 1) < 0)
-		expanded_filename = 0;
-	} else
-	    expanded_filename = strdup(filespec);
-	if (expanded_filename == 0) {
-	    free(prf);
-	    return ENOMEM;
-	}
-
-	retval = k5_mutex_lock(&g_shared_trees_mutex);
-	if (retval) {
-	    free(expanded_filename);
-	    free(prf);
-	    scan_shared_trees_unlocked();
-	    return retval;
-	}
-	scan_shared_trees_locked();
-	for (data = g_shared_trees; data; data = data->next) {
-	    if (!strcmp(data->filespec, expanded_filename)
-		/* Check that current uid has read access.  */
-		&& r_access(data->filespec))
-		break;
-	}
-	if (data) {
-	    data->refcount++;
-	    (void) k5_mutex_unlock(&g_shared_trees_mutex);
-	    retval = profile_update_file_data(data);
-	    free(expanded_filename);
-	    prf->data = data;
-	    *ret_prof = prf;
-	    scan_shared_trees_unlocked();
-	    return retval;
-	}
-	(void) k5_mutex_unlock(&g_shared_trees_mutex);
-	data = profile_make_prf_data(expanded_filename);
-	if (data == NULL) {
-	    free(prf);
-	    free(expanded_filename);
-	    return ENOMEM;
-	}
-	free(expanded_filename);
-	prf->data = data;
-
-	retval = k5_mutex_init(&data->lock);
-	if (retval) {
-	    free(data);
-	    free(prf);
-	    return retval;
-	}
-
-	retval = profile_update_file(prf);
-	if (retval) {
-		profile_close_file(prf);
-		return retval;
-	}
-
-	retval = k5_mutex_lock(&g_shared_trees_mutex);
-	if (retval) {
-	    profile_close_file(prf);
-	    scan_shared_trees_unlocked();
-	    return retval;
-	}
-	scan_shared_trees_locked();
-	data->flags |= PROFILE_FILE_SHARED;
-	data->next = g_shared_trees;
-	g_shared_trees = data;
-	scan_shared_trees_locked();
-	(void) k5_mutex_unlock(&g_shared_trees_mutex);
-
-	*ret_prof = prf;
-	return 0;
+    }
+    if (home_env) {
+        if (asprintf(&expanded_filename, "%s%s", home_env,
+                     filespec + 1) < 0)
+            expanded_filename = 0;
+    } else
+        expanded_filename = strdup(filespec);
+    if (expanded_filename == 0) {
+        free(prf);
+        return ENOMEM;
+    }
+
+    retval = k5_mutex_lock(&g_shared_trees_mutex);
+    if (retval) {
+        free(expanded_filename);
+        free(prf);
+        scan_shared_trees_unlocked();
+        return retval;
+    }
+    scan_shared_trees_locked();
+    for (data = g_shared_trees; data; data = data->next) {
+        if (!strcmp(data->filespec, expanded_filename)
+            /* Check that current uid has read access.  */
+            && r_access(data->filespec))
+            break;
+    }
+    if (data) {
+        data->refcount++;
+        (void) k5_mutex_unlock(&g_shared_trees_mutex);
+        retval = profile_update_file_data(data);
+        free(expanded_filename);
+        prf->data = data;
+        *ret_prof = prf;
+        scan_shared_trees_unlocked();
+        return retval;
+    }
+    (void) k5_mutex_unlock(&g_shared_trees_mutex);
+    data = profile_make_prf_data(expanded_filename);
+    if (data == NULL) {
+        free(prf);
+        free(expanded_filename);
+        return ENOMEM;
+    }
+    free(expanded_filename);
+    prf->data = data;
+
+    retval = k5_mutex_init(&data->lock);
+    if (retval) {
+        free(data);
+        free(prf);
+        return retval;
+    }
+
+    retval = profile_update_file(prf);
+    if (retval) {
+        profile_close_file(prf);
+        return retval;
+    }
+
+    retval = k5_mutex_lock(&g_shared_trees_mutex);
+    if (retval) {
+        profile_close_file(prf);
+        scan_shared_trees_unlocked();
+        return retval;
+    }
+    scan_shared_trees_locked();
+    data->flags |= PROFILE_FILE_SHARED;
+    data->next = g_shared_trees;
+    g_shared_trees = data;
+    scan_shared_trees_locked();
+    (void) k5_mutex_unlock(&g_shared_trees_mutex);
+
+    *ret_prof = prf;
+    return 0;
 }
 
 errcode_t profile_update_file_data_locked(prf_data_t data)
 {
-	errcode_t retval;
+    errcode_t retval;
 #ifdef HAVE_STAT
-	struct stat st;
-	unsigned long frac;
-	time_t now;
+    struct stat st;
+    unsigned long frac;
+    time_t now;
 #endif
-	FILE *f;
+    FILE *f;
 
 #ifdef HAVE_STAT
-	now = time(0);
-	if (now == data->last_stat && data->root != NULL) {
-	    return 0;
-	}
-	if (stat(data->filespec, &st)) {
-	    return errno;
-	}
-	data->last_stat = now;
+    now = time(0);
+    if (now == data->last_stat && data->root != NULL) {
+        return 0;
+    }
+    if (stat(data->filespec, &st)) {
+        return errno;
+    }
+    data->last_stat = now;
 #if defined HAVE_STRUCT_STAT_ST_MTIMENSEC
-	frac = st.st_mtimensec;
+    frac = st.st_mtimensec;
 #elif defined HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
-	frac = st.st_mtimespec.tv_nsec;
+    frac = st.st_mtimespec.tv_nsec;
 #elif defined HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
-	frac = st.st_mtim.tv_nsec;
+    frac = st.st_mtim.tv_nsec;
 #else
-	frac = 0;
+    frac = 0;
 #endif
-	if (st.st_mtime == data->timestamp
-	    && frac == data->frac_ts
-	    && data->root != NULL) {
-	    return 0;
-	}
-	if (data->root) {
-		profile_free_node(data->root);
-		data->root = 0;
-	}
-	if (data->comment) {
-		free(data->comment);
-		data->comment = 0;
-	}
+    if (st.st_mtime == data->timestamp
+        && frac == data->frac_ts
+        && data->root != NULL) {
+        return 0;
+    }
+    if (data->root) {
+        profile_free_node(data->root);
+        data->root = 0;
+    }
+    if (data->comment) {
+        free(data->comment);
+        data->comment = 0;
+    }
 #else
-	/*
-	 * If we don't have the stat() call, assume that our in-core
-	 * memory image is correct.  That is, we won't reread the
-	 * profile file if it changes.
-	 */
-	if (data->root) {
-	    return 0;
-	}
+    /*
+     * If we don't have the stat() call, assume that our in-core
+     * memory image is correct.  That is, we won't reread the
+     * profile file if it changes.
+     */
+    if (data->root) {
+        return 0;
+    }
 #endif
-	errno = 0;
-	f = fopen(data->filespec, "r");
-	if (f == NULL) {
-		retval = errno;
-		if (retval == 0)
-			retval = ENOENT;
-		return retval;
-	}
-	set_cloexec_file(f);
-	data->upd_serial++;
-	data->flags &= PROFILE_FILE_SHARED;  /* FIXME same as '=' operator */
-	retval = profile_parse_file(f, &data->root);
-	fclose(f);
-	if (retval) {
-	    return retval;
-	}
-	assert(data->root != NULL);
+    errno = 0;
+    f = fopen(data->filespec, "r");
+    if (f == NULL) {
+        retval = errno;
+        if (retval == 0)
+            retval = ENOENT;
+        return retval;
+    }
+    set_cloexec_file(f);
+    data->upd_serial++;
+    data->flags &= PROFILE_FILE_SHARED;  /* FIXME same as '=' operator */
+    retval = profile_parse_file(f, &data->root);
+    fclose(f);
+    if (retval) {
+        return retval;
+    }
+    assert(data->root != NULL);
 #ifdef HAVE_STAT
-	data->timestamp = st.st_mtime;
-	data->frac_ts = frac;
+    data->timestamp = st.st_mtime;
+    data->frac_ts = frac;
 #endif
-	return 0;
+    return 0;
 }
 
 errcode_t profile_update_file_data(prf_data_t data)
@@ -384,7 +385,7 @@ errcode_t profile_update_file_data(prf_data_t data)
 
     retval = k5_mutex_lock(&data->lock);
     if (retval)
-	return retval;
+        return retval;
     retval = profile_update_file_data_locked(data);
     retval2 = k5_mutex_unlock(&data->lock);
     return retval ? retval : retval2;
@@ -401,118 +402,118 @@ make_hard_link(const char *oldpath, const char *newpath)
 }
 
 static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
-				    int can_create)
+                                    int can_create)
 {
-	FILE		*f;
-	profile_filespec_t new_file;
-	profile_filespec_t old_file;
-	errcode_t	retval = 0;
-
-	retval = ENOMEM;
-
-	new_file = old_file = 0;
-	if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
-	    new_file = NULL;
-	    goto errout;
-	}
-	if (asprintf(&old_file, "%s.bak", outfile) < 0) {
-	    old_file = NULL;
-	    goto errout;
-	}
-
-	errno = 0;
-
-	f = fopen(new_file, "w");
-	if (!f) {
-		retval = errno;
-		if (retval == 0)
-			retval = PROF_FAIL_OPEN;
-		goto errout;
-	}
-
-	set_cloexec_file(f);
-	profile_write_tree_file(data->root, f);
-	if (fclose(f) != 0) {
-		retval = errno;
-		goto errout;
-	}
-
-	unlink(old_file);
-	if (make_hard_link(outfile, old_file) == 0) {
-	    /* Okay, got the hard link.  Yay.  Now we've got our
-	       backup version, so just put the new version in
-	       place.  */
-	    if (rename(new_file, outfile)) {
-		/* Weird, the rename didn't work.  But the old version
-		   should still be in place, so no special cleanup is
-		   needed.  */
-		retval = errno;
-		goto errout;
-	    }
-	} else if (errno == ENOENT && can_create) {
-	    if (rename(new_file, outfile)) {
-		retval = errno;
-		goto errout;
-	    }
-	} else {
-	    /* Couldn't make the hard link, so there's going to be a
-	       small window where data->filespec does not refer to
-	       either version.  */
+    FILE            *f;
+    profile_filespec_t new_file;
+    profile_filespec_t old_file;
+    errcode_t       retval = 0;
+
+    retval = ENOMEM;
+
+    new_file = old_file = 0;
+    if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
+        new_file = NULL;
+        goto errout;
+    }
+    if (asprintf(&old_file, "%s.bak", outfile) < 0) {
+        old_file = NULL;
+        goto errout;
+    }
+
+    errno = 0;
+
+    f = fopen(new_file, "w");
+    if (!f) {
+        retval = errno;
+        if (retval == 0)
+            retval = PROF_FAIL_OPEN;
+        goto errout;
+    }
+
+    set_cloexec_file(f);
+    profile_write_tree_file(data->root, f);
+    if (fclose(f) != 0) {
+        retval = errno;
+        goto errout;
+    }
+
+    unlink(old_file);
+    if (make_hard_link(outfile, old_file) == 0) {
+        /* Okay, got the hard link.  Yay.  Now we've got our
+           backup version, so just put the new version in
+           place.  */
+        if (rename(new_file, outfile)) {
+            /* Weird, the rename didn't work.  But the old version
+               should still be in place, so no special cleanup is
+               needed.  */
+            retval = errno;
+            goto errout;
+        }
+    } else if (errno == ENOENT && can_create) {
+        if (rename(new_file, outfile)) {
+            retval = errno;
+            goto errout;
+        }
+    } else {
+        /* Couldn't make the hard link, so there's going to be a
+           small window where data->filespec does not refer to
+           either version.  */
 #ifndef _WIN32
-	    sync();
+        sync();
 #endif
-	    if (rename(outfile, old_file)) {
-		retval = errno;
-		goto errout;
-	    }
-	    if (rename(new_file, outfile)) {
-		retval = errno;
-		rename(old_file, outfile); /* back out... */
-		goto errout;
-	    }
-	}
-
-	data->flags = 0;
-	retval = 0;
+        if (rename(outfile, old_file)) {
+            retval = errno;
+            goto errout;
+        }
+        if (rename(new_file, outfile)) {
+            retval = errno;
+            rename(old_file, outfile); /* back out... */
+            goto errout;
+        }
+    }
+
+    data->flags = 0;
+    retval = 0;
 
 errout:
-	if (new_file)
-		free(new_file);
-	if (old_file)
-		free(old_file);
-	return retval;
+    if (new_file)
+        free(new_file);
+    if (old_file)
+        free(old_file);
+    return retval;
 }
 
 errcode_t profile_flush_file_data_to_buffer (prf_data_t data, char **bufp)
 {
-	errcode_t	retval;
-	retval = k5_mutex_lock(&data->lock);
-	if (retval)
-		return retval;
-	retval = profile_write_tree_to_buffer(data->root, bufp);
-	k5_mutex_unlock(&data->lock);
-	return retval;
+    errcode_t       retval;
+    retval = k5_mutex_lock(&data->lock);
+    if (retval)
+        return retval;
+    retval = profile_write_tree_to_buffer(data->root, bufp);
+    k5_mutex_unlock(&data->lock);
+    return retval;
 }
 
 errcode_t profile_flush_file_data(prf_data_t data)
 {
-	errcode_t	retval = 0;
+    errcode_t       retval = 0;
 
-	if (!data || data->magic != PROF_MAGIC_FILE_DATA)
-		return PROF_MAGIC_FILE_DATA;
+    if (!data || data->magic != PROF_MAGIC_FILE_DATA)
+        return PROF_MAGIC_FILE_DATA;
 
-	retval = k5_mutex_lock(&data->lock);
-	if (retval)
-	    return retval;
+    retval = k5_mutex_lock(&data->lock);
+    if (retval)
+        return retval;
 
-	if ((data->flags & PROFILE_FILE_DIRTY) == 0) {
-	    k5_mutex_unlock(&data->lock);
-	    return 0;
-	}
+    if ((data->flags & PROFILE_FILE_DIRTY) == 0) {
+        k5_mutex_unlock(&data->lock);
+        return 0;
+    }
 
-	retval = write_data_to_file(data, data->filespec, 0);
-	k5_mutex_unlock(&data->lock);
-	return retval;
+    retval = write_data_to_file(data, data->filespec, 0);
+    k5_mutex_unlock(&data->lock);
+    return retval;
 }
 
 errcode_t profile_flush_file_data_to_file(prf_data_t data, const char *outfile)
@@ -520,11 +521,11 @@ errcode_t profile_flush_file_data_to_file(prf_data_t data, const char *outfile)
     errcode_t retval = 0;
 
     if (!data || data->magic != PROF_MAGIC_FILE_DATA)
-	return PROF_MAGIC_FILE_DATA;
+        return PROF_MAGIC_FILE_DATA;
 
     retval = k5_mutex_lock(&data->lock);
     if (retval)
-	return retval;
+        return retval;
     retval = write_data_to_file(data, outfile, 1);
     k5_mutex_unlock(&data->lock);
     return retval;
@@ -537,7 +538,7 @@ void profile_dereference_data(prf_data_t data)
     int err;
     err = k5_mutex_lock(&g_shared_trees_mutex);
     if (err)
-	return;
+        return;
     profile_dereference_data_locked(data);
     (void) k5_mutex_unlock(&g_shared_trees_mutex);
 }
@@ -546,7 +547,7 @@ void profile_dereference_data_locked(prf_data_t data)
     scan_shared_trees_locked();
     data->refcount--;
     if (data->refcount == 0)
-	profile_free_file_data(data);
+        profile_free_file_data(data);
     scan_shared_trees_locked();
 }
 
@@ -570,27 +571,27 @@ static void profile_free_file_data(prf_data_t data)
 {
     scan_shared_trees_locked();
     if (data->flags & PROFILE_FILE_SHARED) {
-	/* Remove from linked list.  */
-	if (g_shared_trees == data)
-	    g_shared_trees = data->next;
-	else {
-	    prf_data_t prev, next;
-	    prev = g_shared_trees;
-	    next = prev->next;
-	    while (next) {
-		if (next == data) {
-		    prev->next = next->next;
-		    break;
-		}
-		prev = next;
-		next = next->next;
-	    }
-	}
+        /* Remove from linked list.  */
+        if (g_shared_trees == data)
+            g_shared_trees = data->next;
+        else {
+            prf_data_t prev, next;
+            prev = g_shared_trees;
+            next = prev->next;
+            while (next) {
+                if (next == data) {
+                    prev->next = next->next;
+                    break;
+                }
+                prev = next;
+                next = next->next;
+            }
+        }
     }
     if (data->root)
-	profile_free_node(data->root);
+        profile_free_node(data->root);
     if (data->comment)
-	free(data->comment);
+        free(data->comment);
     data->magic = 0;
     k5_mutex_destroy(&data->lock);
     free(data);
@@ -599,11 +600,11 @@ static void profile_free_file_data(prf_data_t data)
 
 errcode_t profile_close_file(prf_file_t prf)
 {
-	errcode_t	retval;
+    errcode_t       retval;
 
-	retval = profile_flush_file(prf);
-	if (retval)
-		return retval;
-	profile_free_file(prf);
-	return 0;
+    retval = profile_flush_file(prf);
+    if (retval)
+        return retval;
+    profile_free_file(prf);
+    return 0;
 }
diff --git a/src/util/profile/prof_get.c b/src/util/profile/prof_get.c
index 87861fc..460d2e5f 100644
--- a/src/util/profile/prof_get.c
+++ b/src/util/profile/prof_get.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_get.c --- routines that expose the public interfaces for
- * 	querying items from the profile.
+ *      querying items from the profile.
  *
  */
 
@@ -27,9 +28,9 @@
  */
 
 struct profile_string_list {
-	char	**list;
-	unsigned int	num;
-	unsigned int	max;
+    char    **list;
+    unsigned int    num;
+    unsigned int    max;
 };
 
 /*
@@ -37,13 +38,13 @@ struct profile_string_list {
  */
 static errcode_t init_list(struct profile_string_list *list)
 {
-	list->num = 0;
-	list->max = 10;
-	list->list = malloc(list->max * sizeof(char *));
-	if (list->list == 0)
-		return ENOMEM;
-	list->list[0] = 0;
-	return 0;
+    list->num = 0;
+    list->max = 10;
+    list->list = malloc(list->max * sizeof(char *));
+    if (list->list == 0)
+        return ENOMEM;
+    list->list[0] = 0;
+    return 0;
 }
 
 /*
@@ -52,21 +53,21 @@ static errcode_t init_list(struct profile_string_list *list)
  */
 static void end_list(struct profile_string_list *list, char ***ret_list)
 {
-	char	**cp;
-
-	if (list == 0)
-		return;
-
-	if (ret_list) {
-		*ret_list = list->list;
-		return;
-	} else {
-		for (cp = list->list; *cp; cp++)
-			free(*cp);
-		free(list->list);
-	}
-	list->num = list->max = 0;
-	list->list = 0;
+    char    **cp;
+
+    if (list == 0)
+        return;
+
+    if (ret_list) {
+        *ret_list = list->list;
+        return;
+    } else {
+        for (cp = list->list; *cp; cp++)
+            free(*cp);
+        free(list->list);
+    }
+    list->num = list->max = 0;
+    list->list = 0;
 }
 
 /*
@@ -74,24 +75,24 @@ static void end_list(struct profile_string_list *list, char ***ret_list)
  */
 static errcode_t add_to_list(struct profile_string_list *list, const char *str)
 {
-	char 	*newstr, **newlist;
-	unsigned int	newmax;
-
-	if (list->num+1 >= list->max) {
-		newmax = list->max + 10;
-		newlist = realloc(list->list, newmax * sizeof(char *));
-		if (newlist == 0)
-			return ENOMEM;
-		list->max = newmax;
-		list->list = newlist;
-	}
-	newstr = strdup(str);
-	if (newstr == 0)
-		return ENOMEM;
-
-	list->list[list->num++] = newstr;
-	list->list[list->num] = 0;
-	return 0;
+    char    *newstr, **newlist;
+    unsigned int    newmax;
+
+    if (list->num+1 >= list->max) {
+        newmax = list->max + 10;
+        newlist = realloc(list->list, newmax * sizeof(char *));
+        if (newlist == 0)
+            return ENOMEM;
+        list->max = newmax;
+        list->list = newlist;
+    }
+    newstr = strdup(str);
+    if (newstr == 0)
+        return ENOMEM;
+
+    list->list[list->num++] = newstr;
+    list->list[list->num] = 0;
+    return 0;
 }
 
 /*
@@ -99,16 +100,16 @@ static errcode_t add_to_list(struct profile_string_list *list, const char *str)
  */
 static int is_list_member(struct profile_string_list *list, const char *str)
 {
-	char **cpp;
+    char **cpp;
 
-	if (!list->list)
-		return 0;
+    if (!list->list)
+        return 0;
 
-	for (cpp = list->list; *cpp; cpp++) {
-		if (!strcmp(*cpp, str))
-			return 1;
-	}
-	return 0;
+    for (cpp = list->list; *cpp; cpp++) {
+        if (!strcmp(*cpp, str))
+            return 1;
+    }
+    return 0;
 }
 
 /*
@@ -117,51 +118,51 @@ static int is_list_member(struct profile_string_list *list, const char *str)
  */
 void KRB5_CALLCONV profile_free_list(char **list)
 {
-    char	**cp;
+    char        **cp;
 
     if (list == 0)
-	    return;
+        return;
 
     for (cp = list; *cp; cp++)
-	free(*cp);
+        free(*cp);
     free(list);
 }
 
 errcode_t KRB5_CALLCONV
 profile_get_values(profile_t profile, const char *const *names,
-		   char ***ret_values)
+                   char ***ret_values)
 {
-	errcode_t		retval;
-	void			*state;
-	char			*value;
-	struct profile_string_list values;
-
-	if ((retval = profile_node_iterator_create(profile, names,
-						   PROFILE_ITER_RELATIONS_ONLY,
-						   &state)))
-		return retval;
-
-	if ((retval = init_list(&values)))
-		return retval;
-
-	do {
-		if ((retval = profile_node_iterator(&state, 0, 0, &value)))
-			goto cleanup;
-		if (value)
-			add_to_list(&values, value);
-	} while (state);
-
-	if (values.num == 0) {
-		retval = PROF_NO_RELATION;
-		goto cleanup;
-	}
-
-	end_list(&values, ret_values);
-	return 0;
+    errcode_t               retval;
+    void                    *state;
+    char                    *value;
+    struct profile_string_list values;
+
+    if ((retval = profile_node_iterator_create(profile, names,
+                                               PROFILE_ITER_RELATIONS_ONLY,
+                                               &state)))
+        return retval;
+
+    if ((retval = init_list(&values)))
+        return retval;
+
+    do {
+        if ((retval = profile_node_iterator(&state, 0, 0, &value)))
+            goto cleanup;
+        if (value)
+            add_to_list(&values, value);
+    } while (state);
+
+    if (values.num == 0) {
+        retval = PROF_NO_RELATION;
+        goto cleanup;
+    }
+
+    end_list(&values, ret_values);
+    return 0;
 
 cleanup:
-	end_list(&values, 0);
-	return retval;
+    end_list(&values, 0);
+    return retval;
 }
 
 /*
@@ -169,105 +170,105 @@ cleanup:
  * helper function for profile_get_string, profile_get_integer, etc.
  */
 errcode_t profile_get_value(profile_t profile, const char **names,
-			    const char **ret_value)
+                            const char **ret_value)
 {
-	errcode_t		retval;
-	void			*state;
-	char			*value;
+    errcode_t               retval;
+    void                    *state;
+    char                    *value;
 
-	if ((retval = profile_node_iterator_create(profile, names,
-						   PROFILE_ITER_RELATIONS_ONLY,
-						   &state)))
-		return retval;
+    if ((retval = profile_node_iterator_create(profile, names,
+                                               PROFILE_ITER_RELATIONS_ONLY,
+                                               &state)))
+        return retval;
 
-	if ((retval = profile_node_iterator(&state, 0, 0, &value)))
-		goto cleanup;
+    if ((retval = profile_node_iterator(&state, 0, 0, &value)))
+        goto cleanup;
 
-	if (value)
-		*ret_value = value;
-	else
-		retval = PROF_NO_RELATION;
+    if (value)
+        *ret_value = value;
+    else
+        retval = PROF_NO_RELATION;
 
 cleanup:
-	profile_node_iterator_free(&state);
-	return retval;
+    profile_node_iterator_free(&state);
+    return retval;
 }
 
 errcode_t KRB5_CALLCONV
 profile_get_string(profile_t profile, const char *name, const char *subname,
-		   const char *subsubname, const char *def_val,
-		   char **ret_string)
+                   const char *subsubname, const char *def_val,
+                   char **ret_string)
 {
-	const char	*value;
-	errcode_t	retval;
-	const char	*names[4];
-
-	if (profile) {
-		names[0] = name;
-		names[1] = subname;
-		names[2] = subsubname;
-		names[3] = 0;
-		retval = profile_get_value(profile, names, &value);
-		if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION)
-			value = def_val;
-		else if (retval)
-			return retval;
-	} else
-		value = def_val;
-
-	if (value) {
-		*ret_string = strdup(value);
-		if (*ret_string == 0)
-			return ENOMEM;
-	} else
-		*ret_string = 0;
-	return 0;
+    const char      *value;
+    errcode_t       retval;
+    const char      *names[4];
+
+    if (profile) {
+        names[0] = name;
+        names[1] = subname;
+        names[2] = subsubname;
+        names[3] = 0;
+        retval = profile_get_value(profile, names, &value);
+        if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION)
+            value = def_val;
+        else if (retval)
+            return retval;
+    } else
+        value = def_val;
+
+    if (value) {
+        *ret_string = strdup(value);
+        if (*ret_string == 0)
+            return ENOMEM;
+    } else
+        *ret_string = 0;
+    return 0;
 }
 
 errcode_t KRB5_CALLCONV
 profile_get_integer(profile_t profile, const char *name, const char *subname,
-		    const char *subsubname, int def_val, int *ret_int)
+                    const char *subsubname, int def_val, int *ret_int)
 {
-	const char	*value;
-	errcode_t	retval;
-	const char	*names[4];
-	char            *end_value;
-	long		ret_long;
-
-	*ret_int = def_val;
-	if (profile == 0)
-		return 0;
-
-	names[0] = name;
-	names[1] = subname;
-	names[2] = subsubname;
-	names[3] = 0;
-	retval = profile_get_value(profile, names, &value);
-	if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
-		*ret_int = def_val;
-		return 0;
-	} else if (retval)
-		return retval;
-
-	if (value[0] == 0)
-	    /* Empty string is no good.  */
-	    return PROF_BAD_INTEGER;
-	errno = 0;
-	ret_long = strtol (value, &end_value, 10);
-
-	/* Overflow or underflow.  */
-	if ((ret_long == LONG_MIN || ret_long == LONG_MAX) && errno != 0)
-	    return PROF_BAD_INTEGER;
-	/* Value outside "int" range.  */
-	if ((long) (int) ret_long != ret_long)
-	    return PROF_BAD_INTEGER;
-	/* Garbage in string.  */
-	if (end_value != value + strlen (value))
-	    return PROF_BAD_INTEGER;
-
-
-	*ret_int = ret_long;
-	return 0;
+    const char      *value;
+    errcode_t       retval;
+    const char      *names[4];
+    char            *end_value;
+    long            ret_long;
+
+    *ret_int = def_val;
+    if (profile == 0)
+        return 0;
+
+    names[0] = name;
+    names[1] = subname;
+    names[2] = subsubname;
+    names[3] = 0;
+    retval = profile_get_value(profile, names, &value);
+    if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
+        *ret_int = def_val;
+        return 0;
+    } else if (retval)
+        return retval;
+
+    if (value[0] == 0)
+        /* Empty string is no good.  */
+        return PROF_BAD_INTEGER;
+    errno = 0;
+    ret_long = strtol (value, &end_value, 10);
+
+    /* Overflow or underflow.  */
+    if ((ret_long == LONG_MIN || ret_long == LONG_MAX) && errno != 0)
+        return PROF_BAD_INTEGER;
+    /* Value outside "int" range.  */
+    if ((long) (int) ret_long != ret_long)
+        return PROF_BAD_INTEGER;
+    /* Garbage in string.  */
+    if (end_value != value + strlen (value))
+        return PROF_BAD_INTEGER;
+
+
+    *ret_int = ret_long;
+    return 0;
 }
 
 static const char *const conf_yes[] = {
@@ -286,50 +287,50 @@ profile_parse_boolean(const char *s, int *ret_boolean)
     const char *const *p;
 
     if (ret_boolean == NULL)
-    	return PROF_EINVAL;
+        return PROF_EINVAL;
 
     for(p=conf_yes; *p; p++) {
-		if (!strcasecmp(*p,s)) {
-			*ret_boolean = 1;
-	    	return 0;
-		}
+        if (!strcasecmp(*p,s)) {
+            *ret_boolean = 1;
+            return 0;
+        }
     }
 
     for(p=conf_no; *p; p++) {
-		if (!strcasecmp(*p,s)) {
-			*ret_boolean = 0;
-			return 0;
-		}
+        if (!strcasecmp(*p,s)) {
+            *ret_boolean = 0;
+            return 0;
+        }
     }
 
-	return PROF_BAD_BOOLEAN;
+    return PROF_BAD_BOOLEAN;
 }
 
 errcode_t KRB5_CALLCONV
 profile_get_boolean(profile_t profile, const char *name, const char *subname,
-		    const char *subsubname, int def_val, int *ret_boolean)
+                    const char *subsubname, int def_val, int *ret_boolean)
 {
-	const char	*value;
-	errcode_t	retval;
-	const char	*names[4];
-
-	if (profile == 0) {
-		*ret_boolean = def_val;
-		return 0;
-	}
-
-	names[0] = name;
-	names[1] = subname;
-	names[2] = subsubname;
-	names[3] = 0;
-	retval = profile_get_value(profile, names, &value);
-	if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
-		*ret_boolean = def_val;
-		return 0;
-	} else if (retval)
-		return retval;
-
-	return profile_parse_boolean (value, ret_boolean);
+    const char      *value;
+    errcode_t       retval;
+    const char      *names[4];
+
+    if (profile == 0) {
+        *ret_boolean = def_val;
+        return 0;
+    }
+
+    names[0] = name;
+    names[1] = subname;
+    names[2] = subsubname;
+    names[3] = 0;
+    retval = profile_get_value(profile, names, &value);
+    if (retval == PROF_NO_SECTION || retval == PROF_NO_RELATION) {
+        *ret_boolean = def_val;
+        return 0;
+    } else if (retval)
+        return retval;
+
+    return profile_parse_boolean (value, ret_boolean);
 }
 
 /*
@@ -338,34 +339,34 @@ profile_get_boolean(profile_t profile, const char *name, const char *subname,
  */
 errcode_t KRB5_CALLCONV
 profile_get_subsection_names(profile_t profile, const char **names,
-			     char ***ret_names)
+                             char ***ret_names)
 {
-	errcode_t		retval;
-	void			*state;
-	char			*name;
-	struct profile_string_list values;
+    errcode_t               retval;
+    void                    *state;
+    char                    *name;
+    struct profile_string_list values;
 
-	if ((retval = profile_node_iterator_create(profile, names,
-		   PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY,
-		   &state)))
-		return retval;
+    if ((retval = profile_node_iterator_create(profile, names,
+                                               PROFILE_ITER_LIST_SECTION | PROFILE_ITER_SECTIONS_ONLY,
+                                               &state)))
+        return retval;
 
-	if ((retval = init_list(&values)))
-		return retval;
+    if ((retval = init_list(&values)))
+        return retval;
 
-	do {
-		if ((retval = profile_node_iterator(&state, 0, &name, 0)))
-			goto cleanup;
-		if (name)
-			add_to_list(&values, name);
-	} while (state);
+    do {
+        if ((retval = profile_node_iterator(&state, 0, &name, 0)))
+            goto cleanup;
+        if (name)
+            add_to_list(&values, name);
+    } while (state);
 
-	end_list(&values, ret_names);
-	return 0;
+    end_list(&values, ret_names);
+    return 0;
 
 cleanup:
-	end_list(&values, 0);
-	return retval;
+    end_list(&values, 0);
+    return retval;
 }
 
 /*
@@ -374,85 +375,85 @@ cleanup:
  */
 errcode_t KRB5_CALLCONV
 profile_get_relation_names(profile_t profile, const char **names,
-			   char ***ret_names)
+                           char ***ret_names)
 {
-	errcode_t		retval;
-	void			*state;
-	char			*name;
-	struct profile_string_list values;
+    errcode_t               retval;
+    void                    *state;
+    char                    *name;
+    struct profile_string_list values;
 
-	if ((retval = profile_node_iterator_create(profile, names,
-		   PROFILE_ITER_LIST_SECTION | PROFILE_ITER_RELATIONS_ONLY,
-		   &state)))
-		return retval;
+    if ((retval = profile_node_iterator_create(profile, names,
+                                               PROFILE_ITER_LIST_SECTION | PROFILE_ITER_RELATIONS_ONLY,
+                                               &state)))
+        return retval;
 
-	if ((retval = init_list(&values)))
-		return retval;
+    if ((retval = init_list(&values)))
+        return retval;
 
-	do {
-		if ((retval = profile_node_iterator(&state, 0, &name, 0)))
-			goto cleanup;
-		if (name && !is_list_member(&values, name))
-			add_to_list(&values, name);
-	} while (state);
+    do {
+        if ((retval = profile_node_iterator(&state, 0, &name, 0)))
+            goto cleanup;
+        if (name && !is_list_member(&values, name))
+            add_to_list(&values, name);
+    } while (state);
 
-	end_list(&values, ret_names);
-	return 0;
+    end_list(&values, ret_names);
+    return 0;
 
 cleanup:
-	end_list(&values, 0);
-	return retval;
+    end_list(&values, 0);
+    return retval;
 }
 
 errcode_t KRB5_CALLCONV
 profile_iterator_create(profile_t profile, const char *const *names, int flags,
-			void **ret_iter)
+                        void **ret_iter)
 {
-	return profile_node_iterator_create(profile, names, flags, ret_iter);
+    return profile_node_iterator_create(profile, names, flags, ret_iter);
 }
 
 void KRB5_CALLCONV
 profile_iterator_free(void **iter_p)
 {
-	profile_node_iterator_free(iter_p);
+    profile_node_iterator_free(iter_p);
 }
 
 errcode_t KRB5_CALLCONV
 profile_iterator(void **iter_p, char **ret_name, char **ret_value)
 {
-	char *name, *value;
-	errcode_t	retval;
-
-	retval = profile_node_iterator(iter_p, 0, &name, &value);
-	if (retval)
-		return retval;
-
-	if (ret_name) {
-		if (name) {
-			*ret_name = strdup(name);
-			if (!*ret_name)
-				return ENOMEM;
-		} else
-			*ret_name = 0;
-	}
-	if (ret_value) {
-		if (value) {
-			*ret_value = strdup(value);
-			if (!*ret_value) {
-				if (ret_name) {
-					free(*ret_name);
-					*ret_name = 0;
-				}
-				return ENOMEM;
-			}
-		} else
-			*ret_value = 0;
-	}
-	return 0;
+    char *name, *value;
+    errcode_t       retval;
+
+    retval = profile_node_iterator(iter_p, 0, &name, &value);
+    if (retval)
+        return retval;
+
+    if (ret_name) {
+        if (name) {
+            *ret_name = strdup(name);
+            if (!*ret_name)
+                return ENOMEM;
+        } else
+            *ret_name = 0;
+    }
+    if (ret_value) {
+        if (value) {
+            *ret_value = strdup(value);
+            if (!*ret_value) {
+                if (ret_name) {
+                    free(*ret_name);
+                    *ret_name = 0;
+                }
+                return ENOMEM;
+            }
+        } else
+            *ret_value = 0;
+    }
+    return 0;
 }
 
 void KRB5_CALLCONV
 profile_release_string(char *str)
 {
-	free(str);
+    free(str);
 }
diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c
index 91ace98..bd42b13 100644
--- a/src/util/profile/prof_init.c
+++ b/src/util/profile/prof_init.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_init.c --- routines that manipulate the user-visible profile_t
- * 	object.
+ *      object.
  */
 
 #include "prof_int.h"
@@ -23,62 +24,62 @@ typedef int32_t prof_int32;
 errcode_t KRB5_CALLCONV
 profile_init(const_profile_filespec_t *files, profile_t *ret_profile)
 {
-	const_profile_filespec_t *fs;
-	profile_t profile;
-	prf_file_t  new_file, last = 0;
-	errcode_t retval = 0;
-
-	profile = malloc(sizeof(struct _profile_t));
-	if (!profile)
-		return ENOMEM;
-	memset(profile, 0, sizeof(struct _profile_t));
-	profile->magic = PROF_MAGIC_PROFILE;
-
-	/*
-	 * If the filenames list is not specified or empty, return an empty
-	 * profile.
-	 */
-	if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
-	    for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
-		retval = profile_open_file(*fs, &new_file);
-		/* if this file is missing, skip to the next */
-		if (retval == ENOENT || retval == EACCES || retval == EPERM) {
-			continue;
-		}
-		if (retval) {
-			profile_release(profile);
-			return retval;
-		}
-		if (last)
-			last->next = new_file;
-		else
-			profile->first_file = new_file;
-		last = new_file;
-	    }
-	    /*
-	     * If last is still null after the loop, then all the files were
-	     * missing, so return the appropriate error.
-	     */
-	    if (!last) {
-		profile_release(profile);
-		return ENOENT;
-	    }
-	}
-
-        *ret_profile = profile;
-        return 0;
+    const_profile_filespec_t *fs;
+    profile_t profile;
+    prf_file_t  new_file, last = 0;
+    errcode_t retval = 0;
+
+    profile = malloc(sizeof(struct _profile_t));
+    if (!profile)
+        return ENOMEM;
+    memset(profile, 0, sizeof(struct _profile_t));
+    profile->magic = PROF_MAGIC_PROFILE;
+
+    /*
+     * If the filenames list is not specified or empty, return an empty
+     * profile.
+     */
+    if ( files && !PROFILE_LAST_FILESPEC(*files) ) {
+        for (fs = files; !PROFILE_LAST_FILESPEC(*fs); fs++) {
+            retval = profile_open_file(*fs, &new_file);
+            /* if this file is missing, skip to the next */
+            if (retval == ENOENT || retval == EACCES || retval == EPERM) {
+                continue;
+            }
+            if (retval) {
+                profile_release(profile);
+                return retval;
+            }
+            if (last)
+                last->next = new_file;
+            else
+                profile->first_file = new_file;
+            last = new_file;
+        }
+        /*
+         * If last is still null after the loop, then all the files were
+         * missing, so return the appropriate error.
+         */
+        if (!last) {
+            profile_release(profile);
+            return ENOENT;
+        }
+    }
+
+    *ret_profile = profile;
+    return 0;
 }
 
-#define COUNT_LINKED_LIST(COUNT, PTYPE, START, FIELD)	\
-	{						\
-	    size_t cll_counter = 0;			\
-	    PTYPE cll_ptr = (START);			\
-	    while (cll_ptr != NULL) {			\
-		cll_counter++;				\
-		cll_ptr = cll_ptr->FIELD;		\
-	    }						\
-	    (COUNT) = cll_counter;			\
-	}
+#define COUNT_LINKED_LIST(COUNT, PTYPE, START, FIELD)   \
+    {                                                   \
+        size_t cll_counter = 0;                         \
+        PTYPE cll_ptr = (START);                        \
+        while (cll_ptr != NULL) {                       \
+            cll_counter++;                              \
+            cll_ptr = cll_ptr->FIELD;                   \
+        }                                               \
+        (COUNT) = cll_counter;                          \
+    }
 
 errcode_t KRB5_CALLCONV
 profile_copy(profile_t old_profile, profile_t *new_profile)
@@ -93,9 +94,9 @@ profile_copy(profile_t old_profile, profile_t *new_profile)
     COUNT_LINKED_LIST (size, prf_file_t, old_profile->first_file, next);
     files = malloc ((size+1) * sizeof(*files));
     if (files == NULL)
-	return ENOMEM;
+        return ENOMEM;
     for (i = 0, file = old_profile->first_file; i < size; i++, file = file->next)
-	files[i] = file->data->filespec;
+        files[i] = file->data->filespec;
     files[size] = NULL;
     err = profile_init (files, new_profile);
     free (files);
@@ -104,54 +105,54 @@ profile_copy(profile_t old_profile, profile_t *new_profile)
 
 errcode_t KRB5_CALLCONV
 profile_init_path(const_profile_filespec_list_t filepath,
-		  profile_t *ret_profile)
+                  profile_t *ret_profile)
 {
-        unsigned int n_entries;
-        int i;
-	unsigned int ent_len;
-	const char *s, *t;
-	profile_filespec_t *filenames;
-	errcode_t retval;
-
-	/* count the distinct filename components */
-	for(s = filepath, n_entries = 1; *s; s++) {
-		if (*s == ':')
-			n_entries++;
-	}
-
-	/* the array is NULL terminated */
-	filenames = (profile_filespec_t*) malloc((n_entries+1) * sizeof(char*));
-	if (filenames == 0)
-		return ENOMEM;
-
-	/* measure, copy, and skip each one */
-	for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
-	        ent_len = (unsigned int) (t-s);
-		filenames[i] = (char*) malloc(ent_len + 1);
-		if (filenames[i] == 0) {
-			/* if malloc fails, free the ones that worked */
-			while(--i >= 0) free(filenames[i]);
-                        free(filenames);
-			return ENOMEM;
-		}
-		strncpy(filenames[i], s, ent_len);
-		filenames[i][ent_len] = 0;
-		if (*t == 0) {
-			i++;
-			break;
-		}
-	}
-	/* cap the array */
-	filenames[i] = 0;
-
-	retval = profile_init((const_profile_filespec_t *) filenames,
-			      ret_profile);
-
-	/* count back down and free the entries */
-	while(--i >= 0) free(filenames[i]);
-	free(filenames);
-
-	return retval;
+    unsigned int n_entries;
+    int i;
+    unsigned int ent_len;
+    const char *s, *t;
+    profile_filespec_t *filenames;
+    errcode_t retval;
+
+    /* count the distinct filename components */
+    for(s = filepath, n_entries = 1; *s; s++) {
+        if (*s == ':')
+            n_entries++;
+    }
+
+    /* the array is NULL terminated */
+    filenames = (profile_filespec_t*) malloc((n_entries+1) * sizeof(char*));
+    if (filenames == 0)
+        return ENOMEM;
+
+    /* measure, copy, and skip each one */
+    for(s = filepath, i=0; (t = strchr(s, ':')) || (t=s+strlen(s)); s=t+1, i++) {
+        ent_len = (unsigned int) (t-s);
+        filenames[i] = (char*) malloc(ent_len + 1);
+        if (filenames[i] == 0) {
+            /* if malloc fails, free the ones that worked */
+            while(--i >= 0) free(filenames[i]);
+            free(filenames);
+            return ENOMEM;
+        }
+        strncpy(filenames[i], s, ent_len);
+        filenames[i][ent_len] = 0;
+        if (*t == 0) {
+            i++;
+            break;
+        }
+    }
+    /* cap the array */
+    filenames[i] = 0;
+
+    retval = profile_init((const_profile_filespec_t *) filenames,
+                          ret_profile);
+
+    /* count back down and free the entries */
+    while(--i >= 0) free(filenames[i]);
+    free(filenames);
+
+    return retval;
 }
 
 errcode_t KRB5_CALLCONV
@@ -187,26 +188,26 @@ profile_is_modified(profile_t profile, int *modified)
 errcode_t KRB5_CALLCONV
 profile_flush(profile_t profile)
 {
-	if (!profile || profile->magic != PROF_MAGIC_PROFILE)
-		return PROF_MAGIC_PROFILE;
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
 
-	if (profile->first_file)
-		return profile_flush_file(profile->first_file);
+    if (profile->first_file)
+        return profile_flush_file(profile->first_file);
 
-	return 0;
+    return 0;
 }
 
 errcode_t KRB5_CALLCONV
 profile_flush_to_file(profile_t profile, const_profile_filespec_t outfile)
 {
-	if (!profile || profile->magic != PROF_MAGIC_PROFILE)
-		return PROF_MAGIC_PROFILE;
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
 
-	if (profile->first_file)
-		return profile_flush_file_to_file(profile->first_file,
-						  outfile);
+    if (profile->first_file)
+        return profile_flush_file_to_file(profile->first_file,
+                                          outfile);
 
-	return 0;
+    return 0;
 }
 
 errcode_t KRB5_CALLCONV
@@ -224,48 +225,48 @@ profile_free_buffer(profile_t profile, char *buf)
 void KRB5_CALLCONV
 profile_abandon(profile_t profile)
 {
-	prf_file_t	p, next;
+    prf_file_t      p, next;
 
-	if (!profile || profile->magic != PROF_MAGIC_PROFILE)
-		return;
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return;
 
-	for (p = profile->first_file; p; p = next) {
-		next = p->next;
-		profile_free_file(p);
-	}
-	profile->magic = 0;
-	free(profile);
+    for (p = profile->first_file; p; p = next) {
+        next = p->next;
+        profile_free_file(p);
+    }
+    profile->magic = 0;
+    free(profile);
 }
 
 void KRB5_CALLCONV
 profile_release(profile_t profile)
 {
-	prf_file_t	p, next;
+    prf_file_t      p, next;
 
-	if (!profile || profile->magic != PROF_MAGIC_PROFILE)
-		return;
+    if (!profile || profile->magic != PROF_MAGIC_PROFILE)
+        return;
 
-	for (p = profile->first_file; p; p = next) {
-		next = p->next;
-		profile_close_file(p);
-	}
-	profile->magic = 0;
-	free(profile);
+    for (p = profile->first_file; p; p = next) {
+        next = p->next;
+        profile_close_file(p);
+    }
+    profile->magic = 0;
+    free(profile);
 }
 
 /*
  * Here begins the profile serialization functions.
  */
 errcode_t profile_ser_size(const char *unused, profile_t profile,
-			   size_t *sizep)
+                           size_t *sizep)
 {
-    size_t	required;
-    prf_file_t	pfp;
+    size_t      required;
+    prf_file_t  pfp;
 
     required = 3*sizeof(prof_int32);
     for (pfp = profile->first_file; pfp; pfp = pfp->next) {
-	required += sizeof(prof_int32);
-	required += strlen(pfp->data->filespec);
+        required += sizeof(prof_int32);
+        required += strlen(pfp->data->filespec);
     }
     *sizep += required;
     return 0;
@@ -279,123 +280,123 @@ static void pack_int32(prof_int32 oval, unsigned char **bufpp, size_t *remainp)
 }
 
 errcode_t profile_ser_externalize(const char *unused, profile_t profile,
-				  unsigned char **bufpp, size_t *remainp)
+                                  unsigned char **bufpp, size_t *remainp)
 {
-    errcode_t		retval;
-    size_t		required;
-    unsigned char	*bp;
-    size_t		remain;
-    prf_file_t		pfp;
-    prof_int32		fcount, slen;
+    errcode_t           retval;
+    size_t              required;
+    unsigned char       *bp;
+    size_t              remain;
+    prf_file_t          pfp;
+    prof_int32          fcount, slen;
 
     required = 0;
     bp = *bufpp;
     remain = *remainp;
     retval = EINVAL;
     if (profile) {
-	retval = ENOMEM;
-	(void) profile_ser_size(unused, profile, &required);
-	if (required <= remain) {
-	    fcount = 0;
-	    for (pfp = profile->first_file; pfp; pfp = pfp->next)
-		fcount++;
-	    pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
-	    pack_int32(fcount, &bp, &remain);
-	    for (pfp = profile->first_file; pfp; pfp = pfp->next) {
-		slen = (prof_int32) strlen(pfp->data->filespec);
-		pack_int32(slen, &bp, &remain);
-		if (slen) {
-		    memcpy(bp, pfp->data->filespec, (size_t) slen);
-		    bp += slen;
-		    remain -= (size_t) slen;
-		}
-	    }
-	    pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
-	    retval = 0;
-	    *bufpp = bp;
-	    *remainp = remain;
-	}
+        retval = ENOMEM;
+        (void) profile_ser_size(unused, profile, &required);
+        if (required <= remain) {
+            fcount = 0;
+            for (pfp = profile->first_file; pfp; pfp = pfp->next)
+                fcount++;
+            pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
+            pack_int32(fcount, &bp, &remain);
+            for (pfp = profile->first_file; pfp; pfp = pfp->next) {
+                slen = (prof_int32) strlen(pfp->data->filespec);
+                pack_int32(slen, &bp, &remain);
+                if (slen) {
+                    memcpy(bp, pfp->data->filespec, (size_t) slen);
+                    bp += slen;
+                    remain -= (size_t) slen;
+                }
+            }
+            pack_int32(PROF_MAGIC_PROFILE, &bp, &remain);
+            retval = 0;
+            *bufpp = bp;
+            *remainp = remain;
+        }
     }
     return(retval);
 }
 
 static int unpack_int32(prof_int32 *intp, unsigned char **bufpp,
-			size_t *remainp)
+                        size_t *remainp)
 {
     if (*remainp >= sizeof(prof_int32)) {
-	*intp = load_32_be(*bufpp);
-	*bufpp += sizeof(prof_int32);
-	*remainp -= sizeof(prof_int32);
-	return 0;
+        *intp = load_32_be(*bufpp);
+        *bufpp += sizeof(prof_int32);
+        *remainp -= sizeof(prof_int32);
+        return 0;
     }
     else
-	return 1;
+        return 1;
 }
 
 errcode_t profile_ser_internalize(const char *unused, profile_t *profilep,
-				  unsigned char **bufpp, size_t *remainp)
+                                  unsigned char **bufpp, size_t *remainp)
 {
-	errcode_t		retval;
-	unsigned char	*bp;
-	size_t		remain;
-	int			i;
-	prof_int32		fcount, tmp;
-	profile_filespec_t		*flist = 0;
-
-	bp = *bufpp;
-	remain = *remainp;
-	fcount = 0;
-
-	if (remain >= 12)
-		(void) unpack_int32(&tmp, &bp, &remain);
-	else
-		tmp = 0;
-
-	if (tmp != PROF_MAGIC_PROFILE) {
-		retval = EINVAL;
-		goto cleanup;
-	}
-
-	(void) unpack_int32(&fcount, &bp, &remain);
-	retval = ENOMEM;
-
-	flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (size_t) (fcount + 1));
-	if (!flist)
-		goto cleanup;
-
-	memset(flist, 0, sizeof(char *) * (size_t) (fcount+1));
-	for (i=0; i<fcount; i++) {
-		if (!unpack_int32(&tmp, &bp, &remain)) {
-			flist[i] = (char *) malloc((size_t) (tmp+1));
-			if (!flist[i])
-				goto cleanup;
-			memcpy(flist[i], bp, (size_t) tmp);
-			flist[i][tmp] = '\0';
-			bp += tmp;
-			remain -= (size_t) tmp;
-		}
-	}
-
-	if (unpack_int32(&tmp, &bp, &remain) ||
-	    (tmp != PROF_MAGIC_PROFILE)) {
-		retval = EINVAL;
-		goto cleanup;
-	}
-
-	if ((retval = profile_init((const_profile_filespec_t *) flist,
-				   profilep)))
-		goto cleanup;
-
-	*bufpp = bp;
-	*remainp = remain;
+    errcode_t               retval;
+    unsigned char   *bp;
+    size_t          remain;
+    int                     i;
+    prof_int32              fcount, tmp;
+    profile_filespec_t              *flist = 0;
+
+    bp = *bufpp;
+    remain = *remainp;
+    fcount = 0;
+
+    if (remain >= 12)
+        (void) unpack_int32(&tmp, &bp, &remain);
+    else
+        tmp = 0;
+
+    if (tmp != PROF_MAGIC_PROFILE) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    (void) unpack_int32(&fcount, &bp, &remain);
+    retval = ENOMEM;
+
+    flist = (profile_filespec_t *) malloc(sizeof(profile_filespec_t) * (size_t) (fcount + 1));
+    if (!flist)
+        goto cleanup;
+
+    memset(flist, 0, sizeof(char *) * (size_t) (fcount+1));
+    for (i=0; i<fcount; i++) {
+        if (!unpack_int32(&tmp, &bp, &remain)) {
+            flist[i] = (char *) malloc((size_t) (tmp+1));
+            if (!flist[i])
+                goto cleanup;
+            memcpy(flist[i], bp, (size_t) tmp);
+            flist[i][tmp] = '\0';
+            bp += tmp;
+            remain -= (size_t) tmp;
+        }
+    }
+
+    if (unpack_int32(&tmp, &bp, &remain) ||
+        (tmp != PROF_MAGIC_PROFILE)) {
+        retval = EINVAL;
+        goto cleanup;
+    }
+
+    if ((retval = profile_init((const_profile_filespec_t *) flist,
+                               profilep)))
+        goto cleanup;
+
+    *bufpp = bp;
+    *remainp = remain;
 
 cleanup:
-	if (flist) {
-		for (i=0; i<fcount; i++) {
-			if (flist[i])
-				free(flist[i]);
-		}
-		free(flist);
-	}
-	return(retval);
+    if (flist) {
+        for (i=0; i<fcount; i++) {
+            if (flist[i])
+                free(flist[i]);
+        }
+        free(flist);
+    }
+    return(retval);
 }
diff --git a/src/util/profile/prof_parse.c b/src/util/profile/prof_parse.c
index a48ae58..413c7df 100644
--- a/src/util/profile/prof_parse.c
+++ b/src/util/profile/prof_parse.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "prof_int.h"
 
 #include <stdio.h>
@@ -10,297 +11,297 @@
 
 #define SECTION_SEP_CHAR '/'
 
-#define STATE_INIT_COMMENT	1
-#define STATE_STD_LINE		2
-#define STATE_GET_OBRACE	3
+#define STATE_INIT_COMMENT      1
+#define STATE_STD_LINE          2
+#define STATE_GET_OBRACE        3
 
 struct parse_state {
-	int	state;
-	int	group_level;
-	struct profile_node *root_section;
-	struct profile_node *current_section;
+    int     state;
+    int     group_level;
+    struct profile_node *root_section;
+    struct profile_node *current_section;
 };
 
 static char *skip_over_blanks(char *cp)
 {
-	while (*cp && isspace((int) (*cp)))
-		cp++;
-	return cp;
+    while (*cp && isspace((int) (*cp)))
+        cp++;
+    return cp;
 }
 
 static void strip_line(char *line)
 {
-	char *p = line + strlen(line);
-	while (p > line && (p[-1] == '\n' || p[-1] == '\r'))
-	    *p-- = 0;
+    char *p = line + strlen(line);
+    while (p > line && (p[-1] == '\n' || p[-1] == '\r'))
+        *p-- = 0;
 }
 
 static void parse_quoted_string(char *str)
 {
-	char *to, *from;
-
-	to = from = str;
-
-	for (to = from = str; *from && *from != '"'; to++, from++) {
-		if (*from == '\\') {
-			from++;
-			switch (*from) {
-			case 'n':
-				*to = '\n';
-				break;
-			case 't':
-				*to = '\t';
-				break;
-			case 'b':
-				*to = '\b';
-				break;
-			default:
-				*to = *from;
-			}
-			continue;
-		}
-		*to = *from;
-	}
-	*to = '\0';
+    char *to, *from;
+
+    to = from = str;
+
+    for (to = from = str; *from && *from != '"'; to++, from++) {
+        if (*from == '\\') {
+            from++;
+            switch (*from) {
+            case 'n':
+                *to = '\n';
+                break;
+            case 't':
+                *to = '\t';
+                break;
+            case 'b':
+                *to = '\b';
+                break;
+            default:
+                *to = *from;
+            }
+            continue;
+        }
+        *to = *from;
+    }
+    *to = '\0';
 }
 
 
 static errcode_t parse_init_state(struct parse_state *state)
 {
-	state->state = STATE_INIT_COMMENT;
-	state->group_level = 0;
+    state->state = STATE_INIT_COMMENT;
+    state->group_level = 0;
 
-	return profile_create_node("(root)", 0, &state->root_section);
+    return profile_create_node("(root)", 0, &state->root_section);
 }
 
 static errcode_t parse_std_line(char *line, struct parse_state *state)
 {
-	char	*cp, ch, *tag, *value;
-	char	*p;
-	errcode_t retval;
-	struct profile_node	*node;
-	int do_subsection = 0;
-	void *iter = 0;
-
-	if (*line == 0)
-		return 0;
-	cp = skip_over_blanks(line);
-	if (cp[0] == ';' || cp[0] == '#')
-		return 0;
-	strip_line(cp);
-	ch = *cp;
-	if (ch == 0)
-		return 0;
-	if (ch == '[') {
-		if (state->group_level > 0)
-			return PROF_SECTION_NOTOP;
-		cp++;
-		p = strchr(cp, ']');
-		if (p == NULL)
-			return PROF_SECTION_SYNTAX;
-		*p = '\0';
-		retval = profile_find_node_subsection(state->root_section,
-						 cp, &iter, 0,
-						 &state->current_section);
-		if (retval == PROF_NO_SECTION) {
-			retval = profile_add_node(state->root_section,
-						  cp, 0,
-						  &state->current_section);
-			if (retval)
-				return retval;
-		} else if (retval)
-			return retval;
-
-		/*
-		 * Finish off the rest of the line.
-		 */
-		cp = p+1;
-		if (*cp == '*') {
-			profile_make_node_final(state->current_section);
-			cp++;
-		}
-		/*
-		 * A space after ']' should not be fatal
-		 */
-		cp = skip_over_blanks(cp);
-		if (*cp)
-			return PROF_SECTION_SYNTAX;
-		return 0;
-	}
-	if (ch == '}') {
-		if (state->group_level == 0)
-			return PROF_EXTRA_CBRACE;
-		if (*(cp+1) == '*')
-			profile_make_node_final(state->current_section);
-		retval = profile_get_node_parent(state->current_section,
-						 &state->current_section);
-		if (retval)
-			return retval;
-		state->group_level--;
-		return 0;
-	}
-	/*
-	 * Parse the relations
-	 */
-	tag = cp;
-	cp = strchr(cp, '=');
-	if (!cp)
-		return PROF_RELATION_SYNTAX;
-	if (cp == tag)
-	    return PROF_RELATION_SYNTAX;
-	*cp = '\0';
-	p = tag;
-	/* Look for whitespace on left-hand side.  */
-	while (p < cp && !isspace((int)*p))
-	    p++;
-	if (p < cp) {
-	    /* Found some sort of whitespace.  */
-	    *p++ = 0;
-	    /* If we have more non-whitespace, it's an error.  */
-	    while (p < cp) {
-		if (!isspace((int)*p))
-		    return PROF_RELATION_SYNTAX;
-		p++;
-	    }
-	}
-	cp = skip_over_blanks(cp+1);
-	value = cp;
-	if (value[0] == '"') {
-		value++;
-		parse_quoted_string(value);
-	} else if (value[0] == 0) {
-		do_subsection++;
-		state->state = STATE_GET_OBRACE;
-	} else if (value[0] == '{' && *(skip_over_blanks(value+1)) == 0)
-		do_subsection++;
-	else {
-		cp = value + strlen(value) - 1;
-		while ((cp > value) && isspace((int) (*cp)))
-			*cp-- = 0;
-	}
-	if (do_subsection) {
-		p = strchr(tag, '*');
-		if (p)
-			*p = '\0';
-		retval = profile_add_node(state->current_section,
-					  tag, 0, &state->current_section);
-		if (retval)
-			return retval;
-		if (p)
-			profile_make_node_final(state->current_section);
-		state->group_level++;
-		return 0;
-	}
-	p = strchr(tag, '*');
-	if (p)
-		*p = '\0';
-	profile_add_node(state->current_section, tag, value, &node);
-	if (p)
-		profile_make_node_final(node);
-	return 0;
+    char    *cp, ch, *tag, *value;
+    char    *p;
+    errcode_t retval;
+    struct profile_node     *node;
+    int do_subsection = 0;
+    void *iter = 0;
+
+    if (*line == 0)
+        return 0;
+    cp = skip_over_blanks(line);
+    if (cp[0] == ';' || cp[0] == '#')
+        return 0;
+    strip_line(cp);
+    ch = *cp;
+    if (ch == 0)
+        return 0;
+    if (ch == '[') {
+        if (state->group_level > 0)
+            return PROF_SECTION_NOTOP;
+        cp++;
+        p = strchr(cp, ']');
+        if (p == NULL)
+            return PROF_SECTION_SYNTAX;
+        *p = '\0';
+        retval = profile_find_node_subsection(state->root_section,
+                                              cp, &iter, 0,
+                                              &state->current_section);
+        if (retval == PROF_NO_SECTION) {
+            retval = profile_add_node(state->root_section,
+                                      cp, 0,
+                                      &state->current_section);
+            if (retval)
+                return retval;
+        } else if (retval)
+            return retval;
+
+        /*
+         * Finish off the rest of the line.
+         */
+        cp = p+1;
+        if (*cp == '*') {
+            profile_make_node_final(state->current_section);
+            cp++;
+        }
+        /*
+         * A space after ']' should not be fatal
+         */
+        cp = skip_over_blanks(cp);
+        if (*cp)
+            return PROF_SECTION_SYNTAX;
+        return 0;
+    }
+    if (ch == '}') {
+        if (state->group_level == 0)
+            return PROF_EXTRA_CBRACE;
+        if (*(cp+1) == '*')
+            profile_make_node_final(state->current_section);
+        retval = profile_get_node_parent(state->current_section,
+                                         &state->current_section);
+        if (retval)
+            return retval;
+        state->group_level--;
+        return 0;
+    }
+    /*
+     * Parse the relations
+     */
+    tag = cp;
+    cp = strchr(cp, '=');
+    if (!cp)
+        return PROF_RELATION_SYNTAX;
+    if (cp == tag)
+        return PROF_RELATION_SYNTAX;
+    *cp = '\0';
+    p = tag;
+    /* Look for whitespace on left-hand side.  */
+    while (p < cp && !isspace((int)*p))
+        p++;
+    if (p < cp) {
+        /* Found some sort of whitespace.  */
+        *p++ = 0;
+        /* If we have more non-whitespace, it's an error.  */
+        while (p < cp) {
+            if (!isspace((int)*p))
+                return PROF_RELATION_SYNTAX;
+            p++;
+        }
+    }
+    cp = skip_over_blanks(cp+1);
+    value = cp;
+    if (value[0] == '"') {
+        value++;
+        parse_quoted_string(value);
+    } else if (value[0] == 0) {
+        do_subsection++;
+        state->state = STATE_GET_OBRACE;
+    } else if (value[0] == '{' && *(skip_over_blanks(value+1)) == 0)
+        do_subsection++;
+    else {
+        cp = value + strlen(value) - 1;
+        while ((cp > value) && isspace((int) (*cp)))
+            *cp-- = 0;
+    }
+    if (do_subsection) {
+        p = strchr(tag, '*');
+        if (p)
+            *p = '\0';
+        retval = profile_add_node(state->current_section,
+                                  tag, 0, &state->current_section);
+        if (retval)
+            return retval;
+        if (p)
+            profile_make_node_final(state->current_section);
+        state->group_level++;
+        return 0;
+    }
+    p = strchr(tag, '*');
+    if (p)
+        *p = '\0';
+    profile_add_node(state->current_section, tag, value, &node);
+    if (p)
+        profile_make_node_final(node);
+    return 0;
 }
 
 static errcode_t parse_line(char *line, struct parse_state *state)
 {
-	char	*cp;
-
-	switch (state->state) {
-	case STATE_INIT_COMMENT:
-		if (line[0] != '[')
-			return 0;
-		state->state = STATE_STD_LINE;
-	case STATE_STD_LINE:
-		return parse_std_line(line, state);
-	case STATE_GET_OBRACE:
-		cp = skip_over_blanks(line);
-		if (*cp != '{')
-			return PROF_MISSING_OBRACE;
-		state->state = STATE_STD_LINE;
-	}
-	return 0;
+    char    *cp;
+
+    switch (state->state) {
+    case STATE_INIT_COMMENT:
+        if (line[0] != '[')
+            return 0;
+        state->state = STATE_STD_LINE;
+    case STATE_STD_LINE:
+        return parse_std_line(line, state);
+    case STATE_GET_OBRACE:
+        cp = skip_over_blanks(line);
+        if (*cp != '{')
+            return PROF_MISSING_OBRACE;
+        state->state = STATE_STD_LINE;
+    }
+    return 0;
 }
 
 errcode_t profile_parse_file(FILE *f, struct profile_node **root)
 {
-#define BUF_SIZE	2048
-	char *bptr;
-	errcode_t retval;
-	struct parse_state state;
-
-	bptr = malloc (BUF_SIZE);
-	if (!bptr)
-		return ENOMEM;
-
-	retval = parse_init_state(&state);
-	if (retval) {
-		free (bptr);
-		return retval;
-	}
-	while (!feof(f)) {
-		if (fgets(bptr, BUF_SIZE, f) == NULL)
-			break;
+#define BUF_SIZE        2048
+    char *bptr;
+    errcode_t retval;
+    struct parse_state state;
+
+    bptr = malloc (BUF_SIZE);
+    if (!bptr)
+        return ENOMEM;
+
+    retval = parse_init_state(&state);
+    if (retval) {
+        free (bptr);
+        return retval;
+    }
+    while (!feof(f)) {
+        if (fgets(bptr, BUF_SIZE, f) == NULL)
+            break;
 #ifndef PROFILE_SUPPORTS_FOREIGN_NEWLINES
-		retval = parse_line(bptr, &state);
-		if (retval) {
-		  profile_free_node(state.root_section);
-			free (bptr);
-			return retval;
-		}
+        retval = parse_line(bptr, &state);
+        if (retval) {
+            profile_free_node(state.root_section);
+            free (bptr);
+            return retval;
+        }
 #else
-		{
-		    char *p, *end;
-
-		    if (strlen(bptr) >= BUF_SIZE - 1) {
-			/* The string may have foreign newlines and
-			   gotten chopped off on a non-newline
-			   boundary.  Seek backwards to the last known
-			   newline.  */
-			long offset;
-			char *c = bptr + strlen (bptr);
-			for (offset = 0; offset > -BUF_SIZE; offset--) {
-			    if (*c == '\r' || *c == '\n') {
-				*c = '\0';
-				fseek (f, offset, SEEK_CUR);
-				break;
-			    }
-			    c--;
-			}
-		    }
-
-		    /* First change all newlines to \n */
-		    for (p = bptr; *p != '\0'; p++) {
-			if (*p == '\r')
-                            *p = '\n';
-		    }
-		    /* Then parse all lines */
-		    p = bptr;
-		    end = bptr + strlen (bptr);
-		    while (p < end) {
-			char* newline;
-			char* newp;
-
-			newline = strchr (p, '\n');
-			if (newline != NULL)
-			    *newline = '\0';
-
-			/* parse_line modifies contents of p */
-			newp = p + strlen (p) + 1;
-			retval = parse_line (p, &state);
-			if (retval) {
-			    profile_free_node(state.root_section);
-			    free (bptr);
-			    return retval;
-			}
-
-			p = newp;
-		    }
-		}
+        {
+            char *p, *end;
+
+            if (strlen(bptr) >= BUF_SIZE - 1) {
+                /* The string may have foreign newlines and
+                   gotten chopped off on a non-newline
+                   boundary.  Seek backwards to the last known
+                   newline.  */
+                long offset;
+                char *c = bptr + strlen (bptr);
+                for (offset = 0; offset > -BUF_SIZE; offset--) {
+                    if (*c == '\r' || *c == '\n') {
+                        *c = '\0';
+                        fseek (f, offset, SEEK_CUR);
+                        break;
+                    }
+                    c--;
+                }
+            }
+
+            /* First change all newlines to \n */
+            for (p = bptr; *p != '\0'; p++) {
+                if (*p == '\r')
+                    *p = '\n';
+            }
+            /* Then parse all lines */
+            p = bptr;
+            end = bptr + strlen (bptr);
+            while (p < end) {
+                char* newline;
+                char* newp;
+
+                newline = strchr (p, '\n');
+                if (newline != NULL)
+                    *newline = '\0';
+
+                /* parse_line modifies contents of p */
+                newp = p + strlen (p) + 1;
+                retval = parse_line (p, &state);
+                if (retval) {
+                    profile_free_node(state.root_section);
+                    free (bptr);
+                    return retval;
+                }
+
+                p = newp;
+            }
+        }
 #endif
-	}
-	*root = state.root_section;
+    }
+    *root = state.root_section;
 
-	free (bptr);
-	return 0;
+    free (bptr);
+    return 0;
 }
 
 /*
@@ -308,15 +309,15 @@ errcode_t profile_parse_file(FILE *f, struct profile_node **root)
  */
 static int need_double_quotes(char *str)
 {
-	if (!str)
-                return 0;
-	if (str[0] == '\0')
-		return 1;
-	if (isspace((int) (*str)) ||isspace((int) (*(str + strlen(str) - 1))))
-		return 1;
-	if (strchr(str, '\n') || strchr(str, '\t') || strchr(str, '\b'))
-		return 1;
-	return 0;
+    if (!str)
+        return 0;
+    if (str[0] == '\0')
+        return 1;
+    if (isspace((int) (*str)) ||isspace((int) (*(str + strlen(str) - 1))))
+        return 1;
+    if (strchr(str, '\n') || strchr(str, '\t') || strchr(str, '\b'))
+        return 1;
+    return 0;
 }
 
 /*
@@ -324,41 +325,41 @@ static int need_double_quotes(char *str)
  * of characters as necessary.
  */
 static void output_quoted_string(char *str, void (*cb)(const char *,void *),
-				 void *data)
+                                 void *data)
 {
-	char	ch;
-	char buf[2];
-
-	cb("\"", data);
-	if (!str) {
-		cb("\"", data);
-		return;
-	}
-	buf[1] = 0;
-	while ((ch = *str++)) {
-		switch (ch) {
-		case '\\':
-			cb("\\\\", data);
-			break;
-		case '\n':
-			cb("\\n", data);
-			break;
-		case '\t':
-			cb("\\t", data);
-			break;
-		case '\b':
-			cb("\\b", data);
-			break;
-		default:
-			/* This would be a lot faster if we scanned
-			   forward for the next "interesting"
-			   character.  */
-			buf[0] = ch;
-			cb(buf, data);
-			break;
-		}
-	}
-	cb("\"", data);
+    char    ch;
+    char buf[2];
+
+    cb("\"", data);
+    if (!str) {
+        cb("\"", data);
+        return;
+    }
+    buf[1] = 0;
+    while ((ch = *str++)) {
+        switch (ch) {
+        case '\\':
+            cb("\\\\", data);
+            break;
+        case '\n':
+            cb("\\n", data);
+            break;
+        case '\t':
+            cb("\\t", data);
+            break;
+        case '\b':
+            cb("\\b", data);
+            break;
+        default:
+            /* This would be a lot faster if we scanned
+               forward for the next "interesting"
+               character.  */
+            buf[0] = ch;
+            cb(buf, data);
+            break;
+        }
+    }
+    cb("\"", data);
 }
 
 
@@ -373,124 +374,124 @@ static void output_quoted_string(char *str, void (*cb)(const char *,void *),
 
 /* Errors should be returned, not ignored!  */
 static void dump_profile(struct profile_node *root, int level,
-			 void (*cb)(const char *, void *), void *data)
+                         void (*cb)(const char *, void *), void *data)
 {
-	int i;
-	struct profile_node *p;
-	void *iter;
-	long retval;
-	char *name, *value;
-
-	iter = 0;
-	do {
-		retval = profile_find_node_relation(root, 0, &iter,
-						    &name, &value);
-		if (retval)
-			break;
-		for (i=0; i < level; i++)
-			cb("\t", data);
-		if (need_double_quotes(value)) {
-			cb(name, data);
-			cb(" = ", data);
-			output_quoted_string(value, cb, data);
-			cb(EOL, data);
-		} else {
-			cb(name, data);
-			cb(" = ", data);
-			cb(value, data);
-			cb(EOL, data);
-		}
-	} while (iter != 0);
-
-	iter = 0;
-	do {
-		retval = profile_find_node_subsection(root, 0, &iter,
-						      &name, &p);
-		if (retval)
-			break;
-		if (level == 0)	{ /* [xxx] */
-			cb("[", data);
-			cb(name, data);
-			cb("]", data);
-			cb(profile_is_node_final(p) ? "*" : "", data);
-			cb(EOL, data);
-			dump_profile(p, level+1, cb, data);
-			cb(EOL, data);
-		} else { 	/* xxx = { ... } */
-			for (i=0; i < level; i++)
-				cb("\t", data);
-			cb(name, data);
-			cb(" = {", data);
-			cb(EOL, data);
-			dump_profile(p, level+1, cb, data);
-			for (i=0; i < level; i++)
-				cb("\t", data);
-			cb("}", data);
-			cb(profile_is_node_final(p) ? "*" : "", data);
-			cb(EOL, data);
-		}
-	} while (iter != 0);
+    int i;
+    struct profile_node *p;
+    void *iter;
+    long retval;
+    char *name, *value;
+
+    iter = 0;
+    do {
+        retval = profile_find_node_relation(root, 0, &iter,
+                                            &name, &value);
+        if (retval)
+            break;
+        for (i=0; i < level; i++)
+            cb("\t", data);
+        if (need_double_quotes(value)) {
+            cb(name, data);
+            cb(" = ", data);
+            output_quoted_string(value, cb, data);
+            cb(EOL, data);
+        } else {
+            cb(name, data);
+            cb(" = ", data);
+            cb(value, data);
+            cb(EOL, data);
+        }
+    } while (iter != 0);
+
+    iter = 0;
+    do {
+        retval = profile_find_node_subsection(root, 0, &iter,
+                                              &name, &p);
+        if (retval)
+            break;
+        if (level == 0) { /* [xxx] */
+            cb("[", data);
+            cb(name, data);
+            cb("]", data);
+            cb(profile_is_node_final(p) ? "*" : "", data);
+            cb(EOL, data);
+            dump_profile(p, level+1, cb, data);
+            cb(EOL, data);
+        } else {        /* xxx = { ... } */
+            for (i=0; i < level; i++)
+                cb("\t", data);
+            cb(name, data);
+            cb(" = {", data);
+            cb(EOL, data);
+            dump_profile(p, level+1, cb, data);
+            for (i=0; i < level; i++)
+                cb("\t", data);
+            cb("}", data);
+            cb(profile_is_node_final(p) ? "*" : "", data);
+            cb(EOL, data);
+        }
+    } while (iter != 0);
 }
 
 static void dump_profile_to_file_cb(const char *str, void *data)
 {
-	fputs(str, data);
+    fputs(str, data);
 }
 
 errcode_t profile_write_tree_file(struct profile_node *root, FILE *dstfile)
 {
-	dump_profile(root, 0, dump_profile_to_file_cb, dstfile);
-	return 0;
+    dump_profile(root, 0, dump_profile_to_file_cb, dstfile);
+    return 0;
 }
 
 struct prof_buf {
-	char *base;
-	size_t cur, max;
-	int err;
+    char *base;
+    size_t cur, max;
+    int err;
 };
 
 static void add_data_to_buffer(struct prof_buf *b, const void *d, size_t len)
 {
-	if (b->err)
-		return;
-	if (b->max - b->cur < len) {
-		size_t newsize;
-		char *newptr;
-
-		newsize = b->max + (b->max >> 1) + len + 1024;
-		newptr = realloc(b->base, newsize);
-		if (newptr == NULL) {
-			b->err = 1;
-			return;
-		}
-		b->base = newptr;
-		b->max = newsize;
-	}
-	memcpy(b->base + b->cur, d, len);
-	b->cur += len; 		/* ignore overflow */
+    if (b->err)
+        return;
+    if (b->max - b->cur < len) {
+        size_t newsize;
+        char *newptr;
+
+        newsize = b->max + (b->max >> 1) + len + 1024;
+        newptr = realloc(b->base, newsize);
+        if (newptr == NULL) {
+            b->err = 1;
+            return;
+        }
+        b->base = newptr;
+        b->max = newsize;
+    }
+    memcpy(b->base + b->cur, d, len);
+    b->cur += len;          /* ignore overflow */
 }
 
 static void dump_profile_to_buffer_cb(const char *str, void *data)
 {
-	add_data_to_buffer((struct prof_buf *)data, str, strlen(str));
+    add_data_to_buffer((struct prof_buf *)data, str, strlen(str));
 }
 
 errcode_t profile_write_tree_to_buffer(struct profile_node *root,
-				       char **buf)
+                                       char **buf)
 {
-	struct prof_buf prof_buf = { 0, 0, 0, 0 };
-
-	dump_profile(root, 0, dump_profile_to_buffer_cb, &prof_buf);
-	if (prof_buf.err) {
-		*buf = NULL;
-		return ENOMEM;
-	}
-	add_data_to_buffer(&prof_buf, "", 1); /* append nul */
-	if (prof_buf.max - prof_buf.cur > (prof_buf.max >> 3)) {
-		char *newptr = realloc(prof_buf.base, prof_buf.cur);
-		if (newptr)
-			prof_buf.base = newptr;
-	}
-	*buf = prof_buf.base;
-	return 0;
+    struct prof_buf prof_buf = { 0, 0, 0, 0 };
+
+    dump_profile(root, 0, dump_profile_to_buffer_cb, &prof_buf);
+    if (prof_buf.err) {
+        *buf = NULL;
+        return ENOMEM;
+    }
+    add_data_to_buffer(&prof_buf, "", 1); /* append nul */
+    if (prof_buf.max - prof_buf.cur > (prof_buf.max >> 3)) {
+        char *newptr = realloc(prof_buf.base, prof_buf.cur);
+        if (newptr)
+            prof_buf.base = newptr;
+    }
+    *buf = prof_buf.base;
+    return 0;
 }
diff --git a/src/util/profile/prof_set.c b/src/util/profile/prof_set.c
index a08bfd7..893048f 100644
--- a/src/util/profile/prof_set.c
+++ b/src/util/profile/prof_set.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_set.c --- routines that expose the public interfaces for
- * 	inserting, updating and deleting items from the profile.
+ *      inserting, updating and deleting items from the profile.
  *
  * WARNING: These routines only look at the first file opened in the
  * profile.  It's not clear how to handle multiple files, actually.
@@ -22,55 +23,55 @@
 
 static errcode_t rw_setup(profile_t profile)
 {
-   	prf_file_t	file;
-	errcode_t	retval = 0;
-
-	if (!profile)
-		return PROF_NO_PROFILE;
-
-	if (profile->magic != PROF_MAGIC_PROFILE)
-		return PROF_MAGIC_PROFILE;
-
-	file = profile->first_file;
-
-	retval = profile_lock_global();
-	if (retval)
-	    return retval;
-
-	/* Don't update the file if we've already made modifications */
-	if (file->data->flags & PROFILE_FILE_DIRTY) {
-	    profile_unlock_global();
-	    return 0;
-	}
-
-	if ((file->data->flags & PROFILE_FILE_SHARED) != 0) {
-	    prf_data_t new_data;
-	    new_data = profile_make_prf_data(file->data->filespec);
-	    if (new_data == NULL) {
-		retval = ENOMEM;
-	    } else {
-		retval = k5_mutex_init(&new_data->lock);
-		if (retval == 0) {
-		    new_data->root = NULL;
-		    new_data->flags = file->data->flags & ~PROFILE_FILE_SHARED;
-		    new_data->timestamp = 0;
-		    new_data->upd_serial = file->data->upd_serial;
-		}
-	    }
-
-	    if (retval != 0) {
-		profile_unlock_global();
-		free(new_data);
-		return retval;
-	    }
-	    profile_dereference_data_locked(file->data);
-	    file->data = new_data;
-	}
-
-	profile_unlock_global();
-	retval = profile_update_file(file);
-
-	return retval;
+    prf_file_t      file;
+    errcode_t       retval = 0;
+
+    if (!profile)
+        return PROF_NO_PROFILE;
+
+    if (profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+
+    file = profile->first_file;
+
+    retval = profile_lock_global();
+    if (retval)
+        return retval;
+
+    /* Don't update the file if we've already made modifications */
+    if (file->data->flags & PROFILE_FILE_DIRTY) {
+        profile_unlock_global();
+        return 0;
+    }
+
+    if ((file->data->flags & PROFILE_FILE_SHARED) != 0) {
+        prf_data_t new_data;
+        new_data = profile_make_prf_data(file->data->filespec);
+        if (new_data == NULL) {
+            retval = ENOMEM;
+        } else {
+            retval = k5_mutex_init(&new_data->lock);
+            if (retval == 0) {
+                new_data->root = NULL;
+                new_data->flags = file->data->flags & ~PROFILE_FILE_SHARED;
+                new_data->timestamp = 0;
+                new_data->upd_serial = file->data->upd_serial;
+            }
+        }
+
+        if (retval != 0) {
+            profile_unlock_global();
+            free(new_data);
+            return retval;
+        }
+        profile_dereference_data_locked(file->data);
+        file->data = new_data;
+    }
+
+    profile_unlock_global();
+    retval = profile_update_file(file);
+
+    return retval;
 }
 
 
@@ -81,50 +82,50 @@ static errcode_t rw_setup(profile_t profile)
  */
 errcode_t KRB5_CALLCONV
 profile_update_relation(profile_t profile, const char **names,
-			const char *old_value, const char *new_value)
+                        const char *old_value, const char *new_value)
 {
-	errcode_t	retval;
-	struct profile_node *section, *node;
-	void		*state;
-	const char	**cpp;
-
-	retval = rw_setup(profile);
-	if (retval)
-		return retval;
-
-	if (names == 0 || names[0] == 0 || names[1] == 0)
-		return PROF_BAD_NAMESET;
-
-	if (!old_value || !*old_value)
-		return PROF_EINVAL;
-
-	retval = k5_mutex_lock(&profile->first_file->data->lock);
-	if (retval)
-	    return retval;
-	section = profile->first_file->data->root;
-	for (cpp = names; cpp[1]; cpp++) {
-		state = 0;
-		retval = profile_find_node(section, *cpp, 0, 1,
-					   &state, &section);
-		if (retval) {
-		    k5_mutex_unlock(&profile->first_file->data->lock);
-		    return retval;
-		}
-	}
-
-	state = 0;
-	retval = profile_find_node(section, *cpp, old_value, 0, &state, &node);
-	if (retval == 0) {
-	    if (new_value)
-		retval = profile_set_relation_value(node, new_value);
-	    else
-		retval = profile_remove_node(node);
-	}
-	if (retval == 0)
-	    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
-	k5_mutex_unlock(&profile->first_file->data->lock);
-
-	return retval;
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    if (!old_value || !*old_value)
+        return PROF_EINVAL;
+
+    retval = k5_mutex_lock(&profile->first_file->data->lock);
+    if (retval)
+        return retval;
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    state = 0;
+    retval = profile_find_node(section, *cpp, old_value, 0, &state, &node);
+    if (retval == 0) {
+        if (new_value)
+            retval = profile_set_relation_value(node, new_value);
+        else
+            retval = profile_remove_node(node);
+    }
+    if (retval == 0)
+        profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+
+    return retval;
 }
 
 /*
@@ -135,40 +136,40 @@ profile_update_relation(profile_t profile, const char **names,
 errcode_t KRB5_CALLCONV
 profile_clear_relation(profile_t profile, const char **names)
 {
-	errcode_t	retval;
-	struct profile_node *section, *node;
-	void		*state;
-	const char	**cpp;
-
-	retval = rw_setup(profile);
-	if (retval)
-		return retval;
-
-	if (names == 0 || names[0] == 0 || names[1] == 0)
-		return PROF_BAD_NAMESET;
-
-	section = profile->first_file->data->root;
-	for (cpp = names; cpp[1]; cpp++) {
-		state = 0;
-		retval = profile_find_node(section, *cpp, 0, 1,
-					   &state, &section);
-		if (retval)
-			return retval;
-	}
-
-	state = 0;
-	do {
-		retval = profile_find_node(section, *cpp, 0, 0, &state, &node);
-		if (retval)
-			return retval;
-		retval = profile_remove_node(node);
-		if (retval)
-			return retval;
-	} while (state);
-
-	profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
-
-	return 0;
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval)
+            return retval;
+    }
+
+    state = 0;
+    do {
+        retval = profile_find_node(section, *cpp, 0, 0, &state, &node);
+        if (retval)
+            return retval;
+        retval = profile_remove_node(node);
+        if (retval)
+            return retval;
+    } while (state);
+
+    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+
+    return 0;
 }
 
 /*
@@ -179,46 +180,46 @@ profile_clear_relation(profile_t profile, const char **names)
  */
 errcode_t KRB5_CALLCONV
 profile_rename_section(profile_t profile, const char **names,
-		       const char *new_name)
+                       const char *new_name)
 {
-	errcode_t	retval;
-	struct profile_node *section, *node;
-	void		*state;
-	const char	**cpp;
-
-	retval = rw_setup(profile);
-	if (retval)
-		return retval;
-
-	if (names == 0 || names[0] == 0 || names[1] == 0)
-		return PROF_BAD_NAMESET;
-
-	retval = k5_mutex_lock(&profile->first_file->data->lock);
-	if (retval)
-	    return retval;
-	section = profile->first_file->data->root;
-	for (cpp = names; cpp[1]; cpp++) {
-		state = 0;
-		retval = profile_find_node(section, *cpp, 0, 1,
-					   &state, &section);
-		if (retval) {
-		    k5_mutex_unlock(&profile->first_file->data->lock);
-		    return retval;
-		}
-	}
-
-	state = 0;
-	retval = profile_find_node(section, *cpp, 0, 1, &state, &node);
-	if (retval == 0) {
-	    if (new_name)
-		retval = profile_rename_node(node, new_name);
-	    else
-		retval = profile_remove_node(node);
-	}
-	if (retval == 0)
-	    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
-	k5_mutex_unlock(&profile->first_file->data->lock);
-	return retval;
+    errcode_t       retval;
+    struct profile_node *section, *node;
+    void            *state;
+    const char      **cpp;
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    retval = k5_mutex_lock(&profile->first_file->data->lock);
+    if (retval)
+        return retval;
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    state = 0;
+    retval = profile_find_node(section, *cpp, 0, 1, &state, &node);
+    if (retval == 0) {
+        if (new_name)
+            retval = profile_rename_node(node, new_name);
+        else
+            retval = profile_remove_node(node);
+    }
+    if (retval == 0)
+        profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+    return retval;
 }
 
 /*
@@ -232,54 +233,54 @@ profile_rename_section(profile_t profile, const char **names,
  */
 errcode_t KRB5_CALLCONV
 profile_add_relation(profile_t profile, const char **names,
-		     const char *new_value)
+                     const char *new_value)
 {
-	errcode_t	retval;
-    	struct profile_node *section;
-	const char 	**cpp;
-	void		*state;
-
-	retval = rw_setup(profile);
-	if (retval)
-		return retval;
-
-	if (names == 0 || names[0] == 0 || names[1] == 0)
-		return PROF_BAD_NAMESET;
-
-	retval = k5_mutex_lock(&profile->first_file->data->lock);
-	if (retval)
-	    return retval;
-	section = profile->first_file->data->root;
-	for (cpp = names; cpp[1]; cpp++) {
-		state = 0;
-		retval = profile_find_node(section, *cpp, 0, 1,
-					   &state, &section);
-		if (retval == PROF_NO_SECTION)
-			retval = profile_add_node(section, *cpp, 0, &section);
-		if (retval) {
-		    k5_mutex_unlock(&profile->first_file->data->lock);
-		    return retval;
-		}
-	}
-
-	if (new_value == 0) {
-		retval = profile_find_node(section, *cpp, 0, 1, &state, 0);
-		if (retval == 0) {
-		    k5_mutex_unlock(&profile->first_file->data->lock);
-		    return PROF_EXISTS;
-		} else if (retval != PROF_NO_SECTION) {
-		    k5_mutex_unlock(&profile->first_file->data->lock);
-		    return retval;
-		}
-	}
-
-	retval = profile_add_node(section, *cpp, new_value, 0);
-	if (retval) {
-	    k5_mutex_unlock(&profile->first_file->data->lock);
-	    return retval;
-	}
-
-	profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
-	k5_mutex_unlock(&profile->first_file->data->lock);
-	return 0;
+    errcode_t       retval;
+    struct profile_node *section;
+    const char      **cpp;
+    void            *state;
+
+    retval = rw_setup(profile);
+    if (retval)
+        return retval;
+
+    if (names == 0 || names[0] == 0 || names[1] == 0)
+        return PROF_BAD_NAMESET;
+
+    retval = k5_mutex_lock(&profile->first_file->data->lock);
+    if (retval)
+        return retval;
+    section = profile->first_file->data->root;
+    for (cpp = names; cpp[1]; cpp++) {
+        state = 0;
+        retval = profile_find_node(section, *cpp, 0, 1,
+                                   &state, &section);
+        if (retval == PROF_NO_SECTION)
+            retval = profile_add_node(section, *cpp, 0, &section);
+        if (retval) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    if (new_value == 0) {
+        retval = profile_find_node(section, *cpp, 0, 1, &state, 0);
+        if (retval == 0) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return PROF_EXISTS;
+        } else if (retval != PROF_NO_SECTION) {
+            k5_mutex_unlock(&profile->first_file->data->lock);
+            return retval;
+        }
+    }
+
+    retval = profile_add_node(section, *cpp, new_value, 0);
+    if (retval) {
+        k5_mutex_unlock(&profile->first_file->data->lock);
+        return retval;
+    }
+
+    profile->first_file->data->flags |= PROFILE_FILE_DIRTY;
+    k5_mutex_unlock(&profile->first_file->data->lock);
+    return 0;
 }
diff --git a/src/util/profile/prof_tree.c b/src/util/profile/prof_tree.c
index 6663dc1..711fc95 100644
--- a/src/util/profile/prof_tree.c
+++ b/src/util/profile/prof_tree.c
@@ -1,6 +1,7 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prof_tree.c --- these routines maintain the parse tree of the
- * 	config file.
+ *      config file.
  *
  * All of the details of how the tree is stored is abstracted away in
  * this file; all of the other profile routines build, access, and
@@ -28,43 +29,43 @@
 #include <ctype.h>
 
 struct profile_node {
-	errcode_t	magic;
-	char *name;
-	char *value;
-	int group_level;
-	unsigned int final:1;		/* Indicate don't search next file */
-	unsigned int deleted:1;
-	struct profile_node *first_child;
-	struct profile_node *parent;
-	struct profile_node *next, *prev;
+    errcode_t       magic;
+    char *name;
+    char *value;
+    int group_level;
+    unsigned int final:1;           /* Indicate don't search next file */
+    unsigned int deleted:1;
+    struct profile_node *first_child;
+    struct profile_node *parent;
+    struct profile_node *next, *prev;
 };
 
-#define CHECK_MAGIC(node) \
-	  if ((node)->magic != PROF_MAGIC_NODE) \
-		  return PROF_MAGIC_NODE;
+#define CHECK_MAGIC(node)                       \
+    if ((node)->magic != PROF_MAGIC_NODE)       \
+        return PROF_MAGIC_NODE;
 
 /*
  * Free a node, and any children
  */
 void profile_free_node(struct profile_node *node)
 {
-	struct profile_node *child, *next;
+    struct profile_node *child, *next;
 
-	if (node->magic != PROF_MAGIC_NODE)
-		return;
+    if (node->magic != PROF_MAGIC_NODE)
+        return;
 
-	if (node->name)
-		free(node->name);
-	if (node->value)
-		free(node->value);
+    if (node->name)
+        free(node->name);
+    if (node->value)
+        free(node->value);
 
-	for (child=node->first_child; child; child = next) {
-		next = child->next;
-		profile_free_node(child);
-	}
-	node->magic = 0;
+    for (child=node->first_child; child; child = next) {
+        next = child->next;
+        profile_free_node(child);
+    }
+    node->magic = 0;
 
-	free(node);
+    free(node);
 }
 
 #ifndef HAVE_STRDUP
@@ -75,7 +76,7 @@ static char *MYstrdup (const char *s)
     size_t sz = strlen(s) + 1;
     char *p = malloc(sz);
     if (p != 0)
-	memcpy(p, s, sz);
+        memcpy(p, s, sz);
     return p;
 }
 #endif
@@ -84,31 +85,31 @@ static char *MYstrdup (const char *s)
  * Create a node
  */
 errcode_t profile_create_node(const char *name, const char *value,
-			      struct profile_node **ret_node)
+                              struct profile_node **ret_node)
 {
-	struct profile_node *new;
-
-	new = malloc(sizeof(struct profile_node));
-	if (!new)
-		return ENOMEM;
-	memset(new, 0, sizeof(struct profile_node));
-	/* Set magic here so profile_free_node will free memory */
-	new->magic = PROF_MAGIC_NODE;
-	new->name = strdup(name);
-	if (new->name == 0) {
-	    profile_free_node(new);
-	    return ENOMEM;
-	}
-	if (value) {
-		new->value = strdup(value);
-		if (new->value == 0) {
-		    profile_free_node(new);
-		    return ENOMEM;
-		}
-	}
-
-	*ret_node = new;
-	return 0;
+    struct profile_node *new;
+
+    new = malloc(sizeof(struct profile_node));
+    if (!new)
+        return ENOMEM;
+    memset(new, 0, sizeof(struct profile_node));
+    /* Set magic here so profile_free_node will free memory */
+    new->magic = PROF_MAGIC_NODE;
+    new->name = strdup(name);
+    if (new->name == 0) {
+        profile_free_node(new);
+        return ENOMEM;
+    }
+    if (value) {
+        new->value = strdup(value);
+        if (new->value == 0) {
+            profile_free_node(new);
+            return ENOMEM;
+        }
+    }
+
+    *ret_node = new;
+    return 0;
 }
 
 /*
@@ -118,73 +119,73 @@ errcode_t profile_create_node(const char *name, const char *value,
  */
 errcode_t profile_verify_node(struct profile_node *node)
 {
-	struct profile_node *p, *last;
-	errcode_t	retval;
-
-	CHECK_MAGIC(node);
-
-	if (node->value && node->first_child)
-		return PROF_SECTION_WITH_VALUE;
-
-	last = 0;
-	for (p = node->first_child; p; last = p, p = p->next) {
-		if (p->prev != last)
-			return PROF_BAD_LINK_LIST;
-		if (last && (last->next != p))
-			return PROF_BAD_LINK_LIST;
-		if (node->group_level+1 != p->group_level)
-			return PROF_BAD_GROUP_LVL;
-		if (p->parent != node)
-			return PROF_BAD_PARENT_PTR;
-		retval = profile_verify_node(p);
-		if (retval)
-			return retval;
-	}
-	return 0;
+    struct profile_node *p, *last;
+    errcode_t       retval;
+
+    CHECK_MAGIC(node);
+
+    if (node->value && node->first_child)
+        return PROF_SECTION_WITH_VALUE;
+
+    last = 0;
+    for (p = node->first_child; p; last = p, p = p->next) {
+        if (p->prev != last)
+            return PROF_BAD_LINK_LIST;
+        if (last && (last->next != p))
+            return PROF_BAD_LINK_LIST;
+        if (node->group_level+1 != p->group_level)
+            return PROF_BAD_GROUP_LVL;
+        if (p->parent != node)
+            return PROF_BAD_PARENT_PTR;
+        retval = profile_verify_node(p);
+        if (retval)
+            return retval;
+    }
+    return 0;
 }
 
 /*
  * Add a node to a particular section
  */
 errcode_t profile_add_node(struct profile_node *section, const char *name,
-			   const char *value, struct profile_node **ret_node)
+                           const char *value, struct profile_node **ret_node)
 {
-	errcode_t retval;
-	struct profile_node *p, *last, *new;
-
-	CHECK_MAGIC(section);
-
-	if (section->value)
-		return PROF_ADD_NOT_SECTION;
-
-	/*
-	 * Find the place to insert the new node.  We look for the
-	 * place *after* the last match of the node name, since
-	 * order matters.
-	 */
-	for (p=section->first_child, last = 0; p; last = p, p = p->next) {
-		int cmp;
-		cmp = strcmp(p->name, name);
-		if (cmp > 0)
-			break;
-	}
-	retval = profile_create_node(name, value, &new);
-	if (retval)
-		return retval;
-	new->group_level = section->group_level+1;
-	new->deleted = 0;
-	new->parent = section;
-	new->prev = last;
-	new->next = p;
-	if (p)
-		p->prev = new;
-	if (last)
-		last->next = new;
-	else
-		section->first_child = new;
-	if (ret_node)
-		*ret_node = new;
-	return 0;
+    errcode_t retval;
+    struct profile_node *p, *last, *new;
+
+    CHECK_MAGIC(section);
+
+    if (section->value)
+        return PROF_ADD_NOT_SECTION;
+
+    /*
+     * Find the place to insert the new node.  We look for the
+     * place *after* the last match of the node name, since
+     * order matters.
+     */
+    for (p=section->first_child, last = 0; p; last = p, p = p->next) {
+        int cmp;
+        cmp = strcmp(p->name, name);
+        if (cmp > 0)
+            break;
+    }
+    retval = profile_create_node(name, value, &new);
+    if (retval)
+        return retval;
+    new->group_level = section->group_level+1;
+    new->deleted = 0;
+    new->parent = section;
+    new->prev = last;
+    new->next = p;
+    if (p)
+        p->prev = new;
+    if (last)
+        last->next = new;
+    else
+        section->first_child = new;
+    if (ret_node)
+        *ret_node = new;
+    return 0;
 }
 
 /*
@@ -192,10 +193,10 @@ errcode_t profile_add_node(struct profile_node *section, const char *name,
  */
 errcode_t profile_make_node_final(struct profile_node *node)
 {
-	CHECK_MAGIC(node);
+    CHECK_MAGIC(node);
 
-	node->final = 1;
-	return 0;
+    node->final = 1;
+    return 0;
 }
 
 /*
@@ -203,7 +204,7 @@ errcode_t profile_make_node_final(struct profile_node *node)
  */
 int profile_is_node_final(struct profile_node *node)
 {
-	return (node->final != 0);
+    return (node->final != 0);
 }
 
 /*
@@ -213,7 +214,7 @@ int profile_is_node_final(struct profile_node *node)
  */
 const char *profile_get_node_name(struct profile_node *node)
 {
-	return node->name;
+    return node->name;
 }
 
 /*
@@ -223,7 +224,7 @@ const char *profile_get_node_name(struct profile_node *node)
  */
 const char *profile_get_node_value(struct profile_node *node)
 {
-	return node->value;
+    return node->value;
 }
 
 /*
@@ -241,63 +242,63 @@ const char *profile_get_node_value(struct profile_node *node)
  *
  */
 errcode_t profile_find_node(struct profile_node *section, const char *name,
-			    const char *value, int section_flag, void **state,
-			    struct profile_node **node)
+                            const char *value, int section_flag, void **state,
+                            struct profile_node **node)
 {
-	struct profile_node *p;
-
-	CHECK_MAGIC(section);
-	p = *state;
-	if (p) {
-		CHECK_MAGIC(p);
-	} else
-		p = section->first_child;
-
-	for (; p; p = p->next) {
-		if (name && (strcmp(p->name, name)))
-			continue;
-		if (section_flag) {
-			if (p->value)
-				continue;
-		} else {
-			if (!p->value)
-				continue;
-			if (value && (strcmp(p->value, value)))
-				continue;
-		}
-		if (p->deleted)
-		    continue;
-		/* A match! */
-		if (node)
-			*node = p;
-		break;
-	}
-	if (p == 0) {
-		*state = 0;
-		return section_flag ? PROF_NO_SECTION : PROF_NO_RELATION;
-	}
-	/*
-	 * OK, we've found one match; now let's try to find another
-	 * one.  This way, if we return a non-zero state pointer,
-	 * there's guaranteed to be another match that's returned.
-	 */
-	for (p = p->next; p; p = p->next) {
-		if (name && (strcmp(p->name, name)))
-			continue;
-		if (section_flag) {
-			if (p->value)
-				continue;
-		} else {
-			if (!p->value)
-				continue;
-			if (value && (strcmp(p->value, value)))
-				continue;
-		}
-		/* A match! */
-		break;
-	}
-	*state = p;
-	return 0;
+    struct profile_node *p;
+
+    CHECK_MAGIC(section);
+    p = *state;
+    if (p) {
+        CHECK_MAGIC(p);
+    } else
+        p = section->first_child;
+
+    for (; p; p = p->next) {
+        if (name && (strcmp(p->name, name)))
+            continue;
+        if (section_flag) {
+            if (p->value)
+                continue;
+        } else {
+            if (!p->value)
+                continue;
+            if (value && (strcmp(p->value, value)))
+                continue;
+        }
+        if (p->deleted)
+            continue;
+        /* A match! */
+        if (node)
+            *node = p;
+        break;
+    }
+    if (p == 0) {
+        *state = 0;
+        return section_flag ? PROF_NO_SECTION : PROF_NO_RELATION;
+    }
+    /*
+     * OK, we've found one match; now let's try to find another
+     * one.  This way, if we return a non-zero state pointer,
+     * there's guaranteed to be another match that's returned.
+     */
+    for (p = p->next; p; p = p->next) {
+        if (name && (strcmp(p->name, name)))
+            continue;
+        if (section_flag) {
+            if (p->value)
+                continue;
+        } else {
+            if (!p->value)
+                continue;
+            if (value && (strcmp(p->value, value)))
+                continue;
+        }
+        /* A match! */
+        break;
+    }
+    *state = p;
+    return 0;
 }
 
 
@@ -315,23 +316,23 @@ errcode_t profile_find_node(struct profile_node *section, const char *name,
  * exported interface), it should be strdup()'ed.
  */
 errcode_t profile_find_node_relation(struct profile_node *section,
-				     const char *name, void **state,
-				     char **ret_name, char **value)
+                                     const char *name, void **state,
+                                     char **ret_name, char **value)
 {
-	struct profile_node *p;
-	errcode_t	retval;
-
-	retval = profile_find_node(section, name, 0, 0, state, &p);
-	if (retval)
-		return retval;
-
-	if (p) {
-		if (value)
-			*value = p->value;
-		if (ret_name)
-			*ret_name = p->name;
-	}
-	return 0;
+    struct profile_node *p;
+    errcode_t       retval;
+
+    retval = profile_find_node(section, name, 0, 0, state, &p);
+    if (retval)
+        return retval;
+
+    if (p) {
+        if (value)
+            *value = p->value;
+        if (ret_name)
+            *ret_name = p->name;
+    }
+    return 0;
 }
 
 /*
@@ -347,34 +348,34 @@ errcode_t profile_find_node_relation(struct profile_node *section,
  * profile_find_node.
  */
 errcode_t profile_find_node_subsection(struct profile_node *section,
-				       const char *name, void **state,
-				       char **ret_name,
-				       struct profile_node **subsection)
+                                       const char *name, void **state,
+                                       char **ret_name,
+                                       struct profile_node **subsection)
 {
-	struct profile_node *p;
-	errcode_t	retval;
-
-	retval = profile_find_node(section, name, 0, 1, state, &p);
-	if (retval)
-		return retval;
-
-	if (p) {
-		if (subsection)
-			*subsection = p;
-		if (ret_name)
-			*ret_name = p->name;
-	}
-	return 0;
+    struct profile_node *p;
+    errcode_t       retval;
+
+    retval = profile_find_node(section, name, 0, 1, state, &p);
+    if (retval)
+        return retval;
+
+    if (p) {
+        if (subsection)
+            *subsection = p;
+        if (ret_name)
+            *ret_name = p->name;
+    }
+    return 0;
 }
 
 /*
  * This function returns the parent of a particular node.
  */
 errcode_t profile_get_node_parent(struct profile_node *section,
-				  struct profile_node **parent)
+                                  struct profile_node **parent)
 {
-	*parent = section->parent;
-	return 0;
+    *parent = section->parent;
+    return 0;
 }
 
 /*
@@ -382,63 +383,63 @@ errcode_t profile_get_node_parent(struct profile_node *section,
  * match the specified name array.
  */
 struct profile_iterator {
-	prf_magic_t		magic;
-	profile_t		profile;
-	int			flags;
-	const char 		*const *names;
-	const char		*name;
-	prf_file_t		file;
-	int			file_serial;
-	int			done_idx;
-	struct profile_node 	*node;
-	int			num;
+    prf_magic_t             magic;
+    profile_t               profile;
+    int                     flags;
+    const char              *const *names;
+    const char              *name;
+    prf_file_t              file;
+    int                     file_serial;
+    int                     done_idx;
+    struct profile_node     *node;
+    int                     num;
 };
 
 errcode_t profile_node_iterator_create(profile_t profile,
-				       const char *const *names, int flags,
-				       void **ret_iter)
+                                       const char *const *names, int flags,
+                                       void **ret_iter)
 {
-	struct profile_iterator *iter;
-	int	done_idx = 0;
-
-	if (profile == 0)
-		return PROF_NO_PROFILE;
-	if (profile->magic != PROF_MAGIC_PROFILE)
-		return PROF_MAGIC_PROFILE;
-	if (!names)
-		return PROF_BAD_NAMESET;
-	if (!(flags & PROFILE_ITER_LIST_SECTION)) {
-		if (!names[0])
-			return PROF_BAD_NAMESET;
-		done_idx = 1;
-	}
-
-	if ((iter = malloc(sizeof(struct profile_iterator))) == NULL)
-		return ENOMEM;
-
-	iter->magic = PROF_MAGIC_ITERATOR;
-	iter->profile = profile;
-	iter->names = names;
-	iter->flags = flags;
-	iter->file = profile->first_file;
-	iter->done_idx = done_idx;
-	iter->node = 0;
-	iter->num = 0;
-	*ret_iter = iter;
-	return 0;
+    struct profile_iterator *iter;
+    int     done_idx = 0;
+
+    if (profile == 0)
+        return PROF_NO_PROFILE;
+    if (profile->magic != PROF_MAGIC_PROFILE)
+        return PROF_MAGIC_PROFILE;
+    if (!names)
+        return PROF_BAD_NAMESET;
+    if (!(flags & PROFILE_ITER_LIST_SECTION)) {
+        if (!names[0])
+            return PROF_BAD_NAMESET;
+        done_idx = 1;
+    }
+
+    if ((iter = malloc(sizeof(struct profile_iterator))) == NULL)
+        return ENOMEM;
+
+    iter->magic = PROF_MAGIC_ITERATOR;
+    iter->profile = profile;
+    iter->names = names;
+    iter->flags = flags;
+    iter->file = profile->first_file;
+    iter->done_idx = done_idx;
+    iter->node = 0;
+    iter->num = 0;
+    *ret_iter = iter;
+    return 0;
 }
 
 void profile_node_iterator_free(void **iter_p)
 {
-	struct profile_iterator *iter;
-
-	if (!iter_p)
-		return;
-	iter = *iter_p;
-	if (!iter || iter->magic != PROF_MAGIC_ITERATOR)
-		return;
-	free(iter);
-	*iter_p = 0;
+    struct profile_iterator *iter;
+
+    if (!iter_p)
+        return;
+    iter = *iter_p;
+    if (!iter || iter->magic != PROF_MAGIC_ITERATOR)
+        return;
+    free(iter);
+    *iter_p = 0;
 }
 
 /*
@@ -449,156 +450,156 @@ void profile_node_iterator_free(void **iter_p)
  * strdup()'ed.
  */
 errcode_t profile_node_iterator(void **iter_p, struct profile_node **ret_node,
-				char **ret_name, char **ret_value)
+                                char **ret_name, char **ret_value)
 {
-	struct profile_iterator 	*iter = *iter_p;
-	struct profile_node 		*section, *p;
-	const char			*const *cpp;
-	errcode_t			retval;
-	int				skip_num = 0;
-
-	if (!iter || iter->magic != PROF_MAGIC_ITERATOR)
-		return PROF_MAGIC_ITERATOR;
-	if (iter->file && iter->file->magic != PROF_MAGIC_FILE)
-	    return PROF_MAGIC_FILE;
-	if (iter->file && iter->file->data->magic != PROF_MAGIC_FILE_DATA)
-	    return PROF_MAGIC_FILE_DATA;
-	/*
-	 * If the file has changed, then the node pointer is invalid,
-	 * so we'll have search the file again looking for it.
-	 */
-	if (iter->file) {
-	    retval = k5_mutex_lock(&iter->file->data->lock);
-	    if (retval)
-		return retval;
-	}
-	if (iter->node && (iter->file->data->upd_serial != iter->file_serial)) {
-		iter->flags &= ~PROFILE_ITER_FINAL_SEEN;
-		skip_num = iter->num;
-		iter->node = 0;
-	}
-	if (iter->node && iter->node->magic != PROF_MAGIC_NODE) {
-	    if (iter->file)
-		k5_mutex_unlock(&iter->file->data->lock);
-	    return PROF_MAGIC_NODE;
-	}
+    struct profile_iterator         *iter = *iter_p;
+    struct profile_node             *section, *p;
+    const char                      *const *cpp;
+    errcode_t                       retval;
+    int                             skip_num = 0;
+
+    if (!iter || iter->magic != PROF_MAGIC_ITERATOR)
+        return PROF_MAGIC_ITERATOR;
+    if (iter->file && iter->file->magic != PROF_MAGIC_FILE)
+        return PROF_MAGIC_FILE;
+    if (iter->file && iter->file->data->magic != PROF_MAGIC_FILE_DATA)
+        return PROF_MAGIC_FILE_DATA;
+    /*
+     * If the file has changed, then the node pointer is invalid,
+     * so we'll have search the file again looking for it.
+     */
+    if (iter->file) {
+        retval = k5_mutex_lock(&iter->file->data->lock);
+        if (retval)
+            return retval;
+    }
+    if (iter->node && (iter->file->data->upd_serial != iter->file_serial)) {
+        iter->flags &= ~PROFILE_ITER_FINAL_SEEN;
+        skip_num = iter->num;
+        iter->node = 0;
+    }
+    if (iter->node && iter->node->magic != PROF_MAGIC_NODE) {
+        if (iter->file)
+            k5_mutex_unlock(&iter->file->data->lock);
+        return PROF_MAGIC_NODE;
+    }
 get_new_file:
-	if (iter->node == 0) {
-		if (iter->file == 0 ||
-		    (iter->flags & PROFILE_ITER_FINAL_SEEN)) {
-			if (iter->file)
-			    k5_mutex_unlock(&iter->file->data->lock);
-			profile_node_iterator_free(iter_p);
-			if (ret_node)
-				*ret_node = 0;
-			if (ret_name)
-				*ret_name = 0;
-			if (ret_value)
-				*ret_value =0;
-			return 0;
-		}
-		if ((retval = profile_update_file_locked(iter->file))) {
-		    k5_mutex_unlock(&iter->file->data->lock);
-		    if (retval == ENOENT || retval == EACCES) {
-			/* XXX memory leak? */
-			iter->file = iter->file->next;
-			if (iter->file) {
-			    retval = k5_mutex_lock(&iter->file->data->lock);
-			    if (retval) {
-				profile_node_iterator_free(iter_p);
-				return retval;
-			    }
-			}
-			skip_num = 0;
-			retval = 0;
-			goto get_new_file;
-		    } else {
-			profile_node_iterator_free(iter_p);
-			return retval;
-		    }
-		}
-		iter->file_serial = iter->file->data->upd_serial;
-		/*
-		 * Find the section to list if we are a LIST_SECTION,
-		 * or find the containing section if not.
-		 */
-		section = iter->file->data->root;
-		assert(section != NULL);
-		for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
-			for (p=section->first_child; p; p = p->next) {
-				if (!strcmp(p->name, *cpp) && !p->value)
-					break;
-			}
-			if (!p) {
-				section = 0;
-				break;
-			}
-			section = p;
-			if (p->final)
-				iter->flags |= PROFILE_ITER_FINAL_SEEN;
-		}
-		if (!section) {
-			k5_mutex_unlock(&iter->file->data->lock);
-			iter->file = iter->file->next;
-			if (iter->file) {
-			    retval = k5_mutex_lock(&iter->file->data->lock);
-			    if (retval) {
-				profile_node_iterator_free(iter_p);
-				return retval;
-			    }
-			}
-			skip_num = 0;
-			goto get_new_file;
-		}
-		iter->name = *cpp;
-		iter->node = section->first_child;
-	}
-	/*
-	 * OK, now we know iter->node is set up correctly.  Let's do
-	 * the search.
-	 */
-	for (p = iter->node; p; p = p->next) {
-		if (iter->name && strcmp(p->name, iter->name))
-			continue;
-		if ((iter->flags & PROFILE_ITER_SECTIONS_ONLY) &&
-		    p->value)
-			continue;
-		if ((iter->flags & PROFILE_ITER_RELATIONS_ONLY) &&
-		    !p->value)
-			continue;
-		if (skip_num > 0) {
-			skip_num--;
-			continue;
-		}
-		if (p->deleted)
-			continue;
-		break;
-	}
-	iter->num++;
-	if (!p) {
-		k5_mutex_unlock(&iter->file->data->lock);
-		iter->file = iter->file->next;
-		if (iter->file) {
-		    retval = k5_mutex_lock(&iter->file->data->lock);
-		    if (retval) {
-			profile_node_iterator_free(iter_p);
-			return retval;
-		    }
-		}
-		iter->node = 0;
-		skip_num = 0;
-		goto get_new_file;
-	}
-	k5_mutex_unlock(&iter->file->data->lock);
-	if ((iter->node = p->next) == NULL)
-		iter->file = iter->file->next;
-	if (ret_node)
-		*ret_node = p;
-	if (ret_name)
-		*ret_name = p->name;
-	if (ret_value)
-		*ret_value = p->value;
-	return 0;
+    if (iter->node == 0) {
+        if (iter->file == 0 ||
+            (iter->flags & PROFILE_ITER_FINAL_SEEN)) {
+            if (iter->file)
+                k5_mutex_unlock(&iter->file->data->lock);
+            profile_node_iterator_free(iter_p);
+            if (ret_node)
+                *ret_node = 0;
+            if (ret_name)
+                *ret_name = 0;
+            if (ret_value)
+                *ret_value =0;
+            return 0;
+        }
+        if ((retval = profile_update_file_locked(iter->file))) {
+            k5_mutex_unlock(&iter->file->data->lock);
+            if (retval == ENOENT || retval == EACCES) {
+                /* XXX memory leak? */
+                iter->file = iter->file->next;
+                if (iter->file) {
+                    retval = k5_mutex_lock(&iter->file->data->lock);
+                    if (retval) {
+                        profile_node_iterator_free(iter_p);
+                        return retval;
+                    }
+                }
+                skip_num = 0;
+                retval = 0;
+                goto get_new_file;
+            } else {
+                profile_node_iterator_free(iter_p);
+                return retval;
+            }
+        }
+        iter->file_serial = iter->file->data->upd_serial;
+        /*
+         * Find the section to list if we are a LIST_SECTION,
+         * or find the containing section if not.
+         */
+        section = iter->file->data->root;
+        assert(section != NULL);
+        for (cpp = iter->names; cpp[iter->done_idx]; cpp++) {
+            for (p=section->first_child; p; p = p->next) {
+                if (!strcmp(p->name, *cpp) && !p->value)
+                    break;
+            }
+            if (!p) {
+                section = 0;
+                break;
+            }
+            section = p;
+            if (p->final)
+                iter->flags |= PROFILE_ITER_FINAL_SEEN;
+        }
+        if (!section) {
+            k5_mutex_unlock(&iter->file->data->lock);
+            iter->file = iter->file->next;
+            if (iter->file) {
+                retval = k5_mutex_lock(&iter->file->data->lock);
+                if (retval) {
+                    profile_node_iterator_free(iter_p);
+                    return retval;
+                }
+            }
+            skip_num = 0;
+            goto get_new_file;
+        }
+        iter->name = *cpp;
+        iter->node = section->first_child;
+    }
+    /*
+     * OK, now we know iter->node is set up correctly.  Let's do
+     * the search.
+     */
+    for (p = iter->node; p; p = p->next) {
+        if (iter->name && strcmp(p->name, iter->name))
+            continue;
+        if ((iter->flags & PROFILE_ITER_SECTIONS_ONLY) &&
+            p->value)
+            continue;
+        if ((iter->flags & PROFILE_ITER_RELATIONS_ONLY) &&
+            !p->value)
+            continue;
+        if (skip_num > 0) {
+            skip_num--;
+            continue;
+        }
+        if (p->deleted)
+            continue;
+        break;
+    }
+    iter->num++;
+    if (!p) {
+        k5_mutex_unlock(&iter->file->data->lock);
+        iter->file = iter->file->next;
+        if (iter->file) {
+            retval = k5_mutex_lock(&iter->file->data->lock);
+            if (retval) {
+                profile_node_iterator_free(iter_p);
+                return retval;
+            }
+        }
+        iter->node = 0;
+        skip_num = 0;
+        goto get_new_file;
+    }
+    k5_mutex_unlock(&iter->file->data->lock);
+    if ((iter->node = p->next) == NULL)
+        iter->file = iter->file->next;
+    if (ret_node)
+        *ret_node = p;
+    if (ret_name)
+        *ret_name = p->name;
+    if (ret_value)
+        *ret_value = p->value;
+    return 0;
 }
 
 /*
@@ -608,14 +609,14 @@ get_new_file:
  */
 errcode_t profile_remove_node(struct profile_node *node)
 {
-	CHECK_MAGIC(node);
+    CHECK_MAGIC(node);
 
-	if (node->parent == 0)
-		return PROF_EINVAL; /* Can't remove the root! */
+    if (node->parent == 0)
+        return PROF_EINVAL; /* Can't remove the root! */
 
-	node->deleted = 1;
+    node->deleted = 1;
 
-	return 0;
+    return 0;
 }
 
 /*
@@ -624,23 +625,23 @@ errcode_t profile_remove_node(struct profile_node *node)
  * TYT, 2/25/99
  */
 errcode_t profile_set_relation_value(struct profile_node *node,
-				     const char *new_value)
+                                     const char *new_value)
 {
-	char	*cp;
+    char    *cp;
 
-	CHECK_MAGIC(node);
+    CHECK_MAGIC(node);
 
-	if (!node->value)
-		return PROF_SET_SECTION_VALUE;
+    if (!node->value)
+        return PROF_SET_SECTION_VALUE;
 
-	cp = strdup(new_value);
-	if (!cp)
-		return ENOMEM;
+    cp = strdup(new_value);
+    if (!cp)
+        return ENOMEM;
 
-	free(node->value);
-	node->value = cp;
+    free(node->value);
+    node->value = cp;
 
-	return 0;
+    return 0;
 }
 
 /*
@@ -650,59 +651,59 @@ errcode_t profile_set_relation_value(struct profile_node *node,
  */
 errcode_t profile_rename_node(struct profile_node *node, const char *new_name)
 {
-	char			*new_string;
-	struct profile_node 	*p, *last;
-
-	CHECK_MAGIC(node);
-
-	if (strcmp(new_name, node->name) == 0)
-		return 0;	/* It's the same name, return */
-
-	/*
-	 * Make sure we can allocate memory for the new name, first!
-	 */
-	new_string = strdup(new_name);
-	if (!new_string)
-		return ENOMEM;
-
-	/*
-	 * Find the place to where the new node should go.  We look
-	 * for the place *after* the last match of the node name,
-	 * since order matters.
-	 */
-	for (p=node->parent->first_child, last = 0; p; last = p, p = p->next) {
-		if (strcmp(p->name, new_name) > 0)
-			break;
-	}
-
-	/*
-	 * If we need to move the node, do it now.
-	 */
-	if ((p != node) && (last != node)) {
-		/*
-		 * OK, let's detach the node
-		 */
-		if (node->prev)
-			node->prev->next = node->next;
-		else
-			node->parent->first_child = node->next;
-		if (node->next)
-			node->next->prev = node->prev;
-
-		/*
-		 * Now let's reattach it in the right place.
-		 */
-		if (p)
-			p->prev = node;
-		if (last)
-			last->next = node;
-		else
-			node->parent->first_child = node;
-		node->next = p;
-		node->prev = last;
-	}
-
-	free(node->name);
-	node->name = new_string;
-	return 0;
+    char                    *new_string;
+    struct profile_node     *p, *last;
+
+    CHECK_MAGIC(node);
+
+    if (strcmp(new_name, node->name) == 0)
+        return 0;       /* It's the same name, return */
+
+    /*
+     * Make sure we can allocate memory for the new name, first!
+     */
+    new_string = strdup(new_name);
+    if (!new_string)
+        return ENOMEM;
+
+    /*
+     * Find the place to where the new node should go.  We look
+     * for the place *after* the last match of the node name,
+     * since order matters.
+     */
+    for (p=node->parent->first_child, last = 0; p; last = p, p = p->next) {
+        if (strcmp(p->name, new_name) > 0)
+            break;
+    }
+
+    /*
+     * If we need to move the node, do it now.
+     */
+    if ((p != node) && (last != node)) {
+        /*
+         * OK, let's detach the node
+         */
+        if (node->prev)
+            node->prev->next = node->next;
+        else
+            node->parent->first_child = node->next;
+        if (node->next)
+            node->next->prev = node->prev;
+
+        /*
+         * Now let's reattach it in the right place.
+         */
+        if (p)
+            p->prev = node;
+        if (last)
+            last->next = node;
+        else
+            node->parent->first_child = node;
+        node->next = p;
+        node->prev = last;
+    }
+
+    free(node->name);
+    node->name = new_string;
+    return 0;
 }
diff --git a/src/util/profile/test_parse.c b/src/util/profile/test_parse.c
index f524c90..2fcd046 100644
--- a/src/util/profile/test_parse.c
+++ b/src/util/profile/test_parse.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #include "prof_int.h"
 
 #include <stdio.h>
@@ -11,44 +12,44 @@
 void dump_profile (struct profile_node *root, int level);
 
 int main(argc, argv)
-	int	argc;
-	char	**argv;
+    int     argc;
+    char    **argv;
 {
-	struct profile_node *root;
-	unsigned long retval;
-	FILE *f;
-
-	initialize_prof_error_table();
-	if (argc != 2) {
-		fprintf(stderr, "%s: Usage <filename>\n", argv[0]);
-		exit(1);
-	}
-
-	f = fopen(argv[1], "r");
-	if (!f) {
-		perror(argv[1]);
-		exit(1);
-	}
-
-	retval = profile_parse_file(f, &root);
-	if (retval) {
-		printf("profile_parse_file error %s\n",
-		       error_message((errcode_t) retval));
-		exit(1);
-	}
-	fclose(f);
-
-	printf("\n\nDebugging dump.\n");
-	profile_write_tree_file(root, stdout);
-
-	retval = profile_verify_node(root);
-	if (retval) {
-		printf("profile_verify_node reported an error: %s\n",
-		       error_message((errcode_t) retval));
-		exit(1);
-	}
-
-	profile_free_node(root);
-
-	return 0;
+    struct profile_node *root;
+    unsigned long retval;
+    FILE *f;
+
+    initialize_prof_error_table();
+    if (argc != 2) {
+        fprintf(stderr, "%s: Usage <filename>\n", argv[0]);
+        exit(1);
+    }
+
+    f = fopen(argv[1], "r");
+    if (!f) {
+        perror(argv[1]);
+        exit(1);
+    }
+
+    retval = profile_parse_file(f, &root);
+    if (retval) {
+        printf("profile_parse_file error %s\n",
+               error_message((errcode_t) retval));
+        exit(1);
+    }
+    fclose(f);
+
+    printf("\n\nDebugging dump.\n");
+    profile_write_tree_file(root, stdout);
+
+    retval = profile_verify_node(root);
+    if (retval) {
+        printf("profile_verify_node reported an error: %s\n",
+               error_message((errcode_t) retval));
+        exit(1);
+    }
+
+    profile_free_node(root);
+
+    return 0;
 }
diff --git a/src/util/profile/test_profile.c b/src/util/profile/test_profile.c
index 6f47a7d..8155156 100644
--- a/src/util/profile/test_profile.c
+++ b/src/util/profile/test_profile.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * test_profile.c --- testing program for the profile routine
  */
@@ -15,151 +16,151 @@
 
 const char *program_name = "test_profile";
 
-#define PRINT_VALUE	1
-#define PRINT_VALUES	2
+#define PRINT_VALUE     1
+#define PRINT_VALUES    2
 
 static void do_batchmode(profile)
-	profile_t	profile;
+    profile_t       profile;
 {
-	errcode_t	retval;
-	int		argc, ret;
-	char		**argv, **values, **cpp;
-	char		buf[256];
-	const char	**names, *value;
-	char		*cmd;
-	int		print_status;
+    errcode_t       retval;
+    int             argc, ret;
+    char            **argv, **values, **cpp;
+    char            buf[256];
+    const char      **names, *value;
+    char            *cmd;
+    int             print_status;
 
-	while (!feof(stdin)) {
-		if (fgets(buf, sizeof(buf), stdin) == NULL)
-			break;
-		printf(">%s", buf);
-		ret = argv_parse(buf, &argc, &argv);
-		if (ret != 0) {
-			printf("Argv_parse returned %d!\n", ret);
-			continue;
-		}
-		cmd = *(argv);
-		names = (const char **) argv + 1;
-		print_status = 0;
-		retval = 0;
-		if (cmd == 0) {
-			argv_free(argv);
-			continue;
-		}
-		if (!strcmp(cmd, "query")) {
-			retval = profile_get_values(profile, names, &values);
-			print_status = PRINT_VALUES;
-		} else if (!strcmp(cmd, "query1")) {
-			retval = profile_get_value(profile, names, &value);
-			print_status = PRINT_VALUE;
-		} else if (!strcmp(cmd, "list_sections")) {
-			retval = profile_get_subsection_names(profile, names,
-							      &values);
-			print_status = PRINT_VALUES;
-		} else if (!strcmp(cmd, "list_relations")) {
-			retval = profile_get_relation_names(profile, names,
-							    &values);
-			print_status = PRINT_VALUES;
-		} else if (!strcmp(cmd, "dump")) {
-			retval = profile_write_tree_file
-				(profile->first_file->data->root, stdout);
-		} else if (!strcmp(cmd, "clear")) {
-			retval = profile_clear_relation(profile, names);
-		} else if (!strcmp(cmd, "update")) {
-			retval = profile_update_relation(profile, names+2,
-							 *names, *(names+1));
-		} else if (!strcmp(cmd, "verify")) {
-			retval = profile_verify_node
-				(profile->first_file->data->root);
-		} else if (!strcmp(cmd, "rename_section")) {
-			retval = profile_rename_section(profile, names+1,
-							*names);
-		} else if (!strcmp(cmd, "add")) {
-			value = *names;
-			if (strcmp(value, "NULL") == 0)
-				value = NULL;
-			retval = profile_add_relation(profile, names+1,
-						      value);
-		} else if (!strcmp(cmd, "flush")) {
-			retval = profile_flush(profile);
-		} else {
-			printf("Invalid command.\n");
-		}
-		if (retval) {
-			com_err(cmd, retval, "");
-			print_status = 0;
-		}
-		switch (print_status) {
-		case PRINT_VALUE:
-			printf("%s\n", value);
-			break;
-		case PRINT_VALUES:
-			for (cpp = values; *cpp; cpp++)
-				printf("%s\n", *cpp);
-			profile_free_list(values);
-			break;
-		}
-		printf("\n");
-		argv_free(argv);
-	}
-	profile_release(profile);
-	exit(0);
+    while (!feof(stdin)) {
+        if (fgets(buf, sizeof(buf), stdin) == NULL)
+            break;
+        printf(">%s", buf);
+        ret = argv_parse(buf, &argc, &argv);
+        if (ret != 0) {
+            printf("Argv_parse returned %d!\n", ret);
+            continue;
+        }
+        cmd = *(argv);
+        names = (const char **) argv + 1;
+        print_status = 0;
+        retval = 0;
+        if (cmd == 0) {
+            argv_free(argv);
+            continue;
+        }
+        if (!strcmp(cmd, "query")) {
+            retval = profile_get_values(profile, names, &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "query1")) {
+            retval = profile_get_value(profile, names, &value);
+            print_status = PRINT_VALUE;
+        } else if (!strcmp(cmd, "list_sections")) {
+            retval = profile_get_subsection_names(profile, names,
+                                                  &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "list_relations")) {
+            retval = profile_get_relation_names(profile, names,
+                                                &values);
+            print_status = PRINT_VALUES;
+        } else if (!strcmp(cmd, "dump")) {
+            retval = profile_write_tree_file
+                (profile->first_file->data->root, stdout);
+        } else if (!strcmp(cmd, "clear")) {
+            retval = profile_clear_relation(profile, names);
+        } else if (!strcmp(cmd, "update")) {
+            retval = profile_update_relation(profile, names+2,
+                                             *names, *(names+1));
+        } else if (!strcmp(cmd, "verify")) {
+            retval = profile_verify_node
+                (profile->first_file->data->root);
+        } else if (!strcmp(cmd, "rename_section")) {
+            retval = profile_rename_section(profile, names+1,
+                                            *names);
+        } else if (!strcmp(cmd, "add")) {
+            value = *names;
+            if (strcmp(value, "NULL") == 0)
+                value = NULL;
+            retval = profile_add_relation(profile, names+1,
+                                          value);
+        } else if (!strcmp(cmd, "flush")) {
+            retval = profile_flush(profile);
+        } else {
+            printf("Invalid command.\n");
+        }
+        if (retval) {
+            com_err(cmd, retval, "");
+            print_status = 0;
+        }
+        switch (print_status) {
+        case PRINT_VALUE:
+            printf("%s\n", value);
+            break;
+        case PRINT_VALUES:
+            for (cpp = values; *cpp; cpp++)
+                printf("%s\n", *cpp);
+            profile_free_list(values);
+            break;
+        }
+        printf("\n");
+        argv_free(argv);
+    }
+    profile_release(profile);
+    exit(0);
 
 }
 
 
 int main(argc, argv)
-    int		argc;
-    char	**argv;
+    int         argc;
+    char        **argv;
 {
-    profile_t	profile;
-    long	retval;
-    char	**values, **cpp;
-    const char	*value;
-    const char	**names;
-    char	*cmd;
-    int		print_value = 0;
+    profile_t   profile;
+    long        retval;
+    char        **values, **cpp;
+    const char  *value;
+    const char  **names;
+    char        *cmd;
+    int         print_value = 0;
 
     if (argc < 2) {
-	    fprintf(stderr, "Usage: %s filename [cmd argset]\n", program_name);
-	    exit(1);
+        fprintf(stderr, "Usage: %s filename [cmd argset]\n", program_name);
+        exit(1);
     }
 
     initialize_prof_error_table();
 
     retval = profile_init_path(argv[1], &profile);
     if (retval) {
-	com_err(program_name, retval, "while initializing profile");
-	exit(1);
+        com_err(program_name, retval, "while initializing profile");
+        exit(1);
     }
     cmd = *(argv+2);
     names = (const char **) argv+3;
     if (!cmd || !strcmp(cmd, "batch"))
-	    do_batchmode(profile);
+        do_batchmode(profile);
     if (!strcmp(cmd, "query")) {
-	    retval = profile_get_values(profile, names, &values);
+        retval = profile_get_values(profile, names, &values);
     } else if (!strcmp(cmd, "query1")) {
-	    retval = profile_get_value(profile, names, &value);
-	    print_value++;
+        retval = profile_get_value(profile, names, &value);
+        print_value++;
     } else if (!strcmp(cmd, "list_sections")) {
-	    retval = profile_get_subsection_names(profile, names, &values);
+        retval = profile_get_subsection_names(profile, names, &values);
     } else if (!strcmp(cmd, "list_relations")) {
-	    retval = profile_get_relation_names(profile, names, &values);
+        retval = profile_get_relation_names(profile, names, &values);
     } else {
-	    fprintf(stderr, "Invalid command.\n");
-	    exit(1);
+        fprintf(stderr, "Invalid command.\n");
+        exit(1);
     }
     if (retval) {
-	    com_err(argv[0], retval, "while getting values");
-	    profile_release(profile);
-	    exit(1);
+        com_err(argv[0], retval, "while getting values");
+        profile_release(profile);
+        exit(1);
     }
     if (print_value) {
-	    printf("%s\n", value);
+        printf("%s\n", value);
     } else {
-	    for (cpp = values; *cpp; cpp++)
-		    printf("%s\n", *cpp);
-	    profile_free_list(values);
+        for (cpp = values; *cpp; cpp++)
+            printf("%s\n", *cpp);
+        profile_free_list(values);
     }
     profile_release(profile);
 
diff --git a/src/util/send-pr/Makefile.in b/src/util/send-pr/Makefile.in
index 6d586c6..5ee5ae5 100644
--- a/src/util/send-pr/Makefile.in
+++ b/src/util/send-pr/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=./../..
-myfulldir=util/send-pr
 mydir=util/send-pr
 BUILDTOP=$(REL)..$(S)..
 #
diff --git a/src/util/ss/Makefile.in b/src/util/ss/Makefile.in
index 41512ae..d13df42 100644
--- a/src/util/ss/Makefile.in
+++ b/src/util/ss/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=util/ss
 mydir=util/ss
 BUILDTOP=$(REL)..$(S)..
 SED = sed
diff --git a/src/util/ss/copyright.h b/src/util/ss/copyright.h
index 07d487f..96042f8 100644
--- a/src/util/ss/copyright.h
+++ b/src/util/ss/copyright.h
@@ -1,21 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 
-Copyright 1987, 1989 by the Student Information Processing Board
-	of the Massachusetts Institute of Technology
+  Copyright 1987, 1989 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
 
-Permission to use, copy, modify, and distribute this software
-and its documentation for any purpose and without fee is
-hereby granted, provided that the above copyright notice
-appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation,
-and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
-used in advertising or publicity pertaining to distribution
-of the software without specific, written prior permission.
-Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original M.I.T. software.
-M.I.T. and the M.I.T. S.I.P.B. make no representations about
-the suitability of this software for any purpose.  It is
-provided "as is" without express or implied warranty.
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
 
 */
diff --git a/src/util/ss/data.c b/src/util/ss/data.c
index dd6341c..1a56dc7 100644
--- a/src/util/ss/data.c
+++ b/src/util/ss/data.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988, 1989 Massachusetts Institute of Technology
  * (Student Information Processing Board)
diff --git a/src/util/ss/deps b/src/util/ss/deps
index 8bbd6aa..7ad73c5 100644
--- a/src/util/ss/deps
+++ b/src/util/ss/deps
@@ -3,60 +3,64 @@
 #
 invocation.so invocation.po $(OUTPRE)invocation.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  copyright.h invocation.c ss.h ss_internal.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h invocation.c \
+  ss.h ss_internal.h
 help.so help.po $(OUTPRE)help.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h help.c ss.h \
-  ss_internal.h
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h help.c \
+  ss.h ss_internal.h
 execute_cmd.so execute_cmd.po $(OUTPRE)execute_cmd.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  copyright.h execute_cmd.c ss.h ss_internal.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h execute_cmd.c \
+  ss.h ss_internal.h
 listen.so listen.po $(OUTPRE)listen.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h listen.c \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h listen.c \
   ss.h ss_internal.h
 parse.so parse.po $(OUTPRE)parse.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h parse.c ss.h \
-  ss_internal.h
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h parse.c \
+  ss.h ss_internal.h
 error.so error.po $(OUTPRE)error.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h error.c ss.h \
-  ss_internal.h
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h error.c \
+  ss.h ss_internal.h
 prompt.so prompt.po $(OUTPRE)prompt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h prompt.c \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h prompt.c \
   ss.h ss_internal.h
 request_tbl.so request_tbl.po $(OUTPRE)request_tbl.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  copyright.h request_tbl.c ss.h ss_internal.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h request_tbl.c \
+  ss.h ss_internal.h
 list_rqs.so list_rqs.po $(OUTPRE)list_rqs.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  copyright.h list_rqs.c ss.h ss_internal.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h list_rqs.c \
+  ss.h ss_internal.h
 pager.so pager.po $(OUTPRE)pager.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h pager.c ss.h \
-  ss_internal.h
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h pager.c \
+  ss.h ss_internal.h
 requests.so requests.po $(OUTPRE)requests.$(OBJEXT): \
   $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/ss/ss_err.h \
-  $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  requests.c ss.h ss_internal.h
+  $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h requests.c ss.h ss_internal.h
 data.so data.po $(OUTPRE)data.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h data.c ss.h \
-  ss_internal.h
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h data.c \
+  ss.h ss_internal.h
 mk_cmds.so mk_cmds.po $(OUTPRE)mk_cmds.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h mk_cmds.c \
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h mk_cmds.c \
   ss.h ss_internal.h
 utils.so utils.po $(OUTPRE)utils.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h copyright.h ss.h ss_internal.h \
-  utils.c
+  $(BUILDTOP)/include/ss/ss_err.h $(COM_ERR_DEPS) $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h copyright.h ss.h \
+  ss_internal.h utils.c
 options.so options.po $(OUTPRE)options.$(OBJEXT): $(BUILDTOP)/include/ss/ss_err.h \
   $(COM_ERR_DEPS) copyright.h options.c ss.h
 cmd_tbl.lex.o: cmd_tbl.lex.c ct.tab.h
diff --git a/src/util/ss/error.c b/src/util/ss/error.c
index ee2738a..daff849 100644
--- a/src/util/ss/error.c
+++ b/src/util/ss/error.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2007 Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -41,13 +42,13 @@ char * ss_name(sci_idx)
 
     infop = ss_info(sci_idx);
     if (infop->current_request == (char const *)NULL) {
-	return strdup(infop->subsystem_name);
+        return strdup(infop->subsystem_name);
     } else {
-	char *ret_val;
-	if (asprintf(&ret_val, "%s (%s)",
-		     infop->subsystem_name, infop->current_request) < 0)
-	    return NULL;
-	return ret_val;
+        char *ret_val;
+        if (asprintf(&ret_val, "%s (%s)",
+                     infop->subsystem_name, infop->current_request) < 0)
+            return NULL;
+        return ret_val;
     }
 }
 
diff --git a/src/util/ss/execute_cmd.c b/src/util/ss/execute_cmd.c
index 6839d1c..6c3855c 100644
--- a/src/util/ss/execute_cmd.c
+++ b/src/util/ss/execute_cmd.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988, 1989 by Massachusetts Institute of Technology
  *
@@ -67,14 +68,14 @@ static int check_request_table (rqtbl, argc, argv, sci_idx)
     info->argc = argc;
     info->argv = argv;
     for (i = 0; (request = get_request(rqtbl, i))->command_names; i++) {
-	for (name = request->command_names; *name; name++)
-	    if (!strcmp(*name, string)) {
-		info->current_request = request->command_names[0];
-		(request->function)(argc, (const char *const *) argv,
-				    sci_idx,info->info_ptr);
-		info->current_request = (char *)NULL;
-		return(0);
-	    }
+        for (name = request->command_names; *name; name++)
+            if (!strcmp(*name, string)) {
+                info->current_request = request->command_names[0];
+                (request->function)(argc, (const char *const *) argv,
+                                    sci_idx,info->info_ptr);
+                info->current_request = (char *)NULL;
+                return(0);
+            }
     }
     return(SS_ET_COMMAND_NOT_FOUND);
 }
@@ -121,36 +122,36 @@ static int really_execute_command (sci_idx, argc, argv)
  * ss_execute_command(sci_idx, argv)
  *
  * Function:
- *	Executes a parsed command list within the subsystem.
+ *      Executes a parsed command list within the subsystem.
  * Arguments:
- *	sci_idx (int)
- *		ss-internal index for subsystem control info structure
- *	argv (char *[])
- *		parsed argument list
+ *      sci_idx (int)
+ *              ss-internal index for subsystem control info structure
+ *      argv (char *[])
+ *              parsed argument list
  * Returns:
- *	(int)
- *		Zero if successful, ss_et_command_not_found otherwise.
+ *      (int)
+ *              Zero if successful, ss_et_command_not_found otherwise.
  * Notes:
  */
 
 int
 ss_execute_command(sci_idx, argv)
-	int sci_idx;
-	register char *argv[];
+    int sci_idx;
+    register char *argv[];
 {
-        register unsigned int i, argc;
-	char **argp;
-	int ret;
-
-	argc = 0;
-	for (argp = argv; *argp; argp++)
-		argc++;
-	argp = (char **)malloc((argc+1)*sizeof(char *));
-	for (i = 0; i <= argc; i++)
-		argp[i] = argv[i];
-	ret = really_execute_command(sci_idx, argc, &argp);
-	free(argp);
-	return(ret);
+    register unsigned int i, argc;
+    char **argp;
+    int ret;
+
+    argc = 0;
+    for (argp = argv; *argp; argp++)
+        argc++;
+    argp = (char **)malloc((argc+1)*sizeof(char *));
+    for (i = 0; i <= argc; i++)
+        argp[i] = argv[i];
+    ret = really_execute_command(sci_idx, argc, &argp);
+    free(argp);
+    return(ret);
 }
 
 /*
@@ -165,7 +166,7 @@ ss_execute_command(sci_idx, argv)
  *              Pointer to command line to be parsed.
  * Returns:
  *      (int)
- *      	Error code.
+ *              Error code.
  * Notes:
  */
 
@@ -187,7 +188,7 @@ int ss_execute_line (sci_idx, line_ptr)
         else {
             line_ptr++;
             system(line_ptr);
-	    return 0;
+            return 0;
         }
     }
 
diff --git a/src/util/ss/help.c b/src/util/ss/help.c
index 981a75f..4463ad4 100644
--- a/src/util/ss/help.c
+++ b/src/util/ss/help.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -8,7 +9,7 @@
 #include <sys/types.h>
 #include <errno.h>
 #include <sys/file.h>
-#include <fcntl.h>	/* just for O_* */
+#include <fcntl.h>      /* just for O_* */
 #include <sys/wait.h>
 #include "ss_internal.h"
 #include "copyright.h"
@@ -29,66 +30,66 @@ void ss_help (argc, argv, sci_idx, info_ptr)
 
     request_name = ss_current_request(sci_idx, &code);
     if (code != 0) {
-	ss_perror(sci_idx, code, "");
-	return;		/* no ss_abort_line, if invalid invocation */
+        ss_perror(sci_idx, code, "");
+        return;         /* no ss_abort_line, if invalid invocation */
     }
     if (argc == 1) {
-	ss_list_requests(argc, argv, sci_idx, info_ptr);
-	return;
+        ss_list_requests(argc, argv, sci_idx, info_ptr);
+        return;
     }
     else if (argc != 2) {
-	/* should do something better than this */
-	snprintf(buffer, sizeof(buffer),
-		 "usage:\n\t%s [topic|command]\nor\t%s\n",
-		 request_name, request_name);
-	ss_perror(sci_idx, 0, buffer);
-	return;
+        /* should do something better than this */
+        snprintf(buffer, sizeof(buffer),
+                 "usage:\n\t%s [topic|command]\nor\t%s\n",
+                 request_name, request_name);
+        ss_perror(sci_idx, 0, buffer);
+        return;
     }
     info = ss_info(sci_idx);
     if (info->info_dirs == (char **)NULL) {
-	ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
-	return;
+        ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
+        return;
     }
     if (info->info_dirs[0] == (char *)NULL) {
-	ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
-	return;
+        ss_perror(sci_idx, SS_ET_NO_INFO_DIR, (char *)NULL);
+        return;
     }
     for (idx = 0; info->info_dirs[idx] != (char *)NULL; idx++) {
-	(void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
-	buffer[sizeof(buffer) - 1] = '\0';
-	(void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
-	(void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
-	(void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
-	if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
+        (void) strncpy(buffer, info->info_dirs[idx], sizeof(buffer) - 1);
+        buffer[sizeof(buffer) - 1] = '\0';
+        (void) strncat(buffer, "/", sizeof(buffer) - 1 - strlen(buffer));
+        (void) strncat(buffer, argv[1], sizeof(buffer) - 1 - strlen(buffer));
+        (void) strncat(buffer, ".info", sizeof(buffer) - 1 - strlen(buffer));
+        if ((fd = open(&buffer[0], O_RDONLY)) >= 0) goto got_it;
     }
     if ((fd = open(&buffer[0], O_RDONLY)) < 0) {
-	char buf[MAXPATHLEN];
-	strncpy(buf, "No info found for ", sizeof(buf) - 1);
-	buf[sizeof(buf) - 1] = '\0';
-	strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
-	ss_perror(sci_idx, 0, buf);
-	return;
+        char buf[MAXPATHLEN];
+        strncpy(buf, "No info found for ", sizeof(buf) - 1);
+        buf[sizeof(buf) - 1] = '\0';
+        strncat(buf, argv[1], sizeof(buf) - 1 - strlen(buf));
+        ss_perror(sci_idx, 0, buf);
+        return;
     }
 got_it:
     switch (child = fork()) {
     case -1:
-	ss_perror(sci_idx, errno, "Can't fork for pager");
-	close(fd);
-	return;
+        ss_perror(sci_idx, errno, "Can't fork for pager");
+        close(fd);
+        return;
     case 0:
-	(void) dup2(fd, 0); /* put file on stdin */
-	ss_page_stdin();
+        (void) dup2(fd, 0); /* put file on stdin */
+        ss_page_stdin();
     default:
-	(void) close(fd); /* what can we do if it fails? */
+        (void) close(fd); /* what can we do if it fails? */
 #ifdef WAIT_USES_INT
-	while (wait((int *)NULL) != child) {
+        while (wait((int *)NULL) != child) {
 #else
-	while (wait((union wait *)NULL) != child) {
+            while (wait((union wait *)NULL) != child) {
 #endif
-	    /* do nothing if wrong pid */
-	};
+                /* do nothing if wrong pid */
+            };
+        }
     }
-}
 
 #ifndef USE_DIRENT_H
 #include <sys/dir.h>
@@ -96,60 +97,60 @@ got_it:
 #include <dirent.h>
 #endif
 
-void ss_add_info_dir(sci_idx, info_dir, code_ptr)
-    int sci_idx;
+    void ss_add_info_dir(sci_idx, info_dir, code_ptr)
+        int sci_idx;
     char *info_dir;
     int *code_ptr;
-{
-    register ss_data *info;
-    DIR *d;
-    int n_dirs;
-    register char **dirs;
+    {
+        register ss_data *info;
+        DIR *d;
+        int n_dirs;
+        register char **dirs;
 
-    info = ss_info(sci_idx);
-    if ((info_dir == NULL) || (*info_dir == '\0')) {
-	*code_ptr = SS_ET_NO_INFO_DIR;
-	return;
+        info = ss_info(sci_idx);
+        if ((info_dir == NULL) || (*info_dir == '\0')) {
+            *code_ptr = SS_ET_NO_INFO_DIR;
+            return;
+        }
+        if ((d = opendir(info_dir)) == (DIR *)NULL) {
+            *code_ptr = errno;
+            return;
+        }
+        closedir(d);
+        dirs = info->info_dirs;
+        for (n_dirs = 0; dirs[n_dirs] != (char *)NULL; n_dirs++)
+            ;               /* get number of non-NULL dir entries */
+        dirs = (char **)realloc((char *)dirs,
+                                (unsigned)(n_dirs + 2)*sizeof(char *));
+        if (dirs == (char **)NULL) {
+            info->info_dirs = (char **)NULL;
+            *code_ptr = errno;
+            return;
+        }
+        info->info_dirs = dirs;
+        dirs[n_dirs + 1] = (char *)NULL;
+        dirs[n_dirs] = strdup(info_dir);
+        *code_ptr = 0;
     }
-    if ((d = opendir(info_dir)) == (DIR *)NULL) {
-	*code_ptr = errno;
-	return;
-    }
-    closedir(d);
-    dirs = info->info_dirs;
-    for (n_dirs = 0; dirs[n_dirs] != (char *)NULL; n_dirs++)
-	;		/* get number of non-NULL dir entries */
-    dirs = (char **)realloc((char *)dirs,
-			    (unsigned)(n_dirs + 2)*sizeof(char *));
-    if (dirs == (char **)NULL) {
-	info->info_dirs = (char **)NULL;
-	*code_ptr = errno;
-	return;
-    }
-    info->info_dirs = dirs;
-    dirs[n_dirs + 1] = (char *)NULL;
-    dirs[n_dirs] = strdup(info_dir);
-    *code_ptr = 0;
-}
 
-void ss_delete_info_dir(sci_idx, info_dir, code_ptr)
-    int sci_idx;
+    void ss_delete_info_dir(sci_idx, info_dir, code_ptr)
+        int sci_idx;
     char *info_dir;
     int *code_ptr;
-{
-    register char **i_d;
-    register char **info_dirs;
+    {
+        register char **i_d;
+        register char **info_dirs;
 
-    info_dirs = ss_info(sci_idx)->info_dirs;
-    for (i_d = info_dirs; *i_d; i_d++) {
-	if (!strcmp(*i_d, info_dir)) {
-	    while (*i_d) {
-		*i_d = *(i_d+1);
-		i_d++;
-	    }
-	    *code_ptr = 0;
-	    return;
-	}
+        info_dirs = ss_info(sci_idx)->info_dirs;
+        for (i_d = info_dirs; *i_d; i_d++) {
+            if (!strcmp(*i_d, info_dir)) {
+                while (*i_d) {
+                    *i_d = *(i_d+1);
+                    i_d++;
+                }
+                *code_ptr = 0;
+                return;
+            }
+        }
+        *code_ptr = SS_ET_NO_INFO_DIR;
     }
-    *code_ptr = SS_ET_NO_INFO_DIR;
-}
diff --git a/src/util/ss/invocation.c b/src/util/ss/invocation.c
index a7e17bd..d9c4ea5 100644
--- a/src/util/ss/invocation.c
+++ b/src/util/ss/invocation.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2007 Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -28,7 +29,7 @@
  */
 #include "ss_internal.h"
 #include "copyright.h"
-#define	size	sizeof(ss_data *)
+#define size    sizeof(ss_data *)
 
 /* XXX The memory in _ss_table never gets freed up until program exit!
    If you change the code to free it and stick a null pointer into
@@ -36,95 +37,95 @@
    not assume there are no null pointers in the middle of the
    array.  */
 int ss_create_invocation(subsystem_name, version_string, info_ptr,
-			 request_table_ptr, code_ptr)
-	char *subsystem_name, *version_string;
-	char *info_ptr;
-	ss_request_table *request_table_ptr;
-	int *code_ptr;
+                         request_table_ptr, code_ptr)
+    char *subsystem_name, *version_string;
+    char *info_ptr;
+    ss_request_table *request_table_ptr;
+    int *code_ptr;
 {
-	register int sci_idx;
-	register ss_data *new_table;
-	register ss_data **table, **tmp;
+    register int sci_idx;
+    register ss_data *new_table;
+    register ss_data **table, **tmp;
 
-	*code_ptr = 0;
-	table = _ss_table;
-	new_table = (ss_data *) malloc(sizeof(ss_data));
-	if (new_table == NULL) {
-	    *code_ptr = errno;
-	    return -1;
-	}
+    *code_ptr = 0;
+    table = _ss_table;
+    new_table = (ss_data *) malloc(sizeof(ss_data));
+    if (new_table == NULL) {
+        *code_ptr = errno;
+        return -1;
+    }
 
-	if (table == (ss_data **) NULL) {
-		table = (ss_data **) malloc(2 * size);
-		if (table == NULL) {
-		    *code_ptr = errno;
-		    return -1;
-		}
-		table[0] = table[1] = (ss_data *)NULL;
-		_ss_table = table;
-	}
-	initialize_ss_error_table ();
+    if (table == (ss_data **) NULL) {
+        table = (ss_data **) malloc(2 * size);
+        if (table == NULL) {
+            *code_ptr = errno;
+            return -1;
+        }
+        table[0] = table[1] = (ss_data *)NULL;
+        _ss_table = table;
+    }
+    initialize_ss_error_table ();
 
-	for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
-		;
-	tmp = (ss_data **) realloc((char *)table,
-				   ((unsigned)sci_idx+2)*size);
-	if (tmp == NULL) {
-	    *code_ptr = errno;
-	    return 0;
-	}
-	_ss_table = table = tmp;
-	table[sci_idx+1] = (ss_data *) NULL;
-	table[sci_idx] = NULL;
+    for (sci_idx = 1; table[sci_idx] != (ss_data *)NULL; sci_idx++)
+        ;
+    tmp = (ss_data **) realloc((char *)table,
+                               ((unsigned)sci_idx+2)*size);
+    if (tmp == NULL) {
+        *code_ptr = errno;
+        return 0;
+    }
+    _ss_table = table = tmp;
+    table[sci_idx+1] = (ss_data *) NULL;
+    table[sci_idx] = NULL;
 
-	new_table->subsystem_name = subsystem_name;
-	new_table->subsystem_version = version_string;
-	new_table->argv = (char **)NULL;
-	new_table->current_request = (char *)NULL;
-	new_table->info_dirs = (char **)malloc(sizeof(char *));
-	if (new_table->info_dirs == NULL) {
-	    *code_ptr = errno;
-	    free(new_table);
-	    return 0;
-	}
-	*new_table->info_dirs = (char *)NULL;
-	new_table->info_ptr = info_ptr;
-	if (asprintf(&new_table->prompt, "%s:  ", subsystem_name) < 0) {
-	    *code_ptr = errno;
-	    free(new_table->info_dirs);
-	    free(new_table);
-	    return 0;
-	}
-	new_table->abbrev_info = NULL;
-	new_table->flags.escape_disabled = 0;
-	new_table->flags.abbrevs_disabled = 0;
-	new_table->rqt_tables =
-		(ss_request_table **) calloc(2, sizeof(ss_request_table *));
-	if (new_table->rqt_tables == NULL) {
-	    *code_ptr = errno;
-	    free(new_table->prompt);
-	    free(new_table->info_dirs);
-	    free(new_table);
-	    return 0;
-	}
-	*(new_table->rqt_tables) = request_table_ptr;
-	*(new_table->rqt_tables+1) = (ss_request_table *) NULL;
-	table[sci_idx] = new_table;
-	return(sci_idx);
+    new_table->subsystem_name = subsystem_name;
+    new_table->subsystem_version = version_string;
+    new_table->argv = (char **)NULL;
+    new_table->current_request = (char *)NULL;
+    new_table->info_dirs = (char **)malloc(sizeof(char *));
+    if (new_table->info_dirs == NULL) {
+        *code_ptr = errno;
+        free(new_table);
+        return 0;
+    }
+    *new_table->info_dirs = (char *)NULL;
+    new_table->info_ptr = info_ptr;
+    if (asprintf(&new_table->prompt, "%s:  ", subsystem_name) < 0) {
+        *code_ptr = errno;
+        free(new_table->info_dirs);
+        free(new_table);
+        return 0;
+    }
+    new_table->abbrev_info = NULL;
+    new_table->flags.escape_disabled = 0;
+    new_table->flags.abbrevs_disabled = 0;
+    new_table->rqt_tables =
+        (ss_request_table **) calloc(2, sizeof(ss_request_table *));
+    if (new_table->rqt_tables == NULL) {
+        *code_ptr = errno;
+        free(new_table->prompt);
+        free(new_table->info_dirs);
+        free(new_table);
+        return 0;
+    }
+    *(new_table->rqt_tables) = request_table_ptr;
+    *(new_table->rqt_tables+1) = (ss_request_table *) NULL;
+    table[sci_idx] = new_table;
+    return(sci_idx);
 }
 
 void
 ss_delete_invocation(sci_idx)
-	int sci_idx;
+    int sci_idx;
 {
-	register ss_data *t;
-	int ignored_code;
+    register ss_data *t;
+    int ignored_code;
 
-	t = ss_info(sci_idx);
-	free(t->prompt);
-	free(t->rqt_tables);
-	while(t->info_dirs[0] != (char *)NULL)
-		ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code);
-	free(t->info_dirs);
-	free(t);
+    t = ss_info(sci_idx);
+    free(t->prompt);
+    free(t->rqt_tables);
+    while(t->info_dirs[0] != (char *)NULL)
+        ss_delete_info_dir(sci_idx, t->info_dirs[0], &ignored_code);
+    free(t->info_dirs);
+    free(t);
 }
diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c
index f7d03c5..d5b3c87 100644
--- a/src/util/ss/list_rqs.c
+++ b/src/util/ss/list_rqs.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -68,7 +69,7 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
     func = signal(SIGINT, SIG_IGN);
 #endif
 
-    fd = ss_pager_create();	/* FD_CLOEXEC set */
+    fd = ss_pager_create();     /* FD_CLOEXEC set */
     output = fdopen(fd, "w");
 
 #ifdef POSIX_SIGNALS
@@ -78,7 +79,7 @@ ss_list_requests(argc, argv, sci_idx, info_ptr)
 #endif
 
     fprintf (output, "Available %s requests:\n\n",
-	     ss_info (sci_idx) -> subsystem_name);
+             ss_info (sci_idx) -> subsystem_name);
 
     for (table = ss_info(sci_idx)->rqt_tables; *table; table++) {
         entry = (*table)->requests;
diff --git a/src/util/ss/listen.c b/src/util/ss/listen.c
index 36f2619..ce8e527 100644
--- a/src/util/ss/listen.c
+++ b/src/util/ss/listen.c
@@ -1,7 +1,8 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Listener loop for subsystem library libss.a.
  *
- *	util/ss/listen.c
+ *      util/ss/listen.c
  *
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -24,8 +25,8 @@ static RETSIGTYPE print_prompt()
     struct termios termbuf;
 
     if (tcgetattr(STDIN_FILENO, &termbuf) == 0) {
-	termbuf.c_lflag |= ICANON|ISIG|ECHO;
-	tcsetattr(STDIN_FILENO, TCSANOW, &termbuf);
+        termbuf.c_lflag |= ICANON|ISIG|ECHO;
+        tcsetattr(STDIN_FILENO, TCSANOW, &termbuf);
     }
     (void) fputs(current_info->prompt, stdout);
     (void) fflush(stdout);
@@ -90,53 +91,53 @@ int ss_listen (sci_idx)
     (void) sigsetmask(mask);
 #endif
     while(!info->abort) {
-	print_prompt();
-	*end = '\0';
+        print_prompt();
+        *end = '\0';
 #ifdef POSIX_SIGNALS
-	nsig.sa_handler = listen_int_handler;	/* fgets is not signal-safe */
-	osig = csig;
-	sigaction(SIGCONT, &nsig, &csig);
-	if ((RETSIGTYPE (*)())csig.sa_handler==(RETSIGTYPE (*)())listen_int_handler)
-	    csig = osig;
+        nsig.sa_handler = listen_int_handler;   /* fgets is not signal-safe */
+        osig = csig;
+        sigaction(SIGCONT, &nsig, &csig);
+        if ((RETSIGTYPE (*)())csig.sa_handler==(RETSIGTYPE (*)())listen_int_handler)
+            csig = osig;
 #else
-	old_sig_cont = sig_cont;
-	sig_cont = signal(SIGCONT, print_prompt);
-	if (sig_cont == print_prompt)
-	    sig_cont = old_sig_cont;
+        old_sig_cont = sig_cont;
+        sig_cont = signal(SIGCONT, print_prompt);
+        if (sig_cont == print_prompt)
+            sig_cont = old_sig_cont;
 #endif
-	if (fgets(input, BUFSIZ, stdin) != input) {
-	    code = SS_ET_EOF;
-	    goto egress;
-	}
-	cp = strchr(input, '\n');
-	if (cp) {
-	    *cp = '\0';
-	    if (cp == input)
-		continue;
-	}
+        if (fgets(input, BUFSIZ, stdin) != input) {
+            code = SS_ET_EOF;
+            goto egress;
+        }
+        cp = strchr(input, '\n');
+        if (cp) {
+            *cp = '\0';
+            if (cp == input)
+                continue;
+        }
 #ifdef POSIX_SIGNALS
-	sigaction(SIGCONT, &csig, (struct sigaction *)0);
+        sigaction(SIGCONT, &csig, (struct sigaction *)0);
 #else
-	(void) signal(SIGCONT, sig_cont);
+        (void) signal(SIGCONT, sig_cont);
 #endif
-	for (end = input; *end; end++)
-	    ;
-
-	code = ss_execute_line (sci_idx, input);
-	if (code == SS_ET_COMMAND_NOT_FOUND) {
-	    register char *c = input;
-	    while (*c == ' ' || *c == '\t')
-		c++;
-	    cp = strchr (c, ' ');
-	    if (cp)
-		*cp = '\0';
-	    cp = strchr (c, '\t');
-	    if (cp)
-		*cp = '\0';
-	    ss_error (sci_idx, 0,
-		    "Unknown request \"%s\".  Type \"?\" for a request list.",
-		       c);
-	}
+        for (end = input; *end; end++)
+            ;
+
+        code = ss_execute_line (sci_idx, input);
+        if (code == SS_ET_COMMAND_NOT_FOUND) {
+            register char *c = input;
+            while (*c == ' ' || *c == '\t')
+                c++;
+            cp = strchr (c, ' ');
+            if (cp)
+                *cp = '\0';
+            cp = strchr (c, '\t');
+            if (cp)
+                *cp = '\0';
+            ss_error (sci_idx, 0,
+                      "Unknown request \"%s\".  Type \"?\" for a request list.",
+                      c);
+        }
     }
     code = 0;
 egress:
diff --git a/src/util/ss/mit-sipb-copyright.h b/src/util/ss/mit-sipb-copyright.h
index 5e8ec17..3a1ddeb 100644
--- a/src/util/ss/mit-sipb-copyright.h
+++ b/src/util/ss/mit-sipb-copyright.h
@@ -1,21 +1,22 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
 
-Copyright 1987 by the Student Information Processing Board
-	of the Massachusetts Institute of Technology
+  Copyright 1987 by the Student Information Processing Board
+  of the Massachusetts Institute of Technology
 
-Permission to use, copy, modify, and distribute this software
-and its documentation for any purpose and without fee is
-hereby granted, provided that the above copyright notice
-appear in all copies and that both that copyright notice and
-this permission notice appear in supporting documentation,
-and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
-used in advertising or publicity pertaining to distribution
-of the software without specific, written prior permission.
-Furthermore if you modify this software you must label
-your software as modified software and not distribute it in such a
-fashion that it might be confused with the original M.I.T. software.
-M.I.T. and the M.I.T. S.I.P.B. make no representations about
-the suitability of this software for any purpose.  It is
-provided "as is" without express or implied warranty.
+  Permission to use, copy, modify, and distribute this software
+  and its documentation for any purpose and without fee is
+  hereby granted, provided that the above copyright notice
+  appear in all copies and that both that copyright notice and
+  this permission notice appear in supporting documentation,
+  and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
+  used in advertising or publicity pertaining to distribution
+  of the software without specific, written prior permission.
+  Furthermore if you modify this software you must label
+  your software as modified software and not distribute it in such a
+  fashion that it might be confused with the original M.I.T. software.
+  M.I.T. and the M.I.T. S.I.P.B. make no representations about
+  the suitability of this software for any purpose.  It is
+  provided "as is" without express or implied warranty.
 
 */
diff --git a/src/util/ss/mk_cmds.c b/src/util/ss/mk_cmds.c
index 8e29ccf..6488f7c 100644
--- a/src/util/ss/mk_cmds.c
+++ b/src/util/ss/mk_cmds.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * make_commands.c
  *
@@ -37,26 +38,26 @@ int main(argc, argv)
     char *path, *p, *q;
 
     if (argc != 2) {
-	fputs("Usage: ", stderr);
-	fputs(argv[0], stderr);
-	fputs("cmdtbl.ct\n", stderr);
-	exit(1);
+        fputs("Usage: ", stderr);
+        fputs(argv[0], stderr);
+        fputs("cmdtbl.ct\n", stderr);
+        exit(1);
     }
 
     path = malloc(strlen(argv[1])+4); /* extra space to add ".ct" */
     strcpy(path, argv[1]);
     p = strrchr(path, '/');
     if (p == (char *)NULL)
-	p = path;
+        p = path;
     else
-	p++;
+        p++;
     p = strrchr(p, '.');
     if (p == (char *)NULL || strcmp(p, ".ct"))
-	strcat(path, ".ct");
+        strcat(path, ".ct");
     yyin = fopen(path, "r");
     if (!yyin) {
-	perror(path);
-	exit(1);
+        perror(path);
+        exit(1);
     }
 
     p = strrchr(path, '.');
@@ -69,8 +70,8 @@ int main(argc, argv)
 
     output_file = fopen(c_file, "w+");
     if (!output_file) {
-	perror(c_file);
-	exit(1);
+        perror(c_file);
+        exit(1);
     }
 
     fputs("/* ", output_file);
@@ -83,20 +84,20 @@ int main(argc, argv)
     /* parse it */
     result = yyparse();
     /* put file descriptors back where they belong */
-    fclose(yyin);		/* bye bye input file */
-    fclose(output_file);	/* bye bye output file */
+    fclose(yyin);               /* bye bye input file */
+    fclose(output_file);        /* bye bye output file */
 
     return result;
 }
 
 yyerror(s)
-    char *s;
+char *s;
 {
     fputs(s, stderr);
 #ifdef NO_YYLINENO
     fprintf(stderr, "\nLast token was '%s'\n", last_token);
 #else
     fprintf(stderr, "\nLine %d; last token was '%s'\n",
-	    yylineno, last_token);
+            yylineno, last_token);
 #endif
 }
diff --git a/src/util/ss/options.c b/src/util/ss/options.c
index dd648b0..c3452f9 100644
--- a/src/util/ss/options.c
+++ b/src/util/ss/options.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -8,25 +9,25 @@
 #include "ss.h"
 
 struct option {
-     char *text;
-     long value;
+    char *text;
+    long value;
 };
 
 static struct option options[] = {
-     { "dont_list", SS_OPT_DONT_LIST },
-     { "^list", SS_OPT_DONT_LIST },
-     { "dont_summarize", SS_OPT_DONT_SUMMARIZE },
-     { "^summarize", SS_OPT_DONT_SUMMARIZE },
-     { (char *)NULL, 0 }
+    { "dont_list", SS_OPT_DONT_LIST },
+    { "^list", SS_OPT_DONT_LIST },
+    { "dont_summarize", SS_OPT_DONT_SUMMARIZE },
+    { "^summarize", SS_OPT_DONT_SUMMARIZE },
+    { (char *)NULL, 0 }
 };
 
 long
 flag_val(string)
-     register char *string;
+    register char *string;
 {
-     register struct option *opt;
-     for (opt = options; opt->text; opt++)
-	  if (!strcmp(opt->text, string))
-	       return(opt->value);
-     return(0);
+    register struct option *opt;
+    for (opt = options; opt->text; opt++)
+        if (!strcmp(opt->text, string))
+            return(opt->value);
+    return(0);
 }
diff --git a/src/util/ss/pager.c b/src/util/ss/pager.c
index 8e8aeed..be8fd0b 100644
--- a/src/util/ss/pager.c
+++ b/src/util/ss/pager.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Pager: Routines to create a "more" running out of a particular file
  * descriptor.
@@ -31,30 +32,30 @@ void ss_page_stdin();
 #ifndef NO_FORK
 int ss_pager_create()
 {
-	int filedes[2];
+    int filedes[2];
 
-	if (pipe(filedes) != 0)
-		return(-1);
+    if (pipe(filedes) != 0)
+        return(-1);
 
-	switch((int) fork()) {
-	case -1:
-		return(-1);
-	case 0:
-		/*
-		 * Child; dup read half to 0, close all but 0, 1, and 2
-		 */
-		if (dup2(filedes[0], 0) == -1)
-			exit(1);
-		ss_page_stdin();
-	default:
-		/*
-		 * Parent:  close "read" side of pipe, return
-		 * "write" side.
-		 */
-		(void) close(filedes[0]);
-		set_cloexec_fd(filedes[1]);
-		return(filedes[1]);
-	}
+    switch((int) fork()) {
+    case -1:
+        return(-1);
+    case 0:
+        /*
+         * Child; dup read half to 0, close all but 0, 1, and 2
+         */
+        if (dup2(filedes[0], 0) == -1)
+            exit(1);
+        ss_page_stdin();
+    default:
+        /*
+         * Parent:  close "read" side of pipe, return
+         * "write" side.
+         */
+        (void) close(filedes[0]);
+        set_cloexec_fd(filedes[1]);
+        return(filedes[1]);
+    }
 }
 #else /* don't fork */
 int ss_pager_create()
@@ -62,50 +63,50 @@ int ss_pager_create()
     int fd;
     fd = open("/dev/tty", O_WRONLY, 0);
     if (fd >= 0)
-	set_cloexec_fd(fd);
+        set_cloexec_fd(fd);
     return fd;
 }
 #endif
 
 void ss_page_stdin()
 {
-	int i;
+    int i;
 #ifdef POSIX_SIGNALS
-	struct sigaction sa;
-	sigset_t mask;
+    struct sigaction sa;
+    sigset_t mask;
 #endif
-	for (i = 3; i < 32; i++)
-		(void) close(i);
+    for (i = 3; i < 32; i++)
+        (void) close(i);
 #ifdef POSIX_SIGNALS
-	sa.sa_handler = SIG_DFL;
-	sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;
-	sigaction(SIGINT, &sa, (struct sigaction *)0);
+    sa.sa_handler = SIG_DFL;
+    sigemptyset(&sa.sa_mask);
+    sa.sa_flags = 0;
+    sigaction(SIGINT, &sa, (struct sigaction *)0);
 #else
-	(void) signal(SIGINT, SIG_DFL);
+    (void) signal(SIGINT, SIG_DFL);
 #endif
-	{
+    {
 #ifdef POSIX_SIGNALS
-		sigemptyset(&mask);
-		sigaddset(&mask, SIGINT);
-		sigprocmask(SIG_UNBLOCK, &mask, (sigset_t *)0);
+        sigemptyset(&mask);
+        sigaddset(&mask, SIGINT);
+        sigprocmask(SIG_UNBLOCK, &mask, (sigset_t *)0);
 #else
-		int mask = sigblock(0);
-		mask &= ~sigmask(SIGINT);
-		sigsetmask(mask);
+        int mask = sigblock(0);
+        mask &= ~sigmask(SIGINT);
+        sigsetmask(mask);
 #endif
-	}
-	if (_ss_pager_name == (char *)NULL) {
-		if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL)
-			_ss_pager_name = MORE;
-	}
-	(void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL);
-	{
-		/* minimal recovery if pager program isn't found */
-		char buf[80];
-		register int n;
-		while ((n = read(0, buf, 80)) > 0)
-			write(1, buf, (unsigned) n);
-	}
-	exit(errno);
+    }
+    if (_ss_pager_name == (char *)NULL) {
+        if ((_ss_pager_name = getenv("PAGER")) == (char *)NULL)
+            _ss_pager_name = MORE;
+    }
+    (void) execlp(_ss_pager_name, _ss_pager_name, (char *) NULL);
+    {
+        /* minimal recovery if pager program isn't found */
+        char buf[80];
+        register int n;
+        while ((n = read(0, buf, 80)) > 0)
+            write(1, buf, (unsigned) n);
+    }
+    exit(errno);
 }
diff --git a/src/util/ss/parse.c b/src/util/ss/parse.c
index 28507b1..456b147 100644
--- a/src/util/ss/parse.c
+++ b/src/util/ss/parse.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 2007 Massachusetts Institute of Technology.
  * All Rights Reserved.
@@ -49,8 +50,8 @@ enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING };
  *              Series of pointers to parsed tokens in the original string.
  */
 
-#define NEW_ARGV(old,n) (char **)realloc((char *)old,\
-					 (unsigned)(n+2)*sizeof(char*))
+#define NEW_ARGV(old,n) (char **)realloc((char *)old,                   \
+                                         (unsigned)(n+2)*sizeof(char*))
 
 char **ss_parse (sci_idx, line_ptr, argc_ptr)
     int sci_idx;
@@ -64,106 +65,106 @@ char **ss_parse (sci_idx, line_ptr, argc_ptr)
 
     argv = (char **) malloc (sizeof(char *));
     if (argv == (char **)NULL) {
-	ss_error(sci_idx, errno, "Can't allocate storage");
-	*argc_ptr = 0;
-	return(argv);
+        ss_error(sci_idx, errno, "Can't allocate storage");
+        *argc_ptr = 0;
+        return(argv);
     }
     *argv = (char *)NULL;
 
     argc = 0;
 
-    parse_mode = WHITESPACE;	/* flushing whitespace */
-    cp = line_ptr;		/* cp is for output */
+    parse_mode = WHITESPACE;    /* flushing whitespace */
+    cp = line_ptr;              /* cp is for output */
     while (1) {
 #ifdef DEBUG
-	{
-	    printf ("character `%c', mode %d\n", *line_ptr, parse_mode);
-	}
+        {
+            printf ("character `%c', mode %d\n", *line_ptr, parse_mode);
+        }
 #endif
-	while (parse_mode == WHITESPACE) {
-	    if (*line_ptr == '\0')
-		goto end_of_line;
-	    if (*line_ptr == ' ' || *line_ptr == '\t') {
-		line_ptr++;
-		continue;
-	    }
-	    if (*line_ptr == '"') {
-		/* go to quoted-string mode */
-		parse_mode = QUOTED_STRING;
-		cp = line_ptr++;
-		newargv = NEW_ARGV (argv, argc);
-		if (newargv == NULL) {
-		out_of_mem_in_argv:
-		    free(argv);
-		    ss_error(sci_idx, errno, "Can't allocate storage");
-		    *argc_ptr = 0;
-		    return NULL;
-		}
-		argv = newargv;
-		argv[argc++] = cp;
-		argv[argc] = NULL;
-	    }
-	    else {
-		/* random-token mode */
-		parse_mode = TOKEN;
-		cp = line_ptr;
-		newargv = NEW_ARGV (argv, argc);
-		if (newargv == NULL)
-		    goto out_of_mem_in_argv;
-		argv = newargv;
-		argv[argc++] = line_ptr;
-		argv[argc] = NULL;
-	    }
-	}
-	while (parse_mode == TOKEN) {
-	    if (*line_ptr == '\0') {
-		*cp++ = '\0';
-		goto end_of_line;
-	    }
-	    else if (*line_ptr == ' ' || *line_ptr == '\t') {
-		*cp++ = '\0';
-		line_ptr++;
-		parse_mode = WHITESPACE;
-	    }
-	    else if (*line_ptr == '"') {
-		line_ptr++;
-		parse_mode = QUOTED_STRING;
-	    }
-	    else {
-		*cp++ = *line_ptr++;
-	    }
-	}
-	while (parse_mode == QUOTED_STRING) {
-	    if (*line_ptr == '\0') {
-		ss_error (sci_idx, 0,
-			  "Unbalanced quotes in command line");
-		free (argv);
-		*argc_ptr = 0;
-		return NULL;
-	    }
-	    else if (*line_ptr == '"') {
-		if (*++line_ptr == '"') {
-		    *cp++ = '"';
-		    line_ptr++;
-		}
-		else {
-		    parse_mode = TOKEN;
-		}
-	    }
-	    else {
-		*cp++ = *line_ptr++;
-	    }
-	}
+        while (parse_mode == WHITESPACE) {
+            if (*line_ptr == '\0')
+                goto end_of_line;
+            if (*line_ptr == ' ' || *line_ptr == '\t') {
+                line_ptr++;
+                continue;
+            }
+            if (*line_ptr == '"') {
+                /* go to quoted-string mode */
+                parse_mode = QUOTED_STRING;
+                cp = line_ptr++;
+                newargv = NEW_ARGV (argv, argc);
+                if (newargv == NULL) {
+                out_of_mem_in_argv:
+                    free(argv);
+                    ss_error(sci_idx, errno, "Can't allocate storage");
+                    *argc_ptr = 0;
+                    return NULL;
+                }
+                argv = newargv;
+                argv[argc++] = cp;
+                argv[argc] = NULL;
+            }
+            else {
+                /* random-token mode */
+                parse_mode = TOKEN;
+                cp = line_ptr;
+                newargv = NEW_ARGV (argv, argc);
+                if (newargv == NULL)
+                    goto out_of_mem_in_argv;
+                argv = newargv;
+                argv[argc++] = line_ptr;
+                argv[argc] = NULL;
+            }
+        }
+        while (parse_mode == TOKEN) {
+            if (*line_ptr == '\0') {
+                *cp++ = '\0';
+                goto end_of_line;
+            }
+            else if (*line_ptr == ' ' || *line_ptr == '\t') {
+                *cp++ = '\0';
+                line_ptr++;
+                parse_mode = WHITESPACE;
+            }
+            else if (*line_ptr == '"') {
+                line_ptr++;
+                parse_mode = QUOTED_STRING;
+            }
+            else {
+                *cp++ = *line_ptr++;
+            }
+        }
+        while (parse_mode == QUOTED_STRING) {
+            if (*line_ptr == '\0') {
+                ss_error (sci_idx, 0,
+                          "Unbalanced quotes in command line");
+                free (argv);
+                *argc_ptr = 0;
+                return NULL;
+            }
+            else if (*line_ptr == '"') {
+                if (*++line_ptr == '"') {
+                    *cp++ = '"';
+                    line_ptr++;
+                }
+                else {
+                    parse_mode = TOKEN;
+                }
+            }
+            else {
+                *cp++ = *line_ptr++;
+            }
+        }
     }
 end_of_line:
     *argc_ptr = argc;
 #ifdef DEBUG
     {
-	int i;
-	printf ("argc = %d\n", argc);
-	for (i = 0; i <= argc; i++)
-	    printf ("\targv[%2d] = `%s'\n", i,
-		    argv[i] ? argv[i] : "<NULL>");
+        int i;
+        printf ("argc = %d\n", argc);
+        for (i = 0; i <= argc; i++)
+            printf ("\targv[%2d] = `%s'\n", i,
+                    argv[i] ? argv[i] : "<NULL>");
     }
 #endif
     return(argv);
diff --git a/src/util/ss/prompt.c b/src/util/ss/prompt.c
index 0751bae..f42fde9 100644
--- a/src/util/ss/prompt.c
+++ b/src/util/ss/prompt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * prompt.c: Routines for retrieving and setting a prompt.
  *
@@ -14,15 +15,15 @@
 
 void
 ss_set_prompt(sci_idx, new_prompt)
-     int sci_idx;
-     char *new_prompt;
+    int sci_idx;
+    char *new_prompt;
 {
-     ss_info(sci_idx)->prompt = new_prompt;
+    ss_info(sci_idx)->prompt = new_prompt;
 }
 
 char *
 ss_get_prompt(sci_idx)
-     int sci_idx;
+    int sci_idx;
 {
-     return(ss_info(sci_idx)->prompt);
+    return(ss_info(sci_idx)->prompt);
 }
diff --git a/src/util/ss/request_tbl.c b/src/util/ss/request_tbl.c
index a214eb0..7721a5f 100644
--- a/src/util/ss/request_tbl.c
+++ b/src/util/ss/request_tbl.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -7,59 +8,59 @@
 #include "copyright.h"
 #include "ss_internal.h"
 
-#define ssrt ss_request_table	/* for some readable code... */
+#define ssrt ss_request_table   /* for some readable code... */
 
 void
 ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr)
-	int sci_idx;
-	ssrt *rqtbl_ptr;
-	int position;		/* 1 -> becomes second... */
-	int *code_ptr;
+    int sci_idx;
+    ssrt *rqtbl_ptr;
+    int position;           /* 1 -> becomes second... */
+    int *code_ptr;
 {
-	register ss_data *info;
-	register int i, size;
+    register ss_data *info;
+    register int i, size;
 
-	info = ss_info(sci_idx);
-	for (size=0; info->rqt_tables[size] != (ssrt *)NULL; size++)
-		;
-	/* size == C subscript of NULL == #elements */
-	size += 2;		/* new element, and NULL */
-	info->rqt_tables = (ssrt **)realloc(info->rqt_tables,
-					    size*sizeof(ssrt *));
-	if (info->rqt_tables == (ssrt **)NULL) {
-		*code_ptr = errno;
-		return;
-	}
-	if (position > size - 2)
-		position = size - 2;
+    info = ss_info(sci_idx);
+    for (size=0; info->rqt_tables[size] != (ssrt *)NULL; size++)
+        ;
+    /* size == C subscript of NULL == #elements */
+    size += 2;              /* new element, and NULL */
+    info->rqt_tables = (ssrt **)realloc(info->rqt_tables,
+                                        size*sizeof(ssrt *));
+    if (info->rqt_tables == (ssrt **)NULL) {
+        *code_ptr = errno;
+        return;
+    }
+    if (position > size - 2)
+        position = size - 2;
 
-	if (size > 1)
-		for (i = size - 2; i >= position; i--)
-			info->rqt_tables[i+1] = info->rqt_tables[i];
+    if (size > 1)
+        for (i = size - 2; i >= position; i--)
+            info->rqt_tables[i+1] = info->rqt_tables[i];
 
-	info->rqt_tables[position] = rqtbl_ptr;
-	info->rqt_tables[size-1] = (ssrt *)NULL;
-	*code_ptr = 0;
+    info->rqt_tables[position] = rqtbl_ptr;
+    info->rqt_tables[size-1] = (ssrt *)NULL;
+    *code_ptr = 0;
 }
 
 void
 ss_delete_request_table(sci_idx, rqtbl_ptr, code_ptr)
-     int sci_idx;
-     ssrt *rqtbl_ptr;
-     int *code_ptr;
+    int sci_idx;
+    ssrt *rqtbl_ptr;
+    int *code_ptr;
 {
-     register ss_data *info;
-     register ssrt **rt1, **rt2;
+    register ss_data *info;
+    register ssrt **rt1, **rt2;
 
-     *code_ptr = SS_ET_TABLE_NOT_FOUND;
-     info = ss_info(sci_idx);
-     rt1 = info->rqt_tables;
-     for (rt2 = rt1; *rt1; rt1++) {
-	  if (*rt1 != rqtbl_ptr) {
-	       *rt2++ = *rt1;
-	       *code_ptr = 0;
-	  }
-     }
-     *rt2 = (ssrt *)NULL;
-     return;
+    *code_ptr = SS_ET_TABLE_NOT_FOUND;
+    info = ss_info(sci_idx);
+    rt1 = info->rqt_tables;
+    for (rt2 = rt1; *rt1; rt1++) {
+        if (*rt1 != rqtbl_ptr) {
+            *rt2++ = *rt1;
+            *code_ptr = 0;
+        }
+    }
+    *rt2 = (ssrt *)NULL;
+    return;
 }
diff --git a/src/util/ss/requests.c b/src/util/ss/requests.c
index ccd0f79..27c4a20 100644
--- a/src/util/ss/requests.c
+++ b/src/util/ss/requests.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Various minor routines...
  *
@@ -9,16 +10,16 @@
 #include <stdio.h>
 #include "ss_internal.h"
 
-#define	DECLARE(name)	void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr;
+#define DECLARE(name)   void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr;
 
 /*
  * ss_self_identify -- assigned by default to the "." request
  */
 DECLARE(ss_self_identify)
 {
-     register ss_data *info = ss_info(sci_idx);
-     printf("%s version %s\n", info->subsystem_name,
-	    info->subsystem_version);
+    register ss_data *info = ss_info(sci_idx);
+    printf("%s version %s\n", info->subsystem_name,
+           info->subsystem_version);
 }
 
 /*
@@ -26,7 +27,7 @@ DECLARE(ss_self_identify)
  */
 DECLARE(ss_subsystem_name)
 {
-     printf("%s\n", ss_info(sci_idx)->subsystem_name);
+    printf("%s\n", ss_info(sci_idx)->subsystem_name);
 }
 
 /*
@@ -34,7 +35,7 @@ DECLARE(ss_subsystem_name)
  */
 DECLARE(ss_subsystem_version)
 {
-     printf("%s\n", ss_info(sci_idx)->subsystem_version);
+    printf("%s\n", ss_info(sci_idx)->subsystem_version);
 }
 
 /*
@@ -43,5 +44,5 @@ DECLARE(ss_subsystem_version)
  */
 DECLARE(ss_unimplemented)
 {
-     ss_perror(sci_idx, SS_ET_UNIMPLEMENTED, "");
+    ss_perror(sci_idx, SS_ET_UNIMPLEMENTED, "");
 }
diff --git a/src/util/ss/ss.h b/src/util/ss/ss.h
index ac25266..38d8974 100644
--- a/src/util/ss/ss.h
+++ b/src/util/ss/ss.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -21,8 +22,8 @@
 typedef __SS_CONST struct _ss_request_entry {
     __SS_CONST char * __SS_CONST *command_names; /* whatever */
     void (* __SS_CONST function) __SS_PROTO; /* foo */
-    __SS_CONST char * __SS_CONST info_string;	/* NULL */
-    int flags;			/* 0 */
+    __SS_CONST char * __SS_CONST info_string;   /* NULL */
+    int flags;                  /* 0 */
 } ss_request_entry;
 
 typedef __SS_CONST struct _ss_request_table {
@@ -30,19 +31,19 @@ typedef __SS_CONST struct _ss_request_table {
     ss_request_entry *requests;
 } ss_request_table;
 
-#define SS_RQT_TBL_V2	2
+#define SS_RQT_TBL_V2   2
 
-typedef struct _ss_rp_options {	/* DEFAULT VALUES */
-    int version;		/* SS_RP_V1 */
-    void (*unknown) __SS_PROTO;	/* call for unknown command */
+typedef struct _ss_rp_options { /* DEFAULT VALUES */
+    int version;                /* SS_RP_V1 */
+    void (*unknown) __SS_PROTO; /* call for unknown command */
     int allow_suspend;
     int catch_int;
 } ss_rp_options;
 
 #define SS_RP_V1 1
 
-#define SS_OPT_DONT_LIST	0x0001
-#define SS_OPT_DONT_SUMMARIZE	0x0002
+#define SS_OPT_DONT_LIST        0x0001
+#define SS_OPT_DONT_SUMMARIZE   0x0002
 
 void ss_help __SS_PROTO;
 void ss_list_requests __SS_PROTO;
diff --git a/src/util/ss/ss_internal.h b/src/util/ss/ss_internal.h
index 5c9201a..400f312 100644
--- a/src/util/ss/ss_internal.h
+++ b/src/util/ss/ss_internal.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -29,7 +30,7 @@ typedef void * pointer;
 #define LOCAL_FREE(x)
 extern pointer alloca (unsigned);
 #else
-#if defined(__HIGHC__)	/* Barf! */
+#if defined(__HIGHC__)  /* Barf! */
 pragma on(alloca);
 #define LOCAL_ALLOC(x) alloca(x)
 #define LOCAL_FREE(x)
@@ -40,13 +41,13 @@ extern pointer alloca (unsigned);
 #define LOCAL_FREE(x) free(x)
 #endif
 #endif
-#endif				/* LOCAL_ALLOC stuff */
+#endif                          /* LOCAL_ALLOC stuff */
 
 typedef char BOOL;
 
 typedef struct _ss_abbrev_entry {
-    char *name;			/* abbrev name */
-    char **abbrev;		/* new tokens to insert */
+    char *name;                 /* abbrev name */
+    char **abbrev;              /* new tokens to insert */
     unsigned int beginning_of_line : 1;
 } ss_abbrev_entry;
 
@@ -60,36 +61,36 @@ typedef struct {
     ss_abbrev_list abbrevs[127];
 } ss_abbrev_info;
 
-typedef struct _ss_data {	/* init values */
+typedef struct _ss_data {       /* init values */
     /* this subsystem */
     char *subsystem_name;
     char *subsystem_version;
     /* current request info */
     int argc;
-    char **argv;		/* arg list */
+    char **argv;                /* arg list */
     char const *current_request; /* primary name */
     /* info directory for 'help' */
     char **info_dirs;
     /* to be extracted by subroutines */
-    pointer info_ptr;		/* (void *) NULL */
+    pointer info_ptr;           /* (void *) NULL */
     /* for ss_listen processing */
     char *prompt;
     ss_request_table **rqt_tables;
     ss_abbrev_info *abbrev_info;
     struct {
-	unsigned int  escape_disabled : 1,
-		      abbrevs_disabled : 1;
+        unsigned int  escape_disabled : 1,
+            abbrevs_disabled : 1;
     } flags;
     /* to get out */
-    int abort;			/* exit subsystem */
+    int abort;                  /* exit subsystem */
     int exit_status;
 } ss_data;
 
 #define CURRENT_SS_VERSION 1
 
-#define	ss_info(sci_idx)	(_ss_table[sci_idx])
-#define	ss_current_request(sci_idx,code_ptr)	\
-     (*code_ptr=0,ss_info(sci_idx)->current_request)
+#define ss_info(sci_idx)        (_ss_table[sci_idx])
+#define ss_current_request(sci_idx,code_ptr)            \
+    (*code_ptr=0,ss_info(sci_idx)->current_request)
 void ss_unknown_function();
 void ss_delete_info_dir();
 char **ss_parse (int, char *, int *);
diff --git a/src/util/ss/test_ss.c b/src/util/ss/test_ss.c
index 9bab95c..34287b0 100644
--- a/src/util/ss/test_ss.c
+++ b/src/util/ss/test_ss.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/ss/test_ss.c
  */
@@ -21,70 +22,70 @@ int main(argc, argv)
     int code;
     char *argv0 = argv[0];
     char *initial_request = (char *)NULL;
-    int quit = FALSE;	/* quit after processing request */
+    int quit = FALSE;   /* quit after processing request */
     int sci_idx;
     char *subsystem_name;
 
     subsystem_name = def_subsystem_name;
 
     for (; *argv; ++argv, --argc) {
-	printf("checking arg: %s\n", *argv);
-	if (!strcmp(*argv, "-prompt")) {
-	    if (argc == 1) {
-		fprintf(stderr,
-			"No argument supplied with -prompt\n");
-		exit(1);
-	    }
-	    argc--; argv++;
-	    subsystem_name = *argv;
-	}
-	else if (!strcmp(*argv, "-request") || !strcmp(*argv, "-rq")) {
-	    if (argc == 1) {
-		fprintf(stderr,
-			"No string supplied with -request.\n");
-		exit(1);
-	    }
-	    argc--; argv++;
-	    initial_request = *argv;
-	}
-	else if (!strcmp(*argv, "-quit"))
-	    quit = TRUE;
-	else if (!strcmp(*argv, "-no_quit"))
-	    quit = FALSE;
-	else if (**argv == '-') {
-	    fprintf(stderr, "Unknown control argument %s\n",
-		    *argv);
-	    fprintf(stderr,
-	"Usage: %s [gateway] [ -prompt name ] [ -request name ] [ -quit ]\n",
-		    argv0);
-	    exit(1);
-	}
+        printf("checking arg: %s\n", *argv);
+        if (!strcmp(*argv, "-prompt")) {
+            if (argc == 1) {
+                fprintf(stderr,
+                        "No argument supplied with -prompt\n");
+                exit(1);
+            }
+            argc--; argv++;
+            subsystem_name = *argv;
+        }
+        else if (!strcmp(*argv, "-request") || !strcmp(*argv, "-rq")) {
+            if (argc == 1) {
+                fprintf(stderr,
+                        "No string supplied with -request.\n");
+                exit(1);
+            }
+            argc--; argv++;
+            initial_request = *argv;
+        }
+        else if (!strcmp(*argv, "-quit"))
+            quit = TRUE;
+        else if (!strcmp(*argv, "-no_quit"))
+            quit = FALSE;
+        else if (**argv == '-') {
+            fprintf(stderr, "Unknown control argument %s\n",
+                    *argv);
+            fprintf(stderr,
+                    "Usage: %s [gateway] [ -prompt name ] [ -request name ] [ -quit ]\n",
+                    argv0);
+            exit(1);
+        }
     }
 
     sci_idx = ss_create_invocation(subsystem_name, version,
-				   (char *)NULL, &test_cmds, &code);
+                                   (char *)NULL, &test_cmds, &code);
     if (code) {
-	ss_perror(sci_idx, code, "creating invocation");
-	exit(1);
+        ss_perror(sci_idx, code, "creating invocation");
+        exit(1);
     }
 
     (void) ss_add_request_table (sci_idx, &ss_std_requests, 1, &code);
     if (code) {
-	ss_perror (sci_idx, code, "adding standard requests");
-	exit (1);
+        ss_perror (sci_idx, code, "adding standard requests");
+        exit (1);
     }
 
     if (!quit)
-	printf("test version %s.  Type '?' for a list of commands.\n\n",
-	       version);
+        printf("test version %s.  Type '?' for a list of commands.\n\n",
+               version);
 
     if (initial_request != (char *)NULL) {
-	code = ss_execute_line(sci_idx, initial_request);
-	if (code != 0)
-	    ss_perror(sci_idx, code, initial_request);
+        code = ss_execute_line(sci_idx, initial_request);
+        if (code != 0)
+            ss_perror(sci_idx, code, initial_request);
     }
     if (!quit || code)
-	code =  ss_listen (sci_idx);
+        code =  ss_listen (sci_idx);
     exit(0);
 }
 
@@ -94,6 +95,6 @@ void test_cmd (argc, argv)
     char **argv;
 {
     while (++argv, --argc)
-	fputs(*argv, stdout);
+        fputs(*argv, stdout);
     putchar ('\n');
 }
diff --git a/src/util/ss/utils.c b/src/util/ss/utils.c
index d240333..3b1f658 100644
--- a/src/util/ss/utils.c
+++ b/src/util/ss/utils.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright 1987, 1988 by MIT Student Information Processing Board
  *
@@ -6,7 +7,7 @@
 
 #include <string.h>
 #include "copyright.h"
-#include "ss_internal.h"	/* includes stdio and string */
+#include "ss_internal.h"        /* includes stdio and string */
 
 extern FILE *output_file;
 
@@ -60,50 +61,50 @@ char * generate_rqte(func_name, info_string, cmds, options)
     var_name = generate_cmds_string(cmds);
     generate_function_definition(func_name);
     asprintf(&string, "    { %s,\n      %s,\n      %s,\n      %d },\n",
-	     var_name, func_name, info_string, options);
+             var_name, func_name, info_string, options);
     return(string);
 }
 
 char *
 gensym(name)
-	char *name;
+    char *name;
 {
-	char *symbol;
+    char *symbol;
 
-	gensym_n++;
-	asprintf(&symbol, "%s%05ld", name, gensym_n);
-	return(symbol);
+    gensym_n++;
+    asprintf(&symbol, "%s%05ld", name, gensym_n);
+    return(symbol);
 }
 
 /* concatenate three strings and return the result */
 char *str_concat3(a, b, c)
-	register char *a, *b, *c;
+    register char *a, *b, *c;
 {
-	char *result;
+    char *result;
 
-	asprintf(&result, "%s%s%s", a, c, b);
-	return(result);
+    asprintf(&result, "%s%s%s", a, c, b);
+    return(result);
 }
 
 /* return copy of string enclosed in double-quotes */
 char *quote(string)
-	register char *string;
+    register char *string;
 {
-	register char *result;
+    register char *result;
 
-	asprintf(&result, "\"%s\"", string);
-	return(result);
+    asprintf(&result, "\"%s\"", string);
+    return(result);
 }
 
 #ifndef HAVE_STRDUP
 /* make duplicate of string and return pointer */
 char *strdup(s)
-	register char *s;
+    register char *s;
 {
-	register int len = strlen(s) + 1;
-	register char *new;
-	new = malloc(len);
-	strncpy(new, s, len);
-	return(new);
+    register int len = strlen(s) + 1;
+    register char *new;
+    new = malloc(len);
+    strncpy(new, s, len);
+    return(new);
 }
 #endif
diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
index 88ac681..6c2be57 100644
--- a/src/util/support/Makefile.in
+++ b/src/util/support/Makefile.in
@@ -1,5 +1,3 @@
-thisconfigdir=../..
-myfulldir=util/support
 mydir=util/support
 BUILDTOP=$(REL)..$(S)..
 RELDIR=../util/support
@@ -64,6 +62,7 @@ STLIBOBJS= \
 	fake-addrinfo.o \
 	utf8.o \
 	utf8_conv.o \
+	zap.o \
 	$(IPC_ST_OBJ) \
 	$(STRLCPY_ST_OBJ) \
 	$(PRINTF_ST_OBJ) \
@@ -79,6 +78,7 @@ LIBOBJS= \
 	$(OUTPRE)fake-addrinfo.$(OBJEXT) \
 	$(OUTPRE)utf8.$(OBJEXT) \
 	$(OUTPRE)utf8_conv.$(OBJEXT) \
+	$(OUTPRE)zap.$(OBJEXT) \
 	$(IPC_OBJ) \
 	$(STRLCPY_OBJ) \
 	$(PRINTF_OBJ) \
@@ -103,7 +103,8 @@ SRCS=\
 	$(srcdir)/printf.c \
 	$(srcdir)/mkstemp.c \
 	$(srcdir)/t_k5buf.c \
-	$(srcdir)/t_unal.c 
+	$(srcdir)/t_unal.c \
+	$(srcdir)/zap.c
 
 SHLIB_EXPDEPS =
 # Add -lm if dumping thread stats, for sqrt.
@@ -121,7 +122,7 @@ install-unix:: install-libs
 clean-unix:: clean-liblinks clean-libs clean-libobjs
 
 ##DOS##!if 0
-$(BUILDTOP)/include/autoconf.h: $(SRCTOP)/include/autoconf.h.in
+$(BUILDTOP)/include/autoconf.h: $(top_srcdir)/include/autoconf.h.in
 	(cd $(BUILDTOP)/include; $(MAKE) autoconf.h)
 ##DOS##!endif
 
diff --git a/src/util/support/cache-addrinfo.h b/src/util/support/cache-addrinfo.h
index 95f522d..d4d26b1 100644
--- a/src/util/support/cache-addrinfo.h
+++ b/src/util/support/cache-addrinfo.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2004 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
@@ -39,62 +40,65 @@
  * fashion that it might be confused with the original M.I.T. software.
  */
 
-/* Approach overview:
-
-   If a system version is available but buggy, save handles to it,
-   redefine the names to refer to static functions defined here, and
-   in those functions, call the system versions and fix up the
-   returned data.  Use the native data structures and flag values.
-
-   If no system version exists, use gethostby* and fake it.  Define
-   the data structures and flag values locally.
-
-
-   On Mac OS X, getaddrinfo results aren't cached (though
-   gethostbyname results are), so we need to build a cache here.  Now
-   things are getting really messy.  Because the cache is in use, we
-   use getservbyname, and throw away thread safety.  (Not that the
-   cache is thread safe, but when we get locking support, that'll be
-   dealt with.)  This code needs tearing down and rebuilding, soon.
-
-
-   Note that recent Windows developers' code has an interesting hack:
-   When you include the right header files, with the right set of
-   macros indicating system versions, you'll get an inline function
-   that looks for getaddrinfo (or whatever) in the system library, and
-   calls it if it's there.  If it's not there, it fakes it with
-   gethostby* calls.
-
-   We're taking a simpler approach: A system provides these routines or
-   it does not.
-
-   Someday, we may want to take into account different versions (say,
-   different revs of GNU libc) where some are broken in one way, and
-   some work or are broken in another way.  Cross that bridge when we
-   come to it.  */
+/*
+ * Approach overview:
+ *
+ * If a system version is available but buggy, save handles to it,
+ * redefine the names to refer to static functions defined here, and
+ * in those functions, call the system versions and fix up the
+ * returned data.  Use the native data structures and flag values.
+ *
+ * If no system version exists, use gethostby* and fake it.  Define
+ * the data structures and flag values locally.
+ *
+ *
+ * On Mac OS X, getaddrinfo results aren't cached (though
+ * gethostbyname results are), so we need to build a cache here.  Now
+ * things are getting really messy.  Because the cache is in use, we
+ * use getservbyname, and throw away thread safety.  (Not that the
+ * cache is thread safe, but when we get locking support, that'll be
+ * dealt with.)  This code needs tearing down and rebuilding, soon.
+ *
+ *
+ * Note that recent Windows developers' code has an interesting hack:
+ * When you include the right header files, with the right set of
+ * macros indicating system versions, you'll get an inline function
+ * that looks for getaddrinfo (or whatever) in the system library, and
+ * calls it if it's there.  If it's not there, it fakes it with
+ * gethostby* calls.
+ *
+ * We're taking a simpler approach: A system provides these routines or
+ * it does not.
+ *
+ * Someday, we may want to take into account different versions (say,
+ * different revs of GNU libc) where some are broken in one way, and
+ * some work or are broken in another way.  Cross that bridge when we
+ * come to it.
+ */
 
 /* To do, maybe:
-
-   + For AIX 4.3.3, using the RFC 2133 definition: Implement
-     AI_NUMERICHOST.  It's not defined in the header file.
-
-     For certain (old?) versions of GNU libc, AI_NUMERICHOST is
-     defined but not implemented.
-
-   + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
-     functions if available.  But, see
-     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
-     gethostbyname2 problem on Linux.  And besides, if a platform is
-     supporting IPv6 at all, they really should be doing getaddrinfo
-     by now.
-
-   + inet_ntop, inet_pton
-
-   + Conditionally export/import the function definitions, so a
-     library can have a single copy instead of multiple.
-
-   + Upgrade host requirements to include working implementations of
-     these functions, and throw all this away.  Pleeease?  :-)  */
+ *
+ * + For AIX 4.3.3, using the RFC 2133 definition: Implement
+ *   AI_NUMERICHOST.  It's not defined in the header file.
+ *
+ *   For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+ *   defined but not implemented.
+ *
+ * + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
+ *   functions if available.  But, see
+ *   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+ *   gethostbyname2 problem on Linux.  And besides, if a platform is
+ *   supporting IPv6 at all, they really should be doing getaddrinfo
+ *   by now.
+ *
+ * + inet_ntop, inet_pton
+ *
+ * + Conditionally export/import the function definitions, so a
+ *   library can have a single copy instead of multiple.
+ *
+ * + Upgrade host requirements to include working implementations of
+ *   these functions, and throw all this away.  Pleeease?  :-)
+ */
 
 #include "port-sockets.h"
 #include "socket-utils.h"
diff --git a/src/util/support/deps b/src/util/support/deps
index 39af00c..0f2991a 100644
--- a/src/util/support/deps
+++ b/src/util/support/deps
@@ -2,48 +2,51 @@
 # Generated makefile dependencies follow.
 #
 threads.so threads.po $(OUTPRE)threads.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/port-sockets.h \
-  $(SRCTOP)/include/socket-utils.h cache-addrinfo.h supp-int.h \
-  threads.c
+  $(top_srcdir)/include/fake-addrinfo.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/port-sockets.h \
+  $(top_srcdir)/include/socket-utils.h cache-addrinfo.h \
+  supp-int.h threads.c
 init-addrinfo.so init-addrinfo.po $(OUTPRE)init-addrinfo.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cache-addrinfo.h init-addrinfo.c
 errors.so errors.po $(OUTPRE)errors.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h errors.c supp-int.h
+  $(top_srcdir)/include/k5-err.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h errors.c supp-int.h
 k5buf.so k5buf.po $(OUTPRE)k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h k5buf-int.h k5buf.c
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h k5buf-int.h k5buf.c
 gmt_mktime.so gmt_mktime.po $(OUTPRE)gmt_mktime.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-gmt_mktime.h \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-gmt_mktime.h \
   gmt_mktime.c
 fake-addrinfo.so fake-addrinfo.po $(OUTPRE)fake-addrinfo.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/fake-addrinfo.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/fake-addrinfo.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/port-sockets.h $(top_srcdir)/include/socket-utils.h \
   cache-addrinfo.h fake-addrinfo.c supp-int.h
 utf8.so utf8.po $(OUTPRE)utf8.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
-  $(SRCTOP)/include/k5-utf8.h supp-int.h utf8.c
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-utf8.h supp-int.h utf8.c
 utf8_conv.so utf8_conv.po $(OUTPRE)utf8_conv.$(OBJEXT): \
-  $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-utf8.h \
+  $(BUILDTOP)/include/autoconf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h $(top_srcdir)/include/k5-utf8.h \
   supp-int.h utf8_conv.c
 strlcpy.so strlcpy.po $(OUTPRE)strlcpy.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   strlcpy.c
 printf.so printf.po $(OUTPRE)printf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   printf.c
 mkstemp.so mkstemp.po $(OUTPRE)mkstemp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   mkstemp.c
 t_k5buf.so t_k5buf.po $(OUTPRE)t_k5buf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-buf.h $(SRCTOP)/include/k5-platform.h \
-  $(SRCTOP)/include/k5-thread.h k5buf-int.h t_k5buf.c
+  $(top_srcdir)/include/k5-buf.h $(top_srcdir)/include/k5-platform.h \
+  $(top_srcdir)/include/k5-thread.h k5buf-int.h t_k5buf.c
 t_unal.so t_unal.po $(OUTPRE)t_unal.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
-  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
   t_unal.c
+zap.so zap.po $(OUTPRE)zap.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
+  $(top_srcdir)/include/k5-platform.h $(top_srcdir)/include/k5-thread.h \
+  zap.c
diff --git a/src/util/support/errors.c b/src/util/support/errors.c
index 967c57a..00cc922 100644
--- a/src/util/support/errors.c
+++ b/src/util/support/errors.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* Can't include krb5.h here, or k5-int.h which includes it, because
    krb5.h needs to be generated with error tables, after util/et,
    which builds after this directory.  */
@@ -30,9 +31,9 @@ krb5int_err_init (void)
 {
     return k5_mutex_finish_init (&krb5int_error_info_support_mutex);
 }
-#define initialize()	krb5int_call_thread_support_init()
-#define lock()		k5_mutex_lock(&krb5int_error_info_support_mutex)
-#define unlock()	k5_mutex_unlock(&krb5int_error_info_support_mutex)
+#define initialize()    krb5int_call_thread_support_init()
+#define lock()          k5_mutex_lock(&krb5int_error_info_support_mutex)
+#define unlock()        k5_mutex_unlock(&krb5int_error_info_support_mutex)
 
 #undef krb5int_set_error
 void
@@ -46,7 +47,7 @@ krb5int_set_error (struct errinfo *ep, long code, const char *fmt, ...)
 
 void
 krb5int_set_error_fl (struct errinfo *ep, long code,
-		      const char *file, int line, const char *fmt, ...)
+                      const char *file, int line, const char *fmt, ...)
 {
     va_list args;
     va_start (args, fmt);
@@ -56,15 +57,15 @@ krb5int_set_error_fl (struct errinfo *ep, long code,
 
 void
 krb5int_vset_error (struct errinfo *ep, long code,
-		    const char *fmt, va_list args)
+                    const char *fmt, va_list args)
 {
     krb5int_vset_error_fl(ep, code, NULL, 0, fmt, args);
 }
 
 void
 krb5int_vset_error_fl (struct errinfo *ep, long code,
-		       const char *file, int line,
-		       const char *fmt, va_list args)
+                       const char *file, int line,
+                       const char *fmt, va_list args)
 {
     va_list args2;
     char *str = NULL, *str2, *slash;
@@ -79,19 +80,19 @@ krb5int_vset_error_fl (struct errinfo *ep, long code,
     /* try vasprintf first */
     va_copy(args2, args);
     if (vasprintf(&str, fmt, args2) < 0) {
-	str = NULL;
+        str = NULL;
     }
     va_end(args2);
 
     if (str && line) {
-	/* Try to add file and line suffix. */
-	slash = strrchr(file, '/');
-	if (slash)
-	    file = slash + 1;
-	if (asprintf(&str2, "%s (%s: %d)", str, file, line) > 0) {
-	    free(str);
-	    str = str2;
-	}
+        /* Try to add file and line suffix. */
+        slash = strrchr(file, '/');
+        if (slash)
+            file = slash + 1;
+        if (asprintf(&str2, "%s (%s: %d)", str, file, line) > 0) {
+            free(str);
+            str = str2;
+        }
     }
 
     /* If that failed, try using scratch_buf */
@@ -102,8 +103,8 @@ krb5int_vset_error_fl (struct errinfo *ep, long code,
 
     /* free old string before setting new one */
     if (ep->msg && ep->msg != ep->scratch_buf) {
-	krb5int_free_error (ep, ep->msg);
-	ep->msg = NULL;
+        krb5int_free_error (ep, ep->msg);
+        ep->msg = NULL;
     }
     ep->code = code;
     ep->msg = str ? str : ep->scratch_buf;
@@ -118,72 +119,72 @@ krb5int_get_error (struct errinfo *ep, long code)
 {
     const char *r, *r2;
     if (code == ep->code && ep->msg) {
-	r = strdup(ep->msg);
-	if (r == NULL) {
-	    strlcpy(ep->scratch_buf, _("Out of memory"),
-		    sizeof(ep->scratch_buf));
-	    r = ep->scratch_buf;
-	}
-	return r;
+        r = strdup(ep->msg);
+        if (r == NULL) {
+            strlcpy(ep->scratch_buf, _("Out of memory"),
+                    sizeof(ep->scratch_buf));
+            r = ep->scratch_buf;
+        }
+        return r;
     }
     if (initialize() != 0) {
-	strncpy(ep->scratch_buf, _("Kerberos library initialization failure"),
-		sizeof(ep->scratch_buf));
-	ep->scratch_buf[sizeof(ep->scratch_buf)-1] = 0;
-	ep->msg = NULL;
-	return ep->scratch_buf;
+        strncpy(ep->scratch_buf, _("Kerberos library initialization failure"),
+                sizeof(ep->scratch_buf));
+        ep->scratch_buf[sizeof(ep->scratch_buf)-1] = 0;
+        ep->msg = NULL;
+        return ep->scratch_buf;
     }
     if (lock())
-	goto no_fptr;
+        goto no_fptr;
     if (fptr == NULL) {
-	unlock();
+        unlock();
     no_fptr:
-	/* Theoretically, according to ISO C, strerror should be able
-	   to give us a message back for any int value.  However, on
-	   UNIX at least, the errno codes strerror will actually be
-	   useful for are positive, so a negative value here would be
-	   kind of weird.
-
-	   Coverity Prevent thinks we shouldn't be passing negative
-	   values to strerror, and it's not likely to be useful, so
-	   let's not do it.
-
-	   Besides, normally we shouldn't get here; fptr should take
-	   us to a callback function in the com_err library.  */
-	if (code < 0)
-	    goto format_number;
+        /* Theoretically, according to ISO C, strerror should be able
+           to give us a message back for any int value.  However, on
+           UNIX at least, the errno codes strerror will actually be
+           useful for are positive, so a negative value here would be
+           kind of weird.
+
+           Coverity Prevent thinks we shouldn't be passing negative
+           values to strerror, and it's not likely to be useful, so
+           let's not do it.
+
+           Besides, normally we shouldn't get here; fptr should take
+           us to a callback function in the com_err library.  */
+        if (code < 0)
+            goto format_number;
 #ifdef HAVE_STRERROR_R
-	if (strerror_r(code, ep->scratch_buf, sizeof(ep->scratch_buf)) == 0) {
-	    char *p = strdup(ep->scratch_buf);
-	    if (p)
-		return p;
-	    return ep->scratch_buf;
-	}
+        if (strerror_r(code, ep->scratch_buf, sizeof(ep->scratch_buf)) == 0) {
+            char *p = strdup(ep->scratch_buf);
+            if (p)
+                return p;
+            return ep->scratch_buf;
+        }
 #endif
-	r = strerror(code);
-	if (r) {
-	    strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf));
-	    return ep->scratch_buf;
-	}
+        r = strerror(code);
+        if (r) {
+            strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf));
+            return ep->scratch_buf;
+        }
     format_number:
-	snprintf (ep->scratch_buf, sizeof(ep->scratch_buf),
-		  _("error %ld"), code);
-	return ep->scratch_buf;
+        snprintf (ep->scratch_buf, sizeof(ep->scratch_buf),
+                  _("error %ld"), code);
+        return ep->scratch_buf;
     }
     r = fptr(code);
     if (r == NULL) {
-	unlock();
-	goto format_number;
+        unlock();
+        goto format_number;
     }
 
     r2 = strdup(r);
     if (r2 == NULL) {
-	strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf));
-	unlock();
-	return ep->scratch_buf;
+        strlcpy(ep->scratch_buf, r, sizeof(ep->scratch_buf));
+        unlock();
+        return ep->scratch_buf;
     } else {
-	unlock();
-	return r2;
+        unlock();
+        return r2;
     }
 }
 
@@ -191,7 +192,7 @@ void
 krb5int_free_error (struct errinfo *ep, const char *msg)
 {
     if (msg != ep->scratch_buf)
-	free ((char *) msg);
+        free ((char *) msg);
 }
 
 void
@@ -206,7 +207,7 @@ krb5int_set_error_info_callout_fn (const char *(KRB5_CALLCONV *f)(long))
 {
     initialize();
     if (lock() == 0) {
-	fptr = f;
-	unlock();
+        fptr = f;
+        unlock();
     }
 }
diff --git a/src/util/support/fake-addrinfo.c b/src/util/support/fake-addrinfo.c
index 5d90e72..64d84e5 100644
--- a/src/util/support/fake-addrinfo.c
+++ b/src/util/support/fake-addrinfo.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2001,2002,2003,2004,2005,2006 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
@@ -39,62 +40,66 @@
  * fashion that it might be confused with the original M.I.T. software.
  */
 
-/* Approach overview:
-
-   If a system version is available but buggy, save handles to it,
-   redefine the names to refer to static functions defined here, and
-   in those functions, call the system versions and fix up the
-   returned data.  Use the native data structures and flag values.
-
-   If no system version exists, use gethostby* and fake it.  Define
-   the data structures and flag values locally.
-
-
-   On Mac OS X, getaddrinfo results aren't cached (though
-   gethostbyname results are), so we need to build a cache here.  Now
-   things are getting really messy.  Because the cache is in use, we
-   use getservbyname, and throw away thread safety.  (Not that the
-   cache is thread safe, but when we get locking support, that'll be
-   dealt with.)  This code needs tearing down and rebuilding, soon.
-
-
-   Note that recent Windows developers' code has an interesting hack:
-   When you include the right header files, with the right set of
-   macros indicating system versions, you'll get an inline function
-   that looks for getaddrinfo (or whatever) in the system library, and
-   calls it if it's there.  If it's not there, it fakes it with
-   gethostby* calls.
-
-   We're taking a simpler approach: A system provides these routines or
-   it does not.
-
-   Someday, we may want to take into account different versions (say,
-   different revs of GNU libc) where some are broken in one way, and
-   some work or are broken in another way.  Cross that bridge when we
-   come to it.  */
-
-/* To do, maybe:
-
-   + For AIX 4.3.3, using the RFC 2133 definition: Implement
-     AI_NUMERICHOST.  It's not defined in the header file.
-
-     For certain (old?) versions of GNU libc, AI_NUMERICHOST is
-     defined but not implemented.
-
-   + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
-     functions if available.  But, see
-     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
-     gethostbyname2 problem on Linux.  And besides, if a platform is
-     supporting IPv6 at all, they really should be doing getaddrinfo
-     by now.
-
-   + inet_ntop, inet_pton
-
-   + Conditionally export/import the function definitions, so a
-     library can have a single copy instead of multiple.
+/*
+ * Approach overview:
+ *
+ * If a system version is available but buggy, save handles to it,
+ * redefine the names to refer to static functions defined here, and
+ * in those functions, call the system versions and fix up the
+ * returned data.  Use the native data structures and flag values.
+ *
+ * If no system version exists, use gethostby* and fake it.  Define
+ * the data structures and flag values locally.
+ *
+ *
+ * On Mac OS X, getaddrinfo results aren't cached (though
+ * gethostbyname results are), so we need to build a cache here.  Now
+ * things are getting really messy.  Because the cache is in use, we
+ * use getservbyname, and throw away thread safety.  (Not that the
+ * cache is thread safe, but when we get locking support, that'll be
+ * dealt with.)  This code needs tearing down and rebuilding, soon.
+ *
+ *
+ * Note that recent Windows developers' code has an interesting hack:
+ * When you include the right header files, with the right set of
+ * macros indicating system versions, you'll get an inline function
+ * that looks for getaddrinfo (or whatever) in the system library, and
+ * calls it if it's there.  If it's not there, it fakes it with
+ * gethostby* calls.
+ *
+ * We're taking a simpler approach: A system provides these routines or
+ * it does not.
+ *
+ * Someday, we may want to take into account different versions (say,
+ * different revs of GNU libc) where some are broken in one way, and
+ * some work or are broken in another way.  Cross that bridge when we
+ * come to it.
+ */
 
-   + Upgrade host requirements to include working implementations of
-     these functions, and throw all this away.  Pleeease?  :-)  */
+/*
+ * To do, maybe:
+ *
+ * + For AIX 4.3.3, using the RFC 2133 definition: Implement
+ *   AI_NUMERICHOST.  It's not defined in the header file.
+ *
+ *   For certain (old?) versions of GNU libc, AI_NUMERICHOST is
+ *   defined but not implemented.
+ *
+ * + Use gethostbyname2, inet_aton and other IPv6 or thread-safe
+ *   functions if available.  But, see
+ *   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=135182 for one
+ *   gethostbyname2 problem on Linux.  And besides, if a platform is
+ *   supporting IPv6 at all, they really should be doing getaddrinfo
+ *   by now.
+ *
+ * + inet_ntop, inet_pton
+ *
+ * + Conditionally export/import the function definitions, so a
+ *   library can have a single copy instead of multiple.
+ *
+ * + Upgrade host requirements to include working implementations of
+ *   these functions, and throw all this away.  Pleeease?  :-)
+ */
 
 #include "port-sockets.h"
 #include "socket-utils.h"
@@ -112,20 +117,20 @@
 /*@-incondefs@*/
 extern int
 getaddrinfo (/*@in@*/ /*@null@*/ const char *,
-	     /*@in@*/ /*@null@*/ const char *,
-	     /*@in@*/ /*@null@*/ const struct addrinfo *,
-	     /*@out@*/ struct addrinfo **)
+             /*@in@*/ /*@null@*/ const char *,
+             /*@in@*/ /*@null@*/ const struct addrinfo *,
+             /*@out@*/ struct addrinfo **)
     ;
 extern void
 freeaddrinfo (/*@only@*/ /*@out@*/ struct addrinfo *)
     ;
 extern int
 getnameinfo (const struct sockaddr *addr, socklen_t addrsz,
-	     /*@out@*/ /*@null@*/ char *h, socklen_t hsz,
-	     /*@out@*/ /*@null@*/ char *s, socklen_t ssz,
-	     int flags)
-    /*@requires (maxSet(h)+1) >= hsz /\ (maxSet(s)+1) >= ssz @*/
-    /* too hard: maxRead(addr) >= (addrsz-1) */
+             /*@out@*/ /*@null@*/ char *h, socklen_t hsz,
+             /*@out@*/ /*@null@*/ char *s, socklen_t ssz,
+             int flags)
+/*@requires (maxSet(h)+1) >= hsz /\ (maxSet(s)+1) >= ssz @*/
+/* too hard: maxRead(addr) >= (addrsz-1) */
     /*@modifies *h, *s@*/;
 extern /*@dependent@*/ char *gai_strerror (int code) /*@*/;
 /*@=incondefs@*/
@@ -162,8 +167,8 @@ extern /*@dependent@*/ char *gai_strerror (int code) /*@*/;
 #endif
 
 #ifdef NUMERIC_SERVICE_BROKEN
-# include <ctype.h>		/* isdigit */
-# include <stdlib.h>		/* strtoul */
+# include <ctype.h>             /* isdigit */
+# include <stdlib.h>            /* strtoul */
 #endif
 
 
@@ -172,9 +177,9 @@ extern /*@dependent@*/ char *gai_strerror (int code) /*@*/;
    gethostbyname_r?  */
 #if !defined(HAVE_GETHOSTBYNAME_R) || defined(THREADSAFE_GETHOSTBYNAME)
 typedef struct hostent *GET_HOST_TMP;
-#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP) \
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
     { TMP = gethostbyname (NAME); (ERR) = h_errno; (HP) = TMP; }
-#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP) \
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
     { TMP = gethostbyaddr ((ADDR), (ADDRLEN), (FAMILY)); (ERR) = h_errno; (HP) = TMP; }
 #else
 #ifdef _AIX /* XXX should have a feature test! */
@@ -182,24 +187,24 @@ typedef struct {
     struct hostent ent;
     struct hostent_data data;
 } GET_HOST_TMP;
-#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP) \
-    {								\
-	(HP) = (gethostbyname_r((NAME), &TMP.ent, &TMP.data)	\
-		? 0						\
-		: &TMP.ent);					\
-	(ERR) = h_errno;					\
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                    \
+    {                                                           \
+        (HP) = (gethostbyname_r((NAME), &TMP.ent, &TMP.data)    \
+                ? 0                                             \
+                : &TMP.ent);                                    \
+        (ERR) = h_errno;                                        \
     }
 /*
-#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
-    {									\
-	struct hostent my_h_ent;					\
-	struct hostent_data my_h_ent_data;				\
-	(HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent,	\
-				&my_h_ent_data)				\
-		? 0							\
-		: &my_h_ent);						\
-	(ERR) = my_h_err;						\
-    }
+  #define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR) \
+  {                                                                     \
+  struct hostent my_h_ent;                                      \
+  struct hostent_data my_h_ent_data;                            \
+  (HP) = (gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &my_h_ent,       \
+  &my_h_ent_data)                               \
+  ? 0                                                   \
+  : &my_h_ent);                                         \
+  (ERR) = my_h_err;                                             \
+  }
 */
 #else
 #ifdef GETHOSTBYNAME_R_RETURNS_INT
@@ -207,48 +212,48 @@ typedef struct {
     struct hostent ent;
     char buf[8192];
 } GET_HOST_TMP;
-#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP) \
-    {									\
-	struct hostent *my_hp = NULL;					\
-	int my_h_err, my_ret;						\
-	my_ret = gethostbyname_r((NAME), &TMP.ent,			\
-				 TMP.buf, sizeof (TMP.buf), &my_hp,	\
-				 &my_h_err);				\
-	(HP) = (((my_ret != 0) || (my_hp != &TMP.ent))			\
-		? 0							\
-		: &TMP.ent);						\
-	(ERR) = my_h_err;						\
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
+    {                                                                   \
+        struct hostent *my_hp = NULL;                                   \
+        int my_h_err, my_ret;                                           \
+        my_ret = gethostbyname_r((NAME), &TMP.ent,                      \
+                                 TMP.buf, sizeof (TMP.buf), &my_hp,     \
+                                 &my_h_err);                            \
+        (HP) = (((my_ret != 0) || (my_hp != &TMP.ent))                  \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_h_err;                                               \
     }
-#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP) \
-    {									\
-	struct hostent *my_hp;						\
-	int my_h_err, my_ret;						\
-	my_ret = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent,	\
-				 TMP.buf, sizeof (TMP.buf), &my_hp,	\
-				 &my_h_err);				\
-	(HP) = (((my_ret != 0) || (my_hp != &TMP.ent))			\
-		? 0							\
-		: &TMP.ent);						\
-	(ERR) = my_h_err;						\
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
+    {                                                                   \
+        struct hostent *my_hp;                                          \
+        int my_h_err, my_ret;                                           \
+        my_ret = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent, \
+                                 TMP.buf, sizeof (TMP.buf), &my_hp,     \
+                                 &my_h_err);                            \
+        (HP) = (((my_ret != 0) || (my_hp != &TMP.ent))                  \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_h_err;                                               \
     }
 #else
 typedef struct {
     struct hostent ent;
     char buf[8192];
 } GET_HOST_TMP;
-#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP) \
-    {									\
-	int my_h_err;							\
-	(HP) = gethostbyname_r((NAME), &TMP.ent,			\
-			       TMP.buf, sizeof (TMP.buf), &my_h_err);	\
-	(ERR) = my_h_err;						\
+#define GET_HOST_BY_NAME(NAME, HP, ERR, TMP)                            \
+    {                                                                   \
+        int my_h_err;                                                   \
+        (HP) = gethostbyname_r((NAME), &TMP.ent,                        \
+                               TMP.buf, sizeof (TMP.buf), &my_h_err);   \
+        (ERR) = my_h_err;                                               \
     }
-#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP) \
-    {									\
-	int my_h_err;							\
-	(HP) = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent,	\
-			       TMP.buf, sizeof (TMP.buf), &my_h_err);	\
-	(ERR) = my_h_err;						\
+#define GET_HOST_BY_ADDR(ADDR, ADDRLEN, FAMILY, HP, ERR, TMP)           \
+    {                                                                   \
+        int my_h_err;                                                   \
+        (HP) = gethostbyaddr_r((ADDR), (ADDRLEN), (FAMILY), &TMP.ent,   \
+                               TMP.buf, sizeof (TMP.buf), &my_h_err);   \
+        (ERR) = my_h_err;                                               \
     }
 #endif /* returns int? */
 #endif /* _AIX */
@@ -257,9 +262,9 @@ typedef struct {
 /* Now do the same for getservby* functions.  */
 #ifndef HAVE_GETSERVBYNAME_R
 typedef struct servent *GET_SERV_TMP;
-#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP) \
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)                     \
     (TMP = getservbyname (NAME, PROTO), (SP) = TMP, (ERR) = (SP) ? 0 : -1)
-#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP) \
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)                     \
     (TMP = getservbyport (PORT, PROTO), (SP) = TMP, (ERR) = (SP) ? 0 : -1)
 #else
 #ifdef GETSERVBYNAME_R_RETURNS_INT
@@ -267,27 +272,27 @@ typedef struct {
     struct servent ent;
     char buf[8192];
 } GET_SERV_TMP;
-#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP) \
-    {									\
-	struct servent *my_sp;						\
-	int my_s_err;							\
-	(SP) = (getservbyname_r((NAME), (PROTO), &TMP.ent,		\
-				TMP.buf, sizeof (TMP.buf), &my_sp,	\
-				&my_s_err)				\
-		? 0							\
-		: &TMP.ent);						\
-	(ERR) = my_s_err;						\
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)                     \
+    {                                                                   \
+        struct servent *my_sp;                                          \
+        int my_s_err;                                                   \
+        (SP) = (getservbyname_r((NAME), (PROTO), &TMP.ent,              \
+                                TMP.buf, sizeof (TMP.buf), &my_sp,      \
+                                &my_s_err)                              \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_s_err;                                               \
     }
-#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP) \
-    {									\
-	struct servent *my_sp;						\
-	int my_s_err;							\
-	(SP) = (getservbyport_r((PORT), (PROTO), &TMP.ent,		\
-				TMP.buf, sizeof (TMP.buf), &my_sp,	\
-				&my_s_err)				\
-		? 0							\
-		: &TMP.ent);						\
-	(ERR) = my_s_err;						\
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)                     \
+    {                                                                   \
+        struct servent *my_sp;                                          \
+        int my_s_err;                                                   \
+        (SP) = (getservbyport_r((PORT), (PROTO), &TMP.ent,              \
+                                TMP.buf, sizeof (TMP.buf), &my_sp,      \
+                                &my_s_err)                              \
+                ? 0                                                     \
+                : &TMP.ent);                                            \
+        (ERR) = my_s_err;                                               \
     }
 #else
 /* returns ptr -- IRIX? */
@@ -295,21 +300,21 @@ typedef struct {
     struct servent ent;
     char buf[8192];
 } GET_SERV_TMP;
-#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP) \
-    {									\
-	(SP) = getservbyname_r((NAME), (PROTO), &TMP.ent,		\
-			       TMP.buf, sizeof (TMP.buf));		\
-	(ERR) = (SP) == NULL;						\
+#define GET_SERV_BY_NAME(NAME, PROTO, SP, ERR, TMP)             \
+    {                                                           \
+        (SP) = getservbyname_r((NAME), (PROTO), &TMP.ent,       \
+                               TMP.buf, sizeof (TMP.buf));      \
+        (ERR) = (SP) == NULL;                                   \
     }
 
-#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP) \
-    {									\
-	struct servent *my_sp;						\
-	my_sp = getservbyport_r((PORT), (PROTO), &TMP.ent,		\
-				TMP.buf, sizeof (TMP.buf));		\
-	(SP) = my_sp;							\
-	(ERR) = my_sp == 0;						\
-	(ERR) = (ERR);	/* avoid "unused" warning */			\
+#define GET_SERV_BY_PORT(PORT, PROTO, SP, ERR, TMP)             \
+    {                                                           \
+        struct servent *my_sp;                                  \
+        my_sp = getservbyport_r((PORT), (PROTO), &TMP.ent,      \
+                                TMP.buf, sizeof (TMP.buf));     \
+        (SP) = my_sp;                                           \
+        (ERR) = my_sp == 0;                                     \
+        (ERR) = (ERR);  /* avoid "unused" warning */            \
     }
 #endif
 #endif
@@ -317,8 +322,8 @@ typedef struct {
 #if defined(WRAP_GETADDRINFO) || defined(FAI_CACHE)
 static inline int
 system_getaddrinfo (const char *name, const char *serv,
-		    const struct addrinfo *hint,
-		    struct addrinfo **res)
+                    const struct addrinfo *hint,
+                    struct addrinfo **res)
 {
     return getaddrinfo(name, serv, hint, res);
 }
@@ -336,8 +341,8 @@ system_freeaddrinfo (struct addrinfo *ai)
    but we don't have an autoconf test for that right now.  */
 static inline int
 system_getnameinfo (const struct sockaddr *sa, socklen_t salen,
-		    char *host, size_t hostlen, char *serv, size_t servlen,
-		    int flags)
+                    char *host, size_t hostlen, char *serv, size_t servlen,
+                    int flags)
 {
     return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
 }
@@ -346,16 +351,16 @@ system_getnameinfo (const struct sockaddr *sa, socklen_t salen,
 #if !defined (HAVE_GETADDRINFO) || defined(WRAP_GETADDRINFO) || defined(FAI_CACHE)
 
 #undef  getaddrinfo
-#define getaddrinfo	my_fake_getaddrinfo
+#define getaddrinfo     my_fake_getaddrinfo
 #undef  freeaddrinfo
-#define freeaddrinfo	my_fake_freeaddrinfo
+#define freeaddrinfo    my_fake_freeaddrinfo
 
 #endif
 
 #if !defined (HAVE_GETADDRINFO)
 
 #undef  gai_strerror
-#define gai_strerror	my_fake_gai_strerror
+#define gai_strerror    my_fake_gai_strerror
 
 #endif /* ! HAVE_GETADDRINFO */
 
@@ -400,8 +405,8 @@ static const char *socktypename (int t, char *buf, size_t bufsize) {
 static const char *familyname (int f, char *buf, size_t bufsize) {
     switch (f) {
     default:
-	snprintf(buf, bufsize, "AF %d", f);
-	return buf;
+        snprintf(buf, bufsize, "AF %d", f);
+        return buf;
     case AF_INET: return "AF_INET";
     case AF_INET6: return "AF_INET6";
 #ifdef AF_UNIX
@@ -411,35 +416,35 @@ static const char *familyname (int f, char *buf, size_t bufsize) {
 }
 
 static void debug_dump_getaddrinfo_args (const char *name, const char *serv,
-					 const struct addrinfo *hint)
+                                         const struct addrinfo *hint)
 {
     const char *sep;
     fprintf(stderr,
-	    "getaddrinfo(hostname %s, service %s,\n"
-	    "            hints { ",
-	    name ? name : "(null)", serv ? serv : "(null)");
+            "getaddrinfo(hostname %s, service %s,\n"
+            "            hints { ",
+            name ? name : "(null)", serv ? serv : "(null)");
     if (hint) {
-	char buf[30];
-	sep = "";
+        char buf[30];
+        sep = "";
 #define Z(FLAG) if (hint->ai_flags & AI_##FLAG) fprintf(stderr, "%s%s", sep, #FLAG), sep = "|"
-	Z(CANONNAME);
-	Z(PASSIVE);
+        Z(CANONNAME);
+        Z(PASSIVE);
 #ifdef AI_NUMERICHOST
-	Z(NUMERICHOST);
-#endif
-	if (sep[0] == 0)
-	    fprintf(stderr, "no-flags");
-	if (hint->ai_family)
-	    fprintf(stderr, " %s", familyname(hint->ai_family, buf,
-					      sizeof(buf)));
-	if (hint->ai_socktype)
-	    fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf,
-						     sizeof(buf)));
-	if (hint->ai_protocol)
-	    fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf,
-						     sizeof(buf)));
+        Z(NUMERICHOST);
+#endif
+        if (sep[0] == 0)
+            fprintf(stderr, "no-flags");
+        if (hint->ai_family)
+            fprintf(stderr, " %s", familyname(hint->ai_family, buf,
+                                              sizeof(buf)));
+        if (hint->ai_socktype)
+            fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf,
+                                                     sizeof(buf)));
+        if (hint->ai_protocol)
+            fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf,
+                                                     sizeof(buf)));
     } else
-	fprintf(stderr, "(null)");
+        fprintf(stderr, "(null)");
     fprintf(stderr, " }):\n");
 }
 
@@ -454,17 +459,17 @@ static void debug_dump_addrinfos (const struct addrinfo *ai)
     char buf[10];
     fprintf(stderr, "addrinfos returned:\n");
     while (ai) {
-	fprintf(stderr, "%p...", ai);
-	fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf,
-						     sizeof(buf)));
-	fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf,
-						    sizeof(buf)));
-	if (ai->ai_family != ai->ai_addr->sa_family)
-	    fprintf(stderr, " sa_family=%s",
-		    familyname(ai->ai_addr->sa_family, buf, sizeof(buf)));
-	fprintf(stderr, "\n");
-	ai = ai->ai_next;
-	count++;
+        fprintf(stderr, "%p...", ai);
+        fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf,
+                                                     sizeof(buf)));
+        fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf,
+                                                    sizeof(buf)));
+        if (ai->ai_family != ai->ai_addr->sa_family)
+            fprintf(stderr, " sa_family=%s",
+                    familyname(ai->ai_addr->sa_family, buf, sizeof(buf)));
+        fprintf(stderr, "\n");
+        ai = ai->ai_next;
+        count++;
     }
     fprintf(stderr, "end addrinfos returned (%d)\n");
 }
@@ -475,7 +480,7 @@ static void debug_dump_addrinfos (const struct addrinfo *ai)
 
 static
 int getaddrinfo (const char *name, const char *serv,
-		 const struct addrinfo *hint, struct addrinfo **result);
+                 const struct addrinfo *hint, struct addrinfo **result);
 
 static
 void freeaddrinfo (struct addrinfo *ai);
@@ -491,7 +496,7 @@ void freeaddrinfo (struct addrinfo *ai);
 #define HAVE_GETNAMEINFO 1
 
 #undef  getnameinfo
-#define getnameinfo	my_fake_getnameinfo
+#define getnameinfo     my_fake_getnameinfo
 
 static
 char *gai_strerror (int code);
@@ -501,9 +506,9 @@ char *gai_strerror (int code);
 #if !defined (HAVE_GETADDRINFO)
 static
 int getnameinfo (const struct sockaddr *addr, socklen_t len,
-		 char *host, socklen_t hostlen,
-		 char *service, socklen_t servicelen,
-		 int flags);
+                 char *host, socklen_t hostlen,
+                 char *service, socklen_t servicelen,
+                 int flags);
 #endif
 
 /* Fudge things on older gai implementations.  */
@@ -541,45 +546,45 @@ int getnameinfo (const struct sockaddr *addr, socklen_t len,
 static inline int translate_h_errno (int h);
 
 static inline int fai_add_entry (struct addrinfo **result, void *addr,
-				 int port, const struct addrinfo *template)
+                                 int port, const struct addrinfo *template)
 {
     struct addrinfo *n = malloc (sizeof (struct addrinfo));
     if (n == 0)
-	return EAI_MEMORY;
+        return EAI_MEMORY;
     if (template->ai_family != AF_INET
 #ifdef KRB5_USE_INET6
-	&& template->ai_family != AF_INET6
+        && template->ai_family != AF_INET6
 #endif
-	)
-	return EAI_FAMILY;
+    )
+        return EAI_FAMILY;
     *n = *template;
     if (template->ai_family == AF_INET) {
-	struct sockaddr_in *sin4;
-	sin4 = malloc (sizeof (struct sockaddr_in));
-	if (sin4 == 0)
-	    return EAI_MEMORY;
+        struct sockaddr_in *sin4;
+        sin4 = malloc (sizeof (struct sockaddr_in));
+        if (sin4 == 0)
+            return EAI_MEMORY;
         memset (sin4, 0, sizeof (struct sockaddr_in)); /* for sin_zero */
-	n->ai_addr = (struct sockaddr *) sin4;
-	sin4->sin_family = AF_INET;
-	sin4->sin_addr = *(struct in_addr *)addr;
-	sin4->sin_port = port;
+        n->ai_addr = (struct sockaddr *) sin4;
+        sin4->sin_family = AF_INET;
+        sin4->sin_addr = *(struct in_addr *)addr;
+        sin4->sin_port = port;
 #ifdef HAVE_SA_LEN
-	sin4->sin_len = sizeof (struct sockaddr_in);
+        sin4->sin_len = sizeof (struct sockaddr_in);
 #endif
     }
 #ifdef KRB5_USE_INET6
     if (template->ai_family == AF_INET6) {
-	struct sockaddr_in6 *sin6;
-	sin6 = malloc (sizeof (struct sockaddr_in6));
-	if (sin6 == 0)
-	    return EAI_MEMORY;
+        struct sockaddr_in6 *sin6;
+        sin6 = malloc (sizeof (struct sockaddr_in6));
+        if (sin6 == 0)
+            return EAI_MEMORY;
         memset (sin6, 0, sizeof (struct sockaddr_in6)); /* for sin_zero */
-	n->ai_addr = (struct sockaddr *) sin6;
-	sin6->sin6_family = AF_INET6;
-	sin6->sin6_addr = *(struct in6_addr *)addr;
-	sin6->sin6_port = port;
+        n->ai_addr = (struct sockaddr *) sin6;
+        sin6->sin6_family = AF_INET6;
+        sin6->sin6_addr = *(struct in6_addr *)addr;
+        sin6->sin6_port = port;
 #ifdef HAVE_SA_LEN
-	sin6->sin6_len = sizeof (struct sockaddr_in6);
+        sin6->sin6_len = sizeof (struct sockaddr_in6);
 #endif
     }
 #endif
@@ -590,21 +595,21 @@ static inline int fai_add_entry (struct addrinfo **result, void *addr,
 
 #ifdef FAI_CACHE
 /* fake addrinfo cache entries */
-#define CACHE_ENTRY_LIFETIME	15 /* seconds */
+#define CACHE_ENTRY_LIFETIME    15 /* seconds */
 
 static void plant_face (const char *name, struct face *entry)
 {
     entry->name = strdup(name);
     if (entry->name == NULL)
-	/* @@ Wastes memory.  */
-	return;
+        /* @@ Wastes memory.  */
+        return;
     k5_mutex_assert_locked(&krb5int_fac.lock);
     entry->next = krb5int_fac.data;
     entry->expiration = time(0) + CACHE_ENTRY_LIFETIME;
     krb5int_fac.data = entry;
 #ifdef DEBUG_ADDRINFO
     printf("added cache entry '%s' at %p: %d ipv4, %d ipv6; expire %d\n",
-	   name, entry, entry->naddrs4, entry->naddrs6, entry->expiration);
+           name, entry, entry->naddrs4, entry->naddrs6, entry->expiration);
 #endif
 }
 
@@ -620,38 +625,38 @@ static int find_face (const char *name, struct face **entry)
 #endif
     k5_mutex_assert_locked(&krb5int_fac.lock);
     for (fpp = &krb5int_fac.data; *fpp; ) {
-	fp = *fpp;
+        fp = *fpp;
 #ifdef DEBUG_ADDRINFO
-	printf("  checking expiration time of @%p: %d\n",
-	       fp, fp->expiration);
+        printf("  checking expiration time of @%p: %d\n",
+               fp, fp->expiration);
 #endif
-	if (fp->expiration < now) {
+        if (fp->expiration < now) {
 #ifdef DEBUG_ADDRINFO
-	    printf("\texpiring cache entry\n");
-#endif
-	    free(fp->name);
-	    free(fp->canonname);
-	    free(fp->addrs4);
-	    free(fp->addrs6);
-	    *fpp = fp->next;
-	    free(fp);
-	    /* Stay at this point in the list, and check again.  */
-	} else
-	    /* Move forward.  */
-	    fpp = &(*fpp)->next;
+            printf("\texpiring cache entry\n");
+#endif
+            free(fp->name);
+            free(fp->canonname);
+            free(fp->addrs4);
+            free(fp->addrs6);
+            *fpp = fp->next;
+            free(fp);
+            /* Stay at this point in the list, and check again.  */
+        } else
+            /* Move forward.  */
+            fpp = &(*fpp)->next;
     }
 
     for (fp = krb5int_fac.data; fp; fp = fp->next) {
 #ifdef DEBUG_ADDRINFO
-	printf("  comparing entry @%p\n", fp);
+        printf("  comparing entry @%p\n", fp);
 #endif
-	if (!strcasecmp(fp->name, name)) {
+        if (!strcasecmp(fp->name, name)) {
 #ifdef DEBUG_ADDRINFO
-	    printf("\tMATCH!\n");
+            printf("\tMATCH!\n");
 #endif
-	    *entry = fp;
-	    return 1;
-	}
+            *entry = fp;
+            return 1;
+        }
     }
     return 0;
 }
@@ -663,9 +668,9 @@ static int krb5int_lock_fac(void), krb5int_unlock_fac(void);
 #endif
 
 static inline int fai_add_hosts_by_name (const char *name,
-					 struct addrinfo *template,
-					 int portnum, int flags,
-					 struct addrinfo **result)
+                                         struct addrinfo *template,
+                                         int portnum, int flags,
+                                         struct addrinfo **result)
 {
 #ifdef FAI_CACHE
 
@@ -674,127 +679,127 @@ static inline int fai_add_hosts_by_name (const char *name,
 
     err = krb5int_lock_fac();
     if (err) {
-	errno = err;
-	return EAI_SYSTEM;
+        errno = err;
+        return EAI_SYSTEM;
     }
     if (!find_face(name, &ce)) {
-	struct addrinfo myhints = { 0 }, *ai, *ai2;
-	int i4, i6, aierr;
+        struct addrinfo myhints = { 0 }, *ai, *ai2;
+        int i4, i6, aierr;
 
 #ifdef DEBUG_ADDRINFO
-	printf("looking up new data for '%s'...\n", name);
-#endif
-	myhints.ai_socktype = SOCK_STREAM;
-	myhints.ai_flags = AI_CANONNAME;
-	/* Don't set ai_family -- we want to cache all address types,
-	   because the next lookup may not use the same constraints as
-	   the current one.  We *could* cache them separately, so that
-	   we never have to look up an IPv6 address if we are always
-	   asked for IPv4 only, but let's deal with that later, if we
-	   have to.  */
-	/* Try NULL for the service for now.
-
-	   It would be nice to use the requested service name, and not
-	   have to patch things up, but then we'd be doing multiple
-	   queries for the same host when we get different services.
-	   We were using "telnet" for a little more confidence that
-	   getaddrinfo would heed the hints to only give us stream
-	   socket types (with no socket type and null service name, we
-	   might get stream *and* dgram *and* raw, for each address,
-	   or only raw).  The RFC 3493 description of ai_socktype
-	   sometimes associates it with the specified service,
-	   sometimes not.
-
-	   But on Mac OS X (10.3, 10.4) they've "extended" getaddrinfo
-	   to make SRV RR queries.  (Please, somebody, show me
-	   something in the specs that actually supports this?  RFC
-	   3493 says nothing about it, but it does say getaddrinfo is
-	   the new way to look up hostnames.  RFC 2782 says SRV
-	   records should *not* be used unless the application
-	   protocol spec says to do so.  The Telnet spec does not say
-	   to do it.)  And then they complain when our code
-	   "unexpectedly" seems to use this "extension" in cases where
-	   they don't want it to be used.
-
-	   Fortunately, it appears that if we specify ai_socktype as
-	   SOCK_STREAM and use a null service name, we only get one
-	   copy of each address on all the platforms I've tried,
-	   although it may not have ai_socktype filled in properly.
-	   So, we'll fudge it with that for now.  */
-	aierr = system_getaddrinfo(name, NULL, &myhints, &ai);
-	if (aierr) {
-	    krb5int_unlock_fac();
-	    return aierr;
-	}
-	ce = malloc(sizeof(struct face));
-	memset(ce, 0, sizeof(*ce));
-	ce->expiration = time(0) + 30;
-	for (ai2 = ai; ai2; ai2 = ai2->ai_next) {
+        printf("looking up new data for '%s'...\n", name);
+#endif
+        myhints.ai_socktype = SOCK_STREAM;
+        myhints.ai_flags = AI_CANONNAME;
+        /* Don't set ai_family -- we want to cache all address types,
+           because the next lookup may not use the same constraints as
+           the current one.  We *could* cache them separately, so that
+           we never have to look up an IPv6 address if we are always
+           asked for IPv4 only, but let's deal with that later, if we
+           have to.  */
+        /* Try NULL for the service for now.
+
+           It would be nice to use the requested service name, and not
+           have to patch things up, but then we'd be doing multiple
+           queries for the same host when we get different services.
+           We were using "telnet" for a little more confidence that
+           getaddrinfo would heed the hints to only give us stream
+           socket types (with no socket type and null service name, we
+           might get stream *and* dgram *and* raw, for each address,
+           or only raw).  The RFC 3493 description of ai_socktype
+           sometimes associates it with the specified service,
+           sometimes not.
+
+           But on Mac OS X (10.3, 10.4) they've "extended" getaddrinfo
+           to make SRV RR queries.  (Please, somebody, show me
+           something in the specs that actually supports this?  RFC
+           3493 says nothing about it, but it does say getaddrinfo is
+           the new way to look up hostnames.  RFC 2782 says SRV
+           records should *not* be used unless the application
+           protocol spec says to do so.  The Telnet spec does not say
+           to do it.)  And then they complain when our code
+           "unexpectedly" seems to use this "extension" in cases where
+           they don't want it to be used.
+
+           Fortunately, it appears that if we specify ai_socktype as
+           SOCK_STREAM and use a null service name, we only get one
+           copy of each address on all the platforms I've tried,
+           although it may not have ai_socktype filled in properly.
+           So, we'll fudge it with that for now.  */
+        aierr = system_getaddrinfo(name, NULL, &myhints, &ai);
+        if (aierr) {
+            krb5int_unlock_fac();
+            return aierr;
+        }
+        ce = malloc(sizeof(struct face));
+        memset(ce, 0, sizeof(*ce));
+        ce->expiration = time(0) + 30;
+        for (ai2 = ai; ai2; ai2 = ai2->ai_next) {
 #ifdef DEBUG_ADDRINFO
-	    printf("  found an address in family %d...\n", ai2->ai_family);
-#endif
-	    switch (ai2->ai_family) {
-	    case AF_INET:
-		ce->naddrs4++;
-		break;
-	    case AF_INET6:
-		ce->naddrs6++;
-		break;
-	    default:
-		break;
-	    }
-	}
-	ce->addrs4 = calloc(ce->naddrs4, sizeof(*ce->addrs4));
-	if (ce->addrs4 == NULL && ce->naddrs4 != 0) {
-	    krb5int_unlock_fac();
-	    system_freeaddrinfo(ai);
-	    return EAI_MEMORY;
-	}
-	ce->addrs6 = calloc(ce->naddrs6, sizeof(*ce->addrs6));
-	if (ce->addrs6 == NULL && ce->naddrs6 != 0) {
-	    krb5int_unlock_fac();
-	    free(ce->addrs4);
-	    system_freeaddrinfo(ai);
-	    return EAI_MEMORY;
-	}
-	for (ai2 = ai, i4 = i6 = 0; ai2; ai2 = ai2->ai_next) {
-	    switch (ai2->ai_family) {
-	    case AF_INET:
-		ce->addrs4[i4++] = ((struct sockaddr_in *)ai2->ai_addr)->sin_addr;
-		break;
-	    case AF_INET6:
-		ce->addrs6[i6++] = ((struct sockaddr_in6 *)ai2->ai_addr)->sin6_addr;
-		break;
-	    default:
-		break;
-	    }
-	}
-	ce->canonname = ai->ai_canonname ? strdup(ai->ai_canonname) : 0;
-	system_freeaddrinfo(ai);
-	plant_face(name, ce);
+            printf("  found an address in family %d...\n", ai2->ai_family);
+#endif
+            switch (ai2->ai_family) {
+            case AF_INET:
+                ce->naddrs4++;
+                break;
+            case AF_INET6:
+                ce->naddrs6++;
+                break;
+            default:
+                break;
+            }
+        }
+        ce->addrs4 = calloc(ce->naddrs4, sizeof(*ce->addrs4));
+        if (ce->addrs4 == NULL && ce->naddrs4 != 0) {
+            krb5int_unlock_fac();
+            system_freeaddrinfo(ai);
+            return EAI_MEMORY;
+        }
+        ce->addrs6 = calloc(ce->naddrs6, sizeof(*ce->addrs6));
+        if (ce->addrs6 == NULL && ce->naddrs6 != 0) {
+            krb5int_unlock_fac();
+            free(ce->addrs4);
+            system_freeaddrinfo(ai);
+            return EAI_MEMORY;
+        }
+        for (ai2 = ai, i4 = i6 = 0; ai2; ai2 = ai2->ai_next) {
+            switch (ai2->ai_family) {
+            case AF_INET:
+                ce->addrs4[i4++] = ((struct sockaddr_in *)ai2->ai_addr)->sin_addr;
+                break;
+            case AF_INET6:
+                ce->addrs6[i6++] = ((struct sockaddr_in6 *)ai2->ai_addr)->sin6_addr;
+                break;
+            default:
+                break;
+            }
+        }
+        ce->canonname = ai->ai_canonname ? strdup(ai->ai_canonname) : 0;
+        system_freeaddrinfo(ai);
+        plant_face(name, ce);
     }
     template->ai_family = AF_INET6;
     template->ai_addrlen = sizeof(struct sockaddr_in6);
     for (i = 0; i < ce->naddrs6; i++) {
-	r = fai_add_entry (result, &ce->addrs6[i], portnum, template);
-	if (r) {
-	    krb5int_unlock_fac();
-	    return r;
-	}
+        r = fai_add_entry (result, &ce->addrs6[i], portnum, template);
+        if (r) {
+            krb5int_unlock_fac();
+            return r;
+        }
     }
     template->ai_family = AF_INET;
     template->ai_addrlen = sizeof(struct sockaddr_in);
     for (i = 0; i < ce->naddrs4; i++) {
-	r = fai_add_entry (result, &ce->addrs4[i], portnum, template);
-	if (r) {
-	    krb5int_unlock_fac();
-	    return r;
-	}
+        r = fai_add_entry (result, &ce->addrs4[i], portnum, template);
+        if (r) {
+            krb5int_unlock_fac();
+            return r;
+        }
     }
     if (*result && (flags & AI_CANONNAME))
-	(*result)->ai_canonname = (ce->canonname
-				   ? strdup(ce->canonname)
-				   : NULL);
+        (*result)->ai_canonname = (ce->canonname
+                                   ? strdup(ce->canonname)
+                                   : NULL);
     krb5int_unlock_fac();
     return 0;
 
@@ -807,14 +812,14 @@ static inline int fai_add_hosts_by_name (const char *name,
 
     GET_HOST_BY_NAME (name, hp, herr, htmp);
     if (hp == 0)
-	return translate_h_errno (herr);
+        return translate_h_errno (herr);
     for (i = 0; hp->h_addr_list[i]; i++) {
-	r = fai_add_entry (result, hp->h_addr_list[i], portnum, template);
-	if (r)
-	    return r;
+        r = fai_add_entry (result, hp->h_addr_list[i], portnum, template);
+        if (r)
+            return r;
     }
     if (*result && (flags & AI_CANONNAME))
-	(*result)->ai_canonname = strdup (hp->h_name);
+        (*result)->ai_canonname = strdup (hp->h_name);
     return 0;
 
 #endif
@@ -825,19 +830,19 @@ fake_freeaddrinfo (struct addrinfo *ai)
 {
     struct addrinfo *next;
     while (ai) {
-	next = ai->ai_next;
-	if (ai->ai_canonname)
-	  free (ai->ai_canonname);
-	if (ai->ai_addr)
-	  free (ai->ai_addr);
-	free (ai);
-	ai = next;
+        next = ai->ai_next;
+        if (ai->ai_canonname)
+            free (ai->ai_canonname);
+        if (ai->ai_addr)
+            free (ai->ai_addr);
+        free (ai);
+        ai = next;
     }
 }
 
 static inline int
 fake_getaddrinfo (const char *name, const char *serv,
-		  const struct addrinfo *hint, struct addrinfo **result)
+                  const struct addrinfo *hint, struct addrinfo **result)
 {
     struct addrinfo *res = 0;
     int ret;
@@ -850,49 +855,49 @@ fake_getaddrinfo (const char *name, const char *serv,
 #endif
 
     if (hint != 0) {
-	if (hint->ai_family != 0 && hint->ai_family != AF_INET)
-	    return EAI_NODATA;
-	socktype = hint->ai_socktype;
-	flags = hint->ai_flags;
+        if (hint->ai_family != 0 && hint->ai_family != AF_INET)
+            return EAI_NODATA;
+        socktype = hint->ai_socktype;
+        flags = hint->ai_flags;
     } else {
-	socktype = 0;
-	flags = 0;
+        socktype = 0;
+        flags = 0;
     }
 
     if (serv) {
-	size_t numlen = strspn (serv, "0123456789");
-	if (serv[numlen] == '\0') {
-	    /* pure numeric */
-	    unsigned long p = strtoul (serv, 0, 10);
-	    if (p == 0 || p > 65535)
-		return EAI_NONAME;
-	    port = htons (p);
-	} else {
-	    struct servent *sp;
-	    int try_dgram_too = 0, s_err;
-	    GET_SERV_TMP stmp;
-
-	    if (socktype == 0) {
-		try_dgram_too = 1;
-		socktype = SOCK_STREAM;
-	    }
-	try_service_lookup:
-	    GET_SERV_BY_NAME(serv, socktype == SOCK_STREAM ? "tcp" : "udp",
-			     sp, s_err, stmp);
-	    if (sp == 0) {
-		if (try_dgram_too) {
-		    socktype = SOCK_DGRAM;
-		    goto try_service_lookup;
-		}
-		return EAI_SERVICE;
-	    }
-	    port = sp->s_port;
-	}
+        size_t numlen = strspn (serv, "0123456789");
+        if (serv[numlen] == '\0') {
+            /* pure numeric */
+            unsigned long p = strtoul (serv, 0, 10);
+            if (p == 0 || p > 65535)
+                return EAI_NONAME;
+            port = htons (p);
+        } else {
+            struct servent *sp;
+            int try_dgram_too = 0, s_err;
+            GET_SERV_TMP stmp;
+
+            if (socktype == 0) {
+                try_dgram_too = 1;
+                socktype = SOCK_STREAM;
+            }
+        try_service_lookup:
+            GET_SERV_BY_NAME(serv, socktype == SOCK_STREAM ? "tcp" : "udp",
+                             sp, s_err, stmp);
+            if (sp == 0) {
+                if (try_dgram_too) {
+                    socktype = SOCK_DGRAM;
+                    goto try_service_lookup;
+                }
+                return EAI_SERVICE;
+            }
+            port = sp->s_port;
+        }
     }
 
     if (name == 0) {
-	name = (flags & AI_PASSIVE) ? "0.0.0.0" : "127.0.0.1";
-	flags |= AI_NUMERICHOST;
+        name = (flags & AI_PASSIVE) ? "0.0.0.0" : "127.0.0.1";
+        flags |= AI_NUMERICHOST;
     }
 
     template.ai_family = AF_INET;
@@ -907,29 +912,29 @@ fake_getaddrinfo (const char *name, const char *serv,
     /* If NUMERICHOST is set, parse a numeric address.
        If it's not set, don't accept such names.  */
     if (flags & AI_NUMERICHOST) {
-	struct in_addr addr4;
+        struct in_addr addr4;
 #if 0
-	ret = inet_aton (name, &addr4);
-	if (ret)
-	    return EAI_NONAME;
+        ret = inet_aton (name, &addr4);
+        if (ret)
+            return EAI_NONAME;
 #else
-	addr4.s_addr = inet_addr (name);
-	if (addr4.s_addr == 0xffffffff || addr4.s_addr == -1)
-	    /* 255.255.255.255 or parse error, both bad */
-	    return EAI_NONAME;
+        addr4.s_addr = inet_addr (name);
+        if (addr4.s_addr == 0xffffffff || addr4.s_addr == -1)
+            /* 255.255.255.255 or parse error, both bad */
+            return EAI_NONAME;
 #endif
-	ret = fai_add_entry (&res, &addr4, port, &template);
+        ret = fai_add_entry (&res, &addr4, port, &template);
     } else {
-	ret = fai_add_hosts_by_name (name, &template, port, flags,
-				     &res);
+        ret = fai_add_hosts_by_name (name, &template, port, flags,
+                                     &res);
     }
 
     if (ret && ret != NO_ADDRESS) {
-	fake_freeaddrinfo (res);
-	return ret;
+        fake_freeaddrinfo (res);
+        return ret;
     }
     if (res == 0)
-	return NO_ADDRESS;
+        return NO_ADDRESS;
     *result = res;
     return 0;
 }
@@ -937,9 +942,9 @@ fake_getaddrinfo (const char *name, const char *serv,
 #ifdef NEED_FAKE_GETNAMEINFO
 static inline int
 fake_getnameinfo (const struct sockaddr *sa, socklen_t len,
-		  char *host, socklen_t hostlen,
-		  char *service, socklen_t servicelen,
-		  int flags)
+                  char *host, socklen_t hostlen,
+                  char *service, socklen_t servicelen,
+                  int flags)
 {
     struct hostent *hp;
     const struct sockaddr_in *sinp;
@@ -947,83 +952,83 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len,
     size_t hlen, slen;
 
     if (sa->sa_family != AF_INET) {
-	return EAI_FAMILY;
+        return EAI_FAMILY;
     }
     sinp = (const struct sockaddr_in *) sa;
 
     hlen = hostlen;
     if (hostlen < 0 || hlen != hostlen) {
-	errno = EINVAL;
-	return EAI_SYSTEM;
+        errno = EINVAL;
+        return EAI_SYSTEM;
     }
     slen = servicelen;
     if (servicelen < 0 || slen != servicelen) {
-	errno = EINVAL;
-	return EAI_SYSTEM;
+        errno = EINVAL;
+        return EAI_SYSTEM;
     }
 
     if (host) {
-	if (flags & NI_NUMERICHOST) {
+        if (flags & NI_NUMERICHOST) {
 #if (defined(__GNUC__) && defined(__mips__)) || 1 /* thread safety always */
-	    /* The inet_ntoa call, passing a struct, fails on IRIX 6.5
-	       using gcc 2.95; we get back "0.0.0.0".  Since this in a
-	       configuration still important at Athena, here's the
-	       workaround, which also happens to be thread-safe....  */
-	    const unsigned char *uc;
-	    char tmpbuf[20];
-	numeric_host:
-	    uc = (const unsigned char *) &sinp->sin_addr;
-	    snprintf(tmpbuf, sizeof(tmpbuf), "%d.%d.%d.%d",
-		     uc[0], uc[1], uc[2], uc[3]);
-	    strncpy(host, tmpbuf, hlen);
+            /* The inet_ntoa call, passing a struct, fails on IRIX 6.5
+               using gcc 2.95; we get back "0.0.0.0".  Since this in a
+               configuration still important at Athena, here's the
+               workaround, which also happens to be thread-safe....  */
+            const unsigned char *uc;
+            char tmpbuf[20];
+        numeric_host:
+            uc = (const unsigned char *) &sinp->sin_addr;
+            snprintf(tmpbuf, sizeof(tmpbuf), "%d.%d.%d.%d",
+                     uc[0], uc[1], uc[2], uc[3]);
+            strncpy(host, tmpbuf, hlen);
 #else
-	    char *p;
-	numeric_host:
-	    p = inet_ntoa (sinp->sin_addr);
-	    strncpy (host, p, hlen);
-#endif
-	} else {
-	    int herr;
-	    GET_HOST_TMP htmp;
-
-	    GET_HOST_BY_ADDR((const char *) &sinp->sin_addr,
-			     sizeof (struct in_addr),
-			     sa->sa_family, hp, herr, htmp);
-	    if (hp == 0) {
-		if (herr == NO_ADDRESS && !(flags & NI_NAMEREQD)) /* ??? */
-		    goto numeric_host;
-		return translate_h_errno (herr);
-	    }
-	    /* According to the Open Group spec, getnameinfo can
-	       silently truncate, but must still return a
-	       null-terminated string.  */
-	    strncpy (host, hp->h_name, hlen);
-	}
-	host[hostlen-1] = 0;
+            char *p;
+        numeric_host:
+            p = inet_ntoa (sinp->sin_addr);
+            strncpy (host, p, hlen);
+#endif
+        } else {
+            int herr;
+            GET_HOST_TMP htmp;
+
+            GET_HOST_BY_ADDR((const char *) &sinp->sin_addr,
+                             sizeof (struct in_addr),
+                             sa->sa_family, hp, herr, htmp);
+            if (hp == 0) {
+                if (herr == NO_ADDRESS && !(flags & NI_NAMEREQD)) /* ??? */
+                    goto numeric_host;
+                return translate_h_errno (herr);
+            }
+            /* According to the Open Group spec, getnameinfo can
+               silently truncate, but must still return a
+               null-terminated string.  */
+            strncpy (host, hp->h_name, hlen);
+        }
+        host[hostlen-1] = 0;
     }
 
     if (service) {
-	if (flags & NI_NUMERICSERV) {
-	    char numbuf[10];
-	    int port;
-	numeric_service:
-	    port = ntohs (sinp->sin_port);
-	    if (port < 0 || port > 65535)
-		return EAI_FAIL;
-	    snprintf (numbuf, sizeof(numbuf), "%d", port);
-	    strncpy (service, numbuf, slen);
-	} else {
-	    int serr;
-	    GET_SERV_TMP stmp;
-
-	    GET_SERV_BY_PORT(sinp->sin_port,
-			     (flags & NI_DGRAM) ? "udp" : "tcp",
-			     sp, serr, stmp);
-	    if (sp == 0)
-		goto numeric_service;
-	    strncpy (service, sp->s_name, slen);
-	}
-	service[servicelen-1] = 0;
+        if (flags & NI_NUMERICSERV) {
+            char numbuf[10];
+            int port;
+        numeric_service:
+            port = ntohs (sinp->sin_port);
+            if (port < 0 || port > 65535)
+                return EAI_FAIL;
+            snprintf (numbuf, sizeof(numbuf), "%d", port);
+            strncpy (service, numbuf, slen);
+        } else {
+            int serr;
+            GET_SERV_TMP stmp;
+
+            GET_SERV_BY_PORT(sinp->sin_port,
+                             (flags & NI_DGRAM) ? "udp" : "tcp",
+                             sp, serr, stmp);
+            if (sp == 0)
+                goto numeric_service;
+            strncpy (service, sp->s_name, slen);
+        }
+        service[servicelen-1] = 0;
     }
 
     return 0;
@@ -1037,17 +1042,17 @@ char *gai_strerror (int code)
 {
     switch (code) {
     case EAI_ADDRFAMILY: return "address family for nodename not supported";
-    case EAI_AGAIN:	return "temporary failure in name resolution";
-    case EAI_BADFLAGS:	return "bad flags to getaddrinfo/getnameinfo";
-    case EAI_FAIL:	return "non-recoverable failure in name resolution";
-    case EAI_FAMILY:	return "ai_family not supported";
-    case EAI_MEMORY:	return "out of memory";
-    case EAI_NODATA:	return "no address associated with hostname";
-    case EAI_NONAME:	return "name does not exist";
-    case EAI_SERVICE:	return "service name not supported for specified socket type";
-    case EAI_SOCKTYPE:	return "ai_socktype not supported";
-    case EAI_SYSTEM:	return strerror (errno);
-    default:		return "bogus getaddrinfo error?";
+    case EAI_AGAIN:     return "temporary failure in name resolution";
+    case EAI_BADFLAGS:  return "bad flags to getaddrinfo/getnameinfo";
+    case EAI_FAIL:      return "non-recoverable failure in name resolution";
+    case EAI_FAMILY:    return "ai_family not supported";
+    case EAI_MEMORY:    return "out of memory";
+    case EAI_NODATA:    return "no address associated with hostname";
+    case EAI_NONAME:    return "name does not exist";
+    case EAI_SERVICE:   return "service name not supported for specified socket type";
+    case EAI_SOCKTYPE:  return "ai_socktype not supported";
+    case EAI_SYSTEM:    return strerror (errno);
+    default:            return "bogus getaddrinfo error?";
     }
 }
 #endif
@@ -1056,33 +1061,33 @@ static inline int translate_h_errno (int h)
 {
     switch (h) {
     case 0:
-	return 0;
+        return 0;
 #ifdef NETDB_INTERNAL
     case NETDB_INTERNAL:
-	if (errno == ENOMEM)
-	    return EAI_MEMORY;
-	return EAI_SYSTEM;
+        if (errno == ENOMEM)
+            return EAI_MEMORY;
+        return EAI_SYSTEM;
 #endif
     case HOST_NOT_FOUND:
-	return EAI_NONAME;
+        return EAI_NONAME;
     case TRY_AGAIN:
-	return EAI_AGAIN;
+        return EAI_AGAIN;
     case NO_RECOVERY:
-	return EAI_FAIL;
+        return EAI_FAIL;
     case NO_DATA:
 #if NO_DATA != NO_ADDRESS
     case NO_ADDRESS:
 #endif
-	return EAI_NODATA;
+        return EAI_NODATA;
     default:
-	return EAI_SYSTEM;
+        return EAI_SYSTEM;
     }
 }
 
 #if defined(HAVE_FAKE_GETADDRINFO) || defined(FAI_CACHE)
 static inline
 int getaddrinfo (const char *name, const char *serv,
-		 const struct addrinfo *hint, struct addrinfo **result)
+                 const struct addrinfo *hint, struct addrinfo **result)
 {
     return fake_getaddrinfo(name, serv, hint, result);
 }
@@ -1096,12 +1101,12 @@ void freeaddrinfo (struct addrinfo *ai)
 #ifdef NEED_FAKE_GETNAMEINFO
 static inline
 int getnameinfo (const struct sockaddr *sa, socklen_t len,
-		 char *host, socklen_t hostlen,
-		 char *service, socklen_t servicelen,
-		 int flags)
+                 char *host, socklen_t hostlen,
+                 char *service, socklen_t servicelen,
+                 int flags)
 {
     return fake_getnameinfo(sa, len, host, hostlen, service, servicelen,
-			    flags);
+                            flags);
 }
 #endif /* NEED_FAKE_GETNAMEINFO */
 #endif /* HAVE_FAKE_GETADDRINFO */
@@ -1113,7 +1118,7 @@ int getnameinfo (const struct sockaddr *sa, socklen_t len,
 static inline
 int
 getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
-	     struct addrinfo **result)
+             struct addrinfo **result)
 {
     int aierr;
 #if defined(_AIX) || defined(COPY_FIRST_CANONNAME)
@@ -1137,32 +1142,32 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
        code (for "host not found") is returned.  If the port maps to a
        known service for both udp and tcp, all is well.  */
     if (serv && serv[0] && isdigit(serv[0])) {
-	unsigned long lport;
-	char *end;
-	lport = strtoul(serv, &end, 10);
-	if (!*end) {
-	    if (lport > 65535)
-		return EAI_SOCKTYPE;
-	    service_is_numeric = 1;
-	    service_port = htons(lport);
+        unsigned long lport;
+        char *end;
+        lport = strtoul(serv, &end, 10);
+        if (!*end) {
+            if (lport > 65535)
+                return EAI_SOCKTYPE;
+            service_is_numeric = 1;
+            service_port = htons(lport);
 #ifdef AI_NUMERICSERV
-	    if (hint && hint->ai_flags & AI_NUMERICSERV)
-		serv = "9";
-	    else
-#endif
-		serv = "discard";	/* defined for both udp and tcp */
-	    if (hint)
-		socket_type = hint->ai_socktype;
-	}
+            if (hint && hint->ai_flags & AI_NUMERICSERV)
+                serv = "9";
+            else
+#endif
+                serv = "discard";       /* defined for both udp and tcp */
+            if (hint)
+                socket_type = hint->ai_socktype;
+        }
     }
 #endif
 
     aierr = system_getaddrinfo (name, serv, hint, result);
     if (aierr || *result == 0) {
 #ifdef DEBUG_ADDRINFO
-	debug_dump_error(aierr);
+        debug_dump_error(aierr);
 #endif
-	return aierr;
+        return aierr;
     }
 
     /* Linux libc version 6 prior to 2.3.4 is broken.
@@ -1221,87 +1226,87 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
      */
     ai = *result;
     if (ai->ai_canonname) {
-	struct hostent *hp;
-	const char *name2 = 0;
-	int i, herr;
-	GET_HOST_TMP htmp;
-
-	/*
-	 * Current versions of GET_HOST_BY_NAME will fail if the
-	 * target hostname has IPv6 addresses only.  Make sure it
-	 * fails fairly cleanly.
-	 */
-	GET_HOST_BY_NAME (name, hp, herr, htmp);
-	if (hp == 0) {
-	    /*
-	     * This case probably means it's an IPv6-only name.  If
-	     * ai_canonname is a numeric address, get rid of it.
-	     */
-	    if (ai->ai_canonname && strchr(ai->ai_canonname, ':'))
-		ai->ai_canonname = 0;
-	    name2 = ai->ai_canonname ? ai->ai_canonname : name;
-	} else {
-	    /* Sometimes gethostbyname will be directed to /etc/hosts
-	       first, and sometimes that file will have entries with
-	       the unqualified name first.  So take the first entry
-	       that looks like it could be a FQDN.  */
-	    for (i = 0; hp->h_aliases[i]; i++) {
-		if (strchr(hp->h_aliases[i], '.') != 0) {
-		    name2 = hp->h_aliases[i];
-		    break;
-		}
-	    }
-	    /* Give up, just use the first name (h_name ==
-	       h_aliases[0] on all systems I've seen).  */
-	    if (hp->h_aliases[i] == 0)
-		name2 = hp->h_name;
-	}
-
-	ai->ai_canonname = strdup(name2);
-	if (name2 != 0 && ai->ai_canonname == 0) {
-	    system_freeaddrinfo(ai);
-	    *result = 0;
+        struct hostent *hp;
+        const char *name2 = 0;
+        int i, herr;
+        GET_HOST_TMP htmp;
+
+        /*
+         * Current versions of GET_HOST_BY_NAME will fail if the
+         * target hostname has IPv6 addresses only.  Make sure it
+         * fails fairly cleanly.
+         */
+        GET_HOST_BY_NAME (name, hp, herr, htmp);
+        if (hp == 0) {
+            /*
+             * This case probably means it's an IPv6-only name.  If
+             * ai_canonname is a numeric address, get rid of it.
+             */
+            if (ai->ai_canonname && strchr(ai->ai_canonname, ':'))
+                ai->ai_canonname = 0;
+            name2 = ai->ai_canonname ? ai->ai_canonname : name;
+        } else {
+            /* Sometimes gethostbyname will be directed to /etc/hosts
+               first, and sometimes that file will have entries with
+               the unqualified name first.  So take the first entry
+               that looks like it could be a FQDN.  */
+            for (i = 0; hp->h_aliases[i]; i++) {
+                if (strchr(hp->h_aliases[i], '.') != 0) {
+                    name2 = hp->h_aliases[i];
+                    break;
+                }
+            }
+            /* Give up, just use the first name (h_name ==
+               h_aliases[0] on all systems I've seen).  */
+            if (hp->h_aliases[i] == 0)
+                name2 = hp->h_name;
+        }
+
+        ai->ai_canonname = strdup(name2);
+        if (name2 != 0 && ai->ai_canonname == 0) {
+            system_freeaddrinfo(ai);
+            *result = 0;
 #ifdef DEBUG_ADDRINFO
-	    debug_dump_error(EAI_MEMORY);
-#endif
-	    return EAI_MEMORY;
-	}
-	/* Zap the remaining ai_canonname fields glibc fills in, in
-	   case the application messes around with the list
-	   structure.  */
-	while ((ai = ai->ai_next) != NULL)
-	    ai->ai_canonname = 0;
+            debug_dump_error(EAI_MEMORY);
+#endif
+            return EAI_MEMORY;
+        }
+        /* Zap the remaining ai_canonname fields glibc fills in, in
+           case the application messes around with the list
+           structure.  */
+        while ((ai = ai->ai_next) != NULL)
+            ai->ai_canonname = 0;
     }
 #endif
 
 #ifdef NUMERIC_SERVICE_BROKEN
     if (service_port != 0) {
-	for (ai = *result; ai; ai = ai->ai_next) {
-	    if (socket_type != 0 && ai->ai_socktype == 0)
-		/* Is this check actually needed?  */
-		ai->ai_socktype = socket_type;
-	    switch (ai->ai_family) {
-	    case AF_INET:
-		((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port;
-		break;
-	    case AF_INET6:
-		((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port;
-		break;
-	    }
-	}
+        for (ai = *result; ai; ai = ai->ai_next) {
+            if (socket_type != 0 && ai->ai_socktype == 0)
+                /* Is this check actually needed?  */
+                ai->ai_socktype = socket_type;
+            switch (ai->ai_family) {
+            case AF_INET:
+                ((struct sockaddr_in *)ai->ai_addr)->sin_port = service_port;
+                break;
+            case AF_INET6:
+                ((struct sockaddr_in6 *)ai->ai_addr)->sin6_port = service_port;
+                break;
+            }
+        }
     }
 #endif
 
 #ifdef _AIX
     for (ai = *result; ai; ai = ai->ai_next) {
-	/* AIX 4.3.3 libc is broken.  It doesn't set the family or len
-	   fields of the sockaddr structures.  Usually, sa_family is
-	   zero, but I've seen it set to 1 in some cases also (maybe
-	   just leftover from previous contents of the memory
-	   block?).  So, always override what libc returned.  */
-	ai->ai_addr->sa_family = ai->ai_family;
+        /* AIX 4.3.3 libc is broken.  It doesn't set the family or len
+           fields of the sockaddr structures.  Usually, sa_family is
+           zero, but I've seen it set to 1 in some cases also (maybe
+           just leftover from previous contents of the memory
+           block?).  So, always override what libc returned.  */
+        ai->ai_addr->sa_family = ai->ai_family;
 #ifdef HAVE_SA_LEN /* always true on AIX, actually */
-	ai->ai_addr->sa_len = ai->ai_addrlen;
+        ai->ai_addr->sa_len = ai->ai_addrlen;
 #endif
     }
 #endif
@@ -1309,8 +1314,8 @@ getaddrinfo (const char *name, const char *serv, const struct addrinfo *hint,
     /* Not dealt with currently:
 
        - Some versions of GNU libc can lose some IPv4 addresses in
-	 certain cases when multiple IPv4 and IPv6 addresses are
-	 available.  */
+       certain cases when multiple IPv4 and IPv6 addresses are
+       available.  */
 
 #ifdef DEBUG_ADDRINFO
     debug_dump_addrinfos(*result);
@@ -1324,9 +1329,9 @@ void freeaddrinfo (struct addrinfo *ai)
 {
 #ifdef COPY_FIRST_CANONNAME
     if (ai) {
-      free(ai->ai_canonname);
-	ai->ai_canonname = 0;
-	system_freeaddrinfo(ai);
+        free(ai->ai_canonname);
+        ai->ai_canonname = 0;
+        system_freeaddrinfo(ai);
     }
 #else
     system_freeaddrinfo(ai);
@@ -1340,7 +1345,7 @@ static int krb5int_lock_fac (void)
     int err;
     err = krb5int_call_thread_support_init();
     if (err)
-	return err;
+        return err;
     return k5_mutex_lock(&krb5int_fac.lock);
 }
 
@@ -1361,8 +1366,8 @@ const char krb5int_in6addr_any = 0;
 #endif
 
 int krb5int_getaddrinfo (const char *node, const char *service,
-			 const struct addrinfo *hints,
-			 struct addrinfo **aip)
+                         const struct addrinfo *hints,
+                         struct addrinfo **aip)
 {
     return getaddrinfo(node, service, hints, aip);
 }
@@ -1378,9 +1383,9 @@ const char *krb5int_gai_strerror(int err)
 }
 
 int krb5int_getnameinfo (const struct sockaddr *sa, socklen_t salen,
-			 char *hbuf, size_t hbuflen,
-			 char *sbuf, size_t sbuflen,
-			 int flags)
+                         char *hbuf, size_t hbuflen,
+                         char *sbuf, size_t sbuflen,
+                         int flags)
 {
     return getnameinfo(sa, salen, hbuf, hbuflen, sbuf, sbuflen, flags);
 }
diff --git a/src/util/support/gmt_mktime.c b/src/util/support/gmt_mktime.c
index c6ec602..2047a8a 100644
--- a/src/util/support/gmt_mktime.c
+++ b/src/util/support/gmt_mktime.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /* This code placed in the public domain by Mark W. Eichin */
 
 #include <stdio.h>
@@ -22,108 +23,108 @@
 /* unlike mktime, this does not set them... it only passes a return value. */
 
 static const int days_in_month[12] = {
-0,				/* jan 31 */
-31,				/* feb 28 */
-59,				/* mar 31 */
-90,				/* apr 30 */
-120,				/* may 31 */
-151,				/* jun 30 */
-181,				/* jul 31 */
-212,				/* aug 31 */
-243,				/* sep 30 */
-273,				/* oct 31 */
-304,				/* nov 30 */
-334				/* dec 31 */
+    0,                              /* jan 31 */
+    31,                             /* feb 28 */
+    59,                             /* mar 31 */
+    90,                             /* apr 30 */
+    120,                            /* may 31 */
+    151,                            /* jun 30 */
+    181,                            /* jul 31 */
+    212,                            /* aug 31 */
+    243,                            /* sep 30 */
+    273,                            /* oct 31 */
+    304,                            /* nov 30 */
+    334                             /* dec 31 */
 };
 
 #define hasleapday(year) (year%400?(year%100?(year%4?0:1):0):1)
 
 time_t krb5int_gmt_mktime(struct tm *t)
 {
-  time_t accum;
+    time_t accum;
 
 #define assert_time(cnd) if(!(cnd)) return (time_t) -1
 
-  /*
-   * For 32-bit signed time_t centered on 1/1/1970, the range is:
-   * time 0x80000000 -> Fri Dec 13 16:45:52 1901
-   * time 0x7fffffff -> Mon Jan 18 22:14:07 2038
-   *
-   * So years 1901 and 2038 are allowable, but we can't encode all
-   * dates in those years, and we're not doing overflow/underflow
-   * checking for such cases.
-   */
-  assert_time(t->tm_year>=1);
-  assert_time(t->tm_year<=138);
-
-  assert_time(t->tm_mon>=0);
-  assert_time(t->tm_mon<=11);
-  assert_time(t->tm_mday>=1);
-  assert_time(t->tm_mday<=31);
-  assert_time(t->tm_hour>=0);
-  assert_time(t->tm_hour<=23);
-  assert_time(t->tm_min>=0);
-  assert_time(t->tm_min<=59);
-  assert_time(t->tm_sec>=0);
-  assert_time(t->tm_sec<=62);
+    /*
+     * For 32-bit signed time_t centered on 1/1/1970, the range is:
+     * time 0x80000000 -> Fri Dec 13 16:45:52 1901
+     * time 0x7fffffff -> Mon Jan 18 22:14:07 2038
+     *
+     * So years 1901 and 2038 are allowable, but we can't encode all
+     * dates in those years, and we're not doing overflow/underflow
+     * checking for such cases.
+     */
+    assert_time(t->tm_year>=1);
+    assert_time(t->tm_year<=138);
+
+    assert_time(t->tm_mon>=0);
+    assert_time(t->tm_mon<=11);
+    assert_time(t->tm_mday>=1);
+    assert_time(t->tm_mday<=31);
+    assert_time(t->tm_hour>=0);
+    assert_time(t->tm_hour<=23);
+    assert_time(t->tm_min>=0);
+    assert_time(t->tm_min<=59);
+    assert_time(t->tm_sec>=0);
+    assert_time(t->tm_sec<=62);
 
 #undef assert_time
 
 
-  accum = t->tm_year - 70;
-  accum *= 365;			/* 365 days/normal year */
-
-  /* add in leap day for all previous years */
-  if (t->tm_year >= 70)
-    accum += (t->tm_year - 69) / 4;
-  else
-    accum -= (72 - t->tm_year) / 4;
-  /* add in leap day for this year */
-  if(t->tm_mon >= 2)		/* march or later */
-    if(hasleapday((t->tm_year + 1900))) accum += 1;
-
-  accum += days_in_month[t->tm_mon];
-  accum += t->tm_mday-1;	/* days of month are the only 1-based field */
-  accum *= 24;			/* 24 hour/day */
-  accum += t->tm_hour;
-  accum *= 60;			/* 60 minute/hour */
-  accum += t->tm_min;
-  accum *= 60;			/* 60 seconds/minute */
-  accum += t->tm_sec;
-
-  return accum;
+    accum = t->tm_year - 70;
+    accum *= 365;                 /* 365 days/normal year */
+
+    /* add in leap day for all previous years */
+    if (t->tm_year >= 70)
+        accum += (t->tm_year - 69) / 4;
+    else
+        accum -= (72 - t->tm_year) / 4;
+    /* add in leap day for this year */
+    if(t->tm_mon >= 2)            /* march or later */
+        if(hasleapday((t->tm_year + 1900))) accum += 1;
+
+    accum += days_in_month[t->tm_mon];
+    accum += t->tm_mday-1;        /* days of month are the only 1-based field */
+    accum *= 24;                  /* 24 hour/day */
+    accum += t->tm_hour;
+    accum *= 60;                  /* 60 minute/hour */
+    accum += t->tm_min;
+    accum *= 60;                  /* 60 seconds/minute */
+    accum += t->tm_sec;
+
+    return accum;
 }
 
 #ifdef TEST_LEAP
 int
 main (int argc, char *argv[])
 {
-  int yr;
-  time_t t;
-  struct tm tm = {
-    .tm_mon = 0, .tm_mday = 1,
-    .tm_hour = 0, .tm_min = 0, .tm_sec = 0,
-  };
-  for (yr = 60; yr <= 104; yr++)
+    int yr;
+    time_t t;
+    struct tm tm = {
+        .tm_mon = 0, .tm_mday = 1,
+        .tm_hour = 0, .tm_min = 0, .tm_sec = 0,
+    };
+    for (yr = 60; yr <= 104; yr++)
     {
-      printf ("1/1/%d%c -> ", 1900 + yr, hasleapday((1900+yr)) ? '*' : ' ');
-      tm.tm_year = yr;
-      t = gmt_mktime (&tm);
-      if (t == (time_t) -1)
-	printf ("-1\n");
-      else
-	{
-	  long u;
-	  if (t % (24 * 60 * 60))
-	    printf ("(not integral multiple of days) ");
-	  u = t / (24 * 60 * 60);
-	  printf ("%3ld*365%+ld\t0x%08lx\n",
-		  (long) (u / 365), (long) (u % 365),
-		  (long) t);
-	}
+        printf ("1/1/%d%c -> ", 1900 + yr, hasleapday((1900+yr)) ? '*' : ' ');
+        tm.tm_year = yr;
+        t = gmt_mktime (&tm);
+        if (t == (time_t) -1)
+            printf ("-1\n");
+        else
+        {
+            long u;
+            if (t % (24 * 60 * 60))
+                printf ("(not integral multiple of days) ");
+            u = t / (24 * 60 * 60);
+            printf ("%3ld*365%+ld\t0x%08lx\n",
+                    (long) (u / 365), (long) (u % 365),
+                    (long) t);
+        }
     }
-  t = 0x80000000, printf ("time 0x%lx -> %s", t, ctime (&t));
-  t = 0x7fffffff, printf ("time 0x%lx -> %s", t, ctime (&t));
-  return 0;
+    t = 0x80000000, printf ("time 0x%lx -> %s", t, ctime (&t));
+    t = 0x7fffffff, printf ("time 0x%lx -> %s", t, ctime (&t));
+    return 0;
 }
 #endif
diff --git a/src/util/support/init-addrinfo.c b/src/util/support/init-addrinfo.c
index af87467..7822ce2 100644
--- a/src/util/support/init-addrinfo.c
+++ b/src/util/support/init-addrinfo.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * Copyright (C) 2004 by the Massachusetts Institute of Technology,
  * Cambridge, MA, USA.  All Rights Reserved.
diff --git a/src/util/support/ipc_stream.c b/src/util/support/ipc_stream.c
index 778d6f1..2cea709 100644
--- a/src/util/support/ipc_stream.c
+++ b/src/util/support/ipc_stream.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * $Header$
  *
@@ -53,7 +54,7 @@ static const struct k5_ipc_stream_s k5_ipc_stream_initializer = { NULL, 0, 0 };
 /* ------------------------------------------------------------------------ */
 
 static uint32_t krb5int_ipc_stream_reallocate (k5_ipc_stream io_stream,
-					       uint64_t      in_new_size)
+                                               uint64_t      in_new_size)
 {
     int32_t err = 0;
     uint64_t new_max_size = 0;
@@ -165,8 +166,8 @@ const char *krb5int_ipc_stream_data (k5_ipc_stream in_stream)
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read (k5_ipc_stream  io_stream,
-				  void         *io_data,
-				  uint64_t     in_size)
+                                  void         *io_data,
+                                  uint64_t     in_size)
 {
     int32_t err = 0;
 
@@ -197,8 +198,8 @@ uint32_t krb5int_ipc_stream_read (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write (k5_ipc_stream  io_stream,
-				   const void   *in_data,
-				   uint64_t     in_size)
+                                   const void   *in_data,
+                                   uint64_t     in_size)
 {
     int32_t err = 0;
 
@@ -238,7 +239,7 @@ void krb5int_ipc_stream_free_string (char *in_string)
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
-					 char         **out_string)
+                                         char         **out_string)
 {
     int32_t err = 0;
     uint32_t length = 0;
@@ -273,7 +274,7 @@ uint32_t krb5int_ipc_stream_read_string (k5_ipc_stream   io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
-					  const char    *in_string)
+                                          const char    *in_string)
 {
     int32_t err = 0;
     uint32_t length = 0;
@@ -301,7 +302,7 @@ uint32_t krb5int_ipc_stream_write_string (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
-					int32_t       *out_int32)
+                                        int32_t       *out_int32)
 {
     int32_t err = 0;
     int32_t int32 = 0;
@@ -323,7 +324,7 @@ uint32_t krb5int_ipc_stream_read_int32 (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
-					 int32_t       in_int32)
+                                         int32_t       in_int32)
 {
     int32_t err = 0;
     int32_t int32 = htonl (in_int32);
@@ -344,7 +345,7 @@ uint32_t krb5int_ipc_stream_write_int32 (k5_ipc_stream io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
-					 uint32_t      *out_uint32)
+                                         uint32_t      *out_uint32)
 {
     int32_t err = 0;
     uint32_t uint32 = 0;
@@ -366,7 +367,7 @@ uint32_t krb5int_ipc_stream_read_uint32 (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
-					  uint32_t      in_uint32)
+                                          uint32_t      in_uint32)
 {
     int32_t err = 0;
     int32_t uint32 = htonl (in_uint32);
@@ -387,7 +388,7 @@ uint32_t krb5int_ipc_stream_write_uint32 (k5_ipc_stream io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
-					int64_t       *out_int64)
+                                        int64_t       *out_int64)
 {
     int32_t err = 0;
     uint64_t int64 = 0;
@@ -409,7 +410,7 @@ uint32_t krb5int_ipc_stream_read_int64 (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
-					 int64_t     in_int64)
+                                         int64_t     in_int64)
 {
     int32_t err = 0;
     int64_t int64 = htonll (in_int64);
@@ -431,7 +432,7 @@ uint32_t krb5int_ipc_stream_write_int64 (k5_ipc_stream io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
-					 uint64_t     *out_uint64)
+                                         uint64_t     *out_uint64)
 {
     int32_t err = 0;
     uint64_t uint64 = 0;
@@ -453,7 +454,7 @@ uint32_t krb5int_ipc_stream_read_uint64 (k5_ipc_stream  io_stream,
 /* ------------------------------------------------------------------------ */
 
 uint32_t krb5int_ipc_stream_write_uint64 (k5_ipc_stream io_stream,
-					  uint64_t      in_uint64)
+                                          uint64_t      in_uint64)
 {
     int32_t err = 0;
     int64_t uint64 = htonll (in_uint64);
diff --git a/src/util/support/k5buf-int.h b/src/util/support/k5buf-int.h
index 6f2253e..616cee5 100644
--- a/src/util/support/k5buf-int.h
+++ b/src/util/support/k5buf-int.h
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 /*
  * k5buf-int.h
diff --git a/src/util/support/k5buf.c b/src/util/support/k5buf.c
index a994abf..799c9f9 100644
--- a/src/util/support/k5buf.c
+++ b/src/util/support/k5buf.c
@@ -1,5 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
-
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * k5buf.c
  *
@@ -34,15 +33,16 @@
 #include "k5buf-int.h"
 #include <assert.h>
 
-/* Structure invariants:
-
-   buftype is BUFTYPE_FIXED, BUFTYPE_DYNAMIC, or BUFTYPE_ERROR
-   if buftype is not BUFTYPE_ERROR:
-     space > 0
-     space <= floor(SIZE_MAX / 2) (to fit within ssize_t)
-     len < space
-     data[len] = '\0'
-*/
+/*
+ * Structure invariants:
+ *
+ * buftype is BUFTYPE_FIXED, BUFTYPE_DYNAMIC, or BUFTYPE_ERROR
+ * if buftype is not BUFTYPE_ERROR:
+ *   space > 0
+ *   space <= floor(SIZE_MAX / 2) (to fit within ssize_t)
+ *   len < space
+ *   data[len] = '\0'
+ */
 
 /* Make sure there is room for LEN more characters in BUF, in addition
    to the null terminator and what's already in there.  Return true on
@@ -71,7 +71,7 @@ static int ensure_space(struct k5buf *buf, size_t len)
     buf->space = new_space;
     return 1;
 
- error_exit:
+error_exit:
     if (buf->buftype == BUFTYPE_DYNAMIC) {
         free(buf->data);
         buf->data = NULL;
diff --git a/src/util/support/libkrb5support-fixed.exports b/src/util/support/libkrb5support-fixed.exports
index 3560ce6..40023e7 100644
--- a/src/util/support/libkrb5support-fixed.exports
+++ b/src/util/support/libkrb5support-fixed.exports
@@ -48,3 +48,4 @@ krb5int_utf8_to_ucs4
 krb5int_utf8_lentab
 krb5int_utf8_mintab
 krb5int_utf8_next
+krb5int_zap
diff --git a/src/util/support/mkstemp.c b/src/util/support/mkstemp.c
index b68aa4d..9ef586a 100644
--- a/src/util/support/mkstemp.c
+++ b/src/util/support/mkstemp.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 /*
  * Copyright (c) 1987, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c
index 8c7fb5f..fa7b36e 100644
--- a/src/util/support/plugins.c
+++ b/src/util/support/plugins.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/support/plugins.c
  *
@@ -269,7 +270,7 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
                 const char *e = dlerror();
                 Tprintf ("dlopen(%s): %s\n", filepath, e);
                 err = ENOENT; /* XXX */
-		krb5int_set_error (ep, err, "%s", e);
+                krb5int_set_error (ep, err, "%s", e);
             }
         }
 
@@ -322,7 +323,7 @@ krb5int_open_plugin (const char *filepath, struct plugin_file_handle **h, struct
 static long
 krb5int_get_plugin_sym (struct plugin_file_handle *h,
                         const char *csymname, int isfunc, void **ptr,
-			struct errinfo *ep)
+                        struct errinfo *ep)
 {
     long err = 0;
     void *sym = NULL;
@@ -330,13 +331,13 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
 #if USE_DLOPEN
     if (!err && !sym && (h->dlhandle != NULL)) {
         /* XXX Do we need to add a leading "_" to the symbol name on any
-        modern platforms?  */
+           modern platforms?  */
         sym = dlsym (h->dlhandle, csymname);
         if (sym == NULL) {
             const char *e = dlerror (); /* XXX copy and save away */
             Tprintf ("dlsym(%s): %s\n", csymname, e);
             err = ENOENT; /* XXX */
-	    krb5int_set_error(ep, err, "%s", e);
+            krb5int_set_error(ep, err, "%s", e);
         }
     }
 #endif
@@ -362,9 +363,9 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
                               (LPTSTR) &lpMsgBuf,
                               0, NULL )) {
 
-                 fprintf (stderr, "unable to get dll symbol, %s\n", (LPCTSTR)lpMsgBuf);
-                 LocalFree(lpMsgBuf);
-             }
+                fprintf (stderr, "unable to get dll symbol, %s\n", (LPCTSTR)lpMsgBuf);
+                LocalFree(lpMsgBuf);
+            }
         }
     }
 #endif
@@ -382,14 +383,14 @@ krb5int_get_plugin_sym (struct plugin_file_handle *h,
 
 long KRB5_CALLCONV
 krb5int_get_plugin_data (struct plugin_file_handle *h, const char *csymname,
-			 void **ptr, struct errinfo *ep)
+                         void **ptr, struct errinfo *ep)
 {
     return krb5int_get_plugin_sym (h, csymname, 0, ptr, ep);
 }
 
 long KRB5_CALLCONV
 krb5int_get_plugin_func (struct plugin_file_handle *h, const char *csymname,
-			 void (**ptr)(), struct errinfo *ep)
+                         void (**ptr)(), struct errinfo *ep)
 {
     void *dptr = NULL;
     long err = krb5int_get_plugin_sym (h, csymname, 1, &dptr, ep);
@@ -434,10 +435,10 @@ krb5int_close_plugin (struct plugin_file_handle *h)
 
 
 #ifdef HAVE_STRERROR_R
-#define ERRSTR(ERR, BUF) \
+#define ERRSTR(ERR, BUF)                                                \
     (strerror_r (ERR, BUF, sizeof(BUF)) == 0 ? BUF : strerror (ERR))
 #else
-#define ERRSTR(ERR, BUF) \
+#define ERRSTR(ERR, BUF)                        \
     (strerror (ERR))
 #endif
 
@@ -466,7 +467,7 @@ krb5int_plugin_file_handle_array_add (struct plugin_file_handle ***harray, size_
     } else {
         newharray[newcount - 1] = p;
         newharray[newcount] = NULL;
-	*count = newcount;
+        *count = newcount;
         *harray = newharray;
     }
 
@@ -531,11 +532,11 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
         size_t j;
         for (i = 0; !err && filebases[i]; i++) {
             for (j = 0; !err && fileexts[j]; j++) {
-		if (asprintf(&tempnames[(i*exts_count)+j], "%s%s",
+                if (asprintf(&tempnames[(i*exts_count)+j], "%s%s",
                              filebases[i], fileexts[j]) < 0) {
-		    tempnames[(i*exts_count)+j] = NULL;
-		    err = ENOMEM;
-		}
+                    tempnames[(i*exts_count)+j] = NULL;
+                    err = ENOMEM;
+                }
             }
         }
         tempnames[bases_count * exts_count] = NULL; /* NUL-terminate */
@@ -559,7 +560,7 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
 long KRB5_CALLCONV
 krb5int_open_plugin_dirs (const char * const *dirnames,
                           const char * const *filebases,
-			  struct plugin_dir_handle *dirhandle,
+                          struct plugin_dir_handle *dirhandle,
                           struct errinfo *ep)
 {
     long err = 0;
@@ -573,7 +574,7 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
     }
 
     if (!err && (filebases != NULL)) {
-	err = krb5int_get_plugin_filenames (filebases, &filenames);
+        err = krb5int_get_plugin_filenames (filebases, &filenames);
     }
 
     for (i = 0; !err && dirnames[i] != NULL; i++) {
@@ -583,26 +584,26 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
 
             for (j = 0; !err && filenames[j] != NULL; j++) {
                 struct plugin_file_handle *handle = NULL;
-		char *filepath = NULL;
+                char *filepath = NULL;
 
-		if (!err) {
-		    if (asprintf(&filepath, "%s/%s", dirnames[i], filenames[j]) < 0) {
-			filepath = NULL;
-			err = ENOMEM;
-		    }
-		}
+                if (!err) {
+                    if (asprintf(&filepath, "%s/%s", dirnames[i], filenames[j]) < 0) {
+                        filepath = NULL;
+                        err = ENOMEM;
+                    }
+                }
 
                 if (krb5int_open_plugin (filepath, &handle, ep) == 0) {
                     err = krb5int_plugin_file_handle_array_add (&h, &count, handle);
                     if (!err) { handle = NULL; }  /* h takes ownership */
                 }
 
-		if (filepath != NULL) { free (filepath); }
-		if (handle   != NULL) { krb5int_close_plugin (handle); }
+                if (filepath != NULL) { free (filepath); }
+                if (handle   != NULL) { krb5int_close_plugin (handle); }
             }
         } else {
             /* load all plugins in each directory */
-	    DIR *dir = opendir (dirnames[i]);
+            DIR *dir = opendir (dirnames[i]);
 
             while (dir != NULL && !err) {
                 struct dirent *d = NULL;
@@ -617,13 +618,13 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
                     continue;
                 }
 
-		if (!err) {
+                if (!err) {
                     int len = NAMELEN (d);
-		    if (asprintf(&filepath, "%s/%*s", dirnames[i], len, d->d_name) < 0) {
-			filepath = NULL;
-			err = ENOMEM;
-		    }
-		}
+                    if (asprintf(&filepath, "%s/%*s", dirnames[i], len, d->d_name) < 0) {
+                        filepath = NULL;
+                        err = ENOMEM;
+                    }
+                }
 
                 if (!err) {
                     if (krb5int_open_plugin (filepath, &handle, ep) == 0) {
@@ -677,9 +678,9 @@ krb5int_free_plugin_dir_data (void **ptrs)
 
 long KRB5_CALLCONV
 krb5int_get_plugin_dir_data (struct plugin_dir_handle *dirhandle,
-			     const char *symname,
-			     void ***ptrs,
-			     struct errinfo *ep)
+                             const char *symname,
+                             void ***ptrs,
+                             struct errinfo *ep)
 {
     long err = 0;
     void **p = NULL;
@@ -736,16 +737,16 @@ krb5int_free_plugin_dir_func (void (**ptrs)(void))
 
 long KRB5_CALLCONV
 krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle,
-			     const char *symname,
-			     void (***ptrs)(void),
-			     struct errinfo *ep)
+                             const char *symname,
+                             void (***ptrs)(void),
+                             struct errinfo *ep)
 {
     long err = 0;
     void (**p)() = NULL;
     size_t count = 0;
 
     /* XXX Do we need to add a leading "_" to the symbol name on any
-        modern platforms?  */
+       modern platforms?  */
 
     Tprintf("get_plugin_data_sym(%s)\n", symname);
 
diff --git a/src/util/support/printf.c b/src/util/support/printf.c
index 88552d2..b3cf46b 100644
--- a/src/util/support/printf.c
+++ b/src/util/support/printf.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * printf.c
  *
@@ -16,7 +17,7 @@
  * this permission notice appear in supporting documentation, and that
  * the name of M.I.T. not be used in advertising or publicity pertaining
  * to distribution of the software without specific, written prior
- * permission.	Furthermore if you modify this software you must label
+ * permission.  Furthermore if you modify this software you must label
  * your software as modified software and not distribute it in such a
  * fashion that it might be confused with the original M.I.T. software.
  * M.I.T. makes no representations about the suitability of
@@ -42,43 +43,43 @@ krb5int_vasprintf(char **ret, const char *format, va_list ap)
     int len2;
 
     while (1) {
-	if (len >= INT_MAX || len == 0)
-	    goto fail;
-	nstr = realloc(str, len);
-	if (nstr == NULL)
-	    goto fail;
-	str = nstr;
-	va_copy(ap2, ap);
-	len2 = vsnprintf(str, len, format, ap2);
-	va_end(ap2);
-	/* ISO C vsnprintf returns the needed length.  Some old
-	   vsnprintf implementations return -1 on truncation.  */
-	if (len2 < 0) {
-	    /* Don't know how much space we need, just that we didn't
-	       supply enough; get a bigger buffer and try again.  */
-	    if (len <= SIZE_MAX/2)
-		len *= 2;
-	    else if (len < SIZE_MAX)
-		len = SIZE_MAX;
-	    else
-		goto fail;
-	} else if ((unsigned int) len2 >= SIZE_MAX) {
-	    /* Need more space than we can request.  */
-	    goto fail;
-	} else if ((size_t) len2 >= len) {
-	    /* Need more space, but we know how much.  */
-	    len = (size_t) len2 + 1;
-	} else {
-	    /* Success!  */
-	    break;
-	}
+        if (len >= INT_MAX || len == 0)
+            goto fail;
+        nstr = realloc(str, len);
+        if (nstr == NULL)
+            goto fail;
+        str = nstr;
+        va_copy(ap2, ap);
+        len2 = vsnprintf(str, len, format, ap2);
+        va_end(ap2);
+        /* ISO C vsnprintf returns the needed length.  Some old
+           vsnprintf implementations return -1 on truncation.  */
+        if (len2 < 0) {
+            /* Don't know how much space we need, just that we didn't
+               supply enough; get a bigger buffer and try again.  */
+            if (len <= SIZE_MAX/2)
+                len *= 2;
+            else if (len < SIZE_MAX)
+                len = SIZE_MAX;
+            else
+                goto fail;
+        } else if ((unsigned int) len2 >= SIZE_MAX) {
+            /* Need more space than we can request.  */
+            goto fail;
+        } else if ((size_t) len2 >= len) {
+            /* Need more space, but we know how much.  */
+            len = (size_t) len2 + 1;
+        } else {
+            /* Success!  */
+            break;
+        }
     }
     /* We might've allocated more than we need, if we're still using
        the initial guess, or we got here by doubling.  */
     if ((size_t) len2 < len - 1) {
-	nstr = realloc(str, (size_t) len2 + 1);
-	if (nstr)
-	    str = nstr;
+        nstr = realloc(str, (size_t) len2 + 1);
+        if (nstr)
+            str = nstr;
     }
     *ret = str;
     return len2;
diff --git a/src/util/support/strlcpy.c b/src/util/support/strlcpy.c
index fd2c79b..a3abbfe 100644
--- a/src/util/support/strlcpy.c
+++ b/src/util/support/strlcpy.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 #include "k5-platform.h"
 
 /* Provide strlcpy and strlcat for platforms that don't have them. */
diff --git a/src/util/support/supp-int.h b/src/util/support/supp-int.h
index 8564100..cf8c288 100644
--- a/src/util/support/supp-int.h
+++ b/src/util/support/supp-int.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/support/supp-int.h
  *
diff --git a/src/util/support/t_k5buf.c b/src/util/support/t_k5buf.c
index b0ae280..a74ad85 100644
--- a/src/util/support/t_k5buf.c
+++ b/src/util/support/t_k5buf.c
@@ -1,4 +1,4 @@
-/* -*- mode: c; indent-tabs-mode: nil -*- */
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 
 /*
  * t_k5buf.c
diff --git a/src/util/support/t_unal.c b/src/util/support/t_unal.c
index d9a3cc4..6b2720b 100644
--- a/src/util/support/t_unal.c
+++ b/src/util/support/t_unal.c
@@ -1,11 +1,12 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 #undef NDEBUG
 #include <assert.h>
 #include "k5-platform.h"
 
 int main ()
 {
-     /* Test some low-level assumptions the Kerberos code depends
-        on.  */
+    /* Test some low-level assumptions the Kerberos code depends
+       on.  */
 
     union {
         UINT64_TYPE n64;
diff --git a/src/util/support/threads.c b/src/util/support/threads.c
index 12b5492..dddf6aa 100644
--- a/src/util/support/threads.c
+++ b/src/util/support/threads.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/support/threads.c
  *
@@ -55,7 +56,7 @@ int krb5int_pthread_loaded (void)
 static DWORD tls_idx;
 static CRITICAL_SECTION key_lock;
 struct tsd_block {
-  void *values[K5_KEY_MAX];
+    void *values[K5_KEY_MAX];
 };
 static void (*destructors[K5_KEY_MAX])(void *);
 static unsigned char destructors_set[K5_KEY_MAX];
@@ -69,17 +70,17 @@ void krb5int_thread_detach_hook (void)
 
     err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
     if (err)
-	return;
+        return;
 
     t = TlsGetValue(tls_idx);
     if (t == NULL)
-	return;
+        return;
     for (i = 0; i < K5_KEY_MAX; i++) {
-	if (destructors_set[i] && destructors[i] && t->values[i]) {
-	    void *v = t->values[i];
-	    t->values[i] = 0;
-	    (*destructors[i])(v);
-	}
+        if (destructors_set[i] && destructors[i] && t->values[i]) {
+            void *v = t->values[i];
+            t->values[i] = 0;
+            (*destructors[i])(v);
+        }
     }
 }
 
@@ -124,44 +125,44 @@ static volatile int flag_pthread_loaded = -1;
 static void loaded_test_aux(void)
 {
     if (flag_pthread_loaded == -1)
-	flag_pthread_loaded = 1;
+        flag_pthread_loaded = 1;
     else
-	/* Could we have been called twice?  */
-	flag_pthread_loaded = 0;
+        /* Could we have been called twice?  */
+        flag_pthread_loaded = 0;
 }
 static pthread_once_t loaded_test_once = PTHREAD_ONCE_INIT;
 int krb5int_pthread_loaded (void)
 {
     int x = flag_pthread_loaded;
     if (x != -1)
-	return x;
+        return x;
     if (&pthread_getspecific == 0
-	|| &pthread_setspecific == 0
-	|| &pthread_key_create == 0
-	|| &pthread_key_delete == 0
-	|| &pthread_once == 0
-	|| &pthread_mutex_lock == 0
-	|| &pthread_mutex_unlock == 0
-	|| &pthread_mutex_destroy == 0
-	|| &pthread_mutex_init == 0
-	|| &pthread_self == 0
-	|| &pthread_equal == 0
-	/* Any program that's really multithreaded will have to be
-	   able to create threads.  */
-	|| &pthread_create == 0
-	|| &pthread_join == 0
-	/* Okay, all the interesting functions -- or stubs for them --
-	   seem to be present.  If we call pthread_once, does it
-	   actually seem to cause the indicated function to get called
-	   exactly one time?  */
-	|| pthread_once(&loaded_test_once, loaded_test_aux) != 0
-	|| pthread_once(&loaded_test_once, loaded_test_aux) != 0
-	/* This catches cases where pthread_once does nothing, and
-	   never causes the function to get called.  That's a pretty
-	   clear violation of the POSIX spec, but hey, it happens.  */
-	|| flag_pthread_loaded < 0) {
-	flag_pthread_loaded = 0;
-	return 0;
+        || &pthread_setspecific == 0
+        || &pthread_key_create == 0
+        || &pthread_key_delete == 0
+        || &pthread_once == 0
+        || &pthread_mutex_lock == 0
+        || &pthread_mutex_unlock == 0
+        || &pthread_mutex_destroy == 0
+        || &pthread_mutex_init == 0
+        || &pthread_self == 0
+        || &pthread_equal == 0
+        /* Any program that's really multithreaded will have to be
+           able to create threads.  */
+        || &pthread_create == 0
+        || &pthread_join == 0
+        /* Okay, all the interesting functions -- or stubs for them --
+           seem to be present.  If we call pthread_once, does it
+           actually seem to cause the indicated function to get called
+           exactly one time?  */
+        || pthread_once(&loaded_test_once, loaded_test_aux) != 0
+        || pthread_once(&loaded_test_once, loaded_test_aux) != 0
+        /* This catches cases where pthread_once does nothing, and
+           never causes the function to get called.  That's a pretty
+           clear violation of the POSIX spec, but hey, it happens.  */
+        || flag_pthread_loaded < 0) {
+        flag_pthread_loaded = 0;
+        return 0;
     }
     /* If we wanted to be super-paranoid, we could try testing whether
        pthread_get/setspecific work, too.  I don't know -- so far --
@@ -169,13 +170,13 @@ int krb5int_pthread_loaded (void)
     return flag_pthread_loaded;
 }
 static struct tsd_block tsd_if_single;
-# define GET_NO_PTHREAD_TSD()	(&tsd_if_single)
+# define GET_NO_PTHREAD_TSD()   (&tsd_if_single)
 #else
 int krb5int_pthread_loaded (void)
 {
     return 1;
 }
-# define GET_NO_PTHREAD_TSD()	(abort(),(struct tsd_block *)0)
+# define GET_NO_PTHREAD_TSD()   (abort(),(struct tsd_block *)0)
 #endif
 
 static pthread_key_t key;
@@ -189,12 +190,12 @@ static void thread_termination (void *tptr)
         struct tsd_block *t = tptr;
 
         /* Make multiple passes in case, for example, a libkrb5 cleanup
-            function wants to print out an error message, which causes
-            com_err to allocate a thread-specific buffer, after we just
-            freed up the old one.
+           function wants to print out an error message, which causes
+           com_err to allocate a thread-specific buffer, after we just
+           freed up the old one.
 
-            Shouldn't actually happen, if we're careful, but check just in
-            case.  */
+           Shouldn't actually happen, if we're careful, but check just in
+           case.  */
 
         pass = 0;
         none_found = 0;
@@ -211,7 +212,7 @@ static void thread_termination (void *tptr)
         }
         free (t);
         err = k5_mutex_unlock(&key_lock);
-   }
+    }
 
     /* remove thread from global linked list */
 }
@@ -225,7 +226,7 @@ void *k5_getspecific (k5_key_t keynum)
 
     err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
     if (err)
-	return NULL;
+        return NULL;
 
     assert(keynum >= 0 && keynum < K5_KEY_MAX);
     assert(destructors_set[keynum] == 1);
@@ -241,14 +242,14 @@ void *k5_getspecific (k5_key_t keynum)
 #else /* POSIX */
 
     if (K5_PTHREADS_LOADED)
-	t = pthread_getspecific(key);
+        t = pthread_getspecific(key);
     else
-	t = GET_NO_PTHREAD_TSD();
+        t = GET_NO_PTHREAD_TSD();
 
 #endif
 
     if (t == NULL)
-	return NULL;
+        return NULL;
     return t->values[keynum];
 }
 
@@ -259,7 +260,7 @@ int k5_setspecific (k5_key_t keynum, void *value)
 
     err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
     if (err)
-	return err;
+        return err;
 
     assert(keynum >= 0 && keynum < K5_KEY_MAX);
     assert(destructors_set[keynum] == 1);
@@ -272,42 +273,42 @@ int k5_setspecific (k5_key_t keynum, void *value)
 
     t = TlsGetValue(tls_idx);
     if (t == NULL) {
-	int i;
-	t = malloc(sizeof(*t));
-	if (t == NULL)
-	    return ENOMEM;
-	for (i = 0; i < K5_KEY_MAX; i++)
-	    t->values[i] = 0;
-	/* add to global linked list */
-	/*	t->next = 0; */
-	err = TlsSetValue(tls_idx, t);
-	if (!err) {
-	    free(t);
-	    return GetLastError();
-	}
+        int i;
+        t = malloc(sizeof(*t));
+        if (t == NULL)
+            return ENOMEM;
+        for (i = 0; i < K5_KEY_MAX; i++)
+            t->values[i] = 0;
+        /* add to global linked list */
+        /*      t->next = 0; */
+        err = TlsSetValue(tls_idx, t);
+        if (!err) {
+            free(t);
+            return GetLastError();
+        }
     }
 
 #else /* POSIX */
 
     if (K5_PTHREADS_LOADED) {
-	t = pthread_getspecific(key);
-	if (t == NULL) {
-	    int i;
-	    t = malloc(sizeof(*t));
-	    if (t == NULL)
-		return ENOMEM;
-	    for (i = 0; i < K5_KEY_MAX; i++)
-		t->values[i] = 0;
-	    /* add to global linked list */
-	    t->next = 0;
-	    err = pthread_setspecific(key, t);
-	    if (err) {
-		free(t);
-		return err;
-	    }
-	}
+        t = pthread_getspecific(key);
+        if (t == NULL) {
+            int i;
+            t = malloc(sizeof(*t));
+            if (t == NULL)
+                return ENOMEM;
+            for (i = 0; i < K5_KEY_MAX; i++)
+                t->values[i] = 0;
+            /* add to global linked list */
+            t->next = 0;
+            err = pthread_setspecific(key, t);
+            if (err) {
+                free(t);
+                return err;
+            }
+        }
     } else {
-	t = GET_NO_PTHREAD_TSD();
+        t = GET_NO_PTHREAD_TSD();
     }
 
 #endif
@@ -322,7 +323,7 @@ int k5_key_register (k5_key_t keynum, void (*destructor)(void *))
 
     err = CALL_INIT_FUNCTION(krb5int_thread_support_init);
     if (err)
-	return err;
+        return err;
 
     assert(keynum >= 0 && keynum < K5_KEY_MAX);
 
@@ -347,10 +348,10 @@ int k5_key_register (k5_key_t keynum, void (*destructor)(void *))
 
     err = k5_mutex_lock(&key_lock);
     if (err == 0) {
-	assert(destructors_set[keynum] == 0);
-	destructors_set[keynum] = 1;
-	destructors[keynum] = destructor;
-	err = k5_mutex_unlock(&key_lock);
+        assert(destructors_set[keynum] == 0);
+        destructors_set[keynum] = 1;
+        destructors[keynum] = destructor;
+        err = k5_mutex_unlock(&key_lock);
     }
 
 #endif
@@ -365,7 +366,7 @@ int k5_key_delete (k5_key_t keynum)
 
     assert(destructors_set[keynum] == 1);
     if (destructors[keynum] && tsd_no_threads.values[keynum])
-	(*destructors[keynum])(tsd_no_threads.values[keynum]);
+        (*destructors[keynum])(tsd_no_threads.values[keynum]);
     destructors[keynum] = 0;
     tsd_no_threads.values[keynum] = 0;
     destructors_set[keynum] = 0;
@@ -385,19 +386,19 @@ int k5_key_delete (k5_key_t keynum)
 #else /* POSIX */
 
     {
-	int err;
+        int err;
 
-	/* XXX RESOURCE LEAK:
+        /* XXX RESOURCE LEAK:
 
-	   Need to destroy the allocated objects first!  */
+           Need to destroy the allocated objects first!  */
 
-	err = k5_mutex_lock(&key_lock);
-	if (err == 0) {
-	    assert(destructors_set[keynum] == 1);
-	    destructors_set[keynum] = 0;
-	    destructors[keynum] = NULL;
-	    k5_mutex_unlock(&key_lock);
-	}
+        err = k5_mutex_lock(&key_lock);
+        if (err == 0) {
+            assert(destructors_set[keynum] == 1);
+            destructors_set[keynum] = 0;
+            destructors[keynum] = NULL;
+            k5_mutex_unlock(&key_lock);
+        }
     }
 
 #endif
@@ -434,22 +435,22 @@ int krb5int_thread_support_init (void)
 
     err = k5_mutex_finish_init(&key_lock);
     if (err)
-	return err;
+        return err;
     if (K5_PTHREADS_LOADED) {
-	err = pthread_key_create(&key, thread_termination);
-	if (err)
-	    return err;
+        err = pthread_key_create(&key, thread_termination);
+        if (err)
+            return err;
     }
 
 #endif
 
     err = krb5int_init_fac();
     if (err)
-	return err;
+        return err;
 
     err = krb5int_err_init();
     if (err)
-	return err;
+        return err;
 
     return 0;
 }
@@ -457,7 +458,7 @@ int krb5int_thread_support_init (void)
 void krb5int_thread_support_fini (void)
 {
     if (! INITIALIZER_RAN (krb5int_thread_support_init))
-	return;
+        return;
 
 #ifdef SHOW_INITFINI_FUNCS
     printf("krb5int_thread_support_fini\n");
@@ -476,9 +477,9 @@ void krb5int_thread_support_fini (void)
 #else /* POSIX */
 
     if (! INITIALIZER_RAN(krb5int_thread_support_init))
-	return;
+        return;
     if (K5_PTHREADS_LOADED)
-	pthread_key_delete(key);
+        pthread_key_delete(key);
     /* ... delete stuff ... */
     k5_mutex_destroy(&key_lock);
 
@@ -497,11 +498,11 @@ krb5int_mutex_alloc (k5_mutex_t **m)
 
     ptr = malloc (sizeof (k5_mutex_t));
     if (ptr == NULL)
-	return ENOMEM;
+        return ENOMEM;
     err = k5_mutex_init (ptr);
     if (err) {
-	free (ptr);
-	return err;
+        free (ptr);
+        return err;
     }
     *m = ptr;
     return 0;
diff --git a/src/util/support/utf8.c b/src/util/support/utf8.c
index 3d90213..dcaa4cb 100644
--- a/src/util/support/utf8.c
+++ b/src/util/support/utf8.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/support/utf8.c
  *
@@ -60,7 +61,7 @@ size_t krb5int_utf8_bytes(const char *p)
     size_t bytes;
 
     for (bytes = 0; p[bytes]; bytes++)
-	;
+        ;
 
     return bytes;
 }
@@ -71,7 +72,7 @@ size_t krb5int_utf8_chars(const char *p)
     size_t chars = 0;
 
     for ( ; *p ; KRB5_UTF8_INCR(p))
-	chars++;
+        chars++;
 
     return chars;
 }
@@ -83,7 +84,7 @@ size_t krb5int_utf8c_chars(const char *p, size_t length)
     const char *end = p + length;
 
     for ( ; p < end; KRB5_UTF8_INCR(p))
-	chars++;
+        chars++;
 
     return chars;
 }
@@ -110,7 +111,7 @@ const char krb5int_utf8_lentab[] = {
 int krb5int_utf8_charlen(const char *p)
 {
     if (!(*p & 0x80))
-	return 1;
+        return 1;
 
     return krb5int_utf8_lentab[*(const unsigned char *)p ^ 0x80];
 }
@@ -152,8 +153,8 @@ int krb5int_utf8_charlen2(const char *p)
     int i = KRB5_UTF8_CHARLEN(p);
 
     if (i > 2) {
-	if (!(krb5int_utf8_mintab[*p & 0x1f] & p[1]))
-	    i = 0;
+        if (!(krb5int_utf8_mintab[*p & 0x1f] & p[1]))
+            i = 0;
     }
 
     return i;
@@ -169,22 +170,22 @@ int krb5int_utf8_to_ucs4(const char *p, krb5_ucs4 *out)
     krb5_ucs4 ch;
     int len, i;
     static unsigned char mask[] = {
-	0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
+        0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
 
     *out = 0;
     len = KRB5_UTF8_CHARLEN2(p, len);
 
     if (len == 0)
-	return -1;
+        return -1;
 
     ch = c[0] & mask[len];
 
     for (i = 1; i < len; i++) {
-	if ((c[i] & 0xc0) != 0x80)
-	    return -1;
+        if ((c[i] & 0xc0) != 0x80)
+            return -1;
 
-	ch <<= 6;
-	ch |= c[i] & 0x3f;
+        ch <<= 6;
+        ch |= c[i] & 0x3f;
     }
 
     *out = ch;
@@ -197,7 +198,7 @@ int krb5int_utf8_to_ucs2(const char *p, krb5_ucs2 *out)
 
     *out = 0;
     if (krb5int_utf8_to_ucs4(p, &ch) == -1 || ch > 0xFFFF)
-	return -1;
+        return -1;
     *out = (krb5_ucs2) ch;
     return 0;
 }
@@ -210,45 +211,45 @@ size_t krb5int_ucs4_to_utf8(krb5_ucs4 c, char *buf)
 
     /* not a valid Unicode character */
     if (c < 0)
-	return 0;
+        return 0;
 
     /* Just return length, don't convert */
     if (buf == NULL) {
-	if (c < 0x80) return 1;
-	else if (c < 0x800) return 2;
-	else if (c < 0x10000) return 3;
-	else if (c < 0x200000) return 4;
-	else if (c < 0x4000000) return 5;
-	else return 6;
+        if (c < 0x80) return 1;
+        else if (c < 0x800) return 2;
+        else if (c < 0x10000) return 3;
+        else if (c < 0x200000) return 4;
+        else if (c < 0x4000000) return 5;
+        else return 6;
     }
 
     if (c < 0x80) {
-	p[len++] = c;
+        p[len++] = c;
     } else if (c < 0x800) {
-	p[len++] = 0xc0 | ( c >> 6 );
-	p[len++] = 0x80 | ( c & 0x3f );
+        p[len++] = 0xc0 | ( c >> 6 );
+        p[len++] = 0x80 | ( c & 0x3f );
     } else if (c < 0x10000) {
-	p[len++] = 0xe0 | ( c >> 12 );
-	p[len++] = 0x80 | ( (c >> 6) & 0x3f );
-	p[len++] = 0x80 | ( c & 0x3f );
+        p[len++] = 0xe0 | ( c >> 12 );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
     } else if (c < 0x200000) {
-	p[len++] = 0xf0 | ( c >> 18 );
-	p[len++] = 0x80 | ( (c >> 12) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 6) & 0x3f );
-	p[len++] = 0x80 | ( c & 0x3f );
+        p[len++] = 0xf0 | ( c >> 18 );
+        p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
     } else if (c < 0x4000000) {
-	p[len++] = 0xf8 | ( c >> 24 );
-	p[len++] = 0x80 | ( (c >> 18) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 12) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 6) & 0x3f );
-	p[len++] = 0x80 | ( c & 0x3f );
+        p[len++] = 0xf8 | ( c >> 24 );
+        p[len++] = 0x80 | ( (c >> 18) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
     } else /* if( c < 0x80000000 ) */ {
-	p[len++] = 0xfc | ( c >> 30 );
-	p[len++] = 0x80 | ( (c >> 24) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 18) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 12) & 0x3f );
-	p[len++] = 0x80 | ( (c >> 6) & 0x3f );
-	p[len++] = 0x80 | ( c & 0x3f );
+        p[len++] = 0xfc | ( c >> 30 );
+        p[len++] = 0x80 | ( (c >> 24) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 18) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 12) & 0x3f );
+        p[len++] = 0x80 | ( (c >> 6) & 0x3f );
+        p[len++] = 0x80 | ( c & 0x3f );
     }
 
     return len;
@@ -259,9 +260,9 @@ size_t krb5int_ucs2_to_utf8(krb5_ucs2 c, char *buf)
     return krb5int_ucs4_to_utf8((krb5_ucs4)c, buf);
 }
 
-#define KRB5_UCS_UTF8LEN(c)	\
-    c < 0 ? 0 : (c < 0x80 ? 1 : (c < 0x800 ? 2 : (c < 0x10000 ? 3 : \
-    (c < 0x200000 ? 4 : (c < 0x4000000 ? 5 : 6)))))
+#define KRB5_UCS_UTF8LEN(c)                                             \
+    c < 0 ? 0 : (c < 0x80 ? 1 : (c < 0x800 ? 2 : (c < 0x10000 ? 3 :     \
+                                                  (c < 0x200000 ? 4 : (c < 0x4000000 ? 5 : 6)))))
 
 /*
  * Advance to the next UTF-8 character
@@ -278,13 +279,13 @@ char *krb5int_utf8_next(const char *p)
     const unsigned char *u = (const unsigned char *) p;
 
     if (KRB5_UTF8_ISASCII(u)) {
-	return (char *) &p[1];
+        return (char *) &p[1];
     }
 
     for (i = 1; i < 6; i++) {
-	if ((u[i] & 0xc0) != 0x80) {
-	    return (char *) &p[i];
-	}
+        if ((u[i] & 0xc0) != 0x80) {
+            return (char *) &p[i];
+        }
     }
 
     return (char *) &p[i];
@@ -305,9 +306,9 @@ char *krb5int_utf8_prev(const char *p)
     const unsigned char *u = (const unsigned char *) p;
 
     for (i = -1; i>-6 ; i--) {
-	if ((u[i] & 0xc0 ) != 0x80) {
-	    return (char *) &p[i];
-	}
+        if ((u[i] & 0xc0 ) != 0x80) {
+            return (char *) &p[i];
+        }
     }
 
     return (char *) &p[i];
@@ -331,14 +332,14 @@ int krb5int_utf8_copy(char* dst, const char *src)
     dst[0] = src[0];
 
     if (KRB5_UTF8_ISASCII(u)) {
-	return 1;
+        return 1;
     }
 
     for (i=1; i<6; i++) {
-	if ((u[i] & 0xc0) != 0x80) {
-	    return i;
-	}
-	dst[i] = src[i];
+        if ((u[i] & 0xc0) != 0x80) {
+            return i;
+        }
+        dst[i] = src[i];
     }
 
     return i;
@@ -362,7 +363,7 @@ int krb5int_utf8_isdigit(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_DIGIT( c );
 }
@@ -372,7 +373,7 @@ int krb5int_utf8_isxdigit(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_HEX(c);
 }
@@ -382,7 +383,7 @@ int krb5int_utf8_isspace(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     switch(c) {
     case ' ':
@@ -391,7 +392,7 @@ int krb5int_utf8_isspace(const char * p)
     case '\r':
     case '\v':
     case '\f':
-	return 1;
+        return 1;
     }
 
     return 0;
@@ -406,7 +407,7 @@ int krb5int_utf8_isalpha(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_ALPHA(c);
 }
@@ -416,7 +417,7 @@ int krb5int_utf8_isalnum(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_ALNUM(c);
 }
@@ -427,7 +428,7 @@ int krb5int_utf8_islower(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_LOWER(c);
 }
@@ -437,7 +438,7 @@ int krb5int_utf8_isupper(const char * p)
     unsigned c = * (const unsigned char *) p;
 
     if (!KRB5_ASCII(c))
-	return 0;
+        return 0;
 
     return KRB5_UPPER(c);
 }
@@ -455,10 +456,10 @@ char *krb5int_utf8_strchr(const char *str, const char *chr)
     krb5_ucs4 chs, ch;
 
     if (krb5int_utf8_to_ucs4(chr, &ch) == -1)
-	return NULL;
+        return NULL;
     for ( ; *str != '\0'; KRB5_UTF8_INCR(str)) {
-	if (krb5int_utf8_to_ucs4(str, &chs) == 0 && chs == ch)
-	    return (char *)str;
+        if (krb5int_utf8_to_ucs4(str, &chs) == 0 && chs == ch)
+            return (char *)str;
     }
 
     return NULL;
@@ -471,11 +472,11 @@ size_t krb5int_utf8_strcspn(const char *str, const char *set)
     krb5_ucs4 chstr, chset;
 
     for (cstr = str; *cstr != '\0'; KRB5_UTF8_INCR(cstr)) {
-	for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) {
-	    if (krb5int_utf8_to_ucs4(cstr, &chstr) == 0
-		&& krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
-		return cstr - str;
-	}
+        for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) {
+            if (krb5int_utf8_to_ucs4(cstr, &chstr) == 0
+                && krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
+                return cstr - str;
+        }
     }
 
     return cstr - str;
@@ -488,13 +489,13 @@ size_t krb5int_utf8_strspn(const char *str, const char *set)
     krb5_ucs4 chstr, chset;
 
     for (cstr = str; *cstr != '\0'; KRB5_UTF8_INCR(cstr)) {
-	for (cset = set; ; KRB5_UTF8_INCR(cset)) {
-	    if (*cset == '\0')
-		return cstr - str;
-	    if (krb5int_utf8_to_ucs4(cstr, &chstr) == 0
-		&& krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
-		break;
-	}
+        for (cset = set; ; KRB5_UTF8_INCR(cset)) {
+            if (*cset == '\0')
+                return cstr - str;
+            if (krb5int_utf8_to_ucs4(cstr, &chstr) == 0
+                && krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
+                break;
+        }
     }
 
     return cstr - str;
@@ -507,11 +508,11 @@ char *krb5int_utf8_strpbrk(const char *str, const char *set)
     krb5_ucs4 chstr, chset;
 
     for ( ; *str != '\0'; KRB5_UTF8_INCR(str)) {
-	for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) {
-	    if (krb5int_utf8_to_ucs4(str, &chstr) == 0
-		&& krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
-		return (char *)str;
-	}
+        for (cset = set; *cset != '\0'; KRB5_UTF8_INCR(cset)) {
+            if (krb5int_utf8_to_ucs4(str, &chstr) == 0
+                && krb5int_utf8_to_ucs4(cset, &chset) == 0 && chstr == chset)
+                return (char *)str;
+        }
     }
 
     return NULL;
@@ -524,23 +525,23 @@ char *krb5int_utf8_strtok(char *str, const char *sep, char **last)
     char *end;
 
     if (last == NULL)
-	return NULL;
+        return NULL;
 
     begin = str ? str : *last;
 
     begin += krb5int_utf8_strspn(begin, sep);
 
     if (*begin == '\0') {
-	*last = NULL;
-	return NULL;
+        *last = NULL;
+        return NULL;
     }
 
     end = &begin[krb5int_utf8_strcspn(begin, sep)];
 
     if (*end != '\0') {
-	char *next = KRB5_UTF8_NEXT(end);
-	*end = '\0';
-	end = next;
+        char *next = KRB5_UTF8_NEXT(end);
+        *end = '\0';
+        end = next;
     }
 
     *last = end;
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 03303d7..47ff951 100644
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * util/support/utf8_conv.c
  *
@@ -67,9 +68,9 @@ static unsigned char mask[] = { 0, 0x7f, 0x1f, 0x0f, 0x07, 0x03, 0x01 };
 
 static ssize_t
 k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
-		  const char *utf8str,
-		  size_t count,
-		  int little_endian)
+                  const char *utf8str,
+                  size_t count,
+                  int little_endian)
 {
     size_t ucs2len = 0;
     size_t utflen, i;
@@ -77,52 +78,52 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
 
     /* If input ptr is NULL or empty... */
     if (utf8str == NULL || *utf8str == '\0') {
-	*ucs2str = 0;
+        *ucs2str = 0;
 
-	return 0;
+        return 0;
     }
 
     /* Examine next UTF-8 character.  */
     while (*utf8str && ucs2len < count) {
-	/* Get UTF-8 sequence length from 1st byte */
-	utflen = KRB5_UTF8_CHARLEN2(utf8str, utflen);
+        /* Get UTF-8 sequence length from 1st byte */
+        utflen = KRB5_UTF8_CHARLEN2(utf8str, utflen);
 
-	if (utflen == 0 || utflen > KRB5_MAX_UTF8_LEN)
-	    return -1;
+        if (utflen == 0 || utflen > KRB5_MAX_UTF8_LEN)
+            return -1;
 
-	/* First byte minus length tag */
-	ch = (krb5_ucs2)(utf8str[0] & mask[utflen]);
+        /* First byte minus length tag */
+        ch = (krb5_ucs2)(utf8str[0] & mask[utflen]);
 
-	for (i = 1; i < utflen; i++) {
-	    /* Subsequent bytes must start with 10 */
-	    if ((utf8str[i] & 0xc0) != 0x80)
-		return -1;
+        for (i = 1; i < utflen; i++) {
+            /* Subsequent bytes must start with 10 */
+            if ((utf8str[i] & 0xc0) != 0x80)
+                return -1;
 
-	    ch <<= 6;			/* 6 bits of data in each subsequent byte */
-	    ch |= (krb5_ucs2)(utf8str[i] & 0x3f);
-	}
+            ch <<= 6;                   /* 6 bits of data in each subsequent byte */
+            ch |= (krb5_ucs2)(utf8str[i] & 0x3f);
+        }
 
-	if (ucs2str != NULL) {
+        if (ucs2str != NULL) {
 #ifdef K5_BE
 #ifndef SWAP16
-#define SWAP16(X)	((((X) << 8) | ((X) >> 8)) & 0xFFFF)
+#define SWAP16(X)       ((((X) << 8) | ((X) >> 8)) & 0xFFFF)
 #endif
-	    if (little_endian)
-		ucs2str[ucs2len] = SWAP16(ch);
-	    else
+            if (little_endian)
+                ucs2str[ucs2len] = SWAP16(ch);
+            else
 #endif
-		ucs2str[ucs2len] = ch;
-	}
+                ucs2str[ucs2len] = ch;
+        }
 
-	utf8str += utflen;	/* Move to next UTF-8 character */
-	ucs2len++;		/* Count number of wide chars stored/required */
+        utf8str += utflen;      /* Move to next UTF-8 character */
+        ucs2len++;              /* Count number of wide chars stored/required */
     }
 
     assert(ucs2len < count);
 
     if (ucs2str != NULL) {
-	/* Add null terminator if there's room in the buffer. */
-	ucs2str[ucs2len] = 0;
+        /* Add null terminator if there's room in the buffer. */
+        ucs2str[ucs2len] = 0;
     }
 
     return ucs2len;
@@ -130,8 +131,8 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
 
 int
 krb5int_utf8s_to_ucs2s(const char *utf8s,
-		       krb5_ucs2 **ucs2s,
-		       size_t *ucs2chars)
+                       krb5_ucs2 **ucs2s,
+                       size_t *ucs2chars)
 {
     ssize_t len;
     size_t chars;
@@ -139,18 +140,18 @@ krb5int_utf8s_to_ucs2s(const char *utf8s,
     chars = krb5int_utf8_chars(utf8s);
     *ucs2s = (krb5_ucs2 *)malloc((chars + 1) * sizeof(krb5_ucs2));
     if (*ucs2s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0);
     if (len < 0) {
-	free(*ucs2s);
-	*ucs2s = NULL;
-	return EINVAL;
+        free(*ucs2s);
+        *ucs2s = NULL;
+        return EINVAL;
     }
 
     if (ucs2chars != NULL) {
-	*ucs2chars = chars;
+        *ucs2chars = chars;
     }
 
     return 0;
@@ -158,9 +159,9 @@ krb5int_utf8s_to_ucs2s(const char *utf8s,
 
 int
 krb5int_utf8cs_to_ucs2s(const char *utf8s,
-			size_t utf8slen,
-			krb5_ucs2 **ucs2s,
-			size_t *ucs2chars)
+                        size_t utf8slen,
+                        krb5_ucs2 **ucs2s,
+                        size_t *ucs2chars)
 {
     ssize_t len;
     size_t chars;
@@ -168,18 +169,18 @@ krb5int_utf8cs_to_ucs2s(const char *utf8s,
     chars = krb5int_utf8c_chars(utf8s, utf8slen);
     *ucs2s = (krb5_ucs2 *)malloc((chars + 1) * sizeof(krb5_ucs2));
     if (*ucs2s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_utf8s_to_ucs2s(*ucs2s, utf8s, chars + 1, 0);
     if (len < 0) {
-	free(*ucs2s);
-	*ucs2s = NULL;
-	return EINVAL;
+        free(*ucs2s);
+        *ucs2s = NULL;
+        return EINVAL;
     }
 
     if (ucs2chars != NULL) {
-	*ucs2chars = chars;
+        *ucs2chars = chars;
     }
 
     return 0;
@@ -188,7 +189,7 @@ krb5int_utf8cs_to_ucs2s(const char *utf8s,
 int
 krb5int_utf8s_to_ucs2les(const char *utf8s,
                          unsigned char **ucs2les,
-			 size_t *ucs2leslen)
+                         size_t *ucs2leslen)
 {
     ssize_t len;
     size_t chars;
@@ -197,18 +198,18 @@ krb5int_utf8s_to_ucs2les(const char *utf8s,
 
     *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2));
     if (*ucs2les == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1);
     if (len < 0) {
-	free(*ucs2les);
-	*ucs2les = NULL;
-	return EINVAL;
+        free(*ucs2les);
+        *ucs2les = NULL;
+        return EINVAL;
     }
 
     if (ucs2leslen != NULL) {
-	*ucs2leslen = chars * sizeof(krb5_ucs2);
+        *ucs2leslen = chars * sizeof(krb5_ucs2);
     }
 
     return 0;
@@ -216,9 +217,9 @@ krb5int_utf8s_to_ucs2les(const char *utf8s,
 
 int
 krb5int_utf8cs_to_ucs2les(const char *utf8s,
-			  size_t utf8slen,
-			  unsigned char **ucs2les,
-			  size_t *ucs2leslen)
+                          size_t utf8slen,
+                          unsigned char **ucs2les,
+                          size_t *ucs2leslen)
 {
     ssize_t len;
     size_t chars;
@@ -227,95 +228,95 @@ krb5int_utf8cs_to_ucs2les(const char *utf8s,
 
     *ucs2les = (unsigned char *)malloc((chars + 1) * sizeof(krb5_ucs2));
     if (*ucs2les == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_utf8s_to_ucs2s((krb5_ucs2 *)*ucs2les, utf8s, chars + 1, 1);
     if (len < 0) {
-	free(*ucs2les);
-	*ucs2les = NULL;
-	return EINVAL;
+        free(*ucs2les);
+        *ucs2les = NULL;
+        return EINVAL;
     }
 
     if (ucs2leslen != NULL) {
-	*ucs2leslen = chars * sizeof(krb5_ucs2);
+        *ucs2leslen = chars * sizeof(krb5_ucs2);
     }
 
     return 0;
 }
 
 /*-----------------------------------------------------------------------------
-   Convert a wide char string to a UTF-8 string.
-   No more than 'count' bytes will be written to the output buffer.
-   Return the # of bytes written to the output buffer, excl null terminator.
+  Convert a wide char string to a UTF-8 string.
+  No more than 'count' bytes will be written to the output buffer.
+  Return the # of bytes written to the output buffer, excl null terminator.
 
-   ucs2len is -1 if the UCS-2 string is NUL terminated, otherwise it is the
-   length of the UCS-2 string in characters
+  ucs2len is -1 if the UCS-2 string is NUL terminated, otherwise it is the
+  length of the UCS-2 string in characters
 */
 static ssize_t
 k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
-		  size_t count, ssize_t ucs2len, int little_endian)
+                  size_t count, ssize_t ucs2len, int little_endian)
 {
     int len = 0;
     int n;
     char *p = utf8str;
     krb5_ucs2 empty = 0, ch;
 
-    if (ucs2str == NULL)	/* Treat input ptr NULL as an empty string */
-	ucs2str = &empty;
+    if (ucs2str == NULL)        /* Treat input ptr NULL as an empty string */
+        ucs2str = &empty;
 
-    if (utf8str == NULL)	/* Just compute size of output, excl null */
+    if (utf8str == NULL)        /* Just compute size of output, excl null */
     {
-	while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) {
-	    /* Get UTF-8 size of next wide char */
-	  ch = *ucs2str++;
+        while (ucs2len == -1 ? *ucs2str : --ucs2len >= 0) {
+            /* Get UTF-8 size of next wide char */
+            ch = *ucs2str++;
 #ifdef K5_BE
-	    if (little_endian)
-		ch = SWAP16(ch);
+            if (little_endian)
+                ch = SWAP16(ch);
 #endif
 
-	    n = krb5int_ucs2_to_utf8(ch, NULL);
-	    if (n < 1)
-		return -1;
-	    if (len + n < len)
-		return -1; /* overflow */
-	    len += n;
-	}
+            n = krb5int_ucs2_to_utf8(ch, NULL);
+            if (n < 1)
+                return -1;
+            if (len + n < len)
+                return -1; /* overflow */
+            len += n;
+        }
 
-	return len;
+        return len;
     }
 
     /* Do the actual conversion. */
 
-    n = 1;					/* In case of empty ucs2str */
+    n = 1;                                      /* In case of empty ucs2str */
     while (ucs2len == -1 ? *ucs2str != 0 : --ucs2len >= 0) {
-      ch = *ucs2str++;
+        ch = *ucs2str++;
 #ifdef K5_BE
-	if (little_endian)
-	    ch = SWAP16(ch);
+        if (little_endian)
+            ch = SWAP16(ch);
 #endif
 
-	n = krb5int_ucs2_to_utf8(ch, p);
+        n = krb5int_ucs2_to_utf8(ch, p);
 
-	if (n < 1)
-	    break;
+        if (n < 1)
+            break;
 
-	p += n;
-	count -= n;			/* Space left in output buffer */
+        p += n;
+        count -= n;                     /* Space left in output buffer */
     }
 
     /* If not enough room for last character, pad remainder with null
        so that return value = original count, indicating buffer full. */
     if (n == 0) {
-	while (count--)
-	    *p++ = 0;
+        while (count--)
+            *p++ = 0;
     }
     /* Add a null terminator if there's room. */
     else if (count)
-	*p = 0;
+        *p = 0;
 
-    if (n == -1)			/* Conversion encountered invalid wide char. */
-	return -1;
+    if (n == -1)                        /* Conversion encountered invalid wide char. */
+        return -1;
 
     /* Return the number of bytes written to output buffer, excl null. */
     return (p - utf8str);
@@ -323,30 +324,30 @@ k5_ucs2s_to_utf8s(char *utf8str, const krb5_ucs2 *ucs2str,
 
 int
 krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s,
-		       char **utf8s,
-		       size_t *utf8slen)
+                       char **utf8s,
+                       size_t *utf8slen)
 {
     ssize_t len;
 
     len = k5_ucs2s_to_utf8s(NULL, ucs2s, 0, -1, 0);
     if (len < 0) {
-	return EINVAL;
+        return EINVAL;
     }
 
     *utf8s = (char *)malloc((size_t)len + 1);
     if (*utf8s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_ucs2s_to_utf8s(*utf8s, ucs2s, (size_t)len + 1, -1, 0);
     if (len < 0) {
-	free(*utf8s);
-	*utf8s = NULL;
-	return EINVAL;
+        free(*utf8s);
+        *utf8s = NULL;
+        return EINVAL;
     }
 
     if (utf8slen != NULL) {
-	*utf8slen = len;
+        *utf8slen = len;
     }
 
     return 0;
@@ -354,29 +355,29 @@ krb5int_ucs2s_to_utf8s(const krb5_ucs2 *ucs2s,
 
 int
 krb5int_ucs2les_to_utf8s(const unsigned char *ucs2les,
-			 char **utf8s,
-			 size_t *utf8slen)
+                         char **utf8s,
+                         size_t *utf8slen)
 {
     ssize_t len;
 
     len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2les, 0, -1, 1);
     if (len < 0)
-	return EINVAL;
+        return EINVAL;
 
     *utf8s = (char *)malloc((size_t)len + 1);
     if (*utf8s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les, (size_t)len + 1, -1, 1);
     if (len < 0) {
-	free(*utf8s);
-	*utf8s = NULL;
-	return EINVAL;
+        free(*utf8s);
+        *utf8s = NULL;
+        return EINVAL;
     }
 
     if (utf8slen != NULL) {
-	*utf8slen = len;
+        *utf8slen = len;
     }
 
     return 0;
@@ -391,28 +392,28 @@ krb5int_ucs2cs_to_utf8s(const krb5_ucs2 *ucs2s,
     ssize_t len;
 
     if (ucs2slen > SSIZE_MAX)
-	return ERANGE;
+        return ERANGE;
 
     len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2s, 0,
-			    (ssize_t)ucs2slen, 0);
+                            (ssize_t)ucs2slen, 0);
     if (len < 0)
-	return EINVAL;
+        return EINVAL;
 
     *utf8s = (char *)malloc((size_t)len + 1);
     if (*utf8s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2s,
-			    (size_t)len + 1, (ssize_t)ucs2slen, 0);
+                            (size_t)len + 1, (ssize_t)ucs2slen, 0);
     if (len < 0) {
-	free(*utf8s);
-	*utf8s = NULL;
-	return EINVAL;
+        free(*utf8s);
+        *utf8s = NULL;
+        return EINVAL;
     }
 
     if (utf8slen != NULL) {
-	*utf8slen = len;
+        *utf8slen = len;
     }
 
     return 0;
@@ -427,28 +428,28 @@ krb5int_ucs2lecs_to_utf8s(const unsigned char *ucs2les,
     ssize_t len;
 
     if (ucs2leslen > SSIZE_MAX)
-	return ERANGE;
+        return ERANGE;
 
     len = k5_ucs2s_to_utf8s(NULL, (krb5_ucs2 *)ucs2les, 0,
-			    (ssize_t)ucs2leslen, 1);
+                            (ssize_t)ucs2leslen, 1);
     if (len < 0)
-	return EINVAL;
+        return EINVAL;
 
     *utf8s = (char *)malloc((size_t)len + 1);
     if (*utf8s == NULL) {
-	return ENOMEM;
+        return ENOMEM;
     }
 
     len = k5_ucs2s_to_utf8s(*utf8s, (krb5_ucs2 *)ucs2les,
-			    (size_t)len + 1, (ssize_t)ucs2leslen, 1);
+                            (size_t)len + 1, (ssize_t)ucs2leslen, 1);
     if (len < 0) {
-	free(*utf8s);
-	*utf8s = NULL;
-	return EINVAL;
+        free(*utf8s);
+        *utf8s = NULL;
+        return EINVAL;
     }
 
     if (utf8slen != NULL) {
-	*utf8slen = len;
+        *utf8slen = len;
     }
 
     return 0;
diff --git a/src/util/support/zap.c b/src/util/support/zap.c
new file mode 100644
index 0000000..ae6baf0
--- /dev/null
+++ b/src/util/support/zap.c
@@ -0,0 +1,38 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
+
+/*
+ * zap.c
+ *
+ * Copyright 2009 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission.  Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ *
+ * krb5int_zap() is used by zap() (a static inline function defined in
+ * k5-int.h) on non-Windows, non-gcc compilers, in order to prevent the
+ * compiler from inlining and optimizing out the memset() call.
+ */
+
+#include <k5-platform.h>
+
+void krb5int_zap(void *ptr, size_t len)
+{
+    memset(ptr, 0, len);
+}
diff --git a/src/util/windows/getopt.c b/src/util/windows/getopt.c
index 2b21c7b..3724a4b 100644
--- a/src/util/windows/getopt.c
+++ b/src/util/windows/getopt.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 /*	$NetBSD: getopt.c,v 1.16 1999/12/02 13:15:56 kleink Exp $	*/
 
 /*
@@ -92,7 +93,7 @@ getopt(nargc, nargv, ostr)
 	static char *__progname = 0;
 	static char *place = EMSG;		/* option letter processing */
 	char *oli;				/* option letter list index */
-        __progname = __progname?__progname:_progname(*nargv);
+	__progname = __progname?__progname:_progname(*nargv);
 
 	_DIAGASSERT(nargv != NULL);
 	_DIAGASSERT(ostr != NULL);
diff --git a/src/util/windows/getopt.h b/src/util/windows/getopt.h
index 7137f03..8832dbc 100644
--- a/src/util/windows/getopt.h
+++ b/src/util/windows/getopt.h
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 #ifndef __GETOPT_H__
 #define __GETOPT_H__
 
diff --git a/src/util/windows/getopt_long.c b/src/util/windows/getopt_long.c
index d22ac23..5002804 100644
--- a/src/util/windows/getopt_long.c
+++ b/src/util/windows/getopt_long.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */
 /*
  * Copyright (c) 1987, 1993, 1994, 1996
  *	The Regents of the University of California.  All rights reserved.
diff --git a/src/util/windows/libecho.c b/src/util/windows/libecho.c
index 9fcbe2e..a10eee2 100644
--- a/src/util/windows/libecho.c
+++ b/src/util/windows/libecho.c
@@ -1,3 +1,4 @@
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 /*
  * libecho.c
  *
@@ -15,62 +16,62 @@ void echo_files(char *, char *);
 int
 main(int argc, char *argv[])
 {
-  int i;
-  char *prefix;
+    int i;
+    char *prefix;
 
-  prefix = "";
+    prefix = "";
 
-  if (argc < 2) {
-    fprintf(stderr, "Usage:  libecho [-p prefix] list...\n");
-    return 1;
-  }
+    if (argc < 2) {
+        fprintf(stderr, "Usage:  libecho [-p prefix] list...\n");
+        return 1;
+    }
 
-  for (i = 1 ; i < argc ; i++)
-    if (!stricmp(argv[i], "-p"))
-      prefix = argv[++i];
-    else
-      echo_files(prefix, argv[i]);
+    for (i = 1 ; i < argc ; i++)
+        if (!stricmp(argv[i], "-p"))
+            prefix = argv[++i];
+        else
+            echo_files(prefix, argv[i]);
 
-  return 0;
+    return 0;
 }
 
 void
 echo_files(char *prefix, char *f)
 {
-  long ff;
-  struct _finddata_t fdt;
-  char *slash;
-  char filepath[256];
+    long ff;
+    struct _finddata_t fdt;
+    char *slash;
+    char filepath[256];
 
-  /*
-   * We're unix based quite a bit here.  Look for normal slashes and
-   * make them reverse slashes.
-   */
-  while((slash = strrchr(f, '/')) != NULL)
-    *slash = '\\';
+    /*
+     * We're unix based quite a bit here.  Look for normal slashes and
+     * make them reverse slashes.
+     */
+    while((slash = strrchr(f, '/')) != NULL)
+        *slash = '\\';
 
-  strcpy(filepath, f);
+    strcpy(filepath, f);
 
-  slash = strrchr(filepath, '\\');
+    slash = strrchr(filepath, '\\');
 
-  if (slash) {
-    slash++;
-    *slash = 0;
-  } else {
-    filepath[0] = '\0';
-  }
+    if (slash) {
+        slash++;
+        *slash = 0;
+    } else {
+        filepath[0] = '\0';
+    }
 
-  ff = _findfirst(f, &fdt);
+    ff = _findfirst(f, &fdt);
 
-  if (ff < 0)
-    return;
+    if (ff < 0)
+        return;
 
-  printf("%s%s%s\n", prefix, filepath, fdt.name);
-
-  for (;;) {
-    if (_findnext(ff, &fdt) < 0)
-      break;
     printf("%s%s%s\n", prefix, filepath, fdt.name);
-  }
-  _findclose(ff);
+
+    for (;;) {
+        if (_findnext(ff, &fdt) < 0)
+            break;
+        printf("%s%s%s\n", prefix, filepath, fdt.name);
+    }
+    _findclose(ff);
 }
diff --git a/src/windows/kfwlogon/Makefile.in b/src/windows/kfwlogon/Makefile.in
index 47b4810..f6e523d 100644
--- a/src/windows/kfwlogon/Makefile.in
+++ b/src/windows/kfwlogon/Makefile.in
@@ -1,8 +1,6 @@
 # Makefile for the KFW Network Provider
 #
 
-thisconfigdir=./..
-myfulldir=windows/nplogon
 mydir=.
 BUILDTOP=$(REL)..$(S)..
 DEFINES = 
@@ -15,7 +13,7 @@ PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR)
 SYSLIBS = kernel32.lib user32.lib advapi32.lib wsock32.lib secur32.lib userenv.lib
 
 VERSIONRC = $(BUILDTOP)\windows\version.rc
-RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 KFWLOGON=$(OUTPRE)kfwlogon.dll
 KFWCPCC=$(OUTPRE)kfwcpcc.exe
diff --git a/src/windows/ms2mit/Makefile.in b/src/windows/ms2mit/Makefile.in
index 0bb4d8d..59d5e7f 100644
--- a/src/windows/ms2mit/Makefile.in
+++ b/src/windows/ms2mit/Makefile.in
@@ -2,15 +2,13 @@
 # Works for k5 release only.
 #
 
-thisconfigdir=./..
-myfulldir=windows/ms2mit
 mydir=.
 BUILDTOP=$(REL)..$(S)..
 DEFINES = 
 PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR)
 
 VERSIONRC = $(BUILDTOP)\windows\version.rc
-RCFLAGS=$(CPPFLAGS) -I$(SRCTOP) -D_WIN32 -DRES_ONLY
+RCFLAGS=$(CPPFLAGS) -I$(top_srcdir) -D_WIN32 -DRES_ONLY
 
 MS2MIT=$(OUTPRE)ms2mit.exe
 MIT2MS=$(OUTPRE)mit2ms.exe
author	Luke Howard <lukeh@padl.com>	2009-12-15 19:42:52 +0000
committer	Luke Howard <lukeh@padl.com>	2009-12-15 19:42:52 +0000
commit	11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75 (patch)
tree	27aa0e9a0aa5e243db83011e79fc1d3b95cb5f29
parent	85ac294e4d1b435790acdb73f4465e2999cce892 (diff)
download	krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.zip krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.tar.gz krb5-11c9a99c6f0cc6d5b3529d2c37a860fb1bfbea75.tar.bz2